Critical issue with ContentBox V1.5.7 and maybe V1.5.6

Communities ContentBox CMS
1

For the last week I have been trying to find an issue, where captcha images where being cached. Luis was not able to reproduce this and I was not only able to reproduce it, but offer a solution below.

ContentBox now provides caching of CommentForms, not sure why but it does. Which means that if you are developing your own layouts with Custom themes, then this will apply to you as well.

In my theme I have a custom CommentForm that was doing this.

#getMyPlugin(plugin=“Captcha”, module=“contentbox”).display(message="")#

Which means that now the image actually gets cached, so when we go and look at how Luis has done this in his themes, we can see that he has now changed it to this.

<img src=’#event.buildLink( event.getValue( ‘cbEntryPoint’, ‘’, true) & ‘__captcha’)#’>

The problem was that for me, on 5 servers I tried this on. I got one of two issues. The first was my servers locally all came back with Bad Gateway, but in production I just got errors in my logs that stated that it couldn’t find a layout.

After many days of going back and forth with Luis, as well as my hosting provider, I then decided to search something else in the code and discovered that ContentBox has a critical bug in the code.

To fix this we have to make changes to the __captcha handler, located inside the contentbox-ui that looks like this.

/**

  • Deliver Captcha

*/

function captcha(event,rc,prc){

var data = getMyPlugin(plugin=“Captcha”,module=“contentbox”).display();

var imgURL = arrayToList( reMatchNoCase( ‘src="([^"]*)"’, data ) );

imgURL = replace( replace( imgURL, “src=”, “” ) , ‘"’, “”, “all”);

// deliver image

getPageContext().forward( imgURL );

}

Which doesn’t look like a problem, but according to an article I found. One must use an abort after using the getPageContext().forward(), so that means the following should now work.

/**

  • Deliver Captcha

*/

function captcha(event,rc,prc){

var data = getMyPlugin(plugin=“Captcha”,module=“contentbox”).display();

var imgURL = arrayToList( reMatchNoCase( ‘src="([^"]*)"’, data ) );

imgURL = replace( replace( imgURL, “src=”, “” ) , ‘"’, “”, “all”);

// deliver image

getPageContext().forward( imgURL );

abort;

}

Once we have reloaded the application from the admin dashboard, we now find that all the issues that had been occurring are now obsolete.

Anyway until Luis patches this change, I thought I would put it out there for everyone to patch now if you need it.

2

Dang. Tricky little sucker. Where is my pull request!!!

3

Have you settled on coding guidelines yet?

4

This has been out there for several years:

http://wiki.coldbox.org/wiki/DevelopmentBestPractices.cfm

Thanks!

~Brad

ColdBox Platform Evangelist
Ortus Solutions, Corp

E-mail: brad@coldbox.org
ColdBox Platform: http://www.coldbox.org
Blog: http://www.codersrevolution.com

5

That is not what I am talking about Brad.

For example there is a difference between this

function myFunction() {
}

and

function myFunction() {
}

Every time I do a sync, I am always competing with this. Secondly, I prefer the likes of

public void function myFunction() {
}

over

function myFunction(){
}

or

function myFunction()
{
}

And yet the code is riddled with these small but annoying habits. No offence Luis, which is what I am looking for in any project that I am going to submit code back too. I have mentioned this and the reasons in this list, as well as tickets on the Jira ticketing system as well as Assembla and I haven’t seen anything yet that even remotely addresses these differences in coding styles.

When I did my first pull request, all the extra spaces had been removed any time I opened and modified a file, when Luis went to merge 2 line changes he had all these other ones that he didn’t know what to do with and that is the reason.

I am sorry but I am a stickler when it comes to coding guide lines in this manner, and is why I will continue to proivde the solution for anyone to pull and fix as I can’t be bothered with reformatting my code each time when they are merged back with all the other problems in that file. As it cause more issues when I try to sync the changes I make to my production sites.