Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

A highly unusual ColdFusion arguments error

DZone's Guide to

A highly unusual ColdFusion arguments error

· Performance Zone ·
Free Resource

Protect your applications against today's increasingly sophisticated threat landscape.

This one is weird. I don't mean kinda weird. I mean bat-crap insane what-the-hell type weird. Earlier today Jeremy Tan sent me some code that acted a bit odd. Let's take a look at it.

<cfscript>
test = {firstName="Bob in line 2"};
i=1;
transaction {
     new mycfc().set(Text1:"hello",something:"Bob in text");
     i++;
     new mycfc().set(Text1:"hello",something:"Bob in text again");
     new mycfc().set(Text1:"hello",something:test);
     new mycfc().set(Text1:"hello",something:{firstName="Bob in line 9"});
     test2 = {firstName="Merry"};
     writeDump(var=test2,label="line 11" );
     new mycfc().set(Text1:"hello",something:{firstName="Jenny"});
     i++;
     new mycfc().set(Text1:"hello",something:{firstName="Jenny 2"});
}
writeDump("i = #i#");
</cfscript>

In the code snippet above, you can see some data being passed to a CFC within a transaction. Note - there are no actual database calls here, but that doesn't matter. The CFC is simply doing a dump of the Arguments scope:

<cfcomponent  output="true">

     <cffunction name="set" output="true" returntype="void">
          <cfargument name="text1" type="string" required="true">
          <cfargument name="something" type="any" required="true">
          <cfdump var="#arguments#">
     </cffunction>

</cfcomponent>

Now let's look at the output. There should be 6 dumps from the set() call and one in the middle for test2.

Um... ok. We have 8 dumps. We don't have the dump of test2. Also note the third dump, which should have "Bob in line 2", has it as 9. Oh, and even better, i is 2, not 3.

Things get weirder if we simplify. I commented out everything but the last two calls:

new test().set(Text1:"hello",something:{firstName="Jenny"});
new test().set(Text1:"hello",something:{firstName="Jenny 2"});

Yep, three dumps. Here is where things get even more weird. Jeremy found that if he simply stopped using named arguments and switched to ordered ones, everything worked fine.

If there was a bug with the data being displayed (oh wait, there is that too), then I'd maybe think it made sense. Again, as a bug. But the additional calls just don't make sense at all.

Obviously this is could be really bad for anyone doing CFC calls inside a transaction. You can find Jeremy's forum post on the topic here: Weird transaction issue with implicit struct (and possible array). I've also asked him to fill out a bug report and post the link here.



Rapidly detect security vulnerabilities in your web, mobile and desktop applications with IBM Application Security on Cloud. Register Now

Topics:

Published at DZone with permission of

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}