Merge pull request #1863 from wheels-dev/fix/fixes-for-wheels-started-app

Fix/fixes for wheels started app

Author: zainforbjs

core/src/wheels/events/onapplicationstart.cfc

@@ -283,8 +283,8 @@ component {
 		application.$wheels.imagePath = "images";
 		application.$wheels.javascriptPath = "javascripts";
 		application.$wheels.modelPath = "/app/models";
-		application.$wheels.pluginPath = "/plugins";
-		application.$wheels.pluginComponentPath = "/plugins";
+		application.$wheels.pluginPath = "plugins";
+		application.$wheels.pluginComponentPath = "plugins";
 		application.$wheels.stylesheetPath = "stylesheets";
 		application.$wheels.viewPath = "/app/views";
 		application.$wheels.controllerPath = "/app/controllers";

examples/starter-app/README.md

@@ -99,6 +99,7 @@ app/
 │   ├── PasswordResets.cfc # Password management
 │   ├── Accounts.cfc    # User account management
 │   └── admin/          # Admin controllers
+│   └── functions/          # helper functions
 ├── models/             # Data models
 │   ├── User.cfc        # User model with authentication
 │   ├── Role.cfc        # Role model
@@ -107,7 +108,7 @@ app/
 |── global/             # application-wide globally accessible functions
 ├── views/              # Presentation layer
 ├── mailers/            # Email templates
-└── plugins/            # Third-party plugins
+plugins/            # Third-party plugins
 ```
 
 ### Key Design Principles
@@ -122,8 +123,8 @@ app/
 ### Backend
 
 - **3.0.0-snapshot** - MVC Framework
-- **Lucee 5, Lucee 6** - CFML Engine
-- **Database** - MySQL, PostgreSQL, Microsoft SQL Server, Oracle, H2
+- **Lucee 5,6,7, Adobe 2018-2025, Boxlang** - CFML Engine
+- **Database** - MySQL, PostgreSQL, Microsoft SQL Server, Oracle, SQLite, H2
 - **WireBox** - Dependency injection
 - **TestBox** - Testing framework
 
@@ -144,13 +145,15 @@ app/
 
 - **CommandBox** - Latest version
 - **CFML Engine**: Choose one of the following:
-  - Adobe ColdFusion 2018/2021/2023
+  - Adobe ColdFusion 2018/2021/2023/2025
   - Lucee 5, Lucee 6, Lucee 7
+  - Boxlang
 - **Database Engine**: Choose one of the following:
   - MySQL
   - PostgreSQL
   - Microsoft SQL Server
   - Oracle Database
+  - SQLite Database
   - H2 Database (for development/testing)
 
 ### Environment Configuration

examples/starter-app/app/global/functions.cfm

@@ -2,16 +2,8 @@
     //=====================================================================
     //= 	Global Functions
     //=====================================================================
-    if (StructKeyExists(server, "lucee")) {
-        include "install.cfm";
-        include "auth.cfm";
-        include "logging.cfm";
-        include "utils.cfm";
-    } else {
-        // TODO: Check this doesn't break when in a subdir?
-        include "/global/install.cfm";
-        include "/global/auth.cfm";
-        include "/global/logging.cfm";
-        include "/global/utils.cfm";
-    }
+    include "install.cfm";
+    include "auth.cfm";
+    include "logging.cfm";
+    include "utils.cfm";
 </cfscript>

examples/starter-app/app/migrator/migrations/20180519105946_Adds_Default_Permissions.cfc

@@ -28,77 +28,114 @@ component extends="wheels.migrator.Migration" hint="Adds Default Permissions" {
 
 			try {
 				c=0;
-				addRecord(table='permissions', id=++c, name='admin', description='Global Administrative Access');
-				addRecord(table='rolepermissions', roleid=1, permissionid=c)
-
-				addRecord(table='permissions', id=++c, name='admin.auditlogs', description='Allow Global Administrative Access to Logs');
-				addRecord(table='permissions', id=++c, name='admin.auditlogs.index', description='View Logs');
-				addRecord(table='rolepermissions', roleid=2, permissionid=c);
-
-				addRecord(table='permissions', id=++c, name='admin.auditlogs.show', description='Show Log Extended Data')
-				addRecord(table='permissions', id=++c, name='admin.permissions', description='Allow Global Administrative Access to Permissions');
-				addRecord(table='permissions', id=++c, name='admin.permissions.index', description='List Permissions');
-				addRecord(table='permissions', id=++c, name='admin.permissions.edit', description='Edit Permission');
-				addRecord(table='permissions', id=++c, name='admin.permissions.update', description='Update Permission')
-				addRecord(table='permissions', id=++c, name='admin.settings', description='Allow Global Administrative Access to Settings');
-				addRecord(table='permissions', id=++c, name='admin.settings.index', description='List Settings');
-				addRecord(table='permissions', id=++c, name='admin.settings.edit', description='Edit Setting');
-				addRecord(table='permissions', id=++c, name='admin.settings.update', description='Update Setting')
-				addRecord(table='permissions', id=++c, name='admin.users', description='Allow Global Administrative Access to Users');
-
-				addRecord(table='permissions', id=++c, name='admin.users.index', description='List Users');
-				addRecord(table='rolepermissions', roleid=2, permissionid=c);
-
-				addRecord(table='permissions', id=++c, name='admin.users.new', description='New User');
-				addRecord(table='rolepermissions', roleid=2, permissionid=c);
-
-				addRecord(table='permissions', id=++c, name='admin.users.create', description='Create User');
-				addRecord(table='rolepermissions', roleid=2, permissionid=c);
-
-				addRecord(table='permissions', id=++c, name='admin.users.edit', description='Edit User');
-				addRecord(table='rolepermissions', roleid=2, permissionid=c);
-
-				addRecord(table='permissions', id=++c, name='admin.users.update', description='Update User');
-				addRecord(table='rolepermissions', roleid=2, permissionid=c);
-
-				addRecord(table='permissions', id=++c, name='admin.users.delete', description='Delete User');
-				addRecord(table='rolepermissions', roleid=2, permissionid=c);
-
-				addRecord(table='permissions', id=++c, name='admin.users.reset', description='Reset Users Password');
-				addRecord(table='rolepermissions', roleid=2, permissionid=c);
-
-				addRecord(table='permissions', id=++c, name='admin.users.recover', description='Recover User');
-				addRecord(table='rolepermissions', roleid=2, permissionid=c);
-
-				addRecord(table='permissions', id=++c, name='admin.users.show', description='View User');
-				addRecord(table='rolepermissions', roleid=2, permissionid=c);
-
-				addRecord(table='permissions', id=++c, name='admin.users.assume', description='Assume Users (Grant only to Admins)');
-				addRecord(table='permissions', id=++c, name='admin.users.destroy', description='Destroy Users (Grant only to Admins)');
-				addRecord(table='permissions', id=++c, name='admin.roles', description='Allow Global Administrative Access to Roles');
-				addRecord(table='permissions', id=++c, name='admin.roles.index', description='List Roles');
-				addRecord(table='permissions', id=++c, name='admin.roles.new', description='New Role');
-				addRecord(table='permissions', id=++c, name='admin.roles.create', description='Create Role');
-				addRecord(table='permissions', id=++c, name='admin.roles.edit', description='Edit Role');
-				addRecord(table='permissions', id=++c, name='admin.roles.update', description='Update Role');
-				addRecord(table='permissions', id=++c, name='admin.roles.delete', description='Delete Role');
-
-				addRecord(table='permissions', id=++c, name='accounts', description='Allow Global Access to Own Profile');
-				addRecord(table='rolepermissions', roleid=1, permissionid=c);
-				addRecord(table='rolepermissions', roleid=2, permissionid=c);
-				addRecord(table='rolepermissions', roleid=3, permissionid=c);
-
-				addRecord(table='permissions', id=++c, name='accounts.show', description='View My Account');
-				addRecord(table='permissions', id=++c, name='accounts.edit', description='Edit Own Account');
-				addRecord(table='permissions', id=++c, name='accounts.update', description='Update Own Account');
-
-				/*
-				Named Permissions : arbitary permissions
-				*/
-				addRecord(table='permissions', id=++c, name='canViewAdminNotes', type="named", description='Allow user to view admin notes');
-
-				addRecord(table='permissions', id=++c, name='canViewLogData', type="named", description='Allow user to view extended log data');
-				addRecord(table='rolepermissions', roleid=1, permissionid=c);
+                c++
+                addRecord(table='permissions', id=c, name='admin', description='Global Administrative Access');
+                addRecord(table='rolepermissions', roleid=1, permissionid=c)
+
+                c++
+                addRecord(table='permissions', id=c, name='admin.auditlogs', description='Allow Global Administrative Access to Logs');
+                c++
+                addRecord(table='permissions', id=c, name='admin.auditlogs.index', description='View Logs');
+                addRecord(table='rolepermissions', roleid=2, permissionid=c);
+
+                c++
+                addRecord(table='permissions', id=c, name='admin.auditlogs.show', description='Show Log Extended Data')
+                c++
+                addRecord(table='permissions', id=c, name='admin.permissions', description='Allow Global Administrative Access to Permissions');
+                c++
+                addRecord(table='permissions', id=c, name='admin.permissions.index', description='List Permissions');
+                c++
+                addRecord(table='permissions', id=c, name='admin.permissions.edit', description='Edit Permission');
+                c++
+                addRecord(table='permissions', id=c, name='admin.permissions.update', description='Update Permission')
+                c++
+                addRecord(table='permissions', id=c, name='admin.settings', description='Allow Global Administrative Access to Settings');
+                c++
+                addRecord(table='permissions', id=c, name='admin.settings.index', description='List Settings');
+                c++
+                addRecord(table='permissions', id=c, name='admin.settings.edit', description='Edit Setting');
+                c++
+                addRecord(table='permissions', id=c, name='admin.settings.update', description='Update Setting')
+                c++
+                addRecord(table='permissions', id=c, name='admin.users', description='Allow Global Administrative Access to Users');
+
+                c++
+                addRecord(table='permissions', id=c, name='admin.users.index', description='List Users');
+                addRecord(table='rolepermissions', roleid=2, permissionid=c);
+
+                c++
+                addRecord(table='permissions', id=c, name='admin.users.new', description='New User');
+                addRecord(table='rolepermissions', roleid=2, permissionid=c);
+
+                c++
+                addRecord(table='permissions', id=c, name='admin.users.create', description='Create User');
+                addRecord(table='rolepermissions', roleid=2, permissionid=c);
+
+                c++
+                addRecord(table='permissions', id=c, name='admin.users.edit', description='Edit User');
+                addRecord(table='rolepermissions', roleid=2, permissionid=c);
+
+                c++
+                addRecord(table='permissions', id=c, name='admin.users.update', description='Update User');
+                addRecord(table='rolepermissions', roleid=2, permissionid=c);
+
+                c++
+                addRecord(table='permissions', id=c, name='admin.users.delete', description='Delete User');
+                addRecord(table='rolepermissions', roleid=2, permissionid=c);
+
+                c++
+                addRecord(table='permissions', id=c, name='admin.users.reset', description='Reset Users Password');
+                addRecord(table='rolepermissions', roleid=2, permissionid=c);
+
+                c++
+                addRecord(table='permissions', id=c, name='admin.users.recover', description='Recover User');
+                addRecord(table='rolepermissions', roleid=2, permissionid=c);
+
+                c++
+                addRecord(table='permissions', id=c, name='admin.users.show', description='View User');
+                addRecord(table='rolepermissions', roleid=2, permissionid=c);
+
+                c++
+                addRecord(table='permissions', id=c, name='admin.users.assume', description='Assume Users (Grant only to Admins)');
+                c++
+                addRecord(table='permissions', id=c, name='admin.users.destroy', description='Destroy Users (Grant only to Admins)');
+                c++
+                addRecord(table='permissions', id=c, name='admin.roles', description='Allow Global Administrative Access to Roles');
+                c++
+                addRecord(table='permissions', id=c, name='admin.roles.index', description='List Roles');
+                c++
+                addRecord(table='permissions', id=c, name='admin.roles.new', description='New Role');
+                c++
+                addRecord(table='permissions', id=c, name='admin.roles.create', description='Create Role');
+                c++
+                addRecord(table='permissions', id=c, name='admin.roles.edit', description='Edit Role');
+                c++
+                addRecord(table='permissions', id=c, name='admin.roles.update', description='Update Role');
+                c++
+                addRecord(table='permissions', id=c, name='admin.roles.delete', description='Delete Role');
+
+                c++
+                addRecord(table='permissions', id=c, name='accounts', description='Allow Global Access to Own Profile');
+                addRecord(table='rolepermissions', roleid=1, permissionid=c);
+                addRecord(table='rolepermissions', roleid=2, permissionid=c);
+                addRecord(table='rolepermissions', roleid=3, permissionid=c);
+
+                c++
+                addRecord(table='permissions', id=c, name='accounts.show', description='View My Account');
+                c++
+                addRecord(table='permissions', id=c, name='accounts.edit', description='Edit Own Account');
+                c++
+                addRecord(table='permissions', id=c, name='accounts.update', description='Update Own Account');
+
+                /*
+                Named Permissions : arbitary permissions
+                */
+                c++
+                addRecord(table='permissions', id=c, name='canViewAdminNotes', type="named", description='Allow user to view admin notes');
+
+                c++
+                addRecord(table='permissions', id=c, name='canViewLogData', type="named", description='Allow user to view extended log data');
+                addRecord(table='rolepermissions', roleid=1, permissionid=c);
 
 			} catch (any e) {
 				local.exception = e;

examples/starter-app/app/models/Model.cfc

@@ -38,9 +38,14 @@ component extends="wheels.Model" {
 	* Simple sanitization: this could probably be improved somewhat.
 	**/
 	private function sanitizeInput(string){
-		local.rv = REReplaceNoCase(arguments.string, "<\ *[a-z].*?>", "", "all");
-		local.rv = REReplaceNoCase(local.rv, "<\ */\ *[a-z].*?>", "", "all");
-		local.rv = trim(htmleditFormat(local.rv));
+		local.rv = reReplaceNoCase(arguments.string, "<[^>]*>", "", "all");
+		local.rv = trim(local.rv);
+
+		local.rv = replace(local.rv, "&", "&amp;", "all");
+		local.rv = replace(local.rv, "<", "&lt;", "all");
+		local.rv = replace(local.rv, ">", "&gt;", "all");
+		local.rv = replace(local.rv, '"', "&quot;", "all");
+
 		return local.rv;
 	}
 

examples/starter-app/app/models/User.cfc

@@ -115,7 +115,7 @@ component extends="Model" {
 		return Replace(LCase(CreateUUID()), "-", "", "all");
 	}
 
-	function getUsers(required array where, required bool includeSoftDeletes, required number page, required number perpage) {
+	function getUsers(required array where, required boolean includeSoftDeletes, required numeric page, required numeric perpage) {
 		return findAll(where=whereify(arguments.where), page=arguments.page, includeSoftDeletes=arguments.includeSoftDeletes, perpage=arguments.perpage, include="role");
 	}
 

examples/starter-app/box.json

@@ -31,12 +31,14 @@
     "dependencies": {
         "wirebox": "^7.0.0",
         "testbox": "^6.0.0",
-        "wheels-core": "^3.0.0"
+        "wheels-core": "^3.0.0",
+        "cfwheels-authenticateThis":"^1"
     },
     "installPaths": {
         "wirebox": "vendor/wirebox/",
         "testbox": "vendor/testbox/",
-        "wheels-core": "vendor/wheels/"
+        "wheels-core": "vendor/wheels/",
+        "cfwheels-authenticateThis":"plugins/authenticateThis/"
     },
     "private":false,
     "license":[

examples/starter-app/public/Application.cfc

@@ -16,7 +16,6 @@ component output="false" {
 	this.wheelsDir  = this.vendorDir & "wheels/";
 	this.wireboxDir = this.vendorDir & "wirebox/";
 	this.testboxDir = this.vendorDir & "testbox/";
-
 	// Set up the mappings for the application.
 	this.mappings["/app"]     = this.appDir;
 	this.mappings["/vendor"]  = this.vendorDir;
@@ -25,12 +24,13 @@ component output="false" {
 	this.mappings["/testbox"] = this.testboxDir;
 	this.mappings["/tests"] = expandPath("../tests");
 	this.mappings["/config"] = expandPath("../config");
+	this.mappings["/plugins"] = expandPath("../plugins");
 
 	// We turn on "sessionManagement" by default since the Flash uses it.
 	this.sessionManagement = true;
 
 	// If a plugin has a jar or class file, automatically add the mapping to this.javasettings.
-	this.wheels.pluginDir = this.appDir & "plugins";
+	this.wheels.pluginDir = this.appDir & "../plugins";
 	this.wheels.pluginFolders = DirectoryList(
 		this.wheels.pluginDir,
 		"true",
@@ -259,7 +259,7 @@ component output="false" {
 			&& StructKeyExists(application.wo, "$restoreTestRunnerApplicationScope")
 		) {
 			application.wo.$restoreTestRunnerApplicationScope();
-			application.wo.$include(template = "#application.wheels.eventPath#/onabort.cfm");
+			application.wo.$include(template = "../../#application.wheels.eventPath#/onabort.cfm");
 		}
 		return true;
 	}
@@ -312,7 +312,7 @@ component output="false" {
 		location(url = local.redirectUrl, addToken = false);
 	}
 
-	private string function $buildRedirectUrl() {
+	public string function $buildRedirectUrl() {
 		// Determine the base URL
 		if (StructKeyExists(cgi, "path_info") && Len(cgi.path_info)) {
 			local.url = cgi.path_info;

examples/tweet/public/Application.cfc

@@ -259,7 +259,7 @@ component output="false" {
 			&& StructKeyExists(application.wo, "$restoreTestRunnerApplicationScope")
 		) {
 			application.wo.$restoreTestRunnerApplicationScope();
-			application.wo.$include(template = "#application.wheels.eventPath#/onabort.cfm");
+			application.wo.$include(template = "../../#application.wheels.eventPath#/onabort.cfm");
 		}
 		return true;
 	}

tools/docker/boxlang/box.json

@@ -2,7 +2,7 @@
     "name": "wheels-test-suite-boxlang",
     "version": "1.0.0",
     "dependencies": {
-        "wirebox": "^8.0.0",
+        "wirebox": "^7.0.0",
         "testbox": "^6.0.0",
         "bx-compat-cfml":"^1.27.0+35",
         "bx-csrf":"^1.2.0+3",