URL 中的句点导致 ColdFusion 错误 [英] Periods in URL causes ColdFusion error
问题描述
我目前遇到用户(或机器人,不确定)访问子目录中包含三个句点的不存在链接的问题.
I am currently having issues with users (or bots, not sure) visiting non-existent links that have three periods in a sub-directory.
例如,如果有人去:
http://www.example.com/.../test/index.cfm?
然后我收到以下错误:
String index out of range: -1 null
The error occurred on line -1.
我只用 1 个句点和 2 个句点对其进行了测试,它直接出现 404 错误.任何具有 3 个或更多句点的链接都会导致此错误.
I have tested it with just 1 period and just 2 periods and it goes straight to a 404 error. Any link though that has 3 or more periods will cause this error.
我的问题是我能做些什么来阻止这种情况发生?我的想法是将它们发送到 404 错误页面或重定向它们.我怎么能这样做?
My question is what can I do to stop this from happening? My thoughts are to send them to a 404 error page or redirect them. How could I do that?
我在 Microsoft-IIS/7.0 上运行 ColdFusion 8.0.1.
I am running ColdFusion 8.0.1 on Microsoft-IIS/7.0.
从 Miguel-F 编辑
我在 IIS 7.5 上使用 ColdFusion 9.0.1 复制了这个问题,并且在 PCI 扫描期间也注意到了这个问题.
I have duplicated this issue with ColdFusion 9.0.1 on IIS 7.5 and also noticed it during PCI scans.
错误:
java.lang.StringIndexOutOfBoundsException
堆栈跟踪:
java.lang.StringIndexOutOfBoundsException: String index out of range: -1 at
java.lang.AbstractStringBuilder.delete(Unknown Source) at
java.lang.StringBuffer.delete(Unknown Source) at
coldfusion.util.Utils.collapseDotDots(Utils.java:647) at
coldfusion.util.Utils.canonicalizeURI(Utils.java:601) at
coldfusion.filter.PathFilter.invoke(PathFilter.java:43) at
coldfusion.filter.ExceptionFilter.invoke(ExceptionFilter.java:70) at
coldfusion.filter.ClientScopePersistenceFilter.invoke(ClientScopePersistenceFilter.java:28) at
coldfusion.filter.BrowserFilter.invoke(BrowserFilter.java:38) at
coldfusion.filter.NoCacheFilter.invoke(NoCacheFilter.java:46) at
coldfusion.filter.GlobalsFilter.invoke(GlobalsFilter.java:38) at
coldfusion.filter.DatasourceFilter.invoke(DatasourceFilter.java:22) at
coldfusion.filter.CachingFilter.invoke(CachingFilter.java:62) at
coldfusion.CfmServlet.service(CfmServlet.java:201) at
coldfusion.bootstrap.BootstrapServlet.service(BootstrapServlet.java:89) at
jrun.servlet.FilterChain.doFilter(FilterChain.java:86) at
coldfusion.monitor.event.MonitoringServletFilter.doFilter(MonitoringServletFilter.java:42) at
coldfusion.bootstrap.BootstrapFilter.doFilter(BootstrapFilter.java:46) at
jrun.servlet.FilterChain.doFilter(FilterChain.java:94) at
jrun.servlet.FilterChain.service(FilterChain.java:101) at
jrun.servlet.ServletInvoker.invoke(ServletInvoker.java:106) at
jrun.servlet.JRunInvokerChain.invokeNext(JRunInvokerChain.java:42) at
jrun.servlet.JRunRequestDispatcher.invoke(JRunRequestDispatcher.java:286) at
jrun.servlet.ServletEngineService.dispatch(ServletEngineService.java:543) at
jrun.servlet.jrpp.JRunProxyService.invokeRunnable(JRunProxyService.java:203) at
jrunx.scheduler.ThreadPool$ThreadThrottle.invokeRunnable(ThreadPool.java:428) at
jrunx.scheduler.WorkerThread.run(WorkerThread.java:66)
推荐答案
既然你在 IIS 上,我想你可以使用 IIS URL rewrite 拦截并发送一个HTTP 400(错误请求)错误.
Since you are on IIS, I would think you could use IIS URL rewrite to intercept and send a HTTP 400 (bad request) Error.
它会在它到达 Coldfusion 之前捕获它.
That'll catch it before it gets to Coldfusion.
这篇关于URL 中的句点导致 ColdFusion 错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!