URL中的句点导致ColdFusion错误 [英] Periods in URL causes ColdFusion error
问题描述
我目前在访问子目录中有三个句点的不存在的链接的用户(或漫游器,不确定)有问题。
例如,如果有人访问:
http://www.example.com/.../test/index.cfm?
然后我收到以下错误:
String index超出范围:-1 null
错误发生在行-1。
我测试了它只有1个周期,只有2个周期,它直接发生404错误。任何具有3个或更多时段的链接将导致此错误。
我的问题是,我可以做什么来阻止这种情况发生?我的想法是将他们发送到404错误页面或重定向他们。
我在Microsoft-IIS / 7.0上运行ColdFusion 8.0.1。
从Miguel-F编辑我在IIS 7.5上重复了ColdFusion 9.0.1的此问题,并且在PCI扫描期间也注意到了此问题。
错误:
java.lang.StringIndexOutOfBoundsException
Stacktrace:
java.lang.StringIndexOutOfBoundsException:String index超出范围:-1 at
java.lang.AbstractStringBuilder.delete(未知源)at
java.lang.StringBuffer.delete(未知源)at
coldfusion.util.Utils.collapseDotDots(Utils.java:647)at
coldfusion.util.Utils.canonicalizeURI(Utils.java:601)at
coldfusion.filter.PathFilter.invoke(PathFilter。 java:43)at
coldfusion.filter.ExceptionFilter.invoke(ExceptionFilter.java:70)at
coldfusion.filter.ClientScopePersistenceFilter.invoke(ClientScopePersistenceFilter.java:28)at
coldfusion.filter .BrowserFilter.invoke(BrowserFilter.java:38)at
coldfusion.filter.NoCacheFilter.invoke(NoCacheFilter.java:46)at
coldfusion.filter.GlobalsFilter.invoke(GlobalsFilter.java:38)at
coldfusion.filter.DatasourceFilter.invoke(DatasourceFilter.java:22)at
coldfusion.filter.CachingFilter.invoke(CachingFilter.java:62)at
coldfusion.CfmServlet.service(CfmServlet。 java:201)at
coldfusion.bootstrap.BootstrapServlet.service(BootstrapServlet.java:89)at
jrun.servlet.FilterChain.doFilter(FilterChain.java:86)at
coldfusion.monitor .event.MonitoringServletFilter.doFilter(MonitoringServletFilter.java:42)at
coldfusion.bootstrap.BootstrapFilter.doFilter(BootstrapFilter.java:46)at
jrun.servlet.FilterChain.doFilter(FilterChain.java:94 )at
jrun.servlet.FilterChain.service(FilterChain.java:101)at
jrun.servlet.ServletInvoker.invoke(ServletInvoker.java:106)at
jrun.servlet.JRunInvokerChain。在
处的$ r $ j
的jrun.servlet.ServletEngineService.dispatch(ServletEngineService.java:543)
上的
的jrun.servlet.JRunRequestDispatcher.invoke(JRunRequestDispatcher.java:286)中的invokeNext(JRunInvokerChain.java:42) b jrun.servlet.jrpp.JRunProxyService.invokeRunnable(JRunProxyService.java:203)at
jrunx.scheduler.ThreadPool $ ThreadThrottle.invokeRunnable(ThreadPool.java:428)at
jrunx.scheduler.WorkerThread.run (WorkerThread.java:66)
IIS,我认为您可以使用 IIS URL重写拦截并发送< a href =http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html =nofollow> HTTP 400(错误请求)错误。
它会在Coldfusion之前捕获它。
I am currently having issues with users (or bots, not sure) visiting non-existent links that have three periods in a sub-directory.
For example, if someone goes to:
http://www.example.com/.../test/index.cfm?
Then I receive the following error:
String index out of range: -1 null
The error occurred on line -1.
I have tested it with just 1 period and just 2 periods and it goes straight to a 404 error. Any link though that has 3 or more periods will cause this error.
My question is what can I do to stop this from happening? My thoughts are to send them to a 404 error page or redirect them. How could I do that?
I am running ColdFusion 8.0.1 on Microsoft-IIS/7.0.
Edit from Miguel-F
I have duplicated this issue with ColdFusion 9.0.1 on IIS 7.5 and also noticed it during PCI scans.
Error:
java.lang.StringIndexOutOfBoundsException
Stacktrace:
java.lang.StringIndexOutOfBoundsException: String index out of range: -1 at
java.lang.AbstractStringBuilder.delete(Unknown Source) at
java.lang.StringBuffer.delete(Unknown Source) at
coldfusion.util.Utils.collapseDotDots(Utils.java:647) at
coldfusion.util.Utils.canonicalizeURI(Utils.java:601) at
coldfusion.filter.PathFilter.invoke(PathFilter.java:43) at
coldfusion.filter.ExceptionFilter.invoke(ExceptionFilter.java:70) at
coldfusion.filter.ClientScopePersistenceFilter.invoke(ClientScopePersistenceFilter.java:28) at
coldfusion.filter.BrowserFilter.invoke(BrowserFilter.java:38) at
coldfusion.filter.NoCacheFilter.invoke(NoCacheFilter.java:46) at
coldfusion.filter.GlobalsFilter.invoke(GlobalsFilter.java:38) at
coldfusion.filter.DatasourceFilter.invoke(DatasourceFilter.java:22) at
coldfusion.filter.CachingFilter.invoke(CachingFilter.java:62) at
coldfusion.CfmServlet.service(CfmServlet.java:201) at
coldfusion.bootstrap.BootstrapServlet.service(BootstrapServlet.java:89) at
jrun.servlet.FilterChain.doFilter(FilterChain.java:86) at
coldfusion.monitor.event.MonitoringServletFilter.doFilter(MonitoringServletFilter.java:42) at
coldfusion.bootstrap.BootstrapFilter.doFilter(BootstrapFilter.java:46) at
jrun.servlet.FilterChain.doFilter(FilterChain.java:94) at
jrun.servlet.FilterChain.service(FilterChain.java:101) at
jrun.servlet.ServletInvoker.invoke(ServletInvoker.java:106) at
jrun.servlet.JRunInvokerChain.invokeNext(JRunInvokerChain.java:42) at
jrun.servlet.JRunRequestDispatcher.invoke(JRunRequestDispatcher.java:286) at
jrun.servlet.ServletEngineService.dispatch(ServletEngineService.java:543) at
jrun.servlet.jrpp.JRunProxyService.invokeRunnable(JRunProxyService.java:203) at
jrunx.scheduler.ThreadPool$ThreadThrottle.invokeRunnable(ThreadPool.java:428) at
jrunx.scheduler.WorkerThread.run(WorkerThread.java:66)
Since you are on IIS, I would think you could use IIS URL rewrite to intercept and send a HTTP 400 (bad request) Error.
That'll catch it before it gets to Coldfusion.
这篇关于URL中的句点导致ColdFusion错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
