Uploaded image for project: 'Railo'
  1. Railo
  2. RAILO-3113

cflocation errors when URL includes ../ in path

    Details

    • Type: Bug
    • Status: Resolved (View Workflow)
    • Priority: Major
    • Resolution: Done
    • Affects Version/s: 4.2.1.000
    • Fix Version/s: 4.3.0.000, 4.2.1.003
    • Labels:
      None
    • Environment:

      OS Linux (2.6.32-431.20.3.el6.x86_64) 64bit
      Servlet Container Apache Tomcat/7.0.53
      Java 1.7.0_55 (Oracle Corporation) 64bit

    • Steps to Reproduce:
      Hide

      To repeat this issue create a file in the webroot called "test.cfm" and include:

      <cfinclude template="test/test.cfm">
      

      Then create a subdirectory called "test" and add a file in that called "test.cfm" with the following in it:

      <cflocation url="../outputfile.cfm">
      

      Then in the webroot create another file called "outputfile.cfm" and place some text in it.

      Run /test.cfm and you will get this message:

      java.lang.IllegalArgumentException
      

      And this stack trace:

      java.lang.IllegalArgumentException at org.apache.catalina.connector.Response.normalize(Response.java:1795):1795 at org.apache.catalina.connector.Response.toAbsolute(Response.java:1715):1715 at org.apache.catalina.connector.Response.encodeRedirectURL(Response.java:1184):1184 at org.apache.catalina.connector.ResponseFacade.encodeRedirectURL(ResponseFacade.java:417):417 at railo.runtime.tag.Location.doStartTag(Location.java:97):97 at test.test_cfm$cf.call(/test/test.cfm:1):1 at railo.runtime.PageContextImpl.doInclude(PageContextImpl.java:913):913 at railo.runtime.PageContextImpl.doInclude(PageContextImpl.java:817):817 at test_cfm$cf.call(/test.cfm:1):1 at railo.runtime.PageContextImpl.doInclude(PageContextImpl.java:913):913 at railo.runtime.PageContextImpl.doInclude(PageContextImpl.java:817):817 at application_cfc$cf.udfCall(/Application.cfc:64):64 at railo.runtime.type.UDFImpl.implementation(UDFImpl.java:92):92 at railo.runtime.type.UDFImpl._call(UDFImpl.java:306):306 at railo.runtime.type.UDFImpl.call(UDFImpl.java:207):207 at railo.runtime.ComponentImpl._call(ComponentImpl.java:623):623 at railo.runtime.ComponentImpl._call(ComponentImpl.java:506):506 at railo.runtime.ComponentImpl.call(ComponentImpl.java:1738):1738 at railo.runtime.listener.ModernAppListener.call(ModernAppListener.java:388):388 at railo.runtime.listener.ModernAppListener._onRequest(ModernAppListener.java:204):204 at railo.runtime.listener.MixedAppListener.onRequest(MixedAppListener.java:18):18 at railo.runtime.PageContextImpl.execute(PageContextImpl.java:2218):2218 at railo.runtime.PageContextImpl.execute(PageContextImpl.java:2185):2185 at railo.runtime.engine.CFMLEngineImpl.serviceCFML(CFMLEngineImpl.java:332):332 at railo.loader.servlet.CFMLServlet.service(CFMLServlet.java:29):29 at javax.servlet.http.HttpServlet.service(HttpServlet.java:727):727 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303):303 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208):208 at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52):52 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241):241 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208):208 at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220):220 at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122):122 at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501):501 at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170):170 at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98):98 at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116):116 at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408):408 at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:193):193 at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:607):607 at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:313):313 at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145):1145 at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615):615 at java.lang.Thread.run(Thread.java:745):745
      

      If you then change the code in test/test.cfm to:

      <cflocation url="outputfile.cfm">
      

      The error goes away and the you end up a testfile.cfm in the webroot in the browser.

      Show
      To repeat this issue create a file in the webroot called "test.cfm" and include: <cfinclude template= "test/test.cfm" > Then create a subdirectory called "test" and add a file in that called "test.cfm" with the following in it: <cflocation url= "../outputfile.cfm" > Then in the webroot create another file called "outputfile.cfm" and place some text in it. Run /test.cfm and you will get this message: java.lang.IllegalArgumentException And this stack trace: java.lang.IllegalArgumentException at org.apache.catalina.connector.Response.normalize(Response.java:1795):1795 at org.apache.catalina.connector.Response.toAbsolute(Response.java:1715):1715 at org.apache.catalina.connector.Response.encodeRedirectURL(Response.java:1184):1184 at org.apache.catalina.connector.ResponseFacade.encodeRedirectURL(ResponseFacade.java:417):417 at railo.runtime.tag.Location.doStartTag(Location.java:97):97 at test.test_cfm$cf.call(/test/test.cfm:1):1 at railo.runtime.PageContextImpl.doInclude(PageContextImpl.java:913):913 at railo.runtime.PageContextImpl.doInclude(PageContextImpl.java:817):817 at test_cfm$cf.call(/test.cfm:1):1 at railo.runtime.PageContextImpl.doInclude(PageContextImpl.java:913):913 at railo.runtime.PageContextImpl.doInclude(PageContextImpl.java:817):817 at application_cfc$cf.udfCall(/Application.cfc:64):64 at railo.runtime.type.UDFImpl.implementation(UDFImpl.java:92):92 at railo.runtime.type.UDFImpl._call(UDFImpl.java:306):306 at railo.runtime.type.UDFImpl.call(UDFImpl.java:207):207 at railo.runtime.ComponentImpl._call(ComponentImpl.java:623):623 at railo.runtime.ComponentImpl._call(ComponentImpl.java:506):506 at railo.runtime.ComponentImpl.call(ComponentImpl.java:1738):1738 at railo.runtime.listener.ModernAppListener.call(ModernAppListener.java:388):388 at railo.runtime.listener.ModernAppListener._onRequest(ModernAppListener.java:204):204 at railo.runtime.listener.MixedAppListener.onRequest(MixedAppListener.java:18):18 at railo.runtime.PageContextImpl.execute(PageContextImpl.java:2218):2218 at railo.runtime.PageContextImpl.execute(PageContextImpl.java:2185):2185 at railo.runtime.engine.CFMLEngineImpl.serviceCFML(CFMLEngineImpl.java:332):332 at railo.loader.servlet.CFMLServlet.service(CFMLServlet.java:29):29 at javax.servlet.http.HttpServlet.service(HttpServlet.java:727):727 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303):303 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208):208 at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52):52 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241):241 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208):208 at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220):220 at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122):122 at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501):501 at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170):170 at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98):98 at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116):116 at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408):408 at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:193):193 at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:607):607 at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:313):313 at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145):1145 at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615):615 at java.lang. Thread .run( Thread .java:745):745 If you then change the code in test/test.cfm to: <cflocation url= "outputfile.cfm" > The error goes away and the you end up a testfile.cfm in the webroot in the browser.
    • Affects:
      Compatibility/Configuration
    • Workaround:
      Workaround Exists
    • Workaround Description:
      Hide

      Remove ../ from the cflocation URL attribute value.

      Show
      Remove ../ from the cflocation URL attribute value.

      Description

      If a file from a sub directory is included using cfinclude and that file includes a cflocation to a file in the above directory and is referenced using "../" in the URL attribute then the following error is thrown:

      java.lang.IllegalArgumentException

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                micstriit Michael Offner
                Reporter:
                andrew-cfd Andrew Dixon
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: