Migration Solutions for ColdFusion Applications to ASP.NET
      
New Atlanta Product Forums Profile | Search | Login | RSS
New Topic Reply   Previous Page  Page: 1   Next Page

Thread: Source code reveal
Created on: 07/27/18 06:07 AM Replies: 1
Peter


Joined: 03/31/08
Posts: 22
Source code reveal
07/27/18 6:07 AM

There is a bug in BlueDragon JX whereby if other file extensions (e.g. HTM) are handled by BlueDragon then if a slash is placed after the extension in the URL (for example http://forums.newatlanta.com/newpost.htm/) then BlueDragon doesn’t render the page but displays the page source code instead including all the CFML code. This doesn’t seem to affect CFM extensions and it only seems to affect files in the root of the site, not sub-folders. This is in build 7,1,1,18586 and IIS 10 and presumably earlier builds. Does anyone have a fix?
Link | Top | Bottom
Peter


Joined: 03/31/08
Posts: 22
RE: Source code reveal
07/27/18 8:17 AM

As an update, I discovered that if for the handler mapping I used ISAPI (BlueDragon_Adapter.dll) for the HTM extension instead of the managed handler as used by the CFM extension (NewAtlanta.ServletExec.Handler, BlueDragon.JX.HttpHandler, Version=7.1.*.*, Culture=neutral, PublicKeyToken=f26d87c038af5f98) then the source code was not revealed. Another work around.
Link | Top | Bottom

New Post
Please login to post a response.


company media information terms of use privacy policy contact us
This page was dynamically built on the BlueDragon CFML Engine