Renderer methods assume the module exists
Description
I have been getting some errors from spiders that are trying to try different URLs to find a weakness.
The URL is this: /AdminUsers/javascript:void(0);
I think this would just take some sort of change in the Renderer.cfc in the functions locateModuleLayout and locateModuleView.
Something like:
if ( !structKeyExists(variables.modulesConfig,arguments.module) )
return 'whatever the invalidEventHandler event path is'
Activity
I am yes. Normal 404s are handled. I think it is because it sees this as a module route. When the route is just “/AdminUsers/javascript” it works. When I add the “/AdminUsers/javascript:void(0);” it causes the error.
Element ADMINUSERS.JAVASCRIPT is undefined in a CFML structure referenced as part of an expression.
at cfRenderer2ecfc1070012657$funcLOCATEMODULELAYOUT.runFunction(C:\ColdFusion2018\cfusion\wwwroot\xxxxxx\frameworks\coldbox\system\web\Renderer.cfc:666
Is there is a workaround I am missing? Thanks.
Ahh ok, that’s what I need to test. So the AdminUsers is a REAL module then.
Correct.
The correct URL is mysite.com/AdminUsers/index
If you type in mysite.com/AdminUsers/javascript it will give the proper 404 invalid event screen
if you type in the mysite.com/AdminUsers/javascript:void(0) you will then get the error I posted above…
This may also be related to the following issue:
I believe it has something to do with the colon in the URL path.
Yes I would agree that it is the same issue. I think it is because it sees it as a module route and it does not trigger the same 404.
