Just found this bug today….

So CF8 outputs the cfcatch.message into the Reason-Phrase portion of the HTTP Response, however it does not strip new lines (LF or CR). A web server, however, should never send new lines in the Reason-Phrase [1], and should probably be truncating that error message at a certain length.

[1] RFC2616, Section6, HTTP Response

It’s pretty easy to reproduce this bug:

<cfthrow message="foo #chr(10)##chr(10)##chr(10)# bar">

Another way to show this is with the new deserializeJSON() function in CF8 when the JSON is not valid. CF outputs the exception message with the JSON into the Reason-Phrase portion of the HTTP response Status-Line without stripping out new lines.

ColdFusion Code

<cfset json = '
{
    "foo": [
        {}
        "",
        {
            "f": {}
        }
    ]
}
'>

<cfset deserializeJSON(json)>

And the server responds with:

HTTP Response

HTTP/1.1 500 JSON parsing failure: Expected ',' or ']' at character 20:'"' in {
	"foo": [
		{}
		"",
		{
			"f": {}
		}
	]
}
Date: Wed, 01 Aug 2007 05:31:39 GMT
Server: Apache/1.3.33 (Darwin) mod_fastcgi/2.4.2 PHP/5.2.0 JRun/4.0
server-error: true
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

<!-- " ---></TD></TD></TD></TH></TH></TH></TR></TR></TR></TABLE></TABLE>

As it stands now, if you had 100 lines of JSON and there’s an error at the end, CF will dump all previous lines of JSON into the http Reason-Phrase.

This is particularly apparent in Safari (and WebKit based browsers) where it actually displays the HTTP headers in the body of the page because it sees new lines and assumes the HTTP headers are complete, and worse in Gecko based browsers that render the page as text/plain because the Content-Type header is never processed!

It should also be noted that CF7 output “Internal Server Error” for the Reason-Phrase instead of the exception message.

There also seems to be some other random junk thrown into the page when an exception is thrown….

foo bar baz<cfthrow message="foo #chr(10)##chr(10)#bar">

Will generate the following right after the http headers:

b  
foo bar baz
1f27

I hope this saves someone some time trying to figure out what’s going on on their code! :)

No tags

No comments yet.

<< cfimage and ImageScaleToFit on Large Images Pegs CPU

Getting the Expected Results for GetCurrentTemplatePath() in a Custom Tag. >>