Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Invalid parsed filename #11
Using both 5.5.1 and 5.5.2 I've found an issue when my site is scanned for vulnerabilities. Invalid fuseactions attempt to create a corresponding parsed file and this can trigger secondary "invalid filename" errors when invalid characters are passed in the URL string. Here is a sample query string that my external security scanner attempted:
This throws an "Invalid CFML construct found on line 14 at column 251" exception.
Suggested fix: Invalid fuseactions should short-circuit the parsed file creation and simply trigger the invalid fuseaction exception.