Form error after security hotfix apsb12-15


i tried posting in general cf area 2 weeks ago no reply, thought i'd try here.

 

i applied hotfix last week , seemed working, thought well.

 

it turns out forms used work without hitch generated error 500 no clue real issue.

 

these forms simple fill in, create pdf file, display file.  nothing creative.  no error message, , nothing tell me going on this, forced unload hf901-00005.jar , go hf901-00003.jar

 

it working again, i'd have security patch , have forms work.

 

any clues??

sduncanute wrote:


forms used work without hitch generated error 500 no clue real issue.

 

these forms simple fill in, create pdf file, display file.  nothing creative.  no error message, , nothing tell me going on this, forced unload hf901-00005.jar , go hf901-00003.jar

 

it working again, i'd have security patch , have forms work.

 

hi sduncanute,

 

yes (i experienced same exact issue when populating pdf forms after upgrading cf10), , there 2 issues here (but issues not pdf-related).  in short, there solution.  i'll explain:

 

first issue: tomcat errors not written start.log or exception.log.  why aren't seeing logged error.  bug #3126106 , marked fixed in cf10 (i haven't verified this, need to.  here note-to-self. =p).  however, i'm unsure if fixed in cf 9.0.2.

 

second issue: apsb12-15 states:

 

-----------

  1. this hot fix has new setting in coldfusion, post parameter limit. setting limits number of parameters in post request. default value 100. if post request contains more parameters specified, server doesn't process request , throws exception. process protects against dos attack using hash collision. setting different post size limit (coldfusion administrator > settings > maximum size of post data). setting isn't exposed in coldfusion administrator console. can change limit in neo-runtime.xml file. see point 5 below.
  2. customers want change postparameterlimit, go {coldfusion-home}/lib server installation or {coldfusion-home}/web-inf/cfusion/lib multiserver or j2ee installation. open file neo-runtime.xml, after line

 

"<var name='postsizelimit'><number>100.0</number></var>"

 

add line below , can change 100 desired number.

 

"<var name='postparameterslimit'><number>100.0</number></var>"

-----------

 

basically, tomcat error (which you're not seeing) being thrown b/c form attempting post more 100 fields.  so, says above: add bolded line , replace 100.0 w/ number high enough cover number of fields in form.

 

i'll note cf10 permits setting adjusted via cf admin's settings page via "maximum number of post request parameters" setting.

 

thanks,

-aaron



More discussions in ColdFusion Server Administration


adobe

Comments

Post a Comment