发表新帖
发表新帖

Is the “Maximum number of POST request parameters” limit trappable?

前端 未结
关注
2 1380
小鲜肉
小鲜肉 2021-01-17 22:56

Coldfusion 10 allows a limit to be set for the maximum number of POST request parameters (Server Settings / Settings / Request Size Limits / Maximum number of POST request p

2条回答
  • 借酒劲吻你
    借酒劲吻你 (楼主)
    2021-01-17 23:15

    I can confirm the behavior you are seeing. I think the exception is being thrown by the CF servlet, before Application.cfc is invoked, which would explain why onError never fires.

    So far, the only option that worked for me is adding a custom error page in WEB-INF\web.xml, using an HTTP status code:

    
    400
    /path/to/myErrorPage.cfm

    Note: From the comments, @Adrian mentioned that he added the above to \cfusion\runtime\conf\web.xml, rather than the one in web-inf\.

    Update 1:

    Further reading suggests you can also configure things at a more granular level. To handle a specific kind of exception, use instead of . For example:

    
    java.lang.Exception
    /path/to/myErrorPage.cfm

    That said, in my (brief) test, CF10 appeared to use very general exception classes for this error. Both of which have many potential causes, not just posting too many form fields. So keep that in mind. Granted it is a bit more focused than handling all HTTP 500 errors, but it may still encompass other causes as well. 

    javax.servlet.ServletException: ROOT CAUSE: 
    java.lang.IllegalStateException: Cannot call sendError() ..

    Update 2:

    Turns out the javax.servlet.ServletException was just a red herring. As @AdrianWright pointed out in the comments, that error is related to Debugging Settings. When CF generates the "Maximum number of POST request parameters" message, it does not properly account for debugging, which in turn causes a new exception: java.lang.IllegalStateException. Hence the HTTP 500 error:

    When debugging is disabled (as it would be on a production system) CF simply writes an error message directly to the response stream and returns HTTP status code 400. Since no exception is thrown, is useless here. So you are stuck with using status code:

    
    400
    /path/to/myErrorPage.cfm

    However, on the custom error page, you can extract the error message from the request stream. Then handle it accordingly: 

      
  

  
     Too many form fields. do something...
  
     Some other cause. do something else

    0 讨论(0)
 看不清?
提交回复
热议问题