Is the “Maximum number of POST request parameters” limit trappable?

前端 未结 2 1385
小鲜肉
小鲜肉 2021-01-17 22:56

Coldfusion 10 allows a limit to be set for the maximum number of POST request parameters (Server Settings / Settings / Request Size Limits / Maximum number of POST request p

相关标签:
2条回答
  • 2021-01-17 23:15

    I can confirm the behavior you are seeing. I think the exception is being thrown by the CF servlet, before Application.cfc is invoked, which would explain why onError never fires.

    So far, the only option that worked for me is adding a custom error page in WEB-INF\web.xml, using an HTTP status code:

    <error-page>
        <error-code>400</error-code>
        <location>/path/to/myErrorPage.cfm</location>
    </error-page>
    

    Note: From the comments, @Adrian mentioned that he added the above to \cfusion\runtime\conf\web.xml, rather than the one in web-inf\.

    Update 1:

    Further reading suggests you can also configure things at a more granular level. To handle a specific kind of exception, use <exception-type> instead of <error-code>. For example:

    <error-page>
        <exception-type>java.lang.Exception</exception-type>
        <location>/path/to/myErrorPage.cfm</location>
    </error-page>
    

    That said, in my (brief) test, CF10 appeared to use very general exception classes for this error. Both of which have many potential causes, not just posting too many form fields. So keep that in mind. Granted it is a bit more focused than handling all HTTP 500 errors, but it may still encompass other causes as well.

    javax.servlet.ServletException: ROOT CAUSE: 
        java.lang.IllegalStateException: Cannot call sendError() ..
    

    Update 2:

    Turns out the javax.servlet.ServletException was just a red herring. As @AdrianWright pointed out in the comments, that error is related to Debugging Settings. When CF generates the "Maximum number of POST request parameters" message, it does not properly account for debugging, which in turn causes a new exception: java.lang.IllegalStateException. Hence the HTTP 500 error:

    When debugging is disabled (as it would be on a production system) CF simply writes an error message directly to the response stream and returns HTTP status code 400. Since no exception is thrown, <exception-type> is useless here. So you are stuck with using status code:

    <error-page>
        <error-code>400</error-code>
        <location>/path/to/myErrorPage.cfm</location>
    </error-page>
    

    However, on the custom error page, you can extract the error message from the request stream. Then handle it accordingly:

      <cfset req = getPageContext().getRequest()>
      <cfset message = req.getAttribute("javax.servlet.error.message")>
    
      <cfif message contains "POST parameters exceeds">
         Too many form fields. do something...
      <cfelse>
         Some other cause. do something else
      </cfif>
    
    0 讨论(0)
  • 2021-01-17 23:20

    If the limit is exceeded, then there would be entries in the ColdFusion exception and application log.

    0 讨论(0)
提交回复
热议问题