Re: Templates executing twice CF bug

2001-12-11 Thread Max Paperno 

Hi,

>Not strange at all.

Well, I agree that would make sense.  Also I should have checked the Web server logs 
for my test before I sent it out.  I do see the double HTTP request in the logs from 
this example.

However, I just tried again the original place I discovered this (a much more 
complicated situation), and there is no double entry in the Web logs.  Really.  
Perhaps it has something to do with browser cache.  So, that was the source of my 
confusion previously.  Perhaps the browser really is requesting the whole page twice 
but it's not logged by the Web server?  Not sure.  Web servers I tried are WebSite Pro 
and Apache.  Also not sure why the CF version would affect the results in my case.

I'll see if I can repro this situation again and cause it not to log to the Web 
server.  I agree the explanation offered by James and Jochem makes sense, but in any 
case this is something to watch out for.  I'll report back if I find anything new on 
this.

Regards,
-Max
~~
Get the mailserver that powers this list at http://www.coolfusion.com
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

Re: Templates executing twice CF bug

2001-12-11 Thread Jochem van Dieten 

Max Paperno wrote:

> Greetings,
> 
> I've identified a somewhat minor but possibly damaging bug in CF 5.


It is not a bug.

>  It's pretty strange, but true.  Zac Belado has confirmed that this

was also the problem in his case (see his "Page Processing Twice" message from earlier 
today).  It seems to only affect CF5 (4.5 was also tried) but so far only tested on 
W2K.


Why you believe this is unclear to me. There must be differences in 
server setup.

> The bug causes a template to be executed twice by the CF engine.  It literally runs 
>everything connected to the request twice (all includes, parent template, etc).  
>There is no indication of this unless you have data that is noticeably affected (such 
>as inserting DB records).  The HTTP request is not doubled, only the actual CF code 
>execution.  This is not browser or Web server-related in any way.


It is browser related.



> The cause seems to be missing cfoutput tags around a variable call, and apparently 
>specifically in an IMG tag (some others were tried with no problems surfacing).


I would imagine this would also surface with objects, javascript 
includes etc.

> So some code like this:
> 
> 
> 
> (w/out cfoutput tags anywhere around it) will cause double execution.  Wrap it in 
>cfoutputs (or in comments) and the problem goes away.
> 
> Strange, no?


Not strange at all.

This is what happens. Inside the page you send to the browser is the 
following HTML.


The browser expects to have to display an image with a relavtive 
location of "#someVariable#/test.gif". But since # means that it is a 
named object inside the same page the browser repeats the request to the 
webserver to get the same page again. Just like you would use target="#" 
to make a form post back to itself.

If I run your template normally.

Webserver log:
2001-12-11 09:43:08 130.161.67.244 - W3SVC1 SPIKE GET 
/jochemd/bugtest.cfm - 200 641 502 0 HTTP/1.1 
Mozilla/5.0+(Windows;+U;+WinNT4.0;+en-US;+rv:0.9.5)+Gecko/20011011 
CFID=63542;+CFTOKEN=51494371 -
2001-12-11 09:43:08 130.161.67.244 - W3SVC1 SPIKE GET 
/jochemd/bugtest.cfm - 200 643 560 16 HTTP/1.1 
Mozilla/5.0+(Windows;+U;+WinNT4.0;+en-US;+rv:0.9.5)+Gecko/20011011 
CFID=63542;+CFTOKEN=51494371 http://spike.oli.tudelft.nl/jochemd/bugtest.cfm

BugTestLog.txt:
Ran at {ts '2001-12-11 10:43:08'}
Ran at {ts '2001-12-11 10:43:08'}

But now I disable the automatic loading of images in my browser 
(Mozilla: Edit, Preferences, Privacy & Security, Images, "Do not load 
any images").

webserver log:
2001-12-11 09:46:27 130.161.67.244 - W3SVC1 SPIKE GET 
/jochemd/bugtest.cfm - 200 641 502 0 HTTP/1.1 
Mozilla/5.0+(Windows;+U;+WinNT4.0;+en-US;+rv:0.9.5)+Gecko/20011011 
CFID=63542;+CFTOKEN=51494371 -

BugTestLog.txt:
Ran at {ts '2001-12-11 10:46:27'}

FYI:
Browser: Mozilla/5.0 (Windows; U; WinNT4.0; en-US; rv:0.9.5) Gecko/20011011
Server: NT4 SP6a + Security Rolup Package
Webserver: IIS 4 + Security Rollup Package (15 august I believe)
CF: 4.5.1 SP2 Enterprise + Security Fixes

Jochem
~~
Your ad could be here. Monies from ads go to support these lists and provide more 
resources for the community. http://www.fusionauthority.com/ads.cfm
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

Re: Templates executing twice CF bug

2001-12-11 Thread James Sleeman 

Ok, here is what I see is hapenning in this situation (and it is NOTHING to 
do with CF or IIS or anything server side here), quite simple... let's take 
for exampl the _URL_) you are using in the src of your img tag it has a bit 
before the first #  which in this case is an empty string, and a bit after 
the first # which isn't important for now.  What does this remind you 
of perhaps something like foo (by now 
you probably see your error but I'll continue for those who it is not 
obvious to).  What that anchor does is tells your browser to get blah.htm 
and display it from the point in the document that the anchor named 
someAnchor appears.  You canm just as easily write foo which tells the browser to go to the point in the 
document where the anchor someAnchor appears.  Both of these are valid 
URLS.  The src in an image tag takes a valid URL.  So in your example img 
tag below, when the browser gets that (the hashes come through because 
there is no cfoutput around it) it reads that as "load the image from the 
current document at the point where the anchor 
"variables.someVariable#/test.gif" is written" (which of course makes no 
sense, but the browser doesn't care, all it wanted was a URL and you gave 
it a URL), it does it's duty, the img tag causes  the template to be hit 
again, and when it gets the results it tries to the anchor you specified 
(which of course doesn't do anything because not only does the anchor not 
exist, but that file isn't an image either).  Now of course this may not 
happen on all browsers, mainly because if they are clever enough they will 
not have to actually hit the server to get the same file they are looking 
at, and if they are really clever enough they will know that an anchor 
specification inside an img src is nonsense and will ignore it.

Nothing mystical, just not an expected behaviour on behalf of web browsers.

At 05:29 PM 12/11/2001, you wrote:

>


James Sleeman
Innovative Media Ltd
Phone: (03) 377 6262
http://www.websolutions.co.nz/

CAUTION: The information contained in this email message is confidential 
and may be legally privileged. If the reader of this message is not the 
intended recipient you are notified that any use, dissemination, 
distribution or reproduction of this message is prohibited. If you have 
received this message in error please notify the sender immediately and 
destroy the original message and any attachments.

Views expressed in this communication may not be those of Innovative Media Ltd. 
~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

Re: Templates executing twice CF bug

2001-12-10 Thread Howie Hamlin 

I just tried this on the following setup:

O'Reilly WebSite Pro 2.5.4
ColdFusion 5 Enterprise
Windows 2000 Server

The first time the template was executed there was only one timestamp.  Each 
additional time there were two timestamps.  So, it
looks like the problem occurs when the template gets cached by ColdFusion and that it 
is also not related to IIS.

Do you have template caching enabled?

Howie

- Original Message -
From: "Andrew Scott" <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Tuesday, December 11, 2001 2:12 AM
Subject: RE: Templates executing twice CF bug


> I am not going to sit here, and get lost in this. I tried everyone of
> your suggestions and must admit it doesn't do it here.
>
> I am going to think this might be an IIS problem, because CF would not
> be passing this bit of code anyway as it would be headed back to the IIS
> resources. Sorry guys but I tried everything to do what you guys have
> tried, but remember this if IIS can't handle the #'s then maybe this is
> another security hole by MS?
>
>
>
> -Original Message-
> From: Fisichella [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, 11 December 2001 5:09 PM
> To: CF-Talk
> Subject: Re: Templates executing twice CF bug
>
> I try it for CF 4.5 Server Prof on Win2K Prof. Have the same problem.
> Double
> Log entry for no cfoutput.
>
> - Original Message -
> From: "Garza, Jeff" <[EMAIL PROTECTED]>
> To: "CF-Talk" <[EMAIL PROTECTED]>
> Sent: Tuesday, December 11, 2001 12:04 PM
> Subject: RE: Templates executing twice CF bug
>
>
> 
~~
Get the mailserver that powers this list at http://www.coolfusion.com
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

RE: Templates executing twice CF bug

2001-12-10 Thread Andrew Scott 

I am not going to sit here, and get lost in this. I tried everyone of
your suggestions and must admit it doesn't do it here.

I am going to think this might be an IIS problem, because CF would not
be passing this bit of code anyway as it would be headed back to the IIS
resources. Sorry guys but I tried everything to do what you guys have
tried, but remember this if IIS can't handle the #'s then maybe this is
another security hole by MS?



-Original Message-
From: Fisichella [mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, 11 December 2001 5:09 PM
To: CF-Talk
Subject: Re: Templates executing twice CF bug

I try it for CF 4.5 Server Prof on Win2K Prof. Have the same problem.
Double
Log entry for no cfoutput.

- Original Message -
From: "Garza, Jeff" <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Tuesday, December 11, 2001 12:04 PM
Subject: RE: Templates executing twice CF bug


~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

Re: Templates executing twice CF bug

2001-12-10 Thread Fisichella 

I try it for CF 4.5 Server Prof on Win2K Prof. Have the same problem. Double
Log entry for no cfoutput.

- Original Message -
From: "Garza, Jeff" <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Tuesday, December 11, 2001 12:04 PM
Subject: RE: Templates executing twice CF bug


> Ran your test code and I only got a single log entry.  Running CF5 Single
> User on Win2kPro.  Will try in the morning on Full Enterprise CF5 on
> Advanced Server.
>
> Jeff Garza
> Webmaster/Lead Developer
> Spectrum Astro, Inc.
> [EMAIL PROTECTED]
>
> -Original Message-
> From: Max Paperno
> To: CF-Talk
> Sent: 12/10/01 9:29 PM
> Subject: Templates executing twice CF bug
>
> Greetings,
>
> I've identified a somewhat minor but possibly damaging bug in CF 5.
> It's pretty strange, but true.  Zac Belado has confirmed that this was
> also the problem in his case (see his "Page Processing Twice" message
> from earlier today).  It seems to only affect CF5 (4.5 was also tried)
> but so far only tested on W2K.
>
> The bug causes a template to be executed twice by the CF engine.  It
> literally runs everything connected to the request twice (all includes,
> parent template, etc).  There is no indication of this unless you have
> data that is noticeably affected (such as inserting DB records).  The
> HTTP request is not doubled, only the actual CF code execution.  This is
> not browser or Web server-related in any way.
>
> The cause seems to be missing cfoutput tags around a variable call, and
> apparently specifically in an IMG tag (some others were tried with no
> problems surfacing).  So some code like this:
>
> 
>
> (w/out cfoutput tags anywhere around it) will cause double execution.
> Wrap it in cfoutputs (or in comments) and the problem goes away.
>
> Strange, no?
>
> So strange that I wrote a test for this.  I've pasted my test template
> below, but if your email client makes it unreadable then you can also
> download a version here <http://www.WorldDesign.com/CF/BugTest.cfm.txt>.
> Instructions are in the comment. I'll also submit this to MM.
>
> Comments welcome.
>
> Cheers,
> -Max
>
>
> BugTest.cfm
> ---
> 
>
> 
> 
>  type="EXCLUSIVE">
>  addnewline="Yes">
> 
> 
>
> 
>
> 
>
>
>
> -
> Maxim Paperno, CTO
> World Design Group, Inc.
> [ CF Development and Hosting since 1996 ]
> <http://www.WorldDesign.com/>
>
>
>
> 
~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

RE: Templates executing twice CF bug

2001-12-10 Thread Norman Elton 

I must admit, I was a doubter. Here's how I confirmed your bug:

CFPARAM a server variable to zero. Increment it by one, then display it.
If you include a non-CFOUTPUTed variable in an image tag, the number is
displayed incrementing by two. Take out the mysterious IMG tag, or turn
it into a garbage "" tag, and the number seems to
increment by one.

Very bizarre!

Norman Elton
College of William & Mary

-Original Message-
From: Max Paperno [mailto:[EMAIL PROTECTED]] 
Sent: Monday, December 10, 2001 11:29 PM
To: CF-Talk
Subject: Templates executing twice CF bug


Greetings,

I've identified a somewhat minor but possibly damaging bug in CF 5.
It's pretty strange, but true.  Zac Belado has confirmed that this was
also the problem in his case (see his "Page Processing Twice" message
from earlier today).  It seems to only affect CF5 (4.5 was also tried)
but so far only tested on W2K.

The bug causes a template to be executed twice by the CF engine.  It
literally runs everything connected to the request twice (all includes,
parent template, etc).  There is no indication of this unless you have
data that is noticeably affected (such as inserting DB records).  The
HTTP request is not doubled, only the actual CF code execution.  This is
not browser or Web server-related in any way.

The cause seems to be missing cfoutput tags around a variable call, and
apparently specifically in an IMG tag (some others were tried with no
problems surfacing).  So some code like this:



(w/out cfoutput tags anywhere around it) will cause double execution.
Wrap it in cfoutputs (or in comments) and the problem goes away.

Strange, no?

So strange that I wrote a test for this.  I've pasted my test template
below, but if your email client makes it unreadable then you can also
download a version here <http://www.WorldDesign.com/CF/BugTest.cfm.txt>.
Instructions are in the comment. I'll also submit this to MM.

Comments welcome.

Cheers,
-Max


BugTest.cfm
---





  







-
Maxim Paperno, CTO
World Design Group, Inc.
[ CF Development and Hosting since 1996 ] <http://www.WorldDesign.com/>



~~
Your ad could be here. Monies from ads go to support these lists and provide more 
resources for the community. http://www.fusionauthority.com/ads.cfm
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

RE: Templates executing twice CF bug

2001-12-10 Thread Garza, Jeff 

Ran your test code and I only got a single log entry.  Running CF5 Single
User on Win2kPro.  Will try in the morning on Full Enterprise CF5 on
Advanced Server.

Jeff Garza
Webmaster/Lead Developer
Spectrum Astro, Inc.
[EMAIL PROTECTED]

-Original Message-
From: Max Paperno
To: CF-Talk
Sent: 12/10/01 9:29 PM
Subject: Templates executing twice CF bug

Greetings,

I've identified a somewhat minor but possibly damaging bug in CF 5.
It's pretty strange, but true.  Zac Belado has confirmed that this was
also the problem in his case (see his "Page Processing Twice" message
from earlier today).  It seems to only affect CF5 (4.5 was also tried)
but so far only tested on W2K.

The bug causes a template to be executed twice by the CF engine.  It
literally runs everything connected to the request twice (all includes,
parent template, etc).  There is no indication of this unless you have
data that is noticeably affected (such as inserting DB records).  The
HTTP request is not doubled, only the actual CF code execution.  This is
not browser or Web server-related in any way.

The cause seems to be missing cfoutput tags around a variable call, and
apparently specifically in an IMG tag (some others were tried with no
problems surfacing).  So some code like this:



(w/out cfoutput tags anywhere around it) will cause double execution.
Wrap it in cfoutputs (or in comments) and the problem goes away.

Strange, no?

So strange that I wrote a test for this.  I've pasted my test template
below, but if your email client makes it unreadable then you can also
download a version here <http://www.WorldDesign.com/CF/BugTest.cfm.txt>.
Instructions are in the comment. I'll also submit this to MM.

Comments welcome.

Cheers,
-Max


BugTest.cfm
---















-
Maxim Paperno, CTO
World Design Group, Inc.
[ CF Development and Hosting since 1996 ]
<http://www.WorldDesign.com/>



~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

Templates executing twice CF bug

2001-12-10 Thread Max Paperno 

Greetings,

I've identified a somewhat minor but possibly damaging bug in CF 5.  It's pretty 
strange, but true.  Zac Belado has confirmed that this was also the problem in his 
case (see his "Page Processing Twice" message from earlier today).  It seems to only 
affect CF5 (4.5 was also tried) but so far only tested on W2K.

The bug causes a template to be executed twice by the CF engine.  It literally runs 
everything connected to the request twice (all includes, parent template, etc).  There 
is no indication of this unless you have data that is noticeably affected (such as 
inserting DB records).  The HTTP request is not doubled, only the actual CF code 
execution.  This is not browser or Web server-related in any way.

The cause seems to be missing cfoutput tags around a variable call, and apparently 
specifically in an IMG tag (some others were tried with no problems surfacing).  So 
some code like this:



(w/out cfoutput tags anywhere around it) will cause double execution.  Wrap it in 
cfoutputs (or in comments) and the problem goes away.

Strange, no?

So strange that I wrote a test for this.  I've pasted my test template below, but if 
your email client makes it unreadable then you can also download a version here 
.  Instructions are in the comment. 
I'll also submit this to MM.

Comments welcome.

Cheers,
-Max


BugTest.cfm
---















-
Maxim Paperno, CTO
World Design Group, Inc.
[ CF Development and Hosting since 1996 ]



~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists