1) an XML having the % sign in one of the values
example:
<?xml version='1.0' encoding='utf-8' ?>
<tst>
<details>
<somename>less than 50% </somename>
</details>
</tst>
2) a script on a website (WS1) that submit that XML to other website (WS2) that is running CF8 (if the actual verion even matter)
The issue:
When submitting that XML with HTTP POST the following error is happening on WS2:
500
ROOT CAUSE:
java.lang.IllegalArgumentException
at coldfusion.filter.FormScope.parseName(FormScope.java:367)
at coldfusion.filter.FormScope.parseQueryString(FormScope.java:324)
at coldfusion.filter.FormScope.parsePostData(FormScope.java:293)
at coldfusion.filter.FormScope.fillForm(FormScope.java:243)
at coldfusion.filter.FusionContext.SymTab_initForRequest(FusionContext.java:430)
at coldfusion.filter.GlobalsFilter.invoke(GlobalsFilter.java:33)
at coldfusion.filter.DatasourceFilter.invoke(DatasourceFilter.java:22)
at coldfusion.filter.RequestThrottleFilter.invoke(RequestThrottleFilter.java:126)
at coldfusion.CfmServlet.service(CfmServlet.java:175)
at coldfusion.bootstrap.BootstrapServlet.service(BootstrapServlet.java:89)
at jrun.servlet.FilterChain.doFilter(FilterChain.java:86)
at coldfusion.monitor.event.MonitoringServletFilter.doFilter(MonitoringServletFilter.java:42)
at coldfusion.bootstrap.BootstrapFilter.doFilter(BootstrapFilter.java:46)
at jrun.servlet.FilterChain.doFilter(FilterChain.java:94)
at jrun.servlet.FilterChain.service(FilterChain.java:101)
at jrun.servlet.ServletInvoker.invoke(ServletInvoker.java:106)
at jrun.servlet.JRunInvokerChain.invokeNext(JRunInvokerChain.java:42)
at jrun.servlet.JRunRequestDispatcher.invoke(JRunRequestDispatcher.java:284)
at jrun.servlet.ServletEngineService.dispatch(ServletEngineService.java:543)
at jrun.servlet.jrpp.JRunProxyService.invokeRunnable(JRunProxyService.java:203)
at jrunx.scheduler.ThreadPool$DownstreamMetrics.invokeRunnable(ThreadPool.java:320)
at jrunx.scheduler.ThreadPool$ThreadThrottle.invokeRunnable(ThreadPool.java:428)
at jrunx.scheduler.ThreadPool$UpstreamMetrics.invokeRunnable(ThreadPool.java:266)
at jrunx.scheduler.WorkerThread.run(WorkerThread.java:66)
javax.servlet.ServletException: ROOT CAUSE:
java.lang.IllegalArgumentException
at coldfusion.filter.FormScope.parseName(FormScope.java:367)
at coldfusion.filter.FormScope.parseQueryString(FormScope.java:324)
at coldfusion.filter.FormScope.parsePostData(FormScope.java:293)
at coldfusion.filter.FormScope.fillForm(FormScope.java:243)
at coldfusion.filter.FusionContext.SymTab_initForRequest(FusionContext.java:430)
at coldfusion.filter.GlobalsFilter.invoke(GlobalsFilter.java:33)
at coldfusion.filter.DatasourceFilter.invoke(DatasourceFilter.java:22)
at coldfusion.filter.RequestThrottleFilter.invoke(RequestThrottleFilter.java:126)
at coldfusion.CfmServlet.service(CfmServlet.java:175)
at coldfusion.bootstrap.BootstrapServlet.service(BootstrapServlet.java:89)
at jrun.servlet.FilterChain.doFilter(FilterChain.java:86)
at coldfusion.monitor.event.MonitoringServletFilter.doFilter(MonitoringServletFilter.java:42)
at coldfusion.bootstrap.BootstrapFilter.doFilter(BootstrapFilter.java:46)
at jrun.servlet.FilterChain.doFilter(FilterChain.java:94)
at jrun.servlet.FilterChain.service(FilterChain.java:101)
at jrun.servlet.ServletInvoker.invoke(ServletInvoker.java:106)
at jrun.servlet.JRunInvokerChain.invokeNext(JRunInvokerChain.java:42)
at jrun.servlet.JRunRequestDispatcher.invoke(JRunRequestDispatcher.java:284)
at jrun.servlet.ServletEngineService.dispatch(ServletEngineService.java:543)
at jrun.servlet.jrpp.JRunProxyService.invokeRunnable(JRunProxyService.java:203)
at jrunx.scheduler.ThreadPool$DownstreamMetrics.invokeRunnable(ThreadPool.java:320)
at jrunx.scheduler.ThreadPool$ThreadThrottle.invokeRunnable(ThreadPool.java:428)
at jrunx.scheduler.ThreadPool$UpstreamMetrics.invokeRunnable(ThreadPool.java:266)
at jrunx.scheduler.WorkerThread.run(WorkerThread.java:66)
at coldfusion.monitor.event.MonitoringServletFilter.doFilter(MonitoringServletFilter.java:70)
at coldfusion.bootstrap.BootstrapFilter.doFilter(BootstrapFilter.java:46)
at jrun.servlet.FilterChain.doFilter(FilterChain.java:94)
at jrun.servlet.FilterChain.service(FilterChain.java:101)
at jrun.servlet.ServletInvoker.invoke(ServletInvoker.java:106)
at jrun.servlet.JRunInvokerChain.invokeNext(JRunInvokerChain.java:42)
at jrun.servlet.JRunRequestDispatcher.invoke(JRunRequestDispatcher.java:284)
at jrun.servlet.ServletEngineService.dispatch(ServletEngineService.java:543)
at jrun.servlet.jrpp.JRunProxyService.invokeRunnable(JRunProxyService.java:203)
at jrunx.scheduler.ThreadPool$DownstreamMetrics.invokeRunnable(ThreadPool.java:320)
at jrunx.scheduler.ThreadPool$ThreadThrottle.invokeRunnable(ThreadPool.java:428)
at jrunx.scheduler.ThreadPool$UpstreamMetrics.invokeRunnable(ThreadPool.java:266)
at jrunx.scheduler.WorkerThread.run(WorkerThread.java:66)
IF the % sign is taken off from the XML everything works fine and no error is generated.
NOTE 1: If the script doing the post is emulated on WS2 (so that the XML being submitted from WS2 to WS2), that "500" does not happen.
NOTE 2: The error seem to happen not on the application (because an test output followed by CFABORT just at the start of Application.cfm file does not change anything and the script on WS2 still get the error and not the test output).
NOTE 3: First the CF8 was on Java 1.5 . Then we reinstalled CF8, so it's on the default Java 6 now. But the error is still there.
ANY suggestions would be VERY appreciated!!!
replace 50% with "<![CDATA[50%]]" - without the quotes, obviously.
Lets see if that renders properly in the comments.
Cheers,
Davo
Davo
I assume that the following are true:
* the ver is POST
* the content type is some form of urlencoded
* the xml is coming across as a name=value pair
* the % has NOT been url encoded properly to "%25"
After % being changed to %25 things DID work well, thx Brad!
But i am wondering if why this would break ColdFusion. I would get CF have to allow it to pass anyway just like any other data and the problem to appear on the application end if not being treated correctly. Wonder if it may be considered ColdFusion bug or not.
The Java code buried deep in the belly of CF is attempting to parse form fields of the HTTP request based on internet protocols. When you submit a form with your browser, the actual request to your server looks something like this:
POST /youpage.cfm HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
Content-Length: 999
Host: www.yourserver.com
formfield1=value1&formfield2=value2&formfield3=value3
The form above had three form fields, formfield1, formfield2, and formfield3 whose values were value1, value2, and value3 respectively. The information is presented as a name=value pair in an ampersand (&) delimited list. Look familiar? That?s because URLs follow the same syntax. Notice that the request is sent with a content-type ?urlencoded? This is what tells your server how to parse the data out properly. url encoding is defined in RFC 1738. http://www.blooberry.com/indexdot/html/topics/urlencoding.htm It states that all special characters must be encoded so they aren?t confused. The % is a special character and MUST be url encoded by the client sending the request IF the content type is urlencoded.
The following would be INVALID form fields:
formfield1=value1&formfield2=Tom & Jerry (the ampersand and space need to be encoded)
formfield1=20% increase (the % is ONLY allowed if followed by a valid hexadecimal number)
What does all this mean? If the PHP script sending you the request was using a content type of urlencoded, it was incorrectly sending you illegal characters in the xml that should have been escaped. This is not your problem. It is the other server?s problem. I don?t know anything about PHP, but it needs to send data over in the correctly encoded format that match the request?s content type.
If you don?t know how to get the request headers, change your ColdFusion page which receives the XML to cfdump the output of the GetHttpRequestData function. It contains the original headers sent from the client.
The page I provided the link for does a good job of explaining url encoding.