Cry JRun Cry! June 15, 2007 6:17 PM   Subscribe

Blank fields for font sizes in Preferences make JRun cry. Possible SQL Injection attack point?
posted by blue_beetle to Bugs at 6:17 PM (6 comments total)

The following information is meant for the website developer for debugging purposes.

Error Occurred While Processing Request
Invalid parameter type.
The value specified, "", must be a valid Integer.

Enable Robust Exception Information to provide greater detail about the source of errors. In the Administrator, click Debugging & Logging > Debugging Settings, and select the Robust Exception Information option.
Check the ColdFusion documentation to verify that you are using the correct syntax.
Search the Knowledge Base to find a solution to your problem.

Browser Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506; InfoPath.2)
Remote Address
Date/Time 15-Jun-07 06:16 PM
posted by blue_beetle at 6:17 PM on June 15, 2007

looks like it's type checking. so no.
posted by fishfucker at 7:09 PM on June 15, 2007

yeah, I do an integer check there, but I should capture it and force defaults if blank.
posted by mathowie (staff) at 7:43 PM on June 15, 2007

Who is JRun and why is he so sensitive?
posted by amyms at 1:19 AM on June 16, 2007

Exposing potential flaws to the public before notifying the owner is also bad form; I'm sure you know that.
Just a quick email to #1 would be better.
posted by NinjaTadpole at 3:14 AM on June 16, 2007

I dunno. Matt seems pretty paranoid about site security (which is why custom css is no longer allowed) but CF is pretty good about not doing SQL injection so long as you follow the rules: Always use #val()# or cfqueryparam, kids!

But seriously, cfparam can be a nice little bitch in these situations, can't it matt?
posted by Deathalicious at 4:46 PM on June 17, 2007

« Older WTF, Wendell?   |   10: Advice for Introverts Newer »

You are not logged in, either login or create an account to post comments