tracker issue : CF-4202862

select a category, or use search below
(searches all categories and all time range)
Title:

The cfimport tag is spontaneously loading the incorrect path

| View in Tracker

Status/Resolution/Reason: To Fix//Investigate

Reporter/Name(from Bugbase): dakota c / ()

Created: 06/13/2018

Components: Accessibility

Versions: 2016

Failure Type: Incorrectly functioning

Found In Build/Fixed In Build: ColdFusion 2016 Update 6 /

Priority/Frequency: Normal / All users will encounter

Locale/System: UK English / Win 2016

Vote Count: 0

Problem Description:

The cfimport tag is spontaneously loading the incorrect path of the ColdFusion 2016 "wwwroot" directory rather than the relevant application's "wwwroot". 

This issue occurs when using the taglib attribute. The cfimport example being used is below.

<cfimport taglib="/core/customtags/jlb" prefix="jlb">
<jlb:queryRow2Struct qry="#variables.qPage#">

When attempting to run the tag, it attempts to call the ColdFusion 2016 "wwwroot" directory "C:/ColdFusion2016/cfusion/wwwroot/core/customtags/jlb/queryRow2Struct.cfm" resulting in a Sandbox Security error. This is a completely different path than the application calling the imported tag.

Temporary Workaround: Restarting ColdFusion

Server Environment: ColdFusion 2016 - IIS

Steps to Reproduce: This issue spontaneously occurs with any sites using the cfimport tag with the taglib attribute on the server. This issue is random. 

Any Workarounds:
Restarting ColdFusion

Attachments:

Comments:

Hi , Do you have sandbox enabled in your system? If yes , which folders have you applied sandbox to. Can you send the full exception trace ? Do you have the customtag folder in your CF wwwroot?    Thanks, Suchika.
Comment by Suchika S.
29142 | June 29, 2018 09:20:04 AM GMT
This issue has presented itself again on one of our environments. Yes, this is taking place in a sandboxed environment. I don't believe sandbox is the cause of the failure but is instead preventing the cfimport tag from loading a path doesn't exist. Currently, the only resolution we've been able to find is to restart ColdFusion. The server is running the latest hotfix. Enabling or disabling Sandbox doesn't seem to make a difference in the behavior. Here is the stack trace: java.security.AccessControlException: access denied ("java.io.FilePermission" "C:\ColdFusion2016\cfusion\wwwroot\core\customtags\jlb\queryRow2Struct.cfm" "read") at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472) at java.security.AccessController.checkPermission(AccessController.java:884) at coldfusion.tagext.lang.IncludeTag.resolveCompileTemplate(IncludeTag.java:247) at coldfusion.tagext.lang.IncludeTag.setTemplate(IncludeTag.java:173) at coldfusion.tagext.lang.ModuleTag.setTemplate(ModuleTag.java:625) at coldfusion.tagext.lang.ModuleTag.setTemplatePath(ModuleTag.java:214) at coldfusion.tagext.lang.ImportedTag.setName(ImportedTag.java:92) at cfpre_rewrite2ecfm1719412718.runPage(D:\home\[DOMAIN-NAME]\wwwroot\main\pre_rewrite.cfm:29) at coldfusion.runtime.CfJspPage.invoke(CfJspPage.java:253) at coldfusion.tagext.lang.IncludeTag.handlePageInvoke(IncludeTag.java:737) at coldfusion.tagext.lang.IncludeTag.doStartTag(IncludeTag.java:573) at coldfusion.runtime.CfJspPage._emptyTcfTag(CfJspPage.java:3696) at cfmain2epagerewrite2ecfm304250326._factor40(D:\home\[DOMAIN-NAME]\wwwroot\parsed\main.pagerewrite.cfm:177) at cfmain2epagerewrite2ecfm304250326._factor50(D:\home\[DOMAIN-NAME]\wwwroot\parsed\main.pagerewrite.cfm:5) at cfmain2epagerewrite2ecfm304250326.runPage(D:\home\[DOMAIN-NAME]\wwwroot\parsed\main.pagerewrite.cfm:1) at coldfusion.runtime.CfJspPage.invoke(CfJspPage.java:253) at coldfusion.tagext.lang.IncludeTag.handlePageInvoke(IncludeTag.java:737) at coldfusion.tagext.lang.IncludeTag.doStartTag(IncludeTag.java:573) at coldfusion.runtime.CfJspPage._emptyTcfTag(CfJspPage.java:3696) at cffusebox52ecfm1234949340.runPage(D:\home\[DOMAIN-NAME]\wwwroot\core\fusebox5\fusebox5.cfm:179) at coldfusion.runtime.CfJspPage.invoke(CfJspPage.java:253) at coldfusion.tagext.lang.IncludeTag.handlePageInvoke(IncludeTag.java:737) at coldfusion.tagext.lang.IncludeTag.doStartTag(IncludeTag.java:573) at coldfusion.runtime.CfJspPage._emptyTcfTag(CfJspPage.java:3696) at cfprocess2ecfm1343934405.runPage(D:\home\[DOMAIN-NAME]\wwwroot\process.cfm:9) at coldfusion.runtime.CfJspPage.invoke(CfJspPage.java:253) at coldfusion.tagext.lang.IncludeTag.handlePageInvoke(IncludeTag.java:737) at coldfusion.tagext.lang.IncludeTag.doStartTag(IncludeTag.java:573) at coldfusion.filter.CfincludeFilter.invoke(CfincludeFilter.java:65) at coldfusion.filter.IpFilter.invoke(IpFilter.java:45) at coldfusion.filter.ApplicationFilter.invoke(ApplicationFilter.java:484) at coldfusion.filter.RequestMonitorFilter.invoke(RequestMonitorFilter.java:43) at coldfusion.filter.MonitoringFilter.invoke(MonitoringFilter.java:40) at coldfusion.filter.PathFilter.invoke(PathFilter.java:153) at coldfusion.filter.ExceptionFilter.invoke(ExceptionFilter.java:94) at coldfusion.filter.BrowserDebugFilter.invoke(BrowserDebugFilter.java:78) at coldfusion.filter.ClientScopePersistenceFilter.invoke(ClientScopePersistenceFilter.java:28) at coldfusion.filter.BrowserFilter.invoke(BrowserFilter.java:38) at coldfusion.filter.NoCacheFilter.invoke(NoCacheFilter.java:60) at coldfusion.filter.GlobalsFilter.invoke(GlobalsFilter.java:38) at coldfusion.filter.DatasourceFilter.invoke(DatasourceFilter.java:22) at coldfusion.filter.CachingFilter.invoke(CachingFilter.java:62) at coldfusion.CfmServlet.service(CfmServlet.java:219) at coldfusion.bootstrap.BootstrapServlet.service(BootstrapServlet.java:89) at sun.reflect.GeneratedMethodAccessor59.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAsPrivileged(Subject.java:549) at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:314) at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:170) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:225) at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:47) at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:149) at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:145) at java.security.AccessController.doPrivileged(Native Method) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144) at coldfusion.monitor.event.MonitoringServletFilter.doFilter(MonitoringServletFilter.java:42) at coldfusion.bootstrap.BootstrapFilter.doFilter(BootstrapFilter.java:46) at sun.reflect.GeneratedMethodAccessor55.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAsPrivileged(Subject.java:549) at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:314) at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:253) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:191) at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:47) at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:149) at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:145) at java.security.AccessController.doPrivileged(Native Method) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144) at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) at sun.reflect.GeneratedMethodAccessor55.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAsPrivileged(Subject.java:549) at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:314) at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:253) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:191) at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:47) at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:149) at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:145) at java.security.AccessController.doPrivileged(Native Method) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144) at com.seefusion.Filter.doFilter(Filter.java:49) at sun.reflect.GeneratedMethodAccessor55.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAsPrivileged(Subject.java:549) at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:314) at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:253) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:191) at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:47) at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:149) at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:145) at java.security.AccessController.doPrivileged(Native Method) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:493) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:355) at org.apache.coyote.ajp.AjpProcessor.service(AjpProcessor.java:510) at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:800) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1471) at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:748)
Comment by dakota c.
30542 | March 20, 2019 03:19:27 PM GMT