diff --git a/core/src/main/cfml/context/admin/chartProcess.cfm b/core/src/main/cfml/context/admin/chartProcess.cfm index c78089787d..4a5292aa96 100644 --- a/core/src/main/cfml/context/admin/chartProcess.cfm +++ b/core/src/main/cfml/context/admin/chartProcess.cfm @@ -1,21 +1,23 @@ - - + + + + - + - #pool[usage.type]# + #stText?.Overview?.pool[usage.type]# @@ -29,8 +31,8 @@ - - + + Error Output ---> - - - - - - - - - - - - - - - - - - - - - - - - @@ -409,32 +385,6 @@ Error Output ---> - - - - - - - - - - - - - - - - - - - - - - - - -
@@ -519,11 +469,11 @@ Error Output ---> - #pool['heap']# + #stText.Overview.pool['HEAP']#
- #pool['non_heap']#
+ #stText.Overview.pool['NON_HEAP']#
diff --git a/core/src/main/cfml/context/admin/resources/language/de.json b/core/src/main/cfml/context/admin/resources/language/de.json index 82bb4b0884..6e2bfa040d 100644 --- a/core/src/main/cfml/context/admin/resources/language/de.json +++ b/core/src/main/cfml/context/admin/resources/language/de.json @@ -99,6 +99,7 @@ "stop": "stop", "stopstart": "stop/start", "submit": "senden", + "switch": "**switch", "uninstall": "deinstallieren", "update": "aktualisieren", "updateFull": "Update als Vollversion", @@ -247,7 +248,7 @@ "label": "Label", "labelMissing": "you need to define the label for the debug template", "list": { - "createDesc": "define a debug template, to show the debug information at the end of a request, defining a template is not necessary to log the debug information.", + "createDesc": "Define a debug template to show the debug information at the end of a request. Defining a template is not necessary to log the debug information.", "serverTitle": "Readonly Debug Templates", "serverTitleDesc": "Readonly debug templates are generated within the \"server administrator\" for all web instances and can not be modified by the \"web administrator\".", "webTitle": "Debug Templates", @@ -616,7 +617,7 @@ "servermissing": "Bitte geben Sie einen Wert für den Mailserver an.", "settings": "Mail Einstellungen", "spoolenabled": "Spooler an", - "SpoolEnabledDesc": "If enabled the mails are sent in a background thread and the main request does not have to wait until the mails are sent.", + "SpoolEnabledDesc": "If enabled, the mails are sent in a background thread and the main request does not have to wait until the mails are sent.", "spoolinterval": "Spool Intervall", "ssl": "SSL", "sslDesc": "Sichere Verbindung verwenden.", @@ -809,11 +810,35 @@ "mailinglist": "Mailingliste", "mailinglist_de": "Mailinglist (deutsch)", "mailinglistDesc": "The mailing list is the focus of our community support program - help for users by users. ", + "modeMulti": "**You are in Multi Mode", + "modeSingle": "**You are in Single Mode", + "modeMultiDesc": "**You are running Lucee in Multi Mode. In Multi Mode, you use the Server Administrator to configure overall settings for all web contexts/webs, and use individual Web Administrators to customize settings for each web context/web.", + "modeSingleDesc": "**You are running Lucee in Single Mode. In Single Mode, you use a single Administrator to configure settings for all web contexts/webs. No individual Web Administrators exist.", + "modeMultiSwitch": "**Switch to Single Mode?", + "modeSingleSwitch": "**Switch to Multi Mode?", + "modeMultiSwitchDesc": "**Activating Single Mode will result in having a single Administrator to configure settings for all web contexts/webs. No individual Web Administrators will exist.", + "modeSingleSwitchDesc": "**Activating Multi Mode will result in having a Server Administrator to configure overall settings for all web contexts/webs and individual Web Administrators to customize settings for each web context/web.", + "switchMerge": "**Merge and Switch", + "switchMergeDesc": "**All settings from all web contexts/webs get stored into the server context", + "switchLeave": "**Just Switch", + "switchLeaveDesc": "**Switch to Single Mode and forget all settings done in all web contexts/webs", + "switchKeep": "**Keep all web context/web configuration in place so a return to Multi Mode is possible", "onlineDocsDesc": "Lucee online documentation.", "onlineDocsLink": "Online Documentation", "os": "Betriebssystem", + "pool": { + "HEAP": "Heap", + "NON_HEAP": "Non-Heap", + "HEAP_desc": "**Memory used for all objects that are allocated.", + "NON_HEAP_desc": "**Memory used to store all cfc/cfm templates, java classes, interned Strings and meta-data.", + "Par Eden Space": "**The pool from which memory is initially allocated for most objects.", + "Par Survivor Space": "**The pool containing objects that have survived the garbage collection of the Eden space.", + "CMS Old Gen": "**The pool containing objects that have existed for some time in the survivor space.", + "CMS Perm Gen": "**The pool containing all the reflective data of the virtual machine itself, such as class and method objects.", + "Code Cache": "**The HotSpot Java VM also includes a code cache, containing memory that is used for compilation and storage of native code." + }, "professional": "Professional support", - "professionalDesc": "For many organizations and individuals, the security of a formal paid support contract is a necessity and we\u0027re pleased to offer four standard packages as well as the flexibility to create a custom package should your needs go beyond our standard offerings.", + "professionalDesc": "For many organizations and individuals, the security of a formal paid support contract is a necessity. We are pleased to offer four standard packages as well as the flexibility to create a custom package should your needs go beyond our standard offerings.", "purchase": "Hol Dir Deine Lucee Lizenz", "releasedate": "Release Datum", "remote_addr": "Remote IP", @@ -1331,7 +1356,7 @@ "allowCompression": "Kompression", "allowCompressionDescription": "Kompression (GZip) für den Response Stream einschalten, sofern dies vom Client (Browser) unterstützt ist", "bufferOutput": "Buffer Tag Body Output", - "bufferOutputDescription": "If true - the output written to the body of the tag is buffered and is also outputted in case of an exception. Otherwise the content to body is ignored and not displayed when a failure occurs in the body of the tag.", + "bufferOutputDescription": "If true - the output written to the body of the tag is buffered and is also outputted in case of an exception. Otherwise, the content to body is ignored and not displayed when a failure occurs in the body of the tag.", "cacheclear": "{name} Cache leeren", "cacheclearcount": "{name} Cache leeren ( {count} Element(e) )", "cachecleardesc": "Drücken Sie den Button oberhalb um den {name} Cache zu leeren.", diff --git a/core/src/main/cfml/context/admin/resources/language/en.json b/core/src/main/cfml/context/admin/resources/language/en.json index 15e42049cc..5646728294 100644 --- a/core/src/main/cfml/context/admin/resources/language/en.json +++ b/core/src/main/cfml/context/admin/resources/language/en.json @@ -49,13 +49,13 @@ "listenertypedescription_none": "When a request is called no other initialization template will be invoked by Lucee", "missingscriptprotect": "Please select a value for script-protect", "requesttimeout": "Request timeout", - "RequestTimeoutDesc": "Defines how Lucee handles long running request.", + "RequestTimeoutDesc": "Defines how Lucee handles long running requests.", "requesttimeoutdescription": "Sets the amount of time the engine will wait for a request to finish before a request timeout will be raised. This means that the execution of the request will be stopped. This setting can be overridden using the “cfsetting\" tag or script equivalent.", "RequestTimeoutTime": "Time", "scriptprotect": "Script-protect", "scriptprotectall": "Script-protect checks in all scopes for external data (cgi,cookie,form,url)", "scriptprotectcustom": "You can define the scopes to be checked individually", - "scriptprotectdescription": "The configuration of Script protect, secures your system from \"cross-site scripting\"", + "scriptprotectdescription": "The configuration of Script protect secures your system from \"cross-site scripting\"", "scriptprotectnone": "Script-protect is not active", "web": "Here you can define several default settings for the application context. These settings can be overridden with the tag cfapplication or the Application.cfc." }, @@ -99,6 +99,7 @@ "stop": "stop", "stopstart": "stop/start", "submit": "submit", + "switch": "switch", "uninstall": "uninstall", "update": "update", "updateFull": "Update as Full Version", @@ -144,7 +145,7 @@ "archiveDesc": "File path to a components Lucee Archive (.lar).", "archivemissing": "Please enter a value for the archive name (row ", "autoimport": "Auto Import", - "autoimportdescription": "the following package definition is imported into every template.", + "autoimportdescription": "The specified package definition is imported into every template.", "autoimportmissing": "Please enter a value for the auto import field", "basecomponent": "Base/Root Component", "basecomponentdescription": "Every component that does not explicitly extend another component (attribute \"extends\") will by default extend this component. This means that every component extends this base component in some way. Every change on this Component needs a restart from Lucee.", @@ -160,9 +161,9 @@ "componentmappings": "Additional Resources", "componentmappingsdesc": "Additional Resources that Lucee checks for Components.", "componentmappingsearch": "Search mappings", - "componentmappingsearchdesc": "Search the component in the mappings defined, this include the implicit mapping \"/\", that points on the webroot", + "componentmappingsearchdesc": "Search the component in the mappings defined. This includes the implicit mapping \"/\" that points to the webroot", "componentpathcache": "Cache", - "componentpathcachedesc": "component path is cached and not resolved again", + "componentpathcachedesc": "Component path is cached and not resolved again", "createnewcompmapping": "Create new Additional Resource", "datamemberaccesstype": "Data member access type", "datamemberaccesstypedescription": "Define the accessor for the data-members of a component. This defines how variables of the \"this\" scope of a component can be accessed from outside of the component.", @@ -199,7 +200,7 @@ "customtagmappings": "Additional Resources", "customtagmappingsdesc": "Directories that Lucee checks for Custom Tags.", "customTagPathCache": "Cache", - "customTagPathCacheDesc": "component path is cached and not resolved again", + "customTagPathCacheDesc": "Component path is cached and not resolved again", "customtagsetting": "Settings", "extensions": "Extensions", "extensionsdesc": "These are the extensions used for Custom Tags, in the order they are searched.", @@ -233,7 +234,7 @@ "detailDesc": "Detailed information about a single Request", "detailTitle": "Detail", "enabledebugging": "Enable debugging", - "enabledescription": "If set to \"yes\" Lucee logs the debug information you have selected below.\r\nyou can see the log result at the end of every request, if a debug template is defined or under Debug/Logs in this administrator.", + "enabledescription": "If set to \"yes\" Lucee logs the debug information you have selected below.\r\nyou can see the log result at the end of every request if a debug template is defined or under Debug/Logs in this administrator.", "exeTime": "Execution Timespan (ms)", "exeTimeApp": "App", "exeTimeQuery": "Query", @@ -247,7 +248,7 @@ "label": "Label", "labelMissing": "you need to define the label for the debug template", "list": { - "createDesc": "define a debug template, to show the debug information at the end of a request, defining a template is not necessary to log the debug information.", + "createDesc": "Define a debug template to show the debug information at the end of a request. Defining a template is not necessary to log the debug information.", "serverTitle": "Readonly Debug Templates", "serverTitleDesc": "Readonly debug templates are generated within the \"\"server administrator\"\" for all web instances and can not be modified by the \"\"web administrator\"\".", "webTitle": "Debug Templates", @@ -616,7 +617,7 @@ "servermissing": "Please enter a value for the mailserver.", "settings": "Mail settings", "spoolenabled": "Spool enable", - "SpoolEnabledDesc": "If enabled the mails are sent in a background thread and the main request does not have to wait until the mails are sent.", + "SpoolEnabledDesc": "If enabled, the mails are sent in a background thread and the main request does not have to wait until the mails are sent.", "spoolinterval": "Spool interval", "ssl": "SSL", "sslDesc": "Enable secure connections via SSL.", @@ -652,7 +653,7 @@ "compilestoponerrordesc": "Sets whether the compile process should be aborted on errors", "compiletitle": "compile", "editdesc": "Here you can edit a certain mapping or create a Lucee archive out of an existing one.", - "introtext": "Please note, that only pages processed by Lucee are aware of these mappings (cfm, cfml, cfc). If you want to use files not processed by Lucee for these special mapping directories, you have to add virtual mappings to these directories to your application server.", + "introtext": "Please note that only pages processed by Lucee are aware of these mappings (cfm, cfml, cfc). If you want to use files not processed by Lucee for these special mapping directories, you have to add virtual mappings to these directories to your application server.", "physical": "Resource", "physicalAlert": "Make sure the Directory exist or not", "physicalhead": "Resource", @@ -781,7 +782,7 @@ "installedfls": "Installed function\u003cbr/\u003e libraries", "installedtls": "Installed tag\u003cbr/\u003e libraries", "introdesc": { - "server": "The Server Administrator allows you to install updates and patches for your Lucee installation and to restart the engine with a mouse click. You can configure new web contexts and define restrictions and configurations per web context individual.", + "server": "The Server Administrator allows you to install updates and patches for your Lucee installation and to restart the engine with a mouse click. You can configure new web contexts, define restrictions, and configurations per web context individual.", "web": "Lucee, the CFML engine - free, open source and easy to use. This Web Administrator is provided in order to customize your web context." }, "issuetracker": "Issue Tracker", @@ -810,11 +811,35 @@ "mailinglist": "Mailing list", "mailinglist_de": "Mailinglist (german)", "mailinglistDesc": "The mailing list is the focus of our community support program - help for users by users. ", + "modeMulti": "You are in Multi Mode", + "modeSingle": "You are in Single Mode", + "modeMultiDesc": "You are running Lucee in Multi Mode. In Multi Mode, you use the Server Administrator to configure overall settings for all web contexts/webs, and use individual Web Administrators to customize settings for each web context/web.", + "modeSingleDesc": "You are running Lucee in Single Mode. In Single Mode, you use a single Administrator to configure settings for all web contexts/webs. No individual Web Administrators exist.", + "modeMultiSwitch": "Switch to Single Mode?", + "modeSingleSwitch": "Switch to Multi Mode?", + "modeMultiSwitchDesc": "Activating Single Mode will result in having a single Administrator to configure settings for all web contexts/webs. No individual Web Administrators will exist.", + "modeSingleSwitchDesc": "Activating Multi Mode will result in having a Server Administrator to configure overall settings for all web contexts/webs and individual Web Administrators to customize settings for each web context/web.", + "switchMerge": "Merge and Switch", + "switchMergeDesc": "All settings from all web contexts/webs get stored into the server context", + "switchLeave": "Just Switch", + "switchLeaveDesc": "Switch to Single Mode and forget all settings done in all web contexts/webs", + "switchKeep": "Keep all web context/web configuration in place so a return to Multi Mode is possible", "onlineDocsDesc": "Lucee online documentation.", "onlineDocsLink": "Online Documentation", "os": "OS", + "pool": { + "HEAP": "Heap", + "NON_HEAP": "Non-Heap", + "HEAP_desc": "Memory used for all objects that are allocated.", + "NON_HEAP_desc": "Memory used to store all cfc/cfm templates, java classes, interned Strings and meta-data.", + "Par Eden Space": "The pool from which memory is initially allocated for most objects.", + "Par Survivor Space": "The pool containing objects that have survived the garbage collection of the Eden space.", + "CMS Old Gen": "The pool containing objects that have existed for some time in the survivor space.", + "CMS Perm Gen": "The pool containing all the reflective data of the virtual machine itself, such as class and method objects.", + "Code Cache": "The HotSpot Java VM also includes a code cache, containing memory that is used for compilation and storage of native code." + }, "professional": "Professional Support", - "professionalDesc": "For many organizations and individuals, the security of a formal paid support contract is a necessity and we\u0027re pleased to offer four standard packages as well as the flexibility to create a custom package should your needs go beyond our standard offerings.", + "professionalDesc": "For many organizations and individuals, the security of a formal paid support contract is a necessity. We are pleased to offer four standard packages as well as the flexibility to create a custom package should your needs go beyond our standard offerings.", "purchase": "Purchase your Lucee license", "releasedate": "Release date", "remote_addr": "Remote IP", @@ -865,7 +890,7 @@ "localedescription": "Define the desired time locale for Lucee, this will change the default locale for the context of the web.", "missingencoding": "Please enter a value for the default encoding", "other": " --- other --- ", - "server": "You can define regional settings that will be used as a default for all web contexts here. These settings have no direct effect on the current instance. Lucee lets you set your own individual locale, timezone and timeserver.", + "server": "You can define regional settings that will be used as a default for all web contexts here. These settings have no direct effect on the current instance. Lucee lets you set your own individual locale, timezone, and timeserver.", "serverprop": { "server": "Server Value", "web": "Server Administrator Value" @@ -874,9 +899,9 @@ "timeserverdescription": "Time server that returns the current time. If set, this time will be used within Lucee instead of the local server time. (Example: swisstime.ethz.ch, time.nist.gov)\u003cbr/\u003e", "timeservermissing": "Please define a value for the field timezone", "timezone": "Time zone", - "timezonedescription": "Define the desired time zone for Lucee, this will also change the time for the context of the web.\u003cbr/\u003e", + "timezonedescription": "Define the desired time zone for Lucee. This will also change the time for the context of the web.\u003cbr/\u003e", "usetimeserver": "use time server", - "web": "Lucee lets you set your own individual locale, timezone and timeserver." + "web": "Lucee lets you set your own individual locale, timezone, and timeserver." }, "remote": { "adminaccess": "Admin Access", @@ -991,7 +1016,7 @@ "createtask": "Create scheduled task", "currentdatetime": "The current date/time of this Lucee context is:", "daily": "daily", - "description": "Here you can add, modify, run and delete scheduled tasks\u003cbr/\u003e\u003cbr/\u003e", + "description": "Here you can add, modify, run, and delete scheduled tasks\u003cbr/\u003e\u003cbr/\u003e", "detail": "Defined scheduled tasks", "detaildescription": "The tasks displayed in red have expired and will no longer start.", "enddate": "End date", @@ -1107,7 +1132,7 @@ "sessiontype": "Session type", "sessiontype_application": "Application", "sessiontype_jee": "JEE", - "sessiontypedescription": "JEE Sessions allow to make sessions over a cluster. When you change this setting you will lose your current session and you must make a new login", + "sessiontypedescription": "JEE Sessions allow to make sessions over a cluster. When you change this setting, you will lose your current session and you must make a new login", "small": "small", "standard": "standard (CFML Default)", "strict": "strict", @@ -1338,7 +1363,7 @@ "allowCompression": "Compression", "allowCompressionDescription": "Enable compression (GZip) for the Lucee Response stream for text-based responses when supported by the client (Web Browser)", "bufferOutput": "Buffer Tag Body Output", - "bufferOutputDescription": "If true - the output written to the body of the tag is buffered and is also outputted in case of an exception. Otherwise the content to body is ignored and not displayed when a failure occurs in the body of the tag.", + "bufferOutputDescription": "If true - the output written to the body of the tag is buffered and is also outputted in case of an exception. Otherwise, the content to body is ignored and not displayed when a failure occurs in the body of the tag.", "cacheclear": "Clear {name} cache", "cacheclearcount": "Clear {name} cache ( {count} element(s) )", "cachecleardesc": "Press the button above to clear the {name} cache.", @@ -1346,7 +1371,7 @@ "cfmlWriterReg": "No whitespace management", "cfmlWriterWS": "Simple whitespace management - every whitespace character that follows whitespace is removed", "cfmlWriterWSPref": "Smart whitespace management - every whitespace character that follows a whitespace is removed, but whitespace inside the tags: \u0026lt;code\u0026gt;, \u0026lt;pre\u0026gt; and \u0026lt;textarea\u0026gt; is kept", - "compiler": "Lucee compiler settings, this affects how the Lucee Compiler parses the source code. Changing this settings flushes all existing class files and triggers a recompilation.", + "compiler": "Lucee compiler settings affect how the Lucee Compiler parses the source code. Changing these settings flushes all existing class files and triggers a recompilation.", "componentcache": "Component path Cache", "componentcacheclear": "Clear Component Paths Cache", "componentcachecleardesc": "Press the button above to clear the component path cache.", @@ -1387,7 +1412,7 @@ "web": "Hier sehen Sie eine Übersicht alle Settings welche Einfluss auf das Verhalten von Lucee haben, sie können diese nach vordefinierten kriterien anpassen" }, "handleUnquotedAttrValueAsString": "Tag attribute values", - "handleUnquotedAttrValueAsStringDesc": "Handle unquoted tag attribute values as strings.\r\n \u003cbr\u003e\r\n Example:\u003cbr\u003e\r\n \u0026lt;cfmail subject\u003dsub from\u003d\"#f#\" to\u003d\"#t#\"/\u0026gt;\u003cbr\u003e\r\n The value from attribute \"subject\" is not quoted. If enabled the string \"sub\" is submitted to the tag. If disabled Lucee looks for a variable \"sub\".", + "handleUnquotedAttrValueAsStringDesc": "Handle unquoted tag attribute values as strings.\r\n \u003cbr\u003e\r\n Example:\u003cbr\u003e\r\n \u0026lt;cfmail subject\u003dsub from\u003d\"#f#\" to\u003d\"#t#\"/\u0026gt;\u003cbr\u003e\r\n The value from attribute \"subject\" is not quoted. If enabled, the string \"sub\" is submitted to the tag. If disabled, Lucee looks for a variable \"sub\".", "info": "System Metrics", "inspecttemplate": "Inspect Templates (CFM/CFC)", "inspecttemplatealways": "Always ( Bad )", @@ -1407,7 +1432,7 @@ "noAccess": "no access to change settings", "objectcache": "Object Cache", "preciseMath": "Precise Math", - "preciseMathDesc": "If enabled this improves the accuracy of floating point calculations, but makes them slightly slower.", + "preciseMathDesc": "If enabled, this improves the accuracy of floating point calculations but makes them slightly slower.", "querycache": "Query Cache", "querycacheclearcount": "Clear Query Cache", "queued": "Queued Requests", @@ -1542,7 +1567,7 @@ "dbValidate": "Validate", "dbValidateDesc": "Validate the connection before use (only works with JDBC 4.0 Drivers)", "exportAppCFC": "Export Application.cfc", - "exportAppCFCDesc": "Export the settings of this Web Context as Application.cfc Template, of course this includes only settings possible in Application.cfc.", + "exportAppCFCDesc": "Export the settings of this Web Context as Application.cfc Template. Only settings possible in Application.cfc will be exported.", "flushCache": "flush cache", "gateway": { "buttons": { @@ -1607,7 +1632,7 @@ "dbcreateDropcreate": " Setting this value drops the table if it exists and then creates it.", "dbcreateNone": "Setting this value does not change anything in the database schema.", "dbcreateUpdate": "Setting this value creates the table if it does not exist or update the table if it exists.", - "desc": "Here you can define the default settings for the ORM Configuration, this settings can be overwritten in the Application.cfc with the struct \"ormsettings\".", + "desc": "Here you can define the default settings for the ORM Configuration. These settings can be overwritten in the Application.cfc with the struct \"ormsettings\".", "eventHandling": "Event Handling", "eventHandlingDesc": "Specifies whether ORM Event callbacks should be given. This setting can be overwritten in Application.cfc as follows [this.ormsettings.eventHandling\u003dfalse]", "flushatrequestend": "Flush at request end", diff --git a/core/src/main/cfml/context/admin/server.request.cfm b/core/src/main/cfml/context/admin/server.request.cfm index 8131c6bbb3..dc540a01ff 100755 --- a/core/src/main/cfml/context/admin/server.request.cfm +++ b/core/src/main/cfml/context/admin/server.request.cfm @@ -574,7 +574,7 @@ Error Output ---> - + diff --git a/core/src/main/cfml/context/admin/server.security.cfm b/core/src/main/cfml/context/admin/server.security.cfm index f4c0dd0ce9..da7fcbf208 100755 --- a/core/src/main/cfml/context/admin/server.security.cfm +++ b/core/src/main/cfml/context/admin/server.security.cfm @@ -70,9 +70,9 @@ Error Output ---> - stText.security.desc="All settings that concerns security in Lucee."; + stText.security.desc="All settings that concern security in Lucee."; stText.security.varUsage="Variable Usage in Queries"; - stText.security.varUsageDesc="With this setting you can control how Lucee handles variables used within queries."; + stText.security.varUsageDesc="With this setting, you can control how Lucee handles variables used within queries."; stText.security.varUsageIgnore="Allow variables within a query"; stText.security.varUsageWarn="Add a warning to debug output"; diff --git a/core/src/main/cfml/context/admin/update.cfm b/core/src/main/cfml/context/admin/update.cfm index 9cb69db520..e333bf41d9 100755 --- a/core/src/main/cfml/context/admin/update.cfm +++ b/core/src/main/cfml/context/admin/update.cfm @@ -170,7 +170,7 @@
- There are some updates available for your installed Extensions.
+ Some updates are available for your installed Extensions.
#ext#
diff --git a/core/src/main/java/lucee/runtime/functions/system/GetApplicationSettings.java b/core/src/main/java/lucee/runtime/functions/system/GetApplicationSettings.java index 5d8ebd32db..f8d0f32dce 100644 --- a/core/src/main/java/lucee/runtime/functions/system/GetApplicationSettings.java +++ b/core/src/main/java/lucee/runtime/functions/system/GetApplicationSettings.java @@ -109,6 +109,23 @@ public static Struct call(PageContext pc, boolean suppressFunctions, boolean onl sc.setEL("disableUpdate", sessionCookieData.isDisableUpdate()); sct.setEL("sessionCookie", sc); } + + Struct xmlFeatures = acs.getXmlFeatures(); + if (xmlFeatures == null) xmlFeatures = new StructImpl(); + Struct sxml = new StructImpl(Struct.TYPE_LINKED); + sxml.setEL("secure", xmlFeatures.get("secure", true)); + sxml.setEL("disallowDoctypeDecl", xmlFeatures.get("disallowDoctypeDecl", true)); + sxml.setEL("externalGeneralEntities", xmlFeatures.get("externalGeneralEntities", false)); + if (!xmlFeatures.isEmpty()){ // pass thru other values + Iterator it = xmlFeatures.keySet().iterator(); + Key name; + while (it.hasNext()) { + name = KeyImpl.toKey(it.next()); + if (!sxml.containsKey( name ) ) + sxml.setEL(name,xmlFeatures.get(name)); + } + } + sct.setEL("xmlFeatures", sxml); sct.setEL("customTagPaths", toArray(ac.getCustomTagMappings())); sct.setEL("componentPaths", toArray(ac.getComponentMappings())); diff --git a/core/src/main/java/lucee/runtime/tag/ProcParamBean.java b/core/src/main/java/lucee/runtime/tag/ProcParamBean.java index 770de75194..e7d91d8b6c 100755 --- a/core/src/main/java/lucee/runtime/tag/ProcParamBean.java +++ b/core/src/main/java/lucee/runtime/tag/ProcParamBean.java @@ -181,7 +181,9 @@ public Object getValueForCF() throws PageException { @Override public boolean isNulls() { return getValue() == null - || (sqlType != Types.VARCHAR && sqlType != Types.LONGVARCHAR && sqlType != Types.NVARCHAR && getValue() instanceof String && StringUtil.isEmpty(getValue())); + || (sqlType != Types.VARCHAR && sqlType != Types.LONGVARCHAR && sqlType != Types.NVARCHAR + && sqlType != Types.NCHAR && sqlType != Types.CHAR + && getValue() instanceof String && StringUtil.isEmpty(getValue())); } @Override diff --git a/core/src/main/java/lucee/runtime/text/xml/XMLUtil.java b/core/src/main/java/lucee/runtime/text/xml/XMLUtil.java index 2f6ba2a237..7064342483 100755 --- a/core/src/main/java/lucee/runtime/text/xml/XMLUtil.java +++ b/core/src/main/java/lucee/runtime/text/xml/XMLUtil.java @@ -328,61 +328,71 @@ private static DocumentBuilderFactory newDocumentBuilderFactory(InputSource vali factory.setValidating(false); } + // secure by default LDEV-3451 + boolean featureSecure = true; + boolean disallowDocType = true; + boolean externalGeneralEntities = false; + Struct features = null; + + // can be overriden per application PageContext pc = ThreadLocalPageContext.get(); if (pc != null) { ApplicationContextSupport ac = ((ApplicationContextSupport) pc.getApplicationContext()); - Struct features = ac == null ? null : ac.getXmlFeatures(); + features = ac == null ? null : ac.getXmlFeatures(); if (features != null) { try { // handle feature aliases, e.g. secure Object obj; - boolean featureValue; + obj = features.get(KEY_FEATURE_SECURE, null); - if (obj != null) { - featureValue = Caster.toBoolean(obj); - if (featureValue) { - // set features per - // https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html - factory.setFeature(XMLConstants.FEATURE_DISALLOW_DOCTYPE_DECL, true); - factory.setFeature(XMLConstants.FEATURE_EXTERNAL_GENERAL_ENTITIES, false); - factory.setFeature(XMLConstants.FEATURE_EXTERNAL_PARAMETER_ENTITIES, false); - factory.setFeature(XMLConstants.FEATURE_NONVALIDATING_LOAD_EXTERNAL_DTD, false); - factory.setXIncludeAware(false); - factory.setExpandEntityReferences(false); - factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, ""); - factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_SCHEMA, ""); - } - features.remove(KEY_FEATURE_SECURE); - } + if (obj != null) featureSecure = Caster.toBoolean(obj); + features.remove(KEY_FEATURE_SECURE, null); obj = features.get(KEY_FEATURE_DISALLOW_DOCTYPE_DECL, null); - if (obj != null) { - featureValue = Caster.toBoolean(obj); - factory.setFeature(XMLConstants.FEATURE_DISALLOW_DOCTYPE_DECL, featureValue); - features.remove(KEY_FEATURE_DISALLOW_DOCTYPE_DECL); - } + if (obj != null) disallowDocType = Caster.toBoolean(obj); + features.remove(KEY_FEATURE_DISALLOW_DOCTYPE_DECL, null); obj = features.get(KEY_FEATURE_EXTERNAL_GENERAL_ENTITIES, null); - if (obj != null) { - featureValue = Caster.toBoolean(obj); - factory.setFeature(XMLConstants.FEATURE_EXTERNAL_GENERAL_ENTITIES, featureValue); - features.remove(KEY_FEATURE_EXTERNAL_GENERAL_ENTITIES); - } + if (obj != null) externalGeneralEntities = Caster.toBoolean(obj); + features.remove(KEY_FEATURE_EXTERNAL_GENERAL_ENTITIES, null); } - catch (PageException | ParserConfigurationException ex) { + catch (PageException ex) { throw new RuntimeException(ex); } - - features.forEach((k, v) -> { - try { - factory.setFeature(k.toString().toLowerCase(), Caster.toBoolean(v)); - } - catch (PageException | ParserConfigurationException ex) { - throw new RuntimeException(ex); - } - }); } } - + + try { // set built in feature aliases + if (featureSecure) { + // set features per + // https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html + factory.setFeature(XMLConstants.FEATURE_DISALLOW_DOCTYPE_DECL, true); + factory.setFeature(XMLConstants.FEATURE_EXTERNAL_GENERAL_ENTITIES, false); + factory.setFeature(XMLConstants.FEATURE_EXTERNAL_PARAMETER_ENTITIES, false); + factory.setFeature(XMLConstants.FEATURE_NONVALIDATING_LOAD_EXTERNAL_DTD, false); + factory.setXIncludeAware(false); + factory.setExpandEntityReferences(false); + factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, ""); + factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_SCHEMA, ""); + } + + factory.setFeature(XMLConstants.FEATURE_DISALLOW_DOCTYPE_DECL, disallowDocType); + factory.setFeature(XMLConstants.FEATURE_EXTERNAL_GENERAL_ENTITIES, externalGeneralEntities); + } + catch (ParserConfigurationException ex) { + throw new RuntimeException(ex); + } + // pass thru any additional feature directives + // https://xerces.apache.org/xerces2-j/features.html#disallow-doctype-decl + if (features != null){ + features.forEach((k, v) -> { + try { + factory.setFeature(k.toString().toLowerCase(), Caster.toBoolean(v)); + } + catch (PageException | ParserConfigurationException ex) { + throw new RuntimeException(ex); + } + }); + } return factory; } diff --git a/core/src/main/java/resource/component/org/lucee/cfml/Administrator.cfc b/core/src/main/java/resource/component/org/lucee/cfml/Administrator.cfc index f9e2e17651..ffe6efdd3c 100755 --- a/core/src/main/java/resource/component/org/lucee/cfml/Administrator.cfc +++ b/core/src/main/java/resource/component/org/lucee/cfml/Administrator.cfc @@ -594,7 +594,7 @@ component { /** * @hint updates the mail settings for current context * @defaultEncoding Default encoding used for mail servers - * @spoolenable If enabled the mails are sent in a background thread and the main request does not have to wait until the mails are sent. + * @spoolenable If enabled, the mails are sent in a background thread and the main request does not have to wait until the mails are sent. * @timeout Time in seconds that the Task Manager waits to send a single mail, when the time is reached the Task Manager stops the thread and the mail gets moved to unsent folder, where the Task Manager will pick it up later to try to send it again. */ public void function updateMailSetting( string defaultEncoding="UTF-8", boolean spoolEnable, numeric timeOut ){ @@ -1088,7 +1088,7 @@ component { * @useShadow Defines whether a component has an independent variables scope parallel to the "this" scope (CFML standard) or not. * @componentDefaultImport this package definition is imported into every template. * @componentLocalSearch Search relative to the caller directory for the component - * @componentPathCache component path is cached and not resolved again + * @componentPathCache Component path is cached and not resolved again * @componentDeepSearchDesc Search for CFCs in the subdirectories of the "Additional Resources" below. */ public void function updateComponent(string baseComponentTemplateCFML="", string baseComponentTemplateLucee="", string componentDumpTemplate="", string componentDataMemberDefaultAccess="public", boolean triggerDataMember=false, boolean useShadow=true, string componentDefaultImport="org.lucee.cfml.*", boolean componentLocalSearch=false, boolean componentPathCache=false, boolean componentDeepSearchDesc=false){ @@ -1325,7 +1325,7 @@ component { /** * @hint updates server caching settings * @inspectTemplate sets the type of inspection for files inside the template cache - * @typeChecking If disabled Lucee ignores type definitions with function arguments and return values + * @typeChecking If disabled, Lucee ignores type definitions with function arguments and return values */ public void function updatePerformanceSettings( required string inspectTemplate, boolean typeChecking){ var existing = getPerformanceSettings(); @@ -2376,7 +2376,7 @@ component { * @hint returns the details of custom tag settings * @deepSearch Search for custom tags in subdirectories. * @localSearch Search in the caller directory for the custom tag - * @component path is cached and not resolved again + * @Component path is cached and not resolved again * @extensions These are the extensions used for Custom Tags, in the order they are searched. */ public void function updateCustomTagSetting( required boolean deepSearch, required boolean localSearch, required boolean customTagPathCache, required string extensions ) { diff --git a/loader/build.xml b/loader/build.xml index 9d1ce7805c..9eef39c9e5 100644 --- a/loader/build.xml +++ b/loader/build.xml @@ -2,7 +2,7 @@ - + diff --git a/loader/pom.xml b/loader/pom.xml index ffcf2df895..99fbf05978 100644 --- a/loader/pom.xml +++ b/loader/pom.xml @@ -3,7 +3,7 @@ org.lucee lucee - 6.0.0.513-SNAPSHOT + 6.0.0.517-SNAPSHOT jar Lucee Loader Build diff --git a/test/components/Administrator/en.xml b/test/components/Administrator/en.xml index ecc7c11b9d..6c68694057 100644 --- a/test/components/Administrator/en.xml +++ b/test/components/Administrator/en.xml @@ -76,7 +76,7 @@ Stop on error Please enter a value for the archive name (row Inspect - Please note, that only pages processed by Lucee are aware of these mappings (cfm, cfml, cfc). If you want to use files not processed by Lucee for these special mapping directories, you have to add virtual mappings to these directories to your application server. + Please note that only pages processed by Lucee are aware of these mappings (cfm, cfml, cfc). If you want to use files not processed by Lucee for these special mapping directories, you have to add virtual mappings to these directories to your application server. Path of the resource to map (absolute or relative to the webroot) Resource Archive @@ -87,7 +87,7 @@ Search in the caller directory for the custom tag Trusted Cache - component path is cached and not resolved again + Component path is cached and not resolved again Search local CFML standard @@ -395,7 +395,7 @@ Time - Defines how Lucee handles long running request. + Defines how Lucee handles long running requests. URL Concurrent Requests This setting defines how the system handles concurrent requests. @@ -413,7 +413,7 @@ Settings that affect the execution of a request. - The configuration of Script protect, secures your system from "cross-site scripting" + The configuration of Script protect secures your system from "cross-site scripting" Script-protect Script-protect checks in all scopes for external data (cgi,cookie,form,url) Mixed handling. Lucee looks for a file "Application.cfm/OnRequestEnd.cfm" as well as for the file "Application.cfc" @@ -516,7 +516,7 @@ Component "dump" template Base/Root Component Please enter a value for the "dump" template - component path is cached and not resolved again + Component path is cached and not resolved again Defines how components will be handled by Lucee. Data member access type Cache @@ -529,7 +529,7 @@ Search local Please enter a value for the archive name (row Define the accessor for the data-members of a component. This defines how variables of the "this" scope of a component can be accessed from outside of the component. - the following package definition is imported into every template. + The specified package definition is imported into every template. Additional Resources that Lucee checks for Components. Search mappings Defines whether a component has an independent variables scope parallel to the &quot;this&quot; scope (CFML standard) or not. @@ -545,7 +545,7 @@ If you call a component directly this template will be invoked to dump the component. (Example: {url}) Please enter a value for the base/root component Component - Search the component in the mappings defined, this include the implicit mapping "/", that points on the webroot + Search the component in the mappings defined. This includes the implicit mapping "/" that points to the webroot Archive Additional Resources Create new Additional Resource @@ -622,8 +622,8 @@ Turkish Log memory usage File the memory usage will be stored to - If set to "yes" Lucee logs the debug information you have selected below. -you can see the log result at the end of every request, if a debug template is defined or under Debug/Logs in this administrator. + If set to "yes", Lucee logs the debug information you have selected below. +You can see the log result at the end of every request if a debug template is defined or under Debug/Logs in this administrator. Please enter a value for the debug template This template is used for formatting the debugging output Sets whether the memory usage should be logged @@ -658,7 +658,7 @@ you can see the log result at the end of every request, if a debug template is d Client timeout When a variable has no scope defined (Example: #myVar# instead of #variables.myVar#), Lucee will also search available resultsets (CFML&nbsp;Standard) or not Depending on this setting Lucee scans certain scopes to find a variable called from the CFML source. This will only happen when the variable is called without a scope. (Example: #myVar# instead of #variables.myVar#)<br/>- strict: scans only the variables scope<br/>- small: scans the scopes variables,url,form<br/>- standard (CFML Standard): scans the scopes variables,cgi,url,form,cookie - JEE Sessions allow to make sessions over a cluster. When you change this setting you will lose your current session and you must make a new login + JEE Sessions allow to make sessions over a cluster. When you change this setting, you will lose your current session and you must make a new login Here you can define the settings for how Lucee handles scopes. Classic Value seconds for @@ -712,7 +712,7 @@ you can see the log result at the end of every request, if a debug template is d Partial Support (CFML Default) Lucee has only a partial null support. - Lucee compiler settings, this affects how the Lucee Compiler parses the source code. Changing this settings flushes all existing class files and triggers a recompilation. + Lucee compiler settings affect how the Lucee Compiler parses the source code. Changing these settings flushes all existing class files and triggers a recompilation. Key case @@ -766,7 +766,7 @@ sct[""bracketNotation""] --> keyname: "bracketNotation" Suppress Content for CFC Remoting Suppress content written to response stream when a Component is invoked remotely. Only works if the content was not flushed before. Buffer Tag Body Output - If true - the output written to the body of the tag is buffered and is also outputted in case of an exception. Otherwise the content to body is ignored and not displayed when a failure occurs in the body of the tag. + If true - the output written to the body of the tag is buffered and is also outputted in case of an exception. Otherwise, the content to body is ignored and not displayed when a failure occurs in the body of the tag. When checked, any requested files found to currently reside in the template cache will always be inspected for potential updates. For sites where templates are updated during the life of the server or within request. Inherit @@ -833,6 +833,7 @@ sct[""bracketNotation""] --> keyname: "bracketNotation" delete reset repair + switch export Install Trial Install Full Version @@ -863,7 +864,7 @@ sct[""bracketNotation""] --> keyname: "bracketNotation" This task is executed once a day. By setting this flag, the execution of the task will be paused. Execution time - Here you can add, modify, run and delete scheduled tasks<br/><br/> + Here you can add, modify, run, and delete scheduled tasks<br/><br/> Sets, whether the response of server will be stored in a file or not Translate relative URLs into absolute When there is a Proxy Server between the Lucee Server and the called URL, you can define the Proxy Servers Setting here to access the URL @@ -1016,7 +1017,7 @@ If the timezone of your Lucee instance and your database is different, this can Enable binary large object retrieval (<abbr title="binary large object">BLOB</abbr>) Enable long text retrieval (<abbr title="character large object">CLOB</abbr>) Export Application.cfc - Export the settings of this Web Context as Application.cfc Template, of course this includes only settings possible in Application.cfc. + Export the settings of this Web Context as Application.cfc Template. Only settings possible in Application.cfc will be exported. Password @@ -1025,14 +1026,14 @@ If the timezone of your Lucee instance and your database is different, this can - inf - Type Time server that returns the current time. If set, this time will be used within Lucee instead of the local server time. (Example: swisstime.ethz.ch, time.nist.gov)<br/> - You can define regional settings that will be used as a default for all web contexts here. These settings have no direct effect on the current instance. Lucee lets you set your own individual locale, timezone and timeserver. + You can define regional settings that will be used as a default for all web contexts here. These settings have no direct effect on the current instance. Lucee lets you set your own individual locale, timezone, and timeserver. - Lucee lets you set your own individual locale, timezone and timeserver. + Lucee lets you set your own individual locale, timezone, and timeserver. Time zone Time server (NTP) use time server --- other --- - Define the desired time zone for Lucee, this will also change the time for the context of the web.<br/> + Define the desired time zone for Lucee. This will also change the time for the context of the web.<br/> Please define a value for the field timezone Default encoding Server Administrator Value @@ -1079,12 +1080,34 @@ If the timezone of your Lucee instance and your database is different, this can Mailing list The mailing list is the focus of our community support program - help for users by users. + You are in Multi Mode + You are in Single Mode + You are running Lucee in Multi Mode. In Multi Mode, you use the Server Administrator to configure overall settings for all web contexts/webs, and use individual Web Administrators to customize settings for each web context/web. + You are running Lucee in Single Mode. In Single Mode, you use a single Administrator to configure settings for all web contexts/webs. No individual Web Administrators exist. + + Switch to Single Mode? + Switch to Multi Mode? + Activating Single Mode will result in having a single Administrator to configure settings for all web contexts/webs. No individual Web Administrators will exist. + Activating Multi Mode will result in having a Server Administrator to configure overall settings for all web contexts/webs and individual Web Administrators to customize settings for each web context/web. - Professional Support - For many organizations and individuals, the security of a formal paid support contract is a necessity and we're pleased to offer four standard packages as well as the flexibility to create a custom package should your needs go beyond our standard offerings. + Merge and Switch + All settings from all web contexts/webs get stored into the server context + Just Switch + Switch to Single Mode and forget all settings done in all web contexts/webs + + Keep all web context/web configuration in place so a return to Multi Mode is possible + Memory used for all objects that are allocated. + Memory used to store all cfc/cfm templates, java classes, interned Strings and meta-data. + The pool from which memory is initially allocated for most objects. + The pool containing objects that have survived the garbage collection of the Eden space. + The pool containing objects that have existed for some time in the survivor space. + The pool containing all the reflective data of the virtual machine itself, such as class and method objects. + The HotSpot Java VM also includes a code cache, containing memory that is used for compilation and storage of native code. + Professional Support + For many organizations and individuals, the security of a formal paid support contract is a necessity. We are pleased to offer four standard packages as well as the flexibility to create a custom package should your needs go beyond our standard offerings. The Develop Version is a version, addressing those users who are most likely to apply it in order for assembling CFML application . The version though is prohibited to be used commercially. @@ -1113,7 +1136,7 @@ If the timezone of your Lucee instance and your database is different, this can Version Name Mailinglist (german) Lucee, the CFML engine - free, open source and easy to use. This Web Administrator is provided in order to customize your web context. - The Server Administrator allows you to install updates and patches for your Lucee installation and to restart the engine with a mouse click. You can configure new web contexts and define restrictions and configurations per web context individually. + The Server Administrator allows you to install updates and patches for your Lucee installation and to restart the engine with a mouse click. You can configure new web contexts, define restrictions, and configurations per web context individually. info@lucee.ch Server date/time: Version @@ -1264,7 +1287,7 @@ If the timezone of your Lucee instance and your database is different, this can set as default Settings - Here you can define the default settings for the ORM Configuration, this settings can be overwritten in the Application.cfc with the struct "ormsettings". + Here you can define the default settings for the ORM Configuration. These settings can be overwritten in the Application.cfc with the struct "ormsettings". Automatically generate mapping Specifies whether Lucee should automatically generate mapping for the persistent CFCs. If disabled, mapping should be provided in the form of .HBMXML files. This setting can be overwritten in Application.cfc as follows [this.ormsettings.autogenmap=true] Catalog diff --git a/test/tickets/LDEV1676.cfc b/test/tickets/LDEV1676.cfc index 12586a7a6f..57e7155c7b 100644 --- a/test/tickets/LDEV1676.cfc +++ b/test/tickets/LDEV1676.cfc @@ -1,32 +1,139 @@ component extends = "org.lucee.cfml.test.LuceeTestCase" labels="xml" { function beforeAll(){ variables.uri = createURI("LDEV1676"); + //systemOutput(" ", true); } function run( testresults , testbox ) { describe( "testcase for LDEV-1676", function () { - it( title="Check xmlFeatures externalGeneralEntities=true",body = function ( currentSpec ){ + it( title="Check xmlFeatures externalGeneralEntities=true, secure: false",body = function ( currentSpec ){ local.result = _InternalRequest( - template : "#uri#\LDEV1676.cfm", - forms : {scene=1} + template : "#uri#/LDEV1676.cfm", + forms : { scene: "externalGeneralEntities-True" } ).filecontent; - expect(trim(result)).toBe("http://update.lucee.org/rest/update/provider/echoGet/cgi"); + expect( trim( result ) ).toInclude("http://update.lucee.org/rest/update/provider/echoGet/cgi"); }); it( title="Check xmlFeatures externalGeneralEntities=false",body = function ( currentSpec ) { local.result = _InternalRequest( - template : "#uri#\LDEV1676.cfm", - forms : {scene=2} + template : "#uri#/LDEV1676.cfm", + forms : { scene: "externalGeneralEntities-False" } ).filecontent; - expect(trim(result)).toInclude("security restrictions set by XMLFeatures"); + expect( trim( result ) ).toInclude("security restrictions set by XMLFeatures"); + expect( trim( result ) ).toInclude("NullPointerException"); }); it( title="Check xmlFeatures disallowDoctypeDecl=true",body = function ( currentSpec ) { local.result = _InternalRequest( - template : "#uri#\LDEV1676.cfm", - forms : {scene=3} + template : "#uri#/LDEV1676.cfm", + forms : { scene: "disallowDoctypeDecl-True" } ).filecontent; - expect(trim(result)).toInclude("DOCTYPE"); + expect( trim( result ) ).toInclude("DOCTYPE"); + }); + }); + + describe( "check combined xmlFeatures directives", function () { + + it( title="Check xmlFeatures default, good xml",body = function ( currentSpec ) { + local.result = _InternalRequest( + template : "#uri#/LDEV1676.cfm", + forms : { + scene: "default", + doctype: false, + entity: false, + } + ).filecontent; + expect( trim( result ) ).toBe("lucee"); + }); + + it( title="Check xmlFeatures default, bad xml",body = function ( currentSpec ) { + local.result = _InternalRequest( + template : "#uri#/LDEV1676.cfm", + forms : { + scene: "default", + doctype: true, + entity: true + } + ).filecontent; + expect( trim( result ) ).toInclude("DOCTYPE is disallowed when the feature"); + }); + + it( title="Check xmlFeatures all secure, bad xml",body = function ( currentSpec ) { + local.result = _InternalRequest( + template : "#uri#/LDEV1676.cfm", + forms : { + scene: "all-secure", + doctype: true, + entity: true, + } + ).filecontent; + expect( trim( result ) ).toInclude("DOCTYPE is disallowed when the feature"); + }); + + it( title="Check xmlFeatures all insecure, bad xml",body = function ( currentSpec ) { + local.result = _InternalRequest( + template : "#uri#/LDEV1676.cfm", + forms : { + scene: "all-insecure", + doctype: true, + entity: true + } + ).filecontent; + expect( trim( result ) ).toInclude("http://update.lucee.org/rest/update/provider/echoGet/cgi"); + }); + + it( title="Check xmlFeatures all secure, good xml",body = function ( currentSpec ) { + local.result = _InternalRequest( + template : "#uri#/LDEV1676.cfm", + forms : { + scene: "all-secure", + doctype: false, + entity: false + } + ).filecontent; + expect( trim( result ) ).toBe("lucee"); + }); + + // check if we can inline disable the settings back to the old behavior + it( title="Check xmlFeatures default, bad xml, cfapplication override",body = function ( currentSpec ) { + local.result = _InternalRequest( + template : "#uri#/LDEV1676.cfm", + forms : { + scene: "default", + doctype: true, + entity: true, + cfapplicationOverride: true + } + ).filecontent; + expect( trim( result ) ).toInclude("http://update.lucee.org/rest/update/provider/echoGet/cgi"); + }); + + }); + + describe( "check bad config handling", function () { + + it( title="Check xmlFeatures invalidConfig secure",body = function ( currentSpec ) { + local.result = _InternalRequest( + template : "#uri#/LDEV1676.cfm", + forms : { scene: "invalidConfig-secure" } + ).filecontent; + expect( trim( result ) ).toInclude( "casterException" ); + }); + + it( title="Check xmlFeatures invalidConfig docType",body = function ( currentSpec ) { + local.result = _InternalRequest( + template : "#uri#/LDEV1676.cfm", + forms : { scene: "invalidConfig-docType" } + ).filecontent; + expect( trim( result ) ).toInclude( "casterException" ); + }); + + it( title="Check xmlFeatures invalidConfig Entities",body = function ( currentSpec ) { + local.result = _InternalRequest( + template : "#uri#/LDEV1676.cfm", + forms : { scene: "invalidConfig-Entities" } + ).filecontent; + expect( trim( result ) ).toInclude( "casterException" ); }); }); @@ -36,4 +143,4 @@ component extends = "org.lucee.cfml.test.LuceeTestCase" labels="xml" { var baseURI="/test/#listLast(getDirectoryFromPath(getCurrenttemplatepath()),"\/")#/"; return baseURI&""&calledName; } -} \ No newline at end of file +} diff --git a/test/tickets/LDEV1676/Application.cfc b/test/tickets/LDEV1676/Application.cfc index e302097293..daee35c11a 100644 --- a/test/tickets/LDEV1676/Application.cfc +++ b/test/tickets/LDEV1676/Application.cfc @@ -1,24 +1,65 @@ component { this.name="LDEV1676"; - param name="FORM.Scene" default=""; + param name="FORM.Scene"; + param name="FORM.docType" default="true"; + param name="FORM.entity" default="true"; + param name="FORM.cfapplicationOverride" default="false"; - if(FORM.Scene == 1) { - this.xmlFeatures.externalGeneralEntities = true; - } - - else if(FORM.Scene == 2) { - this.xmlFeatures = { - externalGeneralEntities: false, - secure: true, - disallowDoctypeDecl: false - }; - } - - else if(FORM.Scene == 3) { - this.xmlFeatures = { - externalGeneralEntities: false, - secure: true, - disallowDoctypeDecl: true - }; + switch (FORM.Scene){ + case "externalGeneralEntities-True": + this.xmlFeatures ={ + "externalGeneralEntities": true, + "disallowDoctypeDecl": false, + "secure": false + } + break; + case "externalGeneralEntities-False": + this.xmlFeatures = { + "externalGeneralEntities": false, + "secure": true, + "disallowDoctypeDecl": false + }; + break; + case "disallowDoctypeDecl-True": + this.xmlFeatures = { + "externalGeneralEntities": false, + "secure": true, + "disallowDoctypeDecl": true + }; + break; + case "invalidConfig-Secure": + this.xmlFeatures = { + "secure": "lucee" + }; + break; + case "invalidConfig-Doctype": + this.xmlFeatures = { + "disallowDoctypeDecl": "lucee" + }; + break; + case "invalidConfig-Entities": + this.xmlFeatures = { + "disallowDoctypeDecl": "lucee" + }; + break; + case "all-secure": + this.xmlFeatures = { + "externalGeneralEntities": false, + "secure": true, + "disallowDoctypeDecl": true + }; + break; + case "all-insecure": + this.xmlFeatures = { + "externalGeneralEntities": true, + "secure": false, + "disallowDoctypeDecl": false + }; + break; + case "default": + break; + default: + throw "unknown scene: #form.scene#"; + break; } } \ No newline at end of file diff --git a/test/tickets/LDEV1676/LDEV1676.cfm b/test/tickets/LDEV1676/LDEV1676.cfm index fa0ae7e0fa..f67ed4aeee 100644 --- a/test/tickets/LDEV1676/LDEV1676.cfm +++ b/test/tickets/LDEV1676/LDEV1676.cfm @@ -1,14 +1,46 @@ - - - ]> - &xxe; - - - - - #cfcatch.message# - - - \ No newline at end of file + + + + + + ]> + + + &xxe; + + lucee + + + + + if (form.cfapplicationOverride){ + //systemOutput("cfapplicationOverride", true) + application action="update" xmlFeatures={ + "externalGeneralEntities": true, + "secure": false, + "disallowDoctypeDecl": false + }; + } + /* + settings = getApplicationSettings(); + + systemOutput( form.toJson(), true ); + if (structKeyExists(settings, "xmlFeatures" ) ) { + systemOutput( settings.xmlFeatures.toJson(), true ); + } else { + systemOutput("xmlFeatures not set", true); + } + systemOutput( "LDEV1676.cfc:" & CallStackGet( "array" )[ 2 ].linenumber, true ); + systemOutput( xml, true ); + */ + try { + result = xmlSearch( xml, "/foo" )[1].xmltext; + //systemOutput( result, true ); + echo( result ); + } catch (e) { + //systemOutput(cfcatch.type & " " & cfcatch.message, true); + echo( cfcatch.type & " " & cfcatch.message ); + } + \ No newline at end of file diff --git a/test/tickets/LDEV1917.cfc b/test/tickets/LDEV1917.cfc index 54e30491bd..73148afb2a 100644 --- a/test/tickets/LDEV1917.cfc +++ b/test/tickets/LDEV1917.cfc @@ -4,10 +4,48 @@ component extends="org.lucee.cfml.test.LuceeTestCase" labels="mysql" { } function run( testResults , testBox ) { if(!hasCredentials()) return; - describe( "test suite for LDEV-1917()", function() { + describe( "test suite for LDEV-1917", function() { it(title = "cfprocparam passes null instead of empty strings with NVARCHAR cfsqltype", body = function( currentSpec ) { local.result = _InternalRequest( - template:"#variables.uri#/test.cfm" + template:"#variables.uri#/test.cfm", + form: { + datatype: "nvarchar" + } + ); + expect(local.result.filecontent.trim()).toBeTrue(); + }); + + it(title = "cfprocparam passes null instead of empty strings with CHAR cfsqltype", body = function( currentSpec ) { + local.result = _InternalRequest( + template:"#variables.uri#/test.cfm", + form: { + datatype: "char" + } + ); + expect(local.result.filecontent.trim()).toBeTrue(); + }); + }); + + describe( "test suite for LDEV-4645", function() { + + it(title = "cfprocparam passes null instead of empty strings with NVARCHAR cfsqltype, col not null", body = function( currentSpec ) { + local.result = _InternalRequest( + template:"#variables.uri#/test.cfm", + form: { + datatype: "nvarchar", + notNull: true + } + ); + expect(local.result.filecontent.trim()).toBeTrue(); + }); + + it(title = "cfprocparam passes null instead of empty strings with CHAR cfsqltype, col not null", body = function( currentSpec ) { + local.result = _InternalRequest( + template:"#variables.uri#/test.cfm", + form: { + datatype: "char", + notNull: true + } ); expect(local.result.filecontent.trim()).toBeTrue(); }); diff --git a/test/tickets/LDEV1917/Application.cfc b/test/tickets/LDEV1917/Application.cfc index b1c1ff4e46..65882041cc 100644 --- a/test/tickets/LDEV1917/Application.cfc +++ b/test/tickets/LDEV1917/Application.cfc @@ -1,5 +1,12 @@ component { - this.name = "ac"; + this.name = "ldev-1917"; + + param name="form.datatype"; + param name="form.notNull" default="false"; + + + if (form.datatype neq "char" and form.datatype neq "nvarchar") + throw "bad datatype [#form.datatype#]"; mySQL = getCredentials(); if(mySQL.count()!=0){ @@ -8,9 +15,9 @@ component { public function onRequestStart() { setting requesttimeout=10; - } - public function onApplicationStart() { + var extra= form.notNull ? " NOT NULL" : ""; + query { echo("DROP PROCEDURE IF EXISTS `LDEV1917SP`"); } @@ -18,11 +25,11 @@ component { echo("DROP TABLE IF EXISTS `LDEV1917`"); } query { - echo("CREATE TABLE LDEV1917 (null_Value nvarchar(10))"); + echo("CREATE TABLE LDEV1917 (null_Value #form.datatype#(10) #extra# )"); } query { echo(" - CREATE PROCEDURE `LDEV1917SP`(IN null_Value nvarchar(10)) + CREATE PROCEDURE `LDEV1917SP`(IN null_Value #form.datatype#(10)) BEGIN INSERT INTO LDEV1917 VALUE(null_Value); END diff --git a/test/tickets/LDEV1917/test.cfm b/test/tickets/LDEV1917/test.cfm index c85308c13e..346c74ffab 100644 --- a/test/tickets/LDEV1917/test.cfm +++ b/test/tickets/LDEV1917/test.cfm @@ -1,6 +1,6 @@ - + select * from LDEV1917 diff --git a/test/tickets/LDEV4348.cfc b/test/tickets/LDEV4348.cfc new file mode 100644 index 0000000000..540163dca8 --- /dev/null +++ b/test/tickets/LDEV4348.cfc @@ -0,0 +1,69 @@ +component extends = "org.lucee.cfml.test.LuceeTestCase" labels="xml" { + function beforeAll(){ + variables.uri = createURI("LDEV4348"); + } + + function run( testresults , testbox ) { + + describe( "check combined xmlFeatures getApplicationSettings", function () { + + it( title="Check xmlFeatures default",body = function ( currentSpec ) { + local.result = _InternalRequest( + template : "#uri#/LDEV4348.cfm", + forms : { + scene: "default" + } + ).filecontent.deserializeJson(); + expect( result.secure ).toBeTrue(); + expect( result.disallowDoctypeDecl ).toBeTrue(); + expect( result.externalGeneralEntities ).toBeFalse(); + }); + + it( title="Check xmlFeatures all secure",body = function ( currentSpec ) { + local.result = _InternalRequest( + template : "#uri#/LDEV4348.cfm", + forms : { + scene: "all-secure" + } + ).filecontent.deserializeJson(); + expect( result.secure ).toBeTrue(); + expect( result.disallowDoctypeDecl ).toBeTrue(); + expect( result.externalGeneralEntities ).toBeFalse(); + }); + + it( title="Check xmlFeatures all insecure, bad xml",body = function ( currentSpec ) { + local.result = _InternalRequest( + template : "#uri#/LDEV4348.cfm", + forms : { + scene: "all-insecure" + } + ).filecontent.deserializeJson(); + expect( result.secure ).toBeFalse(); + expect( result.disallowDoctypeDecl ).toBeFalse(); + expect( result.externalGeneralEntities ).toBeTrue(); + }); + + it( title="Check xmlFeatures, check pass thru",body = function ( currentSpec ) { + local.result = _InternalRequest( + template : "#uri#/LDEV4348.cfm", + forms : { + scene: "testPassthru" + } + ).filecontent.deserializeJson(); + expect( result.secure ).toBeFalse(); + expect( result.disallowDoctypeDecl ).toBeFalse(); + expect( result.externalGeneralEntities ).toBeTrue(); + expect( result["http://apache.org/xml/features/validation/id-idref-checking"] ).toBeTrue(); + }); + + }); + + } + + private string function createURI(string calledName){ + var baseURI="/test/#listLast(getDirectoryFromPath(getCurrenttemplatepath()),"\/")#/"; + return baseURI&""&calledName; + } +} + + diff --git a/test/tickets/LDEV4348/Application.cfc b/test/tickets/LDEV4348/Application.cfc new file mode 100644 index 0000000000..dd0546672c --- /dev/null +++ b/test/tickets/LDEV4348/Application.cfc @@ -0,0 +1,34 @@ +component { + this.name="LDEV4348"; + param name="FORM.Scene"; + + switch (FORM.Scene){ + case "all-secure": + this.xmlFeatures = { + "externalGeneralEntities": false, + "secure": true, + "disallowDoctypeDecl": true + }; + break; + case "all-insecure": + this.xmlFeatures = { + "externalGeneralEntities": true, + "secure": false, + "disallowDoctypeDecl": false + }; + break; + case "testPassthru": + this.xmlFeatures = { + "externalGeneralEntities": true, + "secure": false, + "disallowDoctypeDecl": false, + "http://apache.org/xml/features/validation/id-idref-checking": true + }; + break; + case "default": + break; + default: + throw "unknown scene: #form.scene#"; + break; + } +} \ No newline at end of file diff --git a/test/tickets/LDEV4348/LDEV4348.cfm b/test/tickets/LDEV4348/LDEV4348.cfm new file mode 100644 index 0000000000..7b3068bc6b --- /dev/null +++ b/test/tickets/LDEV4348/LDEV4348.cfm @@ -0,0 +1,4 @@ + + settings = getApplicationSettings(); + echo( settings.xmlFeatures.toJson() ); + \ No newline at end of file