farFu incorrect redirect with logout

mrfelna · September 14, 2016, 8:50pm

There’s something a little odd with FarCry farFU redirection with logout=1 in pretty FU format.

If /dirA/dirB is a valid page, then /dirA/dirB/logout/1 gets redirected as follows:

/dirA/dirB/logout/1
302 -> /dirA/dirB/logout/1?furl=/dirA/dirB/logout/1
302 -> /dirA/dirB/logout/1?furl=/dirA/dirB/logout/1?furl=/dirA/dirB/logout/1
302 -> /dirA/dirB/logout/1?furl=/dirA/dirB/logout/1?furl=/dirA/dirB/logout/1?furl=/dirA/dirB/logout/1
302 -> /dirA/dirB/logout/1?furl=/dirA/dirB/logout/1?furl=/dirA/dirB/logout/1?furl=/dirA/dirB/logout/1?furl=/dirA/dirB/logout/1

and so on. The browser eventually stops it.

I’m happy to fix it but I can’t quite work out what’s going wrong.

FYI running FarCry 7.2.8 on Lucee 4.5 latest.

Trigger in Application.cfc:

github.com

farcrycore/core/blob/master/Application.cfc#L699-L702


		


		<!--- INITIALIZE THE REQUEST.MODE struct --->
		<cfset application.fapi.addProfilePoint("Request initialisation","Request modes") />

fixUrl in utils.cfc:

github.com

farcrycore/core/blob/master/packages/farcry/utils.cfc#L534-L605


	<cffunction name="fixURL" returntype="string" output="false" access="public" hint="Refreshes the page with the specified query string values removed, replaced, or added. New values can be specified with a query string, struct, or named arguments." bDocument="true">
		<cfargument name="url" type="string" required="false" default="#cgi.script_name#?#cgi.query_string#" hint="The url to use" />
		<cfargument name="removevalues" type="string" required="false" hint="List of values to remove from the query string. Prefix with '+' to remove these values in addition to the defaults." />
		<cfargument name="addvalues" type="any" required="false" hint="A query string or a struct of values, to add to the query string" />
		<cfargument name="ampDelim" type="string" required="false" default="&" hint="Delimiter to use for ampersands" />
		<cfargument name="charset" type="string" required="false" default="utf-8" hint="The character encoding in which the url values are encoded." />
		
		<cfset var key = "" />


		
		<cfif not structkeyexists(arguments,"removevalues")>
			<cfset arguments.removevalues = "furl,flushcache,bAjax,designmode,draftmode,showdraft,rebuild,updateapp,bShowTray,logout" />
		<cfelseif left(arguments.removevalues,1) eq "+">
			<cfset arguments.removevalues = "furl,flushcache,bAjax,designmode,draftmode,showdraft,rebuild,updateapp,bShowTray,logout,#mid(arguments.removevalues,2,len(arguments.removevalues))#">
		</cfif>
		
		<!--- Normalise FU --->
		<cfif findNoCase("furl=",arguments.url)>
			<cfset arguments.url = rereplacenocase(arguments.url,"^.*?/index.cfm",application.url.webroot & urldecode(rereplacenocase(arguments.url,"(.*(\?|#arguments.ampDelim#)furl\=)([^&]+)(.*)","\3"),'#charset#')) />
		</cfif>

This file has been truncated. show original

justincarter · September 15, 2016, 12:13am

Thanks, I’ve confirmed this bug. It doesn’t seem to happen for FUs which are a 404, but does happen for FUs which are 200’s.

In addition, when you use the logout=1 query string parameter the redirect URL also seems to have an issue. This URL;
http://testfu.local/some/page?logout=1
incorrectly redirects to;
http://testfu.local/some/page?furl=/some/page

I’ll take a further look when I get a chance