diff --git a/core/src/main/cfml/context/admin/server.security.cfm b/core/src/main/cfml/context/admin/server.security.cfm index da7fcbf208..ef8690d56f 100755 --- a/core/src/main/cfml/context/admin/server.security.cfm +++ b/core/src/main/cfml/context/admin/server.security.cfm @@ -14,7 +14,7 @@ returnVariable="hasAccess" secType="setting" secValue="yes"> - + @@ -32,7 +32,7 @@ Defaults ---> action="updateSecurity" type="#request.adminType#" password="#session["password"&request.adminType]#" - + limitIsDefined="#form.limitIsDefined?:false#" varUsage="#form.varUsage#" remoteClients="#request.getRemoteClients()#"> @@ -44,7 +44,7 @@ Defaults ---> action="updateSecurity" type="#request.adminType#" password="#session["password"&request.adminType]#" - + limitIsDefined="" varUsage="" remoteClients="#request.getRemoteClients()#"> @@ -68,8 +68,6 @@ Redirtect to entry ---> Error Output ---> - - stText.security.desc="All settings that concern security in Lucee."; stText.security.varUsage="Variable Usage in Queries"; stText.security.varUsageDesc="With this setting, you can control how Lucee handles variables used within queries."; @@ -77,7 +75,6 @@ Error Output ---> stText.security.varUsageIgnore="Allow variables within a query"; stText.security.varUsageWarn="Add a warning to debug output"; stText.security.varUsageError="Throw an exception"; - @@ -85,12 +82,11 @@ Error Output --->
#stText.security.desc#
- - + + + + + stText.security.limitIsDefined="Limit function IsDefined"; + stText.security.limitIsDefinedDesc="If enable you can use expression within of [] in variable name checked by the function Isdefined like this: susi[getVariableName()]"; + + + + + + diff --git a/core/src/main/java/lucee/runtime/PageContextImpl.java b/core/src/main/java/lucee/runtime/PageContextImpl.java index 8e2746e247..a1cdc6a371 100755 --- a/core/src/main/java/lucee/runtime/PageContextImpl.java +++ b/core/src/main/java/lucee/runtime/PageContextImpl.java @@ -3902,4 +3902,9 @@ private static synchronized int getIdCounter() { if (_idCounter < 0) _idCounter = 1; return _idCounter; } + + public boolean limitIsDefined() { + if (applicationContext != null) return applicationContext.getLimitIsDefined(); + return ((ConfigPro) config).limitIsDefined(); + } } diff --git a/core/src/main/java/lucee/runtime/config/ConfigAdmin.java b/core/src/main/java/lucee/runtime/config/ConfigAdmin.java index a46f99fb37..3cb946e0c5 100755 --- a/core/src/main/java/lucee/runtime/config/ConfigAdmin.java +++ b/core/src/main/java/lucee/runtime/config/ConfigAdmin.java @@ -3046,13 +3046,16 @@ public void updateCTPathCache(Boolean ctPathCache) throws SecurityException { root.setEL("customTagUseCachePath", Caster.toString(ctPathCache, "")); } - public void updateSecurity(String varUsage) throws SecurityException { + public void updateSecurity(String varUsage, Boolean limitIsDefined) throws SecurityException { checkWriteAccess(); Struct el = _getRootElement("security"); if (el != null) { if (!StringUtil.isEmpty(varUsage)) el.setEL("variableUsage", Caster.toString(varUsage)); else rem(el, "variableUsage"); + + if (limitIsDefined != null) el.setEL("limitIsDefined", limitIsDefined); + else rem(el, "limitIsDefined"); } } diff --git a/core/src/main/java/lucee/runtime/config/ConfigImpl.java b/core/src/main/java/lucee/runtime/config/ConfigImpl.java index 7ca4075c51..06b3dfc31a 100755 --- a/core/src/main/java/lucee/runtime/config/ConfigImpl.java +++ b/core/src/main/java/lucee/runtime/config/ConfigImpl.java @@ -210,6 +210,8 @@ public abstract class ConfigImpl extends ConfigBase implements ConfigPro { private short type = SCOPE_STANDARD; private boolean _allowImplicidQueryCall = true; + private boolean _limitIsDefined = false; + private boolean _mergeFormAndURL = false; private Map loggers = new HashMap(); @@ -555,6 +557,11 @@ public boolean allowImplicidQueryCall() { return _allowImplicidQueryCall; } + @Override + public boolean limitIsDefined() { + return _limitIsDefined; + } + @Override public boolean mergeFormAndURL() { return _mergeFormAndURL; @@ -1228,6 +1235,10 @@ protected void setAllowImplicidQueryCall(boolean _allowImplicidQueryCall) { this._allowImplicidQueryCall = _allowImplicidQueryCall; } + protected void setLimitIsDefined(boolean _limitIsDefined) { + this._limitIsDefined = _limitIsDefined; + } + /** * sets if url and form scope will be merged * diff --git a/core/src/main/java/lucee/runtime/config/ConfigPro.java b/core/src/main/java/lucee/runtime/config/ConfigPro.java index e286807c2c..cfac1dd39e 100644 --- a/core/src/main/java/lucee/runtime/config/ConfigPro.java +++ b/core/src/main/java/lucee/runtime/config/ConfigPro.java @@ -357,4 +357,6 @@ public interface ConfigPro extends Config { public boolean getPreciseMath(); public void setLastModified(); + + public boolean limitIsDefined(); } diff --git a/core/src/main/java/lucee/runtime/config/ConfigWebFactory.java b/core/src/main/java/lucee/runtime/config/ConfigWebFactory.java index 2b4ba1bd5f..65df585c08 100644 --- a/core/src/main/java/lucee/runtime/config/ConfigWebFactory.java +++ b/core/src/main/java/lucee/runtime/config/ConfigWebFactory.java @@ -4047,6 +4047,25 @@ private static void _loadScope(ConfigServerImpl configServer, ConfigImpl config, else if (hasCS) config.setAllowImplicidQueryCall(configServer.allowImplicidQueryCall()); } + // limit isdefined + if (mode == ConfigPro.MODE_STRICT) { + config.setLimitIsDefined(true); + } + else { + Boolean limitIsDefined = Caster.toBoolean(SystemUtil.getSystemPropOrEnvVar("lucee.isdefined.limit", null), null); + if (limitIsDefined == null) limitIsDefined = Caster.toBoolean(SystemUtil.getSystemPropOrEnvVar("lucee.security.isdefined", null), null); + if (limitIsDefined == null) { + Struct security = ConfigWebUtil.getAsStruct("security", root); + if (security != null) { + limitIsDefined = Caster.toBoolean(getAttr(security, "limitIsDefined"), null); + } + } + if (hasAccess && limitIsDefined != null) { + config.setLimitIsDefined(limitIsDefined.booleanValue()); + } + else if (hasCS) config.setLimitIsDefined(configServer.limitIsDefined()); + } + // Merge url and Form String strMergeFormAndURL = getAttr(root, "mergeUrlForm"); if (hasAccess && !StringUtil.isEmpty(strMergeFormAndURL)) { diff --git a/core/src/main/java/lucee/runtime/config/ConfigWebImpl.java b/core/src/main/java/lucee/runtime/config/ConfigWebImpl.java index 406cb5c4eb..93fbf79211 100644 --- a/core/src/main/java/lucee/runtime/config/ConfigWebImpl.java +++ b/core/src/main/java/lucee/runtime/config/ConfigWebImpl.java @@ -613,6 +613,11 @@ public boolean allowImplicidQueryCall() { return instance.allowImplicidQueryCall(); } + @Override + public boolean limitIsDefined() { + return instance.limitIsDefined(); + } + @Override public lucee.runtime.customtag.InitFile getCTInitFile(lucee.runtime.PageContext arg0, java.lang.String arg1) { return instance.getCTInitFile(arg0, arg1); diff --git a/core/src/main/java/lucee/runtime/config/SingleContextConfigWeb.java b/core/src/main/java/lucee/runtime/config/SingleContextConfigWeb.java index 5d64546b46..4a247dae0d 100644 --- a/core/src/main/java/lucee/runtime/config/SingleContextConfigWeb.java +++ b/core/src/main/java/lucee/runtime/config/SingleContextConfigWeb.java @@ -186,6 +186,11 @@ public boolean allowImplicidQueryCall() { return cs.allowImplicidQueryCall(); } + @Override + public boolean limitIsDefined() { + return cs.limitIsDefined(); + } + @Override public boolean mergeFormAndURL() { return cs.mergeFormAndURL(); diff --git a/core/src/main/java/lucee/runtime/functions/decision/IsDefined.java b/core/src/main/java/lucee/runtime/functions/decision/IsDefined.java index 667bf096f1..86030a3138 100644 --- a/core/src/main/java/lucee/runtime/functions/decision/IsDefined.java +++ b/core/src/main/java/lucee/runtime/functions/decision/IsDefined.java @@ -25,6 +25,7 @@ import lucee.runtime.PageContext; import lucee.runtime.config.NullSupportHelper; import lucee.runtime.ext.function.Function; +import lucee.runtime.interpreter.SecurityInterpreterException; import lucee.runtime.interpreter.VariableInterpreter; import lucee.runtime.type.Collection; import lucee.runtime.type.KeyImpl; @@ -36,7 +37,7 @@ public final class IsDefined implements Function { private static final long serialVersionUID = -6477602189364145523L; - public static boolean call(PageContext pc, String varName) { + public static boolean call(PageContext pc, String varName) throws SecurityInterpreterException { return VariableInterpreter.isDefined(pc, varName); // return pc.isDefined(varName); } diff --git a/core/src/main/java/lucee/runtime/functions/other/ParameterExists.java b/core/src/main/java/lucee/runtime/functions/other/ParameterExists.java index c50e8e6fc0..2b6bb72043 100644 --- a/core/src/main/java/lucee/runtime/functions/other/ParameterExists.java +++ b/core/src/main/java/lucee/runtime/functions/other/ParameterExists.java @@ -24,9 +24,10 @@ import lucee.runtime.PageContext; import lucee.runtime.ext.function.Function; import lucee.runtime.functions.decision.IsDefined; +import lucee.runtime.interpreter.SecurityInterpreterException; public final class ParameterExists implements Function { - public static boolean call(PageContext pc, String string) { + public static boolean call(PageContext pc, String string) throws SecurityInterpreterException { return IsDefined.call(pc, string); } } \ No newline at end of file diff --git a/core/src/main/java/lucee/runtime/functions/system/Empty.java b/core/src/main/java/lucee/runtime/functions/system/Empty.java index 609fd5412c..bf324ecba5 100644 --- a/core/src/main/java/lucee/runtime/functions/system/Empty.java +++ b/core/src/main/java/lucee/runtime/functions/system/Empty.java @@ -22,6 +22,7 @@ import lucee.runtime.exp.FunctionException; import lucee.runtime.ext.function.Function; import lucee.runtime.functions.string.Len; +import lucee.runtime.interpreter.SecurityInterpreterException; import lucee.runtime.interpreter.VariableInterpreter; import lucee.runtime.op.Caster; @@ -29,7 +30,7 @@ public class Empty implements Function { private static final long serialVersionUID = 3780957672985941192L; - public static boolean call(PageContext pc, String variableName) throws FunctionException { + public static boolean call(PageContext pc, String variableName) throws FunctionException, SecurityInterpreterException { Object res = VariableInterpreter.getVariableEL(pc, variableName, null); if (res == null) return true; diff --git a/core/src/main/java/lucee/runtime/interpreter/InterpreterException.java b/core/src/main/java/lucee/runtime/interpreter/InterpreterException.java index ff87fa0905..e11f514b26 100644 --- a/core/src/main/java/lucee/runtime/interpreter/InterpreterException.java +++ b/core/src/main/java/lucee/runtime/interpreter/InterpreterException.java @@ -23,7 +23,7 @@ /** * */ -public final class InterpreterException extends ExpressionException { +public class InterpreterException extends ExpressionException { /* * * constructor of the Exception @@ -31,6 +31,8 @@ public final class InterpreterException extends ExpressionException { * @param e / public InterpreterException(Throwable e) { super(e); } */ + private static final long serialVersionUID = -6605986458201087440L; + /** * constructor of the Exception * diff --git a/core/src/main/java/lucee/runtime/interpreter/SecurityInterpreterException.java b/core/src/main/java/lucee/runtime/interpreter/SecurityInterpreterException.java new file mode 100644 index 0000000000..bdc0023eca --- /dev/null +++ b/core/src/main/java/lucee/runtime/interpreter/SecurityInterpreterException.java @@ -0,0 +1,14 @@ +package lucee.runtime.interpreter; + +public class SecurityInterpreterException extends InterpreterException { + private static final long serialVersionUID = -31253141390505300L; + + public SecurityInterpreterException(String message) { + super(message); + } + + public SecurityInterpreterException(String message, String detail) { + super(message, detail); + } + +} diff --git a/core/src/main/java/lucee/runtime/interpreter/VariableInterpreter.java b/core/src/main/java/lucee/runtime/interpreter/VariableInterpreter.java index 3f274c7bfa..11589560f9 100755 --- a/core/src/main/java/lucee/runtime/interpreter/VariableInterpreter.java +++ b/core/src/main/java/lucee/runtime/interpreter/VariableInterpreter.java @@ -55,7 +55,7 @@ public final class VariableInterpreter { * @throws PageException */ public static Object getVariable(PageContext pc, Collection collection, String var) throws PageException { - StringList list = parse(pc, new ParserString(var), false); + StringList list = parse(pc, new ParserString(var), false, false); if (list == null) throw new InterpreterException("invalid variable declaration [" + var + "]"); while (list.hasNextNext()) { @@ -96,8 +96,8 @@ public static String scopeInt2String(int type) { return null; } - public static Object getVariableEL(PageContext pc, Collection collection, String var) { - StringList list = parse(pc, new ParserString(var), false); + public static Object getVariableEL(PageContext pc, Collection collection, String var) throws SecurityInterpreterException { + StringList list = parse(pc, new ParserString(var), false, false); if (list == null) return null; while (list.hasNextNext()) { @@ -116,7 +116,7 @@ public static Object getVariableEL(PageContext pc, Collection collection, String * @throws PageException */ public static Object getVariable(PageContext pc, String var) throws PageException { - StringList list = parse(pc, new ParserString(var), false); + StringList list = parse(pc, new ParserString(var), false, false); if (list == null) throw new InterpreterException("invalid variable declaration [" + var + "]"); int scope = scopeString2Int(pc.ignoreScopes(), list.next()); @@ -135,7 +135,7 @@ public static Object getVariable(PageContext pc, String var) throws PageExceptio } public static Object getVariableAsCollection(PageContext pc, String var) throws PageException { - StringList list = parse(pc, new ParserString(var), false); + StringList list = parse(pc, new ParserString(var), false, false); if (list == null) throw new InterpreterException("invalid variable declaration [" + var + "]"); int scope = scopeString2Int(pc.ignoreScopes(), list.next()); @@ -218,9 +218,10 @@ else if (scope instanceof Undefined) { * @param var variable string to get value to * @param defaultValue value returnded if variable was not found * @return the value or default value if not found + * @throws SecurityInterpreterException */ - public static Object getVariableEL(PageContext pc, String var, Object defaultValue) { - StringList list = parse(pc, new ParserString(var), false); + public static Object getVariableEL(PageContext pc, String var, Object defaultValue) throws SecurityInterpreterException { + StringList list = parse(pc, new ParserString(var), false, false); if (list == null) return defaultValue; Object _null = NullSupportHelper.NULL(pc); @@ -247,8 +248,8 @@ public static Object getVariableEL(PageContext pc, String var, Object defaultVal return coll; } - public static Object getVariableELAsCollection(PageContext pc, String var, Object defaultValue) { - StringList list = parse(pc, new ParserString(var), false); + public static Object getVariableELAsCollection(PageContext pc, String var, Object defaultValue) throws SecurityInterpreterException { + StringList list = parse(pc, new ParserString(var), false, false); if (list == null) return defaultValue; int scope = scopeString2Int(pc.ignoreScopes(), list.next()); @@ -289,7 +290,7 @@ public static Object getVariableELAsCollection(PageContext pc, String var, Objec * @throws PageException */ public static VariableReference getVariableReference(PageContext pc, String var) throws PageException { - StringList list = parse(pc, new ParserString(var), false); + StringList list = parse(pc, new ParserString(var), false, false); if (list == null) throw new InterpreterException("invalid variable declaration [" + var + "]"); if (list.size() == 1) { @@ -359,7 +360,7 @@ public static VariableReference getVariableReference(PageContext pc, Collection. * @throws PageException */ public static Object setVariable(PageContext pc, String var, Object value) throws PageException { - StringList list = parse(pc, new ParserString(var), false); + StringList list = parse(pc, new ParserString(var), false, false); if (list == null) throw new InterpreterException("invalid variable name declaration [" + var + "]"); if (list.size() == 1) { @@ -393,7 +394,7 @@ public static Object setVariable(PageContext pc, String var, Object value) throw */ public static Object removeVariable(PageContext pc, String var) throws PageException { // print.ln("var:"+var); - StringList list = parse(pc, new ParserString(var), false); + StringList list = parse(pc, new ParserString(var), false, false); if (list == null) throw new InterpreterException("invalid variable declaration [" + var + "]"); if (list.size() == 1) { @@ -423,9 +424,10 @@ public static Object removeVariable(PageContext pc, String var) throws PageExcep * @param pc PageContext to check * @param var variable String * @return exists or not + * @throws SecurityInterpreterException */ - public static boolean isDefined(PageContext pc, String var) { - StringList list = parse(pc, new ParserString(var), false); + public static boolean isDefined(PageContext pc, String var) throws SecurityInterpreterException { + StringList list = parse(pc, new ParserString(var), false, ((PageContextImpl) pc).limitIsDefined()); if (list == null) return false; try { int scope = scopeString2Int(pc.ignoreScopes(), list.next()); @@ -470,8 +472,9 @@ public static boolean isDefined(PageContext pc, String var) { * @param pc Page Context * @param ps ParserString to read * @return Variable Definition in a String List + * @throws SecurityInterpreterException */ - private static StringList parse(PageContext pc, ParserString ps, boolean doLowerCase) { + private static StringList parse(PageContext pc, ParserString ps, boolean doLowerCase, boolean limited) throws SecurityInterpreterException { String id = readIdentifier(ps, doLowerCase); if (id == null) return null; StringList list = new StringList(id); @@ -484,10 +487,13 @@ private static StringList parse(PageContext pc, ParserString ps, boolean doLower list.add(id); } else if (ps.forwardIfCurrent('[')) { - if (interpreter == null) interpreter = new CFMLExpressionInterpreter(false); + if (interpreter == null) interpreter = new CFMLExpressionInterpreter(limited); try { list.add(Caster.toString(interpreter.interpretPart(pc, ps))); } + catch (SecurityInterpreterException sie) { + throw sie; + } catch (PageException e) { return null; } diff --git a/core/src/main/java/lucee/runtime/interpreter/ref/op/And.java b/core/src/main/java/lucee/runtime/interpreter/ref/op/And.java index 580f2655ad..813f309e7e 100644 --- a/core/src/main/java/lucee/runtime/interpreter/ref/op/And.java +++ b/core/src/main/java/lucee/runtime/interpreter/ref/op/And.java @@ -20,7 +20,7 @@ import lucee.runtime.PageContext; import lucee.runtime.exp.PageException; -import lucee.runtime.interpreter.InterpreterException; +import lucee.runtime.interpreter.SecurityInterpreterException; import lucee.runtime.interpreter.ref.Ref; import lucee.runtime.interpreter.ref.RefSupport; import lucee.runtime.op.Caster; @@ -48,7 +48,7 @@ public And(Ref left, Ref right, boolean limited) { @Override public Object getValue(PageContext pc) throws PageException { - if (limited) throw new InterpreterException("invalid syntax, boolean operations are not supported in a json string."); + if (limited) throw new SecurityInterpreterException("invalid syntax, boolean operations are not supported."); return (Caster.toBooleanValue(left.getValue(pc)) && Caster.toBooleanValue(right.getValue(pc))) ? Boolean.TRUE : Boolean.FALSE; } diff --git a/core/src/main/java/lucee/runtime/interpreter/ref/op/BigDiv.java b/core/src/main/java/lucee/runtime/interpreter/ref/op/BigDiv.java index ba0d64129c..83fac623e5 100644 --- a/core/src/main/java/lucee/runtime/interpreter/ref/op/BigDiv.java +++ b/core/src/main/java/lucee/runtime/interpreter/ref/op/BigDiv.java @@ -21,7 +21,7 @@ import lucee.commons.math.MathUtil; import lucee.runtime.PageContext; import lucee.runtime.exp.PageException; -import lucee.runtime.interpreter.InterpreterException; +import lucee.runtime.interpreter.SecurityInterpreterException; import lucee.runtime.interpreter.ref.Ref; /** @@ -41,7 +41,7 @@ public BigDiv(Ref left, Ref right, boolean limited) { @Override public Object getValue(PageContext pc) throws PageException { - if (limited) throw new InterpreterException("invalid syntax, math operations are not supported in a json string."); + if (limited) throw new SecurityInterpreterException("invalid syntax, math operations are not supported."); return MathUtil.divide(getLeft(pc), getRight(pc)).toString(); } } \ No newline at end of file diff --git a/core/src/main/java/lucee/runtime/interpreter/ref/op/BigIntDiv.java b/core/src/main/java/lucee/runtime/interpreter/ref/op/BigIntDiv.java index 693a0fbac4..5966fddd67 100644 --- a/core/src/main/java/lucee/runtime/interpreter/ref/op/BigIntDiv.java +++ b/core/src/main/java/lucee/runtime/interpreter/ref/op/BigIntDiv.java @@ -20,7 +20,7 @@ import lucee.runtime.PageContext; import lucee.runtime.exp.PageException; -import lucee.runtime.interpreter.InterpreterException; +import lucee.runtime.interpreter.SecurityInterpreterException; import lucee.runtime.interpreter.ref.Ref; /** @@ -40,7 +40,7 @@ public BigIntDiv(Ref left, Ref right, boolean limited) { @Override public Object getValue(PageContext pc) throws PageException { - if (limited) throw new InterpreterException("invalid syntax, math operations are not supported in a json string."); + if (limited) throw new SecurityInterpreterException("invalid syntax, math operations are not supported."); return getLeft(pc).toBigInteger().divide(getRight(pc).toBigInteger()).toString(); } } \ No newline at end of file diff --git a/core/src/main/java/lucee/runtime/interpreter/ref/op/BigMinus.java b/core/src/main/java/lucee/runtime/interpreter/ref/op/BigMinus.java index 1f7ec2c5e7..bbbc00e492 100644 --- a/core/src/main/java/lucee/runtime/interpreter/ref/op/BigMinus.java +++ b/core/src/main/java/lucee/runtime/interpreter/ref/op/BigMinus.java @@ -21,7 +21,7 @@ import lucee.commons.math.MathUtil; import lucee.runtime.PageContext; import lucee.runtime.exp.PageException; -import lucee.runtime.interpreter.InterpreterException; +import lucee.runtime.interpreter.SecurityInterpreterException; import lucee.runtime.interpreter.ref.Ref; /** @@ -41,7 +41,7 @@ public BigMinus(Ref left, Ref right, boolean limited) { @Override public Object getValue(PageContext pc) throws PageException { - if (limited) throw new InterpreterException("invalid syntax, math operations are not supported in a json string."); + if (limited) throw new SecurityInterpreterException("invalid syntax, math operations are not supported in a json string."); return MathUtil.subtract(getLeft(pc), getRight(pc)).toString(); } diff --git a/core/src/main/java/lucee/runtime/interpreter/ref/op/BigMod.java b/core/src/main/java/lucee/runtime/interpreter/ref/op/BigMod.java index bf128bd32f..a818e0db19 100644 --- a/core/src/main/java/lucee/runtime/interpreter/ref/op/BigMod.java +++ b/core/src/main/java/lucee/runtime/interpreter/ref/op/BigMod.java @@ -20,7 +20,7 @@ import lucee.runtime.PageContext; import lucee.runtime.exp.PageException; -import lucee.runtime.interpreter.InterpreterException; +import lucee.runtime.interpreter.SecurityInterpreterException; import lucee.runtime.interpreter.ref.Ref; /** @@ -40,7 +40,7 @@ public BigMod(Ref left, Ref right, boolean limited) { @Override public Object getValue(PageContext pc) throws PageException { - if (limited) throw new InterpreterException("invalid syntax, math operations are not supported in a json string."); + if (limited) throw new SecurityInterpreterException("invalid syntax, math operations are not supported."); return getLeft(pc).remainder(getRight(pc)).toString(); } } \ No newline at end of file diff --git a/core/src/main/java/lucee/runtime/interpreter/ref/op/BigMulti.java b/core/src/main/java/lucee/runtime/interpreter/ref/op/BigMulti.java index b028aa1e5d..a498ce14ea 100644 --- a/core/src/main/java/lucee/runtime/interpreter/ref/op/BigMulti.java +++ b/core/src/main/java/lucee/runtime/interpreter/ref/op/BigMulti.java @@ -21,7 +21,7 @@ import lucee.commons.math.MathUtil; import lucee.runtime.PageContext; import lucee.runtime.exp.PageException; -import lucee.runtime.interpreter.InterpreterException; +import lucee.runtime.interpreter.SecurityInterpreterException; import lucee.runtime.interpreter.ref.Ref; /** @@ -41,7 +41,7 @@ public BigMulti(Ref left, Ref right, boolean limited) { @Override public Object getValue(PageContext pc) throws PageException { - if (limited) throw new InterpreterException("invalid syntax, math operations are not supported in a json string."); + if (limited) throw new SecurityInterpreterException("invalid syntax, math operations are not supported."); return MathUtil.multiply(getLeft(pc), getRight(pc)).toString(); } diff --git a/core/src/main/java/lucee/runtime/interpreter/ref/op/BigPlus.java b/core/src/main/java/lucee/runtime/interpreter/ref/op/BigPlus.java index deab5be3f6..5192378829 100644 --- a/core/src/main/java/lucee/runtime/interpreter/ref/op/BigPlus.java +++ b/core/src/main/java/lucee/runtime/interpreter/ref/op/BigPlus.java @@ -20,7 +20,7 @@ import lucee.runtime.PageContext; import lucee.runtime.exp.PageException; -import lucee.runtime.interpreter.InterpreterException; +import lucee.runtime.interpreter.SecurityInterpreterException; import lucee.runtime.interpreter.ref.Ref; /** @@ -40,7 +40,7 @@ public BigPlus(Ref left, Ref right, boolean limited) { @Override public Object getValue(PageContext pc) throws PageException { - if (limited) throw new InterpreterException("invalid syntax, math operations are not supported in a json string."); + if (limited) throw new SecurityInterpreterException("invalid syntax, math operations are not supported."); return getLeft(pc).add(getRight(pc)).toString(); } diff --git a/core/src/main/java/lucee/runtime/interpreter/ref/op/CT.java b/core/src/main/java/lucee/runtime/interpreter/ref/op/CT.java index 7db406456c..c403d04767 100644 --- a/core/src/main/java/lucee/runtime/interpreter/ref/op/CT.java +++ b/core/src/main/java/lucee/runtime/interpreter/ref/op/CT.java @@ -20,7 +20,7 @@ import lucee.runtime.PageContext; import lucee.runtime.exp.PageException; -import lucee.runtime.interpreter.InterpreterException; +import lucee.runtime.interpreter.SecurityInterpreterException; import lucee.runtime.interpreter.ref.Ref; import lucee.runtime.interpreter.ref.RefSupport; import lucee.runtime.op.OpUtil; @@ -48,7 +48,7 @@ public CT(Ref left, Ref right, boolean limited) { @Override public Object getValue(PageContext pc) throws PageException { - if (limited) throw new InterpreterException("invalid syntax, boolean operations are not supported in a json string."); + if (limited) throw new SecurityInterpreterException("invalid syntax, boolean operations are not supported."); return OpUtil.ct(pc, left.getValue(pc), right.getValue(pc)) ? Boolean.TRUE : Boolean.FALSE; } diff --git a/core/src/main/java/lucee/runtime/interpreter/ref/op/Concat.java b/core/src/main/java/lucee/runtime/interpreter/ref/op/Concat.java index 034dce4ac9..31984d0e4e 100644 --- a/core/src/main/java/lucee/runtime/interpreter/ref/op/Concat.java +++ b/core/src/main/java/lucee/runtime/interpreter/ref/op/Concat.java @@ -20,7 +20,7 @@ import lucee.runtime.PageContext; import lucee.runtime.exp.PageException; -import lucee.runtime.interpreter.InterpreterException; +import lucee.runtime.interpreter.SecurityInterpreterException; import lucee.runtime.interpreter.ref.Ref; import lucee.runtime.interpreter.ref.RefSupport; import lucee.runtime.op.Caster; @@ -48,7 +48,7 @@ public Concat(Ref left, Ref right, boolean limited) { @Override public Object getValue(PageContext pc) throws PageException { - if (limited) throw new InterpreterException("invalid syntax, this operation is not supported in a json string."); + if (limited) throw new SecurityInterpreterException("invalid syntax, this operation is not supported."); return Caster.toString(left.getValue(pc)) + Caster.toString(right.getValue(pc)); } diff --git a/core/src/main/java/lucee/runtime/interpreter/ref/op/Cont.java b/core/src/main/java/lucee/runtime/interpreter/ref/op/Cont.java index f8e8fe874e..51651dc24a 100644 --- a/core/src/main/java/lucee/runtime/interpreter/ref/op/Cont.java +++ b/core/src/main/java/lucee/runtime/interpreter/ref/op/Cont.java @@ -20,7 +20,7 @@ import lucee.runtime.PageContext; import lucee.runtime.exp.PageException; -import lucee.runtime.interpreter.InterpreterException; +import lucee.runtime.interpreter.SecurityInterpreterException; import lucee.runtime.interpreter.ref.Ref; import lucee.runtime.interpreter.ref.RefSupport; import lucee.runtime.op.Caster; @@ -50,7 +50,7 @@ public Cont(Ref cont, Ref left, Ref right, boolean limited) { @Override public Object getValue(PageContext pc) throws PageException { - if (limited) throw new InterpreterException("invalid syntax, boolean operations are not supported in a json string."); + if (limited) throw new SecurityInterpreterException("invalid syntax, boolean operations are not supported."); return Caster.toBooleanValue(cont.getValue(pc)) ? left.getValue(pc) : right.getValue(pc); } diff --git a/core/src/main/java/lucee/runtime/interpreter/ref/op/Div.java b/core/src/main/java/lucee/runtime/interpreter/ref/op/Div.java index 8cc37f11e3..7bef901f9e 100644 --- a/core/src/main/java/lucee/runtime/interpreter/ref/op/Div.java +++ b/core/src/main/java/lucee/runtime/interpreter/ref/op/Div.java @@ -20,7 +20,7 @@ import lucee.runtime.PageContext; import lucee.runtime.exp.PageException; -import lucee.runtime.interpreter.InterpreterException; +import lucee.runtime.interpreter.SecurityInterpreterException; import lucee.runtime.interpreter.ref.Ref; import lucee.runtime.interpreter.ref.RefSupport; import lucee.runtime.op.Caster; @@ -48,7 +48,7 @@ public Div(Ref left, Ref right, boolean limited) { @Override public Object getValue(PageContext pc) throws PageException { - if (limited) throw new InterpreterException("invalid syntax, math operations are not supported in a json string."); + if (limited) throw new SecurityInterpreterException("invalid syntax, math operations are not supported."); double r = Caster.toDoubleValue(right.getValue(pc)); if (r == 0d) throw new ArithmeticException("Division by zero is not possible"); return Double.valueOf(Caster.toDoubleValue(left.getValue(pc)) / r); diff --git a/core/src/main/java/lucee/runtime/interpreter/ref/op/EEQ.java b/core/src/main/java/lucee/runtime/interpreter/ref/op/EEQ.java index 604c1bd997..49f77be10f 100644 --- a/core/src/main/java/lucee/runtime/interpreter/ref/op/EEQ.java +++ b/core/src/main/java/lucee/runtime/interpreter/ref/op/EEQ.java @@ -20,7 +20,7 @@ import lucee.runtime.PageContext; import lucee.runtime.exp.PageException; -import lucee.runtime.interpreter.InterpreterException; +import lucee.runtime.interpreter.SecurityInterpreterException; import lucee.runtime.interpreter.ref.Ref; import lucee.runtime.interpreter.ref.RefSupport; @@ -47,7 +47,7 @@ public EEQ(Ref left, Ref right, boolean limited) { @Override public Object getValue(PageContext pc) throws PageException { - if (limited) throw new InterpreterException("invalid syntax, boolean operations are not supported in a json string."); + if (limited) throw new SecurityInterpreterException("invalid syntax, boolean operations are not supported."); return left.eeq(pc, right) ? Boolean.TRUE : Boolean.FALSE; // return (left.getValue()==right.getValue())?Boolean.TRUE:Boolean.FALSE; } diff --git a/core/src/main/java/lucee/runtime/interpreter/ref/op/EQ.java b/core/src/main/java/lucee/runtime/interpreter/ref/op/EQ.java index d43c336cfa..800dae49a5 100644 --- a/core/src/main/java/lucee/runtime/interpreter/ref/op/EQ.java +++ b/core/src/main/java/lucee/runtime/interpreter/ref/op/EQ.java @@ -20,7 +20,7 @@ import lucee.runtime.PageContext; import lucee.runtime.exp.PageException; -import lucee.runtime.interpreter.InterpreterException; +import lucee.runtime.interpreter.SecurityInterpreterException; import lucee.runtime.interpreter.ref.Ref; import lucee.runtime.interpreter.ref.RefSupport; import lucee.runtime.op.OpUtil; @@ -48,7 +48,7 @@ public EQ(Ref left, Ref right, boolean limited) { @Override public Object getValue(PageContext pc) throws PageException { - if (limited) throw new InterpreterException("invalid syntax, boolean operations are not supported in a json string."); + if (limited) throw new SecurityInterpreterException("invalid syntax, boolean operations are not supported."); return OpUtil.compare(pc, left.getValue(pc), right.getValue(pc)) == 0 ? Boolean.TRUE : Boolean.FALSE; } diff --git a/core/src/main/java/lucee/runtime/interpreter/ref/op/EQV.java b/core/src/main/java/lucee/runtime/interpreter/ref/op/EQV.java index 86c0b2b41c..2b2d2cb593 100644 --- a/core/src/main/java/lucee/runtime/interpreter/ref/op/EQV.java +++ b/core/src/main/java/lucee/runtime/interpreter/ref/op/EQV.java @@ -20,7 +20,7 @@ import lucee.runtime.PageContext; import lucee.runtime.exp.PageException; -import lucee.runtime.interpreter.InterpreterException; +import lucee.runtime.interpreter.SecurityInterpreterException; import lucee.runtime.interpreter.ref.Ref; import lucee.runtime.interpreter.ref.RefSupport; import lucee.runtime.op.OpUtil; @@ -48,7 +48,7 @@ public EQV(Ref left, Ref right, boolean limited) { @Override public Object getValue(PageContext pc) throws PageException { - if (limited) throw new InterpreterException("invalid syntax, boolean operations are not supported in a json string."); + if (limited) throw new SecurityInterpreterException("invalid syntax, boolean operations are not supported."); return OpUtil.eqv(pc, left.getValue(pc), right.getValue(pc)) ? Boolean.TRUE : Boolean.FALSE; } diff --git a/core/src/main/java/lucee/runtime/interpreter/ref/op/Elvis.java b/core/src/main/java/lucee/runtime/interpreter/ref/op/Elvis.java index 19f9189cd3..6e6be72da2 100644 --- a/core/src/main/java/lucee/runtime/interpreter/ref/op/Elvis.java +++ b/core/src/main/java/lucee/runtime/interpreter/ref/op/Elvis.java @@ -20,7 +20,7 @@ import lucee.runtime.PageContext; import lucee.runtime.exp.PageException; -import lucee.runtime.interpreter.InterpreterException; +import lucee.runtime.interpreter.SecurityInterpreterException; import lucee.runtime.interpreter.ref.Ref; import lucee.runtime.interpreter.ref.RefSupport; import lucee.runtime.interpreter.ref.literal.LFunctionValue; @@ -40,7 +40,7 @@ public Elvis(Ref left, Ref right, boolean limited) { @Override public Object getValue(PageContext pc) throws PageException { - if (limited) throw new InterpreterException("invalid syntax, this operation is not supported in a json string."); + if (limited) throw new SecurityInterpreterException("invalid syntax, this operation is not supported."); if (left instanceof Variable) { Variable var = (Variable) left; String[] arr = LFunctionValue.toStringArray(pc, var); diff --git a/core/src/main/java/lucee/runtime/interpreter/ref/op/Exp.java b/core/src/main/java/lucee/runtime/interpreter/ref/op/Exp.java index c0210dcabf..1c9c957df1 100644 --- a/core/src/main/java/lucee/runtime/interpreter/ref/op/Exp.java +++ b/core/src/main/java/lucee/runtime/interpreter/ref/op/Exp.java @@ -20,7 +20,7 @@ import lucee.runtime.PageContext; import lucee.runtime.exp.PageException; -import lucee.runtime.interpreter.InterpreterException; +import lucee.runtime.interpreter.SecurityInterpreterException; import lucee.runtime.interpreter.ref.Ref; import lucee.runtime.interpreter.ref.RefSupport; import lucee.runtime.op.OpUtil; @@ -48,7 +48,7 @@ public Exp(Ref left, Ref right, boolean limited) { @Override public Object getValue(PageContext pc) throws PageException { - if (limited) throw new InterpreterException("invalid syntax, math operations are not supported in a json string."); + if (limited) throw new SecurityInterpreterException("invalid syntax, math operations are not supported."); return OpUtil.exponentRef(pc, left.getValue(pc), right.getValue(pc)); } diff --git a/core/src/main/java/lucee/runtime/interpreter/ref/op/GT.java b/core/src/main/java/lucee/runtime/interpreter/ref/op/GT.java index 652785025c..b77a7f3d64 100644 --- a/core/src/main/java/lucee/runtime/interpreter/ref/op/GT.java +++ b/core/src/main/java/lucee/runtime/interpreter/ref/op/GT.java @@ -20,7 +20,7 @@ import lucee.runtime.PageContext; import lucee.runtime.exp.PageException; -import lucee.runtime.interpreter.InterpreterException; +import lucee.runtime.interpreter.SecurityInterpreterException; import lucee.runtime.interpreter.ref.Ref; import lucee.runtime.interpreter.ref.RefSupport; import lucee.runtime.op.OpUtil; @@ -48,7 +48,7 @@ public GT(Ref left, Ref right, boolean limited) { @Override public Object getValue(PageContext pc) throws PageException { - if (limited) throw new InterpreterException("invalid syntax, boolean operations are not supported in a json string."); + if (limited) throw new SecurityInterpreterException("invalid syntax, boolean operations are not supported."); return OpUtil.compare(pc, left.getValue(pc), right.getValue(pc)) > 0 ? Boolean.TRUE : Boolean.FALSE; } diff --git a/core/src/main/java/lucee/runtime/interpreter/ref/op/GTE.java b/core/src/main/java/lucee/runtime/interpreter/ref/op/GTE.java index d1c4718c4d..83851ceab3 100644 --- a/core/src/main/java/lucee/runtime/interpreter/ref/op/GTE.java +++ b/core/src/main/java/lucee/runtime/interpreter/ref/op/GTE.java @@ -20,7 +20,7 @@ import lucee.runtime.PageContext; import lucee.runtime.exp.PageException; -import lucee.runtime.interpreter.InterpreterException; +import lucee.runtime.interpreter.SecurityInterpreterException; import lucee.runtime.interpreter.ref.Ref; import lucee.runtime.interpreter.ref.RefSupport; import lucee.runtime.op.OpUtil; @@ -48,7 +48,7 @@ public GTE(Ref left, Ref right, boolean limited) { @Override public Object getValue(PageContext pc) throws PageException { - if (limited) throw new InterpreterException("invalid syntax, boolean operations are not supported in a json string."); + if (limited) throw new SecurityInterpreterException("invalid syntax, boolean operations are not supported."); return OpUtil.compare(pc, left.getValue(pc), right.getValue(pc)) >= 0 ? Boolean.TRUE : Boolean.FALSE; } diff --git a/core/src/main/java/lucee/runtime/interpreter/ref/op/Imp.java b/core/src/main/java/lucee/runtime/interpreter/ref/op/Imp.java index 27088d7fc5..e764b5e709 100644 --- a/core/src/main/java/lucee/runtime/interpreter/ref/op/Imp.java +++ b/core/src/main/java/lucee/runtime/interpreter/ref/op/Imp.java @@ -20,7 +20,7 @@ import lucee.runtime.PageContext; import lucee.runtime.exp.PageException; -import lucee.runtime.interpreter.InterpreterException; +import lucee.runtime.interpreter.SecurityInterpreterException; import lucee.runtime.interpreter.ref.Ref; import lucee.runtime.interpreter.ref.RefSupport; import lucee.runtime.op.OpUtil; @@ -48,7 +48,7 @@ public Imp(Ref left, Ref right, boolean limited) { @Override public Object getValue(PageContext pc) throws PageException { - if (limited) throw new InterpreterException("invalid syntax, this operation is not supported in a json string."); + if (limited) throw new SecurityInterpreterException("invalid syntax, this operation is not supported."); return OpUtil.imp(pc, left.getValue(pc), right.getValue(pc)) ? Boolean.TRUE : Boolean.FALSE; } diff --git a/core/src/main/java/lucee/runtime/interpreter/ref/op/IntDiv.java b/core/src/main/java/lucee/runtime/interpreter/ref/op/IntDiv.java index 72e4757647..4cb2be4207 100644 --- a/core/src/main/java/lucee/runtime/interpreter/ref/op/IntDiv.java +++ b/core/src/main/java/lucee/runtime/interpreter/ref/op/IntDiv.java @@ -20,7 +20,7 @@ import lucee.runtime.PageContext; import lucee.runtime.exp.PageException; -import lucee.runtime.interpreter.InterpreterException; +import lucee.runtime.interpreter.SecurityInterpreterException; import lucee.runtime.interpreter.ref.Ref; import lucee.runtime.interpreter.ref.RefSupport; import lucee.runtime.op.Caster; @@ -48,7 +48,7 @@ public IntDiv(Ref left, Ref right, boolean limited) { @Override public Object getValue(PageContext pc) throws PageException { - if (limited) throw new InterpreterException("invalid syntax, math operations are not supported in a json string."); + if (limited) throw new SecurityInterpreterException("invalid syntax, math operations are not supported."); return Double.valueOf(Caster.toIntValue(left.getValue(pc)) / Caster.toIntValue(right.getValue(pc))); } diff --git a/core/src/main/java/lucee/runtime/interpreter/ref/op/LT.java b/core/src/main/java/lucee/runtime/interpreter/ref/op/LT.java index c28ed33922..04a2dbbc37 100644 --- a/core/src/main/java/lucee/runtime/interpreter/ref/op/LT.java +++ b/core/src/main/java/lucee/runtime/interpreter/ref/op/LT.java @@ -20,7 +20,7 @@ import lucee.runtime.PageContext; import lucee.runtime.exp.PageException; -import lucee.runtime.interpreter.InterpreterException; +import lucee.runtime.interpreter.SecurityInterpreterException; import lucee.runtime.interpreter.ref.Ref; import lucee.runtime.interpreter.ref.RefSupport; import lucee.runtime.op.OpUtil; @@ -48,7 +48,7 @@ public LT(Ref left, Ref right, boolean limited) { @Override public Object getValue(PageContext pc) throws PageException { - if (limited) throw new InterpreterException("invalid syntax, boolean operations are not supported in a json string."); + if (limited) throw new SecurityInterpreterException("invalid syntax, boolean operations are not supported."); return OpUtil.compare(pc, left.getValue(pc), right.getValue(pc)) < 0 ? Boolean.TRUE : Boolean.FALSE; } diff --git a/core/src/main/java/lucee/runtime/interpreter/ref/op/LTE.java b/core/src/main/java/lucee/runtime/interpreter/ref/op/LTE.java index ea203b9089..41f3a40de6 100644 --- a/core/src/main/java/lucee/runtime/interpreter/ref/op/LTE.java +++ b/core/src/main/java/lucee/runtime/interpreter/ref/op/LTE.java @@ -20,7 +20,7 @@ import lucee.runtime.PageContext; import lucee.runtime.exp.PageException; -import lucee.runtime.interpreter.InterpreterException; +import lucee.runtime.interpreter.SecurityInterpreterException; import lucee.runtime.interpreter.ref.Ref; import lucee.runtime.interpreter.ref.RefSupport; import lucee.runtime.op.OpUtil; @@ -48,7 +48,7 @@ public LTE(Ref left, Ref right, boolean limited) { @Override public Object getValue(PageContext pc) throws PageException { - if (limited) throw new InterpreterException("invalid syntax, boolean operations are not supported in a json string."); + if (limited) throw new SecurityInterpreterException("invalid syntax, boolean operations are not supported."); return OpUtil.compare(pc, left.getValue(pc), right.getValue(pc)) <= 0 ? Boolean.TRUE : Boolean.FALSE; } diff --git a/core/src/main/java/lucee/runtime/interpreter/ref/op/Minus.java b/core/src/main/java/lucee/runtime/interpreter/ref/op/Minus.java index 6489103964..3551c4a3b6 100644 --- a/core/src/main/java/lucee/runtime/interpreter/ref/op/Minus.java +++ b/core/src/main/java/lucee/runtime/interpreter/ref/op/Minus.java @@ -20,7 +20,7 @@ import lucee.runtime.PageContext; import lucee.runtime.exp.PageException; -import lucee.runtime.interpreter.InterpreterException; +import lucee.runtime.interpreter.SecurityInterpreterException; import lucee.runtime.interpreter.ref.Ref; import lucee.runtime.interpreter.ref.RefSupport; import lucee.runtime.op.Caster; @@ -48,7 +48,7 @@ public Minus(Ref left, Ref right, boolean limited) { @Override public Object getValue(PageContext pc) throws PageException { - if (limited) throw new InterpreterException("invalid syntax, math operations are not supported in a json string."); + if (limited) throw new SecurityInterpreterException("invalid syntax, math operations are not supported."); return Double.valueOf(Caster.toDoubleValue(left.getValue(pc)) - Caster.toDoubleValue(right.getValue(pc))); } diff --git a/core/src/main/java/lucee/runtime/interpreter/ref/op/Mod.java b/core/src/main/java/lucee/runtime/interpreter/ref/op/Mod.java index 635066bde2..630984d584 100644 --- a/core/src/main/java/lucee/runtime/interpreter/ref/op/Mod.java +++ b/core/src/main/java/lucee/runtime/interpreter/ref/op/Mod.java @@ -20,7 +20,7 @@ import lucee.runtime.PageContext; import lucee.runtime.exp.PageException; -import lucee.runtime.interpreter.InterpreterException; +import lucee.runtime.interpreter.SecurityInterpreterException; import lucee.runtime.interpreter.ref.Ref; import lucee.runtime.interpreter.ref.RefSupport; import lucee.runtime.op.Caster; @@ -48,7 +48,7 @@ public Mod(Ref left, Ref right, boolean limited) { @Override public Object getValue(PageContext pc) throws PageException { - if (limited) throw new InterpreterException("invalid syntax, math operations are not supported in a json string."); + if (limited) throw new SecurityInterpreterException("invalid syntax, math operations are not supported."); return Double.valueOf(Caster.toDoubleValue(left.getValue(pc)) % Caster.toDoubleValue(right.getValue(pc))); } diff --git a/core/src/main/java/lucee/runtime/interpreter/ref/op/Multi.java b/core/src/main/java/lucee/runtime/interpreter/ref/op/Multi.java index 4dc3eb6b09..b463068f56 100644 --- a/core/src/main/java/lucee/runtime/interpreter/ref/op/Multi.java +++ b/core/src/main/java/lucee/runtime/interpreter/ref/op/Multi.java @@ -20,7 +20,7 @@ import lucee.runtime.PageContext; import lucee.runtime.exp.PageException; -import lucee.runtime.interpreter.InterpreterException; +import lucee.runtime.interpreter.SecurityInterpreterException; import lucee.runtime.interpreter.ref.Ref; import lucee.runtime.interpreter.ref.RefSupport; import lucee.runtime.op.Caster; @@ -48,7 +48,7 @@ public Multi(Ref left, Ref right, boolean limited) { @Override public Object getValue(PageContext pc) throws PageException { - if (limited) throw new InterpreterException("invalid syntax, math operations are not supported in a json string."); + if (limited) throw new SecurityInterpreterException("invalid syntax, math operations are not supported."); return Double.valueOf(Caster.toDoubleValue(left.getValue(pc)) * Caster.toDoubleValue(right.getValue(pc))); } diff --git a/core/src/main/java/lucee/runtime/interpreter/ref/op/NCT.java b/core/src/main/java/lucee/runtime/interpreter/ref/op/NCT.java index 71258aca53..a45d38f91d 100644 --- a/core/src/main/java/lucee/runtime/interpreter/ref/op/NCT.java +++ b/core/src/main/java/lucee/runtime/interpreter/ref/op/NCT.java @@ -20,7 +20,7 @@ import lucee.runtime.PageContext; import lucee.runtime.exp.PageException; -import lucee.runtime.interpreter.InterpreterException; +import lucee.runtime.interpreter.SecurityInterpreterException; import lucee.runtime.interpreter.ref.Ref; import lucee.runtime.interpreter.ref.RefSupport; import lucee.runtime.op.OpUtil; @@ -48,7 +48,7 @@ public NCT(Ref left, Ref right, boolean limited) { @Override public Object getValue(PageContext pc) throws PageException { - if (limited) throw new InterpreterException("invalid syntax, boolean operations are not supported in a json string."); + if (limited) throw new SecurityInterpreterException("invalid syntax, boolean operations are not supported."); return OpUtil.nct(pc, left.getValue(pc), right.getValue(pc)) ? Boolean.TRUE : Boolean.FALSE; } diff --git a/core/src/main/java/lucee/runtime/interpreter/ref/op/NEEQ.java b/core/src/main/java/lucee/runtime/interpreter/ref/op/NEEQ.java index cc60accdd9..4da8c427d3 100644 --- a/core/src/main/java/lucee/runtime/interpreter/ref/op/NEEQ.java +++ b/core/src/main/java/lucee/runtime/interpreter/ref/op/NEEQ.java @@ -20,7 +20,7 @@ import lucee.runtime.PageContext; import lucee.runtime.exp.PageException; -import lucee.runtime.interpreter.InterpreterException; +import lucee.runtime.interpreter.SecurityInterpreterException; import lucee.runtime.interpreter.ref.Ref; import lucee.runtime.interpreter.ref.RefSupport; @@ -47,7 +47,7 @@ public NEEQ(Ref left, Ref right, boolean limited) { @Override public Object getValue(PageContext pc) throws PageException { - if (limited) throw new InterpreterException("invalid syntax, boolean operations are not supported in a json string."); + if (limited) throw new SecurityInterpreterException("invalid syntax, boolean operations are not supported."); return left.eeq(pc, right) ? Boolean.FALSE : Boolean.TRUE; // return (left.getValue()!=right.getValue())?Boolean.TRUE:Boolean.FALSE; } diff --git a/core/src/main/java/lucee/runtime/interpreter/ref/op/NEQ.java b/core/src/main/java/lucee/runtime/interpreter/ref/op/NEQ.java index 5fda435a82..e6ec42a9c9 100644 --- a/core/src/main/java/lucee/runtime/interpreter/ref/op/NEQ.java +++ b/core/src/main/java/lucee/runtime/interpreter/ref/op/NEQ.java @@ -20,7 +20,7 @@ import lucee.runtime.PageContext; import lucee.runtime.exp.PageException; -import lucee.runtime.interpreter.InterpreterException; +import lucee.runtime.interpreter.SecurityInterpreterException; import lucee.runtime.interpreter.ref.Ref; import lucee.runtime.interpreter.ref.RefSupport; import lucee.runtime.op.OpUtil; @@ -48,7 +48,7 @@ public NEQ(Ref left, Ref right, boolean limited) { @Override public Object getValue(PageContext pc) throws PageException { - if (limited) throw new InterpreterException("invalid syntax, boolean operations are not supported in a json string."); + if (limited) throw new SecurityInterpreterException("invalid syntax, boolean operations are not supported."); return OpUtil.compare(pc, left.getValue(pc), right.getValue(pc)) != 0 ? Boolean.TRUE : Boolean.FALSE; } diff --git a/core/src/main/java/lucee/runtime/interpreter/ref/op/Not.java b/core/src/main/java/lucee/runtime/interpreter/ref/op/Not.java index c5a009b649..2a18ac0b7d 100644 --- a/core/src/main/java/lucee/runtime/interpreter/ref/op/Not.java +++ b/core/src/main/java/lucee/runtime/interpreter/ref/op/Not.java @@ -20,7 +20,7 @@ import lucee.runtime.PageContext; import lucee.runtime.exp.PageException; -import lucee.runtime.interpreter.InterpreterException; +import lucee.runtime.interpreter.SecurityInterpreterException; import lucee.runtime.interpreter.ref.Ref; import lucee.runtime.interpreter.ref.RefSupport; import lucee.runtime.op.Caster; @@ -45,7 +45,7 @@ public Not(Ref ref, boolean limited) { @Override public Object getValue(PageContext pc) throws PageException { - if (limited) throw new InterpreterException("invalid syntax, boolean operations are not supported in a json string."); + if (limited) throw new SecurityInterpreterException("invalid syntax, boolean operations are not supported."); return (Caster.toBooleanValue(ref.getValue(pc))) ? Boolean.FALSE : Boolean.TRUE; } diff --git a/core/src/main/java/lucee/runtime/interpreter/ref/op/Or.java b/core/src/main/java/lucee/runtime/interpreter/ref/op/Or.java index 3522f994ea..7d44a0ee03 100644 --- a/core/src/main/java/lucee/runtime/interpreter/ref/op/Or.java +++ b/core/src/main/java/lucee/runtime/interpreter/ref/op/Or.java @@ -20,7 +20,7 @@ import lucee.runtime.PageContext; import lucee.runtime.exp.PageException; -import lucee.runtime.interpreter.InterpreterException; +import lucee.runtime.interpreter.SecurityInterpreterException; import lucee.runtime.interpreter.ref.Ref; import lucee.runtime.interpreter.ref.RefSupport; import lucee.runtime.op.Caster; @@ -48,7 +48,7 @@ public Or(Ref left, Ref right, boolean limited) { @Override public Object getValue(PageContext pc) throws PageException { - if (limited) throw new InterpreterException("invalid syntax, boolean operations are not supported in a json string."); + if (limited) throw new SecurityInterpreterException("invalid syntax, boolean operations are not supported."); return (Caster.toBooleanValue(left.getValue(pc)) || Caster.toBooleanValue(right.getValue(pc))) ? Boolean.TRUE : Boolean.FALSE; } diff --git a/core/src/main/java/lucee/runtime/interpreter/ref/op/Plus.java b/core/src/main/java/lucee/runtime/interpreter/ref/op/Plus.java index 717a609fe0..89a0ff8480 100644 --- a/core/src/main/java/lucee/runtime/interpreter/ref/op/Plus.java +++ b/core/src/main/java/lucee/runtime/interpreter/ref/op/Plus.java @@ -20,7 +20,7 @@ import lucee.runtime.PageContext; import lucee.runtime.exp.PageException; -import lucee.runtime.interpreter.InterpreterException; +import lucee.runtime.interpreter.SecurityInterpreterException; import lucee.runtime.interpreter.ref.Ref; import lucee.runtime.interpreter.ref.RefSupport; import lucee.runtime.op.Caster; @@ -48,7 +48,7 @@ public Plus(Ref left, Ref right, boolean limited) { @Override public Object getValue(PageContext pc) throws PageException { - if (limited) throw new InterpreterException("invalid syntax, math operations are not supported in a json string."); + if (limited) throw new SecurityInterpreterException("invalid syntax, math operations are not supported."); return Double.valueOf(Caster.toDoubleValue(left.getValue(pc)) + Caster.toDoubleValue(right.getValue(pc))); } diff --git a/core/src/main/java/lucee/runtime/interpreter/ref/op/Xor.java b/core/src/main/java/lucee/runtime/interpreter/ref/op/Xor.java index 3e61589eee..d764f2aff1 100644 --- a/core/src/main/java/lucee/runtime/interpreter/ref/op/Xor.java +++ b/core/src/main/java/lucee/runtime/interpreter/ref/op/Xor.java @@ -20,7 +20,7 @@ import lucee.runtime.PageContext; import lucee.runtime.exp.PageException; -import lucee.runtime.interpreter.InterpreterException; +import lucee.runtime.interpreter.SecurityInterpreterException; import lucee.runtime.interpreter.ref.Ref; import lucee.runtime.interpreter.ref.RefSupport; import lucee.runtime.op.Caster; @@ -48,7 +48,7 @@ public Xor(Ref left, Ref right, boolean limited) { @Override public Object getValue(PageContext pc) throws PageException { - if (limited) throw new InterpreterException("invalid syntax, boolean operations are not supported in a json string."); + if (limited) throw new SecurityInterpreterException("invalid syntax, boolean operations are not supported."); return Caster.toBooleanValue(left.getValue(pc)) ^ Caster.toBooleanValue(right.getValue(pc)) ? Boolean.TRUE : Boolean.FALSE; } diff --git a/core/src/main/java/lucee/runtime/interpreter/ref/var/Assign.java b/core/src/main/java/lucee/runtime/interpreter/ref/var/Assign.java index 8f6fa26031..39ead07f9f 100644 --- a/core/src/main/java/lucee/runtime/interpreter/ref/var/Assign.java +++ b/core/src/main/java/lucee/runtime/interpreter/ref/var/Assign.java @@ -22,6 +22,7 @@ import lucee.runtime.exp.ExpressionException; import lucee.runtime.exp.PageException; import lucee.runtime.interpreter.InterpreterException; +import lucee.runtime.interpreter.SecurityInterpreterException; import lucee.runtime.interpreter.ref.Ref; import lucee.runtime.interpreter.ref.RefSupport; import lucee.runtime.interpreter.ref.Set; @@ -47,7 +48,7 @@ public Assign(Set coll, Ref value, boolean limited) { @Override public Object getValue(PageContext pc) throws PageException { - if (limited) throw new InterpreterException("Invalid syntax, variables are not supported in a JSON string."); + if (limited) throw new SecurityInterpreterException("Invalid syntax, variables are not supported."); return coll.setValue(pc, value.getValue(pc)); } diff --git a/core/src/main/java/lucee/runtime/interpreter/ref/var/DynAssign.java b/core/src/main/java/lucee/runtime/interpreter/ref/var/DynAssign.java index 9cd5acbe8c..ce876350c1 100644 --- a/core/src/main/java/lucee/runtime/interpreter/ref/var/DynAssign.java +++ b/core/src/main/java/lucee/runtime/interpreter/ref/var/DynAssign.java @@ -20,7 +20,7 @@ import lucee.runtime.PageContext; import lucee.runtime.exp.PageException; -import lucee.runtime.interpreter.InterpreterException; +import lucee.runtime.interpreter.SecurityInterpreterException; import lucee.runtime.interpreter.ref.Ref; import lucee.runtime.interpreter.ref.RefSupport; import lucee.runtime.op.Caster; @@ -47,7 +47,7 @@ public DynAssign(Ref key, Ref value, boolean limited) { @Override public Object getValue(PageContext pc) throws PageException { - if (limited) throw new InterpreterException("invalid syntax, variables are not supported in a json string."); + if (limited) throw new SecurityInterpreterException("invalid syntax, variables are not supported."); return pc.setVariable(Caster.toString(key.getValue(pc)), value.getValue(pc)); } diff --git a/core/src/main/java/lucee/runtime/interpreter/ref/var/Variable.java b/core/src/main/java/lucee/runtime/interpreter/ref/var/Variable.java index 1bf497e20d..53a90f97ca 100644 --- a/core/src/main/java/lucee/runtime/interpreter/ref/var/Variable.java +++ b/core/src/main/java/lucee/runtime/interpreter/ref/var/Variable.java @@ -20,7 +20,7 @@ import lucee.runtime.PageContext; import lucee.runtime.exp.PageException; -import lucee.runtime.interpreter.InterpreterException; +import lucee.runtime.interpreter.SecurityInterpreterException; import lucee.runtime.interpreter.ref.Ref; import lucee.runtime.interpreter.ref.RefSupport; import lucee.runtime.interpreter.ref.Set; @@ -64,13 +64,13 @@ public Variable(Ref parent, Ref refKey, boolean limited) { @Override public Object getValue(PageContext pc) throws PageException { - if (limited) throw new InterpreterException("invalid syntax, variables are not supported in a json string."); + if (limited) throw new SecurityInterpreterException("invalid syntax, variables are not supported."); return pc.get(parent.getCollection(pc), KeyImpl.init(getKeyAsString(pc))); } @Override public Object touchValue(PageContext pc) throws PageException { - if (limited) throw new InterpreterException("invalid syntax, variables are not supported in a json string."); + if (limited) throw new SecurityInterpreterException("invalid syntax, variables are not supported."); Object p = parent.touchValue(pc); if (p instanceof Query) { Object o = ((Query) p).getColumn(KeyImpl.init(getKeyAsString(pc)), null); @@ -83,7 +83,7 @@ public Object touchValue(PageContext pc) throws PageException { @Override public Object getCollection(PageContext pc) throws PageException { - if (limited) throw new InterpreterException("invalid syntax, variables are not supported in a json string."); + if (limited) throw new SecurityInterpreterException("invalid syntax, variables are not supported."); Object p = parent.getValue(pc); if (p instanceof Query) { return ((Query) p).getColumn(KeyImpl.init(getKeyAsString(pc))); @@ -93,7 +93,7 @@ public Object getCollection(PageContext pc) throws PageException { @Override public Object setValue(PageContext pc, Object obj) throws PageException { - if (limited) throw new InterpreterException("invalid syntax, variables are not supported in a json string."); + if (limited) throw new SecurityInterpreterException("invalid syntax, variables are not supported."); return pc.set(parent.touchValue(pc), KeyImpl.init(getKeyAsString(pc)), obj); } diff --git a/core/src/main/java/lucee/runtime/listener/ApplicationContextSupport.java b/core/src/main/java/lucee/runtime/listener/ApplicationContextSupport.java index 7540a36d64..b85d6f7679 100644 --- a/core/src/main/java/lucee/runtime/listener/ApplicationContextSupport.java +++ b/core/src/main/java/lucee/runtime/listener/ApplicationContextSupport.java @@ -485,4 +485,8 @@ private static LoggerAndSourceData addLogger(Collection.Key name, int level, Cla public abstract void setPreciseMath(boolean preciseMath); + public abstract boolean getLimitIsDefined(); + + public abstract void setLimitIsDefined(boolean limitIsDefined); + } \ No newline at end of file diff --git a/core/src/main/java/lucee/runtime/listener/ClassicApplicationContext.java b/core/src/main/java/lucee/runtime/listener/ClassicApplicationContext.java index 88d066610c..d5b33b563a 100755 --- a/core/src/main/java/lucee/runtime/listener/ClassicApplicationContext.java +++ b/core/src/main/java/lucee/runtime/listener/ClassicApplicationContext.java @@ -153,7 +153,7 @@ public class ClassicApplicationContext extends ApplicationContextSupport { private Map customAttrs; private boolean allowImplicidQueryCall; - + private boolean limitIsDefined; private Regex regex; private boolean preciseMath; @@ -190,6 +190,7 @@ public ClassicApplicationContext(ConfigWeb config, String name, boolean isDefaul this.fullNullSupport = config.getFullNullSupport(); this.scopeCascading = config.getScopeCascadingType(); this.allowImplicidQueryCall = config.allowImplicidQueryCall(); + this.limitIsDefined = ((ConfigPro) config).limitIsDefined(); this.webCharset = ((ConfigPro) config).getWebCharSet(); this.resourceCharset = ((ConfigPro) config).getResourceCharSet(); @@ -263,6 +264,7 @@ public ApplicationContext duplicate() { dbl.fullNullSupport = fullNullSupport; dbl.scopeCascading = scopeCascading; dbl.allowImplicidQueryCall = allowImplicidQueryCall; + dbl.limitIsDefined = limitIsDefined; dbl.webCharset = webCharset; dbl.resourceCharset = resourceCharset; dbl.sessionType = sessionType; @@ -878,6 +880,16 @@ public void setAllowImplicidQueryCall(boolean allowImplicidQueryCall) { this.allowImplicidQueryCall = allowImplicidQueryCall; } + @Override + public boolean getLimitIsDefined() { + return limitIsDefined; + } + + @Override + public void setLimitIsDefined(boolean limitIsDefined) { + this.limitIsDefined = limitIsDefined; + } + @Override public boolean getAllowCompression() { return allowCompression; diff --git a/core/src/main/java/lucee/runtime/listener/ModernApplicationContext.java b/core/src/main/java/lucee/runtime/listener/ModernApplicationContext.java index a77b3a0e54..6b5239d1dd 100644 --- a/core/src/main/java/lucee/runtime/listener/ModernApplicationContext.java +++ b/core/src/main/java/lucee/runtime/listener/ModernApplicationContext.java @@ -162,6 +162,7 @@ public class ModernApplicationContext extends ApplicationContextSupport { private static final Key XML_FEATURES = KeyImpl.getInstance("xmlFeatures"); private static final Key SEARCH_QUERIES = KeyImpl.getInstance("searchQueries"); private static final Key SEARCH_RESULTS = KeyImpl.getInstance("searchResults"); + private static final Key LIMIT_ISDEFINED = KeyImpl.getInstance("limitIsDefined"); private static final Key REGEX = KeyImpl.getInstance("regex"); private static final Key ENGINE = KeyImpl.getInstance("engine"); private static final Key DIALECT = KeyConstants._dialect; @@ -311,7 +312,7 @@ public class ModernApplicationContext extends ApplicationContextSupport { private boolean initFuncDirs = false; private boolean allowImplicidQueryCall; - + private boolean limitIsDefined; private Regex regex; public ModernApplicationContext(PageContext pc, Component cfc, RefBoolean throwsErrorWhileInit) { @@ -350,7 +351,7 @@ public ModernApplicationContext(PageContext pc, Component cfc, RefBoolean throws this.sessionStorage = ci.getSessionStorage(); this.clientStorage = ci.getClientStorage(); this.allowImplicidQueryCall = config.allowImplicidQueryCall(); - + this.limitIsDefined = ci.limitIsDefined(); this.triggerComponentDataMember = config.getTriggerComponentDataMember(); this.restSetting = config.getRestSetting(); this.javaSettings = new JavaSettingsImpl(); @@ -365,6 +366,7 @@ public ModernApplicationContext(PageContext pc, Component cfc, RefBoolean throws initSameFieldAsArray(pc); initWebCharset(pc); initAllowImplicidQueryCall(); + initLimitIsDefined(); pc.addPageSource(component.getPageSource(), true); try { @@ -400,6 +402,17 @@ private void initAllowImplicidQueryCall() { if (o != null) allowImplicidQueryCall = Caster.toBooleanValue(o, allowImplicidQueryCall); } + private void initLimitIsDefined() { + Object o = get(component, KeyConstants._security, null); + + if (o instanceof Struct) { + Struct sct = (Struct) o; + o = sct.get(LIMIT_ISDEFINED, null); + if (o != null) limitIsDefined = Caster.toBooleanValue(o, limitIsDefined); + + } + } + @Override public short getScopeCascading() { if (scopeCascading == -1) return config.getScopeCascadingType(); @@ -1853,10 +1866,11 @@ public void setQueryCachedAfter(TimeSpan ts) { @Override public int getQueryVarUsage() { if (!initQueryVarUsage) { - Struct qry = Caster.toStruct(get(component, KeyConstants._query, null), null); - if (qry != null) { - String str = Caster.toString(qry.get(VAR_USAGE, null), null); - if (StringUtil.isEmpty(str)) str = Caster.toString(qry.get(VARIABLE_USAGE, null), null); + Struct sct = Caster.toStruct(get(component, KeyConstants._query, null), null); + if (sct == null) sct = Caster.toStruct(get(component, KeyConstants._security, null), null); + if (sct != null) { + String str = Caster.toString(sct.get(VAR_USAGE, null), null); + if (StringUtil.isEmpty(str)) str = Caster.toString(sct.get(VARIABLE_USAGE, null), null); if (!StringUtil.isEmpty(str)) queryVarUsage = AppListenerUtil.toVariableUsage(str, queryVarUsage); } initQueryVarUsage = true; @@ -1901,6 +1915,16 @@ public void setXmlFeatures(Struct xmlFeatures) { this.xmlFeatures = xmlFeatures; } + @Override + public boolean getLimitIsDefined() { + return limitIsDefined; + } + + @Override + public void setLimitIsDefined(boolean limitIsDefined) { + this.limitIsDefined = limitIsDefined; + } + @Override public boolean getAllowImplicidQueryCall() { return allowImplicidQueryCall; diff --git a/core/src/main/java/lucee/runtime/tag/Admin.java b/core/src/main/java/lucee/runtime/tag/Admin.java index 4b6cecdcc3..db5f904960 100755 --- a/core/src/main/java/lucee/runtime/tag/Admin.java +++ b/core/src/main/java/lucee/runtime/tag/Admin.java @@ -1439,6 +1439,7 @@ private void doGetSecurity() throws PageException { pageContext.setVariable(getString("admin", action, "returnVariable"), sct); sct.set("varUsage", AppListenerUtil.toVariableUsage(config.getQueryVarUsage(), "ignore")); + sct.set("limitIsDefined", config.limitIsDefined()); } /** @@ -1758,7 +1759,7 @@ private Double _fillSecDataDS(short access) { } private void doUpdateSecurity() throws PageException { - admin.updateSecurity(getString("varUsage", "")); + admin.updateSecurity(getString("varUsage", ""), getBool("limitIsDefined", null)); store(); adminSync.broadcast(attributes, config); } diff --git a/loader/build.xml b/loader/build.xml index 2c8cce924f..49b1e0c8a8 100644 --- a/loader/build.xml +++ b/loader/build.xml @@ -2,7 +2,7 @@ - + diff --git a/loader/pom.xml b/loader/pom.xml index 2406331306..ebf6a13a5c 100644 --- a/loader/pom.xml +++ b/loader/pom.xml @@ -3,7 +3,7 @@ org.lucee lucee - 6.0.0.530-SNAPSHOT + 6.0.0.531-SNAPSHOT jar Lucee Loader Build
#stText.security.varUsage# @@ -106,7 +102,30 @@ Error Output --->
#stText.security.varUsageDesc#
- this.query.variableUsage="#security.varusage#"; + this.security.variableUsage="#security.varusage#"; + + +
#stText.security.limitIsDefined# + + checked="checked" name="limitIsDefined" value="true" /> + + + #yesNoFormat(security.limitIsDefined)# + +
#stText.security.limitIsDefinedDesc#
+ + this.security.limitIsDefined=#security.limitIsDefined?:true#;