[Mono-bugs] [Bug 505068] New: Security exception raised when finding a risk inside commented code (HTML comment)
bugzilla_noreply at novell.com
bugzilla_noreply at novell.com
Tue May 19 00:47:31 EDT 2009
http://bugzilla.novell.com/show_bug.cgi?id=505068
Summary: Security exception raised when finding a risk inside
commented code (HTML comment)
Classification: Mono
Product: Mono: Class Libraries
Version: unspecified
Platform: Other
OS/Version: Other
Status: NEW
Severity: Normal
Priority: P5 - None
Component: Sys.Web
AssignedTo: mhabersack at novell.com
ReportedBy: aaragoneses at novell.com
QAContact: mono-bugs at lists.ximian.com
Found By: ---
I have some .aspx file that contains this comment:
<!-- <%= GetString("LOGINIFOLDERSERVER") %>
<asp:Literal ID="ServerUrl" runat="server" />
<br> -->
When I access the page, I see:
Server Error in '/admin' Application
A potentially dangerous Request.QueryString value was detected from the client
(ex="System.Web.Comp...").
Description: HTTP 500. Error processing request.
Stack Trace:
System.Web.HttpRequestValidationException: A potentially dangerous
Request.QueryString value was detected from the client
(ex="System.Web.Comp...").
at System.Web.HttpRequest.ThrowValidationException (System.String name,
System.String key, System.String value) [0x00000]
at System.Web.HttpRequest.ValidateNameValueCollection (System.String name,
System.Collections.Specialized.NameValueCollection coll) [0x00000]
at System.Web.HttpRequest.get_QueryString () [0x00000]
at Novell.iFolderWeb.Admin.Error.Page_PreRender (System.Object sender,
System.EventArgs e) [0x00000]
at System.Web.UI.Control.OnPreRender (System.EventArgs e) [0x00000]
at System.Web.UI.Control.PreRenderRecursiveInternal () [0x00000]
at System.Web.UI.Page.ProcessLoadComplete () [0x00000]
at System.Web.UI.Page.InternalProcessRequest () [0x00000]
at System.Web.UI.Page.ProcessRequest (System.Web.HttpContext context)
[0x00000]
Version information: Mono Version: 2.0.50727.1433; ASP.NET Version:
2.0.50727.1433
(And the URL is:
https://localhost/admin/Error.aspx?ex=System.Web.Compilation.CompilationException%3a+CS0111%3a+A+member+`ASP.login_aspx.__BuildControl_ServerUrl()'+is+already+defined.+Rename+this+member+or+use+different+parameter+types%0A++at+System.Web.Compilation.AssemblyBuilder.BuildAssembly+(System.Web.VirtualPath+virtualPath%2c+System.CodeDom.Compiler.CompilerParameters+options)+[0x00000]+%0A++at+System.Web.Compilation.AssemblyBuilder.BuildAssembly+(System.Web.VirtualPath+virtualPath)+[0x00000]+%0A++at+System.Web.Compilation.BuildManager.GenerateAssembly+(System.Web.Compilation.AssemblyBuilder+abuilder%2c+System.Collections.Generic.List`1+buildItems%2c+System.Web.VirtualPath+virtualPath%2c+BuildKind+buildKind)+[0x00000]+%0A++at+System.Web.Compilation.BuildManager.BuildAssembly+(System.Web.VirtualPath+virtualPath)+[0x00000]+%0A++at+System.Web.Compilation.BuildManager.GetCompiledType+(System.String+virtualPath)+[0x00000]+%0A++at+System.Web.Compilation.BuildManager.CreateInstanceFromVirtua
lPath+(System.String+virtualPath%2c+System.Type+requiredBaseType)+[0x00000]+%0A++at+System.Web.UI.PageParser.GetCompiledPageInstance+(System.String+virtualPath%2c+System.String+inputFile%2c+System.Web.HttpContext+context)+[0x00000]+%0A++at+System.Web.UI.PageHandlerFactory.GetHandler+(System.Web.HttpContext+context%2c+System.String+requestType%2c+System.String+url%2c+System.String+path)+[0x00000]+%0A++at+System.Web.HttpApplication.GetHandler+(System.Web.HttpContext+context%2c+System.String+url%2c+Boolean+ignoreContextHandler)+[0x00000]+%0A++at+System.Web.HttpApplication.GetHandler+(System.Web.HttpContext+context%2c+System.String+url)+[0x00000]+%0A++at+System.Web.HttpApplication%2b<Pipeline>c__Iterator2.MoveNext+()+[0x00000]+
Removing the comment is a good workaround, but it should not be needed.
--
Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
More information about the mono-bugs
mailing list