Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Extensions with content type of application/octet-stream won't install

Description

The content type application/octet-stream is supposed to represent binary, but apparently it is also used by many web servers as a default MIME type if it really doesn't know better.

Lucee incorrectly identifies HTTP responses of type application/octet-stream as plain text instead of binary which causes a very nasty error when you try to install an extension whose actual lex download URL returns application/octet-stream. Lucee tries to use the actual binary of the file as the local path which causes the entire binary file to be output to the browser as part of the error message!!!

My first suggestion is to improve cfthttps detection of plain text, but if that causes issues with backwards compat, at least the improve the extension installation to be smarter. This example code will show the issue.

http url="http://s3.amazonaws.com/downloads.ortussolutions.com/ortussolutions/couchbase-extension/test_file.lex" result="local.http"; dump( local.http.mimetype ); // outputs application/octet-stream dump( isSImpleValue( local.http.filecontent ) ); // Outputs true (incorrect) dump( local.http.text ); // Outputs true (incorrect)

And here is the code in Lucee's Admin.java that is messing up the extension installation:

// this can be a binary that represent the extension or a string that is a path to the extension Object obj = getObject("admin", "UpdateRHExtensions", "source"); // path if(obj instanceof String) { Resource src = ResourceUtil.toResourceExisting(config, (String)obj); XMLConfigAdmin._updateRHExtension(config, src, true); }

Environment

None

Attachments

1
  • 11 Dec 2018, 05:28 am

Activity

Show:

Michael Offner 9 April 2019 at 16:50

added addional mime type check that looks at the content itself and in this case detect the correct mime type (application/zip). in addition the method loading the extension no longer simply assumes that a string is a path, in case the string is bigger than 5000 characters it assumes that it is a base64 encoded binary.

https://github.com/lucee/Lucee/commit/6dd64141ff99c1f5957fcdf8ee2618a70eba4be8

Michael Offner 9 April 2019 at 15:57

Pothys - MitrahSoft 11 December 2018 at 05:30

, Thanks a lot for your work on this. I checked that & I saw the nasty error while installing the extension.

Now you can unpublished the extension on forgebox.

Brad Wood 10 December 2018 at 17:45

Also FWIW, I created the test extension listing on ForgeBox very easily with these CommandBox commands

mkdir testluceeext --cd init ... set a name, slug, and version as part of the init wizard... package set type=lucee-extensions package set location=http://s3.amazonaws.com/downloads.ortussolutions.com/ortussolutions/couchbase-extension/test_file.lex publish

Brad Wood 10 December 2018 at 17:41

I have just tested this on 5.3 and it is still broken. I published an extension that point to the lex file in my example code
https://www.forgebox.io/view/test-lucee-ext

Spin up a 5.3 server, navigate to the admin and click the "Lucee Test Extension" to install it and you'll see the big nasty error that's a result of Lucee incorrectly thinking text has come back when in reality it was a zip/lex file. Please let me know as soon as you've tested this as I would like to unpublish the "Lucee test extension". I published it on ForgeBox so it shows up for any Lusee 5.3 user right now which looks automatically in ForgeBox.

Fixed

Details

Assignee

Reporter

Priority

Fix versions

New Issue warning screen

Before you create a new Issue, please post to the mailing list first https://dev.lucee.org

Once the issue has been verified, one of the Lucee team will ask you to file an issue

Sprint

Created 9 March 2018 at 23:31
Updated 17 August 2021 at 13:24
Resolved 9 April 2019 at 17:52

Flag notifications