lucee/graph.cfm lack of exception handling

Description

Bots are now trying to access images created by cfimage and related tags that are, in the case of captchas, temporary. So accessing them should throw a 404 however it throws a 500 server error as does any direct request to the /lucee/graph.cfm file due to a lack of exception handling for various required variables.

Would be nice to have validation of required variables for this template so a 500 error was not thrown when it is accessed directly.

A simple example can be observed by accessing the lucee.org site itself
https://lucee.org/lucee/graph.cfm

Environment

Lucee 5 on Windows Server or Linux

Activity

Show:
Pothys - MitrahSoft
June 1, 2019, 1:46 AM

I've checked this ticket & added a fix for this issue. If we access the graph.cfm directly means, added some condition to throw 404.

Pull request: https://github.com/lucee/Lucee/pull/688

Michael Offner
December 19, 2020, 3:59 AM

Michael Offner
December 19, 2020, 3:59 AM

please give thr new build a try

Pothys - MitrahSoft
December 22, 2020, 6:20 PM

, I've checked this with fixed version 5.3.8.129-SNAPSHOT. Now works fine as we expected.

Fixed

Assignee

Pothys - MitrahSoft

Reporter

Admin Pro Tools

Priority

New

Labels

None

Fix versions

Affects versions