Dotted url/form keys can end in loss of values

Description

Lucee does process url and form key-value pairs in a way that can lead into loss of values. The following url's (query-string only) demonstrate the UseCase:

The above url ends up in a url scope with key's "facet" and "sort"

This variant ends up in a url scope with key "facet" containing a struct with key "mincount". In this case, the value "person" for key "facet" is lost. Same behaviour for form scope.

This behaviour creates a) ACF in combatibility and b) is different from what can be expected. Both url's are RFC compliant.

A very simple test-case is added as attachment.

Environment

Performance/Language
Inspect Templates (CFM/CFC) Once ( Good )
Null Support Partial Support (CFML Default)
Dot notation Convert to upper case (CFML Default)
Local scope mode Classic (CFML Default)
Full utf-8 support

General Info
Version Lucee 4.5.2.018 final
Version Name Neo
Release date 04.11.2015
ColdFusion® compatibilty version 10.0.0.0

OS / Java
OS Windows Server 2012 (6.2) 64bit
Servlet Container Apache Tomcat/8.0.24
Java 1.8.0_45 (Oracle Corporation) 64bit
Architecture 64bit

Attachments

2

Activity

Philip Eyb 
2 March 2016 at 14:19
(edited)

I do not have control over the query string all the time: some of the Internet Users and some Software Vendors are still not under my spell

Actually this came up when interacting with (proxying) Solr faceting. the URL param "facet=true" enables faceting, the URL param "facet.mincount=1" sets a default for all facets. This is exactly the kind of situation i am talking about.

I am not talking about the "general way" Lucee handles struct keys. I fully respect the way Lucee does this (and yes, it's fast ). But the problem i am reporting here has nothing to do with that in general. It's not about the way Lucee resolves struct keys / variables, it's about the fact Lucee creates a nested structure of structs. Finally there are 2 issue-relevant, different UseCase's in which the struct key handling is involved:

UseCase 1: The Developers Work

Whenever a developer writes code using variables, i think the struct key handling is clear, well known and fast. No criticism here, i am really fine with that. When a developer create a struct with a key 'what.ever.is.rfc.compliant' , the struct does have one key called 'what.ever.is.rfc.compliant'. So far so fine ...

UseCase 2: Processing GET/POST data

This is the UseCase where it comes to the problem reported in this issue. When having a get/post parameter with a name of "what.ever.is.rfc.compliant" , i do expect same behaviour as in UseCase 1: the URL/FORM struct contains one key "what.ever.is.rfc.compliant".

Instead, i get two key's, one ("what.ever.is.rfc.compliant") as expected, the other called "what" containing a nested structure of structs, using the tokens of "what.ever.is.rfc.compliant" as keys ... ok, nothing weird.

But it becomes bad here:

Processing a query string like "?facet=true&facet.mincount", Lucee ends up in ommiting the param "facet=true".

I attached a simple

for this which visually shows the difference ....

Regarding the UseCase's, my questions are:

1. Why does Lucee create a nested structure of structs in UseCase 2 ?
2. Is it possible to implement a switch (in the admin) to stop lucee from creating a nested structure of structs in UseCase 2 ?

Michael Offner 
15 February 2016 at 16:17

i understand your problem, but because Lucee cannot interpret struct key the way ACF, did, we cannot handle this as ACF does, this would break a lot existing functionality.
Do you habe influence on the URL?

Philip Eyb 
10 February 2016 at 10:18
(edited)

Hi Michael,

thanks for the reply. As you suggested, i tested the StructKeyTranslate() function in the test-case supplied. This does not solve anything.

The referenced railo-based article does talk about variables set by an developer. It does not address or describe the problem i am talking about.

This Issue is not about accessing url variables (or struct key's) and how this is different to ACF, it's about Lucee does drop information passed into the application by an RFC compliant URL!

I understand the explained mechanism, but i do not agree in "this is expected behaviour" ... is it really expected that Lucee does drop data passed in by a url query string?

.

Can you please reconsider your decision that this is not a bug, but a feature?

Michael Offner 
5 February 2016 at 12:58

this is expected behaviour, see:
http://blog.getrailo.com/post.cfm/struct-addressing-in-railo

simply do the following in your application.cfc to "solve" it:
StructKeyTranslate(url);

Won't Do

Details

Assignee

Reporter

Priority

New Issue warning screen

Before you create a new Issue, please post to the mailing list first https://dev.lucee.org

Once the issue has been verified, one of the Lucee team will ask you to file an issue

Affects versions

Created 4 February 2016 at 09:29
Updated 1 December 2020 at 16:04
Resolved 5 February 2016 at 12:58