Issues
- CFQueryParam Somehow Able to Circumvent SQL Query Error With Large NumberLDEV-4137Michael Offner
- Duplicate query_string and RequestTimeOut passed by the scheduled taskLDEV-4088Resolved issue: LDEV-4088Pothys - MitrahSoft
- Double apostrophe in encrypted password break the html of services.datasource.list.cfmLDEV-3977Michael Offner
- CGIReadOnly is always true (in application.cfm apps)LDEV-3841Resolved issue: LDEV-3841Pothys - MitrahSoft
- isValid() for email fails for certain IDN domains/flowsLDEV-3800Resolved issue: LDEV-3800Pothys - MitrahSoft
- Not able to set the password while installing Lucee using silent installation steps in windows.LDEV-3782Resolved issue: LDEV-3782Gavin Baumanis
- Uploading large file throws timeoutLDEV-3741Resolved issue: LDEV-3741Pothys - MitrahSoft
- Query of Query, where statement zero not correctLDEV-3727Resolved issue: LDEV-3727
- Application Session Cookie Timeout doesn't support -1 (browser session)LDEV-3726Michael Offner
- CFGlobal variables are created in an unsecure cookieLDEV-3724Resolved issue: LDEV-3724
- Performance : Lock Contention On PageSourceImplLDEV-3723Resolved issue: LDEV-3723Michael Offner
- cfcookie() ignores the encodevalue=“yes” parameterLDEV-3721Resolved issue: LDEV-3721Zac Spitzer
- cfmail attribute "usetls" only works if you supply a usernameLDEV-3715Resolved issue: LDEV-3715
- URLSessionFormat() function does not work when using JEE/J2EE sessions when a client does not accept cookiesLDEV-3707Resolved issue: LDEV-3707Michael Offner
- Get rid of Infinite 307 redirects for http://localhost on port 80 in IIS and NGNIX after Lucee install with installerLDEV-3706
- reMatchNoCase() regex regression in 5.3.8LDEV-3703Resolved issue: LDEV-3703Pothys - MitrahSoft
- Lucee grabs wrong variable with same name from another scope in some casesLDEV-3696Michael Offner
- Using java regex engine incompatibility issueLDEV-3690Resolved issue: LDEV-3690Pothys - MitrahSoft
- Scheduled Tasks (Daily) NOT runningLDEV-3685Resolved issue: LDEV-3685Michael Offner
- Special characters in Lucee installation path handled improperly / no warning issuedLDEV-3684Michael Offner
- support static final methodsLDEV-3683Michael Offner
- Hibernate timeout on 5.3.8.201 and 3.5.5.75LDEV-3682Resolved issue: LDEV-3682
- Lucee ignores application/x-www-form-urlencoded mimetype in CFHTTP responseLDEV-3679Resolved issue: LDEV-3679Pothys - MitrahSoft
- CFHTTP result is missing charsetLDEV-3678Resolved issue: LDEV-3678Pothys - MitrahSoft
- isvalid('email',foo) sometimes throws instead of returning falseLDEV-3677Resolved issue: LDEV-3677Pothys - MitrahSoft
- array out of bounds when dump CFC object with final propertyLDEV-3672Michael Offner
- function metadata does not handle final argumentsLDEV-3671Michael Offner
- Object metadata does not indicate that the CFC is finalLDEV-3670Resolved issue: LDEV-3670Pothys - MitrahSoft
- CFLoop Index Cannot Handle Decremental IndexesLDEV-3665Resolved issue: LDEV-3665Pothys - MitrahSoft
- pdf.extension not loadedLDEV-3663Resolved issue: LDEV-3663
- Without Network admin application page shows errorLDEV-3660Resolved issue: LDEV-3660Pothys - MitrahSoft
- Cannot duplicate Environment map in LuceeLDEV-3658Resolved issue: LDEV-3658Pothys - MitrahSoft
- Savepoints are not supported on ORM transactionsLDEV-3657
- CFMail TLS does not start where no username providedLDEV-766Michael Offner
34 of 34
CFQueryParam Somehow Able to Circumvent SQL Query Error With Large Number
Description
Environment
Windows / Default Lucee installation
Details
Assignee
Michael OffnerMichael OffnerReporter
Matthias DavisMatthias DavisPriority
MinorNew Issue warning screen
Before you create a new Issue, please post to the mailing list first https://dev.lucee.org
Once the issue has been verified, one of the Lucee team will ask you to file an issue
Sprint
Details
Details
Assignee
Michael Offner
Michael Offner
Reporter
Matthias Davis
Matthias Davis
Priority
MinorNew Issue warning screen
Before you create a new Issue, please post to the mailing list first https://dev.lucee.org
Once the issue has been verified, one of the Lucee team will ask you to file an issue
Sprint
Created 9 August 2022 at 11:14
Updated 5 February 2025 at 12:45
Activity
Show:
Zac Spitzer14 June 2023 at 16:25
Pothys - MitrahSoft10 August 2022 at 07:17Edited
I checked this ticket and confirmed the issue happened on the lucee latest version 5.3.10.51-SNAPSHOT. Yes, when using a large number value in a query with queryparam didn’t throw an error and without using queryparam lucee throws an error like The number '99999999999999980000000000000000000000000' is out of the range for numeric representation (maximum precision 38).
But In Lucee 6.0 when using a large number value in query with/without queryparam didn't throw an error.
(please see the two tests failed in 6.0 )
I added a testcase to this ticket
Pull Request:
Zac Spitzer9 August 2022 at 11:21
please always post to the mailing first, please don’t just go and create tickets
Using a large number in a parameter in a database query which should cause a database error is not causing an error.
In the example below the 2nd and 3rd queries fail as expected in CF (and when ran directly in a database client) but only the 2nd one fails in Lucee and the parameterized one seems to somehow work:
Checked first on 5.3.8.201 which we use and 5.3.9.141 which I dev on locally