Status/Resolution/Reason: Closed/Fixed/Fixed
Reporter/Name(from Bugbase): Aaron Neff / Aaron Neff (Aaron Neff)
Created: 10/29/2016
Components: Security
Versions: 2016
Failure Type:
Found In Build/Fixed In Build: CF2016_Update3 / 302296
Priority/Frequency: Major / Some users will encounter
Locale/System: English / Win All
Vote Count: 0
THIS.searchImplicitScopes=false breaks CFLOGIN struct
Simple repro:
1) Run this w/ '?j_username=foo&j_password=bar' in URL:
Application.cfc
----------------------
component {
THIS.name = "SearchImplicitScopesDisabledBreaksCFLoginStruct";
THIS.sessionManagement = true;
THIS.loginStorage = "session";
THIS.sessionTimeout = createTimeSpan(0,0,0,10);
THIS.searchImplicitScopes = false;
void function onRequest() {
cflogin() {
writeOutput(structKeyExists(variables, "cflogin"));//returns NO (good)
writeOutput(structKeyExists(local, "cflogin"));//returns NO (bad)
}
}
}
index.cfm
----------------------
empty file
Actual result: NONO
Expected result: NOYES
Verified in CF2016 Final (build 2016.0.0.297996) and CF2016 Update 3 (build 2016.0.03.300466).
Related ticket: 3041783
----------------------------- Additional Watson Details -----------------------------
Watson Bug ID: 4197151
Reason: BugVerified
External Customer Info:
External Company:
External Customer Name: Aaron Neff
External Customer Email:Attachments:
Comments: