Copy link to clipboard
Copied
Hello, all,
While still hoping for a fix from u15, we have applied u18 to one of our servers in production and are now getting the following:
"Diagnostics: The ValueList() function has an invalid parameter: getarchiveyears.articleYears. Parameter 1 of function ValueList which is now getarchiveyears.articleYears must be pointing to a valid query name.
The error occurred on line 323."
Earlier in this document, we have:
<cfquery name="getarchiveyears" datasource="#application.newsdsn#" cachedwithin="#CreateTimeSpan(0,0,10,0)#">
SELECT
DISTINCT TO_CHAR(TitleDATE,'YYYY') articleYears
FROM
news_2016
WHERE
TO_CHAR(TitleDATE,'YYYY') > '2009'
ORDER BY
articleYears DESC
</cfquery>
So, there's a valid query, named (oddly enough) getarchiveyears.
The line triggering the error is:
<cfset newsyears = ValueList(getarchiveyears.articleYears,',') />
So, why is it now suddenly not seeing the valid query named getarchiveyears??? Again, if I remove the cache attribute, then it errs once in a few tries. But keeping the cache attribute, it errs EVERY TIME! wtf???
And as with the u15, if we roll it back it's never an issue. PLEASE FIX THIS! We have top brass breathing down our necks because we are three updates behind.
V/r,
^ _ ^
Copy link to clipboard
Copied
Have you cfdumped the query name before the line that gives an error? If that also causes an error, cfdump the variables scope.
It would be very interesting to see the state of the variables scope before the line that causes the error.
Copy link to clipboard
Copied
Hi, Eddie,
I'll give that a shot. I just added two CFDUMPs to the file and emailed our SA. Once he's got that in place, I'll test it and report back.
V/r,
^ _ ^
Copy link to clipboard
Copied
Okay.. we tested it, and the page will display a generic error message when an error happens, so I don't get to see the CFDUMP of the query or the variables scope. I'll add the variables scope to the error email and try that.
V/r,
^ _ ^
Copy link to clipboard
Copied
What I wound up doing is adding CFDUMP to the email that is generated upon errors. I'm dumping VARIABLES, CGI, and APPLICATION.
VARIABLES has two items, CFERROR and ERROR, and they both repeat what is already being reported: ListValue must be pointing to a valid query. Nothing else.
V/r,
^ _ ^
Copy link to clipboard
Copied
UPDATE: CF error log entry..
[Tue Mar 05 15:21:55.807937 2019] [:error] [pid REDACTED:tid REDACTED] [client REDACTED] ModSecurity: Rule 1e6b250 [id "-"][file "REDACTED"][line "xx"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "REDACTED.mil"] [uri "/news_2016/display_news.cfm"] [unique_id "XH7oc2lwiJZlwO5l2PhSvQAAADM"]
If that is any help.
V/r,
^ _ ^
Copy link to clipboard
Copied
Sorry I wasn't clear. I would be interested in seeing the contents of the variables scope before the line that causes the error. In other words, put it after the cfquery tag, but before the cfset tag.
You may need to use the "output" parameter of cfdump to write it to a file, in case the generated content is not visible to you in your error information.
Copy link to clipboard
Copied
Eddie,
Part of the STIG requirements is to set an error template for display, as opposed to using onError() in application.cfc, so I don't get any output to the screen, just what the error message is in the email that is sent on an error.
V/r,
^ _ ^
Copy link to clipboard
Copied
Our SA won't be here for another half hour (he's the one who can sync to production), but when he gets here I'll have him re-sync an updated file that uses CFMAIL and CFDUMP to send me the variables scope and the query.
There may be too much to redact for me to post an image of it, but I should be able to post the pertinent stuff.
V/r,
^ _ ^
Copy link to clipboard
Copied
Are you sure this is actually a CF error? It mentions ModSecurity, which fiddles with incoming requests before CF gets them.
Dave Watts, Eidolon LLC
Copy link to clipboard
Copied
I asked my SA to look in CF logs, he didn't. Looked in web server logs and gave me that. SMH.
But the error is clearly happening in CF, otherwise we wouldn't be seeing "variable undefined". I've been in touch with a few staff at Adobe, and they assure me that they are working on it. Apparently, this is affecting way more than just me.
V/r,
^ _ ^
Copy link to clipboard
Copied
WolfShade wrote
UPDATE: CF error log entry..
[Tue Mar 05 15:21:55.807937 2019] [:error] [pid REDACTED:tid REDACTED] [client REDACTED] ModSecurity: Rule 1e6b250 [id "-"][file "REDACTED"][line "xx"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "REDACTED.mil"] [uri "/news_2016/display_news.cfm"] [unique_id "XH7oc2lwiJZlwO5l2PhSvQAAADM"]
I would second the remark by https://forums.adobe.com/people/Dave%20Watts .
Let's, for a moment, put to one side the fact that there might be an issue with cfquery+cachedWithin.
This error message is saying something else. There is, in any case, another error we have to address, namely: "PCRE limits exceeded". Could there be a connection between queries in Oracle and PCRE? Is it perhaps an idea to increase your "PCRE limits"?
Copy link to clipboard
Copied
Over the weekend, I received an email from Vamseekrishna Nanneboina indicating that they discovered an issue with queries using the 'cachedWithin' attribute in a sandboxed environment (which describes our issue), and they are working on a fix for it.
V/r,
^ _ ^
Copy link to clipboard
Copied
Hi WolfShade, thank you for sharing that.
Copy link to clipboard
Copied
You're welcome. Hopefully, u19 will have that fix and be released, soon.
V/r,
^ _ ^
Copy link to clipboard
Copied
In the meantime, does this help as a workaround:
<cfscript>
SQLString="
SELECT
DISTINCT TO_CHAR(TitleDATE,'YYYY') articleYears
FROM
news_2016
WHERE
TO_CHAR(TitleDATE,'YYYY') > :nYear
ORDER BY
articleYears DESC";
sqlParam={nYear={value='2009',cfsqltype="cf_sql_char"}};
getarchiveyears=queryExecute(SQLString,sqlParam,{datasource=application.newsdsn, cachedwithin=createTimeSpan(0,0,10,0)});
</cfscript>
Is it an idea to convert in the where-clause from char to int and to use instead
sqlParam={nYear={value=2009,cfsqltype="cf_sql_integer"}};
Copy link to clipboard
Copied
Thank you for the suggestion, but since Adobe has responded that there is an apparent issue with cachedwithin in a sandbox environment, I'm just going to wait for them to fix it. I could try your suggestion, which would probably work, but would mean converting all queries that use cachedwithin to CFSCRIPT, which I am unwilling to do.
V/r,
^ _ ^
Copy link to clipboard
Copied
Ah, OK. I had offered just in case you were faced with an emergency and had to have this query running.
Copy link to clipboard
Copied
Much appreciated, BKBK. For now, I have just removed the cachedwithin attribute from the query. Once this has been fixed, I'll put it back.
V/r,
^ _ ^