PDA

View Full Version : Security Exception when Saving Mura Site Settings



davidd
March 28th, 2011, 04:06 PM
If you get a security exception when saving the Site Settings page in Mura, check the stack trace from the error and verify if the following is the last template on the site that is in the stack trace:


\requirements\mura\settings\settingsManager.cfc:33 9

If it is, then the solution is to change line 339 of \requirements\mura\settings\settingsManager.cfc as follows:

Original:

<cfif isDefined("arguments.data.serverBundlePath") and fileExists(arguments.data.serverBundlePath)>

Fixed:

<cfif isDefined("arguments.data.serverBundlePath") and len(arguments.data.serverBundlePath) gt 0 and fileExists(arguments.data.serverBundlePath)>

The cause of the error is because the 'fileExists' function on that line is being sent an empty path, which is causing ColdFusion to attempt to access a path that is not allowed in the security sandbox. The fix causes ColdFusion to check if the path is empty before sending the path to the 'fileExists' function, preventing the error.

After the change, the security error should no longer appear when saving the site settings in Mura.

David D.

Brian
March 30th, 2011, 10:49 AM
UPDATE:

The Mura team has made a change to fix this issue and any build AFTER today (March 30, 2011) will have this fix in it.