We have moved to GitHub Issues
Created by Morten Bock 08 Oct 2014, 17:40:49 Updated by Sebastiaan Janssen 01 Mar 2018, 19:50:29Tags: PR
Now a page url would look like this: /installing-modules
The problem occurs when a spam bot starts creating weird url's. First url: /installing-modules+foobar When that url is requested, then the RequestFilteringModule will return a 404.11 because it contains a double escape sequence.
Now Umbraco is throwing an exception because of the " chars:
[ArgumentException: Illegal characters in path.]
System.IO.Path.CheckInvalidPathChars(String path, Boolean checkAdditional) +10915254
System.IO.Path.GetExtension(String path) +21
Umbraco.Core.UriExtensions.IsClientSideRequest(Uri url) +19
Umbraco.Web.UmbracoModule.DisposeHttpContextItems(HttpContext http) +52
For some reason the "EndRequest" is fired for the UmbracoModule, even when the request has been intercepted by the RequestFilteringModule. When Umbraco tries to check the path of the request, it trows an exception because of the invalid characters.
I believe the correct way to handle it would be to allow the 404.11 status to flow through. I don't know if there is a way to detect if the RequestFilteringModule has touched the response, so that Umbraco knows to stay away, or if there should be a try/catch somewhere?
Closing issue due to inactivity - see blog post for details https://umbraco.com/blog/issue-tracker-cleanup/
Just verified that this is still an issue in 7.6.3, and I still think it is worth fixing :)
Backwards Compatible: True
Affected versions: 6.2.1, 6.2.3, 7.6.3
Due in version: 7.9.3