titaniumbunker.com

Evil geniuses and world domination are 2 of our goals... we also like Dr Who

These aren’t the chairs you’re looking for @StaplesUK

no comment

I know it’s sad times for staples UK – I spent many a happy time in staples, refreshing my manilla folders for my family research – but I can’t help it’s a little early for it all to start to fall apart.

My office chair – actually bought from Staples only a few years ago is starting to look its age, and I thought about replacing it – so I clicked on the “See all Deals” button under “Big Chair Event” and presented with a list of manager and executive chairs.

 

Now I’m not really a manager type – I like to get my hands dirty  (in as much as I don’t like to get my hands dirty – that’s why I work with code) so I was thinking about a mesh chair.  So I clicked on Mesh Seating :

No mesh seating here...

No mesh seating here…

Also missing are Draughtman Chairs. Interestingly I can find a mesh seating section  – http://www.staples.co.uk/mesh-seating/cbk/670.html

So what’s happening?

Well – comparing the draughtsman, mesh seating and ergonomic chairs links – against the working links, it seems that the culprit seems to be : cm_sp.

For example – here is the failing Mesh Seating link :
http://www.staples.co.uk/mesh-seating/cbk/670.html&cm_sp=W16_11_017_02UK-_-Na-_-Na?web_track_id=135829767&position_id=2&promo_code=989989999&lcb=10

And a slightly modified (and now working)  mesh seating link :

http://www.staples.co.uk/mesh-seating/cbk/670.html?cm_sp=W16_11_017_02UK-_-u_ad_4_href&web_track_id=135829704&position_id=2&promo_code=989989999&lcb=10

The highlighted Na-_-Na looks suspiciously like Not Applicable, or potentially “NaN” truncated to fit.

 

Searching on fighting knives throws error :

no comment
fighting knives - search error when searching

fighting knives – search error when searching

Thanks to Stuart Baldwin for pointing this one out : searching for anything on fightingknives.info for anything breaks the site, returning the message :

A potentially dangerous Request.Path value was detected from the client (&).

Looking at the favicon it appears to be a DotNet Nuke site – wow… that’s old – so old that I think this was originally running on the .NET 2 framework,

Anyway – the reason for this is the search url that the site navigates to when searching :

http://www.fightingknives.info/fighitngknivesinfo/search-results&Search=test

From the stack trace it seems that this site is running under .NET framework v4, and there were changes made to the v4 framework that extended request validation from only .aspx requests, to all requests.

To ‘fix’ this the site owner can add :

<httpRuntime requestValidationMode="2.0" />

To their web.config file, to prevent this from happening – or alter their application pool to use the older .NET frameworks (should be fine in version 2, may be fine in version 3 and 3.5)  I say’fix’ because really they should be perhaps looking to update to a newer version, or re-writing their search facility to not pass potentially dangerous characters into their own requests.

Thanks Stuart

PC just broke…

no comment

Categories

Archives

Tags