navajo/display.cfm : application.stCOAPI - check keys exist for URL parameters type and view

Description

when a hacking attempt is made with URL like
/?view=displayNewsletterPopup+sleep(20.to_i)&ajaxmode=1
Farcry throws error
key [displayNewsletterPopup sleep(20.to_i)] doesn't exist

core/tags/navajo/display.cfm
<cfif len(url.type) AND len(url.view) AND application.stCOAPI[url.type].stWebskins[url.view].viewstack eq "ajax">

Put in tests for keys on application.stCOAPI and throw 404 error

Environment

None

Status

Assignee

Andrew Mercer

Reporter

Andrew Mercer

Labels

None

Components

Fix versions

Affects versions

FarCry 7.2

Priority

Major
Configure