Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Brendan Rice 538 posts 1102 karma points
    Nov 16, 2010 @ 18:25
    Brendan Rice
    0

    Tracing Security Risk

    We recently launched a site and as part of a PCI Compliance security audit noticed that when we do a redirect from an XSLT extension trace information is included in the response event though all debugging and trace config settings are turned off.  This made us fail the PCI compliance.

    I got the source code set up and noticed that an exception is thrown in the Macro (see below), but I am unsure why the trace information is getting output.

    Can anyone shed any light of this please?

    Trace Information

    CategoryMessageFrom First(s)From Last(s)
    aspx.page Begin PreInit    
    umbracoInit handling request 2.06345864661654E-05 0.000021
    request handler current url '' 4.69233082706767E-05 0.000026
    umbracoRequestHandler xpath: '/root/node' 7.82827067669173E-05 0.000031
    umbracoRequestHandler xpath: '/root/node [@urlName = ""] | /root/node' 9.35308270676692E-05 0.000015
    umbracoRequestHandler xpath: '/root/node [@urlName = ""] | /root/node' 0.000110240601503759 0.000017
    umbracoRequestHandler Just before xPath query (False, '/root/node [@urlName = ""] | /root/node') 0.000124472180451128 0.000014
    umbracoRequestHandler pageXPathQueryStart: '/root' 0.000136872180451128 0.000012
    umbracoRequestHandler After xPath query 0.000175633082706767 0.000039
    umbracoRequestHandler Access checking started 0.000216911278195489 0.000041
    umbracoRequestHandler Page not protected 0.000237524812030075 0.000021
    umbracoRequestHandler Access checking ended 0.000250084210526316 0.000013
    umbracoInit Done handling request 0.000264661654135338 0.000015
    umbracoPage Element loaded: storefrontPath 0.000322439097744361 0.000058
    umbracoPage Element loaded: galleryFolder 0.000344403007518797 0.000022
    umbracoPage Element loaded: breadcrumbTitle 0.000359906766917293 0.000016
    umbracoPage Element loaded: serviceUrl 0.000375560902255639 0.000016
    umbracoPage Element loaded: analyticsCode 0.000392562406015038 0.000017
    umbracoPage Element loaded: facebookURL 0.000408051127819549 0.000015
    umbracoPage Element loaded: twitterURL 0.00042286015037594 0.000015
    umbracoPage Element loaded: flickrURL 0.000438144360902256 0.000015
    umbracoPage Element loaded: youtubeURL 0.000453022556390977 0.000015
    umbracoPage Element loaded: ShowDistributorsLink 0.000468156390977444 0.000015
    umbracoPage Element loaded: metaTitle 0.000483603007518797 0.000015
    umbracoPage Element loaded: keywords 0.000499028571428571 0.000015
    umbracoPage Element loaded: metaDescription 0.000514264661654135 0.000015
    umbracoPage Element loaded: umbracoNaviHide 0.000534878195488722 0.000021
    umbracoPage Pagedata loaded for My Site (ID: 1051, Version: 221ed11e-e58e-4736-8d78-9a648b14d4c3) 0.0005512 0.000016
    aspx.page End PreInit 0.000765461654135338 0.000214
    aspx.page Begin Init 0.000783025563909774 0.000018
    umbracoMacro Macro loaded from cache (ID: 23, Get Geolocation) 0.000812535338345865 0.000030
    renderMacro Rendering started (macro: Get Geolocation, type: 1, cacheRate: 0) 0.000831876691729323 0.000019
    umbracoMacro Before adding extensions 0.000885666165413534 0.000054
    umbracoXsltExtension Extension added: urn:Exslt.ExsltCommon, ExsltCommon 0.00124664661654135 0.000361
    umbracoXsltExtension Extension added: urn:Exslt.ExsltDatesAndTimes, ExsltDatesAndTimes 0.00126612330827068 0.000019
    umbracoXsltExtension Extension added: urn:Exslt.ExsltMath, ExsltMath 0.00128086616541353 0.000015
    umbracoXsltExtension Extension added: urn:Exslt.ExsltRegularExpressions, ExsltRegularExpressions 0.00129484511278195 0.000014
    umbracoXsltExtension Extension added: urn:Exslt.ExsltStrings, ExsltStrings 0.00131192481203008 0.000017
    umbracoXsltExtension Extension added: urn:Exslt.ExsltSets, ExsltSets 0.00132650827067669 0.000015
    umbracoXsltExtension Extension added: urn:MyLibrary, library 0.00134021353383459 0.000014
    umbracoMacro After adding extensions 0.00135385864661654 0.000014
    umbracoMacro Before performing transformation 0.00137296240601504 0.000019
    umbracoMacro

    Error loading XSLT GetGeolocation.xslt

    Thread was being aborted.
      at umbraco.macro.loadMacroXSLT(macro macro, Hashtable attributes, Hashtable pageElements)
    0.00246293533834586 0.001090
    Template

    Error adding macro Get Geolocation

    Thread was being aborted.
      at umbraco.macro.loadMacroXSLT(macro macro, Hashtable attributes, Hashtable pageElements)
      at umbraco.macro.renderMacro(Hashtable attributes, Hashtable pageElements, Int32 pageId)
      at umbraco.presentation.templateControls.Macro.CreateChildControls()
    0.00380095639097744 0.001338
  • Aileen 59 posts 79 karma points
    Jun 07, 2012 @ 15:46
    Aileen
    0

    Hi Brendan

    Did you ever get to the bottom of this? I have a custom 500 page which appears when an error occurs and for some reason the trace info is appearing at the bottom of the page.

    Thanks

  • Aileen 59 posts 79 karma points
    Jun 07, 2012 @ 15:54
    Aileen
    0

    Ah - nevermind. Found the solution in another post.

    In case anyone else has this issue, set debug=false in default.aspx.

Please Sign in or register to post replies

Write your reply to:

Draft