tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Craig R. McClanahan" <craig...@apache.org>
Subject RE: Bug/Fix for HttpUtils.parseQueryString - IMPORTANT!
Date Mon, 03 Sep 2001 18:28:20 GMT
On Mon, 3 Sep 2001, George C. Hawkins wrote:

> Date: Mon, 3 Sep 2001 16:52:32 +0100
> From: George C. Hawkins <george.hawkins@pobox.com>
> Reply-To: tomcat-dev@jakarta.apache.org,
>      George C. Hawkins <george.hawkins@pobox.com>
> To: tomcat-dev@jakarta.apache.org
> Cc: nacho@siapi.es
> Subject: RE: Bug/Fix for HttpUtils.parseQueryString - IMPORTANT!
>
> I do not believe Mr. Lucifer's "patch" should be applied. As has been
> pointed out a number of times Tomcat is the reference implementation for
> the JSP and servlet JCRs.
>
> In the Servlet 2.3 PFD2 specification you find the following in the
> definition of parseQueryString():
>
>   "The query string should be in the form of a string packaged by the
>   GET or POST method, that is, it should have key-value pairs in the
>   form key=value, with each pair separated from the next by a &
>   character."
>
> People regularly ask for "features" that run contrary to the
> specification (e.g. a common request/confusion is that parsePostData()
> should handle the "multipart/form-data" encoding) - these requests are
> turned down. If you want to change/query the specification talk to the
> JCR people not to the Tomcat implementers!
>

As a practical matter, the suggested change would indeed violate the spec,
and therefore should not be applied unless the spec were to be changed.

In addition, it should be noted that the entire HttpUtils class has been
deprecated in Servlet 2.3, because its methods are hopelessly inadqueate
for dealing with requests that are not in the server's default character
encoding.  Therefore, it is pretty unlikely that suggested changes to this
class will be incorporated into future versions of the spec.

Once you migrate to a 2.3-based container, you can call
ServletRequest.getParameterMap() to get a (read-only) Map of all the
request parameters for this request (from both the query string and the
body of POST requests), suitably converted into Unicode for you.  If you
want to process the query string in some different fashion, you can call
HttpServletRequest.getQueryString() and parse it yourself.

Craig McClanahan


Mime
View raw message