tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jan Luehe <Jan.Lu...@Sun.COM>
Subject Re: Question about HttpServletRequest.getParameterValues()
Date Tue, 02 Mar 2004 00:23:52 GMT
Hi Christian,

> The 2.3 HttpServletRequest interface provides a setAttribute() method to
> change the values of a given attribute. It does NOT however provide a
> similar setParameter() method, allowing you to programatically modify the
> values that accompany the request - I assume this means that we shouldn't be
> able to change these values.
> 
> What I've discovered however, is that if I _can_ modify parameter values by
> calling getParameterValues() (which returns String[]) and set the values
> that way. For instance:
> 
>     Enumeration enum = req.getParameterNames();
>     while (enum.hasMoreElements()) {
>         String key =(String) enum.nextElement();
>         String vals[] = req.getParameterValues(key);
>         for (int i=0, max=vals.length; i<max; i++) {
>             if (key.equalsIgnoreCase("password")) vals[i] = "********";
>             logger.info("...key:"+key+" value:"+vals[i]);
>         }
>     }
> 
> This has the surprising (to me anyway) effect of actually _modifying_ the
> underlying value for the particular key. Is this simply an implementation
> oversight? I had assumed that the method would be returning a copy of the
> underlying data structure, rather than a reference to the structure itself.
> 
> This isn't really a problem for me, but I thought it was interesting and I'm
> curious to know if this was intentional or not. Anyone care to comment?

This is a bug. The String[] returned by req.getParameterValues() should
have been a clone.

I just committed a fix.

Thanks,

Jan


> Thanks much,
> Christian
> ----------------------------------------------
> Christian Cryder
> Internet Architect, ATMReports.com
> Project Chair, BarracudaMVC - http://barracudamvc.org
> ----------------------------------------------
> "Coffee? I could quit anytime, just not today"
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org
> 



---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message