tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: UTF-8 handling differs between two servlets within the same application
Date Mon, 23 Jun 2008 20:35:24 GMT

Mark Thomas wrote:
> André Warnier wrote:
>> It is quite possible that Tomcat's innards do not do things correctly 
>> when they decode a POST, and just deliver the raw parameter value as 
>> received.  But that would surprise me, and I would submit that it 
>> would then be a bug.
> 
> As far as I am aware, Tomcat correctly decodes parameters for all 
> versions in all cases (provided the client sends sensible input). If you 
> have a test case that doesn't work, that would be a bug and should be 
> added to Bugzilla.
> 
> Mark
> 

To the Original Poster :

1) We have it thus by a Tomcat authority (above) that Tomcat correctly 
decodes the POST parameters, IF they are submitted correctly by the 
browser.  That means that it should not be necessary to add a filter, 
nor to literally specify a request character set, IF the form parameters 
are being submitted correctly by the browser.

2) You are seeing a different thing in your application, where 
parameters (in this case the userid or password from the form), do NOT 
come in as you expect (iow proper Unicode reflecting what the user typed 
in the form).

3) There are only two possible conclusions :
a) the parameters from the form are not being submitted properly by the 
browser, whatever the reason is.
b) the parameters are being submitted properly by the browser, but there 
is a bug in Tomcat.

I would imagine that if Tomcat had a bug in that respect, it would 
affect a lot of applications, and would have been all over this forum 
and others many times already.  That does not seem to be the case.

So I would suggest that what you would need to investigate first is : 
are the parameters *really* coming in properly from the browser ?
If not, there are many possible reasons, which can be checked out one by 
one and eliminated.  In the process, it will also make the application 
more robust.  And it would also make your life easier if you could avoid 
a filter, and if the same application would work properly under both 
Tomcat and Websphere.

If you agree, a question to start in that process :
In the login page, the <form> element should have the following attributes :
<form method="POST" enctype="multipart/form-data" accept-charset="UTF-8" 
...>
Does it ?

Ref : http://www.w3.org/TR/html401/interact/forms.html#submit-format
and in particular : 17.13.4 Form content types
(among other things, the spec says that this is the only valid way to 
submit non-ascii data - such as passwords containing "accented" characters)

André




---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message