https://bz.apache.org/bugzilla/show_bug.cgi?id=66393
Bug ID: 66393
Summary: ExtendedAccessLogValve's x-P(XXX) does not correspond
to the documentation
Product: Tomcat 8
Version: 8.5.84
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P2
Component: Catalina
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ----
This [1] resource says:
x-P(XXX) for the URL encoded (using UTF-8) request parameter with name XXX
But the code [2] does:
> try {
> return URLEncoder.encode(value, "UTF-8");
> } catch (UnsupportedEncodingException e) {
> // Should never happen - all JVMs are required to support
> UTF-8
> return null;
> }
> }
This is java.net.URLEncoder. We all know that this class is deceiving because
it actually implements form encoding (Javadoc: Utility class for HTML form
encoding. This class contains static methods for converting a String to the
application/x-www-form-urlencoded MIME format.) and not URL/URI encoding which
produces different results. Tomcat includes a decent URLEcoder class, maybe
this one should rather be used, no?
Note: I haven't verified with other Tomcat versions, but I guess they have the
same problem.
[1]
https://tomcat.apache.org/tomcat-8.5-doc/config/valve.html#Extended_Access_Log_Valve/Attributes
[2]
https://github.com/apache/tomcat/blob/cf2015c1350a3f057182dd4c26c20f68df8b3400/java/org/apache/catalina/valves/ExtendedAccessLogValve.java#L412-L418
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
