пт, 5 июл. 2024 г. в 23:40, Christopher Schultz <ch...@christopherschultz.net>: > > Mark, > > On 7/2/24 06:33, Mark Thomas wrote: > > [...] > > I would support a move to throw an unchecked exception from > getParameter* in older versions of Tomcat in order to produce a hard-fail. > > But I'm somewhat more bullish about this kind of thing. The good news is > that anyone disturbed by this will already have an application bug they > didn't know they had... which is the whole point of making it a hard-fail. > > Hmm. Existing applications using FailedRequestFilter, though... > > On application startup, we could check to see if the FailedRequestFilter > has been installed at all and, if not, configure to hard-fail. WDYT?
It is solvable by simply adding a try/catch (for this exception) around the getParameters call in the FailedRequestFilter. The expected use of the filter is that it is placed "in front" of the app, so the result is that it is the one who triggers parameter parsing. Thus if parsing results in an exception - just catch it and go on. :) Best regards, K.Kolinko --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
