> i just happened to be looking through the RequestUtil.parseParameters()
> method, and something struck me as odd. since i don't know the history
> here, i figured i'd ask someone who does...
>
> anyway, the method looks something like this:
>
> public static void parseParameters(Map map, String data, String
> encoding)
> throws UnsupportedEncodingException {
>
> if ((data != null) && (data.length() > 0)) {
> int len = data.length();
> byte[] bytes = new byte[len];
> data.getBytes(0, len, bytes, 0);
> parseParameters(map, bytes, encoding);
> }
>
> }
>
> what strikes me as odd is an encoding is being passed into the method,
> but rather than using this encoding to get the bytes out of the string
> passed in, a deprecated getBytes method is being used. also, to
> determine the number of bytes to get, String.length() is being used.
> this is a potential problem because String.length() is the number of
> unicode characters, which is not necessarily the same number of bytes in
> the string (think multibyte character sets).
>
> i believe a safer version of this method is:
>
> public static void parseParameters(Map map, String data, String
> encoding)
> throws UnsupportedEncodingException {
>
> if ((data != null) && (data.length() > 0)) {
> byte[] bytes = data.getBytes(encoding);
> parseParameters(map, bytes, encoding);
> }
>
> }
>
> RequestUtil.URLDecode(String str, String enc) has a similar problem.
>
> i can commit changes to fix these problems if that's ok (i'm a new
> committer, so i figure before i go stepping on anybody's toes, i'd run
> this by the list :) ...
We use simple byte conversion there because the String which is passed here
(the query portion of the URL) is supposed to only have US-ASCII characters.
Remy
