rmannibucau commented on a change in pull request #878:
URL: https://github.com/apache/cxf/pull/878#discussion_r757542186
##########
File path:
rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/utils/FormUtils.java
##########
@@ -175,8 +176,20 @@ public static void
populateMapFromString(MultivaluedMap<String, String> params,
&& MessageUtils.getContextualBoolean(m,
FORM_PARAMS_FROM_HTTP_PARAMS, true)) {
for (Enumeration<String> en = request.getParameterNames();
en.hasMoreElements();) {
String paramName = en.nextElement();
- String[] values = request.getParameterValues(paramName);
- params.put(HttpUtils.urlDecode(paramName),
Arrays.asList(values));
+ String[] parameterValues =
request.getParameterValues(paramName);
+
+ // these parameters will already be URLdecoded by the servlet
container on the
+ // request.getParameterValues() call above
+
+ List<String> values = Arrays.asList(parameterValues);
+
+ if (!decode) {
Review comment:
not using getParameter but the body inputstream - think cxf already has
some part of it in body readers? - can solves it.
another side note is that moving the evaluation to be lazy instead of eager
in a list can also be a good thing and avoid a lot of preprocessing (think `if
(param1 is ok) { processBigParam(param2); }`, if param1 is not ok you don't
care of having processed param2 and worse if you have some security checks in
your endpoint (`@Context HttpServletRequest` is not that rare ;)). This can be
done in a custom MultivaluedMap impl (new
RequestParametersMultivaluedMap<>(request)).
Hope it makes sense.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
