i just happened to be looking through the RequestUtil.parseParameters()
method, and something struck me as odd. since i don't know the history
here, i figured i'd ask someone who does...
anyway, the method looks something like this:
public static void parseParameters(Map map, String data, String
encoding)
throws UnsupportedEncodingException {
if ((data != null) && (data.length() > 0)) {
int len = data.length();
byte[] bytes = new byte[len];
data.getBytes(0, len, bytes, 0);
parseParameters(map, bytes, encoding);
}
}
what strikes me as odd is an encoding is being passed into the method,
but rather than using this encoding to get the bytes out of the string
passed in, a deprecated getBytes method is being used. also, to
determine the number of bytes to get, String.length() is being used.
this is a potential problem because String.length() is the number of
unicode characters, which is not necessarily the same number of bytes in
the string (think multibyte character sets).
i believe a safer version of this method is:
public static void parseParameters(Map map, String data, String
encoding)
throws UnsupportedEncodingException {
if ((data != null) && (data.length() > 0)) {
byte[] bytes = data.getBytes(encoding);
parseParameters(map, bytes, encoding);
}
}
RequestUtil.URLDecode(String str, String enc) has a similar problem.
i can commit changes to fix these problems if that's ok (i'm a new
committer, so i figure before i go stepping on anybody's toes, i'd run
this by the list :) ...
-kevin.
