You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2007/09/13 11:01:38 UTC
DO NOT REPLY [Bug 43377] New: - RequestDumperValve garbles POST data
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=43377>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=43377
Summary: RequestDumperValve garbles POST data
Product: Tomcat 5
Version: Unknown
Platform: Other
OS/Version: other
Status: NEW
Severity: normal
Priority: P2
Component: Catalina
AssignedTo: tomcat-dev@jakarta.apache.org
ReportedBy: jh+asfbugzilla@foobar.de
Enabling the RequestDumperValve can lead to garbled POST data, but only under
the following circumstances:
1. The POST data is submitted with the content type/method
application/x-www-form-urlencoded. The issue does NOT occur if the POST request
uses multipart/form-data.
2. The POST data must contain some non-ASCII characters (e.g. German umlauts
������) which are transferred using UTF-8 multi-byte sequences.
I have not debugged this problem on the source code level, but what seems to
happen is the following:
- the encoded POST data looks e.g. like this:
comment=noch+ein+Test+%C3%A4%C3%B6%C3%BC%C3%84%C3%96%C3%9C
- the form data is de-escaped, i.e. the %xx sequences are converted to binary
- the next step should be to UTF-8 decode the data, but this step seems to be
skipped.
- the garbled, i.e. not UTF-8 decoded data ends up in the request parameters,
looking like this "noch ein Test äöü�„�–�œ" instead of this "noch ein Test
������"
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
DO NOT REPLY [Bug 43377] - RequestDumperValve garbles POST data
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=43377>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=43377
------- Additional Comments From jh+asfbugzilla@foobar.de 2007-09-14 09:26 -------
Thanks for the pointer. One could, however, argue that the comment could be just
a wee bit more explicit. Like "WARNING: using it will break stuff in
unpredictable ways" or at least include a pointer to the URL you mentioned.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
DO NOT REPLY [Bug 43377] - RequestDumperValve garbles POST data
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=43377>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=43377
markt@apache.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |INVALID
------- Additional Comments From markt@apache.org 2007-09-14 04:48 -------
Please read the comment just above the RequestDumperValve in server.xml or the
warning in the http://tomcat.apache.org/tomcat-5.5-doc/config/valve.html.
You need to use the RequestDumperFilter.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org