WebSphere® Application Server does not parse the encoded
JSP™ parameter
Download Description
PQ93388 resolves the following problem:
USERS AFFECTED:
All WebSphere Application Server users
PROBLEM DESCRIPTION:
If users send in encoded query string, Application Server does not parse
it.
RECOMMENDATION:
WebSphere Application Server no longer parses the incoming query string
for customers since many customers do not want that, however, this may
break some customer applications since they rely on Application Server to
parse it.
PROBLEM CONCLUSION:
Since Application Server v5.0.2.5 and v5.1.1, if you send in a JSP
parameter, Application Server no longer parses this parameter. Then, if
you perform a request.getParameter()call, the same value will be returned.
If you then customer send in a URLEncoded value, you can do URLDecode
later manually. The reason for this change is some users want to use DBCS
characters in the JSP parameters without URLEncoding it, and so do not
want Application Server to parse it. However, some customer applications
rely on Application Server to parse their encoded parameters. To satisfy
these two requirements, a new way to parse customer jsp parameters has
been implemented.
If the incoming JSP parameter is URLEncoded to the request encoding,
the Application Server decoder will decode it accordingly.
For example: 1%2c2%2c3 will be decoded as 1,2,3
If the incoming JSP parameter is not URLEncoded, and does not contain
characters "%" and " ", then the Application Server decoder will return
the same value. For example: 1,2,3 will be decoded as 1,2,3
If the incoming JSP parameter is not URLEncoded, and contains
characters "%" or " ", for example "%100". Then the customer can set the
webcontainer custom property "JSPParameterEncodedEnabled=true". Then the
Application Server decoder will not decode it, a request.getParmeter()
call will return "%100". This custom property default value is false
PQ93388_511_fix.jar is for release 5.1.1 and 5.1.1.1.
PQ93388_502_fix.jar is for release 5.0.2.7
Prerequisites
Please download the UpdateInstaller below to install this fix.