PQ93388: Encoded JSP parameter not parsed
 Downloadable files
 
Abstract
WebSphere® Application Server does not parse the encoded JSP™ parameter
 
Download Description
PQ93388 resolves the following problem:

USERS AFFECTED:
All WebSphere Application Server users

PROBLEM DESCRIPTION:
If users send in encoded query string, Application Server does not parse it.

RECOMMENDATION:
WebSphere Application Server no longer parses the incoming query string for customers since many customers do not want that, however, this may break some customer applications since they rely on Application Server to parse it.

PROBLEM CONCLUSION:
Since Application Server v5.0.2.5 and v5.1.1, if you send in a JSP parameter, Application Server no longer parses this parameter. Then, if you perform a request.getParameter()call, the same value will be returned. If you then customer send in a URLEncoded value, you can do URLDecode later manually. The reason for this change is some users want to use DBCS characters in the JSP parameters without URLEncoding it, and so do not want Application Server to parse it. However, some customer applications rely on Application Server to parse their encoded parameters. To satisfy these two requirements, a new way to parse customer jsp parameters has been implemented.

  1. If the incoming JSP parameter is URLEncoded to the request encoding, the Application Server decoder will decode it accordingly.

    For example: 1%2c2%2c3 will be decoded as 1,2,3

  2. If the incoming JSP parameter is not URLEncoded, and does not contain characters "%" and " ", then the Application Server decoder will return the same value. For example: 1,2,3 will be decoded as 1,2,3

  3. If the incoming JSP parameter is not URLEncoded, and contains characters "%" or " ", for example "%100". Then the customer can set the webcontainer custom property "JSPParameterEncodedEnabled=true". Then the Application Server decoder will not decode it, a request.getParmeter() call will return "%100". This custom property default value is false

PQ93388_511_fix.jar is for release 5.1.1 and 5.1.1.1.
PQ93388_502_fix.jar is for release 5.0.2.7
 
Prerequisites
Please download the UpdateInstaller below to install this fix.
 
URL LANGUAGE SIZE(Bytes)
v5.0 UpdateInstaller US English 7250000
v5.1 UpdateInstaller US English 7250000
 
 
Installation Instructions
Please review the readme.txt for detailed installation instructions.
 
URL LANGUAGE SIZE(Bytes)
Readme US English 3182
 
Download package
What is DD?
Download RELEASE DATE LANGUAGE SIZE(Bytes) Download Options
PQ93388_502_fix 9/23/2004 US English 38648 FTP DD
PQ93388_511_fix 9/23/2004 US English 38233 FTP DD
 
Technical support
1-800-IBM-SERV (U.S. Only)
 
Cross Reference information
Segment Product Component Platform Version Edition
Application Servers Runtimes for Java Technology Java SDK
Problems (APARS) fixed
PQ93388, PQ93607
 
 


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > Servlet Engine/Web Container
Operating system(s): Windows
Software version: 5.1.1.1
Software edition:
Reference #: 4007848
IBM Group: Software Group
Modified date: Sep 23, 2004