Fix (APAR): PK30121 Status: Fix Release: 5.1.1.11 Operating System: AIX,HP-UX,Linux,Linux pSeries,Linux Red Hat - pSeries,Linux zSeries,Solaris,Windows Supersedes Fixes: PRE-REQUISITE FIXES: CMVC Defect: PK30121 Byte size of APAR: 19803 Date: 2006-09-12 Abstract: Various encoding and decoding problems occur with the query string in the servlet request. Description/symptom of problem: PK30121 resolves the following problem: ERROR DESCRIPTION: Web container cannot handle double byte characters in query string when a lower byte is alphabet or numeric character. Until CF 10, it worked fine. For example Japanese character which represents double byte Zero is encoded into "%82O" in Shift-JIS. But web container can decode only "%82%4F" pattern successfully. Keyword: DBCS garbage garbaged incorrout LOCAL FIX: Use UTF-8 to encode query strings. PROBLEM SUMMARY USERS AFFECTED: All WebSphere Application Server 5.1.1.11 users. PROBLEM DESCRIPTION: Various encoding and decoding problems occur with the query string in the servlet request. RECOMMENDATION: None There are numerous scenarios where this issue could arise. All of them involve the use of the request's query string or request parameters. Also involved is the use of Double-Byte Character Set (DBCS) characters and Hexadecimal characters. Some of the known scenarios are: Scenario 1 ---------- Having a hyperlink on a JSP with the character encoding and page encoding set to a DBCS encoding. Example with an encoding of SHIFT_JIS: The URL appears something like this: http://localhost:9080/CharCorr3.jsp?data=%89@%89A%89B%89C%89D %89E%89F%89G%89H%89I%89J%89K%89L%89M%89N%89O%89P%89Q%89R%89S%89T %89U%89V%89W%89X%89Y%89Z%89%5B%89%5C%89%5D%89%5E%89_%89%60%89a %89b%89c%89d%89e%89f%89g%89h%89i%89j%89k%89l%89m%89n%89o %89p%89q%89r%89s%89t%89u%89v%89w%89x%89y%89z%89%7B%89%7C%89%7D %89%7E On 5.1.1.9 the query string value was resolved to DBCS characters. On 5.1.1.11 the query string value was not resolved at all and remained as is. Scenario 2 ---------- Having DBCS characters submitted by a GET method in an input field text box and then displayed on the resulting page. The DBCS characters were showing up as corrupted text in 5.1.1.11 after submitting the form. Scenario 3 ---------- Have one JSP include another JSP and pass DBCS as part of the query string. In a JSP having an include like the following: " flush="true" /> The DBCS characters were being displayed as corrupted text. Scenario 4 ---------- Have a JSP include another JSP with the following parameters passed in: There are various scenarios with this test. Mainly setting the character encoding and also not having it set. Also, doing the URLEncoder.encode() to the DBCS characters before setting them as the value of the JSP param. The DBCS characters were showing up as corrupted text on 5.1.1.11 when they were printed out on the resulting page. Scenario 5 ---------- Accessing snoop with Hex characters in the request parameters. http://localhost:9080/snoop?test=hello%28world%29 In 5.1.1.11 the %28 and %29 were not resolved to "(" and ")" respectively. Scenario 6 ---------- Parameter names are not URL Encoded In a JSP you have the following form with a GET method:
In 5.1.1.9 the output is displayed correctly as 12~1~11~90~opt0Do A Get In 5.1.1.11 the output is displayed incorrectly as 12%7E1%7E11%7E90%7Eopt0Do+A+Get PROBLEM CONCLUSION: The Webcontainer's implementation of the ServletRequest was modified to ensure that the proper encoding was passed along when parsing the query string. The fix for this APAR is currently targeted for inclusion in fixpack 5.1.1.13. Please refer to the Recommended Updates page for delivery information: http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980 Directions to apply fix: Fix applies to Editions: Release: 5.0 5.1 ___ X__ Application Server (Express or base) ___ Enterprise Edition (DD) ___ X__ Network Deployment (ND) ___ ___ Edge Components ___ ___ Developers Edition ___ ___ Tools ___ WebSphere Business Integration Server Foundation (WBISF) Install Fix to: Method: X_ Application Server Nodes __ Deployment Manager Nodes __ Both NOTE: The user must: * Have Administrative rights in Windows, or be the Actual Root User in a UNIX environment. * Be logged in with the same authority level when upacking a fix, fix pack or refresh pack. The Update Installer can be downloaded from the following link: http://www.ibm.com/support/docview.wss?rs=80&uid=swg24008401 The Update Installer for V5.0 does not have a maintenance directory. It uses fixpacks and fixes as the location of the unpacked files. 1) Copy PK30121.jar file to the maintenance directory 2) Shutdown WebSphere. Manually execute setupCmdLine.bat in Windows or ../setupCmdLine.sh in UNIX from the WebSphere instance that maintenance is being applied to. It is important that you perform a controlled and complete shutdown of the server to ensure that all transactions have completed, before installing the fix. 3) Launch the Update Installer. 4) Enter the installation location of the WebSphere product you want to update. 5) Slect the "Install maintenance package" operation. 6) Enter the file name of the maintenance package to install (PK30121.jar file which was copied into the maintenance directory. 7) Install the maintenance package. 8) Restart WebSphere. Directions to remove fix: NOTE: * The user must have Administrative rights in Windows, or be the Actual Root User in a UNIX environment. * FIXES MUST BE REMOVED IN THE ORDER THEY WERE APPLIED. * DO NOT REMOVE A FIX UNLESS ALL FIXES APPLIED AFTER IT HAVE FIRST BEEN REMOVED. * YOU MAY REAPPLY ANY REMOVED FIX. Example: If your system has fix1, fix2, and fix3 applied in that order and fix2 is to be removed, fix3 must be removed first, fix2 removed, and fix3 re-applied. 1) Shutdown WebSphere. Manually execute setupCmdLine.bat in Windows or ../setupCmdLine.sh in UNIX from the WebSphere instance that uninstall is being run against. It is important that you perform a controlled and complete shutdown of the server to ensure that all transactions have completed, before installing the fix. 2) Start the Update Installer. 3) Enter the installation location of the WebSphere product you want to remove the fix. 4) Select "Uninstall maintenance package" operation 5) Enter the file name of the manintenance package to uninstall (PK30121.jar) 6) Uninstall maintenance package. 7) Restart WebSphere Directions to re-apply fix: 1) Shutdown WebSphere. It is important that you perform a controlled and complete shutdown of the server to ensure that all transactions have completed, before installing the fix. 2) Follow the instructions to apply the fix. 3) Restart WebSphere. Additional Information: