Bug 58836

Summary: Query string parameters w/o values are not sent to dest servlet via request.getRequestDispatcher().forward()
Product: Tomcat 8 Reporter: Mark Olsson <safepassing2>
Component: CatalinaAssignee: Tomcat Developers Mailing List <dev>
Severity: normal    
Priority: P2    
Version: 8.0.28   
Target Milestone: ----   
Hardware: PC   
OS: All   

Description Mark Olsson 2016-01-12 04:28:46 UTC
URL / query string parameters with no value (technically keyless values) are not received by the destination servlet when using request.getRequestDispatcher().forward().


The servlet handling /newpage will have P1 in the request parameter list but not P2 even though both parameters are in the query string verified with request.getQueryString().  The order and quantity of parameters doesn't seem to make a difference, those without values are not seen by the servlet, while those with values (or even with just an = but no value) are.

I believe the cause may be in ApplicationHttpRequest.mergeParameters().  Possibly the line "if (value == null)" should be replaced with if (queryParameters.containsKey(key)) (among other things), but I'm not 100% on that, building and debugging Tomcat is beyond my capabilities at this point.

I have a pair of test servlets that show this behavior on my development server if somebody wants to see it in action.  Email me safepassing2/gmail_com and I'll provide the address.
Comment 1 Mark Thomas 2016-01-13 11:37:10 UTC
Thanks for the report. I have written a simple test case that demonstrates this. You are right that the issue is in ApplicationHttpRequest.mergeParameters(). The problem is that it uses RequestUtil.parseParameters() to process the query string which ignores parameters with no value.

I'm currently looking into how to use the same parameter parsing code as is used for incoming requests. As well as fixing this issue, that should enable the RequestUtil code to be removed.
Comment 2 Mark Thomas 2016-01-13 15:02:57 UTC
This has been fixed in 9.0.x for 9.0.0.M2, 8.0.x for 8.0.31, 7.0.x for 7.0.68 and 6.0.x for 6.0.45.

Thanks again for the report.