-
Notifications
You must be signed in to change notification settings - Fork 38.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Space in integer request parameter neither triggers the default value nor generates a 400 #29550
Comments
Thanks for the analysis and sample. There was a similar case in #23939 where the request parameter was required and becomes Backwards compatibility concerns are also similar. We cannot apply this in a maintenance release, so this would have to be a potential 6.1 target. In the meantime you can customize the behavior of @InitBinder
void initBinder(WebDataBinder binder) {
binder.registerCustomEditor(Number.class, new CustomNumberEditor(Number.class, false));
} |
Hey can I work on this one? :) |
@RemusRD this one is not labelled with |
None of the issues are labelled with "status: ideal-for-contribution". |
Affects: spring-web 5.3.22
Expectation
Given an endpoint with an
Integer
parameter namedlimit
with a default value of10
, when a user makes a request withlimit=%20
then the system should either return a400 - Bad Request
or have the default value applied.Actual
Given an endpoint with an
Integer
parameter namedlimit
with a default value of10
, when a user makes a request withlimit=%20
then the system accepts the request and the limit variable has anull
value.This happens because when checking for the default value, Spring will not trim the string, so
" "
will be a value and will not trigger the default value.But when binding the value to the variable, this line will resolve to
true
(becauseallowEmpty
is set totrue
and!StringUtils.hasText(" ")
resolves totrue
), sonull
will be set (instead of generating an exception).I have no idea how to fix it, because this does not seem to be a bug in the code, but a mismatch of expectations.
Steps to reproduce
curl "http://localhost:8080/endpoint?limit=
curl "http://localhost:8080/endpoint?limit=a"
curl "http://localhost:8080/endpoint?limit=%20"
limit
variable was assigned thenull
value.This is unexpected because, due to the fact that this variable is an integer with a default value. You either expect it to be the integer supplied by the user or the default value. You do not expect it to be null. This null will then very likely cause a null pointer exception in your code.
The text was updated successfully, but these errors were encountered: