SafeRequest.getParameter(String) does not return null if String is null

[GoogleCodeExporter]

While doing an assessment for a client we came across an issue where the
null check was not work for their code.  They had a null check based on
SafeRequest.getParameter(String).  If the value was not null they did one
thing if it was they did another thing, which based on SafeRequest this
means it always will do the first thing.  In their specific case they had
centralized menu code and sometimes different parameters are submitted, but
those parameters not submitted will never be null.  SafeRequest and
SecurityRequestWrapper both default to setting any getParameter (including
a parameter that is not submitted) that returns null to the empty string. 
This will break any applications that rely on null checks.  This should be
a high priority fix as the getParameter should default to allowing null.   

Original issue reported on code.google.com by manico.james@gmail.com on 15 Jan 2010 at 11:49

[GoogleCodeExporter]

I agree that the SafeRequest (1.4) and SecurityRequestWrapper (2.0) seem to get 
this 
wrong.  Should we change this to make "allowNull" true?  Then the underlying 
getValidInput call will not throw an exception and the call will return null as 
it 
should.

Original comment by jeff.wil...@gtempaccount.com on 16 Jan 2010 at 1:31

[GoogleCodeExporter]

Yes, I agree. I think the change is that simple Jeff. Go for it?

Original comment by manico.james@gmail.com on 16 Jan 2010 at 1:33

[GoogleCodeExporter]

This issue was closed by revision r937.

Original comment by chrisisbeef on 16 Jan 2010 at 4:23

• Changed state: Fixed