But in ABC.jsp the value of the param(tNumber) is coming as NULL. If i remove the filter on ABC.jsp then everything works fine. My understanding was, correct me if i am wrong, that the filters do not apply to the included pages anyways.
Thanks for the reply I am using OWASP Stinger filter for input validation. Excerpt from my web.xml and stinger.xml:
Hmmm. Perhaps the filter (which you did not write, I take it), is reading the input stream before the servlet container can do so. In which case, you will not be able to obtain the parameters via getParameter.
This is not an approach I would personally take.
In any case, you'll probably need to talk to the writers of the filter or get the source code to figure out what it's doing.
Joined: Jul 30, 2008
Thanks for the reply. On your suggestion i mailed the Stinger author about this issues and this is the reply i got:
The filters apply to every http request, whether they are fielded by an included jsp or a main jsp. It doesn’t look to me like you have defined a rule for your parameter named “tNumber” – you need to tell Stinger what the format of that variable should be. If it’s just a single digit number then the regex would be something like \d or [0-9]. Good luck.
I tried doing this but still getting same errors. This is what i did:
Lower and upper case letters and all digits