By default, when java converts Strings to bytes, it uses the
default system locale. This can be specified by the -Dfile.encoding
option. If no file encoding is specified, java uses ISO8859_1.
Unfortunately, not all unicode characters can be mapped to
ISO8859_1. Unmappable characters may be replaced by a byte
within ISO8859_1, which may change the meaning of the String.
This is especially problematic for password strings, and has
been used to compromise the security of passwords in the
past.
Thankfully, Android uses UTF-8 by default, so this bug doesn't
effect Android devices. However, it's recommended to explicitly
list the character set when converting to/from bytes to
avoid the potential ambiguity.
Change-Id: Iec927e27ed3fc103696c439f6bd3e8779a37ade8
This is a fix for issue 2485033. It is not a final fix, but just starting with this so it can be discussed on code review. The line in question
was added to fix issue 1690652.
Updated fix. Stores the url before it is cut during a redirect. Forwards this to the reponse instead of the cut url.
Update 2: Using the old originalUrl
Change-Id: I286084451aa45e51d5d07811f9d119cf83849592
When there are two configs in a StringPool that would match a string ID
only keep the more generic entry to save some space. This means that if
you have both "es" and "es_US" translations that have the same
translation, the string entry would be removed from the "es_US" config.
Change-Id: I4d619942d35ddb477e2eabe4437b7f02697c24de
On insert(), check to see if the value is redundant by checking if
it's the same value already in our cache (but without faulting it in
to check). If so, avoid hitting sqlite or spamming all the
notification listeners with such uselessness.
This reportedly is happening a fair bit.
Change-Id: If58feb3ff1d00027dd927e0900087388cbcd72ae
This loosens our restriction on many manifest attributes requiring
literal string values, to allow various ones to use values from
resources. This is only allowed if the resource value does not change
from configuration changes, and the restriction is still in place
for attributes that are core to security (requesting permissions) or
market operation (used libraries and features etc).
Change-Id: I4da02f6a5196cb6a7dbcff9ac25403904c42c2c8
When query() uses bulkQuery() and we know we're going to need some
metadata right afterwards (number of rows and column index of _id, if
present), just asked for it in the initial binder transaction instead
of immediately fetching it again.
Also, this defers loading column names until the client asks for them.
This gets down the simpler (and very common) use cases of
ContentProvider.query() down to 3 binder calls:
QUERY_TRANSACTION to android.content.ContentProvider$Transport
GET_CURSOR_WINDOW_TRANSACTION to android.database.CursorToBulkCursorAdaptor
CLOSE_TRANSACTION to android.database.CursorToBulkCursorAdaptor
More can still be done, but this is a good bite-sized first piece.
Change-Id: I7ad45949f53e0097ff18c2478d659f0f36929693
