Name-value pairs with an empty string for the value causes an ArrayIndexOutOfBoundsException at line 83. This is because the split on the equals sign incorrectly assumes that an array position will be created for the empty value.

For example, given the post "name=jon&address1=123+Main+St&address2=&zip=12345", address2 is perfectly valid w/o a value. However, this class-after splitting on the ampersand-splits on the equals sign. For the address2 field, this will result in an array of size 1. The class makes an unchecked, hardcoded access to array position two (index 1):

if (param.indexOf('=') >= 0)
{
String[] nv = param.split("=");
try
{
if (encoded)

{ formData.add(nv[0], nv[1]); }

else

{ formData.add(URLDecoder.decode(nv[0], "UTF-8"), URLDecoder.decode(nv[1], "UTF-8")); }
}
catch (UnsupportedEncodingException e)
{ throw new RuntimeException(e); }
}


To fix it, should be changed to something like:

if (param.indexOf('=') >= 0)
{
String[] nv = param.split("=");
try
{
if (encoded)
{ formData.add(nv[0], nv.length > 1 ? nv[1] : ""); }
else
{ formData.add(URLDecoder.decode(nv[0], "UTF-8"), URLDecoder.decode(nv[1], "UTF-8")); }

}
catch (UnsupportedEncodingException e)

{ throw new RuntimeException(e); }

}