Re: input length
That says nothing about the Content-Length header. Sure, you could configure your web server to kill the execution of your program after it performs a blocking read for more than 90 seconds, but it wouldn't take much effort at all to DOS your server by sending tiny trivial requests.
Which data loss 'bug' are you referring to?
The one where you lose query parameters.
Parameter separator bug, I presume you are talking about the lack of '=' also setting the value to 1.
Nope. Read the RFCs.
The URI input is parsed using a standard method and is UTF8 compatible
I didn't write "UTF-8". I wrote "encoding". What if, for example, one of your users uses IE on Windows and submits a form with the CP-1252 encoding? Do you know if you handle that correctly? Are you sure that you're decoding characters outside of the ASCII range correctly?