From: mariusads at helpedia dot com Operating system: Redhat?, Linux PHP version: 5.2.5 PHP Bug Type: Unknown/Other Function Bug description: changes made to htmlentities
Description: ------------ I run a website that accepts game cheats submissions from users and displays them in categories and so on. User submits .txt files which are saved on the driver, a certain page on the website reads the text file or a fragment of it, performs htmlentities on it and displays it on the screen. Recently, the hosting company upgraded PHP to PHP 5.2.5 and with htmlentities returned an empty string when trying to escape it. I understand this is probably because of that fix regarding multi-byte characters in string, making htmlentities ignore input. That seems dumb a bit, shouldn't it return at least a string part that's before that multibyte character? Anyway, the file submitted is plain text and I honestly don't know what characters are wrong, that it would make htmlentities to ignore the text. The file is uploaded here: http://www.tgdb.net/a.txt In the scripts I have the following code: function htmlesc($text) { $s = html_entity_decode($text,ENT_QUOTES,'UTF-8'); return htmlentities($s,ENT_QUOTES,'UTF-8');} } The text passes html_entity_decode with no problems but htmlentities returns empty string. If possible, could you please tell me how could I check in the future if a string contains multibyte characters, so that i don't have this problem? Right now, the only solution the hosting company gave to me was to add a rule in .htaccess which makes the server process the PHP files with PHP4. Thank you for your help. Marius Hudea PS. The captcha doesn't seem to work right, I'm sure I didn't get the captcha wrong 8 times in a row Reproduce code: --------------- I've used the code below uploaded on several web servers to test: <html><body> <? $text = $_REQUEST['text']; echo htmlentities($text,ENT_QUOTES,'UTF-8'); ?> <form name="A" method="post"> <textarea name="text"></textarea> <input name="sub" type="submit" value="submit"/> </form> </body></html> Test file: http://www.tgdb.net/a.txt Expected result: ---------------- Expected to have the text displayed on the screen, to have the function return a non-empty string. Expected at least a partial string, up to that error, not having to check scripts for 5 minutes to see what went wrong. Actual result: -------------- Copy and paste text from a.txt results in an empty string. Any other text is processed correctly. -- Edit bug report at http://bugs.php.net/?id=43549&edit=1 -- Try a CVS snapshot (PHP 4.4): http://bugs.php.net/fix.php?id=43549&r=trysnapshot44 Try a CVS snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=43549&r=trysnapshot52 Try a CVS snapshot (PHP 5.3): http://bugs.php.net/fix.php?id=43549&r=trysnapshot53 Try a CVS snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=43549&r=trysnapshot60 Fixed in CVS: http://bugs.php.net/fix.php?id=43549&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=43549&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=43549&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=43549&r=needscript Try newer version: http://bugs.php.net/fix.php?id=43549&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=43549&r=support Expected behavior: http://bugs.php.net/fix.php?id=43549&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=43549&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=43549&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=43549&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=43549&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=43549&r=dst IIS Stability: http://bugs.php.net/fix.php?id=43549&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=43549&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=43549&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=43549&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=43549&r=mysqlcfg
