#43896 [Opn->Asn]: htmlspecialchars() returns empty string on invalid unicode sequence

Sun, 02 Nov 2008 05:27:57 -0800 

 ID:               43896
 Updated by:       [EMAIL PROTECTED]
 Reported By:      arnaud dot lb at gmail dot com
-Status:           Open
+Status:           Assigned
 Bug Type:         Strings related
 Operating System: *
 PHP Version:      5CVS-2008-07-15
-Assigned To:      
+Assigned To:      lbarnaud
 New Comment:

Arnaud, fix it yourself.


Previous Comments:
------------------------------------------------------------------------

[2008-10-21 12:08:38] [EMAIL PROTECTED]

Actually "The tool" to use for incoming data is the filter extension..

------------------------------------------------------------------------

[2008-09-11 12:52:16] [EMAIL PROTECTED]

Not considering this as a bug (or rather a regression) is a major flaw
IMO.
htmlspecialchars() is *THE* tool that developers are encouraged to use
when escaping output of data that comes from an unknown source. By
nature you can't always rely on this data to be perfectly valid. People
copy and paste from Word to HTML forms and do all kind of weird stuff to
get data into a website.
Simply discarding the complete data just because it's not a completely
valid character stream is going break all kind of websites with user
generated content.

------------------------------------------------------------------------

[2008-07-18 00:10:45] [EMAIL PROTECTED]

I even don't think this is a valid bug in the first place. You passed a

string that is encoded in ISO-8859-15 to htmlspecialchars() while 
specifying UTF-8 to force the string to be treated as "UTF-8". One 
should never depend on the past wrond behaviour with which invalid byte

sequences pass through. Besides, you can always work around it by
giving 
ISO-8859-15 to the third argument.





------------------------------------------------------------------------

[2008-06-27 17:32:43] sillyxone at yaoo dot com

  is also affected in 5.2, for example:

$str = 'Hello' . chr(160) . 'there';
print(htmlentities($str, ENT_COMPAT, 'UTF-8'));

Instead of printing "Hello there", it prints nothing (empty string).
The same for htmlspecialchars().

Both functions work fine in 5.1

------------------------------------------------------------------------

[2008-05-05 21:00:37] heurika at gmail dot com

Hi,
I've got the same Bug, posted on #43740.
Please fix it.

Thanks!

------------------------------------------------------------------------

The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
    http://bugs.php.net/43896

-- 
Edit this bug report at http://bugs.php.net/?id=43896&edit=1

Reply via email to