Edit report at https://bugs.php.net/bug.php?id=64010&edit=1
ID: 64010
Updated by: ras...@php.net
Reported by: spam2 at rhsoft dot net
Summary: htmlentities fundamentally broken in 5.4
-Status: Open
+Status: Not a bug
Type: Bug
Package: Scripting Engine problem
Operating System: Linux
PHP Version: 5.4.10
Block user comment: N
Private report: N
New Comment:
If your page is ISO-8859-1 and you are using that as your internal encoding as
well, then you need to specify that. Otherwise it leads to security issues. And
since most people don't use ISO-8859-1 anymore, the safer default is to make
sure
we don't output invalid UTF-8 byte sequences when the developer has not
specified
the encoding.
Previous Comments:
------------------------------------------------------------------------
[2013-01-17 13:08:28] spam2 at rhsoft dot net
and NO it is not a smart idea to change the complete default behavior
it is bullshit, if your page is ISO-8859-1 and you do htmlentities('üöä') it
is fundamentally broken to return empty strings in a random number of funtions
------------------------------------------------------------------------
[2013-01-17 12:40:25] spam2 at rhsoft dot net
WTF - why can i not submit a simple zip containing the spmale input
base64_encoded in a seperate file because here you have only the
option to attach patches
------------------------------------------------------------------------
[2013-01-17 12:36:29] spam2 at rhsoft dot net
Description:
------------
> Like htmlspecialchars(), htmlentities() takes an optional third
> argument encoding which defines encoding used in conversion. If
> omitted, the default value for this argument is ISO-8859-1 in
> versions of PHP prior to 5.4.0, and UTF-8 from PHP 5.4.0 onwards
and you broke randomly applications with this
without specifiy 'ISO-8859-1' we get randomly EMPTY STRINGS back
[harry@rh:/downloads/htmlentities]$ ./test.php
--------------------------------------------------------------------
strlen($input):
4464
--------------------------------------------------------------------
strlen(htmlentities($input, ENT_QUOTES)):
0
--------------------------------------------------------------------
strlen(htmlentities($input, ENT_QUOTES, 'ISO-8859-1')):
6522
Test script:
---------------
#!/usr/bin/php
<?php
$input = base64_decode(file_get_contents(__DIR__ .
'/70acc70b9c93b6a677825241e8165562_base64.txt'));
echo '--------------------------------------------------------------------' .
"\n";
echo 'strlen($input):' . "\n";
echo strlen($input) . "\n";
echo '--------------------------------------------------------------------' .
"\n";
echo 'strlen(htmlentities($input, ENT_QUOTES)):' . "\n";
echo strlen(htmlentities($input, ENT_QUOTES)) . "\n";
echo '--------------------------------------------------------------------' .
"\n";
echo 'strlen(htmlentities($input, ENT_QUOTES, \'ISO-8859-1\')):' . "\n";
echo strlen(htmlentities($input, ENT_QUOTES, 'ISO-8859-1')) . "\n";
?>
Expected result:
----------------
NON-EMPTY reuturn value
------------------------------------------------------------------------
--
Edit this bug report at https://bugs.php.net/bug.php?id=64010&edit=1
