Bug #55174 [Com]: htmlspecialchars buggy

Tue, 07 May 2013 13:18:57 -0700 

Edit report at https://bugs.php.net/bug.php?id=55174&edit=1

 ID:                 55174
 Comment by:         new dot false dot email at gmail dot com
 Reported by:        development at dayside dot net
 Summary:            htmlspecialchars buggy
 Status:             Not a bug
 Type:               Bug
 Package:            *General Issues
 Operating System:   winxp sp3
 PHP Version:        5.4.0alpha1
 Block user comment: N
 Private report:     N

 New Comment:

try this, it worked for me:

htmlspecialchars('Test123 äöüß', ENT_QUOTES | ENT_HTML401, '');
this is the important part --------------------------------^


Previous Comments:
------------------------------------------------------------------------
[2011-07-12 03:16:06] [email protected]

That's the only safe approach. If you don't know the encoding of the 
characters, you can't possibly know that they are safe to output since they 
aren't valid in your current encoding. Trying to clean up a string full of 
invalid characters is dangerous. The only safe approach is to not allow them.

As for not being allowed to change your php.ini, that's fine, that's why the 
htmlspecialchars() call takes an optional encoding argument.

------------------------------------------------------------------------
[2011-07-12 01:26:51] development at dayside dot net

correct me if i'm wrong, but this function returns nothin' in case of 'Test123'
and thats okay ? 
...and not everyone is allowed to change that php.ini setting

in some cases as a user you dont know which encoding is used... 
in such a case htmlspecialchars discards all data... thats a fantastic idea..

------------------------------------------------------------------------
[2011-07-11 12:34:59] [email protected]

You can also set your default_charset back to iso-8859-1 in your php.ini file, 
but really these days you should be using utf-8.

------------------------------------------------------------------------
[2011-07-11 10:16:10] [email protected]

The default encoding as of PHP 5.4 is UTF-8 (it was ISO-8859-1 before). 
Therefore, if your string is in ISO-8859-1, you must specify the encoding.

Closing as bogus.

------------------------------------------------------------------------
[2011-07-11 07:05:33] development at dayside dot net

Description:
------------
when any string contains any char of these -> äöüß 
and the string is processed with htmlspecialchars it results in an empty 
string...

Test script:
---------------
<?php 

echo htmlspecialchars('Test123 äöüß');

?>

Actual result:
--------------
nothin...


------------------------------------------------------------------------



-- 
Edit this bug report at https://bugs.php.net/bug.php?id=55174&edit=1

Reply via email to