felipe Fri Apr 11 19:08:05 2008 UTC Modified files: /php-src/ext/standard html.c /php-src/ext/standard/tests/strings bug44703.phpt Log: MFB: Fixed bug #44703 (htmlspecialchars() does not detect bad character set argument) http://cvs.php.net/viewvc.cgi/php-src/ext/standard/html.c?r1=1.132&r2=1.133&diff_format=u Index: php-src/ext/standard/html.c diff -u php-src/ext/standard/html.c:1.132 php-src/ext/standard/html.c:1.133 --- php-src/ext/standard/html.c:1.132 Tue Jan 29 22:03:44 2008 +++ php-src/ext/standard/html.c Fri Apr 11 19:08:04 2008 @@ -18,7 +18,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: html.c,v 1.132 2008/01/29 22:03:44 stas Exp $ */ +/* $Id: html.c,v 1.133 2008/04/11 19:08:04 felipe Exp $ */ /* * HTML entity resources: @@ -848,7 +848,7 @@ /* now walk the charset map and look for the codeset */ for (i = 0; charset_map[i].codeset; i++) { - if (strncasecmp(charset_hint, charset_map[i].codeset, len) == 0) { + if (len == strlen(charset_map[i].codeset) && strncasecmp(charset_hint, charset_map[i].codeset, len) == 0) { charset = charset_map[i].charset; found = 1; break; http://cvs.php.net/viewvc.cgi/php-src/ext/standard/tests/strings/bug44703.phpt?r1=1.1&r2=1.2&diff_format=u Index: php-src/ext/standard/tests/strings/bug44703.phpt diff -u /dev/null php-src/ext/standard/tests/strings/bug44703.phpt:1.2 --- /dev/null Fri Apr 11 19:08:05 2008 +++ php-src/ext/standard/tests/strings/bug44703.phpt Fri Apr 11 19:08:05 2008 @@ -0,0 +1,48 @@ +--TEST-- +Bug #44703 (htmlspecialchars() does not detect bad character set argument) +--FILE-- +<?php + +var_dump(htmlspecialchars("<a href='test'>Test</a>", ENT_COMPAT, 1)); +var_dump(htmlspecialchars("<a href='test'>Test</a>", ENT_COMPAT, 12)); +var_dump(htmlspecialchars("<a href='test'>Test</a>", ENT_COMPAT, 125)); +var_dump(htmlspecialchars("<a href='test'>Test</a>", ENT_COMPAT, 1252)); +var_dump(htmlspecialchars("<a href='test'>Test</a>", ENT_COMPAT, 12526)); + +var_dump(htmlspecialchars("<>", ENT_COMPAT, 866)); +var_dump(htmlspecialchars("<>", ENT_COMPAT, 8666)); + +var_dump(htmlspecialchars("<>", ENT_COMPAT, NULL)); + + +var_dump(htmlspecialchars("<>", ENT_COMPAT, 'SJIS')); +var_dump(htmlspecialchars("<>", ENT_COMPAT, 'SjiS')); + +var_dump(htmlspecialchars("<>", ENT_COMPAT, str_repeat('a', 100))); + +?> +--EXPECTF-- +Warning: htmlspecialchars(): charset `1' not supported, assuming iso-8859-1 in %s on line %d +string(35) "<a href='test'>Test</a>" + +Warning: htmlspecialchars(): charset `12' not supported, assuming iso-8859-1 in %s on line %d +string(35) "<a href='test'>Test</a>" + +Warning: htmlspecialchars(): charset `125' not supported, assuming iso-8859-1 in %s on line %d +string(35) "<a href='test'>Test</a>" +string(35) "<a href='test'>Test</a>" + +Warning: htmlspecialchars(): charset `12526' not supported, assuming iso-8859-1 in %s on line %d +string(35) "<a href='test'>Test</a>" +string(8) "<>" + +Warning: htmlspecialchars(): charset `8666' not supported, assuming iso-8859-1 in %s on line %d +string(8) "<>" +string(8) "<>" +string(8) "<>" +string(8) "<>" + +Warning: htmlspecialchars(): charset `aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa' not supported, assuming iso-8859-1 in %s on line %d +string(8) "<>" + +
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php