felipe Fri Apr 11 19:08:05 2008 UTC
Modified files:
/php-src/ext/standard html.c
/php-src/ext/standard/tests/strings bug44703.phpt
Log:
MFB: Fixed bug #44703 (htmlspecialchars() does not detect bad character set
argument)
http://cvs.php.net/viewvc.cgi/php-src/ext/standard/html.c?r1=1.132&r2=1.133&diff_format=u
Index: php-src/ext/standard/html.c
diff -u php-src/ext/standard/html.c:1.132 php-src/ext/standard/html.c:1.133
--- php-src/ext/standard/html.c:1.132 Tue Jan 29 22:03:44 2008
+++ php-src/ext/standard/html.c Fri Apr 11 19:08:04 2008
@@ -18,7 +18,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: html.c,v 1.132 2008/01/29 22:03:44 stas Exp $ */
+/* $Id: html.c,v 1.133 2008/04/11 19:08:04 felipe Exp $ */
/*
* HTML entity resources:
@@ -848,7 +848,7 @@
/* now walk the charset map and look for the codeset */
for (i = 0; charset_map[i].codeset; i++) {
- if (strncasecmp(charset_hint, charset_map[i].codeset,
len) == 0) {
+ if (len == strlen(charset_map[i].codeset) &&
strncasecmp(charset_hint, charset_map[i].codeset, len) == 0) {
charset = charset_map[i].charset;
found = 1;
break;
http://cvs.php.net/viewvc.cgi/php-src/ext/standard/tests/strings/bug44703.phpt?r1=1.1&r2=1.2&diff_format=u
Index: php-src/ext/standard/tests/strings/bug44703.phpt
diff -u /dev/null php-src/ext/standard/tests/strings/bug44703.phpt:1.2
--- /dev/null Fri Apr 11 19:08:05 2008
+++ php-src/ext/standard/tests/strings/bug44703.phpt Fri Apr 11 19:08:05 2008
@@ -0,0 +1,48 @@
+--TEST--
+Bug #44703 (htmlspecialchars() does not detect bad character set argument)
+--FILE--
+<?php
+
+var_dump(htmlspecialchars("<a href='test'>Test</a>", ENT_COMPAT, 1));
+var_dump(htmlspecialchars("<a href='test'>Test</a>", ENT_COMPAT, 12));
+var_dump(htmlspecialchars("<a href='test'>Test</a>", ENT_COMPAT, 125));
+var_dump(htmlspecialchars("<a href='test'>Test</a>", ENT_COMPAT, 1252));
+var_dump(htmlspecialchars("<a href='test'>Test</a>", ENT_COMPAT, 12526));
+
+var_dump(htmlspecialchars("<>", ENT_COMPAT, 866));
+var_dump(htmlspecialchars("<>", ENT_COMPAT, 8666));
+
+var_dump(htmlspecialchars("<>", ENT_COMPAT, NULL));
+
+
+var_dump(htmlspecialchars("<>", ENT_COMPAT, 'SJIS'));
+var_dump(htmlspecialchars("<>", ENT_COMPAT, 'SjiS'));
+
+var_dump(htmlspecialchars("<>", ENT_COMPAT, str_repeat('a', 100)));
+
+?>
+--EXPECTF--
+Warning: htmlspecialchars(): charset `1' not supported, assuming iso-8859-1 in
%s on line %d
+string(35) "<a href='test'>Test</a>"
+
+Warning: htmlspecialchars(): charset `12' not supported, assuming iso-8859-1
in %s on line %d
+string(35) "<a href='test'>Test</a>"
+
+Warning: htmlspecialchars(): charset `125' not supported, assuming iso-8859-1
in %s on line %d
+string(35) "<a href='test'>Test</a>"
+string(35) "<a href='test'>Test</a>"
+
+Warning: htmlspecialchars(): charset `12526' not supported, assuming
iso-8859-1 in %s on line %d
+string(35) "<a href='test'>Test</a>"
+string(8) "<>"
+
+Warning: htmlspecialchars(): charset `8666' not supported, assuming iso-8859-1
in %s on line %d
+string(8) "<>"
+string(8) "<>"
+string(8) "<>"
+string(8) "<>"
+
+Warning: htmlspecialchars(): charset
`aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'
not supported, assuming iso-8859-1 in %s on line %d
+string(8) "<>"
+
+
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
