On 03/26/2010 05:39 AM, Johannes Schlüter wrote:
> On Tue, 2010-03-23 at 18:08 +0000, Rasmus Lerdorf wrote:
>> rasmus                                   Tue, 23 Mar 2010 18:08:06 +0000
>> Revision: http://svn.php.net/viewvc?view=revision&revision=296685
>> Log:
>> Switch default_charset, if not specified, from ISO-8859-1 to UTF-8
>> I have been wanting to make this change for years, but there is a small
>> chance of BC issues, so it shouldn't go into a minor release.
> I in "my world" this isn't just a small chance of a break. Over here
> every application has to deal with non-ASCII characters (äöüßÄÖÜ). Many
> "average" applications don't set the encoding, most don't care. 
> With the environments using more and more Utf-8 (operating system
> environments, editor defaults, ...) the change is good but it is no
> small thing but will cause "trouble" for many users having iso-8859-1
> texts in their database and getting broken pages after the upgrade and
> we should advise users to mind their encodings!
> Fixing applications is easy, getting the knowledge to our users is hard.

Well, they don't necessarily have to fix their application.  They can
just put: default_charset=iso-8859-1 in their php.ini.
But, I also consider it a security fix.  There are a lot of apps out
there that assume utf-8, but don't explicitly set it in PHP.  They will
send an http-equiv meta header specifying utf-8, but since they haven't
told PHP they are in utf-8, functions like htmlspecialchars and
htmlentities will not strip out invalid utf-8 characters which causes
XSS problems.


PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to