Hi,
I'm having some problems with mb_check_encoding.
When it's invoked without parameters does it check
all the REQUEST variables to see if their values have the same
encoding
as mb_internal_encoding() ? (This is what I understood from the
manual)
As far as I know that doesn't happen.
Here's an example file :
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";>
<html>
<head>
<title>Help needed</title>
<meta http-equiv="Content-Type" content=
"text/html; charset=utf-8" />
</head>
<body>
<form action="?" method="post">
<input type="text" name="foo" value="" />
<input type="submit" value="submit" />
</form>
<?php
mb_internal_encoding("UTF-8");
var_dump($_REQUEST) ;
echo "<p>" ;
if (mb_check_encoding()) {
echo "request encoding ok" ;
} else {
echo "request encoding not ok" ;
}
echo "</p>" ;
?>
</body>
</html>
If you post the value from your browser, all is ok because the
encoding of the page is recognized by the browser as utf-8 (I think).
But if I call that page with curl simulating an Invalid encoding
attack,
I get the same result(request encoding ok).
Here's the command I used :
curl --data-urlencode $'foo=prov\xef'
http://localhost/mine/test/encoding.php
Thank you in advance
Bye,
Giacomo
--
PHP Unicode & I18N Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
