Hi, I'm having some problems with mb_check_encoding. When it's invoked without parameters does it check all the REQUEST variables to see if their values have the same encoding as mb_internal_encoding() ? (This is what I understood from the manual) As far as I know that doesn't happen. Here's an example file : <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html> <head> <title>Help needed</title> <meta http-equiv="Content-Type" content= "text/html; charset=utf-8" /> </head> <body> <form action="?" method="post"> <input type="text" name="foo" value="" /> <input type="submit" value="submit" /> </form> <?php mb_internal_encoding("UTF-8"); var_dump($_REQUEST) ; echo "<p>" ; if (mb_check_encoding()) { echo "request encoding ok" ; } else { echo "request encoding not ok" ; } echo "</p>" ; ?>
</body> </html> If you post the value from your browser, all is ok because the encoding of the page is recognized by the browser as utf-8 (I think). But if I call that page with curl simulating an Invalid encoding attack, I get the same result(request encoding ok). Here's the command I used : curl --data-urlencode $'foo=prov\xef' http://localhost/mine/test/encoding.php Thank you in advance Bye, Giacomo -- PHP Unicode & I18N Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php