Hi,
I'm having some problems with mb_check_encoding.
When it's invoked without parameters does it check
all the REQUEST variables to see if their values have the same
encoding
as mb_internal_encoding() ? (This is what I understood from the
manual)
As far as I know that doesn't happen.
Here's an example file :
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";>
     <html>
       <head>
         <title>Help needed</title>
         <meta http-equiv="Content-Type" content=
                 "text/html; charset=utf-8" />
       </head>
       <body>
        <form action="?" method="post">
        <input type="text" name="foo" value="" />
        <input type="submit"  value="submit" />
        </form>
        <?php
mb_internal_encoding("UTF-8");
var_dump($_REQUEST) ;
echo "<p>" ;
if (mb_check_encoding()) {
   echo "request encoding ok" ;
} else {
   echo "request encoding not ok" ;
}
echo "</p>" ;
?>

       </body>
     </html>

If you post the value from your browser, all is ok because the
encoding of the page is recognized by the browser as utf-8 (I think).
But if I call that page with curl simulating an Invalid encoding
attack,
I get the same result(request encoding ok).
Here's the command I used :
curl  --data-urlencode  $'foo=prov\xef' 
http://localhost/mine/test/encoding.php
Thank you in advance
Bye,
Giacomo

-- 
PHP Unicode & I18N Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to