Function "htmlspecialchars" breaks down UTF-8 encoding

7 views
Skip to first unread message

Alexander Obuhovich

unread,
Sep 28, 2012, 9:55:17 AM9/28/12
to Bugs In-Portal
I didn't new before, but function "htmlspecialchars" not only escapes text to be safe for usage inside a HTML/XML, but also converts it's encoding to ISO-8859-1 (PHP 5.3.x and below).
As a result any UTF-8 encoded string will be encoded into ISO-8859-1 (after escaping) and all special symbols (e.g. resulted from pasting text from Microsoft Word) would have incorrect encoding, when presented back to user who has UTF-8 encoding on a page.

In PHP 5.4 and up default charset for this function is UTF-8.


As a fix I propose to pass CHARSET constant's value explicitly in each call of htmlspecialchars function across all In-Portal and it's modules.



--
Best Regards,

http://www.in-portal.com
http://www.alex-time.com

Dmitry A.

unread,
Oct 24, 2012, 2:19:35 AM10/24/12
to in-port...@googlegroups.com
Hi Alex,


Good catch - I didn't know that either.

Please create a task for this bug.


DA

Alexander Obuhovich

unread,
Nov 2, 2012, 10:15:02 AM11/2/12
to Bugs In-Portal
Task: http://tracker.in-portal.org/view.php?id=1423

Ready for testing.


--
You received this message because you are subscribed to the Google Groups "In-Portal Bugs Team" group.
To view this discussion on the web visit https://groups.google.com/d/msg/in-portal-bugs/-/5lw1jyjeUTYJ.
To post to this group, send email to in-port...@googlegroups.com.
To unsubscribe from this group, send email to in-portal-bug...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/in-portal-bugs?hl=en.
htmlspecialchars_encoding_core_fix.patch
htmlspecialchars_encoding_modules_fix.patch
Reply all
Reply to author
Forward
0 new messages