Function "htmlspecialchars" breaks down UTF-8 encoding

Skip to first unread message

Alexander Obuhovich

Sep 28, 2012, 9:55:17 AM9/28/12
to Bugs In-Portal
I didn't new before, but function "htmlspecialchars" not only escapes text to be safe for usage inside a HTML/XML, but also converts it's encoding to ISO-8859-1 (PHP 5.3.x and below).
As a result any UTF-8 encoded string will be encoded into ISO-8859-1 (after escaping) and all special symbols (e.g. resulted from pasting text from Microsoft Word) would have incorrect encoding, when presented back to user who has UTF-8 encoding on a page.

In PHP 5.4 and up default charset for this function is UTF-8.

As a fix I propose to pass CHARSET constant's value explicitly in each call of htmlspecialchars function across all In-Portal and it's modules.

Best Regards,

Dmitry A.

Oct 24, 2012, 2:19:35 AM10/24/12
Hi Alex,

Good catch - I didn't know that either.

Please create a task for this bug.


Alexander Obuhovich

Nov 2, 2012, 10:15:02 AM11/2/12
to Bugs In-Portal

Ready for testing.

You received this message because you are subscribed to the Google Groups "In-Portal Bugs Team" group.
To view this discussion on the web visit
To post to this group, send email to
To unsubscribe from this group, send email to
For more options, visit this group at
Reply all
Reply to author
0 new messages