PHP :: Bug #21614 :: Non-ASCII characters get entity escaped on input from MSIE only

Bug #21614

Non-ASCII characters get entity escaped on input from MSIE only

Submitted:

2003-01-13 07:29 UTC

Modified:

2003-01-16 05:06 UTC

Votes:	1
Avg. Score:	5.0 ± 0.0
Reproduced:	1 of 1 (100.0%)
Same Version:	1 (100.0%)
Same OS:	1 (100.0%)

From:

james dot aylett at tangozebra dot com

Assigned:

Status:

Closed

Package:

*General Issues

PHP Version:

4.3.0

OS:

Various

Private report:

CVE-ID:

None

View Add Comment Developer Edit

[2003-01-13 07:29 UTC] james dot aylett at tangozebra dot com

Entering non-ASCII data (eg in ISO-8859-1) using MSIE 6 and 5.5 (possibly others) via an HTTP POST (multipart/form-data, perhaps others) request to PHP 4.2.3 as a dynamically-loaded Apache (1.3 series) module causes the non-ASCII characters to be HTML entity escaped. eg:

?tan -> &eacute;tan

This does not happen with Mozilla 1.2b (20021016), and did not happen with PHP 4.1.2 (with mbstring enabled). It happens with both mbstring enabled and disabled on PHP 4.2.3. It has been observed on Debian GNU/Linux, FreeBSD and WinXP.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2003-01-13 19:01 UTC] sniper@php.net

Thank you for taking the time to report a problem with PHP.
Unfortunately you are not using a current version of PHP -- 
the problem might already be fixed. Please download a new
PHP version from http://www.php.net/downloads.php

If you are able to reproduce the bug with one of the latest
versions of PHP, please change the PHP version on this bug report
to the version you tested and change the status back to "Open".
Again, thank you for your continued support of PHP.

[2003-01-15 05:06 UTC] james dot aylett at tangozebra dot com

Verified as still present in 4.3.0 without mbstring enabled running on Solaris.

[2003-01-15 15:54 UTC] sniper@php.net

Does it only happen with multipart/form-data posts?
Can you give us a short, simple script?

[2003-01-16 05:06 UTC] james dot aylett at tangozebra dot com

With some embarrassment, I now discover that this is actually MSIE's fault after all. I did test a minimal case before I submitted the bug, but unfortunately missed out one crucial detail. I'm closing this bug (mea culpa), but perhaps a hint could be added to documentation at some point to prevent people falling foul of the same issue?

If you set the charset on your content-type in the _source_ document (presumably via HTTP, and definitely using meta http-equiv in an HTML document), MSIE will entity-escape any characters falling outside that charset for any form submissions from within that document. Mozilla/NSN6+ doesn't do this, and I don't think it's unreasonable to assume this is just another weird MSIE bug. Presumably setting the charset to UTF-8 will prevent IE from escaping any characters. (That runs into difficulties with the most common configuration of PHP + mysql, however.)

Apologies for pointing the finger in the wrong direction ... :-(

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Mon May 20 04:01:32 2024 UTC