PHP :: Bug #45581 :: htmlspecialchars() double encoding &#x hex items

Bug #45581

htmlspecialchars() double encoding &#x hex items

Submitted:

2008-07-21 14:14 UTC

Modified:

2008-08-10 13:27 UTC

Votes:	1
Avg. Score:	4.0 ± 0.0
Reproduced:	1 of 1 (100.0%)
Same Version:	1 (100.0%)
Same OS:	1 (100.0%)

From:

funky2step at gmail dot com

Assigned:

Status:

Closed

Package:

Strings related

PHP Version:

5.2.6

OS:

Red Hat Enterprise Linux ES

Private report:

CVE-ID:

None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	funky2step at gmail dot com
New email:
PHP Version:		OS:

New Comment:

[2008-07-21 14:14 UTC] funky2step at gmail dot com

Description:
------------
Trying to use htmlspecialchars() on a string containing &#xHEX; characters e.g. &#xA3;
With double encode set to false, it still converts the & to &amp;

Reproduce code:
---------------
$str = "&#xA3; one & two";
$out = htmlspecialchars($content, ENT_COMPAT, 'UTF-8', FALSE);
echo $out;

Expected result:
----------------
&#xA3; one &amp; two

Actual result:
--------------
&amp;#xA3; one &amp; two

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2008-07-21 14:21 UTC] funky2step at gmail dot com

obviously that should have been $out = htmlspecialchars($str, ENT_COMPAT, 'UTF-8', FALSE);
:)

[2008-07-21 16:01 UTC] jani@php.net

It's just that the function does not understand the hex entities. :)

[2008-07-22 14:40 UTC] funky2step at googlemail dot com

Thanks for the prompt reply. I understood though that this function with double encode arg set to false would not act on _any_ existing html entities.
Is there a reason why it does not recognize these codes, or is it an oversight/bug?

[2008-08-10 13:27 UTC] lbarnaud@php.net

This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Nov 21 10:01:29 2024 UTC