|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #47993 htmlentities, htmlspecialchars warnings don't appear on apache 1.3.33
Submitted: 2009-04-16 18:46 UTC Modified: 2009-05-05 14:00 UTC
Avg. Score:4.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: mariusads at helpedia dot com Assigned:
Status: Closed Package: Apache related
PHP Version: 5.2.9 OS: Windows 2003 Web Edition
Private report: No CVE-ID: None
 [2009-04-16 18:46 UTC] mariusads at helpedia dot com
PHP 5.2.9-2 (cli) (built: Apr  9 2009 08:23:19)

htmlspecialchars and htmlentities return empty strings when the text passed to them is not correct in the format you tell it, this is known.

The problem I see is that the with an identical PHP.INI file, the following warnings are showing in logs when used with Apache 2.0.63 but don't appear when used with Apache 1.3.33 (and probably other 1.3.xx):

[Thu Apr 16 20:12:53 2009] [error] [client x.x.x.x] PHP Warning:  htmlspecialchars() [<a href='function.htmlspecialchars'>function.htmlspecialchars</a>]: Invalid multibyte sequence in argument in D:\\website\\file.php on line 83

[Thu Apr 16 19:38:28 2009] [error] [client x.x.x.x] PHP Warning:  htmlentities() [<a href='function.htmlentities'>function.htmlentities</a>]: Invalid multibyte sequence in argument in D:\\website\\file.php on line 83

These warnings appear on Apache 2.0.63, they don't appear on Apache 1.3.33

The INI is configured with error_reporting E_ALL (phpinfo shows error_reporting => 6143 => 6143) and even with E_ALL|E_STRICT the Apache 1.3.33 version doesn't show the warnings but does show recommendations about the date function and timezone settings so the error log clearly works.

Reproduce code:
Download the following NFO file:

Save it in the same folder where you'll run the following code:


$text = file_get_contents('test.nfo');

echo htmlspecialchars($text,ENT_QUOTES,'UTF-8');
echo htmlentities($text, ENT_QUOTES,'UTF-8');
echo 'Done';

The NFO file above contains ASCII art done with characters with ascii code above 0x7F so it's an invalid UTF-8, therefore the functions will both fail returning an empty string. 

That's not the point here - though it's arguable if it's the best solution instead of just ignoring bad unicode chars - please continue reading

The problem is I want to receive a warning, so that I'll be able to use error_get_last() and pass the text through a filter before trying to echo it again. 

In my case it's not possible to pre-filter all nfo files because some contain valid UTF-8 code and no ASCII art, others have only ASCII art.

Expected result:
I should see warning messages in the logs no matter the Apache version.

Actual result:
On Apache 1.3.33, no warnings are shown when htmlentities and htmlspecialchars receive invalid text. 


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2009-04-16 19:30 UTC]
Is the same php.ini used by both apache1 and 2? Are both running 
exactly same PHP version? (check all these from phpinfo() output from 
each server!)
 [2009-04-17 21:36 UTC] mariusads at helpedia dot com
Yes, both servers have:

D:\php>php -v
PHP 5.2.9-2 (cli) (built: Apr  9 2009 08:23:19)

downloaded the same day from the php site.

php.ini derived from php.ini-recommended with minor changes such as setting the smtp mail server.
I don't have any problems uploading the php.ini files somewhere if you guys think it's needed.

Here are the phpinfo dumps, as much as I'm comfortable showing:

the only important diffs seem to be that i have mhash gettext and mysqli enabled on the Apache 1.3.3 version. I tested with and without gettext and the same, no warnings are shown on 1.3.33
 [2009-04-17 21:56 UTC] mariusads at helpedia dot com
I've done further tests on the Apache 1.3.33 version.

With or without php.ini present in c:\windows the error is not reported.
I've also tried with PHP 5.2.5 and it's also not reported, with or without php.ini present.

i've added a trigger_error() call right above the calls to htmlspecialchars or htmlentities and those notices appear in the PHP error log but NOT in the apache error log (configuration option for a virtualhost in httpd.conf).
The warnings for date function usage (when I enabled E_STRICT) appear in both error logs.
 [2009-05-05 02:00 UTC]
Do you have any php settings done in your httpd.conf (or some file it 
includes)? Check for them. Check the phpinfo() output in same script you 
don't get the errors with.
 [2009-05-05 14:00 UTC] mariusads at helpedia dot com
Created test page:

echo 'Hello world!';
echo htmlentities(chr(250),ENT_QUOTES,'UTF-8');

chr(250) is not a valid UTF-8 string, only characters with ASCII code up to 0x7F are allowed in an UTF-8 string, so it should fail.

1. Installed Sun Virtualbox
2. Created a Windows XP virtual machine,  
3. Installed Apache 1.3.41
4. Extracted PHP 5.2.9-2 in C:\PHP
5. Only added the three lines required to make PHP work with Apache in httpd.conf, everything else is default

Nothing is shown besides 'Hello world!' on screen, error log remains empty using both versions of Apache.

If I copy php.ini-recommended to c:\windows\php.ini in Windows and restart the Apache server, the warning is shown in the error log, in both Apache 1.3.41 and Apache 2.0.63.

However, on both my home computer where the problem appears and my dedicated server the php.ini files exist and are almost identical so I don't know what to say.
As I said before, the only changes between the ini files are related to maximum upload size and script execution times.

At this point, I think the best solution would be to just clean up everything related to PHP and Apache and do a fresh install of Apache and PHP on my work computer.
I'll re-open it if I keep having this issue.
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sun Apr 21 21:01:30 2024 UTC