php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #67988 htmlspecialchars() does not respect default_charset specified by ini_set
Submitted: 2014-09-09 09:45 UTC Modified: 2015-01-25 01:00 UTC
Votes:7
Avg. Score:5.0 ± 0.0
Reproduced:7 of 7 (100.0%)
Same Version:5 (71.4%)
Same OS:4 (57.1%)
From: xela at xela dot org dot ua Assigned: yohgaki
Status: Closed Package: Strings related
PHP Version: 5.6.5 OS: Linux (all?)
Private report: No CVE-ID:
 [2014-09-09 09:45 UTC] xela at xela dot org dot ua
Description:
------------
htmlspecialchars() does not respect default_charset specified by ini_set or php_value passed to php-fpm, however it does while it is set by php.ini.

Test script:
---------------
<?php
ini_set('default_charset', 'cp1252');

var_dump(htmlentities("\xA3", ENT_HTML5));
var_dump(htmlentities("\xA3", ENT_HTML5, 'cp1252'));

var_dump(html_entity_decode("&pound;", ENT_HTML5));
var_dump(html_entity_decode("&pound;", ENT_HTML5, 'cp1252'));


Expected result:
----------------
Script should print:

string(7) "&pound;"
string(7) "&pound;"
string(1) "▒"
string(1) "▒"


Actual result:
--------------
Script printed:

string(0) ""
string(7) "&pound;"
string(2) "£"
string(1) "▒"


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2014-11-16 22:48 UTC] xela at xela dot org dot ua
-PHP Version: 5.6.0 +PHP Version: 5.6.2
 [2014-11-16 22:48 UTC] xela at xela dot org dot ua
Still exists in 5.6.2
 [2014-12-08 15:29 UTC] xela at xela dot org dot ua
-PHP Version: 5.6.2 +PHP Version: 5.6.3
 [2014-12-08 15:29 UTC] xela at xela dot org dot ua
Still exists in 5.6.3
 [2014-12-20 10:43 UTC] xela at xela dot org dot ua
-Operating System: CentOS Linux 6.5 +Operating System: CentOS Linux 6.6 -PHP Version: 5.6.3 +PHP Version: 5.6.4
 [2014-12-20 10:43 UTC] xela at xela dot org dot ua
Still exists in 5.6.4
 [2015-01-03 01:25 UTC] yohgaki@php.net
-Assigned To: +Assigned To: yohgaki
 [2015-01-24 17:20 UTC] xela at xela dot org dot ua
-Operating System: CentOS Linux 6.6 +Operating System: Linux (all?) -PHP Version: 5.6.4 +PHP Version: 5.6.5
 [2015-01-24 17:20 UTC] xela at xela dot org dot ua
Still exists in 5.6.5
 [2015-01-25 00:39 UTC] yohgaki@php.net
Thank you for reminding. I'll check when I have time to remove mbstring.*, iconv.* INI settings from PHP7. i.e. mbstring.http_input/etc removal is accepted by RFC.
 [2015-01-25 00:52 UTC] yohgaki@php.net
-Status: Assigned +Status: Verified
 [2015-01-25 00:52 UTC] yohgaki@php.net
I spotted what's wrong. I need PHP_INI_MH() obviously. I'll try to fix this before next monthly release.
 [2015-01-25 01:00 UTC] xela at xela dot org dot ua
yohgaki, thank you a lot.
Current behaviour won't let users who still use single-byte charsets sites to upgrade from php 5.3. This fix will allow again run such sites with the only ini_set call added.
 [2015-02-03 10:01 UTC] yohgaki@php.net
Automatic comment on behalf of yohgaki
Revision: http://git.php.net/?p=php-src.git;a=commit;h=436ba1c4886024278337a8fe446c05a0629e4215
Log: Fixed Bug #67988 htmlspecialchars() does not respect default_charset specified by ini_set.
 [2015-02-03 10:01 UTC] yohgaki@php.net
-Status: Verified +Status: Closed
 [2015-02-21 12:51 UTC] lzsiga at freemail dot c3 dot hu
It this bug about htmlspecialchars or htmlentites? Regarding htmlspecialchars, the discussion in this bugreport might be interesting: https://bugs.php.net/bug.php?id=47494
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Sat Feb 25 11:01:48 2017 UTC