Home Original page

htmlspecialchars() does not respect default_charset specified by ini_set

Bug #67988 htmlspecialchars() does not respect default_charset specified by ini_set
Submitted: 2014-09-09 09:45 UTC Modified: 2015-01-25 01:00 UTC
Votes:7
Avg. Score:5.0 ± 0.0
Reproduced:7 of 7 (100.0%)
Same Version:5 (71.4%)
Same OS:4 (57.1%)
From: xela at xela dot org dot ua Assigned: yohgaki (profile)
Status: Closed Package: Strings related
PHP Version: 5.6.5 OS: Linux (all?)
Private report: No CVE-ID: None

 [2014-09-09 09:45 UTC] xela at xela dot org dot ua

Description:
------------
htmlspecialchars() does not respect default_charset specified by ini_set or php_value passed to php-fpm, however it does while it is set by php.ini.

Test script:
---------------
<?php
ini_set('default_charset', 'cp1252');

var_dump(htmlentities("\xA3", ENT_HTML5));
var_dump(htmlentities("\xA3", ENT_HTML5, 'cp1252'));

var_dump(html_entity_decode("&pound;", ENT_HTML5));
var_dump(html_entity_decode("&pound;", ENT_HTML5, 'cp1252'));


Expected result:
----------------
Script should print:

string(7) "&pound;"
string(7) "&pound;"
string(1) "▒"
string(1) "▒"


Actual result:
--------------
Script printed:

string(0) ""
string(7) "&pound;"
string(2) "£"
string(1) "▒"

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

 [2014-11-16 22:48 UTC] xela at xela dot org dot ua

-PHP Version: 5.6.0 +PHP Version: 5.6.2

 [2014-11-16 22:48 UTC] xela at xela dot org dot ua

Still exists in 5.6.2

 [2014-12-08 15:29 UTC] xela at xela dot org dot ua

-PHP Version: 5.6.2 +PHP Version: 5.6.3

 [2014-12-08 15:29 UTC] xela at xela dot org dot ua

Still exists in 5.6.3

 [2014-12-20 10:43 UTC] xela at xela dot org dot ua

-Operating System: CentOS Linux 6.5 +Operating System: CentOS Linux 6.6 -PHP Version: 5.6.3 +PHP Version: 5.6.4

 [2014-12-20 10:43 UTC] xela at xela dot org dot ua

Still exists in 5.6.4

 [2015-01-24 17:20 UTC] xela at xela dot org dot ua

-Operating System: CentOS Linux 6.6 +Operating System: Linux (all?) -PHP Version: 5.6.4 +PHP Version: 5.6.5

 [2015-01-24 17:20 UTC] xela at xela dot org dot ua

Still exists in 5.6.5

 [2015-01-25 00:39 UTC] yohgaki@php.net

Thank you for reminding. I'll check when I have time to remove mbstring.*, iconv.* INI settings from PHP7. i.e. mbstring.http_input/etc removal is accepted by RFC.

 [2015-01-25 00:52 UTC] yohgaki@php.net

I spotted what's wrong. I need PHP_INI_MH() obviously. I'll try to fix this before next monthly release.

 [2015-01-25 01:00 UTC] xela at xela dot org dot ua

yohgaki, thank you a lot.
Current behaviour won't let users who still use single-byte charsets sites to upgrade from php 5.3. This fix will allow again run such sites with the only ini_set call added.

 [2015-02-21 12:51 UTC] lzsiga at freemail dot c3 dot hu

It this bug about htmlspecialchars or htmlentites? Regarding htmlspecialchars, the discussion in this bugreport might be interesting: https://bugs.php.net/bug.php?id=47494