MFB: Fixed bug #44703 (htmlspecialchars() does not detect bad character set argument)

diff --git a/ext/standard/html.c b/ext/standard/html.c
index 3ecd57e7ae6b9b33823bde2869616bbc12ac452f..2d416912659e3eb7ebcf7f25223df46e1120308a 100644 (file)
--- a/ext/standard/html.c
+++ b/ext/standard/html.c
@@ -842,7 +842,7 @@ det_charset:
                
                /* now walk the charset map and look for the codeset */
                for (i = 0; charset_map[i].codeset; i++) {
-                       if (strncasecmp(charset_hint, charset_map[i].codeset, len) == 0) {
+                       if (len == strlen(charset_map[i].codeset) && strncasecmp(charset_hint, charset_map[i].codeset, len) == 0) {
                                charset = charset_map[i].charset;
                                found = 1;
                                break;

diff --git a/ext/standard/tests/strings/bug44703.phpt b/ext/standard/tests/strings/bug44703.phpt
new file mode 100644 (file)
index 0000000..d2cdce9
--- /dev/null
+++ b/ext/standard/tests/strings/bug44703.phpt
@@ -0,0 +1,48 @@
+--TEST--
+Bug #44703 (htmlspecialchars() does not detect bad character set argument)
+--FILE--
+<?php
+
+var_dump(htmlspecialchars("<a href='test'>Test</a>", ENT_COMPAT, 1));
+var_dump(htmlspecialchars("<a href='test'>Test</a>", ENT_COMPAT, 12));
+var_dump(htmlspecialchars("<a href='test'>Test</a>", ENT_COMPAT, 125));
+var_dump(htmlspecialchars("<a href='test'>Test</a>", ENT_COMPAT, 1252));
+var_dump(htmlspecialchars("<a href='test'>Test</a>", ENT_COMPAT, 12526));
+
+var_dump(htmlspecialchars("<>", ENT_COMPAT, 866));
+var_dump(htmlspecialchars("<>", ENT_COMPAT, 8666));
+
+var_dump(htmlspecialchars("<>", ENT_COMPAT, NULL));
+
+
+var_dump(htmlspecialchars("<>", ENT_COMPAT, 'SJIS'));
+var_dump(htmlspecialchars("<>", ENT_COMPAT, 'SjiS'));
+
+var_dump(htmlspecialchars("<>", ENT_COMPAT, str_repeat('a', 100)));
+
+?>
+--EXPECTF--
+Warning: htmlspecialchars(): charset `1' not supported, assuming iso-8859-1 in %s on line %d
+string(35) "&lt;a href='test'&gt;Test&lt;/a&gt;"
+
+Warning: htmlspecialchars(): charset `12' not supported, assuming iso-8859-1 in %s on line %d
+string(35) "&lt;a href='test'&gt;Test&lt;/a&gt;"
+
+Warning: htmlspecialchars(): charset `125' not supported, assuming iso-8859-1 in %s on line %d
+string(35) "&lt;a href='test'&gt;Test&lt;/a&gt;"
+string(35) "&lt;a href='test'&gt;Test&lt;/a&gt;"
+
+Warning: htmlspecialchars(): charset `12526' not supported, assuming iso-8859-1 in %s on line %d
+string(35) "&lt;a href='test'&gt;Test&lt;/a&gt;"
+string(8) "&lt;&gt;"
+
+Warning: htmlspecialchars(): charset `8666' not supported, assuming iso-8859-1 in %s on line %d
+string(8) "&lt;&gt;"
+string(8) "&lt;&gt;"
+string(8) "&lt;&gt;"
+string(8) "&lt;&gt;"
+
+Warning: htmlspecialchars(): charset `aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa' not supported, assuming iso-8859-1 in %s on line %d
+string(8) "&lt;&gt;"
+
+