From: Arnaud Le Blanc <lbarnaud@php.net>
Date: Sun, 10 Aug 2008 13:26:25 +0000 (+0000)
Subject: MFH: Fixed bug #45581 (htmlspecialchars() double encoding &#x hex items)
X-Git-Tag: php-5.2.7RC1~129
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=02fc0f02556001f1637a6135f47d2f0f03ea5506;p=php

MFH: Fixed bug #45581 (htmlspecialchars() double encoding &#x hex items)
---

diff --git a/NEWS b/NEWS
index 719e9d1768..95f33f2b6f 100644
--- a/NEWS
+++ b/NEWS
@@ -18,6 +18,7 @@ PHP                                                                        NEWS
   (Jani)
 - Fixed bug #45691 (Some per-dir or runtime settings may leak into other
   requests). (Moriyoshi)
+- Fixed bug #45581 (htmlspecialchars() double encoding &#x hex items). (Arnaud)
 - Fixed bug #45568 (ISAPI doesn't properly clear auth_digest in header).
   (Patch by: navara at emclient dot com)
 - Fixed bug #45556 (Return value from callback isn't freed). (Felipe)
diff --git a/ext/standard/html.c b/ext/standard/html.c
index b544184fb8..386a63fe2e 100644
--- a/ext/standard/html.c
+++ b/ext/standard/html.c
@@ -1199,9 +1199,20 @@ encode_amp:
 					} else {
 						if (*s == '#') { /* numeric entities */
 							s++;
-							while (s < e) {
-								if (!isdigit(*s++)) {
-									goto encode_amp;
+							/* Hex (&#x5A;) */
+							if (*s == 'x' || *s == 'X') {
+								s++;
+								while (s < e) {
+									if (!isxdigit(*s++)) {
+										goto encode_amp;
+									}
+								}
+							/* Dec (&#90;)*/
+							} else {
+								while (s < e) {
+									if (!isdigit(*s++)) {
+										goto encode_amp;
+									}
 								}
 							}
 						} else { /* text entities */
diff --git a/ext/standard/tests/strings/htmlentities18.phpt b/ext/standard/tests/strings/htmlentities18.phpt
index ab3df05da8..8970be8a08 100644
--- a/ext/standard/tests/strings/htmlentities18.phpt
+++ b/ext/standard/tests/strings/htmlentities18.phpt
@@ -6,7 +6,8 @@ $tests = array(
 	"abc",
 	"abc&amp;sfdsa",
 	"test&#043;s &amp; some more &#68;",
-	"&; &amp &#a; &9;",
+	"test&#x2b;s &amp; some more &#X44;",
+	"&; &amp &#a; &9; &#xyz;",
 	"&kffjadfdhsjfhjasdhffasdfas;",
 	"&#8787978789",
 	"&",
@@ -26,8 +27,10 @@ string(13) "abc&amp;sfdsa"
 string(13) "abc&amp;sfdsa"
 string(33) "test&#043;s &amp; some more &#68;"
 string(33) "test&#043;s &amp; some more &#68;"
-string(24) "&; &amp;amp &amp;#a; &9;"
-string(24) "&; &amp;amp &amp;#a; &9;"
+string(34) "test&#x2b;s &amp; some more &#X44;"
+string(34) "test&#x2b;s &amp; some more &#X44;"
+string(35) "&; &amp;amp &amp;#a; &9; &amp;#xyz;"
+string(35) "&; &amp;amp &amp;#a; &9; &amp;#xyz;"
 string(32) "&amp;kffjadfdhsjfhjasdhffasdfas;"
 string(32) "&amp;kffjadfdhsjfhjasdhffasdfas;"
 string(16) "&amp;#8787978789"