From: Arnaud Le Blanc <lbarnaud@php.net>
Date: Sun, 10 Aug 2008 13:25:53 +0000 (+0000)
Subject: Fixed bug #45581 (htmlspecialchars() double encoding &#x hex items)
X-Git-Tag: BEFORE_HEAD_NS_CHANGE~795
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=eebec53bc09e5e249942353b166e87d8fcb8fb0f;p=php

Fixed bug #45581 (htmlspecialchars() double encoding &#x hex items)
---

diff --git a/ext/standard/html.c b/ext/standard/html.c
index 62c4646090..abc8347499 100644
--- a/ext/standard/html.c
+++ b/ext/standard/html.c
@@ -1197,9 +1197,20 @@ encode_amp:
 					} else {
 						if (*s == '#') { /* numeric entities */
 							s++;
-							while (s < e) {
-								if (!isdigit(*s++)) {
-									goto encode_amp;
+							/* Hex (&#x5A;) */
+							if (*s == 'x' || *s == 'X') {
+								s++;
+								while (s < e) {
+									if (!isxdigit(*s++)) {
+										goto encode_amp;
+									}
+								}
+							/* Dec (&#90;)*/
+							} else {
+								while (s < e) {
+									if (!isdigit(*s++)) {
+										goto encode_amp;
+									}
 								}
 							}
 						} else { /* text entities */
diff --git a/ext/standard/tests/strings/htmlentities18.phpt b/ext/standard/tests/strings/htmlentities18.phpt
index 381cc838ed..d0492a8704 100644
--- a/ext/standard/tests/strings/htmlentities18.phpt
+++ b/ext/standard/tests/strings/htmlentities18.phpt
@@ -6,7 +6,8 @@ $tests = array(
 	"abc",
 	"abc&amp;sfdsa",
 	"test&#043;s &amp; some more &#68;",
-	"&; &amp &#a; &9;",
+	"test&#x2b;s &amp; some more &#X44;",
+	"&; &amp &#a; &9; &#xyz;",
 	"&kffjadfdhsjfhjasdhffasdfas;",
 	"&#8787978789",
 	"&",
@@ -26,8 +27,10 @@ unicode(13) "abc&amp;sfdsa"
 unicode(13) "abc&amp;sfdsa"
 unicode(33) "test&#043;s &amp; some more &#68;"
 unicode(33) "test&#043;s &amp; some more &#68;"
-unicode(24) "&; &amp;amp &amp;#a; &9;"
-unicode(24) "&; &amp;amp &amp;#a; &9;"
+unicode(34) "test&#x2b;s &amp; some more &#X44;"
+unicode(34) "test&#x2b;s &amp; some more &#X44;"
+unicode(35) "&; &amp;amp &amp;#a; &9; &amp;#xyz;"
+unicode(35) "&; &amp;amp &amp;#a; &9; &amp;#xyz;"
 unicode(32) "&amp;kffjadfdhsjfhjasdhffasdfas;"
 unicode(32) "&amp;kffjadfdhsjfhjasdhffasdfas;"
 unicode(16) "&amp;#8787978789"