From: Felipe Pena <felipe@php.net>
Date: Fri, 11 Apr 2008 19:08:05 +0000 (+0000)
Subject: MFB: Fixed bug #44703 (htmlspecialchars() does not detect bad character set argument)
X-Git-Tag: RELEASE_2_0_0b1~448
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=f6639abf7d0dd059fcbf8b9263eaef79f1a8b28e;p=php

MFB: Fixed bug #44703 (htmlspecialchars() does not detect bad character set argument)
---

diff --git a/ext/standard/html.c b/ext/standard/html.c
index cad16725ec..62c4646090 100644
--- a/ext/standard/html.c
+++ b/ext/standard/html.c
@@ -848,7 +848,7 @@ det_charset:
 		
 		/* now walk the charset map and look for the codeset */
 		for (i = 0; charset_map[i].codeset; i++) {
-			if (strncasecmp(charset_hint, charset_map[i].codeset, len) == 0) {
+			if (len == strlen(charset_map[i].codeset) && strncasecmp(charset_hint, charset_map[i].codeset, len) == 0) {
 				charset = charset_map[i].charset;
 				found = 1;
 				break;
diff --git a/ext/standard/tests/strings/bug44703.phpt b/ext/standard/tests/strings/bug44703.phpt
new file mode 100644
index 0000000000..d2cdce9bfa
--- /dev/null
+++ b/ext/standard/tests/strings/bug44703.phpt
@@ -0,0 +1,48 @@
+--TEST--
+Bug #44703 (htmlspecialchars() does not detect bad character set argument)
+--FILE--
+<?php
+
+var_dump(htmlspecialchars("<a href='test'>Test</a>", ENT_COMPAT, 1));
+var_dump(htmlspecialchars("<a href='test'>Test</a>", ENT_COMPAT, 12));
+var_dump(htmlspecialchars("<a href='test'>Test</a>", ENT_COMPAT, 125));
+var_dump(htmlspecialchars("<a href='test'>Test</a>", ENT_COMPAT, 1252));
+var_dump(htmlspecialchars("<a href='test'>Test</a>", ENT_COMPAT, 12526));
+
+var_dump(htmlspecialchars("<>", ENT_COMPAT, 866));
+var_dump(htmlspecialchars("<>", ENT_COMPAT, 8666));
+
+var_dump(htmlspecialchars("<>", ENT_COMPAT, NULL));
+
+
+var_dump(htmlspecialchars("<>", ENT_COMPAT, 'SJIS'));
+var_dump(htmlspecialchars("<>", ENT_COMPAT, 'SjiS'));
+
+var_dump(htmlspecialchars("<>", ENT_COMPAT, str_repeat('a', 100)));
+
+?>
+--EXPECTF--
+Warning: htmlspecialchars(): charset `1' not supported, assuming iso-8859-1 in %s on line %d
+string(35) "&lt;a href='test'&gt;Test&lt;/a&gt;"
+
+Warning: htmlspecialchars(): charset `12' not supported, assuming iso-8859-1 in %s on line %d
+string(35) "&lt;a href='test'&gt;Test&lt;/a&gt;"
+
+Warning: htmlspecialchars(): charset `125' not supported, assuming iso-8859-1 in %s on line %d
+string(35) "&lt;a href='test'&gt;Test&lt;/a&gt;"
+string(35) "&lt;a href='test'&gt;Test&lt;/a&gt;"
+
+Warning: htmlspecialchars(): charset `12526' not supported, assuming iso-8859-1 in %s on line %d
+string(35) "&lt;a href='test'&gt;Test&lt;/a&gt;"
+string(8) "&lt;&gt;"
+
+Warning: htmlspecialchars(): charset `8666' not supported, assuming iso-8859-1 in %s on line %d
+string(8) "&lt;&gt;"
+string(8) "&lt;&gt;"
+string(8) "&lt;&gt;"
+string(8) "&lt;&gt;"
+
+Warning: htmlspecialchars(): charset `aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa' not supported, assuming iso-8859-1 in %s on line %d
+string(8) "&lt;&gt;"
+
+