From 9db0be61ad923f68241baac2b26d0009b59cf98b Mon Sep 17 00:00:00 2001 From: Felipe Pena Date: Fri, 11 Apr 2008 19:01:25 +0000 Subject: [PATCH] Fixed bug #44703 (htmlspecialchars() does not detect bad character set argument) (patch by Andy Wharmby) --- NEWS | 2 + ext/standard/html.c | 2 +- ext/standard/tests/strings/bug44703.phpt | 48 ++++++++++++++++++++++++ 3 files changed, 51 insertions(+), 1 deletion(-) create mode 100644 ext/standard/tests/strings/bug44703.phpt diff --git a/NEWS b/NEWS index 1f4e922ae8..7d0d31e332 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,8 @@ PHP NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| ?? Apr 2008, PHP 5.2.6 +- Fixed bug #44703 (htmlspecialchars() does not detect bad character set argument) + (Andy Wharmby) 10 Apr 2008, PHP 5.2.6RC5 - Fixed incorrect heredoc handling when label is used within the block. diff --git a/ext/standard/html.c b/ext/standard/html.c index 7c99b8f3b1..b544184fb8 100644 --- a/ext/standard/html.c +++ b/ext/standard/html.c @@ -847,7 +847,7 @@ det_charset: /* now walk the charset map and look for the codeset */ for (i = 0; charset_map[i].codeset; i++) { - if (strncasecmp(charset_hint, charset_map[i].codeset, len) == 0) { + if (len == strlen(charset_map[i].codeset) && strncasecmp(charset_hint, charset_map[i].codeset, len) == 0) { charset = charset_map[i].charset; found = 1; break; diff --git a/ext/standard/tests/strings/bug44703.phpt b/ext/standard/tests/strings/bug44703.phpt new file mode 100644 index 0000000000..d2cdce9bfa --- /dev/null +++ b/ext/standard/tests/strings/bug44703.phpt @@ -0,0 +1,48 @@ +--TEST-- +Bug #44703 (htmlspecialchars() does not detect bad character set argument) +--FILE-- +Test", ENT_COMPAT, 1)); +var_dump(htmlspecialchars("Test", ENT_COMPAT, 12)); +var_dump(htmlspecialchars("Test", ENT_COMPAT, 125)); +var_dump(htmlspecialchars("Test", ENT_COMPAT, 1252)); +var_dump(htmlspecialchars("Test", ENT_COMPAT, 12526)); + +var_dump(htmlspecialchars("<>", ENT_COMPAT, 866)); +var_dump(htmlspecialchars("<>", ENT_COMPAT, 8666)); + +var_dump(htmlspecialchars("<>", ENT_COMPAT, NULL)); + + +var_dump(htmlspecialchars("<>", ENT_COMPAT, 'SJIS')); +var_dump(htmlspecialchars("<>", ENT_COMPAT, 'SjiS')); + +var_dump(htmlspecialchars("<>", ENT_COMPAT, str_repeat('a', 100))); + +?> +--EXPECTF-- +Warning: htmlspecialchars(): charset `1' not supported, assuming iso-8859-1 in %s on line %d +string(35) "<a href='test'>Test</a>" + +Warning: htmlspecialchars(): charset `12' not supported, assuming iso-8859-1 in %s on line %d +string(35) "<a href='test'>Test</a>" + +Warning: htmlspecialchars(): charset `125' not supported, assuming iso-8859-1 in %s on line %d +string(35) "<a href='test'>Test</a>" +string(35) "<a href='test'>Test</a>" + +Warning: htmlspecialchars(): charset `12526' not supported, assuming iso-8859-1 in %s on line %d +string(35) "<a href='test'>Test</a>" +string(8) "<>" + +Warning: htmlspecialchars(): charset `8666' not supported, assuming iso-8859-1 in %s on line %d +string(8) "<>" +string(8) "<>" +string(8) "<>" +string(8) "<>" + +Warning: htmlspecialchars(): charset `aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa' not supported, assuming iso-8859-1 in %s on line %d +string(8) "<>" + + -- 2.40.0