Bug #61354 [Com]: htmlentities and htmlspecialchars doesn't respect the default_charset

Sat, 05 Jan 2013 08:05:46 -0800 

Edit report at https://bugs.php.net/bug.php?id=61354&edit=1

 ID:                 61354
 Comment by:         leaflet at leafok dot com
 Reported by:        hufeng1987 at gmail dot com
 Summary:            htmlentities and htmlspecialchars doesn't respect
                     the default_charset
 Status:             Not a bug
 Type:               Bug
 Package:            Strings related
 Operating System:   Linux/Windows/
 PHP Version:        5.4.0
 Block user comment: N
 Private report:     N

 New Comment:

I understand your consideration. Maybe a global configuration in PHP.ini or 
page 
lifecycle set function could be provided for encoding setting of these 
functions. 
Developers would be glad to handle this setting centrally by a include header 
file 
for each pages.


Previous Comments:
------------------------------------------------------------------------
[2013-01-05 15:17:56] ras...@php.net

I have explained that a few times. We can't default it automatically because 
the  
encoding may not match the output encoding. Only the developer knows that. If 
we 
did that automatically it would break even more sites. The sites where the 
encodings differ need to set it explicitly.

------------------------------------------------------------------------
[2013-01-05 09:54:44] hufeng1987 at gmail dot com

pass null and empty string that could improve security? no sense..

------------------------------------------------------------------------
[2013-01-05 09:53:01] x dot bazilio at gmail dot com

Please, fix it.
It is so simple to provide default params. Wy should we put NULL and empty 
string? Where is security problem to not put NULL and empty string if they are 
will be default values of that params?

------------------------------------------------------------------------
[2013-01-05 04:40:26] ras...@php.net

Code that is currently likely to be insecure, yes. We only make changes like 
this 
when we are forced to for security reasons.

------------------------------------------------------------------------
[2013-01-05 04:26:39] hufeng1987 at gmail dot com

you made one step, but kill the php programmer.

do you know how much more code need to rewrite and check?

if your change broken user programm, it's your lost, not the user's lost.

------------------------------------------------------------------------


The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at

    https://bugs.php.net/bug.php?id=61354


-- 
Edit this bug report at https://bugs.php.net/bug.php?id=61354&edit=1

Reply via email to