From: philipp dot feigl at gmail dot com Operating system: CentOS5 PHP version: 5.2.8 PHP Bug Type: ICONV related Bug description: htmlspecialchars does not throw E_WARNING on multibyte problems
Description: ------------ When using htmlspecialchars with a invalid multibyte string and using UTF-8 as encoding, there are two possible outcomes based on the "display_errors" ini setting: 1. display_errors=1 => empty string is returned 2. display_errors=0 => E_WARNING is thrown This is exactly what the code states. Can be viewed in http://cvs.php.net/viewvc.cgi/php-src/ext/standard/html.c?view=markup on line 1147 However this is VERY confusing as a developer point of view. As I have display_errors always set to "1" for debugging purposes, I never realized, one of our locale strings was corrupt, as it was just emptied out. Now in the production environment, our error handler terminates the script because of the E_WARNING beeing thrown. While both of the ways (empty string / error) are acceptable for me - because ofcourse the input string is invalid, it is very confusing to have different behaviors of PHP based on the display_errors setting. Reproduce code: --------------- echo 'a' . htmlspecialchars(substr(utf8_encode('aĆ¼'), 0, 2), ENT_QUOTES, 'UTF-8') . 'b'; Expected result: ---------------- Either 'ab' Or PHP E_WARNING However not both based on display_errors Actual result: -------------- display_errors=1 => 'ab' display_errors=0 => E_WARNING -- Edit bug report at http://bugs.php.net/?id=47494&edit=1 -- Try a CVS snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=47494&r=trysnapshot52 Try a CVS snapshot (PHP 5.3): http://bugs.php.net/fix.php?id=47494&r=trysnapshot53 Try a CVS snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=47494&r=trysnapshot60 Fixed in CVS: http://bugs.php.net/fix.php?id=47494&r=fixedcvs Fixed in CVS and need be documented: http://bugs.php.net/fix.php?id=47494&r=needdocs Fixed in release: http://bugs.php.net/fix.php?id=47494&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=47494&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=47494&r=needscript Try newer version: http://bugs.php.net/fix.php?id=47494&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=47494&r=support Expected behavior: http://bugs.php.net/fix.php?id=47494&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=47494&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=47494&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=47494&r=globals PHP 4 support discontinued: http://bugs.php.net/fix.php?id=47494&r=php4 Daylight Savings: http://bugs.php.net/fix.php?id=47494&r=dst IIS Stability: http://bugs.php.net/fix.php?id=47494&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=47494&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=47494&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=47494&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=47494&r=mysqlcfg
