From: [EMAIL PROTECTED] Operating system: SunOS PHP version: 4.2.2 PHP Bug Type: Variables related Bug description: print_r should apply htmlspecialchars
print_r writes directly to php://output, hence its output should comply with HTML syntax rules. However, print_r will issue non-compliant code, or generate spurious entities, whenever a variable contains an HTML special character. Hence, print_r should apply htmlspecialchars to all strings it is going to write to php://output. Try the demo at <http://www.rz.uni-konstanz.de/Antivirus/tests/print_r.php> with Netscape 6, or Opera 6, as IE 6 will not reveal all the surprises I've hidden therein ;-) The pertinent PHP source can be seen at <http://www.rz.uni-konstanz.de/Antivirus/tests/print_r.txt>. -- Edit bug report at http://bugs.php.net/?id=20310&edit=1 -- Try a CVS snapshot: http://bugs.php.net/fix.php?id=20310&r=trysnapshot Fixed in CVS: http://bugs.php.net/fix.php?id=20310&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=20310&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=20310&r=needtrace Try newer version: http://bugs.php.net/fix.php?id=20310&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=20310&r=support Expected behavior: http://bugs.php.net/fix.php?id=20310&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=20310&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=20310&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=20310&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=20310&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=20310&r=dst IIS Stability: http://bugs.php.net/fix.php?id=20310&r=isapi