Edit report at https://bugs.php.net/bug.php?id=61354&edit=1
ID: 61354
Comment by: x dot bazilio at gmail dot com
Reported by: hufeng1987 at gmail dot com
Summary: htmlentities and htmlspecialchars doesn't respect
the default_charset
Status: Not a bug
Type: Bug
Package: Strings related
Operating System: Linux/Windows/
PHP Version: 5.4.0
Block user comment: N
Private report: N
New Comment:
Please, fix it.
It is so simple to provide default params. Wy should we put NULL and empty
string? Where is security problem to not put NULL and empty string if they are
will be default values of that params?
Previous Comments:
------------------------------------------------------------------------
[2013-01-05 04:40:26] [email protected]
Code that is currently likely to be insecure, yes. We only make changes like
this
when we are forced to for security reasons.
------------------------------------------------------------------------
[2013-01-05 04:26:39] hufeng1987 at gmail dot com
you made one step, but kill the php programmer.
do you know how much more code need to rewrite and check?
if your change broken user programm, it's your lost, not the user's lost.
------------------------------------------------------------------------
[2013-01-05 04:20:02] [email protected]
You will need to update your code to be compatible with PHP 5.4 either by
explicitly providing the charset, or by passing in "" to pick up the default
one.
Anything short of that is a security issue. Code that didn't do this in PHP 5.3
is potentially insecure depending on which charset is being used, so no,
nothing
will be fixed here. We will not revert to 5.3 behaviour.
------------------------------------------------------------------------
[2013-01-05 03:55:08] hufeng1987 at gmail dot com
Please fix it as soon as possible.
------------------------------------------------------------------------
[2013-01-05 03:53:35] leaflet at leafok dot com
I am facing the same problem.
After upgrading to PHP 5.4.10 in the product environment, all the GB2312
encoding data on the page became blank. This badly influenced the whole site.
It is undoubtedly a backward compatible issue. Wish it could be resolved soon.
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
https://bugs.php.net/bug.php?id=61354
--
Edit this bug report at https://bugs.php.net/bug.php?id=61354&edit=1
