Edit report at https://bugs.php.net/bug.php?id=61354&edit=1
ID: 61354
Comment by: x dot bazilio at gmail dot com
Reported by: hufeng1987 at gmail dot com
Summary: htmlentities and htmlspecialchars doesn't respect
the default_charset
Status: Not a bug
Type: Bug
Package: Strings related
Operating System: Linux/Windows/
PHP Version: 5.4.0
Block user comment: N
Private report: N
New Comment:
Ok. If i did not set defautlt time zone, i get E_WARNING.
Let us set default encoding for htmlspecialchars. It is not posible to persuade
developers of Drupal, joomla, wordpress, bitrix, ets., and developers of
modules
for that CMS to rewrite their code.
I wrote to tech support of bitrix (russian cms). They said that i must use PHP
5.3.x. They not going to rewrite code.
Previous Comments:
------------------------------------------------------------------------
[2013-01-05 16:05:31] leaflet at leafok dot com
I understand your consideration. Maybe a global configuration in PHP.ini or
page
lifecycle set function could be provided for encoding setting of these
functions.
Developers would be glad to handle this setting centrally by a include header
file
for each pages.
------------------------------------------------------------------------
[2013-01-05 15:17:56] [email protected]
I have explained that a few times. We can't default it automatically because
the
encoding may not match the output encoding. Only the developer knows that. If
we
did that automatically it would break even more sites. The sites where the
encodings differ need to set it explicitly.
------------------------------------------------------------------------
[2013-01-05 09:54:44] hufeng1987 at gmail dot com
pass null and empty string that could improve security? no sense..
------------------------------------------------------------------------
[2013-01-05 09:53:01] x dot bazilio at gmail dot com
Please, fix it.
It is so simple to provide default params. Wy should we put NULL and empty
string? Where is security problem to not put NULL and empty string if they are
will be default values of that params?
------------------------------------------------------------------------
[2013-01-05 04:40:26] [email protected]
Code that is currently likely to be insecure, yes. We only make changes like
this
when we are forced to for security reasons.
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
https://bugs.php.net/bug.php?id=61354
--
Edit this bug report at https://bugs.php.net/bug.php?id=61354&edit=1
