Bug #61354 [Com]: htmlentities and htmlspecialchars doesn't respect the default_charset

[b83 at yandex dot ru]

Edit report at https://bugs.php.net/bug.php?id=61354&edit=1

 ID:                 61354
 Comment by:         b83 at yandex dot ru
 Reported by:        hufeng1987 at gmail dot com
 Summary:            htmlentities and htmlspecialchars doesn't respect
                     the default_charset
 Status:             Not a bug
 Type:               Bug
 Package:            Strings related
 Operating System:   Linux/Windows/
 PHP Version:        5.4.0
 Block user comment: N
 Private report:     N

 New Comment:

Moreover it will be impossible to upgrade to newer OS versions and use PHP 
versions from distro. Which is even more a security issue.

http://askubuntu.com/questions/306487/install-php-5-3-on-ubuntu-13-04


Previous Comments:
------------------------------------------------------------------------
[2013-07-25 19:18:45] a...@php.net

Related To: Bug #63426

------------------------------------------------------------------------
[2013-07-20 12:49:28] stemind at gmail dot com

Zend should be convinced. The Zend htmlspecialchars Initiative 
http://ufive.ch/tzhi/

------------------------------------------------------------------------
[2013-07-12 13:15:06] kstirn at gmail dot com

Instead of moving on to PHP 5.4 and PHP 5.5 thousands of servers will stay with 
legacy PHP 5.3 due to this single, easy to solve (ini setting) issue that the 
PHP team has decided to ignore.

------------------------------------------------------------------------
[2013-07-12 10:57:40] tototation at gmail dot com

Yes, i'm interested too to understand that fact.
I recently upgrade my server, and ALL my code is unusable !
A search in code found +470 000 words htmlentities or htmlspecialchars !!!!!
HOW TO CHANGE ALL THIS ????? THAT'S IMPOSSIBLE !!!!!!!!

Thanks, we must stop all our services and websites.
Just for a stupid thing.

------------------------------------------------------------------------
[2013-06-15 22:51:31] jbolder42 at yahoo dot com

I was wondering if someone could enlighten me by explaining why this:

htmlspecialchars($str, ENT_QUOTES, "ISO-8859-1");

... would be considered any more secure than something like this:

ini_set("html.default_charset", "ISO-8859-1");
htmlspecialchars($str, ENT_QUOTES);

Thank you!

------------------------------------------------------------------------


The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at

    https://bugs.php.net/bug.php?id=61354


-- 
Edit this bug report at https://bugs.php.net/bug.php?id=61354&edit=1