Edit report at https://bugs.php.net/bug.php?id=61354&edit=1
ID: 61354 Comment by: b83 at yandex dot ru Reported by: hufeng1987 at gmail dot com Summary: htmlentities and htmlspecialchars doesn't respect the default_charset Status: Not a bug Type: Bug Package: Strings related Operating System: Linux/Windows/ PHP Version: 5.4.0 Block user comment: N Private report: N New Comment: Moreover it will be impossible to upgrade to newer OS versions and use PHP versions from distro. Which is even more a security issue. http://askubuntu.com/questions/306487/install-php-5-3-on-ubuntu-13-04 Previous Comments: ------------------------------------------------------------------------ [2013-07-25 19:18:45] a...@php.net Related To: Bug #63426 ------------------------------------------------------------------------ [2013-07-20 12:49:28] stemind at gmail dot com Zend should be convinced. The Zend htmlspecialchars Initiative http://ufive.ch/tzhi/ ------------------------------------------------------------------------ [2013-07-12 13:15:06] kstirn at gmail dot com Instead of moving on to PHP 5.4 and PHP 5.5 thousands of servers will stay with legacy PHP 5.3 due to this single, easy to solve (ini setting) issue that the PHP team has decided to ignore. ------------------------------------------------------------------------ [2013-07-12 10:57:40] tototation at gmail dot com Yes, i'm interested too to understand that fact. I recently upgrade my server, and ALL my code is unusable ! A search in code found +470 000 words htmlentities or htmlspecialchars !!!!! HOW TO CHANGE ALL THIS ????? THAT'S IMPOSSIBLE !!!!!!!! Thanks, we must stop all our services and websites. Just for a stupid thing. ------------------------------------------------------------------------ [2013-06-15 22:51:31] jbolder42 at yahoo dot com I was wondering if someone could enlighten me by explaining why this: htmlspecialchars($str, ENT_QUOTES, "ISO-8859-1"); ... would be considered any more secure than something like this: ini_set("html.default_charset", "ISO-8859-1"); htmlspecialchars($str, ENT_QUOTES); Thank you! ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at https://bugs.php.net/bug.php?id=61354 -- Edit this bug report at https://bugs.php.net/bug.php?id=61354&edit=1