ID: 25927
User updated by: acm at tweakers dot net
Reported By: acm at tweakers dot net
Status: Bogus
Bug Type: Unknown/Other Function
Operating System: Linux
PHP Version: 4.3.3
New Comment:
Well, maybe so.
But I was refering to a function that tries to undo the changes of
htmlspecialchars/htmlentities.
If htmlspecialchars changes ' to ' and you want to depend on
get_html_translation_table to undo all changes, you expect it to return
' = ' instead of ' = ', since that's the change
htmlspecialchars/htmlentities did aswell.
It didn't change it to '
If you really wanted to create a perfect entity-decoder, you'd indeed
have to cope with all those &*; entities, including all the
&#[0-9]{2,3};-like entities.
But for the simple "undo the htmlspecialchars"-like function that is
not necessary.
And again, get_html_translation_table returns "how the
htmlspecialchars/entities functions do it", not "all possible
translations" or "just a valid version, maybe not what our own
functions do", doesn't it? :)
To explain what I mean:
if you do
echo html_entity_decode(htmlspecialchars("'", ENT_QUOTES));
you get ' back.
If you do:
function my_entity_decoder($string)
{
$trans = array_flip(get_html_translation_table(ENT_HTML_SPECIALCHARS,
ENT_QUOTES));
$original = strtr($encoded, $trans);
}
echo my_entity_decoder(htmlspecialchars("'", ENT_QUOTES));
Where you trust the get_html_translation_table-function to return
enough information to output ' again...
But if it all doesn't matter to you guys, why do the two change at
all?
Why does the htmlspecialchars change it to ' why the
get_html_translation_table claims it changes it to ' ??
Previous Comments:
------------------------------------------------------------------------
[2003-10-20 21:51:42] [EMAIL PROTECTED]
Not quite. When you have to write your own html_entity_decode(), you
should cope with any forms of the numeric entity including hexadecimal
style. It's not as simple as the snippet in the manual page.
------------------------------------------------------------------------
[2003-10-20 19:04:17] acm at tweakers dot net
Well, it's cute that both are valid, but that's not the point...
get_html_translation_table is supposed to return "how php's functions
translate it", not "any way which is valid".
And in that way, it _fails_ to do so.
Since the function html_entity_decode is only available as of
php-4.3.0, anyone who has a similar function (based on the php-example
on the documentpage!), finds it broken because of this.
In that sense it is, imho, a bug.
Quoting you're own documentation:
"get_html_translation_table -- Returns the translation table used by
htmlspecialchars() and htmlentities()"
------------------------------------------------------------------------
[2003-10-20 18:55:32] [EMAIL PROTECTED]
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php
Both ' and ' are valid.
------------------------------------------------------------------------
[2003-10-20 18:35:41] kees at tweakers dot net
We've fixed it be commenting line 421 of ext/standard/html.c:
420- { '\'', "'", 6, ENT_HTML_QUOTE_SINGLE },
421:/* { '\'', "'", 5, ENT_HTML_QUOTE_SINGLE }, */
------------------------------------------------------------------------
[2003-10-20 17:53:29] acm at tweakers dot net
Description:
------------
When you call get_html_translation_table, with the ENT_QUOTES
parameter, it'll return ' for '
The code for ' should, of course, be '
This was not broken in 4.3.1, so is newly introduced in either 4.3.2 or
4.3.3
One wonders how this could occur, since both
htmlspecialchars/htmlentities and html_entity_decode work correctly.
Reproduce code:
---------------
<?
print_r(get_html_translation_table(HTML_SPECIALCHARS,ENT_QUOTES));
?>
Expected result:
----------------
Array
(
[&] => &
["] => "
['] => '
[<] => <
[>] => >
)
Actual result:
--------------
Array
(
[&] => &
["] => "
['] => '
[<] => <
[>] => >
)
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=25927&edit=1
