Edit report at https://bugs.php.net/bug.php?id=61354&edit=1
ID: 61354 Comment by: support at playnext dot ru Reported by: hufeng1987 at gmail dot com Summary: htmlentities and htmlspecialchars doesn't respect the default_charset Status: Not a bug Type: Bug Package: Strings related Operating System: Linux/Windows/ PHP Version: 5.4.0 Block user comment: N Private report: N New Comment: For those still looking for a solution around this headache - pls consider: 1. http://php.net/manual/en/function.override-function.php 2. http://php.net/manual/ru/function.runkit-function-redefine.php The idea - you override the built-in htmlspecialchars() function with your customized variant which is able to respect non UTF-8 default encoding. This small piece of code can be then easily inserted somewhere at the start of yout project. No need to rewrite all htmlspecialchars() entries globally. I've spent several hours with both approaches. Variant 1 looks good especaially in combination with http://www.php.net/manual/en/function.rename-function.php as it allows to call original htmlspecialchars() with just altered default args. The code could be as follows: rename_function('htmlspecialchars', 'renamed_htmlspecialchars'); function overriden_htmlspecialchars($string, $flags=NULL, $encoding='cp1251', $double_encode=true) { $flags = $flags ? $flags : (ENT_COMPAT|ENT_HTML401); return renamed_htmlspecialchars($string, $flags, $encoding, $double_encode); } override_function('htmlspecialchars', '$string, $flags, $encoding, $double_encode', 'return overriden_htmlspecialchars($string, $flags, $encoding, $double_encode);'); ?> Unfortunatelly this didn't work for me properly - my site managed to call overriden function but not every time I reloaded the pages. Moreover other PHP sites crashed under my Apache server as they suddenly started blaming htmlspecialchars() was not defined. I suppose I had to spend more time to make it work thread/request/site/whatever-safe. So I switched to runkit (variant 2). It worked for me, although even after trying runkit_function_rename()+runkit_function_add() I didn't managed to recall original htmlspecialchars() function. So as a quick solution I decided to call htmlentities() instead: <?php function overriden_htmlspecialchars($string, $flags=NULL, $encoding='UTF-8', $double_encode=true) { $flags = $flags ? $flags : (ENT_COMPAT|ENT_HTML401); $encoding = $encoding ? $encoding : 'cp1251'; //return renamed_htmlspecialchars($string, $flags, $encoding, $double_encode); return htmlentities($string, $flags, $encoding, $double_encode); } runkit_function_redefine('htmlspecialchars', '$string, $flags, $encoding, $double_encode', 'return overriden_htmlspecialchars($string, $flags, $encoding, $double_encode);'); ?> You may be able to implement your more powerfull overriden function. Sorry, if this topic is not bug-related. I support all the reports here - a small update to the default behaviour ruined our days... Thank you. Previous Comments: ------------------------------------------------------------------------ [2013-09-17 08:48:26] b83 at yandex dot ru Moreover it will be impossible to upgrade to newer OS versions and use PHP versions from distro. Which is even more a security issue. http://askubuntu.com/questions/306487/install-php-5-3-on-ubuntu-13-04 ------------------------------------------------------------------------ [2013-07-25 19:18:45] a...@php.net Related To: Bug #63426 ------------------------------------------------------------------------ [2013-07-20 12:49:28] stemind at gmail dot com Zend should be convinced. The Zend htmlspecialchars Initiative http://ufive.ch/tzhi/ ------------------------------------------------------------------------ [2013-07-12 13:15:06] kstirn at gmail dot com Instead of moving on to PHP 5.4 and PHP 5.5 thousands of servers will stay with legacy PHP 5.3 due to this single, easy to solve (ini setting) issue that the PHP team has decided to ignore. ------------------------------------------------------------------------ [2013-07-12 10:57:40] tototation at gmail dot com Yes, i'm interested too to understand that fact. I recently upgrade my server, and ALL my code is unusable ! A search in code found +470 000 words htmlentities or htmlspecialchars !!!!! HOW TO CHANGE ALL THIS ????? THAT'S IMPOSSIBLE !!!!!!!! Thanks, we must stop all our services and websites. Just for a stupid thing. ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at https://bugs.php.net/bug.php?id=61354 -- Edit this bug report at https://bugs.php.net/bug.php?id=61354&edit=1