[INP-1176] Use UTF-8 encoding, when html-escaping with "htmlspecialchars" function - In-Portal Issue Tracker

XML

Word

Printable

Details

Type: Bug Report
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: 5.2.0
Fix Version/s: 5.2.1-B1
Component/s: Data Management
Labels:
- multi-project-commit

External issue URL:
http://tracker.in-portal.org/view.php?id=1423
Change Log Message:
Fixes charset encoding problem from htmlspecialchars function
Story Points:
1
External issue ID:
1423
Copy Issue Key:
Patch Instructions:
Patches must be submitted through Phabricator.
- To submit patch via Command Line use Patches Workflow (via Arcanist) tutorial
- To submit patch via Web Interface use Patches Workflow (via Web Interface) tutorial

Description

I didn't new before, but function "htmlspecialchars" not only escapes text to be safe for usage inside a HTML/XML, but also converts it's encoding to ISO-8859-1 (PHP 5.3.x and below).
As a result any UTF-8 encoded string will be encoded into ISO-8859-1 (after escaping) and all special symbols (e.g. resulted from pasting text from Microsoft Word) would have incorrect encoding, when presented back to user who has UTF-8 encoding on a page.

In PHP 5.4 and up default charset for this function is UTF-8.

As a fix I propose to pass CHARSET constant's value explicitly in each call of htmlspecialchars function across all In-Portal and it's modules.

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Attachments

htmlspecialchars_encoding_core_fix.patch
15 kB
02/Nov/12 9:13 AM
htmlspecialchars_encoding_modules_fix.patch
7 kB
02/Nov/12 9:13 AM

Issue Links

relates to

INP-1104 Make UTF-8 the only one supported language encoding

Closed

mentioned in: Wiki Page Loading...

Activity

People

Assignee:

Alex

Reporter:

Alex

Developer:

Alex

Votes:

0 Vote for this issue

Watchers:

1 Start watching this issue

Dates

Created:

02/Nov/12 6:50 AM

Updated:

16/Jul/16 9:20 AM

Resolved:

02/Nov/12 9:18 AM