View Issue Details

IDProjectCategoryView StatusLast Update
0000422WackoWikiunicodepublic2014-03-21 13:01
ReportervarahaAssigned Toadministrator 
PriorityhighSeverityminorReproducibilityalways
Status resolvedResolutionfixed 
PlatformCloud ServerOSFedoraOS Version17
Product Version5.1.0 
Target Version5.4.0Fixed in Version5.4.0 
Summary0000422: patch for htmlspecialchars(), htmlentities(), html_entity_decode()
DescriptionPHP Version 5.4.5
Promlem with htmlspecialchars(), htmlentities()
Described in:
http://nikic.github.io/2012/01/28/htmlspecialchars-improvements-in-PHP-5-4.html

Solved by patch on entire files like this:
- $title = htmlspecialchars($vars['title']);
+ $title = htmlspecialchars($vars['title'], ENT_COMPAT | ENT_HTML401, "cp1251");

If you not russian change the charset cp1251 to ISO-8859-1 or make global variable $this->charset;

See patch in attachment
Steps To ReproduceTry to edit any page with upper 128 symbols on PHP Version 5.4 and more.


Additional InformationIn common patch included small patch of write/read database tables structure - fix of ugly programming.


TagsPHP 5.4

Relationships

related to 0000216 acknowledgedadministrator UTF8 support 
related to 0000424 resolvedadministrator safehtml lib don't work propertly 
related to 0000428 closed Lost content on editing 

Activities

varaha

2012-08-27 08:39

reporter  

wacko.r5.1.0.patch.zip (26,583 bytes)

varaha

2012-08-27 15:22

reporter   ~0000856

I forget the html_entity_decode()

Must apply the like this patch

- $title = html_entity_decode($string);
+ $title = html_entity_decode($string, ENT_COMPAT | ENT_HTML401, "cp1251");

to entire php-code-files

administrator

2012-09-02 14:28

administrator   ~0000858

Last edited: 2012-09-02 14:39

View 3 revisions

I'll post a link to the first commit in our dev repo here soon
IN WORK: applying all the changes plus testing

$this->charset;

administrator

2012-10-19 08:08

administrator   ~0000869

Last edited: 2012-10-21 22:21

View 5 revisions

What this makes a bit harder it is not backwards compatible to PHP 5.2 / 5.3

Pherhaps we issue a R5.4 release without backwards compatibility.

We must mark the recent releases as not compatible with PHP 5.4!
http://wackowiki.sourceforge.net/doc/Dev/Release/R51/ReleaseNotes
http://wackowiki.sourceforge.net/doc/Dev/Release/R50/ReleaseNotes

varaha

2012-11-01 10:02

reporter   ~0000874

Last edited: 2013-11-11 13:20

View 2 revisions

> $this->charset;

For cyrillic case
1. "cp1251" - is correct charset for MySQL database
2. "Windows-1251" - the same charset, but for HTML "Content-Type" header

In this case needs two vars:

$this->db_charset
$this->html_charset

mcantsin

2013-09-13 21:24

reporter   ~0000898

This patch is malformatted and does not work.

When is version 5.2 going to be released?

administrator

2013-09-15 20:56

administrator   ~0000899

As soon as we find time and resources to set up a web server with PHP 5.4/5.5 for public testing.

I have a local patch but without testing I wont commit it to our dev repo.
-> not backwards compatible to PHP 5.2 / 5.3

October or November

mcantsin

2013-09-16 00:13

reporter   ~0000900

Thanks for the good news.

After having converted the source code (removed CRLF with 'tr -d "\r"' on all php files), the patch worked fine.

administrator

2013-11-11 13:26

administrator   ~0000901

> In this case needs two vars:

> $this->db_charset
> $this->html_charset

Do we have a case for $this->db_charset?
I hesitate atm to replace 300 matches: $[]->charset with $[]->html_charset

administrator

2013-11-11 13:52

administrator   ~0000902

Commit: http://wackowiki.hg.sourceforge.net/hgweb/wackowiki/dev/rev/8cb08964d244

administrator

2013-11-11 15:30

administrator   ~0000903

Last edited: 2013-11-11 15:30

View 2 revisions

OK I got that, we can't use $this->charset from the current language file

cp1251 =! Windows-1251

So we add the db_charset value additionally to lang.xy.php?
On the other hand PHP accepts Windows-1251, win-1251, 1251 as Alias (http://docs.php.net/htmlspecialchars).

administrator

2013-11-12 11:19

administrator   ~0000904

Last edited: 2014-03-18 15:16

View 3 revisions

FTR: with PHP 5.3 it throws the following error message:

Notice: Use of undefined constant ENT_HTML401 - assumed 'ENT_HTML401' in [..]

The FIX is not backward compatible with PHP 5.3 !
But it seems if you turn off the notices, that everything works as expected. (?)

you'll got the following notice:
Use of undefined constant ENT_HTML401 - assumed 'ENT_HTML401'

ENT_HTML401, and some others were added in PHP version 5.4 according to the manual. For earlier versions those constants are undefined, and PHP will automatically assume that undefined constants are programming "slips" and convert them to strings.

administrator

2013-12-22 06:24

administrator   ~0000905

Last edited: 2014-03-21 11:29

View 2 revisions

added option to chose db charset via installer
-> 0000437

administrator

2013-12-26 08:29

administrator   ~0000907

Warning: htmlspecialchars(): charset `iso-8859-7' not supported, assuming utf-8 in /wacko/classes/wacko.php on line 2517

-> http://php.net/manual/en/function.htmlspecialchars.php

Its a mess!

administrator

2014-02-18 19:00

administrator   ~0000913

set HTML_ENTITIES_CHARSET as constant

$title = htmlspecialchars($this->config['site_name'], ENT_COMPAT | ENT_HTML401, HTML_ENTITIES_CHARSET);

commit
http://wackowiki.hg.sourceforge.net/hgweb/wackowiki/dev/rev/8cdf94070536

administrator

2014-03-18 12:12

administrator   ~0000916

Last edited: 2014-03-18 12:15

View 2 revisions

Please note due the changes done here:

@@[local] in intra link is broken and may break the Formatter in combination with the toc action
  e.g. ((((../Russian/WackoÑèíòàêñèñ Ðóññêèé @@ru))))

this functionality is used rarely but if so please remove the @@[local] to get it work again if it breaks the formatter

Issue History

Date Modified Username Field Change
2012-08-27 08:39 varaha New Issue
2012-08-27 08:39 varaha File Added: wacko.r5.1.0.patch.zip
2012-08-27 15:22 varaha Note Added: 0000856
2012-08-28 00:11 administrator Status new => acknowledged
2012-08-28 00:11 administrator Target Version => 5.4.0
2012-09-01 17:19 administrator Relationship added related to 0000424
2012-09-02 14:28 administrator Note Added: 0000858
2012-09-02 14:28 administrator Assigned To => administrator
2012-09-02 14:28 administrator Description Updated View Revisions
2012-09-02 14:29 administrator Status acknowledged => assigned
2012-09-02 14:38 administrator Note Edited: 0000858 View Revisions
2012-09-02 14:39 administrator Note Edited: 0000858 View Revisions
2012-10-19 08:04 administrator Relationship added related to 0000428
2012-10-19 08:08 administrator Note Added: 0000869
2012-10-21 21:57 administrator Priority normal => high
2012-10-21 21:58 administrator Note Edited: 0000869 View Revisions
2012-10-21 22:19 administrator Note Edited: 0000869 View Revisions
2012-10-21 22:21 administrator Note Edited: 0000869 View Revisions
2012-10-21 22:21 administrator Note Edited: 0000869 View Revisions
2012-11-01 10:02 varaha Note Added: 0000874
2013-01-05 10:15 administrator Target Version 5.4.0 => 5.5.x
2013-07-31 11:57 administrator Description Updated View Revisions
2013-09-13 21:24 mcantsin Note Added: 0000898
2013-09-15 20:56 administrator Note Added: 0000899
2013-09-16 00:13 mcantsin Note Added: 0000900
2013-11-11 13:20 administrator Note Edited: 0000874 View Revisions
2013-11-11 13:26 administrator Note Added: 0000901
2013-11-11 13:52 administrator Note Added: 0000902
2013-11-11 14:20 administrator Tag Attached: PHP 5.4
2013-11-11 14:46 administrator Summary PHP Version >= 5.4 patch for htmlspecialchars(), htmlentities() => PHP Version >= 5.4 patch for htmlspecialchars(), htmlentities(), html_entity_decode
2013-11-11 15:30 administrator Note Added: 0000903
2013-11-11 15:30 administrator Note Edited: 0000903 View Revisions
2013-11-12 11:19 administrator Note Added: 0000904
2013-11-12 11:23 administrator Note Edited: 0000904 View Revisions
2013-11-12 12:54 administrator Status assigned => resolved
2013-11-12 12:54 administrator Resolution open => fixed
2013-11-12 12:54 administrator Fixed in Version => 5.5.x
2013-12-22 06:24 administrator Note Added: 0000905
2013-12-26 08:29 administrator Note Added: 0000907
2013-12-26 08:30 administrator Status resolved => feedback
2013-12-26 08:30 administrator Resolution fixed => reopened
2013-12-26 08:47 administrator Relationship added related to 0000216
2014-01-06 19:38 administrator File Added: utf8-only_solution.png
2014-02-18 19:00 administrator Note Added: 0000913
2014-02-18 19:02 administrator Summary PHP Version >= 5.4 patch for htmlspecialchars(), htmlentities(), html_entity_decode => PHP Version >= 5.4 patch for htmlspecialchars(), htmlentities(), html_entity_decode()
2014-02-18 19:03 administrator Description Updated View Revisions
2014-03-18 11:32 administrator Status feedback => resolved
2014-03-18 11:32 administrator Resolution reopened => fixed
2014-03-18 12:12 administrator Note Added: 0000916
2014-03-18 12:15 administrator Note Edited: 0000916 View Revisions
2014-03-18 15:16 administrator Note Edited: 0000904 View Revisions
2014-03-21 11:29 administrator Note Edited: 0000905 View Revisions
2014-03-21 11:45 administrator Target Version 5.5.x => 5.4.0
2014-03-21 11:45 administrator Fixed in Version 5.5.x => 5.4.0
2014-03-21 13:01 administrator Summary PHP Version >= 5.4 patch for htmlspecialchars(), htmlentities(), html_entity_decode() => patch for htmlspecialchars(), htmlentities(), html_entity_decode()
2014-07-12 11:45 administrator File Deleted: utf8-only_solution.png