[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Phpgroupware-tracker] [bug #4148] htmlentities and i18n
From: |
nobody |
Subject: |
[Phpgroupware-tracker] [bug #4148] htmlentities and i18n |
Date: |
Fri, 04 Jul 2003 14:44:17 -0400 |
User-agent: |
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) |
=================== BUG #4148: LATEST MODIFICATIONS ==================
http://savannah.gnu.org/bugs/?func=detailbug&bug_id=4148&group_id=509
Changes by: tbsky lee <address@hidden>
Date: Fri 07/04/03 at 18:44 (GMT)
------------------ Additional Follow-up Comments ----------------------------
hi:
if i understand the "htmlspecialchars" function right,
it only transfer 5 characters: &,',",<,>
big5 didn't use any of them, so htmlspeicialchars is safe
even without charset parameter. i think maybe it is safe for others charset
too, since big5 is a very large character set. thanks for ur help :)
=================== BUG #4148: FULL BUG SNAPSHOT ===================
Submitted by: tbsky Project: phpGroupWare
Submitted on: Mon 06/30/03 at 08:31
Category: eTemplates Bug Group: 0.9.14.003 release
Severity: 5 - Major Priority: Normal
Resolution: None Assigned to: ralfbecker
Status: Open Component Version: CVS
Platform Version: Linux - Mandrake Reproducibility: Every Time
Summary: htmlentities and i18n
Original Submission: hi:
i upgrade 0.9.14 cvs. and found that
etemplate "class.uietemplate.inc.php" version
1.60 use many "htmlentities" function. this
function seems not i18n ready yet. i use
big5 character set,and it use iso-8859 as default. even i add parameter to
htmlentities
for big5 character set. it didn't work perfect under php 4.3.2 (some chinese
words still got trashed)..
Follow-up Comments
*******************
-------------------------------------------------------
Date: Fri 07/04/03 at 18:44 By: tbsky
hi:
if i understand the "htmlspecialchars" function right,
it only transfer 5 characters: &,',",<,>
big5 didn't use any of them, so htmlspeicialchars is safe
even without charset parameter. i think maybe it is safe for others charset
too, since big5 is a very large character set. thanks for ur help :)
-------------------------------------------------------
Date: Thu 07/03/03 at 19:46 By: ralfbecker
Hi tbsky,
sorry for that, we need this for security reasons (cross-site-scripting).
I just read a bit on php.net and you can try the following (if it works for you
I will commit it in general):
replace all htmlentities($str) in class.uietemplate.inc.php and
class.html.inc.php with htmlspecialchars($str) and if that does not help with
htmlspecialchars($str,ENT_COMPAT,lang('charset')).
lang('charset') should be 'BIG5' in your install
Let me know how it works, so I can integrate it.
Ralf
CC list is empty
No files currently attached
For detailed info, follow this link:
http://savannah.gnu.org/bugs/?func=detailbug&bug_id=4148&group_id=509
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/