phpgroupware-tracker
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Phpgroupware-tracker] [bug #4148] htmlentities and i18n

From: nobody
Subject: [Phpgroupware-tracker] [bug #4148] htmlentities and i18n
Date: Fri, 04 Jul 2003 14:44:17 -0400
User-agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 
=================== BUG #4148: LATEST MODIFICATIONS ==================
http://savannah.gnu.org/bugs/?func=detailbug&bug_id=4148&group_id=509

Changes by: tbsky lee <address@hidden>
Date: Fri 07/04/03 at 18:44 (GMT)

------------------ Additional Follow-up Comments ----------------------------
hi:
  if i understand the "htmlspecialchars" function right,
it only transfer 5 characters: &,',",<,> 
  big5 didn't use any of them, so htmlspeicialchars is safe
even without charset parameter. i think maybe it is safe for others charset 
too, since big5 is a very large character set. thanks for ur help :)



=================== BUG #4148: FULL BUG SNAPSHOT ===================


Submitted by: tbsky                   Project: phpGroupWare                 
Submitted on: Mon 06/30/03 at 08:31
Category:  eTemplates                 Bug Group:  0.9.14.003 release        
Severity:  5 - Major                  Priority:  Normal                     
Resolution:  None                     Assigned to:  ralfbecker              
Status:  Open                         Component Version:  CVS               
Platform Version:  Linux - Mandrake   Reproducibility:  Every Time          

Summary:  htmlentities and i18n

Original Submission:  hi:
  i upgrade 0.9.14 cvs. and found that
etemplate "class.uietemplate.inc.php" version 
1.60 use many "htmlentities" function. this
function seems not i18n ready yet. i use
big5 character set,and it use iso-8859 as default. even i add parameter to 
htmlentities 
for big5 character set. it didn't work perfect under php 4.3.2 (some chinese 
words still got trashed)..
 

Follow-up Comments
*******************

-------------------------------------------------------
Date: Fri 07/04/03 at 18:44         By: tbsky
hi:
  if i understand the "htmlspecialchars" function right,
it only transfer 5 characters: &,',",<,> 
  big5 didn't use any of them, so htmlspeicialchars is safe
even without charset parameter. i think maybe it is safe for others charset 
too, since big5 is a very large character set. thanks for ur help :)

-------------------------------------------------------
Date: Thu 07/03/03 at 19:46         By: ralfbecker
Hi tbsky,

sorry for that, we need this for security reasons (cross-site-scripting).

I just read a bit on php.net and you can try the following (if it works for you 
I will commit it in general):
replace all htmlentities($str) in class.uietemplate.inc.php and 
class.html.inc.php with htmlspecialchars($str) and if that does not help with 
htmlspecialchars($str,ENT_COMPAT,lang('charset')).

lang('charset') should be 'BIG5' in your install

Let me know how it works, so I can integrate it.

Ralf


CC list is empty


No files currently attached


For detailed info, follow this link:
http://savannah.gnu.org/bugs/?func=detailbug&bug_id=4148&group_id=509

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/
reply via email to
[Prev in Thread] Current Thread [Next in Thread]