phpgroupware-tracker
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Phpgroupware-tracker] [bug #4148] htmlentities and i18n


From: nobody
Subject: [Phpgroupware-tracker] [bug #4148] htmlentities and i18n
Date: Sun, 06 Jul 2003 10:48:15 -0400
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.3) Gecko/20030313

=================== BUG #4148: LATEST MODIFICATIONS ==================
http://savannah.gnu.org/bugs/?func=detailbug&bug_id=4148&group_id=509

Changes by: Ralf Becker <address@hidden>
Date: Sun 07/06/2003 at 16:48 (Europe/Berlin)

            What     | Removed                   | Added
---------------------------------------------------------------------------
          Resolution | None                      | Fixed
              Status | Open                      | Closed


------------------ Additional Follow-up Comments ----------------------------
I changed now all htmlentities to htmlspecialchars (as it was intended).



=================== BUG #4148: FULL BUG SNAPSHOT ===================


Submitted by: tbsky                   Project: phpGroupWare                 
Submitted on: Mon 06/30/2003 at 10:31
Category:  eTemplates                 Bug Group:  0.9.14.003 release        
Severity:  5 - Major                  Priority:  Normal                     
Resolution:  Fixed                    Assigned to:  ralfbecker              
Status:  Closed                       Component Version:  CVS               
Platform Version:  Linux - Mandrake   Reproducibility:  Every Time          

Summary:  htmlentities and i18n

Original Submission:  hi:
  i upgrade 0.9.14 cvs. and found that
etemplate "class.uietemplate.inc.php" version 
1.60 use many "htmlentities" function. this
function seems not i18n ready yet. i use
big5 character set,and it use iso-8859 as default. even i add parameter to 
htmlentities 
for big5 character set. it didn't work perfect under php 4.3.2 (some chinese 
words still got trashed)..
 

Follow-up Comments
*******************

-------------------------------------------------------
Date: Sun 07/06/2003 at 16:48       By: ralfbecker
I changed now all htmlentities to htmlspecialchars (as it was intended).

-------------------------------------------------------
Date: Fri 07/04/2003 at 20:44       By: tbsky
hi:
  if i understand the "htmlspecialchars" function right,
it only transfer 5 characters: &,',",<,> 
  big5 didn't use any of them, so htmlspeicialchars is safe
even without charset parameter. i think maybe it is safe for others charset 
too, since big5 is a very large character set. thanks for ur help :)

-------------------------------------------------------
Date: Thu 07/03/2003 at 21:46       By: ralfbecker
Hi tbsky,

sorry for that, we need this for security reasons (cross-site-scripting).

I just read a bit on php.net and you can try the following (if it works for you 
I will commit it in general):
replace all htmlentities($str) in class.uietemplate.inc.php and 
class.html.inc.php with htmlspecialchars($str) and if that does not help with 
htmlspecialchars($str,ENT_COMPAT,lang('charset')).

lang('charset') should be 'BIG5' in your install

Let me know how it works, so I can integrate it.

Ralf


CC list is empty


No files currently attached


For detailed info, follow this link:
http://savannah.gnu.org/bugs/?func=detailbug&bug_id=4148&group_id=509

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/





reply via email to

[Prev in Thread] Current Thread [Next in Thread]