Line 0
Link Here
|
|
|
1 |
--- functions/strings.php.orig 2017-01-27 20:31:33 UTC |
2 |
+++ functions/strings.php |
3 |
@@ -1489,7 +1489,13 @@ function sm_validate_security_token($tok |
4 |
* (See http://php.net/manual/function.htmlspecialchars.php ) |
5 |
* (OPTIONAL; default ENT_COMPAT, ENT_COMPAT | ENT_SUBSTITUTE for PHP >=5.4) |
6 |
* @param string $encoding The character encoding to use in the conversion |
7 |
- * (OPTIONAL; default automatic detection) |
8 |
+ * (if not one of the character sets supported |
9 |
+ * by PHP's htmlspecialchars(), then $encoding |
10 |
+ * will be ignored and iso-8859-1 will be used, |
11 |
+ * unless a default has been specified in |
12 |
+ * $default_htmlspecialchars_encoding in |
13 |
+ * config_local.php) (OPTIONAL; default automatic |
14 |
+ * detection) |
15 |
* @param boolean $double_encode Whether or not to convert entities that are |
16 |
* already in the string (only supported in |
17 |
* PHP 5.2.3+) (OPTIONAL; default TRUE) |
18 |
@@ -1500,6 +1506,31 @@ function sm_validate_security_token($tok |
19 |
function sm_encode_html_special_chars($string, $flags=ENT_COMPAT, |
20 |
$encoding=NULL, $double_encode=TRUE) |
21 |
{ |
22 |
+ |
23 |
+ // charsets supported by PHP's htmlspecialchars |
24 |
+ // (move this elsewhere if needed) |
25 |
+ // |
26 |
+ static $htmlspecialchars_charsets = array( |
27 |
+ 'iso-8859-1', 'iso8859-1', |
28 |
+ 'iso-8859-5', 'iso8859-5', |
29 |
+ 'iso-8859-15', 'iso8859-15', |
30 |
+ 'utf-8', |
31 |
+ 'cp866', 'ibm866', '866', |
32 |
+ 'cp1251', 'windows-1251', 'win-1251', '1251', |
33 |
+ 'cp1252', 'windows-1252', '1252', |
34 |
+ 'koi8-R', 'koi8-ru', 'koi8r', |
35 |
+ 'big5', '950', |
36 |
+ 'gb2312', '936', |
37 |
+ 'big5-hkscs', |
38 |
+ 'shift_jis', 'sjis', 'sjis-win', 'cp932', '932', |
39 |
+ 'euc-jp', 'eucjp', 'eucjp-win', |
40 |
+ 'macroman', |
41 |
+ ); |
42 |
+ |
43 |
+ |
44 |
+ // if not given, set encoding to the charset being |
45 |
+ // used by the current user interface language |
46 |
+ // |
47 |
if (!$encoding) |
48 |
{ |
49 |
global $default_charset; |
50 |
@@ -1508,6 +1539,21 @@ function sm_encode_html_special_chars($s |
51 |
$encoding = $default_charset; |
52 |
} |
53 |
|
54 |
+ |
55 |
+ // make sure htmlspecialchars() supports the needed encoding |
56 |
+ // |
57 |
+ if (!in_array(strtolower($encoding), $htmlspecialchars_charsets)) |
58 |
+ { |
59 |
+ // use default from configuration if provided or hard-coded fallback |
60 |
+ // |
61 |
+ global $default_htmlspecialchars_encoding; |
62 |
+ if (!empty($default_htmlspecialchars_encoding)) |
63 |
+ $encoding = $default_htmlspecialchars_encoding; |
64 |
+ else |
65 |
+ $encoding = 'iso-8859-1'; |
66 |
+ } |
67 |
+ |
68 |
+ |
69 |
if (check_php_version(5, 2, 3)) { |
70 |
// Replace invalid characters with a symbol instead of returning |
71 |
// empty string for the entire to be encoded string. |