Package home | Report new bug | New search | Development Roadmap Status: Open | Feedback | All | Closed Since Version 2.4.9

Bug #6812 htmlentities in _generateFormOnClickHelper($data, $prev = '') mangles utf8 valu
Submitted: 2006-02-17 09:42 UTC Modified: 2006-04-23 04:12 UTC
From: joeofclew at yahoo dot com Assigned: quipo
Status: Closed Package: Pager (version 2.3.6)
PHP Version: 5.1.2 OS: fedora 4
Roadmaps: (Not assigned)    
Subscription  


 [2006-02-17 09:42 UTC] joeofclew at yahoo dot com
Description: ------------ htmlentities in _generateFormOnClickHelper($data, $prev = '') mangles utf8 value this breaks my form when the pager links are clicked, as it creaets a garbage value for the form element with the utf8 encoded value Test script: --------------- 안녕 (note: hello in korean) Expected result: ---------------- %26%23xC548%3B%26%23xB155%3B Actual result: -------------- ë'&xxx;&yyy

Comments

 [2006-02-17 09:44 UTC] kmh496 at kornet dot net
fix for me is changing name of form element for the js case, and using urlencode i don't know if this will break code which depends on htmlentities, however // $escapedData = htmlentities($escapedData, ENT_QUOTES); if ($prev=='search') { $prev = 'urlencoded_search'; $escapedData = urlencode($escapedData); }
 [2006-02-17 14:25 UTC] kmh496 at kornet dot net
i tried a direct reply, was bounced. i don't have a test case. it's jut another hidden var <input value=hidden name=search value='UTF8HERE'> then debug the posted vars. Alberton 쓰시길: > Hi, > > > Package: Pager > > Bug Type: Bug > > Bug description: htmlentities in _generateFormOnClickHelper($data, $prev = '') mangles utf8 valu > > > > Description: > > ------------ > > htmlentities in _generateFormOnClickHelper($data, $prev = '') mangles utf8 > > value > > this breaks my form when the pager links are clicked, as it creaets a > > garbage value for the form element with the utf8 encoded value > > Can you send me a full reproducing script? it's a little hard to generate a test case. i just have <input type=hidden name=search value='속'> which is a hidden value with a utf8 value for it. i think you can more easily add it to an existing case which you have hanging around. for a euc-kr value -- also multibyte -- just pull something off www.naver.com > Does it work fine if you replace > $escapedData = htmlentities($escapedData, ENT_QUOTES); > with > $escapedData = htmlentities(urlencode($escapedData), ENT_QUOTES); > > in _generateFormOnClickHelper() ? > the problem is that for that special value which has to be urlencoded, i have to also urldecode php-wise. if i use your suggestion, i would have to urldecode all the values because i can't tell which one was changed in the process. you know what i mean? it comes out the other end as %ab%4a%3b like that .. following the suggestion. i also need to change its name to know which to urldecode. another option is to use javascript to escape it. the escapes might get stripped off when php handles POST vars in normal processing, but i don't know that. the following may help with javascript ideas. put your multibyte in there and see what javascript transforms it to. http://jesus2099.free.fr/blog/2005/07/test-en-ligne-dencodages-en-php-et.html > Thanks for your help > if you wonder what all this is for..... my site is www.myowndictionary.com the problem is with entering a search term. thx.
 [2006-02-19 01:26 UTC] kmh496 at kornet dot net
how about this. i will try this. <?php htmlentities($text, ENT_QUOTES, 'UTF-8') ?>
 [2006-02-20 17:22 UTC] quipo
Can you try the latest CVS version, please?
 [2006-03-08 10:06 UTC] quipo
have you had a chance to test the latest CVS version? Are the changes just overkill, i.e. was it enough to set htmlentities($text, ENT_QUOTES, 'UTF-8')?
 [2006-03-08 19:53 UTC] kmh496 at kornet dot net
the following works great. thank you. (the system killed my previous prompt -- and verbose -- reply) $escapedData = str_replace($search, $replace, $data); // am I forgetting any dangerous whitespace? // would a regex be faster? // if it's already encoded, don't encode it again // if (!$this->_isEncoded($escapedData)) { // $escapedData = urlencode($escapedData); //} $escapedData = htmlentities($escapedData, ENT_QUOTES, 'UTF-8');
 [2006-03-10 16:35 UTC] quipo
I see you commented these lines: if (!$this->_isEncoded($escapedData)) { $escapedData = urlencode($escapedData); } Do they break your output? I've added them to prevent problems. If the _isEncoded() method is not working as expected, could you send me an affected string? Or expand the testsuite? @see /tests/pager_test.php::testIsEncoded() /tests/pager_post_test.php::testMultibyteEncoded() /tests/pager_post_test.php::testMultibytePlain() Thanks a lot for your help.
 [2006-04-03 08:07 UTC] kmh496 at kornet dot net
hello again. if i do that, however, <quote from above> the problem is that for that special value which has to be urlencoded,i have to also urldecode php-wise. if i use your suggestion, i would have to urldecode all the values because i can't tell which one was changed in the process. </end quote from above> the UTF-8 parameter works for me. I haven't tested it with other charsets, you may need to revisit then, but my problem was solved thanks, already.
 [2006-04-03 08:41 UTC] kmh496 at kornet dot net
i must take back my last comment. I don't remember why i said that i had to uncomment the section which did the 'urlencode' function to get it to work the first time (: my setup is: //'mode' => 'Sliding', //try switching modes 'mode' => 'Jumping', and i am using $selectBoxO = $pager->getPerPageSelectBox(); with // if (!$this->_isEncoded($escapedData)) { // $escapedData = urlencode($escapedData); // } (a commented out section) i get input.value = "<a href="#" >부가물</a>"; as the output of _generateFormOnClickHelper but with (If i don't uncomment the section) if (!$this->_isEncoded($escapedData)) { $escapedData = urlencode($escapedData); } i get input.type = "hidden"; input.name = "word"; input.value = "%3Ca+href%3D%22%23%22+%3E%EC%A7%95%EC%97%AD%3C%2Fa%3E"; and only then does it work properly.
 [2006-04-08 03:25 UTC] quipo (Lorenzo Alberton)
If you can confirm that the current CVS code (as-is, without any change) works for you, I'll roll out a new relase.
 [2006-04-23 04:12 UTC] joeofclew at yahoo dot com
this is kmh496 at kornet.net the new function does work as it is in cvs, along with the new common.php, HtmlWidgets.php, Jumping.php thank you.