wrong use of htmlentities
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Pluck CMS |
Fix Released
|
Undecided
|
Unassigned | ||
Bug Description
You do this right (well, sort of, since you did not first even bother to check if another part of your code already set the header - got two warnings about that in your code where other parts actually did already set the header....):
header(
But then you use htmlentities later like this:
<?php echo htmlentities($cont) ?>
Believe it or not, htmlentities was designed to help browsers that did not render Unicode at least have a more extended character display subset. It was not really designed for security, in case that is why you think you need to use it here (and how it is splattered around code by most PHP developers). There is no real security benefit over using instead htmlspecialchars since other tests of the content should be performed anyway.
What you did manage to do, however, was change something like ö into Ö for no good reason. You already told the browser to expect text as UTF-8, in which case you should make sure your data is well formed UTF-8, not simply converting to entities. In the case of well formed UTF-8 the browser will correctly render ö directly. Thus setting up the proper page UTF-8 encoding but then using htmlentities are at cross purposes:
http://
http://
Related branches
| Anders G. Jørgensen (spirit55555) wrote | #1 |
| Changed in pluck-cms: | |
| status: | New → Fix Committed |
| Changed in pluck-cms: | |
| status: | Fix Committed → Fix Released |
| milestone: | none → 4.7-beta |
In what file do you see this?