ZF-11344: HtmlEntities filter can return empty string when string contains invalid characters for current character set

Description

When a string provided to htmlentities() contains characters not understood by the current character set (or the character set passed to htmlentities()), the function returns an empty string.

When used as part of a form element or input filter, this could actually lead to an invalid value, as the validators may have correctly validated the value, but then filtering may result in an empty string. This can then lead to SQL issues (if the value is passed to a database, and the database expects a particular range of values).

Ideally, the value should be converted to the charset specified to the filter (or the default if none specified) if an empty string is detected following the htmlentities() call.

Comments

Issue is now fixed in trunk and 1.11 release branch.