ZF-11344: HtmlEntities filter can return empty string when string contains invalid characters for current character set


When a string provided to htmlentities() contains characters not understood by the current character set (or the character set passed to htmlentities()), the function returns an empty string.

When used as part of a form element or input filter, this could actually lead to an invalid value, as the validators may have correctly validated the value, but then filtering may result in an empty string. This can then lead to SQL issues (if the value is passed to a database, and the database expects a particular range of values).

Ideally, the value should be converted to the charset specified to the filter (or the default if none specified) if an empty string is detected following the htmlentities() call.


Issue is now fixed in trunk and 1.11 release branch.