ZF-11344: HtmlEntities filter can return empty string when string contains invalid characters for current character set

Issue Type: Bug Created: 2011-05-04T15:37:01.000+0000 Last Updated: 2011-05-04T19:45:22.000+0000 Status: Resolved Fix version(s): - 1.11.6 (05/May/11)

Reporter: Matthew Weier O'Phinney (matthew) Assignee: Matthew Weier O'Phinney (matthew) Tags: - Zend_Filter

Related issues: Attachments:


When a string provided to htmlentities() contains characters not understood by the current character set (or the character set passed to htmlentities()), the function returns an empty string.

When used as part of a form element or input filter, this could actually lead to an invalid value, as the validators may have correctly validated the value, but then filtering may result in an empty string. This can then lead to SQL issues (if the value is passed to a database, and the database expects a particular range of values).

Ideally, the value should be converted to the charset specified to the filter (or the default if none specified) if an empty string is detected following the htmlentities() call.


Posted by Matthew Weier O'Phinney (matthew) on 2011-05-04T18:57:45.000+0000

Issue is now fixed in trunk and 1.11 release branch.

Have you found an issue?

See the Overview section for more details.


© 2006-2018 by Zend, a Rogue Wave Company. Made with by awesome contributors.

This website is built using zend-expressive and it runs on PHP 7.