Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

Fixes h() to not return empty string when input contains invalid code unit sequence. Fixes #3561 #1085

Merged
merged 1 commit into from

2 participants

@uzyn

Resubmitting #1080 for 3.0.

@markstory markstory merged commit 6968095 into cakephp:3.0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Jan 24, 2013
  1. @uzyn
This page is out of date. Refresh to see the latest.
Showing with 10 additions and 1 deletion.
  1. +9 −0 lib/Cake/Test/TestCase/BasicsTest.php
  2. +1 −1  lib/Cake/basics.php
View
9 lib/Cake/Test/TestCase/BasicsTest.php
@@ -207,6 +207,10 @@ public function testH() {
$string = '<foo> & &nbsp;';
$result = h($string, 'UTF-8');
$this->assertEquals('&lt;foo&gt; &amp; &amp;nbsp;', $result);
+
+ $string = "An invalid\x80string";
+ $result = h($string);
+ $this->assertContains('string', $result);
$arr = array('<foo>', '&nbsp;');
$result = h($arr);
@@ -231,6 +235,11 @@ public function testH() {
'n' => '&nbsp;'
);
$this->assertEquals($expected, $result);
+
+ $arr = array('invalid' => "\x99An invalid\x80string", 'good' => 'Good string');
+ $result = h($arr);
+ $this->assertContains('An invalid', $result['invalid']);
+ $this->assertEquals('Good string', $result['good']);
// Test that boolean values are not converted to strings
$result = h(false);
View
2  lib/Cake/basics.php
@@ -197,7 +197,7 @@ function h($text, $double = true, $charset = null) {
if (is_string($double)) {
$charset = $double;
}
- return htmlspecialchars($text, ENT_QUOTES, ($charset) ? $charset : $defaultCharset, $double);
+ return htmlspecialchars($text, ENT_QUOTES | ENT_SUBSTITUTE, ($charset) ? $charset : $defaultCharset, $double);
}
}
Something went wrong with that request. Please try again.