Deprecate use of mbstring to convert text to Base64/QPrint/HTML entit…

…ies/etc

The purpose of mbstring is for working with Unicode and legacy text
encodings; but Base64, QPrint, etc. are not text encodings and don't
really belong in mbstring. PHP already contains separate implementations
of Base64, QPrint, and HTML entities. It will be better to eventually
remove these non-encodings from mbstring.

Regarding HTML entities... there is a bit more to say. mbstring's
implementation of HTML entities is different from the other built-in
implementation (htmlspecialchars and htmlentities). Those functions
convert <, >, and & to HTML entities, but mbstring does not.

It appears that the original author of mbstring intended for something
to be done with <, >, and &. He used a table to identify which
characters should be converted to HTML entities, and </>/& all have a
special value in that table. However, nothing ever checks for that
special value, so the characters are passed through unconverted.

This seems like a very useless implementation of HTML entities. The most
important characters which need to be expressed as entities in HTML
documents are those three!

UPGRADING

@@ -55,6 +55,16 @@ PHP 8.2 UPGRADE NOTES
 
     RFC: https://wiki.php.net/rfc/deprecate_partially_supported_callables
 
+- Mbstring:
+  . Use of QPrint, Base64, Uuencode, and HTML-ENTITIES 'text encodings' is
+    deprecated for all Mbstring functions. Unlike all the other text
+    encodings supported by Mbstring, these do not encode a sequence of
+    Unicode codepoints, but rather a sequence of raw bytes. It is not
+    clear what the correct return values for most Mbstring functions should
+    be when one of these non-encodings is specified. Further, PHP has
+    separate, built-in implementations of all of them; for example, UUencoded
+    data can be handled using convert_uuencode/convert_uudecode.
+
 ========================================
 5. Changed Functions
 ========================================

ext/mbstring/mbstring.c

@@ -36,6 +36,8 @@
 #include "libmbfl/mbfl/mbfilter_wchar.h"
 #include "libmbfl/filters/mbfilter_base64.h"
 #include "libmbfl/filters/mbfilter_qprint.h"
+#include "libmbfl/filters/mbfilter_htmlent.h"
+#include "libmbfl/filters/mbfilter_uuencode.h"
 #include "libmbfl/filters/mbfilter_ucs4.h"
 #include "libmbfl/filters/mbfilter_utf8.h"
 #include "libmbfl/filters/mbfilter_tl_jisx0201_jisx0208.h"
@@ -216,6 +218,16 @@ static const mbfl_encoding *php_mb_get_encoding(zend_string *encoding_name, uint
 		if (!encoding) {
 			zend_argument_value_error(arg_num, "must be a valid encoding, \"%s\" given", ZSTR_VAL(encoding_name));
 			return NULL;
+		} else if (encoding->no_encoding <= mbfl_no_encoding_qprint) {
+			if (encoding == &mbfl_encoding_base64) {
+				php_error_docref(NULL, E_DEPRECATED, "Handling Base64 via mbstring is deprecated; use base64_encode/base64_decode instead");
+			} else if (encoding == &mbfl_encoding_qprint) {
+				php_error_docref(NULL, E_DEPRECATED, "Handling QPrint via mbstring is deprecated; use quoted_printable_encode/quoted_printable_decode instead");
+			} else if (encoding == &mbfl_encoding_html_ent) {
+				php_error_docref(NULL, E_DEPRECATED, "Handling HTML entities via mbstring is deprecated; use htmlspecialchars, htmlentities, or mb_encode_numericentity/mb_decode_numericentity instead");
+			} else if (encoding == &mbfl_encoding_uuencode) {
+				php_error_docref(NULL, E_DEPRECATED, "Handling Uuencode via mbstring is deprecated; use convert_uuencode/convert_uudecode instead");
+			}
 		}
 
 		if (last_encoding_name) {

ext/mbstring/tests/bug45722.phpt

@@ -6,5 +6,6 @@ mbstring
 <?php
 var_dump(mb_check_encoding("&\xc2\xb7 TEST TEST TEST TEST TEST TEST", "HTML-ENTITIES"));
 ?>
---EXPECT--
+--EXPECTF--
+Deprecated: mb_check_encoding(): Handling HTML entities via mbstring is deprecated; use htmlspecialchars, htmlentities, or mb_encode_numericentity/mb_decode_numericentity instead in %s on line %d
 bool(true)

ext/mbstring/tests/bug71606.phpt

@@ -7,5 +7,6 @@ mbstring
 echo mb_strcut('"', 0, 0, 'HTML-ENTITIES');
 echo 'DONE', PHP_EOL;
 ?>
---EXPECT--
+--EXPECTF--
+Deprecated: mb_strcut(): Handling HTML entities via mbstring is deprecated; use htmlspecialchars, htmlentities, or mb_encode_numericentity/mb_decode_numericentity instead in %s on line %d
 DONE

ext/mbstring/tests/mb_convert_encoding.phpt

@@ -14,7 +14,7 @@ $sjis = base64_decode('k/qWe4zqg2WDTINYg2eCxYK3gUIwMTIzNIJUglWCVoJXgliBQg==');
 // JIS string (BASE64 encoded)
 $jis = base64_decode('GyRCRnxLXDhsJUYlLSU5JUgkRyQ5ISMbKEIwMTIzNBskQiM1IzYjNyM4IzkhIxsoQg==');
 // EUC-JP string
-$euc_jp = '日本語テキストです。01234５６７８９。';
+$euc_jp = "\xC6\xFC\xCB\xDC\xB8\xEC\xA5\xC6\xA5\xAD\xA5\xB9\xA5\xC8\xA4\xC7\xA4\xB9\xA1\xA301234\xA3\xB5\xA3\xB6\xA3\xB7\xA3\xB8\xA3\xB9\xA1\xA3";
 
 // Test with single "form encoding"
 // Note: For some reason it complains, results are different. Not researched.
@@ -85,8 +85,6 @@ $s = $euc_jp;
 $s = mb_convert_encoding($s, 'JIS', 'auto');
 print("JIS: ".base64_encode($s)."\n"); // JIS
 
-
-// Invalid Parameters
 echo "== INVALID PARAMETER ==\n";
 
 $s = mb_convert_encoding(1234, 'EUC-JP');
@@ -95,15 +93,22 @@ print("INT: $s\n");
 $s = mb_convert_encoding('', 'EUC-JP');
 print("EUC-JP: $s\n");  // SJIS
 
-$s = $euc_jp;
-try {
-    var_dump(mb_convert_encoding($s, 'BAD'));
-} catch (\ValueError $e) {
-    echo $e->getMessage() . \PHP_EOL;
+function tryBadConversion($str, $encoding) {
+    try {
+        var_dump(mb_convert_encoding($str, $encoding));
+    } catch (ValueError $e) {
+        echo $e->getMessage(), "\n";
+    }
 }
 
+tryBadConversion($euc_jp, 'BAD');
+
+tryBadConversion('abc', 'Quoted-Printable');
+tryBadConversion('abc', 'BASE64');
+tryBadConversion('abc', 'HTML-ENTITIES');
+
 ?>
---EXPECT--
+--EXPECTF--
 == BASIC TEST ==
 EUC-JP: c6fccbdcb8eca5c6a5ada5b9a5c8a4c7a4b9a1a33031323334a3b5a3b6a3b7a3b8a3b9a1a3
 EUC-JP: c6fccbdcb8eca5c6a5ada5b9a5c8a4c7a4b9a1a33031323334a3b5a3b6a3b7a3b8a3b9a1a3
@@ -125,3 +130,12 @@ JIS: GyRCRnxLXDhsJUYlLSU5JUgkRyQ5ISMbKEIwMTIzNBskQiM1IzYjNyM4IzkhIxsoQg==
 INT: 1234
 EUC-JP: 
 mb_convert_encoding(): Argument #2 ($to_encoding) must be a valid encoding, "BAD" given
+
+Deprecated: mb_convert_encoding(): Handling QPrint via mbstring is deprecated; use quoted_printable_encode/quoted_printable_decode instead in %s on line %d
+string(3) "abc"
+
+Deprecated: mb_convert_encoding(): Handling Base64 via mbstring is deprecated; use base64_encode/base64_decode instead in %s on line %d
+string(4) "YWJj"
+
+Deprecated: mb_convert_encoding(): Handling HTML entities via mbstring is deprecated; use htmlspecialchars, htmlentities, or mb_encode_numericentity/mb_decode_numericentity instead in %s on line %d
+string(3) "abc"

ext/mbstring/tests/mb_strlen_variation3.phpt

@@ -96,7 +96,7 @@ foreach($encoding as $enc) {
 
 echo "Done";
 ?>
---EXPECT--
+--EXPECTF--
 *** Testing mb_strlen() : usage variations ***
 
 -- Iteration 1: UCS-4 --
@@ -335,12 +335,16 @@ Encoding byte4le recognised
 
 -- Iteration 40: BASE64 --
 -- ASCII String --
+
+Deprecated: mb_strlen(): Handling Base64 via mbstring is deprecated; use base64_encode/base64_decode instead in %s on line %d
 Encoding BASE64 recognised
 -- Multibyte String --
 Encoding BASE64 recognised
 
 -- Iteration 41: HTML-ENTITIES --
 -- ASCII String --
+
+Deprecated: mb_strlen(): Handling HTML entities via mbstring is deprecated; use htmlspecialchars, htmlentities, or mb_encode_numericentity/mb_decode_numericentity instead in %s on line %d
 Encoding HTML-ENTITIES recognised
 -- Multibyte String --
 Encoding HTML-ENTITIES recognised