Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:71168 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 71202 invoked from network); 16 Jan 2014 02:36:21 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 16 Jan 2014 02:36:21 -0000 Authentication-Results: pb1.pair.com header.from=mails@thomasbley.de; sender-id=unknown Authentication-Results: pb1.pair.com smtp.mail=mails@thomasbley.de; spf=permerror; sender-id=unknown Received-SPF: error (pb1.pair.com: domain thomasbley.de from 85.13.137.24 cause and error) X-PHP-List-Original-Sender: mails@thomasbley.de X-Host-Fingerprint: 85.13.137.24 dd15934.kasserver.com Linux 2.6 Received: from [85.13.137.24] ([85.13.137.24:50265] helo=dd15934.kasserver.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 22/F3-48719-3A547D25 for ; Wed, 15 Jan 2014 21:36:20 -0500 Received: from dd15934.kasserver.com (dd0804.kasserver.com [85.13.146.35]) by dd15934.kasserver.com (Postfix) with ESMTPSA id A43BF26437F; Thu, 16 Jan 2014 03:36:16 +0100 (CET) MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-SenderIP: 95.91.243.176 User-Agent: ALL-INKL Webmail 2.11 In-Reply-To: References: To: internals@lists.php.net, yohgaki@ohgaki.net Message-ID: <20140116023616.A43BF26437F@dd15934.kasserver.com> Date: Thu, 16 Jan 2014 03:36:16 +0100 (CET) Subject: Re: [PHP-DEV] Re: [RFC] Multibyte char handling From: mails@thomasbley.de Yasuo Ohgaki wrote on 16.01.2014 01:12: > Hi all, > > On Thu, Jan 16, 2014 at 8:50 AM, Yasuo Ohgaki wrote: > >> addslashes() could be vulnerable via char encoding based attacks. >> It is needed to decide what counter measure we adopt. >> This is RFC for this issue. >> >> https://wiki.php.net/multibyte_char_handling >> >> Please comment. >> Thank you. >> > > I've copied line from "Array Of" RFC and URL was wrong. > Correct URL is > > https://wiki.php.net/rfc/multibyte_char_handling > > Sorry for the confusion. > > Regards, > > -- > Yasuo Ohgaki > yohgaki@ohgaki.net > Hello Yasuo, what about mb_trim? e.g. UTF-8: C2 A0, e2 80 82, e2 80 83, e2 80 af I currently have lots of untrimmed data in a database since php-trim() and mysql-trim() can't handle these characters. There are workarounds like trim($str, chr(0xC2).chr(0xA0)); but they are not really nice to code. Regards Thomas