Re: Re: [RFC] Multibyte char handling

From:	[email protected]	Date:	Thu, 16 Jan 2014 02:36:16 +0000
Subject:	Re: Re: [RFC] Multibyte char handling
References:	1 2	Groups:	php.internals
Request:	Send a blank email to [email protected] to get a copy of this message

Yasuo Ohgaki wrote on 16.01.2014 01:12:

> Hi all,
> 
> On Thu, Jan 16, 2014 at 8:50 AM, Yasuo Ohgaki <[email protected]> wrote:
> 
>> addslashes() could be vulnerable via char encoding based attacks.
>> It is needed to decide what counter measure we adopt.
>> This is RFC for this issue.
>>
>> https://wiki.php.net/multibyte_char_handling
>>
>> Please comment.
>> Thank you.
>>
> 
> I've copied line from "Array Of" RFC and URL was wrong.
> Correct URL is
> 
> https://wiki.php.net/rfc/multibyte_char_handling
> 
> Sorry for the confusion.
> 
> Regards,
> 
> --
> Yasuo Ohgaki
> [email protected]
> 

Hello Yasuo,

what about mb_trim?
e.g. UTF-8: C2 A0, e2 80 82, e2 80 83, e2 80 af

I currently have lots of untrimmed data in a database since php-trim() and mysql-trim() can't
handle these characters.
There are workarounds like trim($str, chr(0xC2).chr(0xA0)); but they are not really nice to code.

Regards
Thomas


   

Thread (31 messages)

• Yasuo OhgakiWed, 15 Jan 2014 23:50:18 +0000
  • Yasuo OhgakiThu, 16 Jan 2014 00:12:44 +0000Re: [RFC] Multibyte char handling
    • [email protected]Thu, 16 Jan 2014 02:36:16 +0000Re: Re: [RFC] Multibyte char handling
      • Yasuo OhgakiThu, 16 Jan 2014 02:58:05 +0000
        • Stas MalyshevThu, 16 Jan 2014 07:22:05 +0000
          • Yasuo OhgakiThu, 16 Jan 2014 10:36:14 +0000
          • Derick RethansThu, 16 Jan 2014 11:38:59 +0000
            • Yasuo OhgakiFri, 17 Jan 2014 03:19:21 +0000
  • Nikita PopovThu, 16 Jan 2014 12:18:36 +0000
    • Yasuo OhgakiThu, 16 Jan 2014 22:34:06 +0000
      • Nikita PopovThu, 16 Jan 2014 22:38:00 +0000
        • Yasuo OhgakiThu, 16 Jan 2014 22:47:49 +0000
          • Pierre JoyeSun, 19 Jan 2014 16:09:40 +0000
            • Yasuo OhgakiSun, 19 Jan 2014 22:48:08 +0000
              • Yasuo OhgakiSun, 19 Jan 2014 22:59:13 +0000
              • Pierre JoyeMon, 20 Jan 2014 06:38:12 +0000
                • Yasuo OhgakiMon, 20 Jan 2014 08:57:48 +0000
      • MikeFri, 17 Jan 2014 16:37:58 +0000
        • Yasuo OhgakiFri, 17 Jan 2014 19:53:58 +0000
        • Julien PauliFri, 17 Jan 2014 20:06:38 +0000
          • Yasuo OhgakiFri, 17 Jan 2014 21:34:43 +0000
            • Yasuo OhgakiFri, 17 Jan 2014 21:41:31 +0000
            • Julien PauliFri, 17 Jan 2014 21:50:04 +0000
              • Yasuo OhgakiFri, 17 Jan 2014 22:10:27 +0000
                • Yasuo OhgakiFri, 17 Jan 2014 22:31:05 +0000
                • Julien PauliFri, 17 Jan 2014 23:04:05 +0000
                • Yasuo OhgakiSat, 18 Jan 2014 00:20:06 +0000
  • Lester CaineSat, 18 Jan 2014 13:41:54 +0000
    • Yasuo OhgakiSat, 18 Jan 2014 18:52:01 +0000
      • Lester CaineSat, 18 Jan 2014 21:19:43 +0000
  • Yasuo OhgakiThu, 23 Jan 2014 04:39:42 +0000Re: [RFC] Multibyte char handling