Re: [RFC] Multibyte char handling

From:	Yasuo Ohgaki	Date:	Sat, 18 Jan 2014 18:52:01 +0000
Subject:	Re: [RFC] Multibyte char handling
References:	1 2	Groups:	php.internals
Request:	Send a blank email to [email protected] to get a copy of this message

Hi Lester,

On Sat, Jan 18, 2014 at 10:41 PM, Lester Caine <[email protected]> wrote:

> Multibyte characters are still a contentious area, and the current
> compromise of supporting multibyte content, but being essentially 'single
> byte' for the programming structure as been a solution adopted in a few
> projects. Firebird is once again debating the same point that they and PHP
> last discussed 10 years ago, and was too difficult so PHP6 floundered and
> Firebird remained essentially single byte strings in the metadata.
>

Making a product only works for single byte char is completely OK.

The issue is there is no proper function/method/feature that escapes PHP
string with multibyte chars correctly. PHP needs to provide API that
handles data properly/safely.

It's awful that reading var_export()ed data could execute arbitrarily PHP
script and/or terminate script execution, isn't it? It cannot be ignored.

 10 years on isn't it time to re-open the debate on making the core unicode
> since 32 bit processors are more likely to be the norm these days.
> Certainly if everything internal is UTF8, then all of the encoding problems
> are moved to the client interface?
>

I'm not proposing transition like Python 2.x to 3.x. The RFC is proposing
required feature for proper/safe coding. Anyway, it seems Python's approach
is not working well. We could learn from it.

Server side should never expect clients are sending proper data, therefore
proper encoding handling is mandatory on server side. Adoption of UTF-8
makes things easier, but there are ways to exploit UTF-8 encoding also. For
example, recent Chrome may display blank page with malformed chars and it
could be used for DoS attack, mixing systems that validate and un-validate
encoding could be vulnerable DoS.  New mb functions handle encoding
properly not only SJIS like encoding but also any encoding supported by
mbstiring.

Did I make typo? My Chrome did not report spell error. I appreciate if you
point it out.

I sent correct URL right after first mail, but it wouldn't work. I also
would not check second mail in long thread :(

https://wiki.php.net/rfc/multibyte_char_handling

Regards,

--
Yasuo Ohgaki
[email protected]


   

Thread (31 messages)

• Yasuo OhgakiWed, 15 Jan 2014 23:50:18 +0000
  • Yasuo OhgakiThu, 16 Jan 2014 00:12:44 +0000Re: [RFC] Multibyte char handling
    • [email protected]Thu, 16 Jan 2014 02:36:16 +0000Re: Re: [RFC] Multibyte char handling
      • Yasuo OhgakiThu, 16 Jan 2014 02:58:05 +0000
        • Stas MalyshevThu, 16 Jan 2014 07:22:05 +0000
          • Yasuo OhgakiThu, 16 Jan 2014 10:36:14 +0000
          • Derick RethansThu, 16 Jan 2014 11:38:59 +0000
            • Yasuo OhgakiFri, 17 Jan 2014 03:19:21 +0000
  • Nikita PopovThu, 16 Jan 2014 12:18:36 +0000
    • Yasuo OhgakiThu, 16 Jan 2014 22:34:06 +0000
      • Nikita PopovThu, 16 Jan 2014 22:38:00 +0000
        • Yasuo OhgakiThu, 16 Jan 2014 22:47:49 +0000
          • Pierre JoyeSun, 19 Jan 2014 16:09:40 +0000
            • Yasuo OhgakiSun, 19 Jan 2014 22:48:08 +0000
              • Yasuo OhgakiSun, 19 Jan 2014 22:59:13 +0000
              • Pierre JoyeMon, 20 Jan 2014 06:38:12 +0000
                • Yasuo OhgakiMon, 20 Jan 2014 08:57:48 +0000
      • MikeFri, 17 Jan 2014 16:37:58 +0000
        • Yasuo OhgakiFri, 17 Jan 2014 19:53:58 +0000
        • Julien PauliFri, 17 Jan 2014 20:06:38 +0000
          • Yasuo OhgakiFri, 17 Jan 2014 21:34:43 +0000
            • Yasuo OhgakiFri, 17 Jan 2014 21:41:31 +0000
            • Julien PauliFri, 17 Jan 2014 21:50:04 +0000
              • Yasuo OhgakiFri, 17 Jan 2014 22:10:27 +0000
                • Yasuo OhgakiFri, 17 Jan 2014 22:31:05 +0000
                • Julien PauliFri, 17 Jan 2014 23:04:05 +0000
                • Yasuo OhgakiSat, 18 Jan 2014 00:20:06 +0000
  • Lester CaineSat, 18 Jan 2014 13:41:54 +0000
    • Yasuo OhgakiSat, 18 Jan 2014 18:52:01 +0000
      • Lester CaineSat, 18 Jan 2014 21:19:43 +0000
  • Yasuo OhgakiThu, 23 Jan 2014 04:39:42 +0000Re: [RFC] Multibyte char handling