Re: [RFC] Multibyte char handling

From:	Nikita Popov	Date:	Thu, 16 Jan 2014 12:18:36 +0000
Subject:	Re: [RFC] Multibyte char handling
References:	1	Groups:	php.internals
Request:	Send a blank email to internals+get-71181@lists.php.net to get a copy of this message

On Thu, Jan 16, 2014 at 12:50 AM, Yasuo Ohgaki <yohgaki@ohgaki.net> wrote:

> Hi all,
>
> addslashes() could be vulnerable via char encoding based attacks.
> It is needed to decide what counter measure we adopt.
> This is RFC for this issue.
>
> https://wiki.php.net/multibyte_char_handling
>
> Please comment.
> Thank you.
>

Please do *not* add encoding parameters to our existing string functions -
we have an mb extension and mb functionality should go there. Don't mix the
things, it will only lead to a lot of confusion. Right now it's obvious
which functions handle encoding how, no need to break that.

Nikita


   

Thread (31 messages)

• Yasuo OhgakiWed, 15 Jan 2014 23:50:18 +0000
  • Yasuo OhgakiThu, 16 Jan 2014 00:12:44 +0000Re: [RFC] Multibyte char handling
    • mails@thomasbley.deThu, 16 Jan 2014 02:36:16 +0000Re: Re: [RFC] Multibyte char handling
      • Yasuo OhgakiThu, 16 Jan 2014 02:58:05 +0000
        • Stas MalyshevThu, 16 Jan 2014 07:22:05 +0000
          • Yasuo OhgakiThu, 16 Jan 2014 10:36:14 +0000
          • Derick RethansThu, 16 Jan 2014 11:38:59 +0000
            • Yasuo OhgakiFri, 17 Jan 2014 03:19:21 +0000
  • Nikita PopovThu, 16 Jan 2014 12:18:36 +0000
    • Yasuo OhgakiThu, 16 Jan 2014 22:34:06 +0000
      • Nikita PopovThu, 16 Jan 2014 22:38:00 +0000
        • Yasuo OhgakiThu, 16 Jan 2014 22:47:49 +0000
          • Pierre JoyeSun, 19 Jan 2014 16:09:40 +0000
            • Yasuo OhgakiSun, 19 Jan 2014 22:48:08 +0000
              • Yasuo OhgakiSun, 19 Jan 2014 22:59:13 +0000
              • Pierre JoyeMon, 20 Jan 2014 06:38:12 +0000
                • Yasuo OhgakiMon, 20 Jan 2014 08:57:48 +0000
      • MikeFri, 17 Jan 2014 16:37:58 +0000
        • Yasuo OhgakiFri, 17 Jan 2014 19:53:58 +0000
        • Julien PauliFri, 17 Jan 2014 20:06:38 +0000
          • Yasuo OhgakiFri, 17 Jan 2014 21:34:43 +0000
            • Yasuo OhgakiFri, 17 Jan 2014 21:41:31 +0000
            • Julien PauliFri, 17 Jan 2014 21:50:04 +0000
              • Yasuo OhgakiFri, 17 Jan 2014 22:10:27 +0000
                • Yasuo OhgakiFri, 17 Jan 2014 22:31:05 +0000
                • Julien PauliFri, 17 Jan 2014 23:04:05 +0000
                • Yasuo OhgakiSat, 18 Jan 2014 00:20:06 +0000
  • Lester CaineSat, 18 Jan 2014 13:41:54 +0000
    • Yasuo OhgakiSat, 18 Jan 2014 18:52:01 +0000
      • Lester CaineSat, 18 Jan 2014 21:19:43 +0000
  • Yasuo OhgakiThu, 23 Jan 2014 04:39:42 +0000Re: [RFC] Multibyte char handling