Debian Bug report logs - #612364
php5: get_browser() inserts special characters without respecting encoding

version graph

Package: php5; Maintainer for php5 is (unknown);

Reported by: Jeremy <jeremy@blazonco.com>

Date: Tue, 8 Feb 2011 01:00:05 UTC

Severity: minor

Tags: upstream

Found in version php5/5.3.3-7

Fixed in versions php5/5.4.4-7, 5.4.4-14

Done: Ondřej Surý <ondrej@sury.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#612364; Package php5. (Tue, 08 Feb 2011 01:00:08 GMT) (full text, mbox, link).

Acknowledgement sent to Jeremy <jeremy@blazonco.com>:
New Bug report received and forwarded. Copy sent to Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>. (Tue, 08 Feb 2011 01:00:08 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Jeremy <jeremy@blazonco.com>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: php5: get_browser() inserts special characters without respecting encoding
Date: Mon, 07 Feb 2011 18:37:11 -0800
Package: php5
Version: 5.3.3-7
Severity: minor
Tags: upstream


A change ocurred in the get_browser() function between PHP 5.2 and PHP 5.3 which 
in my view represents a BC break. The get_browser() function now inserts a
special character (U+00A7, "Section marker") at the beginning and end of the
browser_name_regex property of the returned object/array.  The issue with this 
is that the special character is encoded in ISO-8859-1 regardless of what encoding
was requested either via header() or default_charset.  This results in not only
improper output (if the results of get_browser() are sent to the output) but alsoo
disasterous failure if attempting to interoperate with UTF-8 services -- 
for example a database using UTF-8 encoding.

I am guessing that the reason for the introduction of this character was to allow
the browser_name_regex string to have delimiters so that it could be used directly
in preg_match() or similar, and the strange delimiter was chosen to minimize the
chance of collision with the pattern.  However, introducing special characters
in a particular encoding in PHP functions that ought to be returning ASCII strings
only seems unwise.

It's possible that the encoding problem itself was introduced in Debian, but I do
see the special character in the vanilla source distribution of PHP so it seems 
this "feature" was introduced upstream (marked as such).

Jeremy



-- System Information:
Debian Release: 6.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-1-686 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages php5 depends on:
ii  libapache2-mod-php5           5.3.3-7    server-side, HTML-embedded scripti
ii  php5-common                   5.3.3-7    Common files for packages built fr

php5 recommends no packages.

php5 suggests no packages.

-- no debconf information

Reply sent to Ondřej Surý <ondrej@sury.org>:
You have taken responsibility. (Fri, 04 Jul 2014 12:12:22 GMT) (full text, mbox, link).

Notification sent to Jeremy <jeremy@blazonco.com>:
Bug acknowledged by developer. (Fri, 04 Jul 2014 12:12:22 GMT) (full text, mbox, link).

Message #10 received at 612364-done@bugs.debian.org (full text, mbox, reply):

From: Ondřej Surý <ondrej@sury.org>
To: 648424-done@bugs.debian.org, 636146-done@bugs.debian.org, 637212-done@bugs.debian.org, 645340-done@bugs.debian.org, 647475-done@bugs.debian.org, 668157-done@bugs.debian.org, 668928-done@bugs.debian.org, 684110-done@bugs.debian.org, 691917-done@bugs.debian.org, 703109-done@bugs.debian.org, 705350-done@bugs.debian.org, 706091-done@bugs.debian.org, 715513-done@bugs.debian.org, 724817-done@bugs.debian.org, 668597-done@bugs.debian.org, 612364-done@bugs.debian.org, 507401-done@bugs.debian.org, 674685-done@bugs.debian.org, 499031-done@bugs.debian.org, 580232-done@bugs.debian.org, 674476-done@bugs.debian.org
Subject: Closing bugs filled against php5 in oldstable
Date: Fri, 04 Jul 2014 14:09:04 +0200
Version: 5.4.4-14

Hey all,

I am closing the bugs that were filled against php5 5.3 in Debian
oldstable
(well and earlier)...

Feel free to reopen the bug in you can reproduce it with php5 from
current
stable Debian release.

Cheers,
-- 
Ondřej Surý <ondrej@sury.org>
Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server

Marked as fixed in versions php5/5.4.4-7. Request was from Ondřej Surý <ondrej@debian.org> to control@bugs.debian.org. (Wed, 09 Jul 2014 08:12:04 GMT) (full text, mbox, link).

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Thu, 07 Aug 2014 07:33:36 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sun Jul 2 03:38:36 2023; Machine Name: bembo

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.