HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Search
-
Re: Issue: Vanilla character encoding
-
Issue: Vanilla character encoding
All of the following can be found in the vanilla core: htmlspecialchars(..., C('Garden.Charset', 'UTF-8'))htmlspecialchars(..., 'ISO-8859-1'); // Smarty defaulthtmlspecialchars(..., 'UTF-8')htmlspecialchars(...) // Defaults to 'ISO-8859-1' in PHP <= 5.3 From the PHP manual: But what if C('Garden.Charset') is set to… -
Re: Issue: Vanilla character encoding
-
Re: Issue: Vanilla character encoding
The thing is, writing secure code should be a high, if not the highest priority for a PHP web application. Lets say someone in China installs Vanilla and sets the character encoding to some more exotic variant, but htmlspecialchars looks for dangerous characters according to ISO-8859-1. That cannot work well and surely…
4 results