Re: [SM-DEVEL] problems with 8-bit encodings: FROM and SUBJECT field displayed incorrectly

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

> Fix: use htmlspecialchars instead or use htmlentities with correct
> charset, an optional third parameter to
> htmlentities ( string string [,int quote_style [, string charset]] )

Similar problems arise handling Japanese when htmlentities are used.

The following patch - prepared by Masato - illustrates the issue at
hand, which I believe is consistent with that which Grisha Mokhin is
presenting.

--- squirrelmail-1.4.0/functions/mailbox_display.php	2003-01-24 14:33:30.000000000 +0900
+++ squirrelmail-1.4.0-ja/functions/mailbox_display.php	2003-01-24 17:23:17.000000000 +0900
@@ -155,7 +155,7 @@
                 break;
             case 2: /* from */
                 echo html_tag( 'td',
-                               $italic . $bold . $flag . $fontstr . htmlentities($senderName) .
+                               $italic . $bold . $flag . $fontstr . htmlspecialchars($senderName) .
                                $fontstr_end . $flag_end . $bold_end . $italic_end,
                                'left',
                                $hlt_color );

--
 Scott A. Hughes <sah...@sa...>
 Key fingerprint = 6044 BEB9 73E3 E371 2729  8694 F125 B6E3 458A 3EC9
--

At Tue, 28 Jan 2003 12:46:03 +0300,
Grisha Mokhin wrote:
> 
> These problems pertain to the current cvs, HEAD branch.
> 
> 1. 'FROM' field displayed incorrectly.
> 
> Description:
> When decoded from 8 bit encoding different from iso-8859-1 (e.g.
> koi8-r or windows-1251 for Russian), the sender's name in FROM field
> is displayed incorrectly.
> 
> Reason:
> sender's name converted into latin1 html entities by the following
> snippet of code (from functions/mailbox_display.php),
> 
> function printMessageInfo(...
> ***
> case 2: /* from */
>     echo html_tag( 'td',
>       $italic . $bold . $flag . $fontstr . htmlentities($senderName) .
>       $fontstr_end . $flag_end . $bold_end . $italic_end,
>       'left',
>       $hlt_color );
>       break;
> ***
> 
> htmlentities encodes $senderName into latin1 html entities, even
> $senderName is locally in koi8-r or other encoding.
> 
> Fix: use htmlspecialchars instead or use htmlentities with correct
> charset, an optional third parameter to
> htmlentities ( string string [,int quote_style [, string charset]] )
> 
> 
> 2. SUBJECT field displayed incorrectly.
> 
> Description:
> When a message is in 8 bit encoding different from local 8 bit
> encoding (such as in windows-1251 for Russian, while default local
> charset is koi8-r), the SUBJECT field is displayed incorrectly.
> 
> Reason:
> SUBJECT is not converted into local charset by the following
> snippet of code (from functions/mime.php):
> 
> function decodeHeader(...
> ***
>         if (ucfirst($res[4]) == 'B') {
>             $replace = base64_decode($res[5]);
>         } else {
>         // *** skipped
>             if ($utfencode) {
>                 $replace = charset_decode($res[3], $replace);
>             }
>         } 
>  ***
> 
> When the 'if' condition is true, subject line is decoded from base64
> encoded string. $replace is an 8-bit string in the message charset,
> that is in windows-1251, instead of local charset, koi8-r.
> 
> Fix: To make it display properly, it should be recoded into local
> charset, so the code should read as follows:
> 
>         if (ucfirst($res[4]) == 'B') {
>             $replace = base64_decode($res[5]);
>             $replace = charset_decode($res[3], $replace);
>         } else {
> 
> This function, charset_decode, takes message encoding from $res[3]
> and recodes the string into local charset.
> 
> Hope this is just in time before 1.4.0 release.
> 
> Best wishes,
> Grisha Mokhin
> 
> Please cc: me in your replies (if any), as I'm not subscribed to
> this list yet.

--


