diff options
| author |  Alexandre Alapetite <alexandre@alapetite.fr>
| 2013-08-25 21:40:39 +0200 |
|---|---|---|
| committer | Alexandre Alapetite <alexandre@alapetite.fr>
| 2013-08-25 21:40:39 +0200 |
| commit | 6981a24b9c41c577d9c47e7e53c094fbecbb6b38 (patch) | |
| tree | 9a0d1eccd34752ff4d3767fd6d47d9687380965a | |
| parent | 4cf9119a7dfd8b8a45344dff4d884a445dcb5a5a (diff) | |
More explicit UTF-8
More explicit UTF-8 in PDO MySQL, html_entity_decode, htmlentities, and
htmlspecialchars (less important)
| -rw-r--r-- | app/models/Feed.php | 2 | ||||
| -rw-r--r-- | lib/SimplePie/SimplePie/Misc.php | 2 | ||||
| -rw-r--r-- | lib/lib_phpQuery.php | 2 | ||||
| -rw-r--r-- | lib/minz/Request.php | 4 | ||||
| -rwxr-xr-x | lib/minz/dao/Model_pdo.php | 12 | ||||
| -rw-r--r-- | public/install.php | 7 |
6 files changed, 20 insertions, 9 deletions
diff --git a/app/models/Feed.php b/app/models/Feed.php index 678809af6..0ea083d5a 100644 --- a/app/models/Feed.php +++ b/app/models/Feed.php @@ -216,7 +216,7 @@ class Feed extends Model { foreach ($feed->get_items () as $item) { $title = $item->get_title (); $title = preg_replace('#<a(.+)>(.+)</a>#', '\\2', $title); - $title = htmlentities($title); + $title = htmlentities($title, ENT_NOQUOTES, 'UTF-8'); $author = $item->get_author (); $link = $item->get_permalink (); $date = strtotime ($item->get_date ()); diff --git a/lib/SimplePie/SimplePie/Misc.php b/lib/SimplePie/SimplePie/Misc.php index 5d7367f64..621f2c062 100644 --- a/lib/SimplePie/SimplePie/Misc.php +++ b/lib/SimplePie/SimplePie/Misc.php @@ -138,7 +138,7 @@ class SimplePie_Misc foreach ($element['attribs'] as $key => $value) { $key = strtolower($key); - $full .= " $key=\"" . htmlspecialchars($value['data']) . '"'; + $full .= " $key=\"" . htmlspecialchars($value['data'], ENT_COMPAT, 'UTF-8') . '"'; } if ($element['self_closing']) { diff --git a/lib/lib_phpQuery.php b/lib/lib_phpQuery.php index 33ed8a011..4aefb70fe 100644 --- a/lib/lib_phpQuery.php +++ b/lib/lib_phpQuery.php @@ -3365,7 +3365,7 @@ class phpQueryObject */ public function text($text = null, $callback1 = null, $callback2 = null, $callback3 = null) { if (isset($text)) - return $this->html(htmlspecialchars($text)); + return $this->html(htmlspecialchars($text), ENT_NOQUOTES, 'UTF-8'); $args = func_get_args(); $args = array_slice($args, 1); $return = ''; diff --git a/lib/minz/Request.php b/lib/minz/Request.php index bd5fcb95e..eea5c87cb 100644 --- a/lib/minz/Request.php +++ b/lib/minz/Request.php @@ -35,9 +35,9 @@ class Request { if(is_object($p) || $specialchars) { return $p; } elseif(is_array($p)) { - return array_map('htmlspecialchars', $p); + return array_map('htmlspecialchars', $p, ENT_NOQUOTES, 'UTF-8'); } else { - return htmlspecialchars($p); + return htmlspecialchars($p, ENT_NOQUOTES, 'UTF-8'); } } else { return $default; diff --git a/lib/minz/dao/Model_pdo.php b/lib/minz/dao/Model_pdo.php index a101887d1..6efe5b30f 100755 --- a/lib/minz/dao/Model_pdo.php +++ b/lib/minz/dao/Model_pdo.php @@ -22,23 +22,29 @@ class Model_pdo { */ public function __construct () { $db = Configuration::dataBase (); + $driver_options = null; try { $type = $db['type']; if($type == 'mysql') { $string = $type . ':host=' . $db['host'] - . ';dbname=' . $db['base']; + . ';dbname=' . $db['base'] + . ';charset=utf8'; + $driver_options = array( + PDO::MYSQL_ATTR_INIT_COMMAND => 'SET NAMES utf8' + ); } elseif($type == 'sqlite') { $string = $type . ':/' . PUBLIC_PATH - . '/data/' . $db['base'] . '.sqlite'; + . '/data/' . $db['base'] . '.sqlite'; //TODO: DEBUG UTF-8 http://www.siteduzero.com/forum/sujet/sqlite-connexion-utf-8-18797 } $this->bd = new PDO ( $string, $db['user'], - $db['password'] + $db['password'], + $driver_options ); $this->prefix = $db['prefix']; diff --git a/public/install.php b/public/install.php index 3e2d7b0f9..65daed111 100644 --- a/public/install.php +++ b/public/install.php @@ -309,8 +309,12 @@ function checkBD () { try { $str = ''; + $driver_options = null; if($_SESSION['bd_type'] == 'mysql') { $str = 'mysql:host=' . $_SESSION['bd_host'] . ';dbname=' . $_SESSION['bd_name']; + $driver_options = array( + PDO::MYSQL_ATTR_INIT_COMMAND => 'SET NAMES utf8' + ); } elseif($_SESSION['bd_type'] == 'sqlite') { $str = 'sqlite:' . PUBLIC_PATH . '/data/' . $_SESSION['bd_name'] . '.sqlite'; @@ -318,7 +322,8 @@ function checkBD () { $c = new PDO ($str, $_SESSION['bd_user'], - $_SESSION['bd_pass']); + $_SESSION['bd_pass'], + $driver_options); $sql = sprintf (SQL_REQ_CAT, $_SESSION['bd_prefix']); $res = $c->query ($sql); |