[dokuwiki] Re: UTF Normalization
- From: "Harry Fuecks" <hfuecks@xxxxxxxxx>
- To: dokuwiki@xxxxxxxxxxxxx
- Date: Mon, 27 Mar 2006 20:53:46 +0200
> What do you mean by this?
> iirc, many (most) parts of Dokuwiki don't use mb aware or utf-8 aware
> functions, relying on byte patterns rather than character counts.
I'd guess those functions would be safe - these kind of characters
would _not_ be mistaken for real ASCII characters by something like;
str_replace("\n",'',$str);
> Yeh, but who knows where the input has come from. If its exploitable,
> some one will work out away to spoof apparent utf-8 content that isn't
> utf-8.
Exactly.
--
DokuWiki mailing list - more info at
http://wiki.splitbrain.org/wiki:mailinglist
- References:
- [dokuwiki] UTF Normalization
- From: Harry Fuecks
- [dokuwiki] Re: UTF Normalization
- From: Andreas Gohr
- [dokuwiki] Re: UTF Normalization
- From: Chris Smith
Other related posts:
- » [dokuwiki] UTF Normalization
- » [dokuwiki] Re: UTF Normalization
- » [dokuwiki] Re: UTF Normalization
- » [dokuwiki] Re: UTF Normalization
- » [dokuwiki] Re: UTF Normalization
- [dokuwiki] UTF Normalization
- From: Harry Fuecks
- [dokuwiki] Re: UTF Normalization
- From: Andreas Gohr
- [dokuwiki] Re: UTF Normalization
- From: Chris Smith