History log of /PHP_TRUNK/ext/standard/html.h
Revision Date Author Comments (<<< Hide modified files) (Show modified files >>>)
c081ce6 03-Jan-2014 Xinchen Hui <laruence@php.net> Bump year
a666285 01-Jan-2013 Xinchen Hui <laruence@php.net> Happy New Year
8775a37 01-Jan-2012 Felipe Pena <felipe@php.net> - Year++
0203cc3 01-Jan-2011 Felipe Pena <felipe@php.net> - Year++
e69b1ff 27-Oct-2010 Gustavo André dos Santos Lopes <cataphract@php.net> - Fixed bug #49687 (utf8_decode vulnerabilities and deficiencies in the number
of reported malformed sequences). (Gustavo)
#Made a public interface for get_next_char/utf-8 in trunk to use in utf8_decode.
#In PHP 5.3, trunk's get_next_char was copied to xml.c because 5.3's
#get_next_char is different and is not prepared to recover appropriately from
91727cb 24-Oct-2010 Gustavo André dos Santos Lopes <cataphract@php.net> - Completed rewrite of html.c. Except for determine_charset, almost nothing
- Fixed bug on determine_charset that was preventing correct detection in
combination with internal mbstring encoding "none", "pass" or "auto".
- Added profiles for entity encode/decode for HTMl 4.01, XHTML 1.0, XML 1.0
and HTML 5. Added the constants ENT_HTML401, ENT_XML1, ENT_XHTML and
- htmlentities()/htmlspecialchars(), when told not to double encode, verify
the correctness of the existenting entities more thoroughly.
It is checked whether the numerical entity represents a valid unicode code
point (number is between 0 and 0x10FFFF). If using the flag ENT_DISALLOWED,
it is also checked whether that numerical entity is valid in selected
document. In HTML 4.01, all the numerical entities that represent a Unicode
code point (< U+10FFFFFF) are valid, but that's not the case with other
document types. If the entity is not valid, & is encoded to &amp;.
For named entities, the check is also more thorough. While before the only
check would be to determine if the entity was constituted by alphanumeric
characters, now it is checked whether that entity is necessarily defined for
the target document type. Otherwise, & is encoded to &amp;.
- For html_entity_decode(), only valid numerical and named entities (as defined
above for htmlentities()/htmlspecialchars() + !double_encode) are decoded.
But there is in this case one additional check. Entities that represent
non-SGML or otherwise invalid characters are not decoded. Note that, in
HTML5, U+000D is a valid literal character, but the entity &#x0D is not
valid and is therefore not decoded.
- The hash tables lazily created for decoding in html_entity_decode() that were
added recently were substituted by static hash tables. Instead of 1 hash
table per encoding, there's only one hash table per document type defined in
terms of unicode code points. This means that for charsets other than UTF-8
and ISO-8859-1, a conversion to unicode code points is necessary before
- On the encoding side, the ad hoc ranges of entities of the translation
tables, which mapped (in general) non-unicode code points to HTML entities
were replaced by three-stage tables for HTML 4 and HTML 5. This mapping
tables are defined only in terms of unicode code points, so a conversion
is necessary for charsets other than UTF-8 and ISO-8859-1. Even so, the
multi-stage table is much faster than the previous method, by a factor
of 5; the conversion to unicode is a small penalty because it's just a
simple table lookup.
XML 1.0/htmlspecialchars() uses a simple table instead of a three-stage
- Added the flag ENT_SUBSTITUTE, which makes htmlentities()/htmlspecialchars()
replace the invalid multibyte sequences with U+FFFD (UTF-8) or &#FFFD;
(other encodings).
- Added the flag ENT_DISALLOWED. Implements FR #52860. Characters that cannot
appear literally are replaced by U+FFFD (UTF-8) or &#FFFD; (otherwise).
An alternative implementation would be to encode those characters into
numerical entities, but that would only work in HTML 4.01 due to limitations
on the values of numerical entities in other document types. See also the
effects on htmlentities()/htmlspecialchars() with !double_encode above.
9ba1e81 03-Jan-2010 Sebastian Bergmann <sebastian@php.net> sed -i "s#1997-2009#1997-2010#g" **/*.c **/*.h **/*.php
08659c2 31-Dec-2008 Sebastian Bergmann <sebastian@php.net> MFH: Bump copyright year, 3 of 3.
18794ad 26-Nov-2008 Arnaud Le Blanc <lbarnaud@php.net> MFH: Added ENT_IGNORE as a compatibility flag for htmlentities() and
htmlspecialchars() to skip multibyte sequences intead of returning an
empty string (as iconv's //IGNORE). These functions will still never
return an invalid or incomplete multibyte sequence.
Fixes #43896
d1dded8 31-Dec-2007 Sebastian Bergmann <sebastian@php.net> MFH: Bump copyright year, 2 of 2.
c98cbb6 22-May-2007 Ilia Alshanetsky <iliaa@php.net> [DOC] Added a 4th parameter flag to htmlspecialchars() and htmlentities()
that makes the function not encode existing html entities. The feature is
disabled by default and can be activated by passing FALSE as the 4th param
4223aa4 01-Jan-2007 Sebastian Bergmann <sebastian@php.net> MFH: Bump year.
aaf1201 28-Nov-2006 Antony Dovgal <tony2001@php.net> add php_unescape_html_entities() proto to the header
(fixes #39665)
5bd9322 01-Jan-2006 foobar <sniper@php.net> bump year and license version
23e671a 03-Aug-2005 foobar <sniper@php.net> - Bumber up year
975ff6f 07-Mar-2005 Ilia Alshanetsky <iliaa@php.net> Added htmlspecialchars_decode() function for fast conversion from
htmlspecialchars() generated entities back to characters.
ccfc46b 08-Jan-2004 foobar <sniper@php.net> - Happy new year and PHP 5 for rest of the files too..
# Should the LICENSE and Zend/LICENSE dates be updated too?
f68c7ff 10-Jun-2003 James Cox <imajes@php.net> updating license information in the headers.
b506f5c 31-Dec-2002 Sebastian Bergmann <sebastian@php.net> Bump year.
b5d4b54 26-Sep-2002 Sebastian Bergmann <sebastian@php.net> Fix ZTS build.
a184f5d 16-Mar-2002 Wez Furlong <wez@php.net> * formatting, plus remove some old fopen wrappers
0f65280 15-Mar-2002 Wez Furlong <wez@php.net> New PHP streams...
90613d2 28-Feb-2002 Sebastian Bergmann <sebastian@php.net> Maintain headers.
3893351 11-Dec-2001 Sebastian Bergmann <sebastian@php.net> Update headers.
d38cba8 28-May-2001 Wez Furlong <wez@php.net> Added charset awareness to htmlentities() and htmlspecialchars(); use an
optional third parameter to specify the charset; otherwise tries to determine
it from the LC_CTYPE locale setting.
07a5e3f 25-Apr-2001 Andrei Zmievski <andrei@php.net> * Made ENT_* defines availabe to other functions.
* The key/variable names in WDDX are now html escaped to not break XML.
@- Fixed WDDX serialization to HTML-escape key/variable names so as not to
@ break the XML packet. (Andrei)
eb6ba01 26-Feb-2001 Andi Gutmans <andi@php.net> - Fix copyright notices with 2001
d23ad61 12-Sep-2000 Rasmus Lerdorf <rasmus@php.net> Clean up htmlspecialchars/htmlentities inconsistencies.
@Clean up htmlspecialchars/htmlentities inconsistencies. (Rasmus)
83513d9 24-Jul-2000 David Croft <david@php.net> Changed lots of PHP 3 licence headers to PHP 4, mainly in .h files.
Added a few RCS $Id$ tags.

# Note: I have avoided changing any .h files if the corresponding .c file
# had not already been changed as I am not sure if there are any legal
# issues here. So some extensions still have PHP 3 headers.
16017f6 02-Jul-2000 Sascha Schumann <sas@php.net> Change header protection macros to conform to standard.

Draft 3 of IEEE 1003.1 200x, "2.2 The Compilation Environment"

All identifiers that begin with an underscore and either an uppercase
letter or another underscore are always reserved for any use by the
4c7af66 29-Feb-2000 Andrei Zmievski <andrei@php.net> Made php_escape_html_entities() as a separate function for export.
f24db30 21-Nov-1999 Thies C. Arntzen <thies@php.net> @- Implemented get_html_translation_table() function. (Thies)
(PHP get_html_translation_table) new function.
39691be 16-May-1999 Sascha Schumann <sas@php.net> conv_proto *.[ch]
257de2b 17-Apr-1999 Stig Bakken <ssb@php.net> First commit of re-structuring phase one. We have started using automake in
sub-directories and started to move extension code into ext/<name>. For now,
I have moved the "standard" extension (which is quite a mix of everything
right now) and the GD extension into their own subdirs in ext/.
The configure script now also runs configure in the libzend directory
automatically and makes sure php4 and libzend use the same config.cache file.
To avoid running configure in libzend, use the --no-recursion option.
"make" in php4 also builds libzend now.
The Apache module doesn't compile right now, but a fix for that is
coming up.