- Completed rewrite of html.c. Except for determine_charset, almost nothing

  remains.
- Fixed bug on determine_charset that was preventing correct detection in
  combination with internal mbstring encoding "none", "pass" or "auto".
- Added profiles for entity encode/decode for HTMl 4.01, XHTML 1.0, XML 1.0
  and HTML 5. Added the constants ENT_HTML401, ENT_XML1, ENT_XHTML and
  ENT_HTML5.
- htmlentities()/htmlspecialchars(), when told not to double encode, verify
  the correctness of the existenting entities more thoroughly.
  It is checked whether the numerical entity represents a valid unicode code
  point (number is between 0 and 0x10FFFF). If using the flag ENT_DISALLOWED,
  it is also checked whether that numerical entity is valid in selected
  document. In HTML 4.01, all the numerical entities that represent a Unicode
  code point (< U+10FFFFFF) are valid, but that's not the case with other
  document types. If the entity is not valid, & is encoded to &amp;.
  For named entities, the check is also more thorough. While before the only
  check would be to determine if the entity was constituted by alphanumeric
  characters, now it is checked whether that entity is necessarily defined for
  the target document type. Otherwise, & is encoded to &amp;.
- For html_entity_decode(), only valid numerical and named entities (as defined
  above for htmlentities()/htmlspecialchars() + !double_encode) are decoded.
  But there is in this case one additional check. Entities that represent
  non-SGML or otherwise invalid characters are not decoded. Note that, in
  HTML5, U+000D is a valid literal character, but the entity &#x0D is not
  valid and is therefore not decoded.
- The hash tables lazily created for decoding in html_entity_decode() that were
  added recently were substituted by static hash tables. Instead of 1 hash
  table per encoding, there's only one hash table per document type defined in
  terms of unicode code points. This means that for charsets other than UTF-8
  and ISO-8859-1, a conversion to unicode code points is necessary before
  decoding.
- On the encoding side, the ad hoc ranges of entities of the translation
  tables, which mapped (in general) non-unicode code points to HTML entities
  were replaced by three-stage tables for HTML 4 and HTML 5. This mapping
  tables are defined only in terms of unicode code points, so a conversion
  is necessary for charsets other than UTF-8 and ISO-8859-1. Even so, the
  multi-stage table is much faster than the previous method, by a factor
  of 5; the conversion to unicode is a small penalty because it's just a
  simple table lookup.
  XML 1.0/htmlspecialchars() uses a simple table instead of a three-stage
  table.
- Added the flag ENT_SUBSTITUTE, which makes htmlentities()/htmlspecialchars()
  replace the invalid multibyte sequences with U+FFFD (UTF-8) or &#FFFD;
  (other encodings).
- Added the flag ENT_DISALLOWED. Implements FR #52860. Characters that cannot
  appear literally are replaced by U+FFFD (UTF-8) or &#FFFD; (otherwise).
  An alternative implementation would be to encode those characters into
  numerical entities, but that would only work in HTML 4.01 due to limitations
  on the values of numerical entities in other document types. See also the
  effects on htmlentities()/htmlspecialchars() with !double_encode above.

1 files changed, 27 insertions, 12 deletions

diff --git a/ext/standard/html.h b/ext/standard/html.h
index c50a1be20b..4915e171cb 100644
--- a/ext/standard/html.h
+++ b/ext/standard/html.h
@@ -21,15 +21,30 @@
 #ifndef HTML_H
 #define HTML_H
 
-#define ENT_HTML_QUOTE_NONE		0
-#define ENT_HTML_QUOTE_SINGLE	1
-#define ENT_HTML_QUOTE_DOUBLE	2
-#define ENT_HTML_IGNORE_ERRORS	4
-
-#define ENT_COMPAT    ENT_HTML_QUOTE_DOUBLE
-#define ENT_QUOTES    (ENT_HTML_QUOTE_DOUBLE | ENT_HTML_QUOTE_SINGLE)
-#define ENT_NOQUOTES  ENT_HTML_QUOTE_NONE
-#define ENT_IGNORE    ENT_HTML_IGNORE_ERRORS
+#define ENT_HTML_QUOTE_NONE			0
+#define ENT_HTML_QUOTE_SINGLE		1
+#define ENT_HTML_QUOTE_DOUBLE		2
+#define ENT_HTML_IGNORE_ERRORS		4
+#define ENT_HTML_SUBSTITUTE_ERRORS	8
+#define ENT_HTML_DOC_TYPE_MASK		(16|32)
+#define ENT_HTML_DOC_HTML401		0
+#define ENT_HTML_DOC_XML1			16
+#define ENT_HTML_DOC_XHTML			32
+#define ENT_HTML_DOC_HTML5			(16|32)
+/* reserve bit 6 */
+#define ENT_HTML_SUBSTITUTE_DISALLOWED_CHARS	128
+
+
+#define ENT_COMPAT		ENT_HTML_QUOTE_DOUBLE
+#define ENT_QUOTES		(ENT_HTML_QUOTE_DOUBLE | ENT_HTML_QUOTE_SINGLE)
+#define ENT_NOQUOTES	ENT_HTML_QUOTE_NONE
+#define ENT_IGNORE		ENT_HTML_IGNORE_ERRORS
+#define ENT_SUBSTITUTE	ENT_HTML_SUBSTITUTE_ERRORS
+#define ENT_HTML401		0
+#define ENT_XML1		16
+#define ENT_XHTML		32
+#define ENT_HTML5		(16|32)
+#define ENT_DISALLOWED	128
 
 void register_html_constants(INIT_FUNC_ARGS);
 
@@ -39,8 +54,8 @@ PHP_FUNCTION(htmlspecialchars_decode);
 PHP_FUNCTION(html_entity_decode);
 PHP_FUNCTION(get_html_translation_table);
 
-PHPAPI char *php_escape_html_entities(unsigned char *old, int oldlen, int *newlen, int all, int quote_style, char *hint_charset TSRMLS_DC);
-PHPAPI char *php_escape_html_entities_ex(unsigned char *old, int oldlen, int *newlen, int all, int quote_style, char *hint_charset, zend_bool double_encode TSRMLS_DC);
-PHPAPI char *php_unescape_html_entities(unsigned char *old, int oldlen, int *newlen, int all, int quote_style, char *hint_charset TSRMLS_DC);
+PHPAPI char *php_escape_html_entities(unsigned char *old, size_t oldlen, size_t *newlen, int all, int flags, char *hint_charset TSRMLS_DC);
+PHPAPI char *php_escape_html_entities_ex(unsigned char *old, size_t oldlen, size_t *newlen, int all, int flags, char *hint_charset, zend_bool double_encode TSRMLS_DC);
+PHPAPI char *php_unescape_html_entities(unsigned char *old, size_t oldlen, size_t *newlen, int all, int flags, char *hint_charset TSRMLS_DC);
 
 #endif /* HTML_H */