[BUG]: Encoding error in the database or API
Closed this issue · 2 comments
gpascal123 commented
gluafamichl commented
Root cause of this problem is the usage of htmlentities() function on the backend before writing the data to the database. I see two solutions at the moment:
- Use html_entity_decode() before converting the database content to JSON (the wrongly encoded strings will still be in the database, but will be converted before passing them to the frontend)
- Use htmlspecialchars() and/or strip_tags() before writing the data to the database. This removes all potentially risky elements such as HTML tags or quotation marks from the data.
gluafamichl commented
There are several problems:
- To remain compatible with the old PHP UI we must save the strings with HTML encoding to the database
- There is a duplicated usage of htmlentities(), the first is in json2db() in AbstractBaseAPI.class.php, the second one in the DB object creation, e.g. HashlistUtils::createHashlist(). That is okay for german characters like ä, ö, ß, but it fails with french accents.
- When converting the DB objects to JSON, html_entity_decode is missing.
Proposed solution:
- Remove htmlentities() from DB object creation
- Apply html_entitiy_decode() before dumping values to JSON.