Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
--TEST-- htmlentities() / htmlspecialchars() ENT_DISALLOWED with entities and no double en..
Decoded Output download
--TEST--
htmlentities() / htmlspecialchars() ENT_DISALLOWED with entities and no double encode
--FILE--
<?php
$tests = array(
"�", //C0
"",
"	",
"
",
"",
"",
"
", //note that HTML5 is unique in that it forbids this entity, but allows a literal U+0D
"",
"",
" ", //allowed always
"", //DEL
"€", //C1
"Ÿ",
" ", //allowed always
"퟿", //surrogates
"�",
"�",
"", //allowed always
"", //nonchar
"",
"﷏", //allowed always
"", //nonchar
"",
"ﷰ", //allowed always
"", //nonchar
"",
"�", //bad reference
);
function test($flag, $flag2=ENT_DISALLOWED, $charset="UTF-8") {
global $tests;
$i = -1;
foreach ($tests as $test) {
$i++;
$a = htmlentities($test, $flag | $flag2, $charset, FALSE);
$b = htmlspecialchars($test, $flag | $flag2, $charset, FALSE);
if ($a == $b)
echo sprintf("%s %s", $test, $a==$test?"NOT CHANGED":"CHANGED"), "
";
else
echo sprintf("%s CHANGED (%s, %s)", $test, $a, $b), "
";
}
}
echo "*** Testing HTML 4.01 ***
";
test(ENT_HTML401);
echo "
*** Testing XHTML 1.0 ***
";
test(ENT_XHTML);
echo "
*** Testing HTML 5 ***
";
test(ENT_HTML5);
echo "
*** Testing XML 1.0 ***
";
test(ENT_XML1);
echo "
*** Testing 5 without the flag ***
";
test(ENT_HTML5, 0);
echo "
*** Testing HTML 5 with another single-byte encoding ***
";
test(ENT_HTML5, ENT_DISALLOWED, "Windows-1251");
echo "
*** Testing HTML 5 with another multibyte-byte encoding ***
";
test(ENT_HTML5, ENT_DISALLOWED, "SJIS");
?>
--EXPECTF--
*** Testing HTML 4.01 ***
� NOT CHANGED
 NOT CHANGED
	 NOT CHANGED

 NOT CHANGED
 NOT CHANGED
 NOT CHANGED

 NOT CHANGED
 NOT CHANGED
 NOT CHANGED
  NOT CHANGED
 NOT CHANGED
€ NOT CHANGED
Ÿ NOT CHANGED
  NOT CHANGED
퟿ NOT CHANGED
� NOT CHANGED
� NOT CHANGED
 NOT CHANGED
 NOT CHANGED
 NOT CHANGED
﷏ NOT CHANGED
 NOT CHANGED
 NOT CHANGED
ﷰ NOT CHANGED
 NOT CHANGED
 NOT CHANGED
� CHANGED
*** Testing XHTML 1.0 ***
� CHANGED
 CHANGED
	 NOT CHANGED

 NOT CHANGED
 CHANGED
 CHANGED

 NOT CHANGED
 CHANGED
 CHANGED
  NOT CHANGED
 NOT CHANGED
€ NOT CHANGED
Ÿ NOT CHANGED
  NOT CHANGED
퟿ NOT CHANGED
� CHANGED
� CHANGED
 NOT CHANGED
 CHANGED
 CHANGED
﷏ NOT CHANGED
 NOT CHANGED
 NOT CHANGED
ﷰ NOT CHANGED
 NOT CHANGED
 NOT CHANGED
� CHANGED
*** Testing HTML 5 ***
� CHANGED (&#0;, &#0;)
 CHANGED (&#1;, &#1;)
	 NOT CHANGED

 NOT CHANGED
 CHANGED (&#x0B;, &#x0B;)
 NOT CHANGED

 CHANGED (&#x0D;, &#x0D;)
 CHANGED (&#x0E;, &#x0E;)
 CHANGED (&#x1F;, &#x1F;)
  NOT CHANGED
 CHANGED (&#x7F;, &#x7F;)
€ CHANGED (&#x80;, &#x80;)
Ÿ CHANGED (&#x9F;, &#x9F;)
  NOT CHANGED
퟿ NOT CHANGED
� NOT CHANGED
� NOT CHANGED
 NOT CHANGED
 CHANGED (&#xFFFE;, &#xFFFE;)
 CHANGED (&#xFFFF;, &#xFFFF;)
﷏ NOT CHANGED
 CHANGED (&#xFDD0;, &#xFDD0;)
 CHANGED (&#xFDEF;, &#xFDEF;)
ﷰ NOT CHANGED
 CHANGED (&#x2FFFE;, &#x2FFFE;)
 CHANGED (&#x2FFFF;, &#x2FFFF;)
� CHANGED (&#x110000;, &#x110000;)
*** Testing XML 1.0 ***
� CHANGED
 CHANGED
	 NOT CHANGED

 NOT CHANGED
 CHANGED
 CHANGED

 NOT CHANGED
 CHANGED
 CHANGED
  NOT CHANGED
 NOT CHANGED
€ NOT CHANGED
Ÿ NOT CHANGED
  NOT CHANGED
퟿ NOT CHANGED
� CHANGED
� CHANGED
 NOT CHANGED
 CHANGED
 CHANGED
﷏ NOT CHANGED
 NOT CHANGED
 NOT CHANGED
ﷰ NOT CHANGED
 NOT CHANGED
 NOT CHANGED
� CHANGED
*** Testing 5 without the flag ***
� NOT CHANGED
 NOT CHANGED
	 NOT CHANGED

 NOT CHANGED
 NOT CHANGED
 NOT CHANGED

 NOT CHANGED
 NOT CHANGED
 NOT CHANGED
  NOT CHANGED
 NOT CHANGED
€ NOT CHANGED
Ÿ NOT CHANGED
  NOT CHANGED
퟿ NOT CHANGED
� NOT CHANGED
� NOT CHANGED
 NOT CHANGED
 NOT CHANGED
 NOT CHANGED
﷏ NOT CHANGED
 NOT CHANGED
 NOT CHANGED
ﷰ NOT CHANGED
 NOT CHANGED
 NOT CHANGED
� CHANGED (&#x110000;, &#x110000;)
*** Testing HTML 5 with another single-byte encoding ***
� CHANGED (&#0;, &#0;)
 CHANGED (&#1;, &#1;)
	 NOT CHANGED

 NOT CHANGED
 CHANGED (&#x0B;, &#x0B;)
 NOT CHANGED

 CHANGED (&#x0D;, &#x0D;)
 CHANGED (&#x0E;, &#x0E;)
 CHANGED (&#x1F;, &#x1F;)
  NOT CHANGED
 CHANGED (&#x7F;, &#x7F;)
€ CHANGED (&#x80;, &#x80;)
Ÿ CHANGED (&#x9F;, &#x9F;)
  NOT CHANGED
퟿ NOT CHANGED
� NOT CHANGED
� NOT CHANGED
 NOT CHANGED
 CHANGED (&#xFFFE;, &#xFFFE;)
 CHANGED (&#xFFFF;, &#xFFFF;)
﷏ NOT CHANGED
 CHANGED (&#xFDD0;, &#xFDD0;)
 CHANGED (&#xFDEF;, &#xFDEF;)
ﷰ NOT CHANGED
 CHANGED (&#x2FFFE;, &#x2FFFE;)
 CHANGED (&#x2FFFF;, &#x2FFFF;)
� CHANGED (&#x110000;, &#x110000;)
*** Testing HTML 5 with another multibyte-byte encoding ***
Notice: htmlentities(): Only basic entities substitution is supported for multi-byte encodings other than UTF-8; functionality is equivalent to htmlspecialchars in %s line %d
� CHANGED
Notice: htmlentities(): Only basic entities substitution is supported for multi-byte encodings other than UTF-8; functionality is equivalent to htmlspecialchars in %s line %d
 CHANGED
Notice: htmlentities(): Only basic entities substitution is supported for multi-byte encodings other than UTF-8; functionality is equivalent to htmlspecialchars in %s line %d
	 NOT CHANGED
Notice: htmlentities(): Only basic entities substitution is supported for multi-byte encodings other than UTF-8; functionality is equivalent to htmlspecialchars in %s line %d

 NOT CHANGED
Notice: htmlentities(): Only basic entities substitution is supported for multi-byte encodings other than UTF-8; functionality is equivalent to htmlspecialchars in %s line %d
 CHANGED
Notice: htmlentities(): Only basic entities substitution is supported for multi-byte encodings other than UTF-8; functionality is equivalent to htmlspecialchars in %s line %d
 NOT CHANGED
Notice: htmlentities(): Only basic entities substitution is supported for multi-byte encodings other than UTF-8; functionality is equivalent to htmlspecialchars in %s line %d

 CHANGED
Notice: htmlentities(): Only basic entities substitution is supported for multi-byte encodings other than UTF-8; functionality is equivalent to htmlspecialchars in %s line %d
 CHANGED
Notice: htmlentities(): Only basic entities substitution is supported for multi-byte encodings other than UTF-8; functionality is equivalent to htmlspecialchars in %s line %d
 CHANGED
Notice: htmlentities(): Only basic entities substitution is supported for multi-byte encodings other than UTF-8; functionality is equivalent to htmlspecialchars in %s line %d
  NOT CHANGED
Notice: htmlentities(): Only basic entities substitution is supported for multi-byte encodings other than UTF-8; functionality is equivalent to htmlspecialchars in %s line %d
 CHANGED
Notice: htmlentities(): Only basic entities substitution is supported for multi-byte encodings other than UTF-8; functionality is equivalent to htmlspecialchars in %s line %d
€ CHANGED
Notice: htmlentities(): Only basic entities substitution is supported for multi-byte encodings other than UTF-8; functionality is equivalent to htmlspecialchars in %s line %d
Ÿ CHANGED
Notice: htmlentities(): Only basic entities substitution is supported for multi-byte encodings other than UTF-8; functionality is equivalent to htmlspecialchars in %s line %d
  NOT CHANGED
Notice: htmlentities(): Only basic entities substitution is supported for multi-byte encodings other than UTF-8; functionality is equivalent to htmlspecialchars in %s line %d
퟿ NOT CHANGED
Notice: htmlentities(): Only basic entities substitution is supported for multi-byte encodings other than UTF-8; functionality is equivalent to htmlspecialchars in %s line %d
� NOT CHANGED
Notice: htmlentities(): Only basic entities substitution is supported for multi-byte encodings other than UTF-8; functionality is equivalent to htmlspecialchars in %s line %d
� NOT CHANGED
Notice: htmlentities(): Only basic entities substitution is supported for multi-byte encodings other than UTF-8; functionality is equivalent to htmlspecialchars in %s line %d
 NOT CHANGED
Notice: htmlentities(): Only basic entities substitution is supported for multi-byte encodings other than UTF-8; functionality is equivalent to htmlspecialchars in %s line %d
 CHANGED
Notice: htmlentities(): Only basic entities substitution is supported for multi-byte encodings other than UTF-8; functionality is equivalent to htmlspecialchars in %s line %d
 CHANGED
Notice: htmlentities(): Only basic entities substitution is supported for multi-byte encodings other than UTF-8; functionality is equivalent to htmlspecialchars in %s line %d
﷏ NOT CHANGED
Notice: htmlentities(): Only basic entities substitution is supported for multi-byte encodings other than UTF-8; functionality is equivalent to htmlspecialchars in %s line %d
 CHANGED
Notice: htmlentities(): Only basic entities substitution is supported for multi-byte encodings other than UTF-8; functionality is equivalent to htmlspecialchars in %s line %d
 CHANGED
Notice: htmlentities(): Only basic entities substitution is supported for multi-byte encodings other than UTF-8; functionality is equivalent to htmlspecialchars in %s line %d
ﷰ NOT CHANGED
Notice: htmlentities(): Only basic entities substitution is supported for multi-byte encodings other than UTF-8; functionality is equivalent to htmlspecialchars in %s line %d
 CHANGED
Notice: htmlentities(): Only basic entities substitution is supported for multi-byte encodings other than UTF-8; functionality is equivalent to htmlspecialchars in %s line %d
 CHANGED
Notice: htmlentities(): Only basic entities substitution is supported for multi-byte encodings other than UTF-8; functionality is equivalent to htmlspecialchars in %s line %d
� CHANGED
Did this file decode correctly?
Original Code
--TEST--
htmlentities() / htmlspecialchars() ENT_DISALLOWED with entities and no double encode
--FILE--
<?php
$tests = array(
"�", //C0
"",
"	",
"
",
"",
"",
"
", //note that HTML5 is unique in that it forbids this entity, but allows a literal U+0D
"",
"",
" ", //allowed always
"", //DEL
"€", //C1
"Ÿ",
" ", //allowed always
"퟿", //surrogates
"�",
"�",
"", //allowed always
"", //nonchar
"",
"﷏", //allowed always
"", //nonchar
"",
"ﷰ", //allowed always
"", //nonchar
"",
"�", //bad reference
);
function test($flag, $flag2=ENT_DISALLOWED, $charset="UTF-8") {
global $tests;
$i = -1;
foreach ($tests as $test) {
$i++;
$a = htmlentities($test, $flag | $flag2, $charset, FALSE);
$b = htmlspecialchars($test, $flag | $flag2, $charset, FALSE);
if ($a == $b)
echo sprintf("%s\t%s", $test, $a==$test?"NOT CHANGED":"CHANGED"), "\n";
else
echo sprintf("%s\tCHANGED (%s, %s)", $test, $a, $b), "\n";
}
}
echo "*** Testing HTML 4.01 ***\n";
test(ENT_HTML401);
echo "\n*** Testing XHTML 1.0 ***\n";
test(ENT_XHTML);
echo "\n*** Testing HTML 5 ***\n";
test(ENT_HTML5);
echo "\n*** Testing XML 1.0 ***\n";
test(ENT_XML1);
echo "\n*** Testing 5 without the flag ***\n";
test(ENT_HTML5, 0);
echo "\n*** Testing HTML 5 with another single-byte encoding ***\n";
test(ENT_HTML5, ENT_DISALLOWED, "Windows-1251");
echo "\n*** Testing HTML 5 with another multibyte-byte encoding ***\n";
test(ENT_HTML5, ENT_DISALLOWED, "SJIS");
?>
--EXPECTF--
*** Testing HTML 4.01 ***
� NOT CHANGED
 NOT CHANGED
	 NOT CHANGED

 NOT CHANGED
 NOT CHANGED
 NOT CHANGED

 NOT CHANGED
 NOT CHANGED
 NOT CHANGED
  NOT CHANGED
 NOT CHANGED
€ NOT CHANGED
Ÿ NOT CHANGED
  NOT CHANGED
퟿ NOT CHANGED
� NOT CHANGED
� NOT CHANGED
 NOT CHANGED
 NOT CHANGED
 NOT CHANGED
﷏ NOT CHANGED
 NOT CHANGED
 NOT CHANGED
ﷰ NOT CHANGED
 NOT CHANGED
 NOT CHANGED
� CHANGED
*** Testing XHTML 1.0 ***
� CHANGED
 CHANGED
	 NOT CHANGED

 NOT CHANGED
 CHANGED
 CHANGED

 NOT CHANGED
 CHANGED
 CHANGED
  NOT CHANGED
 NOT CHANGED
€ NOT CHANGED
Ÿ NOT CHANGED
  NOT CHANGED
퟿ NOT CHANGED
� CHANGED
� CHANGED
 NOT CHANGED
 CHANGED
 CHANGED
﷏ NOT CHANGED
 NOT CHANGED
 NOT CHANGED
ﷰ NOT CHANGED
 NOT CHANGED
 NOT CHANGED
� CHANGED
*** Testing HTML 5 ***
� CHANGED (&#0;, &#0;)
 CHANGED (&#1;, &#1;)
	 NOT CHANGED

 NOT CHANGED
 CHANGED (&#x0B;, &#x0B;)
 NOT CHANGED

 CHANGED (&#x0D;, &#x0D;)
 CHANGED (&#x0E;, &#x0E;)
 CHANGED (&#x1F;, &#x1F;)
  NOT CHANGED
 CHANGED (&#x7F;, &#x7F;)
€ CHANGED (&#x80;, &#x80;)
Ÿ CHANGED (&#x9F;, &#x9F;)
  NOT CHANGED
퟿ NOT CHANGED
� NOT CHANGED
� NOT CHANGED
 NOT CHANGED
 CHANGED (&#xFFFE;, &#xFFFE;)
 CHANGED (&#xFFFF;, &#xFFFF;)
﷏ NOT CHANGED
 CHANGED (&#xFDD0;, &#xFDD0;)
 CHANGED (&#xFDEF;, &#xFDEF;)
ﷰ NOT CHANGED
 CHANGED (&#x2FFFE;, &#x2FFFE;)
 CHANGED (&#x2FFFF;, &#x2FFFF;)
� CHANGED (&#x110000;, &#x110000;)
*** Testing XML 1.0 ***
� CHANGED
 CHANGED
	 NOT CHANGED

 NOT CHANGED
 CHANGED
 CHANGED

 NOT CHANGED
 CHANGED
 CHANGED
  NOT CHANGED
 NOT CHANGED
€ NOT CHANGED
Ÿ NOT CHANGED
  NOT CHANGED
퟿ NOT CHANGED
� CHANGED
� CHANGED
 NOT CHANGED
 CHANGED
 CHANGED
﷏ NOT CHANGED
 NOT CHANGED
 NOT CHANGED
ﷰ NOT CHANGED
 NOT CHANGED
 NOT CHANGED
� CHANGED
*** Testing 5 without the flag ***
� NOT CHANGED
 NOT CHANGED
	 NOT CHANGED

 NOT CHANGED
 NOT CHANGED
 NOT CHANGED

 NOT CHANGED
 NOT CHANGED
 NOT CHANGED
  NOT CHANGED
 NOT CHANGED
€ NOT CHANGED
Ÿ NOT CHANGED
  NOT CHANGED
퟿ NOT CHANGED
� NOT CHANGED
� NOT CHANGED
 NOT CHANGED
 NOT CHANGED
 NOT CHANGED
﷏ NOT CHANGED
 NOT CHANGED
 NOT CHANGED
ﷰ NOT CHANGED
 NOT CHANGED
 NOT CHANGED
� CHANGED (&#x110000;, &#x110000;)
*** Testing HTML 5 with another single-byte encoding ***
� CHANGED (&#0;, &#0;)
 CHANGED (&#1;, &#1;)
	 NOT CHANGED

 NOT CHANGED
 CHANGED (&#x0B;, &#x0B;)
 NOT CHANGED

 CHANGED (&#x0D;, &#x0D;)
 CHANGED (&#x0E;, &#x0E;)
 CHANGED (&#x1F;, &#x1F;)
  NOT CHANGED
 CHANGED (&#x7F;, &#x7F;)
€ CHANGED (&#x80;, &#x80;)
Ÿ CHANGED (&#x9F;, &#x9F;)
  NOT CHANGED
퟿ NOT CHANGED
� NOT CHANGED
� NOT CHANGED
 NOT CHANGED
 CHANGED (&#xFFFE;, &#xFFFE;)
 CHANGED (&#xFFFF;, &#xFFFF;)
﷏ NOT CHANGED
 CHANGED (&#xFDD0;, &#xFDD0;)
 CHANGED (&#xFDEF;, &#xFDEF;)
ﷰ NOT CHANGED
 CHANGED (&#x2FFFE;, &#x2FFFE;)
 CHANGED (&#x2FFFF;, &#x2FFFF;)
� CHANGED (&#x110000;, &#x110000;)
*** Testing HTML 5 with another multibyte-byte encoding ***
Notice: htmlentities(): Only basic entities substitution is supported for multi-byte encodings other than UTF-8; functionality is equivalent to htmlspecialchars in %s line %d
� CHANGED
Notice: htmlentities(): Only basic entities substitution is supported for multi-byte encodings other than UTF-8; functionality is equivalent to htmlspecialchars in %s line %d
 CHANGED
Notice: htmlentities(): Only basic entities substitution is supported for multi-byte encodings other than UTF-8; functionality is equivalent to htmlspecialchars in %s line %d
	 NOT CHANGED
Notice: htmlentities(): Only basic entities substitution is supported for multi-byte encodings other than UTF-8; functionality is equivalent to htmlspecialchars in %s line %d

 NOT CHANGED
Notice: htmlentities(): Only basic entities substitution is supported for multi-byte encodings other than UTF-8; functionality is equivalent to htmlspecialchars in %s line %d
 CHANGED
Notice: htmlentities(): Only basic entities substitution is supported for multi-byte encodings other than UTF-8; functionality is equivalent to htmlspecialchars in %s line %d
 NOT CHANGED
Notice: htmlentities(): Only basic entities substitution is supported for multi-byte encodings other than UTF-8; functionality is equivalent to htmlspecialchars in %s line %d

 CHANGED
Notice: htmlentities(): Only basic entities substitution is supported for multi-byte encodings other than UTF-8; functionality is equivalent to htmlspecialchars in %s line %d
 CHANGED
Notice: htmlentities(): Only basic entities substitution is supported for multi-byte encodings other than UTF-8; functionality is equivalent to htmlspecialchars in %s line %d
 CHANGED
Notice: htmlentities(): Only basic entities substitution is supported for multi-byte encodings other than UTF-8; functionality is equivalent to htmlspecialchars in %s line %d
  NOT CHANGED
Notice: htmlentities(): Only basic entities substitution is supported for multi-byte encodings other than UTF-8; functionality is equivalent to htmlspecialchars in %s line %d
 CHANGED
Notice: htmlentities(): Only basic entities substitution is supported for multi-byte encodings other than UTF-8; functionality is equivalent to htmlspecialchars in %s line %d
€ CHANGED
Notice: htmlentities(): Only basic entities substitution is supported for multi-byte encodings other than UTF-8; functionality is equivalent to htmlspecialchars in %s line %d
Ÿ CHANGED
Notice: htmlentities(): Only basic entities substitution is supported for multi-byte encodings other than UTF-8; functionality is equivalent to htmlspecialchars in %s line %d
  NOT CHANGED
Notice: htmlentities(): Only basic entities substitution is supported for multi-byte encodings other than UTF-8; functionality is equivalent to htmlspecialchars in %s line %d
퟿ NOT CHANGED
Notice: htmlentities(): Only basic entities substitution is supported for multi-byte encodings other than UTF-8; functionality is equivalent to htmlspecialchars in %s line %d
� NOT CHANGED
Notice: htmlentities(): Only basic entities substitution is supported for multi-byte encodings other than UTF-8; functionality is equivalent to htmlspecialchars in %s line %d
� NOT CHANGED
Notice: htmlentities(): Only basic entities substitution is supported for multi-byte encodings other than UTF-8; functionality is equivalent to htmlspecialchars in %s line %d
 NOT CHANGED
Notice: htmlentities(): Only basic entities substitution is supported for multi-byte encodings other than UTF-8; functionality is equivalent to htmlspecialchars in %s line %d
 CHANGED
Notice: htmlentities(): Only basic entities substitution is supported for multi-byte encodings other than UTF-8; functionality is equivalent to htmlspecialchars in %s line %d
 CHANGED
Notice: htmlentities(): Only basic entities substitution is supported for multi-byte encodings other than UTF-8; functionality is equivalent to htmlspecialchars in %s line %d
﷏ NOT CHANGED
Notice: htmlentities(): Only basic entities substitution is supported for multi-byte encodings other than UTF-8; functionality is equivalent to htmlspecialchars in %s line %d
 CHANGED
Notice: htmlentities(): Only basic entities substitution is supported for multi-byte encodings other than UTF-8; functionality is equivalent to htmlspecialchars in %s line %d
 CHANGED
Notice: htmlentities(): Only basic entities substitution is supported for multi-byte encodings other than UTF-8; functionality is equivalent to htmlspecialchars in %s line %d
ﷰ NOT CHANGED
Notice: htmlentities(): Only basic entities substitution is supported for multi-byte encodings other than UTF-8; functionality is equivalent to htmlspecialchars in %s line %d
 CHANGED
Notice: htmlentities(): Only basic entities substitution is supported for multi-byte encodings other than UTF-8; functionality is equivalent to htmlspecialchars in %s line %d
 CHANGED
Notice: htmlentities(): Only basic entities substitution is supported for multi-byte encodings other than UTF-8; functionality is equivalent to htmlspecialchars in %s line %d
� CHANGED
Function Calls
None |
Stats
MD5 | db6c709b0603a10346d19f6019cea088 |
Eval Count | 0 |
Decode Time | 105 ms |