WordPress.org

Make WordPress Core

Opened 4 years ago

Closed 4 years ago

#37913 closed defect (bug) (wontfix)

Switch/case string comparison is case-sensitive

Reported by: mangeshp Owned by:
Milestone: Priority: normal
Severity: normal Version: 4.6
Component: External Libraries Keywords: has-patch
Focuses: Cc:

Description

Switch/case string comparison is case-sensitive. It's better not to assume that whatever data we will receive in a function argument will be in the same case as we will be checking in condition.

Take a look at this snippet from file wp-includes/ID3/getid3.lib.php :

switch ($charset) {
	case '1251':
	case '1252':
	case '866':
	case '932':
	case '936':
	case '950':
	case 'BIG5':
	case 'BIG5-HKSCS':
	case 'cp1251':
	case 'cp1252':
	case 'cp866':
	case 'EUC-JP':
	case 'EUCJP':
	case 'GB2312':
	case 'ibm866':
	case 'ISO-8859-1':
	case 'ISO-8859-15':
	case 'ISO8859-1':
	case 'ISO8859-15':
	case 'KOI8-R':
	case 'koi8-ru':
	case 'koi8r':
	case 'Shift_JIS':
	case 'SJIS':
	case 'win-1251':
	case 'Windows-1251':
	case 'Windows-1252':
		$HTMLstring = htmlentities($string, ENT_COMPAT, $charset);
		break;

	case 'UTF-8':
		$strlen = strlen($string);
		for ($i = 0; $i < $strlen; $i++) {
			$char_ord_val = ord($string{$i});
			$charval = 0;
			if ($char_ord_val < 0x80) {
				$charval = $char_ord_val;
			} elseif ((($char_ord_val & 0xF0) >> 4) == 0x0F  &&  $i+3 < $strlen) {
				$charval  = (($char_ord_val & 0x07) << 18);
				$charval += ((ord($string{++$i}) & 0x3F) << 12);
				$charval += ((ord($string{++$i}) & 0x3F) << 6);
				$charval +=  (ord($string{++$i}) & 0x3F);
			} elseif ((($char_ord_val & 0xE0) >> 5) == 0x07  &&  $i+2 < $strlen) {
				$charval  = (($char_ord_val & 0x0F) << 12);
				$charval += ((ord($string{++$i}) & 0x3F) << 6);
				$charval +=  (ord($string{++$i}) & 0x3F);
			} elseif ((($char_ord_val & 0xC0) >> 6) == 0x03  &&  $i+1 < $strlen) {
				$charval  = (($char_ord_val & 0x1F) << 6);
				$charval += (ord($string{++$i}) & 0x3F);
			}
			if (($charval >= 32) && ($charval <= 127)) {
				$HTMLstring .= htmlentities(chr($charval));
			} else {
				$HTMLstring .= '&#'.$charval.';';
			}
		}
		break;

	case 'UTF-16LE':
		for ($i = 0; $i < strlen($string); $i += 2) {
			$charval = self::LittleEndian2Int(substr($string, $i, 2));
			if (($charval >= 32) && ($charval <= 127)) {
				$HTMLstring .= chr($charval);
			} else {
				$HTMLstring .= '&#'.$charval.';';
			}
		}
		break;

	case 'UTF-16BE':
		for ($i = 0; $i < strlen($string); $i += 2) {
			$charval = self::BigEndian2Int(substr($string, $i, 2));
			if (($charval >= 32) && ($charval <= 127)) {
				$HTMLstring .= chr($charval);
			} else {
				$HTMLstring .= '&#'.$charval.';';
			}
		}
		break;

Which could have been like this :

switch (strtolower($charset)) {
	case '1251':
	case '1252':
	case '866':
	case '932':
	case '936':
	case '950':
	case 'big5':
	case 'big5-hkscs':
	case 'cp1251':
	case 'cp1252':
	case 'cp866':
	case 'euc-jp':
	case 'eucjp':
	case 'gb2312':
	case 'ibm866':
	case 'iso-8859-1':
	case 'iso-8859-15':
	case 'iso8859-1':
	case 'iso8859-15':
	case 'koi8-r':
	case 'koi8-ru':
	case 'koi8r':
	case 'shift_jis':
	case 'sjis':
	case 'win-1251':
	case 'windows-1251':
	case 'windows-1252':
		$HTMLstring = htmlentities($string, ENT_COMPAT, $charset);
		break;

	case 'utf-8':
		$strlen = strlen($string);
		for ($i = 0; $i < $strlen; $i++) {
			$char_ord_val = ord($string{$i});
			$charval = 0;
			if ($char_ord_val < 0x80) {
				$charval = $char_ord_val;
			} elseif ((($char_ord_val & 0xF0) >> 4) == 0x0F  &&  $i+3 < $strlen) {
				$charval  = (($char_ord_val & 0x07) << 18);
				$charval += ((ord($string{++$i}) & 0x3F) << 12);
				$charval += ((ord($string{++$i}) & 0x3F) << 6);
				$charval +=  (ord($string{++$i}) & 0x3F);
			} elseif ((($char_ord_val & 0xE0) >> 5) == 0x07  &&  $i+2 < $strlen) {
				$charval  = (($char_ord_val & 0x0F) << 12);
				$charval += ((ord($string{++$i}) & 0x3F) << 6);
				$charval +=  (ord($string{++$i}) & 0x3F);
			} elseif ((($char_ord_val & 0xC0) >> 6) == 0x03  &&  $i+1 < $strlen) {
				$charval  = (($char_ord_val & 0x1F) << 6);
				$charval += (ord($string{++$i}) & 0x3F);
			}
			if (($charval >= 32) && ($charval <= 127)) {
				$HTMLstring .= htmlentities(chr($charval));
			} else {
				$HTMLstring .= '&#'.$charval.';';
			}
		}
		break;

	case 'utf-16le':
		for ($i = 0; $i < strlen($string); $i += 2) {
			$charval = self::LittleEndian2Int(substr($string, $i, 2));
			if (($charval >= 32) && ($charval <= 127)) {
				$HTMLstring .= chr($charval);
			} else {
				$HTMLstring .= '&#'.$charval.';';
			}
		}
		break;

	case 'utf-16be':
		for ($i = 0; $i < strlen($string); $i += 2) {
			$charval = self::BigEndian2Int(substr($string, $i, 2));
			if (($charval >= 32) && ($charval <= 127)) {
				$HTMLstring .= chr($charval);
			} else {
				$HTMLstring .= '&#'.$charval.';';
			}
		}
		break;

Attachments (1)

37913.diff (2.0 KB) - added by mangeshp 4 years ago.

Download all attachments as: .zip

Change History (3)

@mangeshp
4 years ago

#1 @mangeshp
4 years ago

  • Keywords has-patch added

#2 @SergeyBiryukov
4 years ago

  • Component changed from General to External Libraries
  • Milestone Awaiting Review deleted
  • Resolution set to wontfix
  • Status changed from new to closed

@mangeshp, thanks for the report!

getID3() is an external library, please submit the patch upstream: http://www.getid3.org/.

If we update it in the future, the fix would probably be included, there is no need to have an extra Trac ticket for that.

Note: See TracTickets for help on using tickets.