View Issue Details

IDProjectCategoryView StatusLast Update
0001401Main CAcert Websiteaccount administrationpublic2015-09-09 07:08
ReporterwytzeAssigned ToBenBE 
PriorityhighSeveritymajorReproducibilityalways
Status newResolutionopen 
PlatformDefaultOSanyOS Versionany
Product Version2015 Q3 
Target Version2015 Q3Fixed in Version 
Summary0001401: Names containing non-ascii characters are displayed incorrectly on the website
DescriptionThis (anonymized) support request was received by critical-admin@cacert.org:

-------------------------------------------------------------------------------
My email: xxxxx
My first name: xxxxx
My middle name: xxxxx
My last name: Żxxxxx

However, my last name at https://www.cacert.org/account.php?id=13 (ie.
My Details View/Edit) is 'Żxxxxx'

Where 'Ż' is a decimal html encoding of 'Ż'.

Unicode Decimal Code Ż

Symbol Name:Latin Capital Letter Z With Dot Above
Html Entity:
Hex Code:Ż
Decimal Code:Ż
Unicode Group:Latin Extended-A

Could this be fixed in the database to be 'Żxxxxx' (presumably
correctly UTF-8 encoded)?
-------------------------------------------------------------------------------

critical-admin@cacert.org answered with:

-------------------------------------------------------------------------------
The database contains the Ż encoding, which I believe to be correct
(according to the way the CAcert application code works in general).
The display is indeed not correct, which IMHO opinion is caused by a code
change made on 7 June 2014, in particular the change to pages/account/13.php,
which is now passing the database values through the sanitizeHTML() function.
This function is transforming the & to &, causing the first character of
this user's name to be passed to the browser as &0000379; which will result
in the bad display experienced by this user.

I suggest to file an issue on bugs.cacert.org for this problem, it requires
a (set of) code change(s) to fix it.

FYI: I have attached the checkin notification containing the offending
change -- unfortunately it was rather complex and large.
-------------------------------------------------------------------------------

The checkin notification mentioned above can be found at:

https://lists.cacert.org/wws/arc/cacert-systemlog/2014-06/msg00005.html

Unfortunately, the suggestion to report this issue on bugs.cacert.org was not followed up by CAcert Support. Hence critical-admin@cacert.org does it now.
Steps To ReproduceRegister a name containing a special character like Ż and observe the way it is displayed on https://www.cacert.org/account.php?id=13
TagsNo tags attached.
Reviewed by
Test Instructions

Activities

There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2015-09-09 07:08 wytze New Issue
2015-09-09 07:08 wytze Assigned To => BenBE