View Issue Details

IDProjectCategoryView StatusLast Update
0001401Main CAcert Websiteaccount administrationpublic2021-08-25 13:39
Reporterwytze Assigned ToBenBE  
PriorityhighSeveritymajorReproducibilityalways
Status newResolutionopen 
PlatformDefaultOSanyOS Versionany
Product Version2015 Q3 
Target Version2015 Q3 
Summary0001401: Names containing non-ascii characters are displayed incorrectly on the website
DescriptionThis (anonymized) support request was received by critical-admin@cacert.org:

-------------------------------------------------------------------------------
My email: xxxxx
My first name: xxxxx
My middle name: xxxxx
My last name: Żxxxxx

However, my last name at https://www.cacert.org/account.php?id=13 (ie.
My Details View/Edit) is 'Żxxxxx'

Where 'Ż' is a decimal html encoding of 'Ż'.

Unicode Decimal Code Ż

Symbol Name:Latin Capital Letter Z With Dot Above
Html Entity:
Hex Code:Ż
Decimal Code:Ż
Unicode Group:Latin Extended-A

Could this be fixed in the database to be 'Żxxxxx' (presumably
correctly UTF-8 encoded)?
-------------------------------------------------------------------------------

critical-admin@cacert.org answered with:

-------------------------------------------------------------------------------
The database contains the Ż encoding, which I believe to be correct
(according to the way the CAcert application code works in general).
The display is indeed not correct, which IMHO opinion is caused by a code
change made on 7 June 2014, in particular the change to pages/account/13.php,
which is now passing the database values through the sanitizeHTML() function.
This function is transforming the & to &, causing the first character of
this user's name to be passed to the browser as &0000379; which will result
in the bad display experienced by this user.

I suggest to file an issue on bugs.cacert.org for this problem, it requires
a (set of) code change(s) to fix it.

FYI: I have attached the checkin notification containing the offending
change -- unfortunately it was rather complex and large.
-------------------------------------------------------------------------------

The checkin notification mentioned above can be found at:

https://lists.cacert.org/wws/arc/cacert-systemlog/2014-06/msg00005.html

Unfortunately, the suggestion to report this issue on bugs.cacert.org was not followed up by CAcert Support. Hence critical-admin@cacert.org does it now.
Steps To ReproduceRegister a name containing a special character like Ż and observe the way it is displayed on https://www.cacert.org/account.php?id=13
TagsNo tags attached.
Reviewed by
Test Instructions

Relationships

related to 0000769 needs workTed Client certificate broken with unicode 

Activities

There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2015-09-09 07:08 wytze New Issue
2015-09-09 07:08 wytze Assigned To => BenBE
2021-08-25 13:39 bdmc Relationship added related to 0000769