Use ENT_QUOTES|ENT_SUBSTITUTE default for HTML encoding and decoding functions

htmlspecialchars() etc now use ENT_QUOTES | ENT_SUBSTITUTE rather than ENT_COMPAT by default. Closes GH-6583.
author: Craig Francis <craig@craigfrancis.co.uk> 2021-01-06 17:44:11 +0000
committer: Nikita Popov <nikita.ppv@gmail.com> 2021-01-18 15:45:28 +0100
commit: 50eca61f68815005f3b0f808578cc1ce3b4297f0 (patch)
tree: 7d4fd79b28c8fc0e99c3e57d173ceec0cf178aaf /UPGRADING
parent: 496e4741a39365f948af8f239187417aca077fb0 (diff)
download: php-git-50eca61f68815005f3b0f808578cc1ce3b4297f0.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/UPGRADING b/UPGRADING
index 1b2fafcbc7..3c0939796e 100644
--- a/UPGRADING
+++ b/UPGRADING
@@ -69,6 +69,12 @@ PHP 8.1 UPGRADE NOTES
 
 - Standard:
   . version_compare() no longer accepts undocumented operator abbreviations.
+  . htmlspecialchars(), htmlentities(), htmlspecialchars_decode(),
+    html_entitity_decode() and get_html_translation_table() now use
+    ENT_QUOTES | ENT_SUBSTITUTE rather than ENT_COMPAT by default. This means
+    that ' is escaped to &#039; while previously it was left alone.
+    Additionally, malformed UTF-8 will be replaced by a Unicode substitution
+    character, instead of resulting in an empty string.
 
 ========================================
 2. New Features
author	Craig Francis <craig@craigfrancis.co.uk>	2021-01-06 17:44:11 +0000
committer	Nikita Popov <nikita.ppv@gmail.com>	2021-01-18 15:45:28 +0100
commit	50eca61f68815005f3b0f808578cc1ce3b4297f0 (patch)
tree	7d4fd79b28c8fc0e99c3e57d173ceec0cf178aaf /UPGRADING
parent	496e4741a39365f948af8f239187417aca077fb0 (diff)
download	php-git-50eca61f68815005f3b0f808578cc1ce3b4297f0.tar.gz