From 385f5459a9331f2dfe753cc64431dc3fc9ddc561 Mon Sep 17 00:00:00 2001
From: Marius Cramer <m.cramer@pixcept.de>
Date: Tue, 13 Jan 2015 12:52:32 +0100
Subject: [PATCH] - added utf8 conversion to db escape function

---
 interface/lib/classes/db_mysql.inc.php | 36 ++++++++++++++++++++++---
 server/lib/classes/db_mysql.inc.php    | 37 +++++++++++++++++++++++---
 2 files changed, 65 insertions(+), 8 deletions(-)

diff --git a/interface/lib/classes/db_mysql.inc.php b/interface/lib/classes/db_mysql.inc.php
index c076c356e..59dcff88a 100644
--- a/interface/lib/classes/db_mysql.inc.php
+++ b/interface/lib/classes/db_mysql.inc.php
@@ -425,6 +425,34 @@ class db extends mysqli
 	}
 
 
+	/**
+	 * check if a utf8 string is valid
+	 *
+	 * @access public
+	 * @param string  $string the string to check
+	 * @return bool true if it is valid utf8, false otherwise
+	 */
+	private function check_utf8($str) {
+		$len = strlen($str);
+		for($i = 0; $i < $len; $i++){
+			$c = ord($str[$i]);
+			if ($c > 128) {
+				if (($c > 247)) return false;
+				elseif ($c > 239) $bytes = 4;
+				elseif ($c > 223) $bytes = 3;
+				elseif ($c > 191) $bytes = 2;
+				else return false;
+				if (($i + $bytes) > $len) return false;
+				while ($bytes > 1) {
+					$i++;
+					$b = ord($str[$i]);
+					if ($b < 128 || $b > 191) return false;
+					$bytes--;
+				}
+			}
+		}
+		return true;
+	} // end of check_utf8
 
 	/**
 	 * Escape a string for usage in a query
@@ -442,16 +470,16 @@ class db extends mysqli
 			$sString = '';
 		}
 
-		/*$cur_encoding = mb_detect_encoding($sString);
+		$cur_encoding = mb_detect_encoding($sString);
 		if($cur_encoding != "UTF-8") {
 			if($cur_encoding != 'ASCII') {
-				$app->log('String ' . substr($sString, 0, 25) . '... is ' . $cur_encoding . '.', LOGLEVEL_WARN);
+				$app->log('String ' . substr($sString, 0, 25) . '... is ' . $cur_encoding . '.', LOGLEVEL_INFO);
 				if($cur_encoding) $sString = mb_convert_encoding($sString, 'UTF-8', $cur_encoding);
 				else $sString = mb_convert_encoding($sString, 'UTF-8');
 			}
-		} elseif(!PXBase::check_utf8($sString)) {
+		} elseif(!$this->check_utf8($sString)) {
 			$sString = utf8_encode($sString);
-		}*/
+		}
 
 		if($this->_iConnId) return mysqli_real_escape_string($this->_iConnId, $sString);
 		else return addslashes($sString);
diff --git a/server/lib/classes/db_mysql.inc.php b/server/lib/classes/db_mysql.inc.php
index 6f443fb00..8075d1f1f 100644
--- a/server/lib/classes/db_mysql.inc.php
+++ b/server/lib/classes/db_mysql.inc.php
@@ -389,6 +389,35 @@ class db extends mysqli
 
 
 
+	/**
+	 * check if a utf8 string is valid
+	 *
+	 * @access public
+	 * @param string  $string the string to check
+	 * @return bool true if it is valid utf8, false otherwise
+	 */
+	private function check_utf8($str) {
+		$len = strlen($str);
+		for($i = 0; $i < $len; $i++){
+			$c = ord($str[$i]);
+			if ($c > 128) {
+				if (($c > 247)) return false;
+				elseif ($c > 239) $bytes = 4;
+				elseif ($c > 223) $bytes = 3;
+				elseif ($c > 191) $bytes = 2;
+				else return false;
+				if (($i + $bytes) > $len) return false;
+				while ($bytes > 1) {
+					$i++;
+					$b = ord($str[$i]);
+					if ($b < 128 || $b > 191) return false;
+					$bytes--;
+				}
+			}
+		}
+		return true;
+	} // end of check_utf8
+
 	/**
 	 * Escape a string for usage in a query
 	 *
@@ -405,16 +434,16 @@ class db extends mysqli
 			$sString = '';
 		}
 
-		/*$cur_encoding = mb_detect_encoding($sString);
+		$cur_encoding = mb_detect_encoding($sString);
 		if($cur_encoding != "UTF-8") {
 			if($cur_encoding != 'ASCII') {
-				$app->log('String ' . substr($sString, 0, 25) . '... is ' . $cur_encoding . '.', LOGLEVEL_WARN);
+				$app->log('String ' . substr($sString, 0, 25) . '... is ' . $cur_encoding . '.', LOGLEVEL_INFO);
 				if($cur_encoding) $sString = mb_convert_encoding($sString, 'UTF-8', $cur_encoding);
 				else $sString = mb_convert_encoding($sString, 'UTF-8');
 			}
-		} elseif(!PXBase::check_utf8($sString)) {
+		} elseif(!$this->check_utf8($sString)) {
 			$sString = utf8_encode($sString);
-		}*/
+		}
 
 		if($this->_iConnId) return mysqli_real_escape_string($this->_iConnId, $sString);
 		else return addslashes($sString);
-- 
GitLab