[Tickets #11014] Contact data damaged when adding contact to address book

bugs at horde.org bugs at horde.org
Mon Feb 20 19:45:54 UTC 2012 

DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.

Ticket URL: http://bugs.horde.org/ticket/11014
------------------------------------------------------------------------------
  Ticket             | 11014
  Created By         | maciej.uhlig at us.edu.pl
  Summary            | Contact data damaged when adding contact to address
                     | book
  Queue              | Turba
  Version            | 3.0.11
  Type               | Bug
  State              | Unconfirmed
  Priority           | 2. Medium
  Milestone          |
  Patch              |
  Owners             |
------------------------------------------------------------------------------


maciej.uhlig at us.edu.pl (2012-02-20 19:45) wrote:

Summary: Surname or name of contact are possibly damaged when adding
contact to address book in case the data is UTF-8 encoded. A part of
multibyte character in surname or name is sometimes treated as a
whitespace when sscanf() is called.

Analysis: There is sscanf() function used in /turba/lib/Driver.php:

$splitval = sscanf($val, $parse['format']);

$var can be a multibyte string (UTF-8 encoded).

sscanf(), as a PHP String function, doesn't handle multibyte encodings  
such as UTF-8.

So, instead of sscanf(), another way of composite fields computing  
should be used.

Please note 1: PHP manual says: sscanf() function is not locale-aware.  
This is not true. PHP's sscanf() uses isspace() system function call  
which is locale-aware. Moreover, isspace() works as expected only for  
alphanumeric characters and symbols. The results of isspace() on other  
than these bytes of unsigned char type is unpredictable in general.  
Therefore composite name computing with sscanf() may or may not  
succeed, and eventually success is not the proof of code correctness.

Please note 2: this was reported with Ticket #10956 and shown to  
slusarz at horde.org who wasn't able to reproduce this issue. IMHO the  
ability to reproduce the issue depends on subtle operating system  
details (i.e. on isspace() implementation).

Please note 3: So, this could be in fact Solaris (not Horde) issue  
(doesn't happen under Ubuntu Linux for instance). Solaris isspace() is  
badly damaged. However you shouldn't use sscanf() there because data  
can be multibyte. But there is no similar multibyte function in PHP. I  
think PHP needs something like swscanf(). Maybe Multibyte String or  
intl functions could be used.

But in this case the problem is to find three substrings separated by  
space(s). explode() should be enough?

More information about the bugs mailing list