WIP PR https://github.com/atrol/mantisbt/tree/remove-utf8-library

Not sure we can target this to 2.x or have to wait for 3.x.

Hi,

We use mantis on a server without support for mbstring, and one that we can not add mbstring to.
We do not have any issues with utf8. Please do not remove something that works correctly without providing alternative.

You may find that the library hasn't changed as there is no need - if the library correctly counts the length of a utf8 string the code is not going to change!!

It's not implemented at the moment, but it's documented that mbstring is mandatory https://mantisbt.org/docs/master/en-US/Admin_Guide/html-desktop/#admin.install.requirements.software

I looked at the code and found that even the current implementation needs the extension, at least if you want to use Markdown.
The underlying 3rd party library (parsedown) uses mb_strlen from the mbstring extension.

We use mantis on a server without support for mbstring, and one that we can not add mbstring to.

@fudge, why can't you add the extension?
If you don't have root access, did you ask your provider?

Effectively yes.

There's a couple of internal reasons (Both technical and non-technical), externally the extension has had a few security issues recently (for example 3 CVE's in June).

In terms of the parsdown library, that library currently has several utf8 handling issues, somewhat surprised you've not hit issues, but then it may be that english is the predominate language and/or that the utf8 library also processing the text is hiding them

There's a couple of internal reasons

I see no way and no reason to consider internal reasons as long as they are internal.
Maybe you can share some more details.

the extension has had a few security issues recently

I don't see at the moment that there is a special reason not to use mbstring.
There are always security related fixes in PHP core and extensions.
You never know which CVE we will see tomorrow.
You have always to keep your complete operating environment up to date if you set value on security.

@fuge meanwhile I noticed that we are checking since 2014 for mbstring as a mandatory extension, see https://github.com/mantisbt/mantisbt/commit/5c8d5827d645eb95fdbd635cea08b92dc0662930

I told many users during the last years to run admin/check/index.php when they encountered any issue.
None of the users told that there is a error message concerning this extension.
This means there can't be that much users running Mantis without having mbstring enabled.

Unfortunately you did not share any more technical details, why enabling mbstring would be a problem for you.

I will provide a pull request for this change.
If other Mantis developers agree, the next Mantis version will require mbstring extension.

So this could be your last chance to prevent this change.

PR https://github.com/mantisbt/mantisbt/pull/1283