View Issue Details

IDProjectCategoryView StatusLast Update
0023214mantisbtperformancepublic2017-08-13 14:38
ReporteratrolAssigned Toatrol 
PrioritynormalSeverityminorReproducibilityhave not tried
Status assignedResolutionopen 
Product Version 
Target VersionFixed in Version 
Summary0023214: Remove usage of outdated phputf8 library
Description

Advantages of removing the library and enforcing mbstring extension

  • better performance (no wrapping of mbstring functions)
  • less code which is not maintained, e.g there are no changes since years http://sourceforge.net/projects/phputf8/
  • less libraries which are not under composer control (just rss builder will remain at the moment)
TagsNo tags attached.

Relationships

related to 0021959 closeddregad Installer fails if mbstring extension is not installed 

Activities

atrol

atrol

2017-08-13 05:20

developer   ~0057447

WIP PR https://github.com/atrol/mantisbt/tree/remove-utf8-library

Not sure we can target this to 2.x or have to wait for 3.x.

fuge

fuge

2017-08-13 08:09

reporter   ~0057448

Hi,

We use mantis on a server without support for mbstring, and one that we can not add mbstring to.
We do not have any issues with utf8. Please do not remove something that works correctly without providing alternative.

You may find that the library hasn't changed as there is no need - if the library correctly counts the length of a utf8 string the code is not going to change!!

atrol

atrol

2017-08-13 09:17

developer   ~0057449

Last edited: 2017-08-13 09:18

View 2 revisions

It's not implemented at the moment, but it's documented that mbstring is mandatory https://mantisbt.org/docs/master/en-US/Admin_Guide/html-desktop/#admin.install.requirements.software

I looked at the code and found that even the current implementation needs the extension, at least if you want to use Markdown.
The underlying 3rd party library (parsedown) uses mb_strlen from the mbstring extension.

We use mantis on a server without support for mbstring, and one that we can not add mbstring to.

@fudge, why can't you add the extension?
If you don't have root access, did you ask your provider?

fuge

fuge

2017-08-13 10:57

reporter   ~0057451

Effectively yes.

There's a couple of internal reasons (Both technical and non-technical), externally the extension has had a few security issues recently (for example 3 CVE's in June).

In terms of the parsdown library, that library currently has several utf8 handling issues, somewhat surprised you've not hit issues, but then it may be that english is the predominate language and/or that the utf8 library also processing the text is hiding them

atrol

atrol

2017-08-13 14:38

developer   ~0057452

There's a couple of internal reasons

I see no way and no reason to consider internal reasons as long as they are internal.
Maybe you can share some more details.

the extension has had a few security issues recently

I don't see at the moment that there is a special reason not to use mbstring.
There are always security related fixes in PHP core and extensions.
You never know which CVE we will see tomorrow.
You have always to keep your complete operating environment up to date if you set value on security.

Issue History

Date Modified Username Field Change
2017-08-13 05:18 atrol New Issue
2017-08-13 05:18 atrol Status new => assigned
2017-08-13 05:18 atrol Assigned To => atrol
2017-08-13 05:18 atrol Description Updated View Revisions
2017-08-13 05:20 atrol Note Added: 0057447
2017-08-13 08:09 fuge Note Added: 0057448
2017-08-13 08:58 atrol Relationship added related to 0021959
2017-08-13 09:17 atrol Note Added: 0057449
2017-08-13 09:18 atrol Note Edited: 0057449 View Revisions
2017-08-13 10:57 fuge Note Added: 0057451
2017-08-13 14:38 atrol Note Added: 0057452