Revision 787
Added by doc about 16 years ago
filter-routines.php | ||
---|---|---|
155 | 155 |
if(in_array(OUTPUT_FILTER_MODE, array(6,7))) { |
156 | 156 |
/** USE JAVASCRIPT ENCRYPTION FOR MAILTO LINKS **/ |
157 | 157 |
|
158 |
// create random encryption key |
|
159 |
mt_srand((double)microtime()*1000000); // initialize the randomizer (PHP < 4.2.0) |
|
160 |
$char_shift = mt_rand(1, 5); // shift:=1; a->b, shift:=5; a-->f |
|
161 |
$decryption_key = chr($char_shift+97); // ASCII a:=97 |
|
162 |
|
|
163 |
// prepare mailto string for encryption (mail protocol, decryption key, mail address) |
|
164 |
// match[3] contains the optional email subject and body text |
|
165 |
// convert %XX values into characters and remove HTML entities like & into it?s expression like & |
|
166 |
$email_address = "mailto:" .$decryption_key .$match[2] .html_entity_decode(rawurldecode($match[3])); |
|
167 |
|
|
168 |
// encrypt email address by shifting characters |
|
158 |
// preprocess mailto link parts for further usage |
|
159 |
$search = array('@', '.', '_', '-'); $replace = array('F', 'Z', 'X', 'K'); |
|
160 |
$email_address = str_replace($search, $replace, strtolower($match[2])); |
|
161 |
$email_subject = rawurlencode(html_entity_decode($match[3])); |
|
162 |
|
|
163 |
// create a random encryption key for the Caesar cipher |
|
164 |
mt_srand((double)microtime()*1000000); // (PHP < 4.2.0) |
|
165 |
$shift = mt_rand(1, 25); |
|
166 |
|
|
167 |
// encrypt the email using an adapted Caesar cipher |
|
169 | 168 |
$encrypted_email = ""; |
170 |
for($i=0; $i<strlen($email_address); $i++) { |
|
171 |
$encrypted_email .= chr(ord($email_address[$i]) + $char_shift); |
|
169 |
for($i = strlen($email_address) -1; $i > -1; $i--) { |
|
170 |
if(in_array($email_address[$i], array('F', 'Z', 'X', 'K'))) { |
|
171 |
$encrypted_email .= $email_address[$i]; |
|
172 |
} else { |
|
173 |
$encrypted_email .= chr((ord($email_address[$i]) -97 + $shift) % 26 + 97); |
|
174 |
} |
|
172 | 175 |
} |
173 |
$encrypted_email[7] = $decryption_key; // replace first character after mailto: with decryption key |
|
174 |
$encrypted_email = rawurlencode($encrypted_email); |
|
176 |
$encrypted_email .= chr($shift + 97); |
|
175 | 177 |
|
176 |
// return encrypted javascript mailto link |
|
177 |
$mailto_link = "<a href=\"javascript:mdcr('"; // a href part with javascript function to decrypt the email address |
|
178 |
$mailto_link .= "$encrypted_email')\">"; // add encrypted email address as paramter to JS function mdcr |
|
179 |
$mailto_link .= $match[5] ."</a>"; // add email link text and closing </a> tag |
|
178 |
// build the encrypted Javascript mailto link |
|
179 |
$mailto_link = "<a href=\"javascript:mdcr('$encrypted_email','$email_subject')\">" .$match[5] ."</a>"; |
|
180 |
|
|
180 | 181 |
return $mailto_link; |
181 | 182 |
|
182 | 183 |
} else { |
183 | 184 |
/** DO NOT USE JAVASCRIPT ENCRYPTION FOR MAILTO LINKS **/ |
184 | 185 |
|
185 | 186 |
// as minimum protection, replace replace @ in the mailto part by (at) |
186 |
// dots are not transformed as this would required as my.name@domain.com would look like: my(dot)name(at)domain(dot)com
|
|
187 |
// dots are not transformed as this would transform my.name@domain.com into: my(dot)name(at)domain(dot)com
|
|
187 | 188 |
|
188 | 189 |
// rebuild the mailto link from the subpatterns (at the missing characters " and </a>") |
189 | 190 |
return $match[1] .str_replace('@', OUTPUT_FILTER_AT_REPLACEMENT, $match[2]) .$match[3] .'"' .$match[4] .$match[5] .'</a>'; |
Also available in: Unified diff
Fixed bug in the mailto encryption code of the Output-Filter module