Revision 787
Added by doc about 16 years ago
| filter-routines.php | ||
|---|---|---|
| 155 | 155 |
if(in_array(OUTPUT_FILTER_MODE, array(6,7))) {
|
| 156 | 156 |
/** USE JAVASCRIPT ENCRYPTION FOR MAILTO LINKS **/ |
| 157 | 157 |
|
| 158 |
// create random encryption key |
|
| 159 |
mt_srand((double)microtime()*1000000); // initialize the randomizer (PHP < 4.2.0) |
|
| 160 |
$char_shift = mt_rand(1, 5); // shift:=1; a->b, shift:=5; a-->f |
|
| 161 |
$decryption_key = chr($char_shift+97); // ASCII a:=97 |
|
| 162 |
|
|
| 163 |
// prepare mailto string for encryption (mail protocol, decryption key, mail address) |
|
| 164 |
// match[3] contains the optional email subject and body text |
|
| 165 |
// convert %XX values into characters and remove HTML entities like & into it?s expression like & |
|
| 166 |
$email_address = "mailto:" .$decryption_key .$match[2] .html_entity_decode(rawurldecode($match[3])); |
|
| 167 |
|
|
| 168 |
// encrypt email address by shifting characters |
|
| 158 |
// preprocess mailto link parts for further usage |
|
| 159 |
$search = array('@', '.', '_', '-'); $replace = array('F', 'Z', 'X', 'K');
|
|
| 160 |
$email_address = str_replace($search, $replace, strtolower($match[2])); |
|
| 161 |
$email_subject = rawurlencode(html_entity_decode($match[3])); |
|
| 162 |
|
|
| 163 |
// create a random encryption key for the Caesar cipher |
|
| 164 |
mt_srand((double)microtime()*1000000); // (PHP < 4.2.0) |
|
| 165 |
$shift = mt_rand(1, 25); |
|
| 166 |
|
|
| 167 |
// encrypt the email using an adapted Caesar cipher |
|
| 169 | 168 |
$encrypted_email = ""; |
| 170 |
for($i=0; $i<strlen($email_address); $i++) {
|
|
| 171 |
$encrypted_email .= chr(ord($email_address[$i]) + $char_shift); |
|
| 169 |
for($i = strlen($email_address) -1; $i > -1; $i--) {
|
|
| 170 |
if(in_array($email_address[$i], array('F', 'Z', 'X', 'K'))) {
|
|
| 171 |
$encrypted_email .= $email_address[$i]; |
|
| 172 |
} else {
|
|
| 173 |
$encrypted_email .= chr((ord($email_address[$i]) -97 + $shift) % 26 + 97); |
|
| 174 |
} |
|
| 172 | 175 |
} |
| 173 |
$encrypted_email[7] = $decryption_key; // replace first character after mailto: with decryption key |
|
| 174 |
$encrypted_email = rawurlencode($encrypted_email); |
|
| 176 |
$encrypted_email .= chr($shift + 97); |
|
| 175 | 177 |
|
| 176 |
// return encrypted javascript mailto link |
|
| 177 |
$mailto_link = "<a href=\"javascript:mdcr('"; // a href part with javascript function to decrypt the email address
|
|
| 178 |
$mailto_link .= "$encrypted_email')\">"; // add encrypted email address as paramter to JS function mdcr |
|
| 179 |
$mailto_link .= $match[5] ."</a>"; // add email link text and closing </a> tag |
|
| 178 |
// build the encrypted Javascript mailto link |
|
| 179 |
$mailto_link = "<a href=\"javascript:mdcr('$encrypted_email','$email_subject')\">" .$match[5] ."</a>";
|
|
| 180 |
|
|
| 180 | 181 |
return $mailto_link; |
| 181 | 182 |
|
| 182 | 183 |
} else {
|
| 183 | 184 |
/** DO NOT USE JAVASCRIPT ENCRYPTION FOR MAILTO LINKS **/ |
| 184 | 185 |
|
| 185 | 186 |
// as minimum protection, replace replace @ in the mailto part by (at) |
| 186 |
// dots are not transformed as this would required as my.name@domain.com would look like: my(dot)name(at)domain(dot)com
|
|
| 187 |
// dots are not transformed as this would transform my.name@domain.com into: my(dot)name(at)domain(dot)com
|
|
| 187 | 188 |
|
| 188 | 189 |
// rebuild the mailto link from the subpatterns (at the missing characters " and </a>") |
| 189 | 190 |
return $match[1] .str_replace('@', OUTPUT_FILTER_AT_REPLACEMENT, $match[2]) .$match[3] .'"' .$match[4] .$match[5] .'</a>';
|
Also available in: Unified diff
Fixed bug in the mailto encryption code of the Output-Filter module