Project

General

Profile

« Previous | Next » 

Revision 787

Added by doc over 16 years ago

Fixed bug in the mailto encryption code of the Output-Filter module

View differences:

trunk/CHANGELOG
11 11 
! = Update/Change
12 12 

  		




  13
  13
  
    
------------------------------------- 2.7.0 -------------------------------------


  		




  
  14
  
    
02-Apr-2008 Christian Sommer


  		




  
  15
  
    
#	fixed bug in the mailto Javascript encryption code of the Output-Filter module


  		




  14
  16
  
    
01-Apr-2008 Christian Sommer


  		




  15
  17
  
    
!	removed typo in English language file


  		




  16
  18
  
    
!	added updated edit CSS functions to the News module


  		












  

    
      trunk/wb/modules/output_filter/filter-routines.php
    
  





  155
  155
  
    
			if(in_array(OUTPUT_FILTER_MODE, array(6,7))) {


  		




  156
  156
  
    
				/** USE JAVASCRIPT ENCRYPTION FOR MAILTO LINKS **/


  		




  157
  157
  
    

  		




  158
  
  
    
				// create random encryption key


  		




  159
  
  
    
				mt_srand((double)microtime()*1000000);						// initialize the randomizer (PHP < 4.2.0)


  		




  160
  
  
    
				$char_shift = mt_rand(1, 5);											// shift:=1; a->b, shift:=5; a-->f


  		




  161
  
  
    
				$decryption_key = chr($char_shift+97);						// ASCII a:=97


  		




  162
  
  
    
		


  		




  163
  
  
    
				// prepare mailto string for encryption (mail protocol, decryption key, mail address)


  		




  164
  
  
    
				// match[3] contains the optional email subject and body text


  		




  165
  
  
    
				// convert %XX values into characters and remove HTML entities like &amp; into it?s expression like &


  		




  166
  
  
    
				$email_address = "mailto:" .$decryption_key .$match[2] .html_entity_decode(rawurldecode($match[3]));


  		




  167
  
  
    

  		




  168
  
  
    
				// encrypt email address by shifting characters


  		




  
  158
  
    
				// preprocess mailto link parts for further usage


  		




  
  159
  
    
				$search = array('@', '.', '_', '-'); $replace = array('F', 'Z', 'X', 'K');


  		




  
  160
  
    
				$email_address = str_replace($search, $replace, strtolower($match[2]));


  		




  
  161
  
    
				$email_subject = rawurlencode(html_entity_decode($match[3]));


  		




  
  162
  
    
				


  		




  
  163
  
    
				// create a random encryption key for the Caesar cipher


  		




  
  164
  
    
				mt_srand((double)microtime()*1000000);	// (PHP < 4.2.0)


  		




  
  165
  
    
				$shift = mt_rand(1, 25);


  		




  
  166
  
    
				


  		




  
  167
  
    
				// encrypt the email using an adapted Caesar cipher


  		




  169
  168
  
    
		  	$encrypted_email = "";


  		




  170
  
  
    
				for($i=0; $i<strlen($email_address); $i++) {


  		




  171
  
  
    
					$encrypted_email .= chr(ord($email_address[$i]) + $char_shift);


  		




  
  169
  
    
				for($i = strlen($email_address) -1; $i > -1; $i--) {


  		




  
  170
  
    
					if(in_array($email_address[$i], array('F', 'Z', 'X', 'K'))) {


  		




  
  171
  
    
						$encrypted_email .= $email_address[$i];


  		




  
  172
  
    
					} else {


  		




  
  173
  
    
						$encrypted_email .= chr((ord($email_address[$i]) -97 + $shift) % 26 + 97);


  		




  
  174
  
    
					}


  		




  172
  175
  
    
				}


  		




  173
  
  
    
				$encrypted_email[7] = $decryption_key;						// replace first character after mailto: with decryption key 


  		




  174
  
  
    
				$encrypted_email = rawurlencode($encrypted_email);


  		




  
  176
  
    
				$encrypted_email .= chr($shift + 97);


  		




  175
  177
  
    

  		




  176
  
  
    
				// return encrypted javascript mailto link


  		




  177
  
  
    
				$mailto_link  = "<a href=\"javascript:mdcr('";		// a href part with javascript function to decrypt the email address


  		




  178
  
  
    
				$mailto_link .= "$encrypted_email')\">";					// add encrypted email address as paramter to JS function mdcr


  		




  179
  
  
    
				$mailto_link .= $match[5] ."</a>";								// add email link text and closing </a> tag


  		




  
  178
  
    
				// build the encrypted Javascript mailto link


  		




  
  179
  
    
				$mailto_link  = "<a href=\"javascript:mdcr('$encrypted_email','$email_subject')\">" .$match[5] ."</a>";


  		




  
  180
  
    
				


  		




  180
  181
  
    
				return $mailto_link;	


  		




  181
  182
  
    

  		




  182
  183
  
    
			} else {


  		




  183
  184
  
    
				/** DO NOT USE JAVASCRIPT ENCRYPTION FOR MAILTO LINKS **/


  		




  184
  185
  
    

  		




  185
  186
  
    
				// as minimum protection, replace replace @ in the mailto part by (at)


  		




  186
  
  
    
				// dots are not transformed as this would required as my.name@domain.com would look like: my(dot)name(at)domain(dot)com


  		




  
  187
  
    
				// dots are not transformed as this would transform my.name@domain.com into: my(dot)name(at)domain(dot)com


  		




  187
  188
  
    
				


  		




  188
  189
  
    
				// rebuild the mailto link from the subpatterns (at the missing characters " and </a>")


  		




  189
  190
  
    
				return $match[1] .str_replace('@', OUTPUT_FILTER_AT_REPLACEMENT, $match[2]) .$match[3] .'"' .$match[4] .$match[5] .'</a>';


  		












  

    
      trunk/wb/modules/output_filter/js/mdcr.js
    
  





  1
  1
  
    

  		




  2
  2
  
    
// $Id$


  		




  3
  3
  
    

  		




  4
  
  
    
/*


  		




  5
  
  
    
--------------------------------------------------------------------------------


  		




  6
  
  
    
  JAVASCRIPT ROUTINE FOR THE WEBSITE BAKER 2.7 OUTPUT FILTER MODULE


  		




  7
  
  
    
  Licencsed under GNU, written by Christian Sommer (Doc)


  		




  8
  
  
    
--------------------------------------------------------------------------------


  		




  9
  
  
    
*/


  		




  10
  4
  
    

  		




  11
  
  
    
function mdcr(s) {


  		




  12
  
  
    
  location.href=dcstr(s);


  		




  
  5
  
    
function mdcr(a,b) {


  		




  
  6
  
    
  location.href=sdcr(a,b);


  		




  13
  7
  
    
}


  		




  14
  8
  
    

  		




  15
  
  
    
function dcstr(s) {


  		




  16
  
  
    
  var m = unescape(s);


  		




  17
  
  
    
  var x = m.charCodeAt(7)-97;


  		




  18
  
  
    
  var c = m.substr(0,7) + m.substr(8);


  		




  19
  
  
    
  var n=0;


  		




  20
  
  
    
  var r="";


  		




  21
  
  
    

  		




  22
  
  
    
  for(var i=0; i<c.length; i++) {


  		




  23
  
  
    
    r+=String.fromCharCode(c.charCodeAt(i) - x);


  		




  
  9
  
    
function sdcr(a,f) {


  		




  
  10
  
    
  var b = a.charCodeAt(a.length-1) -97;


  		




  
  11
  
    
  var c=""; var e;


  		




  
  12
  
    
  


  		




  
  13
  
    
  for(var d=a.length-2; d>-1; d--) {


  		




  
  14
  
    
    if(a.charCodeAt(d) < 97) {


  		




  
  15
  
    
      if(a.charCodeAt(d) == 70) { c+=String.fromCharCode(64); }


  		




  
  16
  
    
      if(a.charCodeAt(d) == 90) { c+=String.fromCharCode(46); }


  		




  
  17
  
    
      if(a.charCodeAt(d) == 88) { c+=String.fromCharCode(95); }


  		




  
  18
  
    
      if(a.charCodeAt(d) == 45) { c+=String.fromCharCode(45); }


  		




  
  19
  
    
    } else {


  		




  
  20
  
    
      e=(a.charCodeAt(d) - 97 - b) % 26;


  		




  
  21
  
    
      e+=(e<0 || e>25) ? +26 : 0;


  		




  
  22
  
    
      c+=String.fromCharCode(e+97);


  		




  
  23
  
    
    }


  		




  24
  24
  
    
  }


  		




  25
  
  
    
  return r;


  		




  
  25
  
    
  return "mailto:"+c+unescape(f);


  		




  26
  26
  
    
}


  		












Also available in:  Unified diff