mirror of
https://github.com/sbrl/Pepperminty-Wiki.git
synced 2024-12-22 13:45:02 +00:00
Update hide_email implementation
It now requires Javascript to decode the email address. If this is a problem for whatever reason, please get in touch by opening an issue. I take accessibility very seriously.
This commit is contained in:
parent
272fdea0ee
commit
93bff09422
8 changed files with 35 additions and 38 deletions
|
@ -295,30 +295,30 @@ function makepathsafe($string)
|
|||
}
|
||||
|
||||
/**
|
||||
* Hides an email address from bots by adding random html entities.
|
||||
* @todo Make this more clevererer :D
|
||||
* Hides an email address from bots. Returns a fragment of HTML that contains the mangled email address.
|
||||
* @package core
|
||||
* @param string $str The original email address
|
||||
* @return string The mangled email address.
|
||||
* @param string $str The original email address
|
||||
* @param string $display_text The display text for the resulting HTML - if null then the original email address is used.
|
||||
* @return string The mangled email address.
|
||||
*/
|
||||
function hide_email($str)
|
||||
function hide_email(string $email, string $display_text = null) : string
|
||||
{
|
||||
$hidden_email = "";
|
||||
for($i = 0; $i < strlen($str); $i++)
|
||||
{
|
||||
if($str[$i] == "@")
|
||||
{
|
||||
$hidden_email .= "&#" . ord("@") . ";";
|
||||
continue;
|
||||
}
|
||||
if(rand(0, 1) == 0)
|
||||
$hidden_email .= $str[$i];
|
||||
else
|
||||
$hidden_email .= "&#" . ord($str[$i]) . ";";
|
||||
$enc = json_encode([ $email, $display_text ]);
|
||||
$len = strlen($enc);
|
||||
$pool = []; for($i = 0; $i < $len; $i++) $pool[] = $i;
|
||||
$a = []; $b = [];
|
||||
for($i = 0; $i < $len; $i++) {
|
||||
$n = random_int(0, $len - $i - 1);
|
||||
$j = array_splice($pool, $n, 1)[0]; $b[] = $j;
|
||||
// echo("chose ".$enc[$j].", index $j, n $n\n");
|
||||
$a[] = $enc[$j];
|
||||
}
|
||||
|
||||
return $hidden_email;
|
||||
$a = base64_encode(implode("|", $a));
|
||||
$b = base64_encode(implode("|", $b));
|
||||
$span_id = "he-".crypto_id(16);
|
||||
return "<a href='#protected-with-javascript' id='$span_id'>[protected with javascript]</span><script>(() => {let c=\"$a|$b\".split('|').map(atob).map(s=>s.split('|'));let d=[],e=document.getElementById('$span_id');c[1].map((n,i)=>d[parseInt(n)]=c[0][i]);d=JSON.parse(d.join(''));e.textContent=d[1]==null?d[0]:d[1];e.setAttribute('href', 'mailto:'+d[0])})();</script>";
|
||||
}
|
||||
|
||||
/**
|
||||
* Checks to see if $haystack starts with $needle.
|
||||
* @package core
|
||||
|
|
|
@ -128,8 +128,7 @@ class page_renderer
|
|||
if(!is_callable($function))
|
||||
{
|
||||
http_response_code(500);
|
||||
$admin_email = hide_email($settings->admindetails_email);
|
||||
exit(page_renderer::render("$settings->sitename - Module Error", "<p>$settings->sitename has got a misbehaving module installed that tried to register an invalid HTML handler with the page renderer. Please contact $settings->sitename's administrator {$settings->admindetails_name} at <a href='mailto:$admin_email'>$admin_email</a>."));
|
||||
exit(page_renderer::render("$settings->sitename - Module Error", "<p>$settings->sitename has got a misbehaving module installed that tried to register an invalid HTML handler with the page renderer. Please contact $settings->sitename's administrator {$settings->admindetails_name} at ".hide_email($settings->admindetails_email)."."));
|
||||
}
|
||||
|
||||
self::$part_processors[] = $function;
|
||||
|
|
|
@ -45,7 +45,7 @@ function parse_page_source($source, $untrusted = false, $use_cache = true) {
|
|||
if(!$settings->parser_cache || strlen($source) < $settings->parser_cache_min_size) $use_cache = false;
|
||||
|
||||
if(!isset($parsers[$settings->parser]))
|
||||
exit(page_renderer::render_main("Parsing error - $settings->sitename", "<p>Parsing some page source data failed. This is most likely because $settings->sitename has the parser setting set incorrectly. Please contact <a href='mailto:" . hide_email($settings->admindetails_email) . "'>" . $settings->admindetails_name . "</a>, your $settings->sitename Administrator."));
|
||||
exit(page_renderer::render_main("Parsing error - $settings->sitename", "<p>Parsing some page source data failed. This is most likely because $settings->sitename has the parser setting set incorrectly. Please contact " . hide_email($settings->admindetails_email, $settings->admindetails_name) . ", $settings->sitename's Administrator."));
|
||||
|
||||
/* Not needed atm because escaping happens when saving, not when rendering *
|
||||
if($settings->clean_raw_html)
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
<?php
|
||||
register_module([
|
||||
"name" => "Page Comments",
|
||||
"version" => "0.3.2",
|
||||
"version" => "0.3.3",
|
||||
"author" => "Starbeamrainbowlabs",
|
||||
"description" => "Adds threaded comments to the bottom of every page.",
|
||||
"id" => "feature-comments",
|
||||
|
@ -67,7 +67,7 @@ register_module([
|
|||
if(!file_exists($comment_filename)) {
|
||||
if(file_put_contents($comment_filename, "[]\n") === false) {
|
||||
http_response_code(503);
|
||||
exit(page_renderer::renderer_main("Error posting comment - $settings->sitename", "<p>$settings->sitename ran into a problem whilst creating a file to save your comment to! Please contact <a href='mailto:" . hide_email($settings->admindetails_email) . "'>$settings->admindetails_name</a>, $settings->sitename's administrator and tell them about this problem.</p>"));
|
||||
exit(page_renderer::renderer_main("Error posting comment - $settings->sitename", "<p>$settings->sitename ran into a problem whilst creating a file to save your comment to! Please contact " . hide_email($settings->admindetails_email, $settings->admindetails_name) . ", $settings->sitename's administrator and tell them about this problem.</p>"));
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -120,7 +120,7 @@ register_module([
|
|||
// Save the comments back to disk
|
||||
if(file_put_contents($comment_filename, json_encode($comment_data, JSON_PRETTY_PRINT)) === false) {
|
||||
http_response_code(503);
|
||||
exit(page_renderer::renderer_main("Error posting comment - $settings->sitename", "<p>$settings->sitename ran into a problem whilst saving your comment to disk! Please contact <a href='mailto:" . hide_email($settings->admindetails_email) . "'>$settings->admindetails_name</a>, $settings->sitename's administrator and tell them about this problem.</p>"));
|
||||
exit(page_renderer::renderer_main("Error posting comment - $settings->sitename", "<p>$settings->sitename ran into a problem whilst saving your comment to disk! Please contact " . hide_email($settings->admindetails_email, $settings->admindetails_name) . ", $settings->sitename's administrator and tell them about this problem.</p>"));
|
||||
}
|
||||
|
||||
// Add a recent change if the recent changes module is installed
|
||||
|
@ -198,7 +198,7 @@ register_module([
|
|||
|
||||
if(!file_put_contents($comment_filename, json_encode($comments))) {
|
||||
http_response_code(503);
|
||||
exit(page_renderer::render_main("Server Error - Deleting Comment - $settings->sitename", "<p>While $settings->sitename was able to delete the comment with the id <code>" . htmlentities($target_id) . "</code> on the page <em>$env->page</em>, it couldn't save the changes back to disk. Please contact <a href='mailto:" . hide_email($settings->admindetails_email) . "'>$settings->admindetails_name</a>, $settings->sitename's local friendly administrator about this issue.</p>"));
|
||||
exit(page_renderer::render_main("Server Error - Deleting Comment - $settings->sitename", "<p>While $settings->sitename was able to delete the comment with the id <code>" . htmlentities($target_id) . "</code> on the page <em>$env->page</em>, it couldn't save the changes back to disk. Please contact " . hide_email($settings->admindetails_email, $settings->admindetails_name) . ", $settings->sitename's local friendly administrator about this issue.</p>"));
|
||||
}
|
||||
|
||||
exit(page_renderer::render_main("Comment Deleted - $settings->sitename", "<p>The comment with the id <code>" . htmlentities($target_id) . "</code> on the page <em>$env->page</em> has been deleted successfully. <a href='?page=" . rawurlencode($env->page) . "&redirect=no'>Go back</a> to " . htmlentities($env->page) . ".</p>"));
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
<?php
|
||||
register_module([
|
||||
"name" => "Statistics",
|
||||
"version" => "0.4.2",
|
||||
"version" => "0.4.3",
|
||||
"author" => "Starbeamrainbowlabs",
|
||||
"description" => "An extensible statistics calculation system. Comes with a range of built-in statistics, but can be extended by other modules too.",
|
||||
"id" => "feature-stats",
|
||||
|
@ -58,7 +58,7 @@ register_module([
|
|||
switch($stat_calculator["type"]) {
|
||||
case "page-list":
|
||||
if(!module_exists("page-list")) {
|
||||
$content .= "<p>$settings->sitename doesn't current have the page listing module installed, so HTML rendering of this statistic is currently unavailable. Try <a href='mailto:" . hide_email($settings->admindetails_email) . "'>contacting $settings->admindetails_name</a>, $settings->sitename's administrator and asking then to install the <code>page-list</code> module.</p>";
|
||||
$content .= "<p>$settings->sitename doesn't current have the page listing module installed, so HTML rendering of this statistic is currently unavailable. Try " . hide_email($settings->admindetails_email, "contacting $settings->admindetails_name") . ", $settings->sitename's administrator and asking then to install the <code>page-list</code> module.</p>";
|
||||
break;
|
||||
}
|
||||
$content .= "<p><strong>Count:</strong> " . count($stats->{$_GET["stat"]}->value) . "</p>\n";
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
<?php
|
||||
register_module([
|
||||
"name" => "User Preferences",
|
||||
"version" => "0.4",
|
||||
"version" => "0.4.1",
|
||||
"author" => "Starbeamrainbowlabs",
|
||||
"description" => "Adds a user preferences page, letting people do things like change their email address and password.",
|
||||
"id" => "feature-user-preferences",
|
||||
|
@ -135,7 +135,7 @@ register_module([
|
|||
// Save the user's preferences
|
||||
if(!save_userdata()) {
|
||||
http_response_code(503);
|
||||
exit(page_renderer::render_main("Error Saving Preferences - $settings->sitename", "<p>$settings->sitename had some trouble saving your preferences! Please contact $settings->admindetails_name, $settings->sitename's administrator and tell them about this error if it still occurs in 5 minutes. They can be contacted by email at this address: <a href='mailto:" . hide_email($settings->admindetails_email) . "'>" . hide_email($settings->admindetails_email) . "</a>.</p>"));
|
||||
exit(page_renderer::render_main("Error Saving Preferences - $settings->sitename", "<p>$settings->sitename had some trouble saving your preferences! Please contact $settings->admindetails_name, $settings->sitename's administrator and tell them about this error if it still occurs in 5 minutes. They can be contacted by email at this address: ".hide_email($settings->admindetails_email).".</p>"));
|
||||
}
|
||||
|
||||
exit(page_renderer::render_main("Preferences Saved Successfully - $settings->sitename", "<p>Your preferences have been saved successfully! You could go back your <a href='?action=user-preferences'>preferences page</a>, or on to the <a href='?page=" . rawurlencode($settings->defaultpage) . "'>$settings->defaultpage</a>.</p>
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
<?php
|
||||
register_module([
|
||||
"name" => "Export",
|
||||
"version" => "0.5",
|
||||
"version" => "0.5.1",
|
||||
"author" => "Starbeamrainbowlabs",
|
||||
"description" => "Adds a page that you can use to export your wiki as a .zip file. Uses \$settings->export_only_allow_admins, which controls whether only admins are allowed to export the wiki.",
|
||||
"id" => "page-export",
|
||||
|
@ -40,8 +40,7 @@ register_module([
|
|||
|
||||
$zip = new ZipArchive();
|
||||
|
||||
if($zip->open($tmpfilename, ZipArchive::CREATE) !== true)
|
||||
{
|
||||
if($zip->open($tmpfilename, ZipArchive::CREATE) !== true) {
|
||||
http_response_code(507);
|
||||
exit(page_renderer::render("Export error - $settings->sitename", "Pepperminty Wiki was unable to open a temporary file to store the exported data in. Please contact $settings->sitename's administrator (" . $settings->admindetails_name . " at " . hide_email($settings->admindetails_email) . ") for assistance."));
|
||||
}
|
||||
|
@ -52,10 +51,9 @@ register_module([
|
|||
$zip->addFile($entry->uploadedfilepath);
|
||||
}
|
||||
|
||||
if($zip->close() !== true)
|
||||
{
|
||||
if($zip->close() !== true) {
|
||||
http_response_code(500);
|
||||
exit(page_renderer::render("Export error - $settings->sitename", "Pepperminty wiki was unable to close the temporary zip file after creating it. Please contact $settings->sitename's administrator (" . $settings->admindetails_name . " at " . hide_email($settings->admindetails_email) . ") for assistance."));
|
||||
exit(page_renderer::render("Export error - $settings->sitename", "Pepperminty wiki was unable to close the temporary zip file after creating it. Please contact $settings->sitename's administrator (" . $settings->admindetails_name . " at " . hide_email($settings->admindetails_email) . ") for assistance (this might be a bug)."));
|
||||
}
|
||||
|
||||
header("content-type: application/zip");
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
<?php
|
||||
register_module([
|
||||
"name" => "Login",
|
||||
"version" => "0.9.5",
|
||||
"version" => "0.9.6",
|
||||
"author" => "Starbeamrainbowlabs",
|
||||
"description" => "Adds a pair of actions (login and checklogin) that allow users to login. You need this one if you want your users to be able to login.",
|
||||
"id" => "page-login",
|
||||
|
@ -182,7 +182,7 @@ register_module([
|
|||
|
||||
// Register a section on logging in on the help page.
|
||||
add_help_section("30-login", "Logging in", "<p>In order to edit $settings->sitename and have your edit attributed to you, you need to be logged in. Depending on the settings, logging in may be a required step if you want to edit at all. Thankfully, loggging in is not hard. Simply click the "Login" link in the top left, type your username and password, and then click login.</p>
|
||||
<p>If you do not have an account yet and would like one, try contacting <a href='mailto:" . hide_email($settings->admindetails_email) . "'>$settings->admindetails_name</a>, $settings->sitename's administrator and ask them nicely to see if they can create you an account.</p>");
|
||||
<p>If you do not have an account yet and would like one, try contacting " . hide_email($settings->admindetails_email, $settings->admindetails_name) . ", $settings->sitename's administrator and ask them nicely to see if they can create you an account.</p>");
|
||||
|
||||
// Re-check the password hashing cost, if necessary
|
||||
do_password_hash_code_update();
|
||||
|
|
Loading…
Reference in a new issue