sbrl-github/Pepperminty-Wiki
sbrl-github
/
Pepperminty-Wiki
mirror of https://github.com/sbrl/Pepperminty-Wiki.git
1
0
Fork 0
Code

Update hide_email implementation 

It now requires Javascript to decode the email address. If this is a 
problem for whatever reason, please get in touch by opening an issue. I 
take accessibility very seriously.
This commit is contained in:
Starbeamrainbowlabs 2020-08-09 23:53:29 +01:00
parent 272fdea0ee
commit 93bff09422
Signed by: sbrl
GPG Key ID: 1BE5172E637709C2
8 changed files with 35 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
core/05-functions.php
View File

@ -295,30 +295,30 @@ function makepathsafe($string)
}
/**
* Hides an email address from bots by adding random html entities.
* @todo Make this more clevererer :D
* Hides an email address from bots. Returns a fragment of HTML that contains the mangled email address.
* @package core
* @param string $str The original email address
* @return string The mangled email address.
* @param string $str The original email address
* @param string $display_text The display text for the resulting HTML - if null then the original email address is used.
* @return string The mangled email address.
*/
function hide_email($str)
function hide_email(string $email, string $display_text = null) : string
{
$hidden_email = "";
for($i = 0; $i < strlen($str); $i++)
{
if($str[$i] == "@")
{
$hidden_email .= "&#" . ord("@") . ";";
continue;
}
if(rand(0, 1) == 0)
$hidden_email .= $str[$i];
else
$hidden_email .= "&#" . ord($str[$i]) . ";";
$enc = json_encode([ $email, $display_text ]);
$len = strlen($enc);
$pool = []; for($i = 0; $i < $len; $i++) $pool[] = $i;
$a = []; $b = [];
for($i = 0; $i < $len; $i++) {
$n = random_int(0, $len - $i - 1);
$j = array_splice($pool, $n, 1)[0]; $b[] = $j;
// echo("chose ".$enc[$j].", index $j, n $n\n");
$a[] = $enc[$j];
}
return $hidden_email;
$a = base64_encode(implode("|", $a));
$b = base64_encode(implode("|", $b));
$span_id = "he-".crypto_id(16);
return "<a href='#protected-with-javascript' id='$span_id'>[protected with javascript]</span><script>(() => {let c=\"$a|$b\".split('|').map(atob).map(s=>s.split('|'));let d=[],e=document.getElementById('$span_id');c[1].map((n,i)=>d[parseInt(n)]=c[0][i]);d=JSON.parse(d.join(''));e.textContent=d[1]==null?d[0]:d[1];e.setAttribute('href', 'mailto:'+d[0])})();</script>";
}
/**
* Checks to see if $haystack starts with $needle.
* @package core

3
core/40-page-renderer.php
View File

@ -128,8 +128,7 @@ class page_renderer
if(!is_callable($function))
{
http_response_code(500);
$admin_email = hide_email($settings->admindetails_email);
exit(page_renderer::render("$settings->sitename - Module Error", "<p>$settings->sitename has got a misbehaving module installed that tried to register an invalid HTML handler with the page renderer. Please contact $settings->sitename's administrator {$settings->admindetails_name} at <a href='mailto:$admin_email'>$admin_email</a>."));
exit(page_renderer::render("$settings->sitename - Module Error", "<p>$settings->sitename has got a misbehaving module installed that tried to register an invalid HTML handler with the page renderer. Please contact $settings->sitename's administrator {$settings->admindetails_name} at ".hide_email($settings->admindetails_email)."."));
}
self::$part_processors[] = $function;

2
core/70-parser-engine.php
View File

@ -45,7 +45,7 @@ function parse_page_source($source, $untrusted = false, $use_cache = true) {
if(!$settings->parser_cache || strlen($source) < $settings->parser_cache_min_size) $use_cache = false;
if(!isset($parsers[$settings->parser]))
exit(page_renderer::render_main("Parsing error - $settings->sitename", "<p>Parsing some page source data failed. This is most likely because $settings->sitename has the parser setting set incorrectly. Please contact <a href='mailto:" . hide_email($settings->admindetails_email) . "'>" . $settings->admindetails_name . "</a>, your $settings->sitename Administrator."));
exit(page_renderer::render_main("Parsing error - $settings->sitename", "<p>Parsing some page source data failed. This is most likely because $settings->sitename has the parser setting set incorrectly. Please contact " . hide_email($settings->admindetails_email, $settings->admindetails_name) . ", $settings->sitename's Administrator."));
/* Not needed atm because escaping happens when saving, not when rendering *
if($settings->clean_raw_html)

8
modules/feature-comments.php
View File

@ -1,7 +1,7 @@
<?php
register_module([
"name" => "Page Comments",
"version" => "0.3.2",
"version" => "0.3.3",
"author" => "Starbeamrainbowlabs",
"description" => "Adds threaded comments to the bottom of every page.",
"id" => "feature-comments",
@ -67,7 +67,7 @@ register_module([
if(!file_exists($comment_filename)) {
if(file_put_contents($comment_filename, "[]\n") === false) {
http_response_code(503);
exit(page_renderer::renderer_main("Error posting comment - $settings->sitename", "<p>$settings->sitename ran into a problem whilst creating a file to save your comment to! Please contact <a href='mailto:" . hide_email($settings->admindetails_email) . "'>$settings->admindetails_name</a>, $settings->sitename's administrator and tell them about this problem.</p>"));
exit(page_renderer::renderer_main("Error posting comment - $settings->sitename", "<p>$settings->sitename ran into a problem whilst creating a file to save your comment to! Please contact " . hide_email($settings->admindetails_email, $settings->admindetails_name) . ", $settings->sitename's administrator and tell them about this problem.</p>"));
}
}
@ -120,7 +120,7 @@ register_module([
// Save the comments back to disk
if(file_put_contents($comment_filename, json_encode($comment_data, JSON_PRETTY_PRINT)) === false) {
http_response_code(503);
exit(page_renderer::renderer_main("Error posting comment - $settings->sitename", "<p>$settings->sitename ran into a problem whilst saving your comment to disk! Please contact <a href='mailto:" . hide_email($settings->admindetails_email) . "'>$settings->admindetails_name</a>, $settings->sitename's administrator and tell them about this problem.</p>"));
exit(page_renderer::renderer_main("Error posting comment - $settings->sitename", "<p>$settings->sitename ran into a problem whilst saving your comment to disk! Please contact " . hide_email($settings->admindetails_email, $settings->admindetails_name) . ", $settings->sitename's administrator and tell them about this problem.</p>"));
}
// Add a recent change if the recent changes module is installed
@ -198,7 +198,7 @@ register_module([
if(!file_put_contents($comment_filename, json_encode($comments))) {
http_response_code(503);
exit(page_renderer::render_main("Server Error - Deleting Comment - $settings->sitename", "<p>While $settings->sitename was able to delete the comment with the id <code>" . htmlentities($target_id) . "</code> on the page <em>$env->page</em>, it couldn't save the changes back to disk. Please contact <a href='mailto:" . hide_email($settings->admindetails_email) . "'>$settings->admindetails_name</a>, $settings->sitename's local friendly administrator about this issue.</p>"));
exit(page_renderer::render_main("Server Error - Deleting Comment - $settings->sitename", "<p>While $settings->sitename was able to delete the comment with the id <code>" . htmlentities($target_id) . "</code> on the page <em>$env->page</em>, it couldn't save the changes back to disk. Please contact " . hide_email($settings->admindetails_email, $settings->admindetails_name) . ", $settings->sitename's local friendly administrator about this issue.</p>"));
}
exit(page_renderer::render_main("Comment Deleted - $settings->sitename", "<p>The comment with the id <code>" . htmlentities($target_id) . "</code> on the page <em>$env->page</em> has been deleted successfully. <a href='?page=" . rawurlencode($env->page) . "&redirect=no'>Go back</a> to " . htmlentities($env->page) . ".</p>"));

4
modules/feature-stats.php
View File

@ -1,7 +1,7 @@
<?php
register_module([
"name" => "Statistics",
"version" => "0.4.2",
"version" => "0.4.3",
"author" => "Starbeamrainbowlabs",
"description" => "An extensible statistics calculation system. Comes with a range of built-in statistics, but can be extended by other modules too.",
"id" => "feature-stats",
@ -58,7 +58,7 @@ register_module([
switch($stat_calculator["type"]) {
case "page-list":
if(!module_exists("page-list")) {
$content .= "<p>$settings->sitename doesn't current have the page listing module installed, so HTML rendering of this statistic is currently unavailable. Try <a href='mailto:" . hide_email($settings->admindetails_email) . "'>contacting $settings->admindetails_name</a>, $settings->sitename's administrator and asking then to install the <code>page-list</code> module.</p>";
$content .= "<p>$settings->sitename doesn't current have the page listing module installed, so HTML rendering of this statistic is currently unavailable. Try " . hide_email($settings->admindetails_email, "contacting $settings->admindetails_name") . ", $settings->sitename's administrator and asking then to install the <code>page-list</code> module.</p>";
break;
}
$content .= "<p><strong>Count:</strong> " . count($stats->{$_GET["stat"]}->value) . "</p>\n";

4
modules/feature-user-preferences.php
View File

@ -1,7 +1,7 @@
<?php
register_module([
"name" => "User Preferences",
"version" => "0.4",
"version" => "0.4.1",
"author" => "Starbeamrainbowlabs",
"description" => "Adds a user preferences page, letting people do things like change their email address and password.",
"id" => "feature-user-preferences",
@ -135,7 +135,7 @@ register_module([
// Save the user's preferences
if(!save_userdata()) {
http_response_code(503);
exit(page_renderer::render_main("Error Saving Preferences - $settings->sitename", "<p>$settings->sitename had some trouble saving your preferences! Please contact $settings->admindetails_name, $settings->sitename's administrator and tell them about this error if it still occurs in 5 minutes. They can be contacted by email at this address: <a href='mailto:" . hide_email($settings->admindetails_email) . "'>" . hide_email($settings->admindetails_email) . "</a>.</p>"));
exit(page_renderer::render_main("Error Saving Preferences - $settings->sitename", "<p>$settings->sitename had some trouble saving your preferences! Please contact $settings->admindetails_name, $settings->sitename's administrator and tell them about this error if it still occurs in 5 minutes. They can be contacted by email at this address: ".hide_email($settings->admindetails_email).".</p>"));
}
exit(page_renderer::render_main("Preferences Saved Successfully - $settings->sitename", "<p>Your preferences have been saved successfully! You could go back your <a href='?action=user-preferences'>preferences page</a>, or on to the <a href='?page=" . rawurlencode($settings->defaultpage) . "'>$settings->defaultpage</a>.</p>

10
modules/page-export.php
View File

@ -1,7 +1,7 @@
<?php
register_module([
"name" => "Export",
"version" => "0.5",
"version" => "0.5.1",
"author" => "Starbeamrainbowlabs",
"description" => "Adds a page that you can use to export your wiki as a .zip file. Uses \$settings->export_only_allow_admins, which controls whether only admins are allowed to export the wiki.",
"id" => "page-export",
@ -40,8 +40,7 @@ register_module([
$zip = new ZipArchive();
if($zip->open($tmpfilename, ZipArchive::CREATE) !== true)
{
if($zip->open($tmpfilename, ZipArchive::CREATE) !== true) {
http_response_code(507);
exit(page_renderer::render("Export error - $settings->sitename", "Pepperminty Wiki was unable to open a temporary file to store the exported data in. Please contact $settings->sitename's administrator (" . $settings->admindetails_name . " at " . hide_email($settings->admindetails_email) . ") for assistance."));
}
@ -52,10 +51,9 @@ register_module([
$zip->addFile($entry->uploadedfilepath);
}
if($zip->close() !== true)
{
if($zip->close() !== true) {
http_response_code(500);
exit(page_renderer::render("Export error - $settings->sitename", "Pepperminty wiki was unable to close the temporary zip file after creating it. Please contact $settings->sitename's administrator (" . $settings->admindetails_name . " at " . hide_email($settings->admindetails_email) . ") for assistance."));
exit(page_renderer::render("Export error - $settings->sitename", "Pepperminty wiki was unable to close the temporary zip file after creating it. Please contact $settings->sitename's administrator (" . $settings->admindetails_name . " at " . hide_email($settings->admindetails_email) . ") for assistance (this might be a bug)."));
}
header("content-type: application/zip");

4
modules/page-login.php
View File

@ -1,7 +1,7 @@
<?php
register_module([
"name" => "Login",
"version" => "0.9.5",
"version" => "0.9.6",
"author" => "Starbeamrainbowlabs",
"description" => "Adds a pair of actions (login and checklogin) that allow users to login. You need this one if you want your users to be able to login.",
"id" => "page-login",
@ -182,7 +182,7 @@ register_module([
// Register a section on logging in on the help page.
add_help_section("30-login", "Logging in", "<p>In order to edit $settings->sitename and have your edit attributed to you, you need to be logged in. Depending on the settings, logging in may be a required step if you want to edit at all. Thankfully, loggging in is not hard. Simply click the &quot;Login&quot; link in the top left, type your username and password, and then click login.</p>
<p>If you do not have an account yet and would like one, try contacting <a href='mailto:" . hide_email($settings->admindetails_email) . "'>$settings->admindetails_name</a>, $settings->sitename's administrator and ask them nicely to see if they can create you an account.</p>");
<p>If you do not have an account yet and would like one, try contacting " . hide_email($settings->admindetails_email, $settings->admindetails_name) . ", $settings->sitename's administrator and ask them nicely to see if they can create you an account.</p>");
// Re-check the password hashing cost, if necessary
do_password_hash_code_update();