From 93bff0942227787f8730545989de9e60915be3a5 Mon Sep 17 00:00:00 2001 From: Starbeamrainbowlabs Date: Sun, 9 Aug 2020 23:53:29 +0100 Subject: [PATCH] Update hide_email implementation It now requires Javascript to decode the email address. If this is a problem for whatever reason, please get in touch by opening an issue. I take accessibility very seriously. --- core/05-functions.php | 38 ++++++++++++++-------------- core/40-page-renderer.php | 3 +-- core/70-parser-engine.php | 2 +- modules/feature-comments.php | 8 +++--- modules/feature-stats.php | 4 +-- modules/feature-user-preferences.php | 4 +-- modules/page-export.php | 10 +++----- modules/page-login.php | 4 +-- 8 files changed, 35 insertions(+), 38 deletions(-) diff --git a/core/05-functions.php b/core/05-functions.php index 429995a..dbf8b74 100644 --- a/core/05-functions.php +++ b/core/05-functions.php @@ -295,30 +295,30 @@ function makepathsafe($string) } /** - * Hides an email address from bots by adding random html entities. - * @todo Make this more clevererer :D + * Hides an email address from bots. Returns a fragment of HTML that contains the mangled email address. * @package core - * @param string $str The original email address - * @return string The mangled email address. + * @param string $str The original email address + * @param string $display_text The display text for the resulting HTML - if null then the original email address is used. + * @return string The mangled email address. */ -function hide_email($str) +function hide_email(string $email, string $display_text = null) : string { - $hidden_email = ""; - for($i = 0; $i < strlen($str); $i++) - { - if($str[$i] == "@") - { - $hidden_email .= "&#" . ord("@") . ";"; - continue; - } - if(rand(0, 1) == 0) - $hidden_email .= $str[$i]; - else - $hidden_email .= "&#" . ord($str[$i]) . ";"; + $enc = json_encode([ $email, $display_text ]); + $len = strlen($enc); + $pool = []; for($i = 0; $i < $len; $i++) $pool[] = $i; + $a = []; $b = []; + for($i = 0; $i < $len; $i++) { + $n = random_int(0, $len - $i - 1); + $j = array_splice($pool, $n, 1)[0]; $b[] = $j; + // echo("chose ".$enc[$j].", index $j, n $n\n"); + $a[] = $enc[$j]; } - - return $hidden_email; + $a = base64_encode(implode("|", $a)); + $b = base64_encode(implode("|", $b)); + $span_id = "he-".crypto_id(16); + return "[protected with javascript]"; } + /** * Checks to see if $haystack starts with $needle. * @package core diff --git a/core/40-page-renderer.php b/core/40-page-renderer.php index 78710cd..ca46eb8 100644 --- a/core/40-page-renderer.php +++ b/core/40-page-renderer.php @@ -128,8 +128,7 @@ class page_renderer if(!is_callable($function)) { http_response_code(500); - $admin_email = hide_email($settings->admindetails_email); - exit(page_renderer::render("$settings->sitename - Module Error", "

$settings->sitename has got a misbehaving module installed that tried to register an invalid HTML handler with the page renderer. Please contact $settings->sitename's administrator {$settings->admindetails_name} at $admin_email.")); + exit(page_renderer::render("$settings->sitename - Module Error", "

$settings->sitename has got a misbehaving module installed that tried to register an invalid HTML handler with the page renderer. Please contact $settings->sitename's administrator {$settings->admindetails_name} at ".hide_email($settings->admindetails_email).".")); } self::$part_processors[] = $function; diff --git a/core/70-parser-engine.php b/core/70-parser-engine.php index 9d003cb..293f867 100644 --- a/core/70-parser-engine.php +++ b/core/70-parser-engine.php @@ -45,7 +45,7 @@ function parse_page_source($source, $untrusted = false, $use_cache = true) { if(!$settings->parser_cache || strlen($source) < $settings->parser_cache_min_size) $use_cache = false; if(!isset($parsers[$settings->parser])) - exit(page_renderer::render_main("Parsing error - $settings->sitename", "

Parsing some page source data failed. This is most likely because $settings->sitename has the parser setting set incorrectly. Please contact " . $settings->admindetails_name . ", your $settings->sitename Administrator.")); + exit(page_renderer::render_main("Parsing error - $settings->sitename", "

Parsing some page source data failed. This is most likely because $settings->sitename has the parser setting set incorrectly. Please contact " . hide_email($settings->admindetails_email, $settings->admindetails_name) . ", $settings->sitename's Administrator.")); /* Not needed atm because escaping happens when saving, not when rendering * if($settings->clean_raw_html) diff --git a/modules/feature-comments.php b/modules/feature-comments.php index d89af84..4640848 100644 --- a/modules/feature-comments.php +++ b/modules/feature-comments.php @@ -1,7 +1,7 @@ "Page Comments", - "version" => "0.3.2", + "version" => "0.3.3", "author" => "Starbeamrainbowlabs", "description" => "Adds threaded comments to the bottom of every page.", "id" => "feature-comments", @@ -67,7 +67,7 @@ register_module([ if(!file_exists($comment_filename)) { if(file_put_contents($comment_filename, "[]\n") === false) { http_response_code(503); - exit(page_renderer::renderer_main("Error posting comment - $settings->sitename", "

$settings->sitename ran into a problem whilst creating a file to save your comment to! Please contact $settings->admindetails_name, $settings->sitename's administrator and tell them about this problem.

")); + exit(page_renderer::renderer_main("Error posting comment - $settings->sitename", "

$settings->sitename ran into a problem whilst creating a file to save your comment to! Please contact " . hide_email($settings->admindetails_email, $settings->admindetails_name) . ", $settings->sitename's administrator and tell them about this problem.

")); } } @@ -120,7 +120,7 @@ register_module([ // Save the comments back to disk if(file_put_contents($comment_filename, json_encode($comment_data, JSON_PRETTY_PRINT)) === false) { http_response_code(503); - exit(page_renderer::renderer_main("Error posting comment - $settings->sitename", "

$settings->sitename ran into a problem whilst saving your comment to disk! Please contact $settings->admindetails_name, $settings->sitename's administrator and tell them about this problem.

")); + exit(page_renderer::renderer_main("Error posting comment - $settings->sitename", "

$settings->sitename ran into a problem whilst saving your comment to disk! Please contact " . hide_email($settings->admindetails_email, $settings->admindetails_name) . ", $settings->sitename's administrator and tell them about this problem.

")); } // Add a recent change if the recent changes module is installed @@ -198,7 +198,7 @@ register_module([ if(!file_put_contents($comment_filename, json_encode($comments))) { http_response_code(503); - exit(page_renderer::render_main("Server Error - Deleting Comment - $settings->sitename", "

While $settings->sitename was able to delete the comment with the id " . htmlentities($target_id) . " on the page $env->page, it couldn't save the changes back to disk. Please contact $settings->admindetails_name, $settings->sitename's local friendly administrator about this issue.

")); + exit(page_renderer::render_main("Server Error - Deleting Comment - $settings->sitename", "

While $settings->sitename was able to delete the comment with the id " . htmlentities($target_id) . " on the page $env->page, it couldn't save the changes back to disk. Please contact " . hide_email($settings->admindetails_email, $settings->admindetails_name) . ", $settings->sitename's local friendly administrator about this issue.

")); } exit(page_renderer::render_main("Comment Deleted - $settings->sitename", "

The comment with the id " . htmlentities($target_id) . " on the page $env->page has been deleted successfully. Go back to " . htmlentities($env->page) . ".

")); diff --git a/modules/feature-stats.php b/modules/feature-stats.php index c0f74af..8490f89 100644 --- a/modules/feature-stats.php +++ b/modules/feature-stats.php @@ -1,7 +1,7 @@ "Statistics", - "version" => "0.4.2", + "version" => "0.4.3", "author" => "Starbeamrainbowlabs", "description" => "An extensible statistics calculation system. Comes with a range of built-in statistics, but can be extended by other modules too.", "id" => "feature-stats", @@ -58,7 +58,7 @@ register_module([ switch($stat_calculator["type"]) { case "page-list": if(!module_exists("page-list")) { - $content .= "

$settings->sitename doesn't current have the page listing module installed, so HTML rendering of this statistic is currently unavailable. Try contacting $settings->admindetails_name, $settings->sitename's administrator and asking then to install the page-list module.

"; + $content .= "

$settings->sitename doesn't current have the page listing module installed, so HTML rendering of this statistic is currently unavailable. Try " . hide_email($settings->admindetails_email, "contacting $settings->admindetails_name") . ", $settings->sitename's administrator and asking then to install the page-list module.

"; break; } $content .= "

Count: " . count($stats->{$_GET["stat"]}->value) . "

\n"; diff --git a/modules/feature-user-preferences.php b/modules/feature-user-preferences.php index f122536..1124a79 100644 --- a/modules/feature-user-preferences.php +++ b/modules/feature-user-preferences.php @@ -1,7 +1,7 @@ "User Preferences", - "version" => "0.4", + "version" => "0.4.1", "author" => "Starbeamrainbowlabs", "description" => "Adds a user preferences page, letting people do things like change their email address and password.", "id" => "feature-user-preferences", @@ -135,7 +135,7 @@ register_module([ // Save the user's preferences if(!save_userdata()) { http_response_code(503); - exit(page_renderer::render_main("Error Saving Preferences - $settings->sitename", "

$settings->sitename had some trouble saving your preferences! Please contact $settings->admindetails_name, $settings->sitename's administrator and tell them about this error if it still occurs in 5 minutes. They can be contacted by email at this address: " . hide_email($settings->admindetails_email) . ".

")); + exit(page_renderer::render_main("Error Saving Preferences - $settings->sitename", "

$settings->sitename had some trouble saving your preferences! Please contact $settings->admindetails_name, $settings->sitename's administrator and tell them about this error if it still occurs in 5 minutes. They can be contacted by email at this address: ".hide_email($settings->admindetails_email).".

")); } exit(page_renderer::render_main("Preferences Saved Successfully - $settings->sitename", "

Your preferences have been saved successfully! You could go back your preferences page, or on to the $settings->defaultpage.

diff --git a/modules/page-export.php b/modules/page-export.php index b319932..ff05083 100644 --- a/modules/page-export.php +++ b/modules/page-export.php @@ -1,7 +1,7 @@ "Export", - "version" => "0.5", + "version" => "0.5.1", "author" => "Starbeamrainbowlabs", "description" => "Adds a page that you can use to export your wiki as a .zip file. Uses \$settings->export_only_allow_admins, which controls whether only admins are allowed to export the wiki.", "id" => "page-export", @@ -40,8 +40,7 @@ register_module([ $zip = new ZipArchive(); - if($zip->open($tmpfilename, ZipArchive::CREATE) !== true) - { + if($zip->open($tmpfilename, ZipArchive::CREATE) !== true) { http_response_code(507); exit(page_renderer::render("Export error - $settings->sitename", "Pepperminty Wiki was unable to open a temporary file to store the exported data in. Please contact $settings->sitename's administrator (" . $settings->admindetails_name . " at " . hide_email($settings->admindetails_email) . ") for assistance.")); } @@ -52,10 +51,9 @@ register_module([ $zip->addFile($entry->uploadedfilepath); } - if($zip->close() !== true) - { + if($zip->close() !== true) { http_response_code(500); - exit(page_renderer::render("Export error - $settings->sitename", "Pepperminty wiki was unable to close the temporary zip file after creating it. Please contact $settings->sitename's administrator (" . $settings->admindetails_name . " at " . hide_email($settings->admindetails_email) . ") for assistance.")); + exit(page_renderer::render("Export error - $settings->sitename", "Pepperminty wiki was unable to close the temporary zip file after creating it. Please contact $settings->sitename's administrator (" . $settings->admindetails_name . " at " . hide_email($settings->admindetails_email) . ") for assistance (this might be a bug).")); } header("content-type: application/zip"); diff --git a/modules/page-login.php b/modules/page-login.php index 0bc7ac2..927db60 100644 --- a/modules/page-login.php +++ b/modules/page-login.php @@ -1,7 +1,7 @@ "Login", - "version" => "0.9.5", + "version" => "0.9.6", "author" => "Starbeamrainbowlabs", "description" => "Adds a pair of actions (login and checklogin) that allow users to login. You need this one if you want your users to be able to login.", "id" => "page-login", @@ -182,7 +182,7 @@ register_module([ // Register a section on logging in on the help page. add_help_section("30-login", "Logging in", "

In order to edit $settings->sitename and have your edit attributed to you, you need to be logged in. Depending on the settings, logging in may be a required step if you want to edit at all. Thankfully, loggging in is not hard. Simply click the "Login" link in the top left, type your username and password, and then click login.

-

If you do not have an account yet and would like one, try contacting $settings->admindetails_name, $settings->sitename's administrator and ask them nicely to see if they can create you an account.

"); +

If you do not have an account yet and would like one, try contacting " . hide_email($settings->admindetails_email, $settings->admindetails_name) . ", $settings->sitename's administrator and ask them nicely to see if they can create you an account.

"); // Re-check the password hashing cost, if necessary do_password_hash_code_update();