1
0
Fork 0
mirror of https://github.com/sbrl/Pepperminty-Wiki.git synced 2024-11-25 05:22:59 +00:00

Update hide_email implementation

It now requires Javascript to decode the email address. If this is a 
problem for whatever reason, please get in touch by opening an issue. I 
take accessibility very seriously.
This commit is contained in:
Starbeamrainbowlabs 2020-08-09 23:53:29 +01:00
parent 272fdea0ee
commit 93bff09422
Signed by: sbrl
GPG key ID: 1BE5172E637709C2
8 changed files with 35 additions and 38 deletions

View file

@ -295,30 +295,30 @@ function makepathsafe($string)
} }
/** /**
* Hides an email address from bots by adding random html entities. * Hides an email address from bots. Returns a fragment of HTML that contains the mangled email address.
* @todo Make this more clevererer :D
* @package core * @package core
* @param string $str The original email address * @param string $str The original email address
* @return string The mangled email address. * @param string $display_text The display text for the resulting HTML - if null then the original email address is used.
* @return string The mangled email address.
*/ */
function hide_email($str) function hide_email(string $email, string $display_text = null) : string
{ {
$hidden_email = ""; $enc = json_encode([ $email, $display_text ]);
for($i = 0; $i < strlen($str); $i++) $len = strlen($enc);
{ $pool = []; for($i = 0; $i < $len; $i++) $pool[] = $i;
if($str[$i] == "@") $a = []; $b = [];
{ for($i = 0; $i < $len; $i++) {
$hidden_email .= "&#" . ord("@") . ";"; $n = random_int(0, $len - $i - 1);
continue; $j = array_splice($pool, $n, 1)[0]; $b[] = $j;
} // echo("chose ".$enc[$j].", index $j, n $n\n");
if(rand(0, 1) == 0) $a[] = $enc[$j];
$hidden_email .= $str[$i];
else
$hidden_email .= "&#" . ord($str[$i]) . ";";
} }
$a = base64_encode(implode("|", $a));
return $hidden_email; $b = base64_encode(implode("|", $b));
$span_id = "he-".crypto_id(16);
return "<a href='#protected-with-javascript' id='$span_id'>[protected with javascript]</span><script>(() => {let c=\"$a|$b\".split('|').map(atob).map(s=>s.split('|'));let d=[],e=document.getElementById('$span_id');c[1].map((n,i)=>d[parseInt(n)]=c[0][i]);d=JSON.parse(d.join(''));e.textContent=d[1]==null?d[0]:d[1];e.setAttribute('href', 'mailto:'+d[0])})();</script>";
} }
/** /**
* Checks to see if $haystack starts with $needle. * Checks to see if $haystack starts with $needle.
* @package core * @package core

View file

@ -128,8 +128,7 @@ class page_renderer
if(!is_callable($function)) if(!is_callable($function))
{ {
http_response_code(500); http_response_code(500);
$admin_email = hide_email($settings->admindetails_email); exit(page_renderer::render("$settings->sitename - Module Error", "<p>$settings->sitename has got a misbehaving module installed that tried to register an invalid HTML handler with the page renderer. Please contact $settings->sitename's administrator {$settings->admindetails_name} at ".hide_email($settings->admindetails_email)."."));
exit(page_renderer::render("$settings->sitename - Module Error", "<p>$settings->sitename has got a misbehaving module installed that tried to register an invalid HTML handler with the page renderer. Please contact $settings->sitename's administrator {$settings->admindetails_name} at <a href='mailto:$admin_email'>$admin_email</a>."));
} }
self::$part_processors[] = $function; self::$part_processors[] = $function;

View file

@ -45,7 +45,7 @@ function parse_page_source($source, $untrusted = false, $use_cache = true) {
if(!$settings->parser_cache || strlen($source) < $settings->parser_cache_min_size) $use_cache = false; if(!$settings->parser_cache || strlen($source) < $settings->parser_cache_min_size) $use_cache = false;
if(!isset($parsers[$settings->parser])) if(!isset($parsers[$settings->parser]))
exit(page_renderer::render_main("Parsing error - $settings->sitename", "<p>Parsing some page source data failed. This is most likely because $settings->sitename has the parser setting set incorrectly. Please contact <a href='mailto:" . hide_email($settings->admindetails_email) . "'>" . $settings->admindetails_name . "</a>, your $settings->sitename Administrator.")); exit(page_renderer::render_main("Parsing error - $settings->sitename", "<p>Parsing some page source data failed. This is most likely because $settings->sitename has the parser setting set incorrectly. Please contact " . hide_email($settings->admindetails_email, $settings->admindetails_name) . ", $settings->sitename's Administrator."));
/* Not needed atm because escaping happens when saving, not when rendering * /* Not needed atm because escaping happens when saving, not when rendering *
if($settings->clean_raw_html) if($settings->clean_raw_html)

View file

@ -1,7 +1,7 @@
<?php <?php
register_module([ register_module([
"name" => "Page Comments", "name" => "Page Comments",
"version" => "0.3.2", "version" => "0.3.3",
"author" => "Starbeamrainbowlabs", "author" => "Starbeamrainbowlabs",
"description" => "Adds threaded comments to the bottom of every page.", "description" => "Adds threaded comments to the bottom of every page.",
"id" => "feature-comments", "id" => "feature-comments",
@ -67,7 +67,7 @@ register_module([
if(!file_exists($comment_filename)) { if(!file_exists($comment_filename)) {
if(file_put_contents($comment_filename, "[]\n") === false) { if(file_put_contents($comment_filename, "[]\n") === false) {
http_response_code(503); http_response_code(503);
exit(page_renderer::renderer_main("Error posting comment - $settings->sitename", "<p>$settings->sitename ran into a problem whilst creating a file to save your comment to! Please contact <a href='mailto:" . hide_email($settings->admindetails_email) . "'>$settings->admindetails_name</a>, $settings->sitename's administrator and tell them about this problem.</p>")); exit(page_renderer::renderer_main("Error posting comment - $settings->sitename", "<p>$settings->sitename ran into a problem whilst creating a file to save your comment to! Please contact " . hide_email($settings->admindetails_email, $settings->admindetails_name) . ", $settings->sitename's administrator and tell them about this problem.</p>"));
} }
} }
@ -120,7 +120,7 @@ register_module([
// Save the comments back to disk // Save the comments back to disk
if(file_put_contents($comment_filename, json_encode($comment_data, JSON_PRETTY_PRINT)) === false) { if(file_put_contents($comment_filename, json_encode($comment_data, JSON_PRETTY_PRINT)) === false) {
http_response_code(503); http_response_code(503);
exit(page_renderer::renderer_main("Error posting comment - $settings->sitename", "<p>$settings->sitename ran into a problem whilst saving your comment to disk! Please contact <a href='mailto:" . hide_email($settings->admindetails_email) . "'>$settings->admindetails_name</a>, $settings->sitename's administrator and tell them about this problem.</p>")); exit(page_renderer::renderer_main("Error posting comment - $settings->sitename", "<p>$settings->sitename ran into a problem whilst saving your comment to disk! Please contact " . hide_email($settings->admindetails_email, $settings->admindetails_name) . ", $settings->sitename's administrator and tell them about this problem.</p>"));
} }
// Add a recent change if the recent changes module is installed // Add a recent change if the recent changes module is installed
@ -198,7 +198,7 @@ register_module([
if(!file_put_contents($comment_filename, json_encode($comments))) { if(!file_put_contents($comment_filename, json_encode($comments))) {
http_response_code(503); http_response_code(503);
exit(page_renderer::render_main("Server Error - Deleting Comment - $settings->sitename", "<p>While $settings->sitename was able to delete the comment with the id <code>" . htmlentities($target_id) . "</code> on the page <em>$env->page</em>, it couldn't save the changes back to disk. Please contact <a href='mailto:" . hide_email($settings->admindetails_email) . "'>$settings->admindetails_name</a>, $settings->sitename's local friendly administrator about this issue.</p>")); exit(page_renderer::render_main("Server Error - Deleting Comment - $settings->sitename", "<p>While $settings->sitename was able to delete the comment with the id <code>" . htmlentities($target_id) . "</code> on the page <em>$env->page</em>, it couldn't save the changes back to disk. Please contact " . hide_email($settings->admindetails_email, $settings->admindetails_name) . ", $settings->sitename's local friendly administrator about this issue.</p>"));
} }
exit(page_renderer::render_main("Comment Deleted - $settings->sitename", "<p>The comment with the id <code>" . htmlentities($target_id) . "</code> on the page <em>$env->page</em> has been deleted successfully. <a href='?page=" . rawurlencode($env->page) . "&redirect=no'>Go back</a> to " . htmlentities($env->page) . ".</p>")); exit(page_renderer::render_main("Comment Deleted - $settings->sitename", "<p>The comment with the id <code>" . htmlentities($target_id) . "</code> on the page <em>$env->page</em> has been deleted successfully. <a href='?page=" . rawurlencode($env->page) . "&redirect=no'>Go back</a> to " . htmlentities($env->page) . ".</p>"));

View file

@ -1,7 +1,7 @@
<?php <?php
register_module([ register_module([
"name" => "Statistics", "name" => "Statistics",
"version" => "0.4.2", "version" => "0.4.3",
"author" => "Starbeamrainbowlabs", "author" => "Starbeamrainbowlabs",
"description" => "An extensible statistics calculation system. Comes with a range of built-in statistics, but can be extended by other modules too.", "description" => "An extensible statistics calculation system. Comes with a range of built-in statistics, but can be extended by other modules too.",
"id" => "feature-stats", "id" => "feature-stats",
@ -58,7 +58,7 @@ register_module([
switch($stat_calculator["type"]) { switch($stat_calculator["type"]) {
case "page-list": case "page-list":
if(!module_exists("page-list")) { if(!module_exists("page-list")) {
$content .= "<p>$settings->sitename doesn't current have the page listing module installed, so HTML rendering of this statistic is currently unavailable. Try <a href='mailto:" . hide_email($settings->admindetails_email) . "'>contacting $settings->admindetails_name</a>, $settings->sitename's administrator and asking then to install the <code>page-list</code> module.</p>"; $content .= "<p>$settings->sitename doesn't current have the page listing module installed, so HTML rendering of this statistic is currently unavailable. Try " . hide_email($settings->admindetails_email, "contacting $settings->admindetails_name") . ", $settings->sitename's administrator and asking then to install the <code>page-list</code> module.</p>";
break; break;
} }
$content .= "<p><strong>Count:</strong> " . count($stats->{$_GET["stat"]}->value) . "</p>\n"; $content .= "<p><strong>Count:</strong> " . count($stats->{$_GET["stat"]}->value) . "</p>\n";

View file

@ -1,7 +1,7 @@
<?php <?php
register_module([ register_module([
"name" => "User Preferences", "name" => "User Preferences",
"version" => "0.4", "version" => "0.4.1",
"author" => "Starbeamrainbowlabs", "author" => "Starbeamrainbowlabs",
"description" => "Adds a user preferences page, letting people do things like change their email address and password.", "description" => "Adds a user preferences page, letting people do things like change their email address and password.",
"id" => "feature-user-preferences", "id" => "feature-user-preferences",
@ -135,7 +135,7 @@ register_module([
// Save the user's preferences // Save the user's preferences
if(!save_userdata()) { if(!save_userdata()) {
http_response_code(503); http_response_code(503);
exit(page_renderer::render_main("Error Saving Preferences - $settings->sitename", "<p>$settings->sitename had some trouble saving your preferences! Please contact $settings->admindetails_name, $settings->sitename's administrator and tell them about this error if it still occurs in 5 minutes. They can be contacted by email at this address: <a href='mailto:" . hide_email($settings->admindetails_email) . "'>" . hide_email($settings->admindetails_email) . "</a>.</p>")); exit(page_renderer::render_main("Error Saving Preferences - $settings->sitename", "<p>$settings->sitename had some trouble saving your preferences! Please contact $settings->admindetails_name, $settings->sitename's administrator and tell them about this error if it still occurs in 5 minutes. They can be contacted by email at this address: ".hide_email($settings->admindetails_email).".</p>"));
} }
exit(page_renderer::render_main("Preferences Saved Successfully - $settings->sitename", "<p>Your preferences have been saved successfully! You could go back your <a href='?action=user-preferences'>preferences page</a>, or on to the <a href='?page=" . rawurlencode($settings->defaultpage) . "'>$settings->defaultpage</a>.</p> exit(page_renderer::render_main("Preferences Saved Successfully - $settings->sitename", "<p>Your preferences have been saved successfully! You could go back your <a href='?action=user-preferences'>preferences page</a>, or on to the <a href='?page=" . rawurlencode($settings->defaultpage) . "'>$settings->defaultpage</a>.</p>

View file

@ -1,7 +1,7 @@
<?php <?php
register_module([ register_module([
"name" => "Export", "name" => "Export",
"version" => "0.5", "version" => "0.5.1",
"author" => "Starbeamrainbowlabs", "author" => "Starbeamrainbowlabs",
"description" => "Adds a page that you can use to export your wiki as a .zip file. Uses \$settings->export_only_allow_admins, which controls whether only admins are allowed to export the wiki.", "description" => "Adds a page that you can use to export your wiki as a .zip file. Uses \$settings->export_only_allow_admins, which controls whether only admins are allowed to export the wiki.",
"id" => "page-export", "id" => "page-export",
@ -40,8 +40,7 @@ register_module([
$zip = new ZipArchive(); $zip = new ZipArchive();
if($zip->open($tmpfilename, ZipArchive::CREATE) !== true) if($zip->open($tmpfilename, ZipArchive::CREATE) !== true) {
{
http_response_code(507); http_response_code(507);
exit(page_renderer::render("Export error - $settings->sitename", "Pepperminty Wiki was unable to open a temporary file to store the exported data in. Please contact $settings->sitename's administrator (" . $settings->admindetails_name . " at " . hide_email($settings->admindetails_email) . ") for assistance.")); exit(page_renderer::render("Export error - $settings->sitename", "Pepperminty Wiki was unable to open a temporary file to store the exported data in. Please contact $settings->sitename's administrator (" . $settings->admindetails_name . " at " . hide_email($settings->admindetails_email) . ") for assistance."));
} }
@ -52,10 +51,9 @@ register_module([
$zip->addFile($entry->uploadedfilepath); $zip->addFile($entry->uploadedfilepath);
} }
if($zip->close() !== true) if($zip->close() !== true) {
{
http_response_code(500); http_response_code(500);
exit(page_renderer::render("Export error - $settings->sitename", "Pepperminty wiki was unable to close the temporary zip file after creating it. Please contact $settings->sitename's administrator (" . $settings->admindetails_name . " at " . hide_email($settings->admindetails_email) . ") for assistance.")); exit(page_renderer::render("Export error - $settings->sitename", "Pepperminty wiki was unable to close the temporary zip file after creating it. Please contact $settings->sitename's administrator (" . $settings->admindetails_name . " at " . hide_email($settings->admindetails_email) . ") for assistance (this might be a bug)."));
} }
header("content-type: application/zip"); header("content-type: application/zip");

View file

@ -1,7 +1,7 @@
<?php <?php
register_module([ register_module([
"name" => "Login", "name" => "Login",
"version" => "0.9.5", "version" => "0.9.6",
"author" => "Starbeamrainbowlabs", "author" => "Starbeamrainbowlabs",
"description" => "Adds a pair of actions (login and checklogin) that allow users to login. You need this one if you want your users to be able to login.", "description" => "Adds a pair of actions (login and checklogin) that allow users to login. You need this one if you want your users to be able to login.",
"id" => "page-login", "id" => "page-login",
@ -182,7 +182,7 @@ register_module([
// Register a section on logging in on the help page. // Register a section on logging in on the help page.
add_help_section("30-login", "Logging in", "<p>In order to edit $settings->sitename and have your edit attributed to you, you need to be logged in. Depending on the settings, logging in may be a required step if you want to edit at all. Thankfully, loggging in is not hard. Simply click the &quot;Login&quot; link in the top left, type your username and password, and then click login.</p> add_help_section("30-login", "Logging in", "<p>In order to edit $settings->sitename and have your edit attributed to you, you need to be logged in. Depending on the settings, logging in may be a required step if you want to edit at all. Thankfully, loggging in is not hard. Simply click the &quot;Login&quot; link in the top left, type your username and password, and then click login.</p>
<p>If you do not have an account yet and would like one, try contacting <a href='mailto:" . hide_email($settings->admindetails_email) . "'>$settings->admindetails_name</a>, $settings->sitename's administrator and ask them nicely to see if they can create you an account.</p>"); <p>If you do not have an account yet and would like one, try contacting " . hide_email($settings->admindetails_email, $settings->admindetails_name) . ", $settings->sitename's administrator and ask them nicely to see if they can create you an account.</p>");
// Re-check the password hashing cost, if necessary // Re-check the password hashing cost, if necessary
do_password_hash_code_update(); do_password_hash_code_update();