e-mail address obfuscation

[monnerat]

Hi forum,
Is there a way in Contenido to automatically obfuscate e-mail addresses, either by having them displayed as "someone [at] somewhere [dot] com" or rebuilding the clear form and clickable link in Javascript if enabled ?

I'm looking for something as http://drupal.org/project/spamspan, but for Contenido
I'm not skilled enough to develop this plugin myself.

Thanks in advance for (english) replies.
Regards,
Patrick

[Oldperl]

Hello Patrick,

Is there a way in Contenido to automatically obfuscate e-mail addresses, either by having them displayed as "someone [at] somewhere [dot] com" or rebuilding the clear form and clickable link in Javascript if enabled ?

No, Contenido itself has nothing like that. I remember a discussion about a module/plugin doing stuff like that, but i can't tell you if somebody did the job.

Regards

Ortwin

[monnerat]

Hi Ortwin,

Shame ! Thanks anyway for your reply.

If someone recognize its own work in my description, please send me a link: I really need it !
Thank you.

Best,
Patrick

[xmurrix]

Hi monnerat,

there is a plugin, which obfuscates all found mailto links

Code: Alles auswählen

e. g. <a href="mailto:user@example.com">drop me some lines</a>

to URLs like

Code: Alles auswählen

<a href="/mail/to/7uDexaXI6sbhu9Hem9zC0g%3D%3D">drop me some lines</a>

• The obfuscation (encryption) ist done by PHP during response output, this means on the fly
• It requires Apaches mod_rewrite module to rewrite incomming obfuscated /mail/to/* URLs to a server side script
• The server side script decrypts and outputs the email address, the response is this like "mailto:user@example.com", which will open a new mail window by using the installed email client

But there are some restrictions:

• Existing email addressses as a plain text are skipped from obfuscation, it works only with matching strings like "mailto:mail@address.tld"

  Code: Alles auswählen

  e. g. <a href="mailto:user@example.com">user@example.com</a>

  will result in something like

  Code: Alles auswählen

  <a href="/mail/to/7uDexaXI6sbhu9Hem9zC0g%3D%3D">user@example.com</a>

• User without a email client could be confused after clicking to the obfuscated URL, they will see "mailto:user@example.com" as a plain text.
• The plugin was more experimental, it was never used in a production environment. But it should work as accepted...

Let me know, if you want to give it a try...

Regards
xmurrix

[monnerat]

Hi xmurrix,

there is a plugin, which obfuscates all found mailto links

Sounds really interesting...

The server side script decrypts and outputs the email address, the response is this like "mailto:user@example.com", which will open a new mail window by using the installed email client

So an harvester following links will get the clear e-mail address anyway, won't it ? What is the content-type of the server side script output ? text/html ? application/x-???

In any case, I'll try this module with great pleasure. Thanks in advance.

Patrick

[xmurrix]

...So an harvester following links will get the clear e-mail address anyway, won't it ?...

Yes, that's the disadvantage of this way. Any client, who follows the obfuscated link will get the blank email address. I added a js mode to the obfuscation which outputs the email address by using JavaScript, this will make it a little bit harder for harvester

...What is the content-type of the server side script output ? text/html ? application/x-???...

The content-type will be in usually "text/html", but you can change this easily in the output script (mailto.php).

I attached the plugin to this reply.

Regards
xmurrix

[monnerat]

Thanks xmurrix, this is great and helped me a lot.

Since I do not like very much the idea of a link to a clear e-mail, I've succeeded in merging your plugin and the drupal one to build the contenido-spamspan plugin. Please find it in attachment: I hope it can be of any help for the members of the community.

Since I do not have any idea about contenido architecture (hard to find english litterature), I cannot easily plunge into API description for design: in this context, the code of your plugin was a very high-valued help for my design.

Many thanks again.
Cheers,
Patrick

[xmurrix]

Great job and thanks a lot for sharing this plug-in, it will make a lot of community members happy

Regards
xmurrix

[v-maverick]

Hi,

Great plugin!!

A small problem that occurs is when an email appears many times on the same site. Contenido generates ist as a meta keyword and the plugin works also inside of the <head>-tag.

Can someone pease help me to fix that?

Regards
V.

[derSteffen]

Hallo Community, hallo v-maverick,

hast Du eine Lösung gefunden, wie man bestimmte Bereiche ausschließen kann, wo das Plugin nicht greifen soll?
Das mit dem Head ist ja so eine Sache, aber iel schlimmer ist es in INPUT-Feldern (hidden). Ich habe nämlich ein Formular mit Captcha, wird diese falsch eingegeben,landet man auf einer neune Seite und muss nur den Code erneut eingeben, da alle anderen Daten in hidden-input-Feldern hinterlegt sind. Dummerweise auch die eingegebene Email-Adresse welche nun total umgewandelt wird.

Vielen Dank

MfG Steffen

[xmurrix]

...hast Du eine Lösung gefunden, wie man bestimmte Bereiche ausschließen kann, wo das Plugin nicht greifen soll?...

Wenn du das spamspan Plugin meinst, dann kannst du in der config.plugin.php folgendes machen:

Vor der Zeile 236 folgenden Code einfügen

Code: Alles auswählen

// check if email addresses in current article shouldn't be protected by spamspan
if ($cfg['spamspan']['enable']) {
    $excludeIdarts = getEffectiveSetting('pi_spamspan', 'excludeidarts', false);
    if ($excludeIdarts && strlen($excludeIdarts) > 0) {
        $excludeIdarts = preg_replace("/[^0-9,]/", '', $excludeIdarts);
        $excludeIdarts = explode(',', $excludeIdarts);
        if (in_array($idart, $excludeIdarts)) {
            $cfg['spamspan']['enable'] = false;
        }
    }
}

// check if email addresses in current category shouldn't be protected by spamspan
if ($cfg['spamspan']['enable']) {
    $excludeIdcats = getEffectiveSetting('pi_spamspan', 'excludeidcats', false);
    if ($excludeIdcats && strlen($excludeIdcats) > 0) {
        $excludeIdcats = preg_replace("/[^0-9,]/", '', $excludeIdcats);
        $excludeIdcats = explode(',', $excludeIdcats);
        if (in_array($idcat, $excludeIdcats)) {
            $cfg['spamspan']['enable'] = false;
        }
    }
}

Dann lässt sich das Plugin für bestimmte Artikel oder Kategorien abschalten, z. B. über die Eingabe einer Mandanteneinstellung im Backend

Code: Alles auswählen

pi_spamspan    excludeidarts    2,4,10
pi_spamspan    excludeidcats    12,3,22

Gruß
xmurrix

[derSteffen]

GROßARTIG.

vielen, vielen Dank xmurrix.

ES folgt eine falsche Aussage (aber für Verlauf drin gelassen):
Wie ich mitbekommen habe, reicht es aber nicht den Code nur vor der besagten Zeile inzufügen, man muss folgenden Code dann auch entfernen (also der Code nach Zeile 236 bis auf das abschließende ?>:

Code: Alles auswählen

if ($cfg['spamspan']['enable']) {

	//	Get CEC registry instance.

	$_cecRegistry = cApiCECRegistry::getInstance();

	//	Add a function to Contenido Extension Chainer.

	$_cecRegistry->addChainFunction('Contenido.Frontend.HTMLCodeOutput',
		'spamspan_chainHTMLCodeOutput');
	}

MfG Steffen

[xmurrix]

...Wie ich mitbekommen habe, reicht es aber nicht den Code nur vor der besagten Zeile inzufügen, man muss folgenden Code dann auch entfernen (also der Code nach Zeile 236 bis auf das abschließende ?>

Der Code ab Zeile 236 sollte nicht entfernt werden, denn ansonsten wird es ja nicht ausgeführt. Ich habe das so verstanden, dass du das Plugin für manche Artikel und/oder Kategorien deaktivieren willst.
Das Plugin ist standardmäßig aktiv (Zeile 22). Hier kannst du es ganz aktivieren oder deaktivieren.
Dann gibt es eine neue Funktion spamspan_skipProtection(), diese prüft, ob das Plugin explizit für den aktuellen Artikel oder für die aktuelle Kategorie abgeschaltet werden soll.

Hier ist nochmal der gesamte Code der "config.plugin.php", etwas angepasst:

Code: Alles auswählen

<?php
//
//	Contenido spamspan plugin with usage of Contenido Extension Chainer.
//
//	Copyright (C) 2011 DATASPHERE S.A.
//
//	This program is distributed under the terms of the GNU General Public
//	Licence version 2, available at http://www.gnu.org/licenses/gpl.txt.
//
//    2013-01-23  Murat Purc <murat@purc.de>, added feature to skip email protection for specific articles/categories
//                Uses following settings to check if protection should skipped for current article/category
//                - pi_spamspan    excludeidarts    2,4,10
//                - pi_spamspan    excludeidcats    12,3,22

if (!defined('CON_FRAMEWORK'))
	die('Illegal call');

//	Configuration.

global $cfg;

//	(bool)		Flag to enable/disable this plug-in.
//			If false, the plug-in does nothing.

$cfg['spamspan']['enable'] = true;

//	(bool)		Enable/disable inlining of Javascript.

$cfg['spamspan']['js_inline'] = true;

//	(string)	Location of the Javascript.
//			This is a file name in inlining is enabled, else an URL.

$cfg['spamspan']['js_location'] = __DIR__ . '/spamspan.js';


define('SPAMSPAN_EMAIL',
	"([-\.\~\'\!\#\\$\%\&\+\/\*\=\?\^\_\`\{\|\}\w\+^@]+)" . // Group 1 -
			//  Match the name part - dash, dot or special
			//  characters.
	"@" .		// @
	"((?:" .	// Group 2
	"[-\w]+\." .	// One or more letters or dashes followed by a dot.
	")+" .		// The whole thing one or more times
	"[A-Z]{2,6}" .	// With between two and six letters at the end (NB
			// .museum)
	")");

define('SPAMSPAN_MAILTO', "<a" .		// Opening <a and spaces
	"(?:(?:\s+\w+\s*=\s*)(?:\w+|\"[^\"]*\"|'[^']*'))*?" . // Any attributes
	"\s+" .					// whitespace
	"href\s*=\s*(['\"])(mailto:" .		// The href attribute
	SPAMSPAN_EMAIL .			// The e-mail address
	"(?:\?[A-Za-z0-9_= %\.\-\~\_\&\+]*)?)" . // An optional ? followed by a
						//  query string. NB we allow
						//  spaces here, even though
						//  strictly they should be URL
						//  encoded
	"\\1" .					// The relevant quote character
	"(?:(?:\s+\w+\s*=\s*)(?:\w+|\"[^\"]*\"|'[^']*'))*?" . // Any more
						//  attributes
	">" .					// End of the first tag
	"(.*?)" .				// Tag contents. NB this will
						//  not work properly if there
						//  is a nested <a>, but this
						//  is not valid xhtml anyway.
	"</a>");


function _spamspan_output($name, $domain, $contents, $subject, $body, $headers)

{
	//	Replace .'s in the address with [dot].

	$user_name = str_replace(".", " [dot] ", $name);
	$domain = str_replace(".", " [dot] ", $domain);
	$output = '<span class="spamspan"><span class="u">' .
	    htmlentities($user_name) . '</span> [at] <span class="d">' .
	    htmlentities($domain) . '</span>';

	if (!empty($contents))
		$contents = trim($contents);

	if (empty($contents) || preg_match('!' . SPAMSPAN_EMAIL . '$!ix',
	    $contents))
		$contents = NULL;

	$delim = ' (';

	if (!empty($contents)) {
		$output .= $delim . '<span class="t">' .
		    htmlentities($contents) . '</span>';
		$delim = ', ';
		}

	if (!empty($subject)) {
		$output .= $delim . 'subject: <span class="subject">' .
		    htmlentities($subject) . '</span>';
		$delim = ', ';
		}

	if (!empty($body)) {
		$output .= $delim . 'body: <span class="subject">' .
		    htmlentities($subject) . '</span>';
		$delim = ', ';
		}

	if (count($headers)) {
		foreach ($headers as $i => $h)
			$headers[$i] = urldecode(str_replace('=', ': ', $h));

		$output .= $delim . '<span class="h">' .
		    htmlentities(implode(', ', $headers)) . '</span>';
		$delim = ', ';
		}

	if ($delim == ', ')
		$output .= ')';

	$output .= '</span>';
	return $output;
}


function _spamspan_callback_dexss($matches)

{
	switch (strtolower($matches[1])) {

	case 'b':
	case 'cite':
	case 'code':
	case 'em':
	case 'i':
	case 'img':
	case 'span':
	case 'strong':
		return $match[1];
		}

	return '';
}

function _spamspan_callback_mailto($matches)

{
	$headers = preg_split('/[&;]/',
	    parse_url(html_entity_decode($matches[2]), PHP_URL_QUERY));

	if ($headers[0] == '')
		$headers = array();

	//	Extract subject and body.

	$subject = NULL;
	$body = NULL;
	$flds = array();

	foreach ($headers as $i => $h)
		if (preg_match('/^(\w+)=(.*)$/i', $h, $flds))
			switch (strtolower(urldecode($flds[1]))) {

			case 'subject':
				$subject = urldecode($flds[2]);
				unset($headers[$i]);
				break;

			case 'body':
				$body = urldecode($flds[2]);
				unset($headers[$i]);
				break;

			default:
				$headers[$i] = urldecode($h);
				break;
				}

	//	Be sure we only have allowed tags in comment.

	$comments = preg_replace('!<[^<>]*(<|$)!i', '$1', $matches[5]);
	$comments = preg_replace_callback('!<(\w+)[^>]*>!i',
	    '_spamspan_callback_dexss', $comments);
	return _spamspan_output(urldecode($matches[3]), urldecode($matches[4]),
	    $comments, $subject, $body, $headers);
}


function _spamspan_callback_email($matches)

{
	return _spamspan_output(html_entity_decode($matches[1]),
	    html_entity_decode($matches[2]), NULL, NULL, NULL, array());
}


function spamspan_chainHTMLCodeOutput($code)

{
	global $cfg;

	if (trim($code) == '')
		return $code;	// Do not process empty values.

    if (spamspan_skipProtection())
		return $code;	// Do not process value for current article/caegory.
    
	$value = preg_replace_callback('!' . SPAMSPAN_MAILTO . '!ix', 
	    '_spamspan_callback_mailto', $code);
	$value = preg_replace_callback('!' . SPAMSPAN_EMAIL . '!ix', 
	    '_spamspan_callback_email', $value);

	if ($value != $code) {
		//	Include the Javascript spamspan script.

		$js = '<script type="text/javascript"';

		if (!$cfg['spamspan']['js_inline'])
			$js .= ' src="' .
			    htmlentities($cfg['spamspan']['js_location']) .
			    '">';
		else
			$js .= "><!--\n" .
			    file_get_contents($cfg['spamspan']['js_location']) .
			    "\n-->";

		$js .= '</script>';
		$i = stripos($value, '</head>');

		if ($i === FALSE) {
			$js = "<head>$js</head>";
			$i = stripos($value, '<body');
			}

		if ($i !== FALSE)
			$value = substr_replace($value, $js, $i, 0);
		}

	return $value;
}


function spamspan_skipProtection()

{
    global $cfg, $idart, $idcat;

    // check if email addresses in current article shouldn't be protected by spamspan
    $excludeIdarts = getEffectiveSetting('pi_spamspan', 'excludeidarts', false);
    if ($excludeIdarts && strlen($excludeIdarts) > 0) {
        $excludeIdarts = preg_replace("/[^0-9,]/", '', $excludeIdarts);
        $excludeIdarts = explode(',', $excludeIdarts);
        if (in_array($idart, $excludeIdarts)) {
            return true;
        }
    }

    // check if email addresses in current category shouldn't be protected by spamspan
    $excludeIdcats = getEffectiveSetting('pi_spamspan', 'excludeidcats', false);
    if ($excludeIdcats && strlen($excludeIdcats) > 0) {
        $excludeIdcats = preg_replace("/[^0-9,]/", '', $excludeIdcats);
        $excludeIdcats = explode(',', $excludeIdcats);
        if (in_array($idcat, $excludeIdcats)) {
            return true;
        }
    }
    
    return false;
}


if ($cfg['spamspan']['enable']) {

	//	Get CEC registry instance.

	$_cecRegistry = cApiCECRegistry::getInstance();

	//	Add a function to Contenido Extension Chainer.

	$_cecRegistry->addChainFunction('Contenido.Frontend.HTMLCodeOutput',
		'spamspan_chainHTMLCodeOutput');
	}
?>

[v-maverick]

Ein Problem bleibt jedoch wegen der Keywords-Generierung. Auf einer Seite wo im Text öfters die gleiche Mail-Adresse genannt wird, wird auch fälschlicherweise daraus ein Keyword gemacht und im <head> hinzugefügt. Dies hat unschöne Nebeneffekte. Dafür habe ich noch keine Lösung finden können.

[derSteffen]

Hallo xmurrix,

danke für den Hinweis. Das hat vorhin bei mir erst funktioniert als ich die besagten Zeilen entfernt habe. Es wurde auf anderen Seiten die Email-Adressen angepasst und auf den auszuschließenden Seiten wurde sie nicht angepasst. Wie gewünscht.

Jetzt habe ich die Zeilen wieder reingenommen und mit Deiner Anpassungen aktualisiert und jetzt klappt es alles wie gewünscht.

Ein Frage: Soll das global $cfg, $idart, $iscat; wirklich $iscat oder $idcat heißen?

Vielen Dank für die Wnapssung.

MfG Steffen