[TYPO3-core] RFC: fix bug #3427 - config.spamProtectEmailAddresses may garble mail link

Franz Holzinger franz at fholzinger.com
Wed Jun 28 16:01:51 CEST 2006 

Hello Martin,

> $Id: class.tslib_content.php,v 1.96.2.38 2006/06/08 16:56:32 masi Exp 

belongs already to the other patch bugs #3397 (submit as image).
Please apply the diff only to this bug fix.

- Franz

> Hi!
>
> Type: bugfix
> Branch: HEAD, TYPO3_4-0
>
> Problem: When you use -3 and -5 for protection then the code will
> shift the mail link characters in such a way that the mail link is
> unusable.
>
> Solution:
>
> Instead of doing a plain shift to the left or right make the shift
> circle within a given character range. The code uses the three main
> areas of ASCII that are used in mail addresses:
>
> 0-9 . , - + / :
> A-Z @
> a-z
>
> The new code accepts also -10 to 10 (instead of -5 to 5).
>
> Masi
>
>------------------------------------------------------------------------
>
>--- class.tslib_content.php	2006-06-28 15:38:11.000000000 +0200
>+++ class.tslib_content-crypt.php	2006-05-25 20:40:49.000000000 +0200
>@@ -27,7 +27,7 @@
> /**
>  * Contains classes for Content Rendering based on TypoScript Template configuration
>  *
>- * $Id: class.tslib_content.php,v 1.96.2.38 2006/06/08 16:56:32 masi Exp $
>+ * $Id: class.tslib_content.php,v 1.96.2.37 2006/05/18 21:45:41 rupertgermann Exp $
>  * Revised for TYPO3 3.6 June/2003 by Kasper Skaarhoj
>  * XHTML compliant
>  *
>@@ -1861,11 +1861,17 @@
> 					case 'submit':
> 						$value=trim($parts[2]);
> 						if ($conf['image.'])	{
>-							$this->data[$this->currentValKey]=$value;
>-							$image=$this->IMAGE($conf['image.']);
>-						} else $image='';
>-						if($image)	{
>-							$fieldCode = str_replace('<img','<input type="image"'.$addParams.' name="'.$confData['fieldname'].'"' ,$image);
>+							$this->data[$this->currentValKey] = $value;
>+							$image = $this->IMG_RESOURCE($conf['image.']);
>+							$params = $conf['image.']['params'] ? ' '.$conf['image.']['params'] : '';
>+							$params .= $this->getAltParam($conf);
>+							$params .= $addParams;
>+						} else {
>+							$image = '';
>+						}
>+						if ($image)	{
>+							$fieldCode=sprintf('<input type="image" name="%s"%s src="%s"%s />',
>+								$confData['fieldname'], $elementIdAttribute, $image, $params);
> 						} else	{
> 							$fieldCode=sprintf('<input type="submit" name="%s"%s value="%s"%s />',
> 								$confData['fieldname'], $elementIdAttribute, t3lib_div::deHSCentities(htmlspecialchars($value)), $addParams);
>@@ -5479,7 +5485,7 @@
> 				if ($GLOBALS['TSFE']->spamProtectEmailAddresses === 'ascii')	{
> 					$mailToUrl = $GLOBALS['TSFE']->encryptEmail($mailToUrl);
> 				} else {
>-					$mailToUrl = "javascript:linkTo_UnCryptMailto('".$GLOBALS['TSFE']->encryptEmail($mailToUrl)."');";
>+					$mailToUrl = "javascript:decryptLink('".$GLOBALS['TSFE']->encryptEmail($mailToUrl)."');";
> 				}
> 				if ($GLOBALS['TSFE']->config['config']['spamProtectEmailAddresses_atSubst']) {
> 					$atLabel = trim($GLOBALS['TSFE']->config['config']['spamProtectEmailAddresses_atSubst']);
>--- class.tslib_pagegen-orig.php	2006-05-22 18:33:18.000000000 +0200
>+++ class.tslib_pagegen.php	2006-05-26 21:10:07.000000000 +0200
>@@ -149,25 +149,43 @@
> 		if ($GLOBALS['TSFE']->config['config']['spamProtectEmailAddresses'] === 'ascii') {
> 			$GLOBALS['TSFE']->spamProtectEmailAddresses = 'ascii';
> 		} else {
>-			$GLOBALS['TSFE']->spamProtectEmailAddresses = t3lib_div::intInRange($GLOBALS['TSFE']->config['config']['spamProtectEmailAddresses'],-5,1,0);
>+			$GLOBALS['TSFE']->spamProtectEmailAddresses = t3lib_div::intInRange($GLOBALS['TSFE']->config['config']['spamProtectEmailAddresses'],-10,10,0);
> 			if ($GLOBALS['TSFE']->spamProtectEmailAddresses)	{
> 				$GLOBALS['TSFE']->additionalJavaScript['UnCryptMailto()']='
>-  // JS function for uncrypting spam-protected emails:
>-function UnCryptMailto(s) {	//
>-	var n=0;
>-	var r="";
>-	for(var i=0; i < s.length; i++) {
>-		n=s.charCodeAt(i);
>-		if (n>=8364) {n = 128;}
>-		r += String.fromCharCode(n-('.$GLOBALS['TSFE']->spamProtectEmailAddresses.'));
>+  // decrypt helper function 
>+function decryptCharcode(n,start,end,offset) {
>+	n = n + offset;
>+	if (offset > 0 && n > end)	{
>+		n = start + (n - end - 1);
>+	} else if (offset < 0 && n < start)	{
>+		n = end - (start - n - 1);
> 	}
>-	return r;
>+	return String.fromCharCode(n);
> }
>-  // JS function for uncrypting spam-protected emails:
>-function linkTo_UnCryptMailto(s)	{	//
>-	location.href=UnCryptMailto(s);
>+  // decrypt helper function 
>+function decryptString(enc) {
>+	var dec = "";
>+	var len = enc.length;
>+	var offset = '.($GLOBALS['TSFE']->spamProtectEmailAddresses*-1).';
>+	for(var i=0; i < len; i++)	{
>+		var n = enc.charCodeAt(i);
>+		if (n >= 0x2B && n <= 0x39)	{
>+			dec += decryptCharcode(n,0x2B,0x3A,offset);	// 0-9 . , - + / :
>+		} else if (n >= 0x40 && n <= 0x5A)	{
>+			dec += decryptCharcode(n,0x40,0x5A,offset);	// A-Z @
>+		} else if (n >= 0x61 && n <= 0x7A)	{
>+			dec += decryptCharcode(n,0x61,0x7A,offset);	// a-z
>+		} else {
>+			dec += enc.charAt(i);
>+		}
>+	}alert(dec);
>+	return dec;
> }
>-		';
>+  // decrypt spam-protected emails
>+function linkTo_UnCryptMailto(s)	{
>+	location.href = decryptString(s);
>+}
>+'				;
> 			}
> 		}
> 
>  
>
>------------------------------------------------------------------------
>
>_______________________________________________
>TYPO3-team-core mailing list
>TYPO3-team-core at lists.netfielders.de
>http://lists.netfielders.de/cgi-bin/mailman/listinfo/typo3-team-core
>

More information about the TYPO3-team-core mailing list