From a7697308920de060c47f1de5eac5cfde0e79235c Mon Sep 17 00:00:00 2001 From: Basil Suter Date: Tue, 18 Dec 2018 11:32:35 +0100 Subject: [PATCH] add email tag obfuscation #1895 --- composer.lock | 80 ++++++++++++++++++++++----------------- core/CHANGELOG.md | 6 ++- core/composer.lock | 16 ++++---- core/tag/tags/MailTag.php | 34 ++++++++++++++++- 4 files changed, 92 insertions(+), 44 deletions(-) diff --git a/composer.lock b/composer.lock index 110309168..cedbb6533 100644 --- a/composer.lock +++ b/composer.lock @@ -59,9 +59,21 @@ "type": "zip", "url": "https://api.github.com/repos/bestiejs/punycode.js/zipball/38c8d3131a82567bfef18da09f7f4db68c84f8a3", "reference": "38c8d3131a82567bfef18da09f7f4db68c84f8a3", - "shasum": null + "shasum": "" }, - "type": "bower-asset" + "type": "bower-asset-library", + "extra": { + "bower-asset-main": "punycode.js", + "bower-asset-ignore": [ + "coverage", + "tests", + ".*", + "component.json", + "Gruntfile.js", + "node_modules", + "package.json" + ] + } }, { "name": "bower-asset/yii2-pjax", @@ -202,16 +214,16 @@ }, { "name": "curl/curl", - "version": "2.1.0", + "version": "2.2.0", "source": { "type": "git", "url": "https://github.com/php-mod/curl.git", - "reference": "63ef7e7ba7b37c909886f7ca0bbf99bfb0dfaad6" + "reference": "d22086dd2eee5ca02e4c29b9a5bdf3645bfdbbff" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/php-mod/curl/zipball/63ef7e7ba7b37c909886f7ca0bbf99bfb0dfaad6", - "reference": "63ef7e7ba7b37c909886f7ca0bbf99bfb0dfaad6", + "url": "https://api.github.com/repos/php-mod/curl/zipball/d22086dd2eee5ca02e4c29b9a5bdf3645bfdbbff", + "reference": "d22086dd2eee5ca02e4c29b9a5bdf3645bfdbbff", "shasum": "" }, "require": { @@ -253,7 +265,7 @@ "curl", "dot" ], - "time": "2018-11-17T10:32:36+00:00" + "time": "2018-12-04T19:47:03+00:00" }, { "name": "ezyang/htmlpurifier", @@ -304,16 +316,16 @@ }, { "name": "luyadev/luya-composer", - "version": "1.0.3", + "version": "1.0.4.1", "source": { "type": "git", "url": "https://github.com/luyadev/luya-composer.git", - "reference": "d5274bd0e7a67987c7b4b3ee9d91f8268f638174" + "reference": "4b23be17cf061f776496fe848f5e7686d4f2fe06" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/luyadev/luya-composer/zipball/d5274bd0e7a67987c7b4b3ee9d91f8268f638174", - "reference": "d5274bd0e7a67987c7b4b3ee9d91f8268f638174", + "url": "https://api.github.com/repos/luyadev/luya-composer/zipball/4b23be17cf061f776496fe848f5e7686d4f2fe06", + "reference": "4b23be17cf061f776496fe848f5e7686d4f2fe06", "shasum": "" }, "require": { @@ -350,7 +362,7 @@ "composer", "luya" ], - "time": "2018-01-16T09:12:39+00:00" + "time": "2018-12-18T08:08:02+00:00" }, { "name": "nadar/php-composer-reader", @@ -981,16 +993,16 @@ }, { "name": "luyadev/luya-core", - "version": "1.0.14", + "version": "1.0.14.2", "source": { "type": "git", "url": "https://github.com/luyadev/luya-core.git", - "reference": "80fe9192b66b1cf80ff49637403db61884859ef3" + "reference": "46226dc830d03b9428b337a446e2df5837a80b7c" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/luyadev/luya-core/zipball/80fe9192b66b1cf80ff49637403db61884859ef3", - "reference": "80fe9192b66b1cf80ff49637403db61884859ef3", + "url": "https://api.github.com/repos/luyadev/luya-core/zipball/46226dc830d03b9428b337a446e2df5837a80b7c", + "reference": "46226dc830d03b9428b337a446e2df5837a80b7c", "shasum": "" }, "require": { @@ -1034,20 +1046,20 @@ "yii", "yii2" ], - "time": "2018-11-17T11:49:53+00:00" + "time": "2018-12-03T12:45:15+00:00" }, { "name": "luyadev/luya-module-admin", - "version": "1.2.3", + "version": "1.2.3.1", "source": { "type": "git", "url": "https://github.com/luyadev/luya-module-admin.git", - "reference": "dc7031e7c994cd76881c16049b2b60b2d1f78f73" + "reference": "58d70f66edabb68ad93224174f7389676ae08b29" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/luyadev/luya-module-admin/zipball/dc7031e7c994cd76881c16049b2b60b2d1f78f73", - "reference": "dc7031e7c994cd76881c16049b2b60b2d1f78f73", + "url": "https://api.github.com/repos/luyadev/luya-module-admin/zipball/58d70f66edabb68ad93224174f7389676ae08b29", + "reference": "58d70f66edabb68ad93224174f7389676ae08b29", "shasum": "" }, "require": { @@ -1108,20 +1120,20 @@ "yii", "yii2" ], - "time": "2018-11-21T21:00:04+00:00" + "time": "2018-12-06T19:34:24+00:00" }, { "name": "luyadev/luya-module-cms", - "version": "1.0.7.2", + "version": "1.0.8", "source": { "type": "git", "url": "https://github.com/luyadev/luya-module-cms.git", - "reference": "4b57893b2d847c0cbddf4796332c225188f7c6ca" + "reference": "80863ec01f17487ede12cc11d170ef8eba92c64e" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/luyadev/luya-module-cms/zipball/4b57893b2d847c0cbddf4796332c225188f7c6ca", - "reference": "4b57893b2d847c0cbddf4796332c225188f7c6ca", + "url": "https://api.github.com/repos/luyadev/luya-module-cms/zipball/80863ec01f17487ede12cc11d170ef8eba92c64e", + "reference": "80863ec01f17487ede12cc11d170ef8eba92c64e", "shasum": "" }, "require-dev": { @@ -1172,7 +1184,7 @@ "yii2", "yii2-cms" ], - "time": "2018-10-17T19:22:23+00:00" + "time": "2018-12-03T14:07:31+00:00" }, { "name": "luyadev/luya-testsuite", @@ -3094,16 +3106,16 @@ }, { "name": "twig/twig", - "version": "v1.35.4", + "version": "v1.36.0", "source": { "type": "git", "url": "https://github.com/twigphp/Twig.git", - "reference": "7e081e98378a1e78c29cc9eba4aefa5d78a05d2a" + "reference": "730c9c4471b5152d23061feb02b03382264c8a15" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/twigphp/Twig/zipball/7e081e98378a1e78c29cc9eba4aefa5d78a05d2a", - "reference": "7e081e98378a1e78c29cc9eba4aefa5d78a05d2a", + "url": "https://api.github.com/repos/twigphp/Twig/zipball/730c9c4471b5152d23061feb02b03382264c8a15", + "reference": "730c9c4471b5152d23061feb02b03382264c8a15", "shasum": "" }, "require": { @@ -3113,12 +3125,12 @@ "require-dev": { "psr/container": "^1.0", "symfony/debug": "^2.7", - "symfony/phpunit-bridge": "^3.3" + "symfony/phpunit-bridge": "^3.4.19|^4.1.8" }, "type": "library", "extra": { "branch-alias": { - "dev-master": "1.35-dev" + "dev-master": "1.36-dev" } }, "autoload": { @@ -3156,7 +3168,7 @@ "keywords": [ "templating" ], - "time": "2018-07-13T07:12:17+00:00" + "time": "2018-12-16T10:34:11+00:00" }, { "name": "webmozart/assert", diff --git a/core/CHANGELOG.md b/core/CHANGELOG.md index bbe90d36a..1a99d471d 100644 --- a/core/CHANGELOG.md +++ b/core/CHANGELOG.md @@ -4,6 +4,10 @@ All notable changes to this project will be documented in this file. This projec ## 1.0.15 (in progress) +## Changed + ++ [#1895](https://github.com/luyadev/luya/issues/1895) Changed to email output obfuscation in email tag instead of plain email mailto link. + ### Added + [#1885](https://github.com/luyadev/luya/issues/1885) Fix issue where current url rule appends path param. @@ -12,7 +16,7 @@ All notable changes to this project will be documented in this file. This projec ### Fixed -+ [#1888](https://github.com/luyadev/luya/issues/1888) Fixed issue with ranger values which can have float values. ++ [#1888](https://github.com/luyadev/luya/issues/1888) Fixed issue with range values which can have float values. + [#1876](https://github.com/luyadev/luya/issues/1876) Fixed the url generation without module context when using language switcher. ## 1.0.14 (17. November 2018) diff --git a/core/composer.lock b/core/composer.lock index 6348455a9..1f0d88617 100644 --- a/core/composer.lock +++ b/core/composer.lock @@ -228,12 +228,12 @@ "source": { "type": "git", "url": "https://github.com/php-mod/curl.git", - "reference": "63ef7e7ba7b37c909886f7ca0bbf99bfb0dfaad6" + "reference": "d22086dd2eee5ca02e4c29b9a5bdf3645bfdbbff" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/php-mod/curl/zipball/63ef7e7ba7b37c909886f7ca0bbf99bfb0dfaad6", - "reference": "63ef7e7ba7b37c909886f7ca0bbf99bfb0dfaad6", + "url": "https://api.github.com/repos/php-mod/curl/zipball/d22086dd2eee5ca02e4c29b9a5bdf3645bfdbbff", + "reference": "d22086dd2eee5ca02e4c29b9a5bdf3645bfdbbff", "shasum": "" }, "require": { @@ -326,16 +326,16 @@ }, { "name": "luyadev/luya-composer", - "version": "1.0.3", + "version": "1.0.4.1", "source": { "type": "git", "url": "https://github.com/luyadev/luya-composer.git", - "reference": "d5274bd0e7a67987c7b4b3ee9d91f8268f638174" + "reference": "4b23be17cf061f776496fe848f5e7686d4f2fe06" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/luyadev/luya-composer/zipball/d5274bd0e7a67987c7b4b3ee9d91f8268f638174", - "reference": "d5274bd0e7a67987c7b4b3ee9d91f8268f638174", + "url": "https://api.github.com/repos/luyadev/luya-composer/zipball/4b23be17cf061f776496fe848f5e7686d4f2fe06", + "reference": "4b23be17cf061f776496fe848f5e7686d4f2fe06", "shasum": "" }, "require": { @@ -372,7 +372,7 @@ "composer", "luya" ], - "time": "2018-01-16T09:12:39+00:00" + "time": "2018-12-18T08:08:02+00:00" }, { "name": "phpmailer/phpmailer", diff --git a/core/tag/tags/MailTag.php b/core/tag/tags/MailTag.php index 519fc891f..fb091335d 100644 --- a/core/tag/tags/MailTag.php +++ b/core/tag/tags/MailTag.php @@ -49,6 +49,38 @@ public function readme() */ public function parse($value, $sub) { - return Html::mailto((!empty($sub)) ? $sub : $value, $value); + return Html::tag('a', Html::encode($sub) ?: $this->obfuscate($value), [ + 'rel' => 'nofollow', + 'href' => $this->obfuscate('mailto:'.$value), + 'encoding' => false, + ]); + } + + /** + * Obfucscate email adresse + * + * @param string $email + * @return string + * @see https://stackoverflow.com/a/12592364/4611030 + */ + public function obfuscate($email) + { + $alwaysEncode = ['.', ':', '@']; + $result = null; + // Encode string using oct and hex character codes + for ($i = 0; $i < strlen($email); $i++) { + // Encode 25% of characters including several that always should be encoded + if (in_array($email[$i], $alwaysEncode) || mt_rand(1, 100) < 25) { + if (mt_rand(0, 1)) { + $result .= '&#' . ord($email[$i]) . ';'; + } else { + $result .= '&#x' . dechex(ord($email[$i])) . ';'; + } + } else { + $result .= $email[$i]; + } + } + + return $result; } }