Extension talk:Enkoder

Latest comment: 16 years ago by Rebbyte in topic Bot-accessible data problem

Bot-accessible data problem

edit

On the talk page of Extension:EmailObfuscator I found the following comment by Jimbojw.

The problem with the methodology used by this extension is that you still have to specify the email address in a computer accessible way. It's wonderful that the HTML page lacks the plaintext email addresses, but they're still viewable in the page source.

All a bot creator would have to do is tell the bot to pull down the action=raw versions of pages and parse them for instances of email addresses, and the functionality provided by this extension would be completely circumvented.

One thing that might work would be to pull the email address of a user (which is only available to the wiki system), then build that out using JS. So instead of this:

<mail address='admin@example.com' description='some description'>Some Text</mail>

You'd have this:

<mail user='SomeAdminUser' description='some description'>Some Text</mail>

Just a thought. --Jimbojw 17:03, 12 April 2007 (UTC)

This is also the case for Extension:Enkoder so I changed the renderEnkodeMail function in enkoder-mw.php. Now the following is possible. Instead of specifying the e-mail through to="person@example.com" it is also possible to break the domain name of the address so that the @ character does not show in the action=raw version.

<enkodemail to="person" at="example.com" subject="Please advise." title="Hover over me">
Imaginary Person
</enkodemail>

To use the e-mail of an user, which is known in the wiki system, the following two are also possible by using the user's name or id. Note that since the readable output of Extension:Enkoder is shown in the status bar of the browser, someone who is able to edit pages of a wiki with Extension:Enkoder could get the e-mail addresses of any other user of which the user name or id is known.

<enkodemail user="Someone" subject="Please advise." title="Hover over me">
Imaginary Person
</enkodemail>
<enkodemail id="54321" subject="Please advise." title="Hover over me">
Imaginary Person
</enkodemail>

The changes I made to the renderEnkodeMail function are shown below.

function renderEnkodeMail( $input, $argv, &$parser ) {
  $e = new Enkode();
  
  if( !array_key_exists('link', $argv) )
  {
    $argv['link'] = $input;
  }
  if( !array_key_exists('to', $argv) )
  {
    $argv['to'] = NULL;
  }
  if( !array_key_exists('title', $argv) )
  {
    $argv['title'] = NULL;
  }
  if( !array_key_exists('subject', $argv) )
  {
    $argv['subject'] = NULL;
  }
  //-- begin edit by Rebbyte
  if( !array_key_exists('at', $argv) )
  {
    $argv['at'] = NULL;
  }
  if ($argv['to']!=NULL) {
	  $mailto = $argv['to'];
  }		  
  if ($argv['at']!=NULL) {
	  $mailto .= "@";
	  $mailto .= $argv['at'];
  }
  // wiki user
  if( !array_key_exists('user', $argv) )
  {
    $argv['user'] = NULL;
  }
  if ($argv['user']!=NULL) {
	if ($u = User::newFromName($argv['user'])) {
      $mailto = $u->getEmail();
    }
  }
  // wiki user id
  if( !array_key_exists('id', $argv) )
  {
    $argv['id'] = NULL;
  }
  if ($argv['id']!=NULL) {
    if ($u = User::newFromId($argv['id'])) {
      $mailto = $u->getEmail();
    }  
  }
  //-- end edit by Rebbyte
  
  $i = 0;
  $max_i = 100;
  do {
    if($i == $max_i) 
    {
      return "Error: Your encoded string contains an ampersand character which MediaWiki will attempt to replace with the HTML entity <tt>&amp;amp;</tt>.";
    }
    $i += 1;
    // Change first argument from $argv['to'] to $mailto, by Rebbyte
    $output = $e->enkode_mail( $mailto, $argv['link'], $argv['title'], $argv['subject'] );   
  } while(preg_match("/\&/", $output));

  # prevent misc. mediawiki markup
  $output = str_replace("\n", "", $output);

  return $output;
}

BTW I tested this with MW 1.12.

--Rebbyte 19:11, 14 April 2008 (UTC)Reply

Return to "Enkoder" page.