[security] Unobtrusive way to stop most spambots for user_template

2025-08-06 14:46:56 +02:00 · 2013-05-04 11:24:14 -05:00
parent 8247701182
commit f546088ee8
2 changed files with 30 additions and 5 deletions
--- a/e107_core/shortcodes/batch/user_shortcodes.php
+++ b/e107_core/shortcodes/batch/user_shortcodes.php
@@ -226,7 +226,9 @@ class user_shortcodes extends e_shortcode
 	function sc_user_email_link($parm) 
 	{
 		$tp = e107::getParser();
-		return ($this->var['user_hideemail'] && !ADMIN) ? "<i>".LAN_USER_35."</i>" : $tp->parseTemplate("{email={$this->var['user_email']}-link}");
+		return /* Condition             */ ($this->var['user_hideemail'] && !ADMIN) ?
+		       /*  Hidden and Not Admin */ "<i>".LAN_USER_35."</i>" :
+		       /*  Not Hidden or Admin  */ $tp->parseTemplate("{email={$this->var['user_email']}-link}");
 	}


@@ -234,7 +236,30 @@ class user_shortcodes extends e_shortcode
 	function sc_user_email($parm) 
 	{
 		$tp = e107::getParser();
-		return ($this->var['user_hideemail'] && !ADMIN) ? "<i>".LAN_USER_35."</i>" : $tp->toHTML($this->var['user_email'],"no_replace");
+		return /* Condition             */ ($this->var['user_hideemail'] && !ADMIN) ?
+		       /*  Hidden and Not Admin */ "<i>".LAN_USER_35."</i>" :
+		       /*  Not Hidden or Admin  */ "<span style='unicode-bidi:bidi-override; direction: rtl;'>" . strrev($tp->toHTML($this->var['user_email'],"no_replace")) . "</span>";
+		       ########################################################
+		       # Security Note - 04 May 2013                          #
+		       ########################################################
+		       #                                                      #
+		       # The CSS code direction rtl is an effective way to    #
+		       # prevent spam bots from scraping emails that are      #
+		       # not hidden.                                          #
+		       #                                                      #
+		       # You can find empirical support for this method at    #
+		       # <http://superuser.com/a/235965>.                     #
+		       #                                                      #
+		       # {e_CORE}templates/user_template.php was modified to  #
+		       # support this code.  In $USER_FULL_TEMPLATE, the      #
+		       # LAN_USER_60 value {USER_EMAIL_LINK} was changed to   #
+		       # {USER_EMAIL}.  I couldn't figure out how the two     #
+		       # shortcodes were different, so I took precautions in  #
+		       # hopes that the CSS direction won't break actual HTML #
+		       # tags.                                                #
+		       #                                                      #
+		       #       -- Deltik                                      #
+		       ########################################################
 	}


@@ -745,4 +770,4 @@ class user_shortcodes extends e_shortcode
 	

 }
-?>
+?>
--- a/e107_core/templates/user_template.php
+++ b/e107_core/templates/user_template.php
@@ -142,7 +142,7 @@ $USER_FULL_TEMPLATE = "{SETIMAGE: w=250}
 <tr>
 	<td  {$main_colspan} class='forumheader3'>
 		<div class='f-left'>{USER_EMAIL_ICON} ".LAN_USER_60."</div>
-		<div class='f-right right'>{USER_EMAIL_LINK}</div>
+		<div class='f-right right'>{USER_EMAIL}</div>
 	</td>
 </tr>

@@ -213,4 +213,4 @@ $USER_EMBED_USERPROFILE_TEMPLATE = "
 <tr><td colspan='2' class='fcaption'>{USER_EMBED_USERPROFILE_CAPTION}</td></tr>
 <tr><td colspan='2' class='forumheader3'>{USER_EMBED_USERPROFILE_TEXT}</td></tr>";

-?>
+?>