davidc Wed Mar 28 15:56:04 2007 UTC
Modified files:
/pearweb/include/notes ManualNotes.class.php
Log:
Make sure the emails/usernames displayed in the notes are obfuscated,
bug#10540 fixed.
http://cvs.php.net/viewvc.cgi/pearweb/include/notes/ManualNotes.class.php?r1=1.16&r2=1.17&diff_format=u
Index: pearweb/include/notes/ManualNotes.class.php
diff -u pearweb/include/notes/ManualNotes.class.php:1.16
pearweb/include/notes/ManualNotes.class.php:1.17
--- pearweb/include/notes/ManualNotes.class.php:1.16 Mon Mar 26 05:39:29 2007
+++ pearweb/include/notes/ManualNotes.class.php Wed Mar 28 15:56:04 2007
@@ -411,7 +411,7 @@
$userHandle = $comment['user_handle'] ?
'<a href="/user/' . $comment['user_handle'] . '">' .
$comment['user_handle'] .
'</a>' :
- htmlentities($comment['user_name']);
+ $this->obfuscateAnonLink($comment['user_name']));
$pending = $comment['note_approved'] == 'pending';
$id = $comment['page_url'];
$comment = $comment['note_text'];
@@ -419,5 +419,33 @@
$linkName = '<a name="#' . $noteId . '"></a>';
include dirname(dirname(dirname(__FILE__))) .
'/templates/notes/note.tpl.php';
}
+
+ // {{{ public function obfuscateAnonLink
+ /**
+ * Obfuscate Anonymous link
+ *
+ * This function will take a parameter and
+ * make it obfuscated in a manner that no
+ * script can find @ . , etc. This is the same
+ * method used for bugs and all mailto_links
+ * on the site (site-wide)
+ *
+ * @access public
+ * @param string $text The text to obfuscate
+ * @return string $obText The text obfuscated
+ */
+ public function obfuscateAnonLink($text)
+ {
+ $tmp = '';
+ for ($i = 0, $l = strlen($text); $i<$l; $i++) {
+ if ($i % 2) {
+ $tmp .= '&#' . ord($text[$i]) . ';';
+ } else {
+ $tmp .= '&#x' . dechex(ord($text[$i])) . ';';
+ }
+ }
+ return $tmp;
+ }
+ // }}}
}
// }}}
--
PEAR CVS Mailing List (http://pear.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
|
Try Searching:
servers, voip, java, networking, microsoft ...
|
|
|
| 
