Jump to content

E-mail BBCode


Guest Paulo Freitas

Recommended Posts

Hi! ;)

Actually the e-mail BBCode only display e-mails in raw mode (unsafe, of course). My suggestion is to encode the BBCode input, generating a safe output. A good example of this is the {mailto} function of Smarty, that has two types of encode, JavaScript and hexadecimal code.

Beyond the source code of Smarty, follows below my simple'n'poorly implementation of this to exemplify the changes:

./sources/classes/bbcode/class_bbcode.php

Find:

            $txt = preg_replace( "#\[email\](\S+?)\[/email\]#i"                                                                , "<a href='mailto:\\1'>\\1</a>", $txt );
            $txt = preg_replace( "#\[email\s*=\s*\"\;([\.\w\-]+\@[\.\w\-]+\.[\.\w\-]+)\s*\"\;\s*\](.*?)\[\/email\]#i"  , "<a href='mailto:\\1'>\\2</a>", $txt );
            $txt = preg_replace( "#\[email\s*=\s*([\.\w\-]+\@[\.\w\-]+\.[\w\-]+)\s*\](.*?)\[\/email\]#i"                       , "<a href='mailto:\\1'>\\2</a>", $txt );

Replace:

            function mailencode($address, $text = null)
            {
                if (is_null($text)) {
                    $text = $address;
                }

                $enc_address = null;
                $enc_text    = null;

                for ($c = 0; $c < strlen($address); $c++) {
                    $enc_address .= sprintf('%%%x', ord($address{$c}));
                }

                for ($c = 0; $c < strlen($text); $c++) {
                    $enc_text    .= sprintf('&#x%x;', ord($text{$c}));
                }

                return sprintf('<a href="mailto:%s">%s</a>', $enc_address, $enc_text);
            }

            $txt = preg_replace( "#\[email\](\S+?)\[/email\]#ei"                                                                , "mailencode('\\1')", $txt );
            $txt = preg_replace( "#\[email\s*=\s*\"\;([\.\w\-]+\@[\.\w\-]+\.[\.\w\-]+)\s*\"\;\s*\](.*?)\[\/email\]#ei"  , "mailencode('\\1', '\\2')", $txt );
            $txt = preg_replace( "#\[email\s*=\s*([\.\w\-]+\@[\.\w\-]+\.[\w\-]+)\s*\](.*?)\[\/email\]#ei"                       , "mailencode('\\1', '\\2')", $txt );

Find:

            $txt = preg_replace( "#<a href=[\"']mailto:(.+?)['\"]>(.+?)</a>#"                                   , "\[email=\\1\]\\2\[/email\]"   , $txt );

Replace:

            function maildecode($address, $text)
            {
                $dec_address = preg_replace('~%([0-9a-f]{2})~ei', 'chr(hexdec("\\1"))', $address);
                $dec_text    = preg_replace('~&#x([0-9a-f]{2});~ei', 'chr(hexdec("\\1"))', $text);

                return sprintf('[email=%s]%s[/email]', $dec_address, $dec_text);
            }

            $txt = preg_replace( "#<a href=[\"']mailto:(.+?)['\"]>(.+?)</a>#e"                                   , "maildecode('\\1', '\\2')"   , $txt );


Works perfectly. :)

Thanks anyway,
Paulo Ricardo ;)

Link to comment
Share on other sites

Couldn't most bots just render the page and grab the info anyway?


It's possible for the tag content, because uses (X)HTML entities. The href attribute doesn't grabbed by renderization because is an encoded URI. But yes, could be matched and replaced to real e-mail with a regular expression. :unsure:

However, this would make it difficult for common bots. Moreover, my code only uses hexadecimal encoding. A JavaScript encoding would be more difficult. :)

Regards,
Paulo Ricardo ;)
Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...