/
obfuscate.php
executable file
·129 lines (114 loc) · 3.46 KB
/
obfuscate.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
<?php /*
ocPortal
Copyright (c) ocProducts, 2004-2012
See text/EN/licence.txt for full licencing information.
NOTE TO PROGRAMMERS:
Do not edit this file. If you need to make changes, save your changed file to the appropriate *_custom folder
**** If you ignore this advice, then your website upgrades (e.g. for bug fixes) will likely kill your changes ****
*/
/**
* @license http://opensource.org/licenses/cpal_1.0 Common Public Attribution License
* @copyright ocProducts Ltd
* @package core
*/
/**
* Standard code module initialisation function.
*/
function init__obfuscate()
{
if (!function_exists('mailto_obfuscated'))
{
/**
* Get obfuscate version of 'mailto:' (which'll hopefully fool e-mail scavengers to not pick up these e-mail addresses).
*
* @return string The obfuscated 'mailto:' string
*/
function mailto_obfuscated()
{
return 'm'.obfuscate_entities('ailto:');
}
}
}
/**
* Obfuscate the given text using HTML entity encoding.
*
* @param string The text to obfuscate
* @return string The obfuscated version
*/
function obfuscate_entities($val)
{
if (strpos($val,'&')!==false) return $val; // Prevent double encoding
$out='';
for ($i=0;$i<strlen($val);$i++)
{
$char=$val[$i];
if ($char=='<') $_char='<';
elseif ($char=='>') $_char='>';
elseif ($char=='&') $_char='&';
elseif ($i%2==0) $_char='&#'.sprintf('%d',ord($char)).';';
else $_char='&#x'.sprintf('%x',ord($char)).';';
$out.=$_char;
}
if ($GLOBALS['XSS_DETECT']) ocp_mark_as_escaped($out);
return $out;
}
/**
* Obfuscate the given e-mail address.
* This function may want to be modified on a per-site basis, to stop spammers triggering onto ocPortal's default method (possible some already do, although I think it unlikely they would go to this much effort/computation unless it was more widespread to do this).
*
* @param string The e-mail address to obfuscate
* @return string The obfuscated version
*/
function obfuscate_email_address($email)
{
/* One possibility (conventional, but annoying)...
$i=mt_rand(0,strlen($email));
$rep='^remove_me^';
return substr($email,0,$i).$rep.substr($email,$i);
*/
/* One possibility (conventional, but annoying)...
$at_pos=strpos($email,'@');
return substr($email,0,$at_pos).'AT'.substr($email,$at_pos+1);
*/
/* Randomly mutated e-mail addresses, so that we can block e-mail address mutations that have become spammed. This would be for webmasters who have default mail for the domain forwarded to themselves.
$at_pos=strpos($email,'@');
return substr($email,0,$at_pos).mt_rand(0,100000).substr($email,$at_pos);
*/
/* Another possibility would be to write some Javascript that scans the page after loading, and re-write algorithmically mangled addresses. (You'd need to write some Javascript to match this, we haven't)
$remap=array('a'=>'alpha',
'b'=>'beta',
'c'=>'no',
'd'=>'delta',
'e'=>'epsilon',
'f'=>'more',
'g'=>'gamma',
'h'=>'eta',
'i'=>'iota',
'j'=>'letters',
'k'=>'kappa',
'l'=>'lambda',
'm'=>'mu',
'n'=>'nu',
'o'=>'omicron',
'p'=>'pi',
'q'=>'xi',
'r'=>'rho',
's'=>'psi',
't'=>'tau',
'u'=>'theta',
'v'=>'sigma',
'w'=>'phi',
'x'=>'chi',
'y'=>'upsilon',
'z'=>'zeta',
);
$out='';
for ($i=0;$i<strlen($email))
{
$at=$email[$i];
$out.=(array_key_exists($at,$remap))?('{'.$remap[$at].'}'):$at;
}
return $out;
*/
return obfuscate_entities($email);
}