php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #24643 email address gets published on www unobfusciated
Submitted: 2003-07-14 03:36 UTC Modified: 2003-07-14 14:18 UTC
From: jelte dot werkhoven at itfy dot com Assigned: goba (profile)
Status: Closed Package: Website problem
PHP Version: Irrelevant OS: irrelevant
Private report: No CVE-ID: None
 [2003-07-14 03:36 UTC] jelte dot werkhoven at itfy dot com
Description:
------------
I added a comment to the dba_replace function a while ago, 
and am now receiving more and more spam on an up till now 
spam free email address. A google search on my email 
address pointed to a php.net mirror ( and only this site 
showed my full email address ): 
sunsite.bilkent.edu.tr/pub/infosystems/phpweb/backend/notes/cd/cd037b6261327c44 
 
I wrote the webmaster at this address and he referred me 
to you, stating "It is  a mirror  of  www.php.net. 
It would be much better to change it at 
www.php.net/backend/notes/cd/cd037b6261327c44  
". 
 
I would be much appreciated if making a comment on php.net 
does not result in spambots harvesting the email addresses 
of commenters. 


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-07-14 03:38 UTC] derick@php.net
This will be fixed shortly (by base64 encoding the email addy or something similar). Assigning to Goba as per docmeeting discussion.
 [2003-07-14 03:54 UTC] goba@php.net
I have just fixed the code to make obfuscation work on the server where those data files are generated. I have not employed base64 encoding as all the data will go out as plain text anyway on the manual pages, so the obfuscated versions can be collected from the manpages too. Therefore there is no point to base64 code that part in the communication, as that is not the "weakest part" of the email address transportation and display chain. As the original reporter had no problem with the obfuscated version available from the manpages, I hope he will have no problem with this solution.
 [2003-07-14 03:57 UTC] goba@php.net
By the way, we have a blocking statement for robots in our robots.txt to prevent them form indexing our backend data. This does not work for that mirror you found the data on, as the rule says /backend/....
 [2003-07-14 04:06 UTC] jelte dot werkhoven at itfy dot com
Thanks guys for your rediculously quick action on this 
bug. I timed you at a little over twenty minutes from my 
submission to your solution. Kudos! 
 
And yes, I quite alright with having my email adres in 
manpages.
 [2003-07-14 04:08 UTC] derick@php.net
Heh, if that's what you think: great ;-) But actually it was reported before already...
 [2003-07-14 11:22 UTC] davey@php.net
I'd like to quickly note what I use to combat spambots, its simply htmlentity'ing every character in the link, including the mailto: part. Browsers understand this without a problem, but spambots don't seem to have worked this one out yet. I've tested this code in IE6 with and without SP1, Mozilla 1.2.1, 1.3, 1.3.1 and 1.4 and Opera 7.

function obfuscate_email($email) {
    $email_obfuscated = 'mailto:'; /* this is the HTML entitys for mailto: */
    $email_length = strlen($email);
    for($i=0; $i < $email_length; $i++) {
        $email_obfuscated .= '&#' .ord($email{$i}) . ';';
    }
    return $email_obfuscated;
}
	
echo '<a href="' .obfuscate_email('davey@php.net'). '">E-Mail Me!</a>';

You can see the result and test for yourself at:
http://pixelated-dreams.com/~davey/test/obfuscate_email.php

- Davey
 [2003-07-14 14:18 UTC] jelte dot werkhoven at itfy dot com
I know it was reported earlier, but I'll take any chance to compliment you guys on your great work =)
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Dec 27 03:01:28 2024 UTC