php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #24643 email address gets published on www unobfusciated
Submitted: 2003-07-14 03:36 UTC Modified: 2003-07-14 14:18 UTC
From: jelte dot werkhoven at itfy dot com Assigned: goba (profile)
Status: Closed Package: Website problem
PHP Version: Irrelevant OS: irrelevant
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: jelte dot werkhoven at itfy dot com
New email:
PHP Version: OS:

 

 [2003-07-14 03:36 UTC] jelte dot werkhoven at itfy dot com 
Description:
------------
I added a comment to the dba_replace function a while ago, 
and am now receiving more and more spam on an up till now 
spam free email address. A google search on my email 
address pointed to a php.net mirror ( and only this site 
showed my full email address ): 
sunsite.bilkent.edu.tr/pub/infosystems/phpweb/backend/notes/cd/cd037b6261327c44 
 
I wrote the webmaster at this address and he referred me 
to you, stating "It is  a mirror  of  www.php.net. 
It would be much better to change it at 
www.php.net/backend/notes/cd/cd037b6261327c44  
". 
 
I would be much appreciated if making a comment on php.net 
does not result in spambots harvesting the email addresses 
of commenters.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-07-14 03:38 UTC] derick@php.net 
This will be fixed shortly (by base64 encoding the email addy or something similar). Assigning to Goba as per docmeeting discussion.
 [2003-07-14 03:54 UTC] goba@php.net 
I have just fixed the code to make obfuscation work on the server where those data files are generated. I have not employed base64 encoding as all the data will go out as plain text anyway on the manual pages, so the obfuscated versions can be collected from the manpages too. Therefore there is no point to base64 code that part in the communication, as that is not the "weakest part" of the email address transportation and display chain. As the original reporter had no problem with the obfuscated version available from the manpages, I hope he will have no problem with this solution.
 [2003-07-14 03:57 UTC] goba@php.net 
By the way, we have a blocking statement for robots in our robots.txt to prevent them form indexing our backend data. This does not work for that mirror you found the data on, as the rule says /backend/....
 [2003-07-14 04:06 UTC] jelte dot werkhoven at itfy dot com 
Thanks guys for your rediculously quick action on this 
bug. I timed you at a little over twenty minutes from my 
submission to your solution. Kudos! 
 
And yes, I quite alright with having my email adres in 
manpages.
 [2003-07-14 04:08 UTC] derick@php.net 
Heh, if that's what you think: great ;-) But actually it was reported before already...
 [2003-07-14 11:22 UTC] davey@php.net 
I'd like to quickly note what I use to combat spambots, its simply htmlentity'ing every character in the link, including the mailto: part. Browsers understand this without a problem, but spambots don't seem to have worked this one out yet. I've tested this code in IE6 with and without SP1, Mozilla 1.2.1, 1.3, 1.3.1 and 1.4 and Opera 7.

function obfuscate_email($email) {
    $email_obfuscated = 'mailto:'; /* this is the HTML entitys for mailto: */
    $email_length = strlen($email);
    for($i=0; $i < $email_length; $i++) {
        $email_obfuscated .= '&#' .ord($email{$i}) . ';';
    }
    return $email_obfuscated;
}
	
echo '<a href="' .obfuscate_email('davey@php.net'). '">E-Mail Me!</a>';

You can see the result and test for yourself at:
http://pixelated-dreams.com/~davey/test/obfuscate_email.php

- Davey
 [2003-07-14 14:18 UTC] jelte dot werkhoven at itfy dot com 
I know it was reported earlier, but I'll take any chance to compliment you guys on your great work =)
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Tue May 21 14:01:33 2024 UTC