Extension talk:EmailAddressImage

Address in Sourcecode
It's a little bit dangerous to write the Email Address into the query-string.

So I used base64 to encode and decode the string:

EmailAddressImage.php setHook( 'email', 'doAddressImage' ); return true; } function doAddressImage( $input, $argv ) { $email_pattern = '/\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,4}\b/'; $found = preg_match($email_pattern, $input, $matches); $addr = ( empty( $found ) ? '[INVALID EMAIL ADDR]' : base64_encode($matches[0]) ); global $wgScriptPath; // wiki's root path, defined in LocalSettings return ""; } ?>
 * 1) allows the use of tag foo@domain.com which will result
 * 2) in inline insertion of an image with the text foo@domain.com
 * 3) CREDITS:
 * 4) email address regexp pattern borrowed from:
 * 5)   http://www.regular-expressions.info/email.html
 * 1)   http://www.regular-expressions.info/email.html
 * 1) Sets the hook to be executed once the parser has stripped HTML tags.

EmailAddressImage-generator.php  blah blah. Header ("Content-type: image/gif"); if (isset($_REQUEST['str'])) { $string = $_REQUEST['str']; } else { $string = '[INVALID EMAIL ADDR]'; } if($string !== '[INVALID EMAIL ADDR]') { $string = base64_decode($string); } $font = 3; $width = ImageFontWidth($font)* strlen($string); $height = ImageFontHeight($font); // + 5; $im = ImageCreate($width,$height); $x=imagesx($im)-$width ; $y=imagesy($im)-$height; // + 2; $background_color = imagecolorallocate ($im, 242, 242, 242); //white background $text_color = imagecolorallocate ($im, 0, 0, 0);//black text $trans_color = $background_color;//transparent colour imagestring ($im, $font, $x, $y, $string, $text_color); imagegif($im); ImageDestroy($im); ?>
 * 1) imagecolortransparent($im, $trans_color);

It looks to me EmailAddressImage as implemented in version 1.1 does not actually help in obfuscating the e-mail address. Granted is shows the address as an image, but the HTML source contains the cleartext address as parameter. Spammer who searches for @-characters and grabs strings that look like "something@somethingelse" only has to check if the somethingelse-part has valid MX-records and a good e-mail address has been found.

It would suffice to use something simple, like ROT13 to crypt the address. If the parameter how much to ROT can be given when installing EmailAddressImage, I doubt spammers would go to the trouble to get the cleartext address. --Taleman 21:42, 28 February 2008 (UTC)

Full e-mail address still visible in wikitext
A similar worry is that harvesters can still access the original e-mail address within the wikitext source (especially given that harvesters don't respect restrictions specified within robots.txt). As far as I can make out, there is no way of preventing the 'view source' option from being presented to guest users on a standard MediaWiki installation, so this would be a problem even with the image extension installed (although perhaps there is another extension available that can do this?).

The only other solution I can think of would be to physically separate the name and domain parts of e-mail addresses within the page source. Using a template of the form  @xyz.com  should be sufficient to work around the problem, but also makes it difficult for users to enter or copy and paste addresses straight onto the page. Again, perhaps an extension could be devised to replace standard e-mail addresses with a template of this form prior to the changes being saved to the database? -- Keith Wilson 13:11, 24 March 2008 (UTC)

Patch to ROT13 email address parameter
Simple patch, tested a bit and seems to work. HTML source has only the obfuscated parameter, should make it more difficult to harvest addresses. Context diffs:

--- EmailAddressImage.php      2008-04-17 14:30:02.000000000 +0300 $found = preg_match($email_pattern, $input, $matches);
 * EmailAddressImage.php-2008-04-17   2008-04-17 14:29:22.000000000 +0300
 * 39,49 ****
 * 39,49 ****

$addr = ( empty( $found ) ? '[INVALID EMAIL ADDR]' : $matches[0] );

global $wgScriptPath; // wiki's root path, defined in LocalSettings

return ""; } --- 39,50        $found = preg_match($email_pattern, $input, $matches);

$addr = ( empty( $found ) ? '[INVALID EMAIL ADDR]' : $matches[0] ); +        $rotaddr = str_rot13($addr);

global $wgScriptPath; // wiki's root path, defined in LocalSettings

return ""; }

--- EmailAddressImage-generator.php    2008-04-17 14:30:02.000000000 +0300 Header ("Content-type: image/gif");
 * EmailAddressImage-generator.php-2008-04-17 2008-04-17 14:28:17.000000000 +0300
 * 9,19 ****
 * 9,19 ****

if (isset($_REQUEST['str'])) { !      $string = $_REQUEST['str']; } else { !      $string = "[Invalid email address]"; }

$font = 4; $width = ImageFontWidth($font)* strlen($string); $height = ImageFontHeight($font); // + 5; --- 9,21  Header ("Content-type: image/gif");

if (isset($_REQUEST['str'])) { !      $rotstring = $_REQUEST['str']; } else { !      $rotstring = "[Invalid email address]"; }

+ $string = str_rot13($rotstring); + $font  = 4; $width = ImageFontWidth($font)* strlen($string); $height = ImageFontHeight($font); // + 5;

This code will stop the ROT13 being applied to the error message: if (isset($_REQUEST['str'])) { $string = str_rot13($_REQUEST['str']); } else { $string = "[Invalid email address]"; }

Bonus translation: /** Finnish (suomi) * @author Taleman */ $messages['fi'] = array(                      'emailaddressimage-desc' => 'Lisää tagin &lt;email&gt; näyttämään sähköpostiosoitteen kuvana', );

--Taleman 11:54, 17 April 2008 (UTC)