Extension talk:EmailAddressImage

Adress in Sourcecode
It's a little bit dangerous to write the Email Address into the query-string.

So I used base64 to encode and decode the string:

EmailAddressImage.php setHook( 'email', 'doAddressImage' ); return true; } function doAddressImage( $input, $argv ) { $email_pattern = '/\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,4}\b/'; $found = preg_match($email_pattern, $input, $matches); $addr = ( empty( $found ) ? '[INVALID EMAIL ADDR]' : base64_encode($matches[0]) ); global $wgScriptPath; // wiki's root path, defined in LocalSettings return ""; } ?>
 * 1) allows the use of tag foo@domain.com which will result
 * 2) in inline insertion of an image with the text foo@domain.com
 * 3) CREDITS:
 * 4) email address regexp pattern borrowed from:
 * 5)   http://www.regular-expressions.info/email.html
 * 1)   http://www.regular-expressions.info/email.html
 * 1) Sets the hook to be executed once the parser has stripped HTML tags.

EmailAddressImage-generator.php  blah blah. Header ("Content-type: image/gif"); if (isset($_REQUEST['str'])) { $string = $_REQUEST['str']; } else { $string = '[INVALID EMAIL ADDR]'; } if($string !== '[INVALID EMAIL ADDR]') { $string = base64_decode($string); } $font = 3; $width = ImageFontWidth($font)* strlen($string); $height = ImageFontHeight($font); // + 5; $im = ImageCreate($width,$height); $x=imagesx($im)-$width ; $y=imagesy($im)-$height; // + 2; $background_color = imagecolorallocate ($im, 242, 242, 242); //white background $text_color = imagecolorallocate ($im, 0, 0, 0);//black text $trans_color = $background_color;//transparent colour imagestring ($im, $font, $x, $y, $string, $text_color); imagegif($im); ImageDestroy($im); ?>
 * 1) imagecolortransparent($im, $trans_color);

It looks to me EmailAddressImage as implemented in version 1.1 does not actually help in obfuscating the e-mail address. Granted is shows the address as an image, but the HTML source contains the cleartext address as parameter. Spammer who searches for @-characters and grabs strings that look like "something@somethingelse" only has to check if the somethingelse-part has valid MX-records and a good e-mail address has been found.

It would suffice to use something simple, like ROT13 to crypt the address. If the parameter how much to ROT can be given when installing EmailAddressImage, I doubt spammers would go to the trouble to get the cleartext address. --Taleman 21:42, 28 February 2008 (UTC)