Rev 5 | Details | Compare with Previous | Last modification | View Log | RSS feed
Rev | Author | Line No. | Line |
---|---|---|---|
5 | daniel-mar | 1 | <?php |
2 | |||
3 | // ======================================================================== |
||
4 | |||
5 | // SOURCE: SIGMA 3.0 ANTISPAM CONFIG |
||
6 | |||
7 | define('CFG_MAKE_MAIL_ADDRESSES_CLICKABLE', true); |
||
8 | define('CFG_CORRET_MISSING_MAILTO', true); |
||
9 | define('CFG_DEFAULT_CLASS', 'mail-addr'); |
||
10 | |||
11 | // ======================================================================== |
||
12 | |||
13 | // SOURCE: SIGMA 3.0 ANTISPAM FILTER |
||
14 | |||
6 | daniel-mar | 15 | function alas_js_crypt($text) |
5 | daniel-mar | 16 | { |
6 | daniel-mar | 17 | $tmp = ''; |
18 | for ($i=0; $i<strlen($text); $i++) |
||
5 | daniel-mar | 19 | { |
6 | daniel-mar | 20 | $tmp .= 'document.write("&#'.ord(substr($text, $i, 1)).';");'; |
5 | daniel-mar | 21 | } |
6 | daniel-mar | 22 | return $tmp; |
23 | } |
||
5 | daniel-mar | 24 | |
6 | daniel-mar | 25 | function secure_email_triv($email) |
26 | { |
||
5 | daniel-mar | 27 | $aus = ''; |
28 | if ($email != '') |
||
29 | { |
||
30 | $aus .= '<script language="JavaScript" type="text/javascript"><!--'."\n"; |
||
31 | $aus .= alas_js_crypt($email); |
||
32 | $aus .= '// --></script>'; |
||
33 | } |
||
34 | return $aus; |
||
35 | } |
||
36 | |||
37 | function getAddrSpec() { |
||
38 | // Ref: http://www.iamcal.com/publish/articles/php/parsing_email/ |
||
39 | |||
40 | $qtext = '[^\\x0d\\x22\\x5c\\x80-\\xff]'; |
||
41 | $dtext = '[^\\x0d\\x5b-\\x5d\\x80-\\xff]'; |
||
42 | $atom = '[^\\x00-\\x20\\x22\\x28\\x29\\x2c\\x2e\\x3a-\\x3c\\x3e\\x40\\x5b-\\x5d\\x7f-\\xff]+'; |
||
43 | $quoted_pair = '\\x5c[\\x00-\\x7f]'; |
||
44 | $domain_literal = "\\x5b($dtext|$quoted_pair)*\\x5d"; |
||
45 | $quoted_string = "\\x22($qtext|$quoted_pair)*\\x22"; |
||
46 | $domain_ref = $atom; |
||
47 | $sub_domain = "($domain_ref|$domain_literal)"; |
||
48 | $word = "($atom|$quoted_string)"; |
||
49 | $domain = "$sub_domain(\\x2e$sub_domain)*"; |
||
50 | $local_part = "$word(\\x2e$word)*"; |
||
51 | $addr_spec = "$local_part\\x40$domain"; |
||
52 | |||
53 | return $addr_spec; |
||
54 | } |
||
55 | |||
56 | function is_valid_email_address($email) { |
||
57 | // TODO: Hier lieber einen korrekten Mailvalidator verwenden (C.Sayers Lösung)? |
||
58 | |||
59 | $ary = explode('?', $email); |
||
60 | $email = $ary[0]; |
||
61 | |||
62 | $addr_spec = getAddrSpec(); |
||
63 | return preg_match("!^$addr_spec$!", $email); |
||
64 | } |
||
65 | |||
66 | class MailLinkProtector extends UrlParseIterator { |
||
67 | var $correct_missing_mailto; |
||
68 | |||
69 | protected function link_callback($complete, $pre, $post, $urltype, $bracket, $url, $linktext) { |
||
70 | if (beginsWithI($url, 'mailto:')) { |
||
71 | // Link ist eine Mailadresse |
||
72 | $mailaddr = remove_beginning_i($url, 'mailto:'); |
||
73 | return secure_email($mailaddr, $linktext, is_valid_email_address($linktext), CFG_DEFAULT_CLASS); |
||
74 | } else if (($this->correct_missing_mailto) && (is_valid_email_address($url))) { |
||
75 | // Hier hat jemand "mailto:" vergessen. Wir korrigieren das mal... |
||
76 | $mailaddr = $url; |
||
77 | return secure_email($mailaddr, $linktext, is_valid_email_address($linktext), CFG_DEFAULT_CLASS); |
||
78 | } else { |
||
79 | // Normaler Link |
||
80 | return $complete; |
||
81 | } |
||
82 | } |
||
83 | } |
||
84 | |||
85 | function protect_mail_address_urls($content, $correct_missing_mailto = true) { |
||
86 | $t = new MailLinkProtector; |
||
87 | $t->correct_missing_mailto = $correct_missing_mailto; |
||
88 | return $t->process($content); |
||
89 | } |
||
90 | |||
91 | function auto_secure_mail_addresses($content) { |
||
92 | // Step 1: Parse links and make them secure |
||
93 | |||
94 | $content = protect_mail_address_urls($content, CFG_CORRET_MISSING_MAILTO); |
||
95 | |||
96 | // Step 2: Find all further mail addresses, make then clickable and prevent spam bots |
||
97 | |||
98 | $addr_spec = getAddrSpec(); |
||
99 | |||
100 | // This fixes an error if the file is unix converted... |
||
101 | // The error occoured at server4.configcenter.info: |
||
102 | // [Fri Mar 26 20:23:24 2010] [error] [client 87.165.172.145] (104)Connection reset by peer: FastCGI: comm with server "/home/www/web66/html/cgi-bin/php-fcgi-starter" aborted: read failed |
||
103 | // [Fri Mar 26 20:23:24 2010] [error] [client 87.165.172.145] FastCGI: incomplete headers (0 bytes) received from server "/home/www/web66/html/cgi-bin/php-fcgi-starter" |
||
104 | $content = str_replace("\n", "\r\n", $content); |
||
105 | |||
106 | // Diese Zeichen ausschließen, damit z.B. Satzzeichen am Ende einer E-Mail-Adresse, Anführungszeichen oder Klammern nicht |
||
107 | // als Teil der Adresse angesehen werden. Die Liste ist länger als $addr_spec eigentlich benötigt (z.B. schließt $addr_spec |
||
108 | // einen Punkt am Ende automatisch aus). Aber sicher ist sicher. |
||
109 | $exclude_mail_chars_beginning = '\^°!"§$%&/()=\?´`}\]\[{\+*~\'#-_\.:,;'; |
||
110 | $exclude_mail_chars_ending = $exclude_mail_chars_beginning; |
||
111 | |||
6 | daniel-mar | 112 | $content = preg_replace_callback("@(?![$exclude_mail_chars_beginning])($addr_spec)(?<![$exclude_mail_chars_ending])@sm", function($a) { |
113 | $mailaddr = $a[1]; // Letztes |
||
5 | daniel-mar | 114 | |
6 | daniel-mar | 115 | if (CFG_MAKE_MAIL_ADDRESSES_CLICKABLE) { |
116 | return secure_email($mailaddr, $mailaddr, true, CFG_DEFAULT_CLASS); |
||
117 | } else { |
||
118 | return secure_email_triv($mailaddr); |
||
119 | } |
||
120 | }, $content); |
||
121 | |||
5 | daniel-mar | 122 | // Output |
123 | |||
124 | return $content; |
||
125 | } |
||
126 | |||
127 | // ======================================================================== |
||
128 | |||
129 | // SOURCE: SIGMA 3.0 _sigma.php |
||
130 | |||
131 | class UrlParseIterator { |
||
132 | var $use_original_bracket_at_link = false; |
||
133 | var $use_original_bracket_at_css = false; |
||
134 | var $use_original_bracket_at_other = false; |
||
135 | |||
136 | protected function process_url($url) { |
||
137 | // Overwrite this method in a derivate! |
||
138 | return $url; |
||
139 | } |
||
140 | |||
141 | // LINK |
||
142 | |||
143 | private function link_style_regex() { |
||
144 | return "@(<a\s[^>]*(href)\s*=\s*)(?(?=[\"'])(([\"'])([^>]*)\\4)|()([^ >]*?))([^>]*>)(.*)</a>@ismU"; |
||
145 | } |
||
146 | |||
147 | protected function link_callback($complete, $pre, $post, $urltype, $bracket, $url, $linktext) { |
||
148 | $url = $this->process_url($url); |
||
149 | |||
150 | return $pre.$bracket.$url.$bracket.$post.$linktext.'</a>'; |
||
151 | } |
||
152 | |||
153 | private function link_first_callback($c) { |
||
154 | $complete = $c[0]; |
||
155 | |||
156 | $pre = $c[1]; |
||
157 | $post = $c[8]; |
||
158 | |||
159 | $urltype = $c[2]; // = href |
||
160 | |||
161 | if ($this->use_original_bracket_at_link) { |
||
162 | $bracket = $c[4]; |
||
163 | } else { |
||
164 | $bracket = '"'; |
||
165 | } |
||
166 | |||
167 | $url = $c[5].$c[7]; // Either [5] OR [7] is filled, so I simply concat them. |
||
168 | |||
169 | $linktext = $c[9]; |
||
170 | |||
171 | return $this->link_callback($complete, $pre, $post, $urltype, $bracket, $url, $linktext); |
||
172 | } |
||
173 | |||
174 | // CSS |
||
175 | |||
176 | private function css_style_regex() { |
||
177 | return "/url\(\s*(?(?=[\"'])(([\"'])([^>]*)\\2)|([^\)]*?))\)/isUm"; |
||
178 | } |
||
179 | |||
180 | protected function css_callback($complete, $bracket, $url) { |
||
181 | $url = $this->process_url($url); |
||
182 | |||
183 | return 'url('.$bracket.$url.$bracket.')'; |
||
184 | } |
||
185 | |||
186 | private function css_first_callback($c) { |
||
187 | $complete = $c[0]; |
||
188 | |||
189 | if ($this->use_original_bracket_at_css) { |
||
190 | $bracket = $c[2]; |
||
191 | } else { |
||
192 | $bracket = "'"; |
||
193 | } |
||
194 | |||
195 | if (!isset($c[4])) $c[4] = ''; |
||
196 | $url = $c[3].$c[4]; // Either [3] OR [4] is filled, so I simply concat them. |
||
197 | |||
198 | return $this->css_callback($complete, $bracket, $url); |
||
199 | } |
||
200 | |||
201 | // Other (does not include a-href, but base-href etc.) |
||
202 | |||
203 | private function other_style_regex() { |
||
204 | return "/((<(?!a\s)[^><]*)(href)|src|background|code)\s*=\s*(?(?=[\"'])(([\"'])([^>]*)\\5)|([^ >]*?))/isUm"; |
||
205 | } |
||
206 | |||
207 | protected function other_callback($complete, $bracket, $type, $url) { |
||
208 | $url = $this->process_url($url); |
||
209 | |||
210 | return $type.'='.$bracket.$url.$bracket; |
||
211 | } |
||
212 | |||
213 | private function other_first_callback($c) { |
||
214 | // Aufgrund des regex ist bei einem href $c[0] nicht href="..." sondern <base ... href="..." |
||
215 | // Wir verdecken diesen zusätzlichen Anfang, leiten ihn an die abstrakte callback-Funktion weiter |
||
216 | // und fügen später beim zurückliefern diesen Präfix $pre wieder hinzu. |
||
217 | $pre = $c[2]; |
||
218 | |||
219 | $complete = remove_beginning($c[0], $pre); |
||
220 | |||
221 | if ($c[3] == '') { |
||
222 | $type = $c[1]; |
||
223 | } else { |
||
224 | $type = $c[3]; |
||
225 | } |
||
226 | |||
227 | if ($this->use_original_bracket_at_other) { |
||
228 | $bracket = $c[5]; |
||
229 | } else { |
||
230 | $bracket = '"'; |
||
231 | } |
||
232 | |||
233 | if (!isset($c[7])) $c[7] = ''; |
||
234 | $url = $c[6].$c[7]; // Either [6] OR [7] is filled, so I simply concat them. |
||
235 | |||
236 | return $pre.$this->other_callback($complete, $bracket, $type, $url); |
||
237 | } |
||
238 | |||
239 | // Processing functions |
||
240 | |||
241 | private function process_links($content) { |
||
242 | $r = preg_replace_callback($this->link_style_regex(), array(&$this, 'link_first_callback'), $content); |
||
243 | if ($r == null) return $content; // z.B. bei doppeltem ALAS-Processing! |
||
244 | return $r; |
||
245 | } |
||
246 | |||
247 | private function process_other($content) { |
||
248 | $r = preg_replace_callback($this->other_style_regex(), array(&$this, 'other_first_callback'), $content); |
||
249 | if ($r == null) return $content; |
||
250 | return $r; |
||
251 | } |
||
252 | |||
253 | private function process_css($content) { |
||
254 | $r = preg_replace_callback($this->css_style_regex(), array(&$this, 'css_first_callback'), $content); |
||
255 | if ($r == null) return $content; |
||
256 | return $r; |
||
257 | } |
||
258 | |||
259 | public function process($content) { |
||
260 | $content = $this->process_links($content); |
||
261 | $content = $this->process_other($content); |
||
262 | $content = $this->process_css($content); |
||
263 | |||
264 | return $content; |
||
265 | } |
||
266 | } |
||
267 | |||
268 | // ======================================================================== |
||
269 | |||
270 | // SOURCE: VIATHINKSOFT ANTI SPAM |
||
271 | |||
272 | include '../v3.inc.php'; |
||
273 | |||
274 | // ======================================================================== |
||
275 | |||
276 | // SOURCE: SIGMA 3.0 _sigma.php |
||
277 | |||
278 | function remove_beginning($content, $beginning) { |
||
279 | if (beginsWith($content, $beginning)) { |
||
280 | return substr($content, strlen($beginning), strlen($content)-strlen($beginning)); |
||
281 | } else { |
||
282 | return $content; |
||
283 | } |
||
284 | } |
||
285 | |||
286 | function beginsWithI($content, $beginning) { |
||
287 | return beginsWith(strtolower($content), strtolower($beginning)); |
||
288 | } |
||
289 | |||
290 | function beginsWith($content, $beginning) { |
||
291 | // return substr($content, 0, strlen($beginning)) == $beginning; |
||
292 | return (strncmp($content, $beginning, strlen($beginning)) == 0); |
||
293 | } |
||
294 | |||
295 | function remove_beginning_i($content, $beginning) { |
||
296 | if (beginsWithI($content, $beginning)) { |
||
297 | return substr($content, strlen($beginning), strlen($content)-strlen($beginning)); |
||
298 | } else { |
||
299 | return $content; |
||
300 | } |
||
301 | } |
||
302 | |||
303 | // ======================================================================== |
||
304 | |||
305 | // USAGE: |
||
306 | // $content = auto_secure_mail_addresses($content); |
||
307 | |||
6 | daniel-mar | 308 | // ======================================================================== |