From 2d8f3d5a3a77207ab9a1a66cbff31e6183c997d3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kai=20M=C3=B6ller?= Date: Wed, 30 Oct 2024 10:41:00 +0100 Subject: [PATCH 1/2] fix: Mail obfuscation for links including additional tags In a link tag with "mailto" href containing additional tags, such as "...", the email address was not obfuscated. Refs. #30 --- .../Converter/Mailto2HrefObfuscatingConverter.php | 2 +- Classes/Fusion/ConvertEmailLinksImplementation.php | 2 +- .../Private/Fusion/Prototype/MailObfuscator.fusion | 2 +- .../Fusion/ConvertEmailLinksImplementationTest.php | 14 +++++++++++--- 4 files changed, 14 insertions(+), 6 deletions(-) diff --git a/Classes/Converter/Mailto2HrefObfuscatingConverter.php b/Classes/Converter/Mailto2HrefObfuscatingConverter.php index 9468149..ce07443 100644 --- a/Classes/Converter/Mailto2HrefObfuscatingConverter.php +++ b/Classes/Converter/Mailto2HrefObfuscatingConverter.php @@ -44,7 +44,7 @@ public function convert($mailAddress) $randomOffset = random_int(1, 26); } - return 'javascript:linkTo_UnCryptMailto(\'' . $this->encryptEmail($mailAddress, $randomOffset) . '\', -' . $randomOffset . ')'; + return 'javascript:linkTo_UnCryptMailto(\'' . $this->encryptEmail($mailAddress, $randomOffset) . '\',-' . $randomOffset . ')'; } /** diff --git a/Classes/Fusion/ConvertEmailLinksImplementation.php b/Classes/Fusion/ConvertEmailLinksImplementation.php index fed05d4..8789bdf 100644 --- a/Classes/Fusion/ConvertEmailLinksImplementation.php +++ b/Classes/Fusion/ConvertEmailLinksImplementation.php @@ -109,7 +109,7 @@ public function convertLinkName(array $matches) { $replacedEmail = $this->linkNameConverter->convert(trim($matches[2])); - return $matches[1] . $replacedEmail; + return $matches[1] . $replacedEmail . $matches[3] ?? ''; } /** diff --git a/Resources/Private/Fusion/Prototype/MailObfuscator.fusion b/Resources/Private/Fusion/Prototype/MailObfuscator.fusion index 2cfc56d..005ef47 100644 --- a/Resources/Private/Fusion/Prototype/MailObfuscator.fusion +++ b/Resources/Private/Fusion/Prototype/MailObfuscator.fusion @@ -18,7 +18,7 @@ prototype(Networkteam.Neos:MailObfuscator) { @class = 'Networkteam\\Neos\\MailObfuscator\\Fusion\\ConvertEmailLinksImplementation' patternMailTo = '/(href=")mailto:([^"]*)/' - patternMailDisplay = '/(href="mailto:[^>]*>)([^<]*)/' + patternMailDisplay = '|(href="mailto:[^>]*>)(.*)(<\/a>)|' value = ${value} node = ${node} diff --git a/Tests/Unit/Fusion/ConvertEmailLinksImplementationTest.php b/Tests/Unit/Fusion/ConvertEmailLinksImplementationTest.php index 7d483eb..1218eec 100644 --- a/Tests/Unit/Fusion/ConvertEmailLinksImplementationTest.php +++ b/Tests/Unit/Fusion/ConvertEmailLinksImplementationTest.php @@ -77,7 +77,7 @@ public function emailsAreConverted($rawText, $expectedText) ->will($this->returnValueMap([ ['value', $rawText], ['patternMailTo', '/(href=")mailto:([^"]*)/'], - ['patternMailDisplay', '/(href="mailto:[^>]*>)([^<]*)/'] + ['patternMailDisplay', '|(href="mailto:[^>]*>)(.*)(<\/a>)|'] ])); $actualResult = $this->convertEmailLinks->evaluate(); @@ -87,8 +87,8 @@ public function emailsAreConverted($rawText, $expectedText) public function emailTexts(): array { - $htmlEncodedDecryptionString = htmlspecialchars('javascript:linkTo_UnCryptMailto(\'ithiOtmpbeat-rdb\', -15)'); - $htmlEncodedSecondDecryptionString = htmlspecialchars('javascript:linkTo_UnCryptMailto(\'uddqpgOtmpbeat-rdb\', -15)'); + $htmlEncodedDecryptionString = htmlspecialchars('javascript:linkTo_UnCryptMailto(\'ithiOtmpbeat-rdb\',-15)', ENT_NOQUOTES); + $htmlEncodedSecondDecryptionString = htmlspecialchars('javascript:linkTo_UnCryptMailto(\'uddqpgOtmpbeat-rdb\',-15)', ENT_NOQUOTES); return [ 'just some text not to touch' => [ @@ -114,6 +114,14 @@ public function emailTexts(): array 'email address with attributes after href' => [ 'Email test@example.com', 'Email test (at) example.com' + ], + 'email address enclosed by HTML tag' => [ + 'Email test@example.com', + 'Email test (at) example.com' + ], + 'email address in link tag enclosed by multiple styling tags' => [ + 'Email test@example.com', + 'Email test (at) example.com' ] ]; } From a8bb88978fbfbd73fc9db93893da4de6301e8f80 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kai=20M=C3=B6ller?= Date: Wed, 30 Oct 2024 16:18:30 +0100 Subject: [PATCH 2/2] fix: update mail display pattern to match --- Resources/Private/Fusion/Prototype/MailObfuscator.fusion | 2 +- Tests/Unit/Fusion/ConvertEmailLinksImplementationTest.php | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Resources/Private/Fusion/Prototype/MailObfuscator.fusion b/Resources/Private/Fusion/Prototype/MailObfuscator.fusion index 005ef47..74b789b 100644 --- a/Resources/Private/Fusion/Prototype/MailObfuscator.fusion +++ b/Resources/Private/Fusion/Prototype/MailObfuscator.fusion @@ -18,7 +18,7 @@ prototype(Networkteam.Neos:MailObfuscator) { @class = 'Networkteam\\Neos\\MailObfuscator\\Fusion\\ConvertEmailLinksImplementation' patternMailTo = '/(href=")mailto:([^"]*)/' - patternMailDisplay = '|(href="mailto:[^>]*>)(.*)(<\/a>)|' + patternMailDisplay = '|(href="mailto:[^>]*>)(.*?)(<\/a>)|' value = ${value} node = ${node} diff --git a/Tests/Unit/Fusion/ConvertEmailLinksImplementationTest.php b/Tests/Unit/Fusion/ConvertEmailLinksImplementationTest.php index 1218eec..4c987dc 100644 --- a/Tests/Unit/Fusion/ConvertEmailLinksImplementationTest.php +++ b/Tests/Unit/Fusion/ConvertEmailLinksImplementationTest.php @@ -77,14 +77,14 @@ public function emailsAreConverted($rawText, $expectedText) ->will($this->returnValueMap([ ['value', $rawText], ['patternMailTo', '/(href=")mailto:([^"]*)/'], - ['patternMailDisplay', '|(href="mailto:[^>]*>)(.*)(<\/a>)|'] + ['patternMailDisplay', '|(href="mailto:[^>]*>)(.*?)(<\/a>)|'] ])); $actualResult = $this->convertEmailLinks->evaluate(); $this->assertSame($expectedText, $actualResult); } - public function emailTexts(): array + static public function emailTexts(): array { $htmlEncodedDecryptionString = htmlspecialchars('javascript:linkTo_UnCryptMailto(\'ithiOtmpbeat-rdb\',-15)', ENT_NOQUOTES);