[#8039] - email cloaking kills email value of input field
- Closed
- 4 Aug 2016
- Medium
- Build: staging
- Easy Test
- # 8039
- Diff
- xsability:staging
- Success continuous-integration/travis-ci/pr The Travis CI build passed Details
- Pending JTracker/HumanTestResults Human Test Results: 4 Successful 2 Failed. Details
User tests: Successful: Unsuccessful:
Solved issue from #5080
The issue:
The plugin kills the email value of an input field, when ohter inputs of the form don't validate.
Expected result
Defect result
<input value="
The solution:
The issue are solved in 4 steps:
1. Before the e-mail cloaker comes into action, all form, script, image, picture and noemailcloak tags will be extracted from the content.
2. Extracted elements with numbered placeholders like {{##formelement_0##}}, {{##formelement_1##}} ... {{##formelement_n##}} are replaced.
3. The e-mail cloaker comes into action.
4. Eventually, the numbered placeholders with the extracted elements in step 1 are replaced.
The file of the e-mail cloaker is located at: ./plugins/content/emailcloak/emailcloak.php . The function wich extracted the formelements calls _extractFormElements() And the function which inserts the extracted elements into the content calls _insertFormElements()
How to test:
Create a new Content. Put in the Content an input-field with value=’email@example.org’ attribute like:
And Save this Content. Then navigate to the Content like a visitor.
With the old emailcloaker, the emailcloaker will distroy the html-structure.
Then load the pull request and opend the same Content.
Expected Result after solution:
The html-structure is still correct. The email in the input-field is shown.
Worked as a group on that issue: @icampus, @FPerisa, @flow87 and @kathastaden
| Status | New | ⇒ | Pending |
joomla-cms-bot
- | Labels |
Added:
?
|
||
| Easy | No | ⇒ | Yes |
| Category | ⇒ | Plugins |
Hi, Thank you for your Comment. Look, the problems that can occure aren't only with input, select or textarea fields. The mainproblem is, that where ever your use a string, that look like an emailadress it can distroy the html or javascript structure.
For example:
cat@table.gif is a valid filename. But for the emailcloaker it look like a emailadress. For this reason, i think, that we fix the obvious bugs at first, as input fields, select boxes, textareas, pictures, script tags etc. In addition, a user should be given the opportunity to define content sections on his own, as we are not aware of all pontential errors yet. For this purpose, the tag {noemailcloak}...{/noemailcloak} is defined. Within this tag, the cloaking functionality will be turned off.
I have tried to get the code lightweight so that the code hasn't a impact on the performance. I work with regex only for extracting the riski parts. The replace is always with str_replace.
Kind regards
sorry I tried to write an img-tag, but the System has rendert it. here is the example again [without <>]:
img src='cat@table.gif'
I thought we already had the ability to turn cloaking off
Yes, you can turn off the emailcloak functionality for the hole content, but not for only a section.
@xsability I understand your arguments, but I would stay with simple solution that we already have,
mean the ability to turn off the cloaking for whole content
For the emailcloaker community member has opend 2 Issues:
#5080 http://issues.joomla.org/tracker/joomla-cms/5080
#4995 http://issues.joomla.org/tracker/joomla-cms/4995
We have now a working solution, that solves booth issues at once and
prevents other possible issues in that context. Why we shouldn't use it?
Even it hasn't a impact on the performance...
I have tested this item 
successfully on 4deec3a
This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/8039.
@designbengel Thank you for testing.
I have tested this item 
unsuccessfully on 4deec3a
@test unsuccessful here when mail on image:
for
<p> <a href="mailto:myname@gmail.com"><img src="images/sampledata/fruitshop/bananas_2.jpg" alt="" /></a></p>
I get on frontend:
This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/8039.
I have tested this item successfully on 4deec3a
@test on 3.5.0 beta. ii applied the patch, the result was exact the same as described the issue.
This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/8039.
I have tested this item successfully on 4deec3a
I edited an article as described in the test method.
Results before and after implementing the patch gave the expected results.
This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/8039.
I have tested this item successfully on 4deec3a
Test was successfully
This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/8039.
@LourensH , @w13ear , @FeikeMulder, @infograf768, thank you for testing.
@infograf768 this error ouccurs, because the e-mail-address String is within the a-tag. I don't classify a-tags as risky, because i think the email-cloaker allready is checking for this. If the string, that look like an emailadress is placing within the img-tag, then this hopefully doesn't occurs. This is the issue that I solved.
@xsability
The issue is that adding a mail link to an image using TinyMce Link icon adds the mail in an <a tag as I posted above.
| Category | Plugins | ⇒ | Fields Plugins |
I share @Fedik option, that this may be too much.
What I suggest is checking in last pattern check if email address is wrapped in value="email@address.com"
So I've tried with regex lookarounds and changed
// Search for plain text email@example.org
$pattern = '~' . $searchEmail . '([^a-z0-9]|$)~i';into
// Search for plain text email@example.org
$pattern = '~(?<!value=")' . $searchEmail . '(?!")([^a-z0-9]|$)~i';But that didn't work properly.
Then I had an idea to check preceding and forthcoming strings inside the while loop but everytime i used continue, next preg_match call found same matches so I just created an infinitive loop.
Quick workaround is to add <!--{emailcloak=off}--> code to the output, but this disables email cloak plugin for whole content.
I think we need a regex ninja here.
I have tested this item unsuccessfully on 4deec3a
issue raised by @infograf768 still present.
This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/8039.
@Wolf-Rost Can you please check the issue raised by @infograf768 ?
This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/8039.
| Status | Pending | ⇒ | Information Required |
Hey guys I have two questions concerning this PR since I was trying to fix the occuring error for this PR:
1. Doesnt PR #11353 fix the orignal issue anyway?
2. The error that is described by @infograf768 appears on my staging version anyway and I wanted to ask if its the same for anyone else? If so this seems like another issue entirely and not caused by this fix specifically.
Also what is the point of converting the "mailtext" to the htmlentities (as seen in in the JHtmlEmail class L63)?
| Category | Plugins Fields | ⇒ | Plugins Front End Fields |
| Status | Information Required | ⇒ | Closed |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2016-08-04 21:24:37 |
| Closed_By | ⇒ | wilsonge |
great work,
but I will be honest: this is the overload, just for fix the email issue, from my point of view