SpamSpan doesn't manage existing links such as Name Surname.
So, I modified these two function in spamspan.module:

function spamspan_callback($matches) {
    // Replace .'s in domain part with [dot]
    global $spamspan_format;
    $domain = str_replace("."," [dot] ", $matches[2]);
    if (strpos($matches[3], "@") === false) {
        $t=' (<span class="t">' . $matches[3] . '</span>)';
    } else {$t="";}
    return '<span class="spamspan"><span class="' . variable_get('spamspan_userclass_'.$spamspan_format, 'u') . '">' . 
        $matches[1] . '</span>' . variable_get('spamspan_at_'.$spamspan_format, ' [at] ') . '<span class="' . 
        variable_get('spamspan_domainclass_'.$spamspan_format, 'd') . '">' . $domain . "</span>$t</span>";
function spamspan ($string, $format) {
  /*  We are aiming for code like this:
   <span class="spamspan">
      <span class="u">user</span>  [at]  
      <span class="d">example [dot] com</span>
      (<span class="t">Name Surname</span>)
   </span>
  */

  $GLOBALS['spamspan_format'] = $format;

  $pattern = '!(?:<a href="mailto:)([^@]+)@([^"]+)">(.*?)</a>!i';
  return preg_replace_callback($pattern, 'spamspan_callback', $string);
}

Since I use the spamspan filter after URL filter, simple email address (as user@example.com) are already converted into links (as user@example.com) when spamfilter come in action. This way, the pattern I can use is much more simple ;-)

Comments

njehlen’s picture

I'm getting an "unexpected $" error when I try this code - can you post as a patch? thanks!

njehlen’s picture

Title: Management of mailto: links » fixing the function

The first function needs a " } " to close it - after adding that it works fine. Thanks!

ednique’s picture

I had a similar problem where I use the tinyMCE...
the email addresses sometimes weren't filtered when other tags then -p- surrounded the email...

This solution also fixed it...

Thanx!

cvining’s picture

I use mailhandler to post emails to my website and many emails contain options in the tags of the form:

<a class="classdesc" href="mailto:user@domain">user@domain</a>

AFAIK neither of the previous spamspan versions handle this case. So I've been trying the following code to handle options like this. As with the above approach, I enable URL filtering before spamspan so all emails should be links already.

function spamspan_callback($matches) {
    // Replace .'s in domain part with [dot]
    global $spamspan_format;
    $domain = str_replace("."," [dot] ", $matches[3]);
    if (strpos($matches[4], "@") === false) {
        $t=' (<span class="t">' . $matches[4] . '</span>)';
    } else {$t="";}
    return '<span class="spamspan"><span class="' . variable_get('spamspan_userclass_'.$spamspan_format, 'u') . '">' . 
        $matches[2] . '</span>' . variable_get('spamspan_at_'.$spamspan_format, ' [at] ') . '<span class="' . 
        variable_get('spamspan_domainclass_'.$spamspan_format, 'd') . '">' . $domain . "</span>$t</span>";
  }


function spamspan ($string, $format) {
  /*  We are aiming for code like this:
   <span class="spamspan">
      <span class="u">user</span>  [at] 
      <span class="d">example [dot] com</span>
      (<span class="t">Name Surname</span>)
   </span>
  */

  $GLOBALS['spamspan_format'] = $format;

  $pattern = '!(?:<a )(.*?)(?:href="mailto:)([^@]+)@([^"]+)">(.*?)</a>!i';
//  $pattern = '!(?:<a href="mailto:)([^@]+)@([^"]+)">(.*?)</a>!i';
  return preg_replace_callback($pattern, 'spamspan_callback', $string);
}

I'd particularly appreciate comments from regex gurus on this.

- Thx, Cronin

Lil Devil’s picture

It would be nice if both of the original way AND the

Lil Devil’s picture

Dang. My previous note got truncated for some reason. I was trying to say it would be nice if both of the original way AND the "a href" way could both work at the same time. When creating content for my personal site, I use "a href" so the visible text of the link can be something like "email me" but when visitors post comments they will typically just type inline addresses with no tags. It would be nice if both get converted.

lucky a’s picture

Applying the patch worked for me too. Btw, without it e-mails propagated to comment titles and "latest comments" block would not obfuscated, so I thinks this fix is essential and should be included in the next release of the module.

I have a question, though. How do I go about filtering the e-mails in the content that existed before I installed this module? I.e. is there any way to do this retrospectively?

lakka’s picture

Assigned: Unassigned » lakka
Status: Active » Closed (won't fix)

Thanks for the patches and comments. But at the moment, this seems to me to defeat the point of spamspan. The idea is that the javascript will turn text of the form "email [at] domain [dot] com" into clickable links, so that (1) spambots will find it harder to pick up on the original text; and (2) a user with javascript disabled will still be able to understand the email address. This is why spamspan differs from the other obfuscation solutions available

If you are running another filter (or eg TinyMCE) which turns the addresses into mailto tags before spamspan runs, then (1) your html source will contain an email address which a spambot will be able to see; or (2) (if the address is obfuscated by that other filter) a user with javascript disabled will not be able to see the address. In either case, I cannot see the point of running spamspan.

I may well be missing the point here, so feel free to talk me into it!

roczei’s picture

Title: fixing the function » fixing the function - spamspan.js / spamspan.copmressed.js
Assigned: lakka » roczei
Category: feature » bug
Priority: Normal » Critical
Status: Closed (won't fix) » Patch (to be ported)

Here is a bug in the spamspan.js file, the patch is here:

28c28
< var _anchorText = $("span." + Drupal.settings.spamspan.t, this).text();
---
> var _anchorText = $("span" + Drupal.settings.spamspan.t, this).text();

There was a missing point after the span field therefore the e-mail owner name was NULL!
This bug is similar in the spamspan.compressed.js:

1c1
< if(Drupal.jsEnabled){$(function(){$("span."+Drupal.settings.spamspan.m).each(function(_1){var _2=($("span."+Drupal.settings.spamspan.u,this).text()+"@"+$("span."+Drupal.settings.spamspan.d,this).text()).replace(/\s+/g,"").replace(/[\[\(\{]?[dD][oO0][tT][\}\)\]]?/g,".");var _3=$("span"+Drupal.settings.spamspan.t,this).text();$(this).after($("").attr("href","mailto:"+_2).html(_3?_3:_2).addClass("spamspan")).remove();});});}
\ No newline at end of file
---
> if(Drupal.jsEnabled){$(function(){$("span."+Drupal.settings.spamspan.m).each(function(_1){var _2=($("span."+Drupal.settings.spamspan.u,this).text()+"@"+$("span."+Drupal.settings.spamspan.d,this).text()).replace(/\s+/g,"").replace(/[\[\(\{]?[dD][oO0][tT][\}\)\]]?/g,".");var _3=$("span."+Drupal.settings.spamspan.t,this).text();$(this).after($("").attr("href","mailto:"+_2).html(_3?_3:_2).addClass("spamspan")).remove();});});}

lakka’s picture

Version: 4.7.x-1.x-dev » 5.x-1.0
Priority: Critical » Normal
Status: Patch (to be ported) » Fixed

This last comment now fixed.

emdalton’s picture

What I'd like to see is for spamspan to correct cases where someone has left the URL filter before spamspan or has pasted a mailto link into a page. In other words, I would like the filter to correctly get rid of existing a/mailto tags and convert them to spamspan markup. I can't seem to keep my users from pasting in these mailto links, and I want to protect the email addresses when they do.

I don't know if this patch is supposed to have done that, but after I recently updated SpamSpan (to the May 22 release), it actually seems to be creating weird half-formatted links:

<a href="mailto:user@server.domain.edu">user@server.domain.edu</a>
becomes
Email: user [at] server [dot] domain [dot] edu">user@server.domain.edu
with a link pointing to
mailto: <span class=

Perhaps this is because of the server.domain.edu format, but could this be fixed?

lakka’s picture

Assigned: roczei » lakka

Fixed this latest comment in v 1.2

(please open a new report for each bug - the title of this thread has become a little inaccurate! ;-)

Anonymous’s picture

Status: Fixed » Closed (fixed)