eeb_mailto() ignores method saved in site config

  • icydog

    (@icydog)


    2 years, 3 months ago

    Repro steps:

    1. In the WP plugin config, set the “method” to one of:
    * automatically the best method (including javascript)
    * automatically the best method (excluding javascript)
    * a strong method that replaces all emails with a “*protection text*”.`

    2. In a PHP file somewhere, call echo eeb_mailto('example@example.com')

    Expected results:
    Email address is obfuscated using the configuration saved in the site config.

    Actual results:
    Email address is always HTML-encoded only (no Javascript).

    Reason:
    In template-tags.php, the function eeb_mailto switches on the $method parameter. If this parameter is not present, it defaults to HTML encoding. It doesn’t ever try to look at what is saved in the site config.

    I am not sure if this is a supported use case; readme.txt suggests that eeb_mailto() is intended for the end user to use, and if so, this is surprising behavior to me.

Viewing 5 replies - 1 through 5 (of 5 total)
  • Thread Starter icydog

    (@icydog)

    2 years, 3 months ago

    Also, passing in method='rot13' kind of makes this work, but the email is echoed verbatim in the <noscript> tag, which I reported in v2.0.1 and seems to have come back at some point.

    https://wordpress.org/support/topic/v2-0-1-eeb_mailto-doesnt-actually-protect-email/

    Plugin Author Ironikus

    (@ironikus)

    2 years, 2 months ago

    Hey @icydog – I’ve just added the support for the default methods – if you don’t define anything, they’re now prepared for delivery.
    Feel free to reach out again in case you have any further questions.

    Thread Starter icydog

    (@icydog)

    2 years, 2 months ago

    @ironikus Thank you for the response. I’ve tried out v2.1.3 and it is still broken:

    If I set the site-wide config to “automatically the best method (including javascript)” then the output of eeb_mailto('hello@example.com') includes <noscript>hello@example.com</noscript> without obfuscation.

    If I set the config to “a strong method that replaces all emails with a “*protection text*”.” then the output is <a href="mailto:*protected email*" class="mail-link">*protected email*</a>.

    If I call eeb_mailto('hello@example.com', null, '', 'rot13') then, again, the email address is echoed verbatim in the noscript tag.

    Thread Starter icydog

    (@icydog)

    2 years ago

    @ironikus Any chance this software is still maintained?

    Plugin Author Ironikus

    (@ironikus)

    2 years ago

    Hey @icydog – Thanks for your message. Yes, we still intend to maintain it. I will make sure to take a look at it after our new release for WP Webhooks.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘eeb_mailto() ignores method saved in site config’ is closed to new replies.