From kde-core-devel Sun Jan 25 21:53:25 2009 From: Daniel Molkentin Date: Sun, 25 Jan 2009 21:53:25 +0000 To: kde-core-devel Subject: Re: email obfuscation on mediawiki Message-Id: <200901252253.26808.daniel () molkentin ! de> X-MARC-Message: https://marc.info/?l=kde-core-devel&m=123292045726203 Hi, Am Sonntag 25 Januar 2009 schrieb Andre Gemünd: > imho the problem is the htmlspecialchars() call on $email_prefix . > $email. this replaces the ampersands of the ascii codes with &, so > the browser doesn't recognize it. If I replace all "&" with & it works. > I don't know RFC 5322 well, but as we are replacing every character > inside both the prefix and mail with ascii codes there should be no > offending characters in the string. > You could try replacing the > > . htmlspecialchars($email_prefix . $email) . > with just > . $email_prefix . $email . You are right, that works. Just to be on the safe side, I changed to code to call htmlspecialchars() on the unprocessed strings (i.e. before the obfuscation). Cheers, Daniel