What steps will reproduce the problem?
1. Open http://www.stmaustin.org/contacts.shtm
2. Scroll down to Pastoral Advisory Council
3. Click on chairperson's name, Catherine Harkness
4. Respond to reCaptcha challenge. Note that it always rechallenges.
5. Try other names. Most work.
What is the expected output? What do you see instead?
I expect the email address for Catherine to be revealed, but the mailhide
window continues to challenge. Other instances using the same key and encoding
program work fine. I tried re-encoding her email address and it produces the
same encoding.
What version of the product are you using? On what operating system?
See the nospam.js script on that page for how mailhide is invoked. Website is
hosted on Linux (CentOS I think) using Apache.
Please provide any additional information below.
I determined that all email addresses that are modulo 16 characters fail. I
tried adding 16 padding characters to the address but that still fails.
My code that produces the encoding is:
use constant PRIVKEY => [confidential];
sub encodemail {
my $addr = shift;
my $addrlen = length($addr);
my $padlen = int(($addrlen + 15) / 16) * 16;
$addr .= chr(16 - $addrlen % 16) x ($padlen - $addrlen)
if $addrlen < $padlen;
my $crypt = Crypt::Rijndael->new(pack('H*', PRIVKEY),
Crypt::Rijndael::MODE_CBC);
$crypt->set_iv("\0" x 16);
my $encoded = encode_base64($crypt->encrypt($addr), '');
$encoded =~ tr{+/}{-_};
return $encoded;
}
Original issue reported on code.google.com by webmas...@stmaustin.org on 11 Jan 2012 at 10:45
Original issue reported on code.google.com by
webmas...@stmaustin.orgon 11 Jan 2012 at 10:45