diff options
author | Eric Wong <e@80x24.org> | 2018-01-16 05:08:22 +0000 |
---|---|---|
committer | Eric Wong <e@80x24.org> | 2018-01-16 05:11:09 +0000 |
commit | 24a309bd1221a24ac673ece463f765f7a92921ff (patch) | |
tree | 22b7f973f5c119cb758c94b7baeffac70b827885 /lib | |
parent | 956ede734d7c2e8d0a3003c6e2d554114586643e (diff) | |
download | public-inbox-24a309bd1221a24ac673ece463f765f7a92921ff.tar.gz |
Obfuscating username portions of the email address leads to having subsequent parts of the address not being obfuscated; which could mean we show someone else's email entirely. In other words, obfuscating "john.doe@example.com" becomes might mean "doe@example.com" is picked up by scanners. In other news, email address obfuscation is still a horrible usability issue and only exists to appease misguided people.
Diffstat (limited to 'lib')
-rw-r--r-- | lib/PublicInbox/Hval.pm | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/lib/PublicInbox/Hval.pm b/lib/PublicInbox/Hval.pm index 00a923ea..0e199025 100644 --- a/lib/PublicInbox/Hval.pm +++ b/lib/PublicInbox/Hval.pm @@ -95,13 +95,13 @@ sub obfuscate_addrs ($$) { my $ibx = $_[0]; my $re = $ibx->{-no_obfuscate_re}; # regex of domains my $addrs = $ibx->{-no_obfuscate}; # { adddress => 1 } - $_[1] =~ s/([\w\.\+=\-]+\@([\w\-]+\.[\w\.\-]+))/ - my ($addr, $domain) = ($1, $2); + $_[1] =~ s/(([\w\.\+=\-]+)\@([\w\-]+\.[\w\.\-]+))/ + my ($addr, $user, $domain) = ($1, $2, $3); if ($addrs->{$addr} || ((defined $re && $domain =~ $re))) { $addr; } else { - $addr =~ s!([^\.]+)\.!$1•!; - $addr + $domain =~ s!([^\.]+)\.!$1•!; + $user . '@' . $domain } /sge; } |