filter.module caches strings passed through check_markup() by default, so nodes or custom blocks with emails in them will have their markup cached. This means that if that node body or block is displayed on a page that includes other email addresses formatted by invisimail (such as Views), the $counter variable may cause sha1() to generate the same ID twice causing an incorrect substitution.

I can reproduce this reliably by configuring the 'Full HTML' input format to use invisimail's JavaScript replacement filter and then creating a custom block (Full HTML) with an email address in it. Configure that block to appear above the content region on a Views page that also includes some invisimail-formatted email addresses. The first time this page loads all emails are substituted correctly because invisimail_encoder_js_entities_encode() was called both the block and each field in the Views. However on subsequent page views, check_markup() will have cached the result of invisimail_encoder_js_entities_encode() so it effectively always uses $counter = 1, but the Views isn't aware of this and it will also output the first field with $counter = 1 resulting in a HTML ID collision. Thus the email from the first Views field is placed in to the block.

CommentFileSizeAuthor
#1 invisimail-check_markup-caching-id-collisions-1628032-1.patch1.4 KBstewart.adam
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

stewart.adam’s picture

stewart.adam CreditAttribution: stewart.adam commented
Status: Active » Needs review
FileSize
invisimail-check_markup-caching-id-collisions-1628032-1.patch1.4 KB

Attached patched attach corrects this behaviour without breaking caching by hashing the plaintext email address instead of the counter, guaranteeing a unique hash even with caching. It also uses jQuery with CSS classes instead of IDs so that if the same email is included on the page multiple times, all will be replaced at once even if caching is enabled.

jackbravo’s picture

jackbravo CreditAttribution: jackbravo commented
Status: Needs review » Reviewed & tested by the community

This works fine for me.

dualcorpse’s picture

dualcorpse CreditAttribution: dualcorpse commented
Issue summary: View changes
Status: Reviewed & tested by the community » Patch (to be ported)

Hello there, don't know if this is the correct way to proceed (changing this issue's status), but I just ran into that same issue 3 years after this patch was released but obviously never added to the module's last version.

I think this simple and effective patch should be included in the module by now, right ?

Thanks for this patch btw.

pjcdawkins’s picture

pjcdawkins CreditAttribution: pjcdawkins commented
Status: Patch (to be ported) » Reviewed & tested by the community

Hi @dualcorpse - the "Reviewed and tested by the community" status (RTBC) is what indicates there is a patch that has been reviewed, and should be committed. See https://www.drupal.org/node/156119

fenstrat’s picture

fenstrat
he/him
Primary language English
Location Australia
CreditAttribution: fenstrat commented

Also confirming that #1 is RTBC.