filter.module caches strings passed through check_markup() by default, so nodes or custom blocks with emails in them will have their markup cached. This means that if that node body or block is displayed on a page that includes other email addresses formatted by invisimail (such as Views), the $counter variable may cause sha1() to generate the same ID twice causing an incorrect substitution.
I can reproduce this reliably by configuring the 'Full HTML' input format to use invisimail's JavaScript replacement filter and then creating a custom block (Full HTML) with an email address in it. Configure that block to appear above the content region on a Views page that also includes some invisimail-formatted email addresses. The first time this page loads all emails are substituted correctly because invisimail_encoder_js_entities_encode() was called both the block and each field in the Views. However on subsequent page views, check_markup() will have cached the result of invisimail_encoder_js_entities_encode() so it effectively always uses $counter = 1, but the Views isn't aware of this and it will also output the first field with $counter = 1 resulting in a HTML ID collision. Thus the email from the first Views field is placed in to the block.
Comment | File | Size | Author |
---|---|---|---|
#1 | invisimail-check_markup-caching-id-collisions-1628032-1.patch | 1.4 KB | stewart.adam |
Comments
Comment #1
stewart.adam CreditAttribution: stewart.adam commentedAttached patched attach corrects this behaviour without breaking caching by hashing the plaintext email address instead of the counter, guaranteeing a unique hash even with caching. It also uses jQuery with CSS classes instead of IDs so that if the same email is included on the page multiple times, all will be replaced at once even if caching is enabled.
Comment #2
jackbravo CreditAttribution: jackbravo commentedThis works fine for me.
Comment #3
dualcorpse CreditAttribution: dualcorpse commentedHello there, don't know if this is the correct way to proceed (changing this issue's status), but I just ran into that same issue 3 years after this patch was released but obviously never added to the module's last version.
I think this simple and effective patch should be included in the module by now, right ?
Thanks for this patch btw.
Comment #4
pjcdawkins CreditAttribution: pjcdawkins commentedHi @dualcorpse - the "Reviewed and tested by the community" status (RTBC) is what indicates there is a patch that has been reviewed, and should be committed. See https://www.drupal.org/node/156119
Comment #5
fenstratAlso confirming that #1 is RTBC.