Best way to customize custom fields with a third party plugin?

This topic contains 5 replies, has 4 voices, and was last updated by  Brigitte 5 years, 6 months ago.

We have moved to a support ticketing system and our forums are now closed.

Open Support Ticket
  • Author
    Posts
  • #486358

    Brigitte
    Expired Member
    Post count: 235

    Hello, I want to secure ALL e-mails and phone numbers on my directory. I use for this a third party plugin that offers me to encrypt these informations (JS encrypt).

    I have the choice to use 4 different methods with this plugin.

    1) Using a shortcode:

    [eeb_content][email protected][/eeb_content]

    2) Using a function template:

    
    
    <?php
    if (function_exists('eeb_content')) {
        echo eeb_content('Encode this text');
    }
    ?>

    3) Using a hook action:

    
    
    <?php
    add_action('eeb_ready', 'extra_encode_filters');
    function extra_encode_filters($eeb_object) {
        add_filter('some_filter', array($eeb_object, 'callback_filter'));
    }
    ?>

    4) Using regular expressions:

    
    
    <?php
    add_filter('eeb_email_regexp', 'change_email_regexp');
    function change_email_regexp($regexp) {
        return '-your regular expression-';
    }
    ?>

    I do not ask you how to do it because it does not concern you (third plugin), but rather what is the best of the 4 methods to use with GeoDirectory?

    I found on the forum a function to activate shortcodes in all custom fields, but apparently it is not safe.

    Thank you.

    #486455

    Paolo
    Site Admin
    Post count: 31206

    Hi,

    I asked to Stiofan to let us know.

    Thanks

    #486501

    Brigitte
    Expired Member
    Post count: 235

    Thank you very much Paolo.

    #486505

    Alex Rollin
    Moderator
    Post count: 27815

    Remove the fields you want to secure from the tabs and all values for “Show in extra output locations” then add them back to the details page template using shortcodes (GD Post Meta) and wrap them in your shortcode function.

    Let us know how it goes.

    #486609

    Stiofan O’Connor
    Site Admin
    Post count: 22956

    Hi Adrien,

    For emails we already have basic JS obfuscation.

    Every custom field has a filter to be able to override the content, the email one is here: https://github.com/AyeCode/geodirectory/blob/master/includes/custom-fields/output-functions.php#L1333

    (not tested but this would prob be how i would do it:

    /**
     * Get the html output for the custom field: email
     *
     * @param string $html The html to be filtered.
     * @param string $location The location to output the html.
     * @param array $cf The custom field array details.
     * @param string $output The output string that tells us what to output.
     * @since 2.0.0 $output param added.
     * @since 1.6.6
     *
     * @return string The html to output for the custom field.
     */
    function _my_custom_geodir_cf_email($html,$location,$cf,$p='',$output=''){
    
        // check we have the post value
        if(is_numeric($p)){$gd_post = geodir_get_post_info($p);}
        else{ global $gd_post;}
    
        if(!is_array($cf) && $cf!=''){
            $cf = geodir_get_field_infoby('htmlvar_name', $cf, $gd_post->post_type);
            if(!$cf){return NULL;}
        }
    
        // Block demo content
        if( geodir_is_block_demo() ){
            $gd_post->{$cf['htmlvar_name']} = '[email protected]';
        }
    
        $html_var = $cf['htmlvar_name'];
    
        // Check if there is a location specific filter.
        if(has_filter("geodir_custom_field_output_email_loc_{$location}")){
            /**
             * Filter the email html by location.
             *
             * @param string $html The html to filter.
             * @param array $cf The custom field array.
             * @param string $output The output string that tells us what to output.
             * @since 2.0.0 $output param added.
             * @since 1.6.6
             */
            $html = apply_filters("geodir_custom_field_output_email_loc_{$location}",$html,$cf,$output);
        }
    
        // Check if there is a custom field specific filter.
        if(has_filter("geodir_custom_field_output_email_var_{$html_var}")){
            /**
             * Filter the email html by individual custom field.
             *
             * @param string $html The html to filter.
             * @param string $location The location to output the html.
             * @param array $cf The custom field array.
             * @param string $output The output string that tells us what to output.
             * @since 2.0.0 $output param added.
             * @since 1.6.6
             */
            $html = apply_filters("geodir_custom_field_output_email_var_{$html_var}",$html,$location,$cf,$output);
        }
    
        // Check if there is a custom field key specific filter.
        if(has_filter("geodir_custom_field_output_email_key_{$cf['field_type_key']}")){
            /**
             * Filter the email html by field type key.
             *
             * @param string $html The html to filter.
             * @param string $location The location to output the html.
             * @param array $cf The custom field array.
             * @param string $output The output string that tells us what to output.
             * @since 2.0.0 $output param added.
             * @since 1.6.6
             */
            $html = apply_filters("geodir_custom_field_output_email_key_{$cf['field_type_key']}",$html,$location,$cf,$output);
        }
    
        // If not html then we run the standard output.
        if(empty($html)){
    
            global $preview;
            if ($cf['htmlvar_name'] == 'geodir_email' && !(geodir_is_page('detail'))) {
                return ''; // Remove Send Enquiry from listings page
            }
    
    
            if ($gd_post->{$cf['htmlvar_name']}) {
    
                $field_icon = geodir_field_icon_proccess($cf);
                $output = geodir_field_output_process($output);
                if (strpos($field_icon, 'http') !== false) {
                    $field_icon_af = '';
                } elseif ($field_icon == '') {
                    $field_icon_af = '';
                } else {
                    $field_icon_af = $field_icon;
                    $field_icon = '';
                }
    
                $is_elementor_preview = class_exists( 'GeoDir_Elementor' ) && GeoDir_Elementor::is_elementor_view() ? true : false; // Check if elementor preview
                $email = $gd_post->{$cf['htmlvar_name']} ;
                $value = '';
                if ( ! empty( $email ) && ( $email != '[email protected]' ) && ( $e_split = explode( '@', $email ) ) && ! defined( 'REST_REQUEST' ) && ! $is_elementor_preview ){
               $value .= eeb_email($email,"Mail me");   
    } elseif ( ! empty( $email ) && ( ( defined( 'REST_REQUEST' ) && REST_REQUEST ) || $is_elementor_preview ) ) {
                    $value .= "$email";
                } else {
                    $value .= $email;
                }
    
                $html = '';
            }
    
    
    
        }
    
        return $html;
    }
    add_filter('geodir_custom_field_output_email','_my_custom_geodir_cf_email',11,5);

    Stiofan

    #486849

    Brigitte
    Expired Member
    Post count: 235

    You’re right Stiofan, it’s better to use the GeoDirectory feature rather than a third-party plugin for this type of use. But I did not understand the code that you copied me is not integrated with GeoDirectory? Should I add it in functions.php?

    Today the stats are undeniable: the biggest sources of spam are E-MAILS & PHONES NUMBER. Would it be possible to also protect the custom field related to the phone?

    Moreover, there are now 3 types of protection for these 2 sensitive datas (email & phone):

    1) JS Rot13 – The SAFEST method using a rot13 method in JavaScript.
    2) JS Escape – Pretty safe method using JavaScipt’s escape function
    3) Html Encode – Not recommended, equal to antispambot() function of WordPress

    Any chance one day that GeoDirectory v2 users can protect this data with option 1 or 2?

    It should not be forgotten that directories are the major target of scraper robots. For example in France the largest national directories obviously protect all these 2 data.

Viewing 6 posts - 1 through 6 (of 6 total)

We have moved to a support ticketing system and our forums are now closed.

Open Support Ticket
20% Discount Offer
Hurry! Get your 20% discount before it expires. Get 20% Discount