Obfuscating Blacklisted Words In WordPress With ROT13
- By Agbonghama Collins
- December 11th, 2014
- 28 Comments
Countless algorithms for encrypting information exist in mechanism science. One of a obtuse famous and reduction common encryptions is ROT13, a derivative of a Caesar cypher1 encryption technique.
In this tutorial, we’ll learn about ROT13 encryption and how it works. We’ll see how calm (or strings) can be programmatically encoded in ROT13 regulating PHP. Finally, we’ll formula a WordPress plugin that scans a post for blacklisted difference and replaces any in ROT13 encryption.
If we possess a blog on that mixed authors or certain organisation of people have a payoff of edition posts, afterwards a plugin that encrypts or totally removes inapt difference competence come in handy
Before we start let’s transparent adult something about ROT13. It should never be used to encrypt supportive data. While it is deliberate an encryption technique, it is a “Hello World” instance of encryption. It can be damaged intensely simply and so is never used on information that is encrypted for confidence reasons. Since a idea isn’t to strengthen information it is to censor profanity, it will do usually excellent for a example.
Introduction
ROT13 (short for “rotate by 13 places,” infrequently shortened as ROT-13) is a elementary encryption technique for English that replaces any minute with a one 13 places brazen or behind along a alphabet. So, A becomes N, B becomes O and so on adult to M, that becomes Z. Then, a method continues during a commencement of a alphabet: N becomes A, O becomes B and so on adult to Z, that becomes M.
A vital advantage of ROT13 over other rot(N) techniques (where “N” is an integer that denotes a series of places down a alphabet in a Caesar cypher encryption) is that it is “self-inverse,” definition that a same algorithm is practical to encrypt and decrypt data.
Below is a ROT13 list for easy reference.
| A | B | C | D | E | F | G | H | we | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z
--------------------------------------------------------------------------------------------------------
| N | O | P | Q | R | S | T | U | V | W | X | Y | Z | A | B | C | D | E | F | G | H | we | J | K | L | M
If we encrypted a domain smashingmagazine.com in ROT13, a outcome would be fznfuvatzntnmvar.pbz, and a judgment “Why did a duck cranky a road?” would turn “Jul qvq gur puvpxra pebff gur ebnq?”
Note that usually letters in a alphabet are influenced by ROT13. Numbers, symbols, white space and all other characters are left unchanged.
Transforming Strings To ROT13 In PHP
PHP includes a function, str_rot13(), for converting a fibre to a ROT13-encoded value. To encode calm in ROT13 regulating this function, pass a calm as an evidence to a function.
?php
echo str_rot13('smashingmagazine.com'); // fznfuvatzntnmvar.pbz
echo str_rot13('The best web settlement and growth blog'); // Gur orfg jro qrfvta naq qrirybczrag oybt
Using ROT13 In WordPress
Armed with this knowledge, we suspicion of ways it competence be accessible in WordPress. we finished adult formulating a plugin that encodes blacklisted difference found in posts regulating ROT13.
The plugin consists of a textearea margin (located in a plugin’s settings page) in that we submit blacklisted words, that are afterwards saved to a database for after reuse in WordPress posts.
Without serve fussing, let’s start coding a plugin.
Setting Up a Plugin
First, embody a plugin’s record header2.
?php
/*
Plugin Name: Rot13 Words Blacklist
Plugin URI: http://smashingmagazine.com/
Description: A elementary plugin that detects and encrypts blacklisted difference in ROT13
Version: 1.0
Author: Agbonghama Collins
Author URI: http://w3guy.com
Text Domain: rot13
Domain Path: /lang/
License: GPL2
*/
As mentioned, a plugin will have a settings page with a textarea margin that collects and saves blacklisted difference to WordPress’ database (specifically a options table).
Below is a screenshot of what a plugin’s settings (or admin) page will demeanour like.
3Now that we know what a options page will demeanour like, let’s build it regulating WordPress’ Settings API5
Building a Settings Page
First, we emanate a submenu object in a categorical “Settings” menu by regulating add_options_page(), with a primogenitor duty bending to admin_menu action.
add_action( 'admin_menu', 'rot13_plugin_menu' );
/**
* Add submenu to categorical Settings menu
*/
function rot13_plugin_menu()
add_options_page(
__( 'Rot13 Blacklisted Words', 'rot13' ),
__( 'Rot13 Blacklisted Words', 'rot13' ),
'manage_options',
'rot13-words-blacklist',
'rot13_plugin_settings_page'
);
The fifth parameter of add_options_page() is a function’s name (rot13_plugin_settings_page), that is called to outlay a essence of a page.
Below is a formula for rot13_plugin_settings_page().
/**
* Output a essence of a settings page.
*/
function rot13_plugin_settings_page()
echo 'div class="wrap"';
echo 'h2', __( 'Rot13 Blacklisted Words', 'rot13' ), '/h2';
echo 'form action="options.php" method="post"';
do_settings_sections( 'rot13-words-blacklist' );
settings_fields( 'rot13_settings_group' );
submit_button();
Next, we supplement a new territory to a “Settings” page with add_settings_section(). The textarea margin we mentioned progressing will be combined to this territory with add_settings_field(). Finally, a settings are purebred with register_setting().
Below is a formula for add_settings_section(), add_settings_field() and register_setting().
// Add a section
add_settings_section(
'rot13_setting_section',
'',
'rot13_setting_section_callback_function',
'rot13-words-blacklist'
);
// Add a textarea margin to a section.
add_settings_field(
'blacklisted_words',
__( 'Blacklisted words', 'rot13' ),
'rot13_setting_callback_function',
'rot13-words-blacklist',
'rot13_setting_section'
);
// Register a environment so that $_POST doing is finished for us
register_setting( 'rot13_settings_group', 'rot13_plugin_option', 'sanitize_text_field' );
The 3 functions above contingency be enclosed in a duty and bending to a admin_init action, like so:
/**
* Hook a Settings API to 'admin_init' action
*/
function rot13_settings_api_init()
// Add a section
add_settings_section(
'rot13_setting_section',
'',
'rot13_setting_section_callback_function',
'rot13-words-blacklist'
);
// Add a textarea margin to a section
add_settings_field(
'blacklisted_words',
__( 'Blacklisted words', 'rot13' ),
'rot13_setting_callback_function',
'rot13-words-blacklist',
'rot13_setting_section'
);
// Register a environment so that $_POST doing is finished for us
register_setting( 'rot13_settings_group', 'rot13_plugin_option', 'sanitize_text_field' );
add_action( 'admin_init', 'rot13_settings_api_init' );
Lest we forget, here is a formula for a rot13_setting_callback_function() and rot13_setting_section_callback_function() functions, that will outlay a textarea margin and a outline of a margin (at a tip of a section), respectively.
/**
* Add a outline of a margin to a tip of a section
*/
function rot13_setting_section_callback_function()
echo 'p' . __( 'Enter a list of difference to blacklist, distant by commas (,)', 'rot13' ) . '/p';
/**
* Callback duty to outlay a textarea form field
*/
function rot13_setting_callback_function()
echo 'textarea rows="10" cols="60" name="rot13_plugin_option" class="code"' . esc_textarea( get_option( 'rot13_plugin_option' ) ) . '/textarea';
At this point, we are finished building a settings page for a plugin.
Up subsequent is removing a plugin to detect blacklisted difference and encrypt them with ROT13.
Detecting Blacklisted Words and Encrypting in ROT13
Here is an overview of how we will detect blacklisted difference in a WordPress post:
- A post’s essence are damaged down into particular difference and saved to an array (
$post_words). - The blacklisted difference that were saved by a plugin to a database are retrieved. They, too, are damaged down into particular difference and saved to an array (
$blacklisted_words). - We iterate over a
$post_wordsarrays and check for any word that is on a blacklist. - If a blacklisted word is found, afterwards
str_rot13()encodes it in ROT13.
It’s time to emanate a PHP duty (rot13_filter_post_content()) that filters a essence of a post and afterwards indeed detects blacklisted difference and encrypts them in ROT13.
Below is a formula for a post’s filter.
/**
* Encrypt any blacklisted word in ROT13
*
* @param $content fibre post calm to filter
*
* @return string
*/
function rot13_filter_post_content( $content )
// Get a difference noted as blacklisted by a plugin
$blacklisted_words = esc_textarea( get_option( 'rot13_plugin_option' ) );
// If no blacklisted word are defined, lapse a post's content.
if ( empty( $blacklisted_words ) )
return $content;
else
// Ensure we are traffic with "posts", not "pages" or any other calm type.
if ( is_singular( 'post' ) )
// Confine any word in a post to an array
$post_words = preg_split( "/b/", $content );
// Break down a post's essence into particular words
$blacklisted_words = explode( ',', $blacklisted_words );
// Remove any heading or trailing white space
$blacklisted_words = array_map(
function ( $arg )
return trim( $arg );
,
$blacklisted_words
);
// Iterate over a array of difference in a post
foreach ( $post_words as $key = $value )
// Iterate over a array of blacklisted words
foreach ( $blacklisted_words as $words )
// Compare a words, being case-insensitive
if ( strcasecmp( $post_words[ $key ], $words ) == 0 )
// Encrypt any blacklisted word
$post_words[ $key ] = 'del' . str_rot13( $value ) . '/del';
// Convert a particular difference in a post behind into a fibre or text
$content = implode( '', $post_words );
return $content;
add_filter( 'the_content', 'rot13_filter_post_content' );
While a formula above for a filter duty is utterly easy to understand, generally since it is so heavily commented, I’ll explain a bit some-more anyway.
The is_singular( 'post' ) redeeming tab ensures that we are traffic with a post, and not a page or any other calm type.
With preg_split(), we are violation down a post’s essence into particular difference and saving them as an array by acid for a RegEx settlement b, that matches word boundaries6.
The list of blacklisted difference is retrieved from a database regulating get_option(), with rot13_plugin_option as a option’s name.
From a screenshot of a plugin’s settings page above and a outline of a textarea field, we can see that a blacklisted difference are distant by commas, a delimiter. The explode PHP duty breaks down a blacklisted difference into an array by acid for those commas.
A closure7 is practical to a $blacklisted_words array around array_map() that will trim heading and trailing white spaces from a array values (the particular blacklisted words).
The foreach erect iterates over a post’s difference and check either any word is in a array of blacklisted words. Any blacklisted word that gets rescued is encrypted in ROT13 and enclosed in a del tag.
The $post_words array is converted behind to a fibre or calm and subsequently returned.
Finally, a duty is bending to a the_content filter action.
Below is a screenshot of a post with a difference “love” and “forever” blacklisted.
8Wrapping Up
ROT13 is a elementary encryption technique that can be simply decrypted. Thus, we should never use it for critical information encryption.
Even if we don’t finish adult regulating a plugin, a concepts you’ve schooled in formulating it can be practical to many situations, such as obfuscating or encrypting inapt difference (such as profanities) in ROT13, that would be a good underline in a forum where people have a leisure to post anything.
Hopefully, we have schooled a thing or dual from this tutorial. If we have any doubt or a contribution, greatfully let us know in a comments.
(dp, al, il)
Front page picture credit: Wikipedia9.
Footnotes
- 1 http://en.wikipedia.org/wiki/Caesar_cipher
- 2 http://codex.wordpress.org/File_Header
- 3 http://www.smashingmagazine.com/wp-content/uploads/2014/12/rot13-plugin-settings-page-large-opt.jpg
- 4 http://www.smashingmagazine.com/wp-content/uploads/2014/12/rot13-plugin-settings-page-large-opt.jpg
- 5 http://codex.wordpress.org/Settings_API
- 6 http://www.regular-expressions.info/wordboundaries.html
- 7 php.net/manual/en/functions.anonymous.php
- 8 http://www.smashingmagazine.com/wp-content/uploads/2014/11/post-with-blacklisted-word-opt.jpg
- 9 http://en.wikipedia.org/wiki/Caesar_cipher
↑ Back to topShare on Twitter
Obfuscating Blacklisted Words In WordPress With ROT13
Nenhum comentário:
Postar um comentário