Spambot Email Protector 2.02: Bug with Text Fields?

By amy - April 9, 2019 - edited: April 11, 2019

It looks like the 2.02 version of the Spambot plugin is only encoding emails when they are hard-coded or come from the CMS via a WYSIWYG field, but not when the "mailto:" is in the page code and the email address loads from CMSB via a text field. Ex:

<a href="mailto:<?php echo $record['email_address']; ?>">

We have similar code on a site using the 2.01 version on CMSB 3.09, which does not have this issue. 

If I change $GLOBALS['SEP_ENCODING_METHODS']['comments'] or $GLOBALS['SEP_ENCODING_METHODS']['tags'] to true then that encoding will load, what specifically isn't kicking in is the javascript portion. For example, via WYSIWYG:


vs. via text field (which breaks the email address when opened in an email client):

href="mailto:tes<!-- jlj --><span>t<!-- del --><!-- bsa -->@t</span><!-- ztj -->m"

Any suggestions?

By gregThomas - April 15, 2019

Hey Amy,

Sorry, I've been slow to get back to you on this one. It took me a while to debug the issue, but I think I've found the cause.

If you open the file spambotEmailProtector.php and edit line 22 from:

  ob_start('SEP_replaceEmails', 2);


  ob_start('SEP_replaceEmails', 10000);

you should find the javascript is added correctly for both email addresses. Please, could you test this out and let me know if it resolves the issue for you?

Greg Thomas

PHP Programmer -

By amy - April 16, 2019

Thanks Greg, that did the trick. Appreciate you looking into this!

By gregThomas - April 16, 2019

Hi Amy, 

The patched version of the plugin has been released, it can be downloaded here:



Greg Thomas

PHP Programmer -

By amy - April 17, 2019

Great—thanks Greg!