今天看了下一个频道的页面,发现有js什么的冲突代码
最近用排除方法 是底部 <script src="http://discuz.gtimg.cn/cloud/scripts/discuz_tips.js?v=1" type="text/javascript" charset="UTF-8"></script>
这代码引起的,既然在底部那就很好找,找到模版 footer.htm 里面是用 <!--{eval output();}--> 调用的
之前没有这代码的,打了0339补丁就有了,那就去0339补丁里搜索这代码
在 source/function/function_cloud.php 里有这么一句赤裸裸的代码,为什么我叫他赤裸裸
一 因为这gtimg.cn跟官方,压跟没有联系
二 这js代码还会影响我们js的效果
三 下载这个js还使用一个eval(function(p,a,c,k,e,d)加密
-----------------------------------------------------------------------------------------------
解密后得到的代码
var clearTips;
DiscuzCloudNameSpace = new Object();
DiscuzCloudNameSpace.register = function(fullName) {
try {
var nsArray = fullName.split(".");
var strNS = "";
var strEval = "";
for (var i = 0; i < nsArray.length; i++) {
if (strNS.length > 0) strNS += ".";
strNS += nsArray[i];
strEval += " if (typeof(" + strNS + ") =='undefined') " + strNS + " = new Object(); "
};
if (strEval != "") eval(strEval)
} catch(e) {
alert(e.message)
}
};
DiscuzCloudNameSpace.register('DiscuzCloud');
DiscuzCloud.JSONP = (function() {
var counter = 0,
head, query, key, window = this;
function load(url) {
script = document.createElement('script'),
done = false;
script.src = url;
script.charset = 'UTF-8';
script.async = true;
script.onload = script.onreadystatechange = function() {
if (!done && (!this.readyState || this.readyState === "loaded" || this.readyState === "complete")) {
done = true;
script.onload = script.onreadystatechange = null;
if (script && script.parentNode) {
script.parentNode.removeChild(script)
}
}
};
if (!head) {
head = document.getElementsByTagName('head')[0]
};
head.appendChild(script)
};
function jsonp(url, params, callback) {
if (url.indexOf('?') > -1) {
query = '&'
} else {
query = '?'
};
params = params || {};
for (key in params) {
if (params.hasOwnProperty(key)) {
query += encodeURIComponent(key) + "=" + encodeURIComponent(params[key]) + "&"
}
};
var jsonp = 'discuzTipsCallback';
window[jsonp] = function(data) {
callback(data);
try {
delete window[jsonp]
} catch(e) {}
window[jsonp] = null
};
load(url + query + "callback=" + jsonp);
return jsonp
};
return {
get: jsonp
}
} ());
DiscuzCloud.htmlspecialchars = function(string, quote_style, charset, double_encode) {
var optTemp = 0,
i = 0,
noquotes = false;
if (typeof quote_style === 'undefined' || quote_style === null) {
quote_style = 2
};
string = string.toString();
if (double_encode !== false) {
string = string.replace(/&/g, '&')
};
string = string.replace(/</g, '<').replace(/>/g, '>');
var OPTS = {
'ENT_NOQUOTES': 0,
'ENT_HTML_QUOTE_SINGLE': 1,
'ENT_HTML_QUOTE_DOUBLE': 2,
'ENT_COMPAT': 2,
'ENT_QUOTES': 3,
'ENT_IGNORE': 4
};
if (quote_style === 0) {
noquotes = true
};
if (typeof quote_style !== 'number') {
quote_style = [].concat(quote_style);
for (i = 0; i < quote_style.length; i++) {
if (OPTS[quote_style[i]] === 0) {
noquotes = true
} else if (OPTS[quote_style[i]]) {
optTemp = optTemp | OPTS[quote_style[i]]
}
};
quote_style = optTemp
};
if (quote_style & OPTS.ENT_HTML_QUOTE_SINGLE) {
string = string.replace(/'/g, ''')
};
if (!noquotes) {
string = string.replace(/"/g, '"')
};
return string
};
DiscuzCloud.setCookie = function(name, value, sec) {
if (typeof(sec) == 'undefined') {
sec = 86400000;
} else {
sec = sec * 1000
};
var expires = new Date();
expires.setTime(expires.getTime() + sec);
document.cookie = name + '=' + escape(value) + '; expires=' + expires.toGMTString()
};
DiscuzCloud.getCookie = function(name) {
var cookie_start = document.cookie.indexOf(name);
var cookie_end = document.cookie.indexOf(';', cookie_start);
return cookie_start == -1 ? '': unescape(document.cookie.substring(cookie_start + name.length + 1, (cookie_end > cookie_start ? cookie_end: document.cookie.length)))
};
DiscuzCloud.$ = function(id) {
return document.getElementById(id)
};
DiscuzCloud.Tips = function(sId, version, release, api, founder, fix, sUrl, sCharset, ts, sig, adminId, groupId, uid, openId) {
this.sId = sId;
this.sUrl = sUrl;
this.version = version;
this.release = release;
this.api = api;
this.founder = founder;
this.fix = fix;
this.clientWidth = document.documentElement.clientWidth;
this.clientHeight = document.documentElement.clientHeight;
this.discuzTips = DiscuzCloud.$('discuz_tips');
newDate = new Date();
this.url = 'http://cp.discuz.qq.com/tips/get?rand=' + newDate.getDate() + newDate.getHours();
this.secret = '';
this.tipsId = '';
this.cacheKey = '';
this.sendTime = '';
this.sCharset = sCharset;
if (typeof(document.characterSet) == 'undefined') {
this.browserCharset = document.charset
} else {
this.browserCharset = document.characterSet
};
if (discuzTipsCVersion == '2') {
this.adminId = adminId;
this.groupId = groupId;
this.uid = uid;
this.openId = openId
};
this.ts = ts;
this.sig = sig
};
DiscuzCloud.Tips.prototype.show = function() {
if (discuzTipsCVersion == '2' && this.adminId != 1) {
return false
};
if (this.checkManyou()) {
return false
};
var callback = function(data) {
if (typeof(data.errorCode) != 'undefined' && data.errorCode != 0) {
return false
};
if (typeof(data.css) != 'undefined' && data.css) {
tips.css(data.css)
};
if (typeof(data.secret) != 'undefined' && data.secret) {
tips.secret = data.secret
};
if (typeof(data.tipsId) != 'undefined' && data.tipsId) {
tips.tipsId = data.tipsId
};
if (typeof(data.tscKey) != 'undefined' && data.tscKey) {
tips.tscKey = data.tscKey
};
if (typeof(data.html) != 'undefined') {
tips.discuzTips.innerHTML = tips.analysis(data.html)
};
if (typeof(data.beforeJS) != 'undefined' && data.beforeJS) {
eval(data.beforeJS)
};
if (typeof(data.afterJS) != 'undefined' && data.afterJS) {
eval(data.afterJS)
};
if (typeof(data.sendTime) != 'undefined' && data.sendTime) {
tips.sendTime = data.sendTime
};
if (typeof(data.viewPermission) != 'undefined' && data.viewPermission) {
tips.viewPermission = data.viewPermission
};
tips.open();
if (typeof(data.keepTime) != 'undefined' && data.keepTime > 0) {
clearTips = setTimeout(function() {
tips.close(data.tipsId, data.tscKey, data.viewPermission, true)
},
data.keepTime * 1000)
}
};
var cookie = DiscuzCloud.getCookie('dctips');
if (discuzTipsCVersion == '2') {
var params = {
's_id': this.sId,
'product_version': this.version,
'product_release': this.release,
'fix_bug': this.fix,
'is_founder': this.founder,
's_url': this.sUrl,
'last_send_time': cookie,
'ts': this.ts,
'sig': this.sig,
'admin_id': this.adminId,
'group_id': this.groupId,
'open_id': this.openId,
'uid': this.uid
}
} else {
var params = {
's_id': this.sId,
'product_version': this.version,
'product_release': this.release,
'fix_bug': this.fix,
'is_founder': this.founder,
's_url': this.sUrl,
'last_send_time': cookie,
'ts': this.ts,
'sig': this.sig
}
};
DiscuzCloud.JSONP.get(this.url, params, callback)
};
DiscuzCloud.Tips.prototype.css = function(url) {
try {
document.createStyleSheet(url)
} catch(e) {
var cssLink = document.createElement('link');
cssLink.rel = 'stylesheet';
cssLink.type = 'text/css';
cssLink.href = url;
var head = document.getElementsByTagName('head')[0];
head.appendChild(cssLink)
}
};
DiscuzCloud.Tips.prototype.checkManyou = function() {
if (DiscuzCloud.$('my_notify_wrap')) {
return true
};
return false
};
DiscuzCloud.Tips.prototype.markAsRead = function(taskId, cacheKey, viewPermission) {
var newDate = new Date();
var time = Math.floor(newDate.getTime() / 1000);
var sig = this.encode(taskId, this.secret);
DiscuzCloud.setCookie('dctips', this.sendTime, 86400 * 30);
var url = 'http://cp.discuz.qq.com/tips/mark?rand=' + Math.random();
var callback = function() {};
var params = {
'id': taskId,
'key': cacheKey,
'is_founder': this.founder,
'view_permission': viewPermission,
'sig': sig
};
DiscuzCloud.JSONP.get(url, params, callback)
};
DiscuzCloud.Tips.prototype.encode = function(id, key) {
var num = id % 8;
if (num == 0) {
num = 8
};
return key.substr(num) + key.substr(0, num)
};
DiscuzCloud.Tips.prototype.open = function() {
this.discuzTips.style.display = '';
};
DiscuzCloud.Tips.prototype.close = function(taskId, cacheKey, viewPermission, passive) {
clearTimeout(clearTips);
this.discuzTips.style.display = 'none';
if (typeof(taskId) == 'undefined') {
taskId = 0
};
this.markAsRead(taskId, cacheKey, viewPermission);
if (typeof(passive) != 'undefined' && passive == true) {
this.stats('passiveClose', taskId, cacheKey)
} else {
this.stats('close', taskId, cacheKey)
}
};
DiscuzCloud.Tips.prototype.stats = function(action, taskId, cacheKey) {
var statsUrl = 'http://cp.discuz.qq.com/tips/stats?rand=' + Math.random();
var sig = this.encode(taskId, this.secret);
var params = {
'action': action,
'tt_id': taskId,
'sig': sig,
'cache_key': cacheKey
};
var callback = function() {};
DiscuzCloud.JSONP.get(statsUrl, params, callback)
};
DiscuzCloud.Tips.prototype.analysis = function(html) {
tipsId = parseInt(this.tipsId);
sId = parseInt(this.sId);
sUrl = DiscuzCloud.htmlspecialchars(this.sUrl);
sVersion = DiscuzCloud.htmlspecialchars(this.version);
sCharset = DiscuzCloud.htmlspecialchars(this.sCharset);
tempUrl = this.sUrl.split('//');
tempUrl = tempUrl[1].split('/');
sDomain = DiscuzCloud.htmlspecialchars(tempUrl[0]);
tempUrl = tempUrl[0].split('.');
tempUrl.shift();
sMasterDomain = DiscuzCloud.htmlspecialchars(tempUrl.join('.'));
html = html.replace(/#TipsID#/, tipsId);
html = html.replace(/#SId#/, sId);
html = html.replace(/#SiteUrl#/, sUrl);
html = html.replace(/#SiteVersion#/, sVersion);
html = html.replace(/#SiteCharset#/, sCharset);
html = html.replace(/#SiteDomain#/, sDomain);
html = html.replace(/#SiteMasterDomain#/, sMasterDomain);
return html
};
window.onload = function(e) {
if (typeof(discuzTipsCVersion) == 'undefined') {
discuzTipsCVersion = '0'
};
if (discuzTipsCVersion == '2') {
tips = new DiscuzCloud.Tips(discuzSId, discuzVersion, discuzRelease, discuzApi, discuzIsFounder, discuzFixbug, SITEURL, charset, ts, sig, discuzAdminId, discuzGroupId, discuzUid, discuzOpenId)
} else {
tips = new DiscuzCloud.Tips(discuzSId, discuzVersion, discuzRelease, discuzApi, discuzIsFounder, discuzFixbug, SITEURL, charset, ts, sig)
};
tips.show()
}
最后提醒大家:去掉了,你就收不到Discuz!的安全通知了,也收不到Discuz!的补丁通知了,还收不到防水墙的过滤通知了。
新闻热点
疑难解答
