Skip to content

Commit

Permalink
fix typecho#291
Browse files Browse the repository at this point in the history 
给token字符串加上扰码机制
  • Loading branch information
@joyqi
joyqi committed Oct 10, 2014
1 parent 539f9fc commit 493eb47
Show file tree
Hide file tree
Showing 5 changed files with 54 additions and 4 deletions.
2 changes: 1 addition & 1 deletion admin/editor-js.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
<script>
$(document).ready(function () {
var textarea = $('#text'),
toolbar = $('<div class="editor" id="wmd-button-bar" />').insertBefore(textarea.parent())
toolbar = $('<div class="editor" id="wmd-button-bar" />').insertBefore(textarea.parent()),
preview = $('<div id="wmd-preview" class="wmd-hidetab" />').insertAfter('.editor');

var options = {}, isMarkdown = <?php echo intval($content->isMarkdown || !$content->have()); ?>;
Expand Down
1 change: 1 addition & 0 deletions admin/write-post.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,7 @@
</p>
<p>
<label for="text" class="sr-only"><?php _e('文章内容'); ?></label>
<div class="editor" id="wmd-button-bar"></div>
<textarea style="height: <?php $options->editorSize(); ?>px" autocomplete="off" id="text" name="text" class="w-100 mono"><?php echo htmlspecialchars($post->text); ?></textarea>
</p>

Expand Down
2 changes: 1 addition & 1 deletion install.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,7 @@
}

$parts = parse_url($_SERVER['HTTP_REFERER']);
if (!empty($parts['port']) && $parts['port'] != 80) {
if (!empty($parts['port']) && $parts['port'] != 80 && !Typecho_Common::isAppEngine()) {
$parts['host'] = "{$parts['host']}:{$parts['port']}";
}

Expand Down
49 changes: 49 additions & 0 deletions var/Typecho/Common.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -924,6 +924,55 @@ public static function url($path, $prefix)
return rtrim($prefix, '/') . '/' . str_replace('//', '/', ltrim($path, '/'));
}

/**
* 给javascript赋值加入扰码设计
*
* @param string $value
* @return string
*/
public static function shuffleScriptVar($value)
{
$length = strlen($value);
$max = 3;
$offset = 0;
$result = [];
$cut = [];

while ($length > 0) {
$len = rand(0, min($max, $length));
$rand = "'" . self::randString(rand(1, $max)) . "'";

if ($len > 0) {
$val = "'" . substr($value, $offset, $len) . "'";
$result[] = rand(0, 1) ? "//{$rand}\n{$val}" : "{$val}//{$rand}\n";
} else {
if (rand(0, 1)) {
$result[] = rand(0, 1) ? "''///*{$rand}*/{$rand}\n" : "/* {$rand}//{$rand} */''";
} else {
$result[] = rand(0, 1) ? "//{$rand}\n{$rand}" : "{$rand}//{$rand}\n";
$cut[] = [$offset, strlen($rand) - 2 + $offset];
}
}

$offset += $len;
$length -= $len;
}

$name = '_' . self::randString(rand(3, 7));
$cutName = '_' . self::randString(rand(3, 7));
$var = implode('+', $result);
$cutVar = Json::encode($cut);
return "(function () {
var {$name} = {$var}, {$cutName} = {$cutVar};
for (var i = 0; i < {$cutName}.length; i ++) {
{$name} = {$name}.substring(0, {$cutName}[i][0]) + {$name}.substring({$cutName}[i][1]);
}
return {$name};
})();";
}

/**
* 过滤字段名
*
Expand Down
4 changes: 2 additions & 2 deletions var/Widget/Archive.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1786,7 +1786,6 @@ public function header($rule = NULL)
};
document[event.add](event.load, function () {
console.log('ddd');
var r = document.getElementById('{$this->respondId}');
if (null != r) {
Expand All @@ -1800,7 +1799,8 @@ public function header($rule = NULL)
var input = document.createElement('input');
input.type = 'hidden';
input.name = '_';
input.value = '" . $this->security->getToken($this->request->getRequestUrl()) . "';
input.value = " . Typecho_Common::shuffleScriptVar(
$this->security->getToken($this->request->getRequestUrl())) . "
f.appendChild(input);
added = true;
Expand Down

0 comments on commit 493eb47

Please sign in to comment.