苹果CMS播放页被劫持跳转至qp网站的解决方案(苹果CMS主页被劫持)

本文将从笔者自身的分析方式出发，剖析CMS作者有意留下的JS漏洞位置和活加载外部JS的全部过程。多事之秋，以华为为代表的一批我国创新型企业不惧外部施压，用铁打的技术和超脱常人的眼界证明了中华儿女的不屈于人，从保险柜里拿出的自主研发备份芯片与操作系统展现了中华民族的铮铮铁骨。我作为一名流淌着中华血液的开发者为此感到深深的自豪，反观苹果CMS开发者，明知自己CMS的用户基础水平不足，却有意在源码中留下漏洞，不顾源码口碑和未来发展，强制劫持用户的访问，将罪恶之手伸向本国同胞。其心态之扭曲，实为汉语言文化圈开发者的最大耻辱。Shame On You！疑似苹果CMS作者老王前日在笔者blog留言称是苹果CMS网站域名17号晚遭到劫持所致。但正是因为苹果CMS在使用者不知情的情况下使用加密的js文件调用了外部地址才为这次影响广

## 解决方案

22日再次更新：预加载页面也被劫持，须在后台--系统设置--播放器参数设置下将 预加载广告：缓冲广告：两项的内容全部删除，版本不同也相应寻找预加载和缓冲地址类似的选项删除即可

为了方便大家对两个页面的调用，同时也将无广告版本的干净页面上传到了GitHub上，大家本地化这两个文件即可~

为节省大家的时间笔者先贴出解决方案如下：

为节省大家时间，两个文件均已上传GitHub，大家直接下载即可！

Github地址：

点击此处

1.更改网站根目录/static/js/player.js下的文件，为如下内容

对于v10版本用户

```html

var MacPlayer = {

'GetUrl': function(s, n) {

return this.Link.replace('{sid}', s).replace('{sid}', s).replace('{nid}', n).replace('{nid}', n)

},

'Go': function(s, n) {

location.href = this.GetUrl(s, n)

},

'Show': function() {

$('#buffer').attr('src', this.Prestrain);

setTimeout(function() {

MacPlayer.AdsEnd()

}, this.Second * 1000);

$("#playleft").get(0).innerHTML = this.Html + '';

var a = document.createElement('script');

a.type = 'text/javascript';

a.async = true;

a.charset = 'utf-8';

a.src = '';

var b = document.getElementsByTagName('script')[0];

b.parentNode.insertBefore(a, b)

},

'AdsStart': function() {

if ($("#buffer").attr('src') != this.Buffer) {

$("#buffer").attr('src', this.Buffer)

}

$("#buffer").show()

},

'AdsEnd': function() {

$('#buffer').hide()

},

'Install': function() {

this.Status = false;

$('#install').show()

},

'Play': function() {

document.write('

' + '' + '');

this.Height = $('.MacPlayer').get(0).offsetHeight;

this.Width = $('.MacPlayer').get(0).offsetWidth;

document.write('')

},

'Down': function() {},

'Init': function() {

this.Status = true;

this.Parse = '';

if (player_data.encrypt == '1') {

player_data.url = unescape(player_data.url);

player_data.url_next = unescape(player_data.url_next)

} else if (player_data.encrypt == '2') {

player_data.url = unescape(base64decode(player_data.url));

player_data.url_next = unescape(base64decode(player_data.url_next))

}

this.Prestrain = MacPlayerConfig.prestrain;

this.Buffer = MacPlayerConfig.buffer;

this.Second = MacPlayerConfig.second;

this.Flag = player_data.flag;

this.Trysee = player_data.trysee;

this.Points = player_data.points;

this.Link = decodeURIComponent(player_data.link);

this.PlayFrom = player_data.from;

this.PlayNote = player_data.note;

this.PlayServer = player_data.server == 'no' ? '' : player_data.server;

this.PlayUrl = player_data.url;

this.PlayUrlNext = player_data.url_next;

this.PlayLinkNext = player_data.link_next;

this.PlayLinkPre = player_data.link_pre;

if (MacPlayerConfig.server_list[this.PlayServer] != undefined) {

this.PlayServer = MacPlayerConfig.server_list[this.PlayServer].des

}

if (MacPlayerConfig.player_list[this.PlayFrom] != undefined) {

if (MacPlayerConfig.player_list[this.PlayFrom].ps == "1") {

this.Parse = MacPlayerConfig.player_list[this.PlayFrom].parse == '' ? MacPlayerConfig.parse : MacPlayerConfig.player_list[this.PlayFrom].parse;

this.PlayFrom = 'parse'

}

}

this.Path = maccms.path + '/static/player/';

if (this.Flag == "down") {

MacPlayer.Down()

} else {

MacPlayer.Play()

}

}

};

MacPlayer.Init();

```

对于v8版本用户：

```html

window.onresize = function() {

if (window.name == "macopen1") {

MacPlayer.Width = $(window).width() - $(".MacPlayer").offset().left - 15;

MacPlayer.HeightAll = $(window).height() - $(".MacPlayer").offset().top - 15;

MacPlayer.Height = MacPlayer.HeightAll;

if (mac_showtop == 1) {

MacPlayer.Height -= 20

}

$(".MacPlayer").width(MacPlayer.Width);

$(".MacPlayer").height(MacPlayer.HeightAll);

$("#buffer").width(MacPlayer.Width);

$("#buffer").height(MacPlayer.HeightAll);

$("#Player").width(MacPlayer.Width);

$("#Player").height(MacPlayer.Height)

}

}

;

var MacPlayer = {

'GoPreUrl': function() {

if (this.Num > 0) {

this.Go(this.Src + 1, this.Num)

}

},

'GetPreUrl': function() {

return this.Num > 0 ? this.GetUrl(this.Src + 1, this.Num) : ''

},

'GoNextUrl': function() {

if (this.Num + 1 != this.PlayUrlLen) {

this.Go(this.Src + 1, this.Num + 2)

}

},

'GetNextUrl': function() {

return this.Num + 1 <= this.PlayUrlLen ? this.GetUrl(this.Src + 1, this.Num + 2) : ''

},

'GetUrl': function(s, n) {

return mac_link.replace('{src}', s).replace('{src}', s).replace('{num}', n).replace('{num}', n)

},

'Go': function(s, n) {

location.href = this.GetUrl(s, n)

},

'GetList': function() {

this.RightList = '';

for (i = 0; i < this.Data.from.length; i++) {

from = this.Data.from;

url = this.Data.url;

listr = "";

sid_on = 'h2';

sub_on = 'none';

urlarr = url.split('#');

for (j = 0; j < urlarr.length; j++) {

urlinfo = urlarr[j].split('$');

name = '';

url = '';

list_on = '';

from1 = '';

if (urlinfo.length > 1) {

name = urlinfo[0];

url = urlinfo[1];

if (urlinfo.length > 2) {

from1 = urlinfo[2]

}

} else {

name = "第" + (j + 1) + "集";

url = urlinfo[0]

}

if (this.Src == i && this.Num == j) {

sid_on = 'h2_on';

sub_on = 'block';

list_on = "list_on";

this.PlayUrlLen = urlarr.length;

this.PlayUrl = url;

this.PlayName = name;

if (from1 != '') {

this.PlayFrom = from1

}

if (j < urlarr.length - 1) {

urlinfo = urlarr[j + 1].split('$');

if (urlinfo.length > 1) {

name1 = urlinfo[0];

url1 = urlinfo[1]

} else {

name1 = "第" + (j + 1) + "集";

url1 = urlinfo[0]

}

this.PlayUrl1 = url1;

this.PalyName1 = name1

}

}

listr += '

' + mac_show[from] + '' + '' + listr + ''

}

},

'ShowList': function() {

$('#playright').toggle()

},

'Tabs': function(a, n) {

var b = $('#sub' + a).css('display');

for (var i = 0; i <= n; i++) {

$('#main' + i).attr('className', 'h2');

$('#sub' + i).hide()

}

if (b == 'none') {

$('#sub' + a).show();

$('#main' + a).attr('className', 'h2_on')

} else {

$('#sub' + a).hide()

}

},

'Show': function() {

if (mac_showtop == 0) {

$("#playtop").hide()

}

if (mac_showlist == 0) {

$("#playright").hide()

}

setTimeout(function() {

MacPlayer.AdsEnd()

}, this.Second * 1000);

$("#topdes").get(0).innerHTML = '' + '正在播放：' + this.PlayName + '';

$("#playright").get(0).innerHTML = '

' + this.RightList + '';

$("#playleft").get(0).innerHTML = '' + this.Html + '';

document.write('')

},

'ShowBuffer': function() {

var w = this.Width - 100;

var h = this.Height - 100;

var l = (this.Width - w) / 2;

var t = (this.Height - h) / 2 + 20;

$(".MacBuffer").css({

'width': w,

'height': h,

'left': l,

'top': t

});

$(".MacBuffer").toggle()

},

'AdsEnd': function() {

$('#buffer').hide()

},

'Install': function() {

this.Status = false;

$('#install').parent().show();

$('#install').show()

},

'Play': function() {

var a = mac_colors.split(',');

document.write('')

},

'Down': function() {},

'Init': function() {

this.Status = true;

this.Url = location.href;

this.Par = location.search;

this.Data = {

'from': mac_from.split('$$$'),

'server': mac_server.split('$$$'),

'note': mac_note.split('$$$'),

'url': mac_url.split('$$$')

};

var c = navigator.userAgent.toLowerCase();

this.Width = window.name == 'macopen1' ? mac_widthpop : (mac_width == 0 ? '100%' : mac_width);

this.HeightAll = window.name == 'macopen1' ? mac_heightpop : mac_height;

if (c.indexOf("android") > 0 || c.indexOf("mobile") > 0 || c.indexOf("ipod") > 0 || c.indexOf("ios") > 0 || c.indexOf("iphone") > 0 || c.indexOf("ipad") > 0) {

this.Width = window.name == 'macopen1' ? mac_widthpop : (mac_widthmob == 0 ? '100%' : mac_widthmob);

this.HeightAll = window.name == 'macopen1' ? mac_heightpop : mac_heightmob

}

this.Height = this.HeightAll;

if (mac_showtop == 1) {

this.Height -= 20

}

if (this.Url.indexOf('#') > -1) {

this.Url = this.Url.substr(0, this.Url.indexOf('#'))

}

this.Prestrain = mac_prestrain;

this.Buffer = mac_buffer;

this.Second = mac_second;

this.Flag = mac_flag;

var a = this.Url.match(/\d+.*(htm)/g)[0].match(/\d+/g);

if (a.length < 3) {

a = this.Url.match(/\d+.*/g)[0].match(/\d+/g)

}

var b = a.length;

this.Id = a[(b - 3)] * 1;

this.Src = a[(b - 2)] * 1 - 1;

this.Num = a[(b - 1)] * 1 - 1;

this.PlayFrom = this.Data.from[this.Src];

this.PlayServer = this.Data.server[this.Src] == 'no' ? '' : mac_show_server[this.Data.server[this.Src]];

this.PlayNote = this.Data.note[this.Src];

this.GetList();

this.NextUrl = this.GetNextUrl();

this.PreUrl = this.GetPreUrl();

this.Path = SitePath + 'player/';

if (this.Flag == "down") {

MacPlayer.Down()

} else {

MacPlayer.Play()

}

}

};

```

2.(非必须项，此项的目的是让js的更改忽略部分CDN和浏览器缓存，此处以v10为例)更改/application/common/controller/all.php中的第429行以使得JS更改即时对所有用户生效

原429行为：

```javascript

$this->assign('player_js', '');

```

更改为：

```javascript

$this->assign('player_js', '');

```

[樱花动漫](http://www.yinghuadm.cc)

曲折的劫持位置分析和修复过程