buffer

├── all.php ├── README.md ├── LICENSE ├── buffer.html ├── prestrain.html ├── player.js └── playe.js.v8 /all.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/raymond9zhou/Player.js-MACCMS/HEAD/all.php -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Player.js-MACCMS 2 | 修复MACCMS播放页遭劫持的Player.js文件及ALL.php文件 3 | 笔者博客文章地址：[点我](https://blog.ray8.cc/archives/maccms-redirect-to-spam-site-solution.html) 4 | # 文件位置 5 | player.js的位置为网站根目录/static/js/player.js
6 | all.php的位置为/application/common/controller/all.php
7 | all.php请手动搜索player_js比对后再替换，一般为第二个搜索结果的那一行。 8 | # v8用户请将player.js.v8重命名为player.js后食用 9 | # 22日再次更新： 10 | 预加载页面也被劫持，须在后台--系统设置--播放器参数设置下将预加载广告：缓冲广告：两项的内容全部删除，版本不同也相应寻找预加载和缓冲地址类似的选项删除即可 11 | 为了方便大家对两个页面的调用，同时也附上无广告版本的干净页面~ 12 | # 笔者的碎碎念 13 | 2019年五月下旬，苹果CMS建站用户陆续出现播放页被劫持至棋牌网站的现象。本文将从笔者自身的分析方式出发，剖析CMS作者有意留下的JS漏洞位置和活加载外部JS的全部过程。多事之秋，以华为为代表的一批我国创新型企业不惧外部施压，用铁打的技术和超脱常人的眼界证明了中华儿女的不屈于人，从保险柜里拿出的自主研发备份芯片与操作系统展现了中华民族的铮铮铁骨。我作为一名流淌着中华血液的开发者为此感到深深的自豪，反观苹果CMS开发者，明知自己CMS的用户基础水平不足，却有意在源码中留下漏洞，不顾源码口碑和未来发展，强制劫持用户的访问，将罪恶之手伸向本国同胞。其心态之扭曲，实为汉语言文化圈开发者的最大耻辱。Shame On You！ 14 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2019 Raymond Zhou 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /buffer.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | buffer 5 | 6 | 7 | 8 | 9 | 13 | 14 |

10 | 连接成功,稍等数据正在缓冲中...
11 |

12 |

15 | 16 | -------------------------------------------------------------------------------- /prestrain.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | prestrain 5 | 6 | 7 | 8 | 9 | 13 | 14 |

10 | 连接成功,稍等数据正在缓冲中...
11 |

12 |

15 | 16 | -------------------------------------------------------------------------------- /player.js: -------------------------------------------------------------------------------- 1 | var MacPlayer = { 2 | 'GetUrl': function(s, n) { 3 | return this.Link.replace('{sid}', s).replace('{sid}', s).replace('{nid}', n).replace('{nid}', n) 4 | }, 5 | 'Go': function(s, n) { 6 | location.href = this.GetUrl(s, n) 7 | }, 8 | 'Show': function() { 9 | $('#buffer').attr('src', this.Prestrain); 10 | setTimeout(function() { 11 | MacPlayer.AdsEnd() 12 | }, this.Second * 1000); 13 | $("#playleft").get(0).innerHTML = this.Html + ''; 14 | var a = document.createElement('script'); 15 | a.type = 'text/javascript'; 16 | a.async = true; 17 | a.charset = 'utf-8'; 18 | a.src = ''; 19 | var b = document.getElementsByTagName('script')[0]; 20 | b.parentNode.insertBefore(a, b) 21 | }, 22 | 'AdsStart': function() { 23 | if ($("#buffer").attr('src') != this.Buffer) { 24 | $("#buffer").attr('src', this.Buffer) 25 | } 26 | $("#buffer").show() 27 | }, 28 | 'AdsEnd': function() { 29 | $('#buffer').hide() 30 | }, 31 | 'Install': function() { 32 | this.Status = false; 33 | $('#install').show() 34 | }, 35 | 'Play': function() { 36 | document.write('

' + '' + '

'); 37 | this.Height = $('.MacPlayer').get(0).offsetHeight; 38 | this.Width = $('.MacPlayer').get(0).offsetWidth; 39 | document.write('') 40 | }, 41 | 'Down': function() {}, 42 | 'Init': function() { 43 | this.Status = true; 44 | this.Parse = ''; 45 | if (player_data.encrypt == '1') { 46 | player_data.url = unescape(player_data.url); 47 | player_data.url_next = unescape(player_data.url_next) 48 | } else if (player_data.encrypt == '2') { 49 | player_data.url = unescape(base64decode(player_data.url)); 50 | player_data.url_next = unescape(base64decode(player_data.url_next)) 51 | } 52 | this.Prestrain = MacPlayerConfig.prestrain; 53 | this.Buffer = MacPlayerConfig.buffer; 54 | this.Second = MacPlayerConfig.second; 55 | this.Flag = player_data.flag; 56 | this.Trysee = player_data.trysee; 57 | this.Points = player_data.points; 58 | this.Link = decodeURIComponent(player_data.link); 59 | this.PlayFrom = player_data.from; 60 | this.PlayNote = player_data.note; 61 | this.PlayServer = player_data.server == 'no' ? '' : player_data.server; 62 | this.PlayUrl = player_data.url; 63 | this.PlayUrlNext = player_data.url_next; 64 | this.PlayLinkNext = player_data.link_next; 65 | this.PlayLinkPre = player_data.link_pre; 66 | if (MacPlayerConfig.server_list[this.PlayServer] != undefined) { 67 | this.PlayServer = MacPlayerConfig.server_list[this.PlayServer].des 68 | } 69 | if (MacPlayerConfig.player_list[this.PlayFrom] != undefined) { 70 | if (MacPlayerConfig.player_list[this.PlayFrom].ps == "1") { 71 | this.Parse = MacPlayerConfig.player_list[this.PlayFrom].parse == '' ? MacPlayerConfig.parse : MacPlayerConfig.player_list[this.PlayFrom].parse; 72 | this.PlayFrom = 'parse' 73 | } 74 | } 75 | this.Path = maccms.path + '/static/player/'; 76 | if (this.Flag == "down") { 77 | MacPlayer.Down() 78 | } else { 79 | MacPlayer.Play() 80 | } 81 | } 82 | }; 83 | 84 | MacPlayer.Init(); -------------------------------------------------------------------------------- /playe.js.v8: -------------------------------------------------------------------------------- 1 | window.onresize = function() { 2 | if (window.name == "macopen1") { 3 | MacPlayer.Width = $(window).width() - $(".MacPlayer").offset().left - 15; 4 | MacPlayer.HeightAll = $(window).height() - $(".MacPlayer").offset().top - 15; 5 | MacPlayer.Height = MacPlayer.HeightAll; 6 | if (mac_showtop == 1) { 7 | MacPlayer.Height -= 20 8 | } 9 | $(".MacPlayer").width(MacPlayer.Width); 10 | $(".MacPlayer").height(MacPlayer.HeightAll); 11 | $("#buffer").width(MacPlayer.Width); 12 | $("#buffer").height(MacPlayer.HeightAll); 13 | $("#Player").width(MacPlayer.Width); 14 | $("#Player").height(MacPlayer.Height) 15 | } 16 | } 17 | ; 18 | var MacPlayer = { 19 | 'GoPreUrl': function() { 20 | if (this.Num > 0) { 21 | this.Go(this.Src + 1, this.Num) 22 | } 23 | }, 24 | 'GetPreUrl': function() { 25 | return this.Num > 0 ? this.GetUrl(this.Src + 1, this.Num) : '' 26 | }, 27 | 'GoNextUrl': function() { 28 | if (this.Num + 1 != this.PlayUrlLen) { 29 | this.Go(this.Src + 1, this.Num + 2) 30 | } 31 | }, 32 | 'GetNextUrl': function() { 33 | return this.Num + 1 <= this.PlayUrlLen ? this.GetUrl(this.Src + 1, this.Num + 2) : '' 34 | }, 35 | 'GetUrl': function(s, n) { 36 | return mac_link.replace('{src}', s).replace('{src}', s).replace('{num}', n).replace('{num}', n) 37 | }, 38 | 'Go': function(s, n) { 39 | location.href = this.GetUrl(s, n) 40 | }, 41 | 'GetList': function() { 42 | this.RightList = ''; 43 | for (i = 0; i < this.Data.from.length; i++) { 44 | from = this.Data.from[i]; 45 | url = this.Data.url[i]; 46 | listr = ""; 47 | sid_on = 'h2'; 48 | sub_on = 'none'; 49 | urlarr = url.split('#'); 50 | for (j = 0; j < urlarr.length; j++) { 51 | urlinfo = urlarr[j].split('$'); 52 | name = ''; 53 | url = ''; 54 | list_on = ''; 55 | from1 = ''; 56 | if (urlinfo.length > 1) { 57 | name = urlinfo[0]; 58 | url = urlinfo[1]; 59 | if (urlinfo.length > 2) { 60 | from1 = urlinfo[2] 61 | } 62 | } else { 63 | name = "第" + (j + 1) + "集"; 64 | url = urlinfo[0] 65 | } 66 | if (this.Src == i && this.Num == j) { 67 | sid_on = 'h2_on'; 68 | sub_on = 'block'; 69 | list_on = "list_on"; 70 | this.PlayUrlLen = urlarr.length; 71 | this.PlayUrl = url; 72 | this.PlayName = name; 73 | if (from1 != '') { 74 | this.PlayFrom = from1 75 | } 76 | if (j < urlarr.length - 1) { 77 | urlinfo = urlarr[j + 1].split('$'); 78 | if (urlinfo.length > 1) { 79 | name1 = urlinfo[0]; 80 | url1 = urlinfo[1] 81 | } else { 82 | name1 = "第" + (j + 1) + "集"; 83 | url1 = urlinfo[0] 84 | } 85 | this.PlayUrl1 = url1; 86 | this.PalyName1 = name1 87 | } 88 | } 89 | listr += '

' + name + '

' 90 | } 91 | this.RightList += '

' + mac_show[from] + '

' + '

' + listr + '

' 92 | } 93 | }, 94 | 'ShowList': function() { 95 | $('#playright').toggle() 96 | }, 97 | 'Tabs': function(a, n) { 98 | var b = $('#sub' + a).css('display'); 99 | for (var i = 0; i <= n; i++) { 100 | $('#main' + i).attr('className', 'h2'); 101 | $('#sub' + i).hide() 102 | } 103 | if (b == 'none') { 104 | $('#sub' + a).show(); 105 | $('#main' + a).attr('className', 'h2_on') 106 | } else { 107 | $('#sub' + a).hide() 108 | } 109 | }, 110 | 'Show': function() { 111 | if (mac_showtop == 0) { 112 | $("#playtop").hide() 113 | } 114 | if (mac_showlist == 0) { 115 | $("#playright").hide() 116 | } 117 | setTimeout(function() { 118 | MacPlayer.AdsEnd() 119 | }, this.Second * 1000); 120 | $("#topdes").get(0).innerHTML = '' + '正在播放：' + this.PlayName + ''; 121 | $("#playright").get(0).innerHTML = '

' + this.RightList + '

'; 122 | $("#playleft").get(0).innerHTML = '' + this.Html + ''; 123 | document.write('') 124 | }, 125 | 'ShowBuffer': function() { 126 | var w = this.Width - 100; 127 | var h = this.Height - 100; 128 | var l = (this.Width - w) / 2; 129 | var t = (this.Height - h) / 2 + 20; 130 | $(".MacBuffer").css({ 131 | 'width': w, 132 | 'height': h, 133 | 'left': l, 134 | 'top': t 135 | }); 136 | $(".MacBuffer").toggle() 137 | }, 138 | 'AdsEnd': function() { 139 | $('#buffer').hide() 140 | }, 141 | 'Install': function() { 142 | this.Status = false; 143 | $('#install').parent().show(); 144 | $('#install').show() 145 | }, 146 | 'Play': function() { 147 | var a = mac_colors.split(','); 148 | document.write('

上一集下一集

开/关列表

'); 149 | document.write('') 150 | }, 151 | 'Down': function() {}, 152 | 'Init': function() { 153 | this.Status = true; 154 | this.Url = location.href; 155 | this.Par = location.search; 156 | this.Data = { 157 | 'from': mac_from.split('$$$'), 158 | 'server': mac_server.split('$$$'), 159 | 'note': mac_note.split('$$$'), 160 | 'url': mac_url.split('$$$') 161 | }; 162 | var c = navigator.userAgent.toLowerCase(); 163 | this.Width = window.name == 'macopen1' ? mac_widthpop : (mac_width == 0 ? '100%' : mac_width); 164 | this.HeightAll = window.name == 'macopen1' ? mac_heightpop : mac_height; 165 | if (c.indexOf("android") > 0 || c.indexOf("mobile") > 0 || c.indexOf("ipod") > 0 || c.indexOf("ios") > 0 || c.indexOf("iphone") > 0 || c.indexOf("ipad") > 0) { 166 | this.Width = window.name == 'macopen1' ? mac_widthpop : (mac_widthmob == 0 ? '100%' : mac_widthmob); 167 | this.HeightAll = window.name == 'macopen1' ? mac_heightpop : mac_heightmob 168 | } 169 | this.Height = this.HeightAll; 170 | if (mac_showtop == 1) { 171 | this.Height -= 20 172 | } 173 | if (this.Url.indexOf('#') > -1) { 174 | this.Url = this.Url.substr(0, this.Url.indexOf('#')) 175 | } 176 | this.Prestrain = mac_prestrain; 177 | this.Buffer = mac_buffer; 178 | this.Second = mac_second; 179 | this.Flag = mac_flag; 180 | var a = this.Url.match(/\d+.*(htm)/g)[0].match(/\d+/g); 181 | if (a.length < 3) { 182 | a = this.Url.match(/\d+.*/g)[0].match(/\d+/g) 183 | } 184 | var b = a.length; 185 | this.Id = a[(b - 3)] * 1; 186 | this.Src = a[(b - 2)] * 1 - 1; 187 | this.Num = a[(b - 1)] * 1 - 1; 188 | this.PlayFrom = this.Data.from[this.Src]; 189 | this.PlayServer = this.Data.server[this.Src] == 'no' ? '' : mac_show_server[this.Data.server[this.Src]]; 190 | this.PlayNote = this.Data.note[this.Src]; 191 | this.GetList(); 192 | this.NextUrl = this.GetNextUrl(); 193 | this.PreUrl = this.GetPreUrl(); 194 | this.Path = SitePath + 'player/'; 195 | if (this.Flag == "down") { 196 | MacPlayer.Down() 197 | } else { 198 | MacPlayer.Play() 199 | } 200 | } 201 | }; 202 | 203 | MacPlayer.Init(); 204 | --------------------------------------------------------------------------------