نوشته اضافه در صفحات

[worldp 10]

با سلام

این ارور یا حروف اضافه چیه توی سایت میاد

ی*** اینه

СНПЧ А7 Тюмень, обзоры принтеров и МФУ

یکیم اینه

шаблоны joomla 3.5

چطوری اینارو بردارم؟

یه نکته یادم رفت

این حروف فقط توی internet explorer میاد توی موزیلا نمیاد واسه گوگل کروم هم تست نکردم.

و یه نکته دیگه توی صفحه اصلی نمیاد فقط توی آدرس مستقیم مطلب ارسال شده میاد.

لطفا راهنمایی کنید

ویرایش شده در آذر 93 توسط worldp

[ابوالفضل طالبی 280]

در قسمت بالای انجمن و در کادر جستجو عبارت زیر رو جستجو کنید:

لینک روسی

[worldp 10]

خب من اینارو پیدا کردم

این توی فایل encryption.js بود

 // Array.join is more efficient than repeated string concatenation in IE
 var ciphertext = ctrTxt + ciphertxt.join('');
 ciphertext = Base64.encode(ciphertext);  // encode in base64

 //alert((new Date()) - t);
 return ciphertext;

و

AesCtr.decrypt = function(ciphertext, password, nBits) {
 var blockSize = 16;  // block size fixed at 16 bytes / 128 bits (Nb=4) for AES
 if (!(nBits==128 || nBits==192 || nBits==256)) return '';  // standard allows 128/192/256 bit keys
 ciphertext = Base64.decode(ciphertext);
 password = Utf8.encode(password);
 //var t = new Date();  // timer

و

/* - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  */
/*  Base64 class: Base 64 encoding / decoding (c) Chris Veness 2002-2010                          */
/*    note: depends on Utf8 class                                                                 */
/* - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  */

var Base64 = {};  // Base64 namespace

Base64.code = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";

/**
* Encode string into Base64, as defined by RFC 4648 [http://tools.ietf.org/html/rfc4648]
* (instance method extending String object). As per RFC 4648, no newlines are added.
*
* @param {String} str The string to be encoded as base-64
* @param {Boolean} [utf8encode=false] Flag to indicate whether str is Unicode string to be encoded 
*   to UTF8 before conversion to base64; otherwise string is assumed to be 8-bit characters
* @returns {String} Base64-encoded string
*/ 
Base64.encode = function(str, utf8encode) {  // http://tools.ietf.org/html/rfc4648
 utf8encode =  (typeof utf8encode == 'undefined') ? false : utf8encode;
 var o1, o2, o3, bits, h1, h2, h3, h4, e=[], pad = '', c, plain, coded;
 var b64 = Base64.code;

 plain = utf8encode ? str.encodeUTF8() : str;

 c = plain.length % 3;  // pad string to length of multiple of 3
 if (c > 0) { while (c++ < 3) { pad += '='; plain += '\0'; } }
 // note: doing padding here saves us doing special-case packing for trailing 1 or 2 chars

و

/**
* Decode string from Base64, as defined by RFC 4648 [http://tools.ietf.org/html/rfc4648]
* (instance method extending String object). As per RFC 4648, newlines are not catered for.
*
* @param {String} str The string to be decoded from base-64
* @param {Boolean} [utf8decode=false] Flag to indicate whether str is Unicode string to be decoded 
*   from UTF8 after conversion from base64
* @returns {String} decoded string
*/ 
Base64.decode = function(str, utf8decode) {
 utf8decode =  (typeof utf8decode == 'undefined') ? false : utf8decode;
 var o1, o2, o3, h1, h2, h3, h4, bits, d=[], plain, coded;
 var b64 = Base64.code;

 coded = utf8decode ? str.decodeUTF8() : str;


 for (var c=0; c<coded.length; c+=4) {  // unpack four hexets into three octets
   h1 = b64.indexOf(coded.charAt(c));
   h2 = b64.indexOf(coded.charAt(c+1));
   h3 = b64.indexOf(coded.charAt(c+2));
   h4 = b64.indexOf(coded.charAt(c+3));

   bits = h1<<18 | h2<<12 | h3<<6 | h4;

   o1 = bits>>>16 & 0xff;
   o2 = bits>>>8 & 0xff;
   o3 = bits & 0xff;

   d[c/4] = String.fromCharCode(o1, o2, o3);
   // check for padding
   if (h4 == 0x40) d[c/4] = String.fromCharCode(o1, o2);
   if (h3 == 0x40) d[c/4] = String.fromCharCode(o1);
 }
 plain = d.join('');  // join() is far faster than repeated string concatenation in IE

 return utf8decode ? plain.decodeUTF8() : plain; 
}

ویرایش شده در آذر 93 توسط worldp

[worldp 10]

اینم توی htaccess.txt بود

# Block out any script trying to base64_encode data within the URL.
RewriteCond %{QUERY_STRING} base64_encode[^(]*\([^)]*\) [OR]
# Block out any script that includes a <script> tag in URL.

ویرایش شده در آذر 93 توسط worldp

[worldp 10]

اینم توی tokenizephp.js بود

"escapeshellcmd", "escapeshellarg", "passthru", "shell_exec", "proc_open",
     "proc_close", "proc_terminate", "proc_get_status", "rand", "srand",
     "getrandmax", "mt_rand", "mt_srand", "mt_getrandmax", "getservbyname",
     "getservbyport", "getprotobyname", "getprotobynumber", "getmyuid", "getmygid",
     "getmypid", "getmyinode", "getlastmod", "base64_decode", "base64_encode",
     "convert_uuencode", "convert_uudecode", "abs", "ceil", "floor", "round", "sin",
     "cos", "tan", "asin", "acos", "atan", "atan2", "sinh", "cosh", "tanh", "pi",
     "is_finite", "is_nan", "is_infinite", "pow", "exp", "log", "log10", "sqrt",
     "hypot", "deg2rad", "rad2deg", "bindec", "hexdec", "octdec", "decbin",





"imap_fetchstructure","imap_gc","imap_expunge","imap_delete","imap_undelete",
     "imap_check","imap_listscan","imap_mail_copy","imap_mail_move","imap_mail_compose",
     "imap_createmailbox","imap_renamemailbox","imap_deletemailbox","imap_subscribe",
     "imap_unsubscribe","imap_append","imap_ping","imap_base64","imap_qprint","imap_8bit",
     "imap_binary","imap_utf8","imap_status","imap_mailboxmsginfo","imap_setflag_full",
     "imap_clearflag_full","imap_sort","imap_uid","imap_msgno","imap_list","imap_lsub",
     "imap_fetch_overview","imap_alerts","imap_errors","imap_last_error","imap_search",
     "imap_utf7_decode","imap_utf7_encode","imap_mime_header_decode","imap_thread",
     "imap_timeout","imap_get_quota","imap_get_quotaroot","imap_set_quota","imap_setacl",
     "imap_getacl","imap_mail","imap_header","imap_listmailbox","imap_getmailboxes",





"MON_7",  "MON_8", "MON_9", "MON_10", "MON_11", "MON_12", "AM_STR", "PM_STR",
     "D_T_FMT",  "D_FMT", "T_FMT", "T_FMT_AMPM", "ERA", "ERA_D_T_FMT", "ERA_D_FMT",
     "ERA_T_FMT", "ALT_DIGITS", "CRNCYSTR", "THOUSEP",  "YESEXPR", "NOEXPR",
     "SOCKET_ENOMEDIUM", "GLOB_AVAILABLE_FLAGS", "XSD_SHORT", "XSD_NMTOKENS",
     "LOG_LOCAL3", "LOG_LOCAL4", "LOG_LOCAL5", "LOG_LOCAL6", "LOG_LOCAL7",
     "DNS_ANY", "DNS_ALL", "SOCKET_ENOLINK",  "SOCKET_ECOMM", "SOAP_FUNCTIONS_ALL",
     "UNKNOWN_TYPE", "XSD_BASE64BINARY", "XSD_ANYURI", "XSD_QNAME", "SOCKET_EISNAM",
     "SOCKET_EMEDIUMTYPE", "XSD_NCNAME", "XSD_ID", "XSD_ENTITIES", "XSD_INTEGER",
     "XSD_NONPOSITIVEINTEGER", "XSD_NEGATIVEINTEGER", "XSD_LONG", "XSD_INT",
     "XSD_UNSIGNEDLONG", "XSD_UNSIGNEDINT", "XSD_UNSIGNEDSHORT", "XSD_UNSIGNEDBYTE",
     "XSD_POSITIVEINTEGER", "XSD_ANYTYPE", "XSD_ANYXML", "APACHE_MAP", "XSD_1999_TIMEINSTANT",
     "XSD_NAMESPACE", "XSD_1999_NAMESPACE", "SOCKET_ENOTUNIQ", "SOCKET_EBADFD",
     "SOCKET_ESTRPIPE", "T_GOTO", "T_NAMESPACE", "T_NS_C", "T_DIR", "T_NS_SEPARATOR",
     "LIBXSLT_VERSION","LIBEXSLT_DOTTED_VERSION", "LIBEXSLT_VERSION",  "SVN_AUTH_PARAM_DEFAULT_USERNAME",
     "SVN_AUTH_PARAM_DEFAULT_PASSWORD", "SVN_AUTH_PARAM_NON_INTERACTIVE",
     "SVN_AUTH_PARAM_DONT_STORE_PASSWORDS", "SVN_AUTH_PARAM_NO_AUTH_CACHE",
     "SVN_AUTH_PARAM_SSL_SERVER_FAILURES", "SVN_AUTH_PARAM_SSL_SERVER_CERT_INFO",

ویرایش شده در آذر 93 توسط worldp

[worldp 10]

اینم توی visualblocks.css بود

p, h1, h2, h3, h4, h5, h6, hgroup, aside, div, section, article, blockquote, address, pre, figure {display: block; padding-top: 10px; border: 1px dashed #BBB; background: transparent no-repeat}
p, h1, h2, h3, h4, h5, h6, hgroup, aside, div, section, article, address, pre, figure {margin-left: 3px}
section, article, address, hgroup, aside, figure {margin: 0 0 1em 3px}

p {background-image: url(data:image/gif;base64,R0lGODlhCQAJAJEAAAAAAP///7u7u////yH5BAEAAAMALAAAAAAJAAkAAAIQnG+CqCN/mlyvsRUpThG6AgA7)}
h1 {background-image: url(data:image/gif;base64,R0lGODlhDQAKAIABALu7u////yH5BAEAAAEALAAAAAANAAoAAAIXjI8GybGu1JuxHoAfRNRW3TWXyF2YiRUAOw==)}
h2 {background-image: url(data:image/gif;base64,R0lGODlhDgAKAIABALu7u////yH5BAEAAAEALAAAAAAOAAoAAAIajI8Hybbx4oOuqgTynJd6bGlWg3DkJzoaUAAAOw==)}
h3 {background-image: url(data:image/gif;base64,R0lGODlhDgAKAIABALu7u////yH5BAEAAAEALAAAAAAOAAoAAAIZjI8Hybbx4oOuqgTynJf2Ln2NOHpQpmhAAQA7)}
h4 {background-image: url(data:image/gif;base64,R0lGODlhDgAKAIABALu7u////yH5BAEAAAEALAAAAAAOAAoAAAIajI8HybbxInR0zqeAdhtJlXwV1oCll2HaWgAAOw==)}
h5 {background-image: url(data:image/gif;base64,R0lGODlhDgAKAIABALu7u////yH5BAEAAAEALAAAAAAOAAoAAAIajI8HybbxIoiuwjane4iq5GlW05GgIkIZUAAAOw==)}
h6 {background-image: url(data:image/gif;base64,R0lGODlhDgAKAIABALu7u////yH5BAEAAAEALAAAAAAOAAoAAAIajI8HybbxIoiuwjan04jep1iZ1XRlAo5bVgAAOw==)}
div {background-image: url(data:image/gif;base64,R0lGODlhEgAKAIABALu7u////yH5BAEAAAEALAAAAAASAAoAAAIfjI9poI0cgDywrhuxfbrzDEbQM2Ei5aRjmoySW4pAAQA7)}
section {background-image: url(data:image/gif;base64,R0lGODlhKAAKAIABALu7u////yH5BAEAAAEALAAAAAAoAAoAAAI5jI+pywcNY3sBWHdNrplytD2ellDeSVbp+GmWqaDqDMepc8t17Y4vBsK5hDyJMcI6KkuYU+jpjLoKADs=)}
article {background-image: url(data:image/gif;base64,R0lGODlhKgAKAIABALu7u////yH5BAEAAAEALAAAAAAqAAoAAAI6jI+pywkNY3wG0GBvrsd2tXGYSGnfiF7ikpXemTpOiJScasYoDJJrjsG9gkCJ0ag6KhmaIe3pjDYBBQA7)}
blockquote {background-image: url(data:image/gif;base64,R0lGODlhPgAKAIABALu7u////yH5BAEAAAEALAAAAAA+AAoAAAJPjI+py+0Knpz0xQDyuUhvfoGgIX5iSKZYgq5uNL5q69asZ8s5rrf0yZmpNkJZzFesBTu8TOlDVAabUyatguVhWduud3EyiUk45xhTTgMBBQA7)}
address {background-image: url(data:image/gif;base64,R0lGODlhLQAKAIABALu7u////yH5BAEAAAEALAAAAAAtAAoAAAI/jI+pywwNozSP1gDyyZcjb3UaRpXkWaXmZW4OqKLhBmLs+K263DkJK7OJeifh7FicKD9A1/IpGdKkyFpNmCkAADs=)}
pre {background-image: url(data:image/gif;base64,R0lGODlhFQAKAIABALu7uwAAACH5BAEAAAEALAAAAAAVAAoAAAIjjI+ZoN0cgDwSmnpz1NCueYERhnibZVKLNnbOq8IvKpJtVQAAOw==)}
hgroup {background-image: url(data:image/gif;base64,R0lGODlhJwAKAIABALu7uwAAACH5BAEAAAEALAAAAAAnAAoAAAI3jI+pywYNI3uB0gpsRtt5fFnfNZaVSYJil4Wo03Hv6Z62uOCgiXH1kZIIJ8NiIxRrAZNMZAtQAAA7)}
aside {background-image: url(data:image/gif;base64,R0lGODlhHgAKAIABAKqqqv///yH5BAEAAAEALAAAAAAeAAoAAAItjI+pG8APjZOTzgtqy7I3f1yehmQcFY4WKZbqByutmW4aHUd6vfcVbgudgpYCADs=)}
figure {background-image: url(data:image/gif;base64,R0lGODlhJAAKAIAAALu7u////yH5BAEAAAEALAAAAAAkAAoAAAI0jI+py+2fwAHUSFvD3RlvG4HIp4nX5JFSpnZUJ6LlrM52OE7uSWosBHScgkSZj7dDKnWAAgA7)}
figcaption {border: 1px dashed #BBB}

ویرایش شده در آذر 93 توسط worldp

[worldp 10]

اینم توی web.config.txt بود

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
  <system.webServer>
      <rewrite>
          <rules>
              <rule name="Joomla! Rule 1" stopProcessing="true">
                  <match url="^(.*)$" ignoreCase="false" />
                  <conditions logicalGrouping="MatchAny">
                      <add input="{QUERY_STRING}" pattern="base64_encode[^(]*\([^)]*\)" ignoreCase="false" />
                      <add input="{QUERY_STRING}" pattern="(>|%3C)([^s]*s)+cript.*(<|%3E)" />
                      <add input="{QUERY_STRING}" pattern="GLOBALS(=|\[|\%[0-9A-Z]{0,2})" ignoreCase="false" />
                      <add input="{QUERY_STRING}" pattern="_REQUEST(=|\[|\%[0-9A-Z]{0,2})" ignoreCase="false" />
                  </conditions>
                  <action type="CustomResponse" url="index.php" statusCode="403" statusReason="Forbidden" statusDescription="Forbidden" />
              </rule>
              <rule name="Joomla! Rule 2">
                  <match url="(.*)" ignoreCase="false" />
                  <conditions logicalGrouping="MatchAll">
                    <add input="{URL}" pattern="^/index.php" ignoreCase="true" negate="true" />
                    <add input="{URL}" pattern="/component/|(/[^.]*|\.(php|html?|feed|pdf|vcf|raw))$" />
                    <add input="{REQUEST_FILENAME}" matchType="IsFile" ignoreCase="false" negate="true" />
                    <add input="{REQUEST_FILENAME}" matchType="IsDirectory" ignoreCase="false" negate="true" />
                  </conditions>
                  <action type="Rewrite" url="index.php" />
              </rule>
          </rules>
      </rewrite>
  </system.webServer>
</configuration>

[worldp 10]

فقط اینارو پیدا کردم باید چیکار کنم :Bala:

[worldp 10]

کدوم کد رو باید حذف کنم