I just found some hidden links when i was looking in the source code for a site i am building i Joomla when i found som hidden spam links.
I have used an hour trying to find them within some of the template files without luck. the links are following (from html source code):
<div id="jxtc-zt"><a href="http://magical-place.ru/" target="_blank"
title="достопримечательности Европы">достопримечательности Европы</a></br><a
href="http://joomla-master.org/" target="_blank" title="шаблоны Joomla 3.5">шаблоны Joomla
3.5</a></div>
And this:
</div><div id="jxtc-zt"><a href="http://battlefield4.com.ua/" target="_blank"
title="Battlefield 4">Battlefield 4</a><br><a href="http://www.absolut.vn.ua/"
target="_blank" title="минеральные воды">минеральные воды</a></div></div></div>
Have you any suggestions how to find out where they are created?
It is probably obfuscated in some way?
Thanks
Had the same problem, but found the solution.
The code is indeed hidden within the template under template_name\html\com_content\article\default.php. The text is encoded using base64 and I had 2 instances in mine, 1 for before the article and one at the end. The code used is:
<?php if (!$params->get('show_intro')) :
echo $this->item->event->afterDisplayTitle;
endif; ?><?php
$mgp='PGRpdiBpZD0iamItYmYiPjxhIGhyZWY9Imh0dHA6Ly9tYWdpY2FsLXBsYWNlLnJ1LyIgdGFyZ2V0PSJfYmxhbmsiIHRpdGxlPSLQvtGC0LfRi9Cy0Ysg0YLRg9GA0LjRgdGC0L7QsiI+0L7RgtC30YvQstGLINGC0YPRgNC40YHRgtC+0LI8L2E+PGJyPjxhIGhyZWY9Imh0dHA6Ly9qb29tbGEtbWFzdGVyLm9yZy8iIHRhcmdldD0iX2JsYW5rIiB0aXRsZT0i0YDQsNGB0YjQuNGA0LXQvdC40Y8gSm9vbWxhIDMuNSI+0YDQsNGB0YjQuNGA0LXQvdC40Y8gSm9vbWxhIDMuNTwvYT48L2Rpdj4=';
echo base64_decode($mgp);?>
I simply removed the code from the 2nd
<?php ~ through to ?>
in both links.
If you can't find word "Battlefield" in any of site's documents, try searching for (without quotes) :
"QmF0dGxlZmllbGQ=" (Base64 representation),
"426174746c656669656c64" (Hexademical representation),
"Battlefield" (ASCII).
These would be most common ways to encode it.
If still no luck, then locate the code manually: delete small chunks of code in the main template file ( index.php most commonly ) and watch, if the unwanted link disappeared after delete. If it did - you have found the code, that is responsible for it.
For those who have similar problems, I'd like to suggest a thorough solution.
A binary searching tool, like "Text-Crawler" or "String Finder" (for windows) comes handy, and then search for the "most uncommon word from the whole unwanted text" in the root folder.
Next as "Jevgeni Boga~" pointed out in the above answer, try to search for the hashed form of those strings, which could be base64,hexadecimal,aasci.
Now if you are still not able to zero in on the exact code, there is quiet a possibility that the hidden code is being fetched from te database rather than a file, so your next place to search is your database, and its quiet easy to perform a string search through "phpmyadmin" .
All you need to do is go the "phpmyadmin home" then select "your database" then select "search"....
Words or values to search for :=> "most uncommon word from the injected code"
Find:=> Leave default (at least one of the words)
Inside tables :=> Choose Select All
Inside column:=> Leave blank..
Now if your "unwanted code" was hidden inside database, then you most probably shall get to it.
Now there is also a possibility as someone stated above, that the code as being injected by some script after the loading of the page, well you could be sure that this isn't the case, by disabling the javascript in your browser...
There are various other things to look out for... Like to check whether the code is in text format or is it just an image of the text... then if thats the case maybe then you have to look for that file like .jpg or .png... furthermore the image could also be parsed from the CSS using the "URLdata:image/png;base64" method...
or Lastly just search for the "iframe" tag, maybe that's iframed from some other source.
Related
This is more of a general information question involving endnotes than a "check my code" one. That's because I can find almost no (useful) information on the subject and don't have the skills to create this myself. But I still think it's useful to create a general brainstorm session / forum thread on the net about this.
The issue: I've written about 60 articles, a dozen of them book-length or near book-length on a site that has been manually designed with HTML5, CSS3, jquery and PHP - the latter two mainly with pre-existing code. I'm very happy with it except for one thing: endnotes! It takes forever to update them.
An average article has 120 endnotes (up to 550). It happens frequently, especially during the writing/proofreading process, that I need to add more information or want an additional endnote. That means anywhere from 2 to 30 minutes of copy-pasting "[113]s", "[114]s" around. It's hopelessly inefficient.
Ordinarily I dislike the uninspirational Wiki CMS platforms, but they have one huge benefit: cite.php plugins. Like this one:
https://www.mediawiki.org/wiki/Special:ExtensionDistributor?extdist_name=Cite&extdist_version=REL1_26&extdist_submit=
Once you have this, you just put an URL between <ref> </ref> and an endnotes gets automatically generated below a {{reflist}} tag. It's explained here:
https://en.wikipedia.org/wiki/Help:Footnotes
Footnotes are created using the Cite.php software extension. This
extension adds the HTML-like elements <ref>...</ref>, <references />
and <references>...</references>. The elements are also used in a
number of templates; for example, it is becoming more common to use
{{reflist}} rather than <references /> as it can style the reference
list.
I've checked out the plugin and it, of course, is much more than just a few lines of PHP.
My main question is if anyone is aware if this type of code has been created for custom designed websites. Or if someone has an idea how to program this manually? If it's not too hard, I might try it myself in the near future or hire a programmer.
P.S. I did study HTML5 solutions for endnotes in the past. Can't remember the details, but they were terrible. It's crucial to have one type of tag, with each one generating a new automatic endnote.
{{ }} is not standard HTML tags, but usually in some modern MVC frameworks they are used as replacement for PHP syntax like echo $foodNote which is the same as {{ $foodNote }}.
A MVC framework like Laravel use it as part of blade template.
But in the provided link you have in your question, the {{reflist}} is just referring to the content inside the tags like <ref>Content of the reference</ref>.
The provided Cite.php helper file is parsing the content inside tags like <ref>...</ref> to variable reflist inside a curly braces with the same content.
It should be not very difficult to program such thing.
Here is a simple PHP script to handle footnotes automatically. The only significant caveat is that your web page file name must end in .php or .phtml (not all web servers support .phtml). This is no problem because the web server will treat the file exactly as a .html file, except it watches for PHP tags so it can process the embedded PHP scripts.
Here is the script.
<?php
function footnote($footnote){
global $Footnotes, $FootnoteCount;
$FootnoteCount++;
$Footnotes[$FootnoteCount] = "$footnote";
print "<sup>$FootnoteCount</sup>";
}
function PrintFootnotes(){
global $Footnotes, $FootnoteCount;
for($i = 1;$i < $FootnoteCount + 1;$i++){
print "<sup>$i</sup>$Footnotes[$i]<br />";
}
}
?>
You can put the script at the top of each page.
Better yet, save the script in a file named FootnoteFunctions.php. Of course, you can name it what you want or put it in a file with other functions. Just change the following include as appropriate. Next, put the following in the head of your HTML document:
<?php include("FootnoteFunctions.php"); ?>
Put this where you want the footnotes to appear at the bottom of the page:
<?php PrintFootnotes(); ?>
To create a footnote insert the following where you want the footnote number in the text (with your text between the quotes):
<?php footnote("footnote text here") ?>
That's it.
You can embellish the script as desired. For example, to pop up the footnote text as a tooltip, add title="$footnote" to the tag. You can also put a table tag, etc, in the printing function to make the footnote numbers and text line up nicely.
Here is my page explaining line by line how the script works. It also has an embellished version with the features mentioned above.
https://vocademy.net/textbooks/WebDatabase/Footnotes/PageSetup.php?Page=3&CourseDirectory=WebDatabase
I have a header.php file containing my DOCTYPE and all my links/scripts.
I use
<?php
// HTML DOCTYPE insert
include 'header.php';
?>
at top of all my pages to have only one header for everyone, and it works fine.
Now, I have another page that get from a database a summary of my products information. When someone click on the "read more" link:
<p>
read more...
</p>
another page opens with the full information displayed...
Actually that works...
BUT on my new page (display_product.php/id=[anynumber]) my included file doesn't work. So I have no nav bar, no scripts, no stylesheet. Only the text from my database.
AND the weird thing is that when I copy/paste the HTML of my generated display_product page and launch it on my browser, it works... O-o
So the generated code is good.
AND the second weird thing is that when I get rid of the /?id... my layout works fine (but I have no text anymore, of course)
Does one of you have an idea why this crazy things happens?
"Hi guys, Thanks very much Fred -ii this was it. it works perfectly. Thanks sergiodebcn for your concerne."
Since other answers were given and did not solve the actual problem, am posting my comment to an answer, in order to close the question.
Remove the slash from /?id
The slash is trying to instruct the server to probably find a folder after a filename, which technically looks like is what's happening here.
The ultimate solution for include and require functions with path issues, is to use the absolute filesystem path to the file that you want to include or require.
i.e you may say:
include("C:\\www\\app\\incs\\header.php");
Hint
To learn how to set the absolute path for include dynamically for your project, check the source code of two files of cakephp framework:
index.php
webroot/index.php
I have a site with dynamic content, with only some button labels and headers in the template files. In the View folder I have multiple *.ctp files, for example profile.ctp and index.ctp. My problem is that when I run the cake console's i18n extract function, then the translateable strings from the controller.php and profile.ctp are picked up, but index.ctp is ignored.
I tried running
cake i18n extract --files .\View\ControllerName\index.ctp --ignore-model-validation --output .\Locale\ --paths . --overwrite yes --extract-core no --merge no
This however gives no results, and no *.pom files are created, unlike when I run it without the --files argument. In that case just the strings from the view are missing from the *.pom file.
The interesting thing is that in the console output it shows that the index.ctp is parsed, but still no results are given.
Output Directory: C:\Dev\app\Locale\
---------------------------------------------------------------
Processing C:\Dev\app\View\ControllerName\index.ctp...
Processing C:\Dev\app\View\ControllerName\profile.ctp...
Done.
So, my question is - does anyone have any idea on why it is so? Is there a setting to disable certain templates, or is it the default behavior to ignore index.ctp files? Or am I just doing something really wrong?
Thank you!
Edit: Solved. Don't use shorthand PHP tags just in case :)
Maybe a stupid remark, but does your index.ctp actually contain translatable strings (i.e. strings wrapped into __("sentence to translate"); function) ?
So, after lots of headwracking I decided to try something out. I copied profile.ctp content into index.ctp, then it worked. After that I just started stripping down the index.ctp until it worked. Turns out that if I used shorthand PHP tags (<? ?>) then for some reason the translation strings detection didn't work, but when I used full tags (<?php ?>) then everything was fine. Figures :)
I'm looking for a way where you can write something normal text, ie content / problem for snakes code, for example in [div] [/ div] code could stand without problems where it does not appear or anything,
Therefore I search for a way to make that I can make normal html text but contemporaries do some code if you have problem
right moment, I use tiny mce to make some text, but when I should have known it since I do like this,
<?php echo strip_tags($tekst);?>
how come it appears on the page:
<?php echo \"Hello\";?>
what I want is just here on this page about writing some text and some code to the problem or the like, I'm thinking if I can fix it the same way or look like?
Apologize me if the question is unclear.
I'm a total newbie php user and I have this script that I want to edit.
The script have uses .tpl for the theme.
In the memberprofile.tpl there is the first name element $profilearray[0].firstname I want to add the result of this element also in another .tpl file called docs.tpl
I tried copying and pasting `$profilearray[0].firstname in docs.tpl but it did not work.
I noticed that docs.tpl uses its own $docsarray[0].xxx
So guys any idea how to do this? because there are some information in the member profile that I would like to add them inside the docs page.
I tried playing with mysql but I don't know how to use the same element firstname for both memberprofile and docs tables
I'm sure there is an easy way to do it.
Here's the full code from memberprofile.tpland I want to show some of these info in that theme docs.tpl
<p class="gray">
{$lang112}: <b>{$profilearray[0].firstname} {$profilearray[0].lastname}</b><br>
{$lang130}: <b>{$profilearray[0].birthday}</b><br>
{$lang134}: <b>{if $profilearray[0].gender eq "1"}Male{elseif $profilearray[0].gender eq "0"}Female{/if}</b><br>
{$lang140}: <b>{$profilearray[0].city}</b> <br>
{$lang139}: <b>{$profilearray[0].country}</b> <br>
{$lang113}: <b>{insert name=get_stripped_phrase value=a assign=pdesc details=$profilearray[0].description}{$pdesc}</b> <br>
{$lang259}: <b>{$profilearray[0].url|stripslashes|truncate:20:"...":true}</b> <br>
{$lang260}: <b>{insert name=get_time_to_days_ago value=var time=$profilearray[0].lastlogin}</b> <br>
{$lang261}: <b>{insert name=get_time_to_days_ago value=var time=$profilearray[0].addtime}</b>
</p>
Smarty has a tag you can google for called {include} that will do what you want. http://www.smarty.net/docsv2/en/language.function.include.tpl Use that tag on your docs.tpl file and you will be fine.
$profilearray
in your example is assigned to smarty template before the template is called in some fashion simmilar to this
$smarty->assign('profilearray',$somearray);
you'll need to find what is setting that in your first file then make sure that is included in your second template call
but you should certainly read the smarty documentation to understand what you are trying to do.
To step back for a moment... There are two parts to all this. The first part is the PHP code which actually takes user input, queries the database, processes the data, etc. The second part is the TPL file. As much as possible, the TPL file should only be concerned with presentation, not with data-processing, data-cross-referencing, etc.
All that database-reading and cross-referencing should happen inside a plain PHP file, not inside the TPL.
In order to add "Author information" to the "Documents List" (or whatever you call docs.tpl) page, you need to find the PHP code which pulls up the list of documents. Find the PHP code where it says something like:
$smarty->assign('docsarray',$document_list);
Now what you want to do is pass more information to the smarty template (TPL file) so that it can display it. Something like:
for($document_list as $index => $doc){
$owner = $doc['owner']; // Get the owner of the document
$profile = getProfile($owner); // Create one of the same things that go into $profilearray elsewhere
$document_list[$index]['profile'] = $profile; // Modify original array
}
$smarty->assign('docsarray',$document_list);
Then go into docs.tpl and find where it displays information about each document, and add smarty template code to read from the new per-document information you added. (Check the Smarty reference page for details.)
For example, if docs.tpl shows a table of documents, you might add a new column that shows the author's first/last name:
<tr>
<td>{$docsarray[$index].title}</td>
<td>{$docsarray[$index].created_date}</td>
<!-- Next line is new -->
<td>{$docsarray[$index].profile.firstname} {$docsarray[$index].profile.lastname}</td>
</tr>
If you want something that looks exactly like the "profile box", you can do that too. In fact, using {include} you can create profilebox.tpl and use it in both places to reduce redundant code.