一、添加以下代码到functions.php文件
//评论者链接的网址重定向跳转
add_filter('get_comment_author_link', 'add_redirect_comment_link', 5);
add_filter('comment_text', 'add_redirect_comment_link', 99);
function add_redirect_comment_link($text = ''){
$text=str_replace('href="', 'target="_blank" href="'.get_option('home').'/go.php?url=', $text);
$text=str_replace("href='", "target='_blank'href='".get_option('home')."/go.php?url=", $text);
return $text;
}
add_action('init', 'redirect_comment_link');
function redirect_comment_link(){
$redirect = $_GET['url'];
$redirect = trim(str_replace("\r","",str_replace("\r\n","",strip_tags(str_replace("'","",str_replace("\n", "", str_replace(" ","",str_replace("\t","",trim($redirect))))),""))));
$host = $_SERVER['HTTP_HOST'];
if($redirect){
if(strpos($_SERVER['HTTP_REFERER'],get_option('home')) !== false){
header("Location: $redirect#from:$host");
exit;
}
else {
header("Location: $redirect#from:$host");
exit;
}
}
}二、go.php和safe.php(仿QQ邮箱)
然后上传go.php文件和safe.php文件到博客程序根目录。
其中go.php是跳转页面,safe.php是防护脚本。
<?require_once('safe.php');?>
<!DOCTYPE html>
<!-- saved from url=(0162)https://mail.qq.com/cgi-bin/readtemplate?t=safety&sid=VKOc_4aQPbuLPz9u&gourl=http%3A%2F%2Fsae.sina.com.cn%2F%3Fm%3Ddevcenter%26catId%3D289&subtemplate=gray&evil=0 -->
<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>跳转页面 - Jonty</title>
<style>
/* common */
td,input,button,select,body {font-family:"lucida Grande",Verdana;font-size:12px;}
h1,h2,h3,h4,h5,h6 {font-size:12px; font-weight:normal; margin:0;}
ul,li{list-style:none;}
input,textarea,a {outline:none;}
form,body,ul,li {margin:0;padding:0;}
select,body,textarea {background:#fff;font-size:12px;}
select {font-weight:normal; font-size:12px; font-family:Tahoma;line-height:20px;}
textarea {width:540px;border:1px solid #718da6;padding:3px;font-family:"lucida Grande",Verdana;}
img {border:none}
a {text-decoration:none;cursor:pointer;outline:none;}
a:hover {text-decoration:underline;}
a,a:link,a:visited,li.fs a.fdleft:hover,li.fd_mg a.fdleft:hover {color:#1e5494;}
a.btn_blue{display:inline-block;_overflow:hidden; padding:6px 25px; margin:0; font-size:14px;font-weight:bold;text-align:center; border-radius:3px;}
a.btn_blue:focus, a.btn_red:focus, a.btn_gray:focus {border-color:#93d4fc; box-shadow:0 0 5px #60caff;}
a.btn_blue:active, a.btn_red:active, a.btn_gray:active {outline:none;}
a.btn_blue{border:1px solid #0d659b; color:#fff; color:#fff!important; background-color:#238aca; background:-moz-linear-gradient(top, #238aca, #0074bc); background:-webkit-linear-gradient(top, #238aca, #0074bc); filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#238aca', endColorstr='#0074bc'); -ms-filter: "progid:DXImageTransform.Microsoft.gradient(startColorstr='#238aca', endColorstr='#0074bc')";}
a.btn_blue:hover{text-decoration:none; background-color:#238aca; background:-moz-linear-gradient(top, #2a96d8, #0169a9); background:-webkit-linear-gradient(top, #2a96d8, #0169a9); filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#2a96d8', endColorstr='#0169a9'); -ms-filter: "progid:DXImageTransform.Microsoft.gradient(startColorstr='#2a96d8', endColorstr='#0169a9')";}
a.btn_blue:active{background-color:#238aca; background:-moz-linear-gradient(top, #0074bc, #238aca); background:-webkit-linear-gradient(top, #0074bc, #238aca); filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#0074bc', endColorstr='#238aca'); -ms-filter: "progid:DXImageTransform.Microsoft.gradient(startColorstr='#0074bc', endColorstr='#238aca')";}
.hide {visibility:hidden;}
/* remind_block 带icon的消息提示块 */
.remind_block {overflow:hidden;}
.remind_block .remind_icon {float:left;margin-right:10px;display:inline;width:32px;height:32px;background:url(https://rescdn.qqmail.com/zh_CN/htmledition/images/webp/newicon/prompt3bcbca.png) no-repeat;}
.remind_block .remind_content {overflow:hidden;*zoom:1;}
.remind_block .remind_title {margin-bottom:10px;padding-top:3px;_margin-top:4px;font-weight:bold;font-size:20px;font-family:"Microsoft YaHei","lucida Grande",Verdana;}
.remind_block .remind_detail {line-height:1.5;font-size:14px;color:#535353;}
.remind_block.notitle .remind_content {padding-top:8px;}
.error .remind_icon {background-position:-256px top;}
.error .remind_title {color:#cc0000;}
.warning .remind_icon {background-position:-64px 0;}
.warning .remind_title {color:#d68300;}
/* layout */
.container {
width:600px;
margin:0 auto;
padding-top:25px;
}
.header {
margin-bottom:5px;
}
.footer {
margin-top:18px;
text-align:center;
color:#a0a0a0;
font-size:10px;
}
.content {
border:1px solid #dfdfdf;
box-shadow:0 0 3px #d4d4d4;
}
.c-container {
padding:30px;
}
.c-footer {
padding:10px 15px;
background:#f1f1f1;
overflow:hidden;
*zoom:1;
}
.c-footer-a1,.c-footer-a2,.c-footer-a3 {float:left;}
.c-footer-a2 {margin:8px 0 0 15px;}
/* page */
.safety-detail {
font-size:12px;
margin-top:10px;
}
.safety-detail.show .safety-icon-arrow {
background-position:right top;
-webkit-transform:rotate(180deg);
-moz-transform:rotate(180deg);
transform:rotate(180deg);
}
@media screen and (-webkit-min-device-pixel-ratio:0) {
.safety-detail.show .safety-icon-arrow {
background-position:right -18px;
}
}
@-moz-document url-prefix() {
.safety-detail.show .safety-icon-arrow {
background-position:right -18px;
}
}
.safety-detail.show .safety-detail-txt {
visibility:visible;
}
.safety-icon-arrow {
display:inline-block;
*display:inline;
*zoom:1;
width:12px;
height:12px;
margin:0 0 2px 4px;
*margin:2px 0 0 4px;
line-height:12px;
vertical-align:middle;
background:url(https://rescdn.qqmail.com/zh_CN/htmledition/images/webp/safety_arrow513f4c.png) no-repeat right -18px;
-webkit-transform:rotate(0deg);
-webkit-transition:-webkit-transform .3s ease-in;
-moz-transform:rorate(0deg);
-moz-transition:-moz-transform .3s ease-in;
transform:rotate(0deg);
transition:transform .3s ease-in;
}
.safety-detail-txt {
margin-top:6px;
line-height:20px;
color:#a0a0a0;
visibility:hidden;
}
.safety-url {
margin-bottom:15px;
padding-bottom:15px;
border-bottom:1px solid #dfdfdf;
word-wrap:break-word;
word-break:break-all;
}
@media only screen and (-webkit-min-device-pixel-ratio: 2), only screen and (min-device-pixel-ratio: 2){
.remind_block .remind_icon {background-image:-webkit-image-set(url(https://rescdn.qqmail.com/zh_CN/htmledition/images/webp/newicon/prompt3bcbca.png) 1x,url(https://rescdn.qqmail.com/zh_CN/htmledition/images/webp/newicon/mail@2X3bcbca.png) 2x);}
}
</style>
<style>@-moz-keyframes nodeInserted{from{opacity:0.99;}to{opacity:1;}}@-webkit-keyframes nodeInserted{from{opacity:0.99;}to{opacity:1;}}@-o-keyframes nodeInserted{from{opacity:0.99;}to{opacity:1;}}@keyframes nodeInserted{from{opacity:0.99;}to{opacity:1;}}embed,object{animation-duration:.001s;-ms-animation-duration:.001s;-moz-animation-duration:.001s;-webkit-animation-duration:.001s;-o-animation-duration:.001s;animation-name:nodeInserted;-ms-animation-name:nodeInserted;-moz-animation-name:nodeInserted;-webkit-animation-name:nodeInserted;-o-animation-name:nodeInserted;}</style><style type="text/css"></style><script></script><script id="hp_same_"></script><script id="hp_done_"></script></head>
<body>
<div class="container">
<div class="header">
</div>
<div class="content">
<div class="c-container warning">
<div class="remind_block">
<span class="remind_icon"></span>
<div class="remind_content">
<div class="remind_title">温馨提示:</div>您将要访问:<?php $url=$_GET["url"]; ?>
<div class="remind_detail">
<div class="safety-url"><?php echo "$url"; ?></div>
注意:这是一个跳转页面,可以由你决定是否转向,我们不会为你自动转向。
<div id="detail_container" class="safety-detail">
<div><a id="detail_toggle" class="safety-detail-action" href="javascript:;">详细信息<span class="safety-icon-arrow"></span></a></div>
<div class="safety-detail-txt">
非nobb.cc旗下域名均不是本站的链接,我们无法确认所转向的网站是什么,它可能是个博客,也可能是某个垃圾网站。
<br>
<a onclick="goUrl(2)">我认为可以访问</a>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="c-footer">
<a onclick="goUrl(1);" class="c-footer-a1 btn_blue">继续访问</a><a class="c-footer-a2" onclick="closeURLWindow()">关闭网页</a>
</div>
</div>
<div class="footer">
© 2013 - 2030 Jonty All Rights Reserved.
</div>
</div>
<script>
function myHtmlDecode(_asStr) {
return _asStr && _asStr.replace ? (_asStr.replace(/ /gi," ").replace(/</gi, "<").replace(/>/gi, ">")
.replace(/&/gi, "&").replace(/"/gi, "\"").replace(/'/gi, "'")
) : _asStr;
}
function report(result) {
//(new Image).src = ('/cgi-bin/report_cgi?check=false&r_type=1002&r_msg=0,http%3A%2F%2Fsae.sina.com.cn%2F%3Fm%3Ddevcenter%26amp%3BcatId%3D289&r_result=' + result);
}
function goUrl(type) {
report(type == 1 ? 0 : 1);
setTimeout(function(){window.location.replace(myHtmlDecode('<?php echo "$url"; ?>')) },50);
}
function closeURLWindow() {
report(2);
setTimeout( function(){ window.close(); }, 80 );
}
function goSafe() {
report(9);
setTimeout(function(){window.open('http://');},50);
}
window.onload = function() {
report(10);
var detailContainer = document.getElementById("detail_container");
var detailToggle = document.getElementById("detail_toggle");
var containerClassName = "safety-detail";
if(detailToggle) {
detailToggle.onclick = function() {
if(detailContainer.className.indexOf("show") > -1) {
detailContainer.className = containerClassName;
} else {
detailContainer.className = containerClassName + " show";
}
};
}
};
</script>
</body><style type="text/css"></style></html>{/collapse-item}
{collapse-item label="safe.php"}
<?php
$referer=empty($_SERVER['HTTP_REFERER']) ? array() : array($_SERVER['HTTP_REFERER']);
function customError($errno, $errstr, $errfile, $errline)
{
echo "<b>Error number:</b> [$errno],error on line $errline in $errfile<br />";
die();
}
set_error_handler("customError",E_ERROR);
$getfilter="'|<[^>]*?>|^\\+\/v(8|9)|\\b(and|or)\\b.+?(>|<|=|\\bin\\b|\\blike\\b)|\\/\\*.+?\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)";
$postfilter="^\\+\/v(8|9)|\\b(and|or)\\b.{1,6}?(=|>|<|\\bin\\b|\\blike\\b)|\\/\\*.+?\\*\\/|<\\s*script\\b|<\\s*img\\b|\\bEXEC\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)";
$cookiefilter="\\b(and|or)\\b.{1,6}?(=|>|<|\\bin\\b|\\blike\\b)|\\/\\*.+?\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)";
function StopAttack($StrFiltKey,$StrFiltValue,$ArrFiltReq){
$StrFiltValue=arr_foreach($StrFiltValue);
if (preg_match("/".$ArrFiltReq."/is",$StrFiltValue)==1){
//slog("<br><br>操作IP: ".$_SERVER["REMOTE_ADDR"]."<br>操作时间: ".strftime("%Y-%m-%d %H:%M:%S")."<br>操作页面:".$_SERVER["PHP_SELF"]."<br>提交方式: ".$_SERVER["REQUEST_METHOD"]."<br>提交参数: ".$StrFiltKey."<br>提交数据: ".$StrFiltValue);
print "<div style=\"position:fixed;top:0px;width:100%;height:100%;background-color:white;color:green;font-weight:bold;border-bottom:5px solid #999;\"><br>您的提交带有不合法参数,谢谢合作!<br><br><a href=\"/\">返回博客首页</a></div>";
exit();
}
if (preg_match("/".$ArrFiltReq."/is",$StrFiltKey)==1){
//slog("<br><br>操作IP: ".$_SERVER["REMOTE_ADDR"]."<br>操作时间: ".strftime("%Y-%m-%d %H:%M:%S")."<br>操作页面:".$_SERVER["PHP_SELF"]."<br>提交方式: ".$_SERVER["REQUEST_METHOD"]."<br>提交参数: ".$StrFiltKey."<br>提交数据: ".$StrFiltValue);
print "<div style=\"position:fixed;top:0px;width:100%;height:100%;background-color:white;color:green;font-weight:bold;border-bottom:5px solid #999;\"><br>您的提交带有不合法参数,谢谢合作!<br><br><a href=\"/\">返回博客首页</a></div>";
exit();
}
}
//$ArrPGC=array_merge($_GET,$_POST,$_COOKIE);
foreach($_GET as $key=>$value){
StopAttack($key,$value,$getfilter);
}
foreach($_POST as $key=>$value){
StopAttack($key,$value,$postfilter);
}
foreach($_COOKIE as $key=>$value){
StopAttack($key,$value,$cookiefilter);
}
foreach($referer as $key=>$value){
StopAttack($key,$value,$getfilter);
}
function slog($logs)
{
$toppath=$_SERVER["DOCUMENT_ROOT"]."/log.htm";
$Ts=fopen($toppath,"a+");
fputs($Ts,$logs."\r\n");
fclose($Ts);
}
function arr_foreach($arr) {
static $str;
if (!is_array($arr)) {
return $arr;
}
foreach ($arr as $key => $val ) {
if (is_array($val)) {
arr_foreach($val);
} else {
$str[] = $val;
}
}
return implode($str);
}
?>{/collapse-item}
三、关于跳转:
方案一是直接跳转,下载包里有。
方案二是带有跳转页面,如本博客就是,这里提供了两个风格,下载包里有,请选取一个即可,也可自己制作。
最后附加安全小提示:为了更进一步避免被检测到有跨站漏洞请在404模板的最开头添加下面一句代码,(前提是上传了safe.php)
<!--?require_once('safe.php');?--> 如果测试的时候编码出错就修改下go.php的编码!
本文共 392 个字数,平均阅读时长 ≈ 1分钟
BZ,为什么要转跳一下呢?
@Soar、毅 ==装逼用~