为什么正则表达式模式可用于html注释,但不适用于php和js注释?
[英]Why regex pattern works with html comments but doesn't work with php and js comments?
问题描述
I have this problem: 
我有这个问题:
Various pages of my site (tipically: html, php and js) are affected by a trojan horse (JS/Kryptik.ADZ based on NOD32 scan). 我网站的各个页面(通常是:html,php和js)都受到特洛伊木马(基于NOD32扫描的JS / Kryptik.ADZ)的影响。
The code in each type of page is like this: 每种页面类型中的代码如下:
PHP: PHP:
#336988#
echo "<script type=\"text/javascript\" language=\"javascript\" > CODE OF MALWARE </script>";
#/336988#
JS: JS:
/*336988*/
CODE OF MALWARE
/*/336988*/
HTML: HTML:
<!--336988-->
<script type="text/javascript" language="javascript" >CODE OF MALWARE</script>
<!--/336988-->
So i use Notepad++ and regex to replace malware with blank text. 因此,我使用Notepad ++和regex将恶意软件替换为空白文本。 My regex is this: (<!--|\\#|/\\*)336988.+/336988(-->|\\#|\\*/) 我的正则表达式是这样的: (<!--|\\#|/\\*)336988.+/336988(-->|\\#|\\*/)
But only HTML is found by this expression. 但是此表达式只能找到HTML。 Why? 为什么?
I don't understand. 我不明白
I'm sorry if my english and my knowledge of regex is poor. 如果我的英语和我的正则表达式知识不好,我感到抱歉。
Thanks 谢谢
Carlo 卡洛
4 个解决方案
解决方案1
0 2013-01-13 14:33:03
试试这个:
'^.*336988.*[\s\S]*.*336988.*$'
解决方案2
0 2013-02-05 14:17:18
试试这个,我遇到了同样的问题,并且有效。
/#336988#(.*?)#\/336988#/ism
解决方案3
0 2013-02-22 11:31:14
这里是修复336988、68c8c7、8f4d8e,a59dc4的脚本。
解决方案4
0 2013-02-22 17:13:38
Today I had the same problem but with different code. 今天,我遇到了同样的问题,但是代码不同。 This code affected aspx, asp, htdocs, html, htm and js files. 此代码影响了aspx,asp,htdocs,html,htm和js文件。 Below my code in Powershell to fix these files. 在Powershell中我的代码下方,用于修复这些文件。 For JS files you need to change line: 对于JS文件,您需要更改以下行:
$regex = New-Object System.Text.RegularExpressions.Regex "<!--68c8c7-->((.|\n)*)<!--/68c8c7-->"
to: 至:
$regex = New-Object System.Text.RegularExpressions.Regex "/\*68c8c7\*((.|\n)*)68c8c7\*/"
and line 和线
Get-ChildItem . -Recurse -Include *.aspx,*asp,*.html,*.htm | where-object {$_.lastwritetime –gt $DateToCompare} | %{Write-Host Examining file: $_.fullname; $_} | ForEach-Object { DoWork $_.Name $_.DirectoryName}
to: 至:
Get-ChildItem . -Recurse -Include *.js | where-object {$_.lastwritetime –gt $DateToCompare} | %{Write-Host Examining file: $_.fullname; $_} | ForEach-Object { DoWork $_.Name $_.DirectoryName}
below code (this script will create Backup_* file, after all you can delete those files): 下面的代码(此脚本将创建Backup_ *文件,毕竟您可以删除这些文件):
function tryFixFile($filepath, $filepathBackup)
{
$infile = [string]::join([environment]::newline, (get-content -path $filepath))
$regex = New-Object System.Text.RegularExpressions.Regex "<!--68c8c7-->((.|\n)*)<!--/68c8c7-->"
if($regex.IsMatch($infile))
{
$intAnswer = $WScriptObject.popup("File needs to be change: " + $filepath + " do you want to continue?", 0,"Change File",4)
If ($intAnswer -eq 6)
{
Write-Host " Creating backup for file: " $filepath
Copy-Item $filepath $filepathBackup
$replace = $regex.Replace($infile,"")
$replace | out-file $filepath
} else
{
$a.popup("File " + $filepath + " won't be changed.")
}
}
}
function DoWork($filename, $directory)
{
$filepath = $directory + '\' + $filename
$filepathBackup = $directory + '\' + "Backup_" + $filename
$WScriptObject = new-object -comobject wscript.shell
tryFixFile $filepath $filepathBackup
}
$pathToCheck = Read-Host 'WARNING!! Path to check/change?'
if (Test-Path $pathToCheck)
{
Set-Location $pathToCheck
#files were affected no longer that 2 days ago, you can change this
$DateToCompare = (Get-date).AddDays(-2)
Get-ChildItem . -Recurse -Include *.aspx,*asp,*.html,*.htm | where-object {$_.lastwritetime –gt $DateToCompare} | %{Write-Host Examining file: $_.fullname; $_} | ForEach-Object { DoWork $_.Name $_.DirectoryName}
}else
{
write-host "Path doesn't exist"
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.