在我们的一个Wordpress应用程序中,我们有Cloudflare,从一个月前开始,我们注意到一个问题,即我们的JavaScript无法加载。网址是:
https://somedomain.com/wp-admin/load-scripts.php?c=0&load%5B%5D=hoverIntent,common,admin-bar,heartbeat,autosave,wp-ajax-response,jquery-color,wp-lists,jquery-query,admin-comments,suggest,jquer&load%5B%5D=y-ui-mouse,jquery-ui-sortable,postbox,tags-suggest,tags-box,word-count,post,editor-expand,thickbox,shortcode,wp-plupload,mediael&load%5B%5D=ement,wp-mediaelement,media-views,media-editor,media-audiovideo,mce-view,image-edit,svg-painter,wp-auth-check,jquery-ui-tabs,jqu&load%5B%5D=ery-ui-draggable,jquery-ui-slider,jquery-touch-punch,iris,wp-color-picker,media-upload,wp-pointer,editor,wplink,wp-embed&ver=4.8.9
当我们在浏览器中输入该URL时,它将显示Cloudflare页面和验证码,以输入“下一步。请完成安全性检查以访问。” 因此,可能是网址太长,Cloudflare Owasp安全性在其中遇到了问题。
此问题可能来自Wordpress load-scripts.php文件(以下代码),该文件将文件合并为一个,并且我们有很多插件。
我们该怎么办?
function _print_scripts() {
global $wp_scripts, $compress_scripts;
$zip = $compress_scripts ? 1 : 0;
if ( $zip && defined('ENFORCE_GZIP') && ENFORCE_GZIP )
$zip = 'gzip';
if ( $concat = trim( $wp_scripts->concat, ', ' ) ) {
if ( !empty($wp_scripts->print_code) ) {
echo "\n<script type='text/javascript'>\n";
echo "/* <![CDATA[ */\n"; // not needed in HTML 5
echo $wp_scripts->print_code;
echo "/* ]]> */\n";
echo "</script>\n";
}
$concat = str_split( $concat, 128 );
$concat = 'load%5B%5D=' . implode( '&load%5B%5D=', $concat );
$src = $wp_scripts->base_url . "/wp-admin/load-scripts.php?c={$zip}&" . $concat . '&ver=' . $wp_scripts->default_version;
echo "<script type='text/javascript' src='" . esc_attr($src) . "'></script>\n";
}
if ( !empty($wp_scripts->print_html) )
echo $wp_scripts->print_html;
}