小程序内的按钮会被非人为异常触发?

小程序 文章 2021-03-26 10:01 0 12 全屏看文

小程序内的按钮会被非人为异常触发?Will the buttons in the applet be triggered by non-human exceptions?

小程序内的按钮会被非人为异常触发?

我的小程序里面的某个操作怀疑会被非人为的异常触发,不知道是何原因。

具体情况如下:

我的小程序是为社区居民提供交流平台,大家可以分享自己闲置物品出来,如果其他人对物品有意向可以点击物品详情页面中的一个按钮给发布者留言。但所有能进到物品详情界面并点击按钮留言的用户必须先要在小程序中注册,未注册的账户是进不到这个页面的。

最近我发现点击按钮给发布者的留言里面有一些没有头像没有昵称的留言,看上去像是未获得用户基本信息的账户。进一步查看数据库发现这些留言对应的openid并未在用户注册列表中。前面已经说过,不在用户注册列表中的账户是不可能进入到点击留言界面的,所以我推测是非人为触发了这个留言按钮的点击。所以请官方从微信平台后台帮查一下具体原因。

我的小程序appid: wx9175f56d7d126773

疑似非人为触发时的账户openid:

o2yZb5BEkAZnglzBUFJ6kEWQEQfM

o2yZb5HD-U0fWtPbgi714KFC2C3s

o2yZb5MjGAPL-6TIOoBopqQNXnjo

o2yZb5It2XfqU8IlyfA0PRqrJ430

o2yZb5AAZtd9RWlJuIYYmJ7DjBQQ

o2yZb5GeseZ7FgNjHODyT5mI0y80

o2yZb5NJpzSDZirNRsmm2NBqudbQ

o2yZb5EZmi1QFwmWfiXLdH15ugNg

o2yZb5OSKZtncdu3MFKa4ewIW3aQ

o2yZb5AeWWIcq_fj9Ps8Rl8UterM

o2yZb5BOgsBVyvHs6at3uWOUFLQw

o2yZb5EZmi1QFwmWfiXLdH15ugNg

o2yZb5G-Jp6sax1lQTMlabtfsQvo


Some operation in my small program is suspected to be triggered by non-human exception. I don't know why. The details are as follows: my little program is to provide a communication platform for community residents, so that they can share their idle items. If other people are interested in the items, they can click a button in the item details page to leave a message to the publisher. But all users who can enter the item details interface and click the button to leave a message must first register in the small program, and unregistered accounts cannot enter this page. Recently, I found that there are some messages with no avatar and no nickname in the messages that I click the button to send to the publisher, which looks like the account that does not get the basic information of the user. A further look at the database shows that the openid corresponding to these messages is not in the user registration list. As I said earlier, it is impossible for an account not in the user registration list to enter the click message interface, so I guess it is not human activity that triggered the click of the message button. So please check the specific reasons from the background of wechat platform. My small program appid: wx9175f56d7d126773, which is the non-human account of the trigger. Openid: o2yzzb5b5beka, znglzbzffj6kewqqfm o2yzb5hdqfm o2yzb5hd-u0ftwppbgi714kfc2c3s o24fc2c2c3s o2kfc2c2c2c2c3s o2yzb5mjgapl-6tiooobopqnqnqnqnqnqnjo, o2yzb5it2yzb5it2xfqqq08the account of the trigger when the trigger is the account of the trigger. Openid: o2yzzb5b5beb5b, the account of the trigger, the account of the trigger when the trigger when the trigger when the trigger when the trigger when the trigger is triggered when the trigger when the trigger when the trigger when the trigger is triggered when the trigger when the trigger when the trigger when the trigger when the trigger when the trigger when the trigger is triggered when the trigger when the trigger when the trigger when the trigger when the trigger zb5ezmi1qfwmwfixldh15ugng o2yzb5oskztncdu3mfka4ewiw3aq o2yZb5AeWWIcq_ fj9Ps8Rl8UterM o2yZb5BOgsBVyvHs6at3uWOUFLQw o2yZb5EZmi1QFwmWfiXLdH15ugNg o2yZb5G-Jp6sax1lQTMlabtfsQvo

回答:

Brother斌🎈:

会不会你写的逻辑本来就有漏洞

云淡风清 hello world:反复确认过了,程序不存在这样的漏洞。不注册只能看到首页,进不去其它页面。即使是之前注册过的后来取消了授权获取用户基本信息,那他的openid会留在注册列表里的。现在是注册列表中根本就没有的用户进到了二级页面进行了操作
Brother斌🎈:怎么自信,确定代码逻辑没问题? 这我刚上去发的
云淡风清 hello world:感谢,你是怎么操作的?
Brother斌🎈:楼下说的 试了一下 留言页确实可以分享给好友
云淡风清 hello world:疏忽了,这个详情页面不应该允许分享的,感谢
黑夜白昼1999:

你的留言页能不能分享?

云淡风清 hello world:不可分享
云淡风清 hello world:感谢提醒
dreamhunter:

基本肯定是分享问题,简单处理是禁止分享。

严谨点可以利用token机制,无有效token的自动进入登录页面

-EOF-