通过PHP调用msgSecCheck,无论什么内容均返回OK,无问题,即使是很明显的违规词也返回无问题。
而且看过相关的问题处理,已经是post提交,且验证的内容也是utf-8。
复现demo:
<?php
$checkContent = ‘要检测的内容’;
$url = 'https://api.weixin.qq.com/wxa/msg_sec_check?access_token=ACCESS_TOKEN’;
$data = json_encode(array(‘content’=>$checkContent));
$ch = curl_init();
curl_setopt($ch, CURLOPT_HEADER, FALSE);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_URL,$url); // url
curl_setopt($ch, CURLOPT_POST, TRUE);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data); // json数据
$res = curl_exec($ch); // 返回值
curl_close($ch);
$result = json_decode($res,true);
echo “<pre>”;
var_dump($result);
echo “</pre>”;
?>
最后结合社区回答解决了问题:
1、就是必须是post提交;
2、必须是utf-8编码,这个地方不是对你要验证的内容是utf-8编码,而是你进行json_encode编码时,最后编码的数据是 utf-8编码,原因如下:
$data = json_encode(array(‘content’=>$checkContent),JSON_UNESCAPED_UNICODE),然后再调用
msgSecCheck的api。
JSON_UNESCAPED_UNICODE(中文不转为unicode ,对应的数字 256)
虽然mb_detect_encoding验证单独的内容已经是utf-8,但是json编码是不使用JSON_UNESCAPED_UNICODE,$data其实是ASCII编码,而非utf-8,就导致验证什么内容均可通过检测
自己参考资料:
个人代码片段示例:
/**
* 微信小程序appid
*/
const WX_APP_ID = ‘你的appid’;
/**
* 微信小程序secret
*/
const WX_APP_SECRET = ‘你的secret’;
/**
* 微信获取access_token接口地址
*/
const WX_GET_ACCESS_TOKEN_URL = 'https://api.weixin.qq.com/cgi-bin/token?grant_type=client_credential’;
/**
* 微信验证是否是敏感内容接口地址
*/
const WX_CHECK_IS_RISKY_CONTENT_URL = 'https://api.weixin.qq.com/wxa/msg_sec_check’;
private $cache;
public function __construct()
{
//初始化缓存
$this->cache = new TestCacheKernel();
}
/**
* 获取公众号或小程序access_token
* @param string $appId
* @param string $appSecret
* @return mixed
*/
public function getWxAccessToken()
{
$accessToken = ‘’;
$cache = new TestCacheKernel();
//获取缓存的access_token
$accessToken = $this->cache->getAccessToken($appId);
if(empty($accessToken))
{
$url = self::WX_GET_ACCESS_TOKEN_URL.’&appid=’.self::WX_APP_ID.’&secret=’.self::WX_APP_SECRET;
$curl = curl_init();
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_TIMEOUT, 500);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($curl, CURLOPT_URL, $url);
$res = curl_exec($curl);
curl_close($curl);
$result = json_decode($res,true);
if(isset($result[‘errcode’]))
{
//TODO::报错code需单独定义
$this->throwException(‘使用appId和secret获取access_token信息出错’.var_export($result,true),1001);
}
$accessToken = $result[‘access_token’];
$expireTime = $result[‘expires_in’];
//设置access_token缓存
$this->cache->setAccessToken( $accessToken, $expireTime);
}
return $accessToken;
}
/**
* 验证是否是风险内容
* @param string $checkContent
*/
public function checkIsRiskyContent($checkContent)
{
$return = false;
if(!empty($checkContent))
{
$access_token = $this->getWxAccessToken();
$url = self::WX_CHECK_IS_RISKY_CONTENT_URL.’?access_token=’.$access_token;
$data = json_encode(array(‘content’=>$checkContent),JSON_UNESCAPED_UNICODE);
$ch = curl_init();
curl_setopt($ch, CURLOPT_HEADER, FALSE);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_URL,$url); // url
curl_setopt($ch, CURLOPT_POST, TRUE);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data); // json数据
$dataJson = curl_exec($ch); // 返回值
curl_close($ch);
$result= json_decode($dataJson,true)
if(isset($result[‘errcode’]) && $result[‘errcode’] == 87014)
{
$return = true;
}
elseif(isset($result[‘errcode’]) && $result[‘errcode’] != 0)
{
//TODO::报错code需单独定义
$this->throwException(‘验证是否是风险内容出错’.var_export($result,true),parent::1002);
}
}
return $return;
}