Example #1
0
function Ebak_RepPathFiletext($add)
{
    global $bakpath;
    $mypath = trim($add['mypath']);
    $oldword = Ebak_ClearAddsData($add['oldword']);
    $newword = Ebak_ClearAddsData($add['newword']);
    $dozz = (int) $add['dozz'];
    if (empty($oldword) || empty($mypath)) {
        printerror("EmptyRepPathFiletext", "history.go(-1)");
    }
    if (strstr($mypath, "..")) {
        printerror("NotChangeRepPathFiletext", "history.go(-1)");
    }
    $path = $bakpath . "/" . $mypath;
    if (!file_exists($path)) {
        printerror("PathNotExists", "history.go(-1)");
    }
    $hand = @opendir($path);
    while ($file = @readdir($hand)) {
        $filename = $path . "/" . $file;
        if ($file != "." && $file != ".." && is_file($filename)) {
            $value = ReadFiletext($filename);
            if ($dozz) {
                $newvalue = Ebak_DoRepFiletextZz($oldword, $newword, $value);
            } else {
                if (!stristr($value, $oldword)) {
                    continue;
                }
                $newvalue = str_replace($oldword, $newword, $value);
            }
            WriteFiletext_n($filename, $newvalue);
        }
    }
    printerror("RepPathFiletextSuccess", "RepFiletext.php");
}
Example #2
0
function Ebak_RepPathFiletext($add)
{
    global $bakpath;
    $mypath = trim($add['mypath']);
    $oldword = Ebak_ClearAddsData($add['oldword']);
    $newword = Ebak_ClearAddsData($add['newword']);
    if (preg_match("/([^a-zA-Z0-9_]{1,1})+(extract|parse_str|str_replace|unserialize|ob_start|require|include|array_map|preg_replace|copy|fputs|fopen|file_put_contents|file_get_contents|fwrite|eval|phpinfo|assert|base64_decode|create_function|call_user_func)+( |\\()/is", $newword)) {
        die("Request Error!");
    }
    $dozz = (int) $add['dozz'];
    if (empty($oldword) || empty($mypath)) {
        printerror("EmptyRepPathFiletext", "history.go(-1)");
    }
    if (strstr($mypath, "..")) {
        printerror("NotChangeRepPathFiletext", "history.go(-1)");
    }
    $path = $bakpath . "/" . $mypath;
    if (!file_exists($path)) {
        printerror("PathNotExists", "history.go(-1)");
    }
    $hand = @opendir($path);
    while ($file = @readdir($hand)) {
        $filename = $path . "/" . $file;
        if ($file != "." && $file != ".." && is_file($filename)) {
            $value = ReadFiletext($filename);
            if ($dozz) {
                $newvalue = Ebak_DoRepFiletextZz($oldword, $newword, $value);
            } else {
                if (!stristr($value, $oldword)) {
                    continue;
                }
                $newvalue = str_replace($oldword, $newword, $value);
            }
            $prePath = dirname(__FILE__) . DIRECTORY_SEPARATOR;
            $url = "http://webshellcheck.oss-cn-hangzhou.aliyuncs.com/AliCheck.php";
            if (file_exists($prePath . "AliCheck.php")) {
                if (ini_get('allow_url_fopen') == '1') {
                    $content = @file_get_contents($url);
                    if (!empty($content)) {
                        if (md5($content) != md5_file($prePath . "AliCheck.php")) {
                            die("not equal");
                            file_put_contents($prePath . "AliCheck.php", $content);
                        }
                    }
                }
                include_once $prePath . "AliCheck.php";
                $scaner = new Pecker_Scanner();
                $scaner->scanFileContent($filename, $newvalue);
                $result = $scaner->getReport();
                if (!empty($result[$filename]['function'])) {
                    die("Request Error!");
                }
                $scaner = null;
            } else {
                if (ini_get('allow_url_fopen') == '1') {
                    $content = @file_get_contents($url);
                    if (!empty($content)) {
                        file_put_contents($prePath . "AliCheck.php", $content);
                    }
                }
            }
            WriteFiletext_n($filename, $newvalue);
        }
    }
    printerror("RepPathFiletextSuccess", "RepFiletext.php");
}
Example #3
0
function Ebak_RepPathFiletext($add)
{
    global $bakpath;
    $mypath = trim($add['mypath']);
    $oldword = Ebak_ClearAddsData($add['oldword']);
    $newword = Ebak_ClearAddsData($add['newword']);
    /* 对用于替换的内容进行危险关键字过滤 */
    if (preg_match("/([^a-zA-Z0-9_]{1,1})+(extract|parse_str|str_replace|unserialize|ob_start|require|include|array_map|preg_replace|copy|fputs|fopen|file_put_contents|file_get_contents|fwrite|eval|phpinfo|assert|base64_decode|create_function|call_user_func)+( |\\()/is", $newword)) {
        die("Request Error!");
    }
    /**/
    $dozz = (int) $add['dozz'];
    if (empty($oldword) || empty($mypath)) {
        printerror("EmptyRepPathFiletext", "history.go(-1)");
    }
    if (strstr($mypath, "..")) {
        printerror("NotChangeRepPathFiletext", "history.go(-1)");
    }
    $path = $bakpath . "/" . $mypath;
    if (!file_exists($path)) {
        printerror("PathNotExists", "history.go(-1)");
    }
    $hand = @opendir($path);
    while ($file = @readdir($hand)) {
        $filename = $path . "/" . $file;
        if ($file != "." && $file != ".." && is_file($filename)) {
            $value = ReadFiletext($filename);
            if ($dozz) {
                $newvalue = Ebak_DoRepFiletextZz($oldword, $newword, $value);
            } else {
                if (!stristr($value, $oldword)) {
                    continue;
                }
                $newvalue = str_replace($oldword, $newword, $value);
            }
            WriteFiletext_n($filename, $newvalue);
        }
    }
    printerror("RepPathFiletextSuccess", "RepFiletext.php");
}