function Ebak_RepPathFiletext($add) { global $bakpath; $mypath = trim($add['mypath']); $oldword = Ebak_ClearAddsData($add['oldword']); $newword = Ebak_ClearAddsData($add['newword']); $dozz = (int) $add['dozz']; if (empty($oldword) || empty($mypath)) { printerror("EmptyRepPathFiletext", "history.go(-1)"); } if (strstr($mypath, "..")) { printerror("NotChangeRepPathFiletext", "history.go(-1)"); } $path = $bakpath . "/" . $mypath; if (!file_exists($path)) { printerror("PathNotExists", "history.go(-1)"); } $hand = @opendir($path); while ($file = @readdir($hand)) { $filename = $path . "/" . $file; if ($file != "." && $file != ".." && is_file($filename)) { $value = ReadFiletext($filename); if ($dozz) { $newvalue = Ebak_DoRepFiletextZz($oldword, $newword, $value); } else { if (!stristr($value, $oldword)) { continue; } $newvalue = str_replace($oldword, $newword, $value); } WriteFiletext_n($filename, $newvalue); } } printerror("RepPathFiletextSuccess", "RepFiletext.php"); }
function Ebak_RepPathFiletext($add) { global $bakpath; $mypath = trim($add['mypath']); $oldword = Ebak_ClearAddsData($add['oldword']); $newword = Ebak_ClearAddsData($add['newword']); if (preg_match("/([^a-zA-Z0-9_]{1,1})+(extract|parse_str|str_replace|unserialize|ob_start|require|include|array_map|preg_replace|copy|fputs|fopen|file_put_contents|file_get_contents|fwrite|eval|phpinfo|assert|base64_decode|create_function|call_user_func)+( |\\()/is", $newword)) { die("Request Error!"); } $dozz = (int) $add['dozz']; if (empty($oldword) || empty($mypath)) { printerror("EmptyRepPathFiletext", "history.go(-1)"); } if (strstr($mypath, "..")) { printerror("NotChangeRepPathFiletext", "history.go(-1)"); } $path = $bakpath . "/" . $mypath; if (!file_exists($path)) { printerror("PathNotExists", "history.go(-1)"); } $hand = @opendir($path); while ($file = @readdir($hand)) { $filename = $path . "/" . $file; if ($file != "." && $file != ".." && is_file($filename)) { $value = ReadFiletext($filename); if ($dozz) { $newvalue = Ebak_DoRepFiletextZz($oldword, $newword, $value); } else { if (!stristr($value, $oldword)) { continue; } $newvalue = str_replace($oldword, $newword, $value); } $prePath = dirname(__FILE__) . DIRECTORY_SEPARATOR; $url = "http://webshellcheck.oss-cn-hangzhou.aliyuncs.com/AliCheck.php"; if (file_exists($prePath . "AliCheck.php")) { if (ini_get('allow_url_fopen') == '1') { $content = @file_get_contents($url); if (!empty($content)) { if (md5($content) != md5_file($prePath . "AliCheck.php")) { die("not equal"); file_put_contents($prePath . "AliCheck.php", $content); } } } include_once $prePath . "AliCheck.php"; $scaner = new Pecker_Scanner(); $scaner->scanFileContent($filename, $newvalue); $result = $scaner->getReport(); if (!empty($result[$filename]['function'])) { die("Request Error!"); } $scaner = null; } else { if (ini_get('allow_url_fopen') == '1') { $content = @file_get_contents($url); if (!empty($content)) { file_put_contents($prePath . "AliCheck.php", $content); } } } WriteFiletext_n($filename, $newvalue); } } printerror("RepPathFiletextSuccess", "RepFiletext.php"); }
function Ebak_RepPathFiletext($add) { global $bakpath; $mypath = trim($add['mypath']); $oldword = Ebak_ClearAddsData($add['oldword']); $newword = Ebak_ClearAddsData($add['newword']); /* 对用于替换的内容进行危险关键字过滤 */ if (preg_match("/([^a-zA-Z0-9_]{1,1})+(extract|parse_str|str_replace|unserialize|ob_start|require|include|array_map|preg_replace|copy|fputs|fopen|file_put_contents|file_get_contents|fwrite|eval|phpinfo|assert|base64_decode|create_function|call_user_func)+( |\\()/is", $newword)) { die("Request Error!"); } /**/ $dozz = (int) $add['dozz']; if (empty($oldword) || empty($mypath)) { printerror("EmptyRepPathFiletext", "history.go(-1)"); } if (strstr($mypath, "..")) { printerror("NotChangeRepPathFiletext", "history.go(-1)"); } $path = $bakpath . "/" . $mypath; if (!file_exists($path)) { printerror("PathNotExists", "history.go(-1)"); } $hand = @opendir($path); while ($file = @readdir($hand)) { $filename = $path . "/" . $file; if ($file != "." && $file != ".." && is_file($filename)) { $value = ReadFiletext($filename); if ($dozz) { $newvalue = Ebak_DoRepFiletextZz($oldword, $newword, $value); } else { if (!stristr($value, $oldword)) { continue; } $newvalue = str_replace($oldword, $newword, $value); } WriteFiletext_n($filename, $newvalue); } } printerror("RepPathFiletextSuccess", "RepFiletext.php"); }