Skip to content

Instantly share code, notes, and snippets.

@Kun19
Created December 14, 2023 14:22
Show Gist options
  • Save Kun19/046b2b305cac5f2edd38037984c2e8e3 to your computer and use it in GitHub Desktop.
Save Kun19/046b2b305cac5f2edd38037984c2e8e3 to your computer and use it in GitHub Desktop.
File Manager PRO - vulnerable code PHP syntax check
// php syntax
add_action('wp_ajax_mk_check_filemanager_php_syntax', array(&$this, 'mk_check_filemanager_php_syntax_callback'));
add_action('wp_ajax_nopriv_mk_check_filemanager_php_syntax', array(&$this, 'mk_check_filemanager_php_syntax_callback'));
add_action('admin_init', array(&$this, 'remove_fm_temp_file'));
....
/* Remove Fm Temp File */
public function remove_fm_temp_file()
{
$upload_dir = wp_upload_dir();
$fm_temp = $upload_dir['basedir'].'/fm_temp.php';
if (file_exists($fm_temp)) {
unlink($fm_temp);
}
}
/* Check php Syntax Errors */
public function mk_check_filemanager_php_syntax_callback()
{
$filename = isset($_POST['filename']) ? sanitize_file_name($_POST['filename']) : '';
$fileMime = isset($_POST['filemime']) ? sanitize_mime_type($_POST['filemime']) : '';
$code = stripslashes($_POST['code']);
if (is_user_logged_in() && $fileMime == 'text/x-php') {
$current_user = wp_get_current_user();
$upload_dir = wp_upload_dir();
if (isset($current_user->user_login) && !empty($upload_dir['basedir'])) {
$fm_temp = $upload_dir['basedir'].'/fm_temp.php';
$handle = fopen($fm_temp, 'w');
fwrite($handle, $code);
$check = shell_exec('php -d display_errors=1 -l '.$fm_temp);
if(empty($check)){
echo '<p>('.__('Unable to execute php syntax checker due to server permissions.', 'wp-file-manager-pro').')</p>';
} elseif(strpos($check, 'No syntax errors') === false) {
$check = str_replace('on line', 'on line number', $check);
echo str_replace($fm_temp, '<strong>'.$filename.'</strong>', $check);
echo '<p>('.__('File', 'wp-file-manager-pro').' <strong>'.$filename.'</strong> '.__('not saved.', 'wp-file-manager-pro').')</p>';
} else {
echo '1';
}
}
} else {
echo '1';
}
die;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment