-
-
Save Kun19/046b2b305cac5f2edd38037984c2e8e3 to your computer and use it in GitHub Desktop.
File Manager PRO - vulnerable code PHP syntax check
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// php syntax | |
add_action('wp_ajax_mk_check_filemanager_php_syntax', array(&$this, 'mk_check_filemanager_php_syntax_callback')); | |
add_action('wp_ajax_nopriv_mk_check_filemanager_php_syntax', array(&$this, 'mk_check_filemanager_php_syntax_callback')); | |
add_action('admin_init', array(&$this, 'remove_fm_temp_file')); | |
.... | |
/* Remove Fm Temp File */ | |
public function remove_fm_temp_file() | |
{ | |
$upload_dir = wp_upload_dir(); | |
$fm_temp = $upload_dir['basedir'].'/fm_temp.php'; | |
if (file_exists($fm_temp)) { | |
unlink($fm_temp); | |
} | |
} | |
/* Check php Syntax Errors */ | |
public function mk_check_filemanager_php_syntax_callback() | |
{ | |
$filename = isset($_POST['filename']) ? sanitize_file_name($_POST['filename']) : ''; | |
$fileMime = isset($_POST['filemime']) ? sanitize_mime_type($_POST['filemime']) : ''; | |
$code = stripslashes($_POST['code']); | |
if (is_user_logged_in() && $fileMime == 'text/x-php') { | |
$current_user = wp_get_current_user(); | |
$upload_dir = wp_upload_dir(); | |
if (isset($current_user->user_login) && !empty($upload_dir['basedir'])) { | |
$fm_temp = $upload_dir['basedir'].'/fm_temp.php'; | |
$handle = fopen($fm_temp, 'w'); | |
fwrite($handle, $code); | |
$check = shell_exec('php -d display_errors=1 -l '.$fm_temp); | |
if(empty($check)){ | |
echo '<p>('.__('Unable to execute php syntax checker due to server permissions.', 'wp-file-manager-pro').')</p>'; | |
} elseif(strpos($check, 'No syntax errors') === false) { | |
$check = str_replace('on line', 'on line number', $check); | |
echo str_replace($fm_temp, '<strong>'.$filename.'</strong>', $check); | |
echo '<p>('.__('File', 'wp-file-manager-pro').' <strong>'.$filename.'</strong> '.__('not saved.', 'wp-file-manager-pro').')</p>'; | |
} else { | |
echo '1'; | |
} | |
} | |
} else { | |
echo '1'; | |
} | |
die; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment