HEX
Server: nginx/1.18.0
System: Linux iZj6c1ieg2jrpk1z5tzi19Z 6.3.9-1.el7.elrepo.x86_64 #1 SMP PREEMPT_DYNAMIC Wed Jun 21 22:18:40 EDT 2023 x86_64
User: www (1001)
PHP: 8.2.4
Disabled: passthru,exec,system,putenv,chroot,chgrp,chown,shell_exec,popen,proc_open,pcntl_exec,ini_alter,ini_restore,dl,openlog,syslog,readlink,symlink,popepassthru,pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,imap_open,apache_setenv
$ pwd: /www/wwwroot/www.cytocare.cn/wp-content/plugins/wp-fastest-cache/inc/
Upload Files
File: /www/wwwroot/www.cytocare.cn/wp-content/plugins/wp-fastest-cache/inc/clearing-specific-pages.php
<?php
	class ClearingSpecificPagesWPFC{

		public static function remove(){
			if(!wp_verify_nonce($_POST["security"], 'wpfc-save-csp-ajax-nonce')){
				die( 'Security check' );
			}

			$_POST["order"] = sanitize_text_field($_POST["order"]);

			$urls = get_option("WpFastestCacheCSP");

			if(!empty($urls)){
				foreach ($urls as $key => $value) {
					if($value->order == ($_POST["order"])){
						unset($urls[$key]);
					}
				}
			}

			if(empty($urls)){
				delete_option("WpFastestCacheCSP");
			}else{
				update_option("WpFastestCacheCSP", $urls, 1, "no");
			}

			wp_send_json_success();
		}

		public static function check_url(){
			$home_url = parse_url(get_option("home"), PHP_URL_HOST);
			$specific_url = parse_url($_POST["url"], PHP_URL_HOST);

			if($home_url == $specific_url){
				return true;
			}

			return false;
		}

		public static function check_wild_card(){
			if(preg_match("/[^\/]\(\.\*\)/", $_POST["url"])){
				return false;
			}

			if(substr_count($_POST["url"], "(.*)") > 1){
				return false;
			}

			return true;
		}

		public static function save(){
			if(!wp_verify_nonce($_POST["security"], 'wpfc-save-csp-ajax-nonce')){
				die( 'Security check' );
			}

			if(!self::check_url()){
				wp_send_json_error("The URL must start with ".parse_url(get_option("home"), PHP_URL_SCHEME)."//".parse_url(get_option("home"), PHP_URL_HOST));
			}

			if(!self::check_wild_card()){
				wp_send_json_error("Wrong Wild Card Usage");
			}

			if(preg_match("/\.{2,}/", $_POST["url"])){
				wp_send_json_error("May be Directory Traversal Attack");
			}

			$_POST["url"] = sanitize_url($_POST["url"]);
			$_POST["order"] = sanitize_text_field($_POST["order"]);

			$urls = get_option("WpFastestCacheCSP");
			$url = (object)array("url" => $_POST["url"], "order" => $_POST["order"]);

			if(!is_array($urls)){
				$urls = array();

				array_push($urls, $url);

				add_option("WpFastestCacheCSP", $urls, 1, "no");
			}else{
				$is_update = false;

				foreach ($urls as $key => &$value) {
					if($value->order == ($_POST["order"])){
						$is_update = true;
						$value->url = $_POST["url"];
					}
				}

				if(!$is_update){
					array_push($urls, $url);
				}

				update_option("WpFastestCacheCSP", $urls, 1, "no");
			}

			wp_send_json_success();
		}

		public static function get_list(){
			if(!wp_verify_nonce($_POST["security"], 'wpfc-save-csp-ajax-nonce')){
				die( 'Security check' );
			}

			$urls = get_option("WpFastestCacheCSP");

			if(!is_array($urls)){
				$urls = array();
			}

			wp_send_json_success($urls);

		}

	}
?>
@ Telegram