403Webshell
Server IP : 43.141.49.119  /  Your IP : 113.219.202.173
Web Server : Apache
System : Linux VM-8-5-opencloudos 6.6.34-9.oc9.x86_64 #1 SMP PREEMPT_DYNAMIC Wed Jun 19 19:35:45 CST 2024 x86_64
User : www ( 1000)
PHP Version : 8.1.27
Disable Function : passthru,exec,system,putenv,chroot,chgrp,chown,shell_exec,popen,proc_open,pcntl_exec,ini_alter,ini_restore,dl,openlog,syslog,readlink,symlink,popepassthru,pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,imap_open,apache_setenv
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : OFF  |  Sudo : ON  |  Pkexec : ON
Directory :  /www/wwwroot/www.ucppt.com/wp-content/plugins/wpcom-member-pro/includes/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :


[ Back ]     

Current File : /www/wwwroot/www.ucppt.com/wp-content/plugins/wpcom-member-pro/includes/hidden-content.php
<?php
namespace WPCOM\Member;
use WPCOM\Themer\Session;

defined( 'ABSPATH' ) || exit;

class Hidden_Content{
    function __construct(){
        add_action('init', array($this, 'init'));
        add_action('wp_ajax_wpcom_get_hidden_content', array($this, 'hidden_content'));
        add_action('wp_ajax_nopriv_wpcom_get_hidden_content', array($this, 'hidden_content'));
        add_action('rest_api_init', array($this, 'rest_hidden_content'), 100 );
        add_action('set_comment_cookies', array( $this, 'set_comment_cookies'));

        add_filter('wpmx_localize_script', function($scripts){
            $scripts['hidden_content'] = true;
            return $scripts;
        });
    }

    public function init() {
        register_block_type('wpcom/hidden-content', array(
            'render_callback' => function ($attr, $content) {
                global $wpcom_member;
                $output = $wpcom_member->load_template('hidden-content', $attr);
                return '<div class="wp-block-wpcom-hidden-content">' . $output . '</div>';
            }
        ));
    }

    public function set_comment_cookies($comment){
        if($comment->comment_author_email){
            $comment_cookie_lifetime = time() + apply_filters( 'comment_cookie_lifetime', 30000000 );
            $secure = ( 'https' === parse_url( home_url(), PHP_URL_SCHEME ) );
            setcookie( 'wpcom_comment_author_email_' . COOKIEHASH, $comment->comment_author_email, $comment_cookie_lifetime, COOKIEPATH, COOKIE_DOMAIN, $secure );
        }
    }

    function hidden_content(){
        remove_filter('the_content','wpautop');
        $post_id = isset($_POST['post_id']) ? $_POST['post_id'] : 0;
        $password = isset($_POST['password']) ? $_POST['password'] : '';
        $id = $password && isset($_POST['id']) ? $_POST['id'] : '';
        $res = self::get_hidden_content($post_id, $password, $id);
        wp_send_json($res);
    }

    function rest_hidden_content(){
        $api = new REST_HC_Controller();
        $api->register_routes();
    }

    public static function get_hidden_content($post_id, $password='', $id=''){
        global $post;
        $res = [];
        if($post_id && $post = get_post($post_id)){
            if(isset($post->ID)){
                $blocks = self::get_hide_content_blocks($post);
                if($blocks && is_array($blocks)){
                    foreach ($blocks as $block){
                        if(isset($block['attrs']) && isset($block['attrs']['id']) && $block['attrs']['id']){
                            $type = isset($block['attrs']['type']) ? $block['attrs']['type'] : '0';
                            switch ($type){
                                case '1': // 登录
                                    $content = self::shortcode_login_view($block);
                                    break;
                                case '2': // 用户组
                                    $content = self::shortcode_group_view($block);
                                    break;
                                case '3': // 口令
                                    $content = self::shortcode_password_view($block, $password, $id);
                                    break;
                                case '0': // 回复
                                default:
                                    $content = self::shortcode_comment_view($block);
                                    break;
                            }
                            if(isset($content) && $content) $res[$block['attrs']['id']] = $content;
                        }
                    }
                }
            }
        }
        return $res;
    }

    static function get_hide_content_blocks($post){
        $blocks = self::parse_blocks($post->post_content);
        $res = self::loop_blocks($blocks);
        if((empty($blocks) || empty($res)) && class_exists(\WPCOM\Modules\Module::class)){
            $template = get_post_meta($post->ID, '_wp_page_template', true);
            if($template === 'page-home.php'){
                $blocks = WPCOM_MP_get_gutenberg_blocks($post->ID);
                if($blocks && !empty($blocks)) $res = self::loop_blocks($blocks);
            }
        }
        $view_type = get_post_meta($post->ID, 'wpcom_view_type', true);
        if($view_type === '1'){
            $type = get_post_meta($post->ID, 'wpcom_unlock_type', true);
            if($type === '0' || $type === '1' || $type === '2' || $type === '4'){
                if($blocks){
                    $skip = true;
                    $innerBlocks = [];
                    foreach($blocks as $block){
                        if($block['blockName'] === 'core/more'){
                            $skip = false;
                        }else if($skip === false){
                            $innerBlocks[] = $block;
                        }
                    }
                    $type = $type === '4' ? '3' : $type;
                    $res[] = array(
                        'blockName' => 'wpcom/hidden-content',
                        'attrs' => array(
                            'id' => 'post-hidden-content-'.$post->ID,
                            'type' => $type,
                            'user_group' => $type === '2' ? get_post_meta($post->ID, 'wpcom_unlock_groups', true) : '',
                            'password' => $type === '3' ? get_post_meta($post->ID, 'wpcom_unlock_password', true) : '',
                            'tips' => ''
                        ),
                        'innerBlocks' => $innerBlocks,
                        'innerHTML' => '',
                        'innerContent' => []
                    );
                }
            }
        }
        return $res;
    }

    static function parse_blocks($content){
        $res = [];
        if($content && is_string($content)){
            $pattern = '/<!--\s*more\s*-->/i';
            if ( function_exists('has_blocks') && has_blocks( $content ) ) {
                $res = parse_blocks( $content );
            } else if(preg_match($pattern, $content, $matches, PREG_OFFSET_CAPTURE)) {
                // 经典编辑器内容
                // 寻找第一个非 HTML 标签内的 <!--more--> 标签
                $pos = $matches[0][1];

                // 检查是否在 HTML 标签内(例如 <pre>、<code> 内部)
                $before = substr($content, 0, $pos);
                $after  = substr($content, $pos + strlen($matches[0][0]));

                // 这里简单检测是否在标签内
                $open_tags = substr_count($before, '<');
                $close_tags = substr_count($before, '>');
                if ($open_tags === $close_tags) {
                    // 安全可分割
                    $before = trim($before);
                    $after  = trim($after);

                    if ($before !== '') {
                        $res[] = [
                            'blockName'    => null,
                            'attrs'        => [],
                            'innerBlocks'  => [],
                            'innerHTML'    => $before,
                            'innerContent' => [$before],
                        ];
                    }

                    $res[] = [
                        'blockName'    => 'core/more',
                        'attrs'        => [],
                        'innerBlocks'  => [],
                        'innerHTML'    => '',
                        'innerContent' => [],
                    ];

                    if ($after !== '') {
                        $after = wpautop( do_shortcode( shortcode_unautop( $after ) ) );
                        $res[] = [
                            'blockName'    => null,
                            'attrs'        => [],
                            'innerBlocks'  => [],
                            'innerHTML'    => $after,
                            'innerContent' => [ $after ],
                        ];
                    }

                    return $res;
                }
            }
        }

        return $res;
    }

    static function loop_blocks($blocks){
        $res = [];
        if($blocks){
            foreach ($blocks as $block){
                if($block['blockName'] === 'wpcom/hidden-content'){
                    $res[] = $block;
                }else if(isset($block['innerBlocks']) && $block['innerBlocks']){
                    $childs = self::loop_blocks($block['innerBlocks']);
                    if($childs) $res = array_merge($res, $childs);
                }
            }
        }
        return $res;
    }

    static function shortcode_comment_view($block){
        global $post, $current_user;
        $show = 0;
        if($current_user && isset($current_user->ID) && $current_user->ID){
            $c_args = array(
                'post_id' => $post->ID,
                'user_id' => $current_user->ID,
                'count'   => true
            );
            if($post && $post->post_type === 'qa_post') $c_args['type'] = 'answer';
            $show = get_comments( $c_args );
        }else if(isset($_COOKIE['wpcom_comment_author_email_' . COOKIEHASH])){
            $email = urldecode($_COOKIE['wpcom_comment_author_email_' . COOKIEHASH]);
            if($email){
                $c_args = array(
                    'post_id' => $post->ID,
                    'author_email' => $email,
                    'count'   => true
                );
                if($post && $post->post_type === 'qa_post') $c_args['type'] = 'answer';
                $show = get_comments( $c_args );
            }
        }
        if($show && $block['innerBlocks']){
            return self::render_hidden_content($block['innerBlocks']);
        }
    }

    static function shortcode_login_view($block){
        global $current_user;
        if($current_user && isset($current_user->ID) && $current_user->ID && $block['innerBlocks']){
            return self::render_hidden_content($block['innerBlocks']);
        }
    }

    static function shortcode_group_view($block){
        global $current_user;
        if($current_user && isset($current_user->ID) && $current_user->ID && isset($block['attrs']['user_group']) && is_array($block['attrs']['user_group'])){
            $group = wpcom_get_user_group($current_user->ID);
            if($group && in_array($group->term_id, $block['attrs']['user_group']) && $block['innerBlocks']){
                return self::render_hidden_content($block['innerBlocks']);
            }
        }
    }

    static function shortcode_password_view($block, $password, $id){
        global $post;
        $show = 0;
        $the_password = isset($block['attrs']['password']) ? $block['attrs']['password'] : '';
        $the_password = apply_filters('wpcom_unlock_password', $the_password, $post->ID, $block['attrs']);
        if($password && $id && (string)$the_password === (string)$password && $block['attrs']['id'] === $id && $block['innerBlocks']){
            if(isset($post->ID)) Session::set($post->ID . '_' . $block['attrs']['id'], 1);
            $show = 1;
        }else if(isset($post->ID) && isset($block['attrs']['id']) && Session::get($post->ID . '_' . $block['attrs']['id']) == 1){
            $show = 1;
        }
        if($show) return self::render_hidden_content($block['innerBlocks']);
    }

    private static function render_hidden_content($innerBlocks){
        if(is_array($innerBlocks) && !empty($innerBlocks)){
            $output = '';
            foreach ( $innerBlocks as $block ) {
                $output .= render_block( $block );
            }
            $content = apply_filters('the_content', $output);
            return $content;
        }
    }
}

new Hidden_Content();

class REST_HC_Controller extends \WP_REST_Controller{
    protected $meta;
    public function __construct(){
        $this->namespace = 'wpcom/v1';
        $this->rest_base = 'hidden-content';
    }

    public function register_routes()
    {
        register_rest_route($this->namespace, '/' . $this->rest_base, array(
            array(
                'methods'             => \WP_REST_Server::READABLE,
                'callback'            => array($this, 'get_items'),
                'args'                => $this->get_collection_params(),
                'permission_callback' => array( $this, 'no_check' )
            ),
            'schema' => array($this, 'get_public_item_schema'),
        ));
    }
    function get_collection_params() {
        return array(
            'post_id' => array(
                'required'          => true,
                'default'           => 0,
                'type'              => 'integer',
                'validate_callback' => 'rest_validate_request_arg',
            ),
            'password' => array(
                'required'          => false,
                'default'           => '',
                'type'              => 'string'
            ),
            'id' => array(
                'required'          => false,
                'default'           => '',
                'type'              => 'string'
            )
        );
    }
    function get_items($request) {
        $content = Hidden_Content::get_hidden_content($request['post_id'], $request['password'], $request['id']);
        return rest_ensure_response( $content );
    }
    function no_check(){
        return true;
    }
}

Youez - 2016 - github.com/yon3zu
LinuXploit