0 ) {
$files[] = $more_files;
}
}
}
else {
if ( strpos($f, '.php') !== false ) {
$contents = explode("\n", file_get_contents($path));
if ( strpos($contents[0], $hack_str, 0) !== false ) {
$files[] = $path;
}
}
}
}
}
return $files;
}
function print_files( $files ) {
if ( count($files) > 0 ) {
foreach ( $files as $file ) {
if ( is_array($file) ) {
print_files($file);
}
else {
echo $file . '
';
}
}
}
}
function fix_files( $files ) {
global $hack_str;
foreach ( $files as $file ) {
if ( is_array($file) ) {
fix_files($file);
}
else {
$contents = explode("\n", file_get_contents($file));
unset($contents[0]);
$f = fopen($file, 'w');
if ( $f ) {
$the_content = implode($contents, "\n");
$the_content = preg_replace('/^\\s/', '', $the_content); // remove any leading whitespace.
fwrite($f, $the_content, strlen($the_content));
fclose($f);
echo "Removed first line containing " . htmlentities($hack_str) ."from $file...
";
}
}
}
}
function get_count( $files ) {
$count = count($files);
foreach ( $files as $file ) {
if ( is_array($file) ) {
$count--; // remove this because it's a directory
$count += get_count($file);
}
else {
$count ++;
}
}
return $count / 2;
}
?>
Infected Files in
0 ) :
if ( $_POST['do_fix'] ) :
fix_files( $files );
die();
endif;
print_files($files);
?>