\u66f8\u7c4d\u306b\u66f8\u3044\u3066\u3042\u308b\u3068\u304a\u308a\u3001\u30c6\u30fc\u30de\u30a8\u30c7\u30a3\u30bf\u3067\u300cindex.php\u300d\u306b\u30b3\u30fc\u30c9\u3092\u66f8\u304d\u3001\u300c\u30d5\u30a1\u30a4\u30eb\u3092\u66f4\u65b0\u300d\u3092\u30af\u30ea\u30c3\u30af\u3057\u305f\u6240\u3001\u6b21\u306e\u30a8\u30e9\u30fc\u304c\u767a\u751f\u3057\u3066\u66f4\u65b0\u3067\u304d\u307e\u305b\u3093\u3002<\/p>\n
\u81f4\u547d\u7684\u306a\u30a8\u30e9\u30fc\u3092\u30c1\u30a7\u30c3\u30af\u3059\u308b\u305f\u3081\u306b\u30b5\u30a4\u30c8\u3068\u901a\u4fe1\u3067\u304d\u306a\u3044\u305f\u3081\u3001PHP \u306e\u5909\u66f4\u306f\u53d6\u308a\u6d88\u3055\u308c\u307e\u3057\u305f\u3002SFTP \u3092\u4f7f\u3046\u306a\u3069\u3001\u4ed6\u306e\u624b\u6bb5\u3067 PHP \u30d5\u30a1\u30a4\u30eb\u306e\u5909\u66f4\u3092\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u3059\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002<\/div>\n
\u8abf\u3079\u3066\u307f\u305f\u6240\u3001wp-admin\/includes\/file.php\u306e\u4ee5\u4e0b\u306e\u90e8\u5206\u3092\u30b3\u30e1\u30f3\u30c8\u30a2\u30a6\u30c8\u3059\u308b\u3068\u554f\u984c\u304c\u89e3\u6c7a\u3059\u308b\u3068\u66f8\u3044\u3066\u3042\u308a\u307e\u3059\u3002
\n\u591a\u304f\u306e\u30d6\u30ed\u30b0\u3067492\u301c599\u884c\u76ee\u3068\u8a18\u8ff0\u3055\u308c\u3066\u3044\u307e\u3059\u304c\u3001WordPress\u306e\u30d0\u30fc\u30b8\u30e7\u30f3\u306b\u3088\u308a\u884c\u756a\u53f7\u306f\u7570\u306a\u308b\u3088\u3046\u3067\u3059\u3002<\/p>\n
\tif ( $is_active && 'php' === $extension ) {\r\n\r\n\t\t$scrape_key = md5( rand() );\r\n\t\t$transient = 'scrape_key_' . $scrape_key;\r\n\t\t$scrape_nonce = strval( rand() );\r\n\t\tset_transient( $transient, $scrape_nonce, 60 ); \/\/ It shouldn't take more than 60 seconds to make the two loopback requests.\r\n\r\n\t\t$cookies = wp_unslash( $_COOKIE );\r\n\t\t$scrape_params = array(\r\n\t\t\t'wp_scrape_key' => $scrape_key,\r\n\t\t\t'wp_scrape_nonce' => $scrape_nonce,\r\n\t\t);\r\n\t\t$headers = array(\r\n\t\t\t'Cache-Control' => 'no-cache',\r\n\t\t);\r\n\r\n\t\t\/** This filter is documented in wp-includes\/class-wp-http-streams.php *\/\r\n\t\t$sslverify = apply_filters( 'https_local_ssl_verify', false );\r\n\r\n\t\t\/\/ Include Basic auth in loopback requests.\r\n\t\tif ( isset( $_SERVER['PHP_AUTH_USER'] ) && isset( $_SERVER['PHP_AUTH_PW'] ) ) {\r\n\t\t\t$headers['Authorization'] = 'Basic ' . base64_encode( wp_unslash( $_SERVER['PHP_AUTH_USER'] ) . ':' . wp_unslash( $_SERVER['PHP_AUTH_PW'] ) );\r\n\t\t}\r\n\r\n\t\t\/\/ Make sure PHP process doesn't die before loopback requests complete.\r\n\t\tset_time_limit( 300 );\r\n\r\n\t\t\/\/ Time to wait for loopback requests to finish.\r\n\t\t$timeout = 100;\r\n\r\n\t\t$needle_start = \"###### wp_scraping_result_start:$scrape_key ######\";\r\n\t\t$needle_end = \"###### wp_scraping_result_end:$scrape_key ######\";\r\n\r\n\t\t\/\/ Attempt loopback request to editor to see if user just whitescreened themselves.\r\n\t\tif ( $plugin ) {\r\n\t\t\t$url = add_query_arg( compact( 'plugin', 'file' ), admin_url( 'plugin-editor.php' ) );\r\n\t\t} elseif ( isset( $stylesheet ) ) {\r\n\t\t\t$url = add_query_arg(\r\n\t\t\t\tarray(\r\n\t\t\t\t\t'theme' => $stylesheet,\r\n\t\t\t\t\t'file' => $file,\r\n\t\t\t\t),\r\n\t\t\t\tadmin_url( 'theme-editor.php' )\r\n\t\t\t);\r\n\t\t} else {\r\n\t\t\t$url = admin_url();\r\n\t\t}\r\n\t\t$url = add_query_arg( $scrape_params, $url );\r\n\t\t$r = wp_remote_get( $url, compact( 'cookies', 'headers', 'timeout', 'sslverify' ) );\r\n\t\t$body = wp_remote_retrieve_body( $r );\r\n\t\t$scrape_result_position = strpos( $body, $needle_start );\r\n\r\n\t\t$loopback_request_failure = array(\r\n\t\t\t'code' => 'loopback_request_failed',\r\n\t\t\t'message' => __( 'Unable to communicate back with site to check for fatal errors, so the PHP change was reverted. You will need to upload your PHP file change by some other means, such as by using SFTP.' ),\r\n\t\t);\r\n\t\t$json_parse_failure = array(\r\n\t\t\t'code' => 'json_parse_error',\r\n\t\t);\r\n\r\n\t\t$result = null;\r\n\t\tif ( false === $scrape_result_position ) {\r\n\t\t\t$result = $loopback_request_failure;\r\n\t\t} else {\r\n\t\t\t$error_output = substr( $body, $scrape_result_position + strlen( $needle_start ) );\r\n\t\t\t$error_output = substr( $error_output, 0, strpos( $error_output, $needle_end ) );\r\n\t\t\t$result = json_decode( trim( $error_output ), true );\r\n\t\t\tif ( empty( $result ) ) {\r\n\t\t\t\t$result = $json_parse_failure;\r\n\t\t\t}\r\n\t\t}\r\n\r\n\t\t\/\/ Try making request to homepage as well to see if visitors have been whitescreened.\r\n\t\tif ( true === $result ) {\r\n\t\t\t$url = home_url( '\/' );\r\n\t\t\t$url = add_query_arg( $scrape_params, $url );\r\n\t\t\t$r = wp_remote_get( $url, compact( 'cookies', 'headers', 'timeout' ) );\r\n\t\t\t$body = wp_remote_retrieve_body( $r );\r\n\t\t\t$scrape_result_position = strpos( $body, $needle_start );\r\n\r\n\t\t\tif ( false === $scrape_result_position ) {\r\n\t\t\t\t$result = $loopback_request_failure;\r\n\t\t\t} else {\r\n\t\t\t\t$error_output = substr( $body, $scrape_result_position + strlen( $needle_start ) );\r\n\t\t\t\t$error_output = substr( $error_output, 0, strpos( $error_output, $needle_end ) );\r\n\t\t\t\t$result = json_decode( trim( $error_output ), true );\r\n\t\t\t\tif ( empty( $result ) ) {\r\n\t\t\t\t\t$result = $json_parse_failure;\r\n\t\t\t\t}\r\n\t\t\t}\r\n\t\t}\r\n\r\n\t\tdelete_transient( $transient );\r\n\r\n\t\tif ( true !== $result ) {\r\n\r\n\t\t\t\/\/ Roll-back file change.\r\n\t\t\tfile_put_contents( $real_file, $previous_content );\r\n\t\t\tif ( function_exists( 'opcache_invalidate' ) ) {\r\n\t\t\t\topcache_invalidate( $real_file, true );\r\n\t\t\t}\r\n\r\n\t\t\tif ( ! isset( $result['message'] ) ) {\r\n\t\t\t\t$message = __( 'Something went wrong.' );\r\n\t\t\t} else {\r\n\t\t\t\t$message = $result['message'];\r\n\t\t\t\tunset( $result['message'] );\r\n\t\t\t}\r\n\t\t\treturn new WP_Error( 'php_error', $message, $result );\r\n\t\t}\r\n\t}<\/pre>\n\u300cif ( $is_active && ‘php’ === $extension ) {\u300d<\/span><\/strong>\u306e\u524d\u306e\u884c\u306b\u300c\/*\u300d\u3001
\n\u4e00\u756a\u6700\u5f8c\u306e\u884c\u306e\u6b21\uff08\u300cif ( $theme instanceof WP_Theme ) {\u300d<\/span><\/strong>\u306e\u524d\uff09\u306b\u300c*\/\u300d\u3068\u5165\u529b\u3057\u3066\u304b\u3089\u3001\u518d\u5ea6\u3001\u30c6\u30fc\u30de\u30a8\u30c7\u30a3\u30bf\u3067\u300c\u30d5\u30a1\u30a4\u30eb\u306e\u66f4\u65b0\u300d\u3092\u30af\u30ea\u30c3\u30af\u3057\u305f\u3068\u3053\u308d\u3001
\n\u6b21\u306e\u30a8\u30e9\u30fc\u306b\u5909\u308f\u308a\u307e\u3057\u305f\u3002<\/p>\n\u4f55\u304b\u3046\u307e\u304f\u3044\u304b\u306a\u304b\u3063\u305f\u3088\u3046\u3067\u3059\u3002\u5909\u66f4\u304c\u4fdd\u5b58\u3055\u308c\u3066\u3044\u306a\u3044\u304b\u3082\u3057\u308c\u307e\u305b\u3093\u3002\u624b\u52d5\u3067\u4fee\u6b63\u3057\u3001FTP \u7d4c\u7531\u3067\u30d5\u30a1\u30a4\u30eb\u3092\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u3059\u308b\u3053\u3068\u3082\u3067\u304d\u307e\u3059\u3002<\/div>\n\n\t
\u30b9\u30dd\u30f3\u30b5\u30fc\u30ea\u30f3\u30af<\/p>\n\t