Created
August 24, 2023 12:29
-
-
Save majick777/8207252105a632ca5e158a7b94f85132 to your computer and use it in GitHub Desktop.
Revisions
-
majick777 created this gist
Aug 24, 2023 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,118 @@ <?php // ================================ // CLEAN ALL SCRIPT TAGS FROM POSTS // ================================ // // Usage: Drop this file in your /wp-content/mu-plugins/ folder. // // Any post or page that contains a script tag will have it removed automatically. // This helps prevent re-infection while hardening your site security. // You can also run a querystring URL to loop and remove from all posts/pages. // // Since it's bad practice to have script tags in your post content anyway! // This treats all scripts as malware and removes them (eg. via MySQL injection.) // If you are in the practice of this, DO NOT USE until you manually edit and // move your own scripts out of any post content to a separately enuqeued file. // --- set post types to clean --- // Add any other custom post type slugs if and as needed... global $clean_post_types; $clean_post_types = array( 'post', 'page' ); // ---------------------- // Clean All Post Scripts // ---------------------- // Usage: append /?clean-post-scripts=1 to your site's URL // Caution: always backup your database before running bulk edits like this! add_action( 'init', 'clean_all_post_scripts' ); function clean_all_post_scripts() { global $wpdb, $clean_post_types; if ( !isset( $_REQUEST['clean-post-scripts'] ) || ( '1' != $_REQUEST['clean-post-scripts'] ) ) { return; } if ( !is_array( $clean_post_types ) || ( count( $clean_post_types ) < 1 ) ) { return; } $post_types = ''; foreach ( $clean_post_types as $clean_post_type ) { $clean_post_type = sanitize_text_field( $clean_post_type ); if ( '' != $post_types ) { $post_types .= ','; } $post_types .= "'" . $clean_post_type . "'"; } $query = "SELECT ID, post_content FROM " . $wpdb->prefix . "posts WHERE post_type IN (" . $post_types . ")"; echo $query . '<br>'; $results = $wpdb->get_results( $query, ARRAY_A ); $found = 0; if ( $results && is_array( $results ) && ( count( $results ) > 0 ) ) { foreach ( $results as $i => $result ) { $content = clean_post_content_script( $result['post_content'] ); if ( $content != $result['post_content'] ) { // $query = "UPDATE " . $wpdb->prefix . "posts SET 'post_content' = %s WHERE ID = %d"; // $query = $wpdb->prepare( $query, $result['post_content'], $result['ID'] ); // $result = $wpdb->query( $query ); $data = array( 'post_content' => $content ); $where = array( 'ID' => $result['ID'] ); $update = $wpdb->update( $wpdb->prefix . "posts", $data, $where ); echo 'Found and removed script in post ID ' . $result['ID'] . ': ' . $update . '<br>'; $found++; } } echo '<br>Checked ' . count( $results ) . ' posts. Found and removed script tag in ' . $found . ' posts.'; } exit; } // ----------------------------------- // Clean Script Tags from Current Post // ----------------------------------- add_action( 'wp', 'clean_post_content_scripts', 1 ); function clean_post_content_scripts() { global $post, $clean_post_types; if ( is_object( $post ) && is_singular() && !is_admin() ) { if ( in_array( $post->post_type, $clean_post_types ) ) { $content = clean_post_content_script( $post->post_content ); if ( $content != $post->post_content ) { $args = array( 'ID' => $post->ID, 'post_content' => $content ); wp_update_post( $args ); $post = get_post( $post->ID ); } } } } // ------------------------------ // Clean Script Tags from Content // ------------------------------ function clean_post_content_script( $content ) { $tag_open = '<script'; if ( !stristr( $content, $tag_open ) ) { return $content; } while ( stristr( $content, $tag_open ) ) { $pos = stripos( $content, $tag_open ); $chunks = str_split( $content, $pos ); $before = $chunks[0]; unset( $chunks[0] ); $remainder = implode( '', $chunks ); $tag_close = stristr( $remainder, '</script>' ) ? '</script>' : '>'; $posb = stripos( $remainder, $tag_close ) + strlen( $tag_close ); $chunks = str_split( $remainder, $posb ); unset( $chunks[0] ); $after = implode( '', $chunks ); $content = $before . $after; } return $content; }