Mr.X

<?php

/**
 * Code related to the request.lib.php interface.
 *
 * PHP version 5
 *
 * @category   Library
 * @package    Sucuri
 * @subpackage SucuriScanner
 * @author     Daniel Cid <dcid@sucuri.net>
 * @copyright  2010-2018 Sucuri Inc.
 * @license    https://www.gnu.org/licenses/gpl-2.0.txt GPL2
 * @link       https://wordpress.org/plugins/sucuri-scanner
 */

if (!defined('SUCURISCAN_INIT') || SUCURISCAN_INIT !== true) {
    if (!headers_sent()) {
        /* Report invalid access if possible. */
        header('HTTP/1.1 403 Forbidden');
    }
    exit(1);
}

/**
 * HTTP request handler.
 *
 * Function definitions to retrieve, validate, and clean the parameters during a
 * HTTP request, generally after a form submission or while loading a URL. Use
 * these methods at most instead of accessing an index in the global PHP
 * variables _POST, _GET, _REQUEST since they may come with insecure data.
 *
 * @category   Library
 * @package    Sucuri
 * @subpackage SucuriScanner
 * @author     Daniel Cid <dcid@sucuri.net>
 * @copyright  2010-2018 Sucuri Inc.
 * @license    https://www.gnu.org/licenses/gpl-2.0.txt GPL2
 * @link       https://wordpress.org/plugins/sucuri-scanner
 */
class SucuriScanRequest extends SucuriScan
{
    /**
     * Returns the value of the _GET, _POST or _REQUEST key.
     *
     * You can pass an additional parameter to execute a regular expression that
     * will return False if the value doesn't matches what the RegExp defined.
     * Very useful to filter user input besides form validations.
     *
     * @param  array  $list    The array where the specified key will be searched.
     * @param  string $key     Name of the variable contained in _POST.
     * @param  string $pattern Optional pattern to match allowed values.
     * @return array|string|bool Value from the global _GET or _POST variable.
     */
    private static function request($list = array(), $key = '', $pattern = '')
    {
        $key = self::varPrefix((string) $key);

        if (!is_array($list) || !isset($list[$key])) {
            return false;
        }

        $key_value = $list[$key]; /* raw request parameter */

        /* if the request data is an array, then only cast the value. */
        if ($pattern === '_array' && is_array($key_value)) {
            return (array) $key_value;
        }

        /* match WordPress nonce */
        if ($pattern === '_nonce') {
            $pattern = '[a-z0-9]{10}';
        }

        /* match valid page identifier */
        if ($pattern === '_page') {
            $pattern = '[a-z_]+';
        }

        /* match every data format */
        if ($pattern === '') {
            $pattern = '.*';
        }

        /* check the format of the request data with a regex defined above. */
        if (@preg_match('/^' . $pattern . '$/', $key_value)) {
            return self::escape($key_value);
        }

        return false;
    }

    /**
     * Returns the value stored in a specific index in the global _GET variable,
     * you can specify a pattern as the second argument to match allowed values.
     *
     * @param  string $key     Name of the variable contained in _GET.
     * @param  string $pattern Optional pattern to match allowed values.
     * @return array|string    Value from the global _GET variable.
     */
    public static function get($key = '', $pattern = '')
    {
        return self::request($_GET, $key, $pattern);
    }

    /**
     * Returns the value stored in a specific index in the global _POST variable,
     * you can specify a pattern as the second argument to match allowed values.
     *
     * @param  string $key     Name of the variable contained in _POST.
     * @param  string $pattern Optional pattern to match allowed values.
     * @return array|string    Value from the global _POST variable.
     */
    public static function post($key = '', $pattern = '')
    {
        return self::request($_POST, $key, $pattern);
    }

    /**
     * Returns the value stored in a specific index in the global _REQUEST variable,
     * you can specify a pattern as the second argument to match allowed values.
     *
     * @param  string $key     Name of the variable contained in _REQUEST.
     * @param  string $pattern Optional pattern to match allowed values.
     * @return array|string    Value from the global _REQUEST variable.
     */
    public static function getOrPost($key = '', $pattern = '')
    {
        return self::request($_REQUEST, $key, $pattern);
    }
}

Name	Type	Size	Permission
api.lib.php	File	37.23 KB	0644
auditlogs.lib.php	File	10.89 KB	0644
base.lib.php	File	27.75 KB	0644
cache.lib.php	File	16.15 KB	0644
cli.lib.php	File	4.8 KB	0644
command.lib.php	File	6.19 KB	0644
cron.lib.php	File	1.8 KB	0644
event.lib.php	File	32.55 KB	0644
fileinfo.lib.php	File	14.98 KB	0644
firewall.lib.php	File	25.74 KB	0644
fsscanner.lib.php	File	4.2 KB	0644
globals.php	File	8.46 KB	0644
hardening.lib.php	File	10.94 KB	0644
hook.lib.php	File	38.23 KB	0644
index.html	File	38 B	0644
installer-skin-legacy.lib.php	File	1.58 KB	0644
installer-skin.lib.php	File	2.35 KB	0644
integrity.lib.php	File	26.07 KB	0644
interface.lib.php	File	13.03 KB	0644
lastlogins-failed.php	File	14.32 KB	0644
lastlogins-loggedin.php	File	7.76 KB	0644
lastlogins.php	File	16.13 KB	0644
mail.lib.php	File	9.48 KB	0644
option.lib.php	File	23.25 KB	0644
pagehandler.php	File	8.97 KB	0644
request.lib.php	File	4.4 KB	0644
settings-alerts.php	File	26.7 KB	0644
settings-apiservice.php	File	5.53 KB	0644
settings-general.php	File	27.19 KB	0644
settings-hardening.php	File	32.42 KB	0644
settings-integrity.php	File	5.37 KB	0644
settings-posthack.php	File	21.51 KB	0644
settings-scanner.php	File	9.69 KB	0644
settings-webinfo.php	File	5.55 KB	0644
settings.php	File	947 B	0644
sitecheck.lib.php	File	19.21 KB	0644
strings.php	File	45.61 KB	0644
template.lib.php	File	17.88 KB	0644
wordpress-recommendations.lib.php	File	10.9 KB	0644

Upload:

Command:

Filemanager

Server Info

System Info