forked from jerodsanto/wordpress-console
-
Notifications
You must be signed in to change notification settings - Fork 0
/
query.php
70 lines (54 loc) · 1.67 KB
/
query.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
<?php
require_once( 'common.php' );
set_error_handler( 'console_error_handler' );
$secret = get_option( 'wordpress-console-secret' );
if ( !$secret ) {
return;
}
if ( !isset( $_POST['signature'] ) || !$_POST['signature'] ) {
return;
}
if ( !isset( $_POST['query'] ) || !$_POST['query'] ) {
return;
}
$query = stripslashes( $_POST['query'] );
if ( hash_hmac( 'sha1', $query, $secret ) != $_POST['signature'] ) {
return;
}
$existing_vars = get_defined_vars();
// restore session variables if they exist
if ( isset( $_SESSION['console_vars'] ) ) {
extract( eval( "return " . $_SESSION['console_vars'] . ";" ) );
}
// append query to current partial query if there is one
if ( isset( $_SESSION['partial'] ) ) {
$query = $_SESSION['partial'] . $query;
}
try {
if ( parse( $query ) == 0 ) {
$response = array();
ob_start(); // start output buffer (to capture prints)
$rval = eval( $_SESSION['code'] );
$response['output'] = ob_get_contents();
ob_end_clean(); // quietly discard buffered output
if ( isset( $rval ) ) {
ob_start(); // do it again, this time for the return value
print_r( $rval );
$response['rval'] = ob_get_contents();
ob_end_clean();
}
// clear the code buffer
$_SESSION['code'] = '';
$_SESSION['partial'] = '';
print json_encode( $response );
} else {
print json_encode( array( 'output' => 'partial' ) );
}
} catch( Exception $exception ) {
error( $exception->getMessage() );
}
// store variables to session
$current_vars = get_defined_vars();
$ignore = array( 'query','response','rval','existing_vars','current_vars','_SESSION' );
save_variables( $existing_vars, $current_vars, $ignore );
?>