HEX
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.34
System: Linux atalantini.com 3.10.0-1127.13.1.el7.x86_64 #1 SMP Tue Jun 23 15:46:38 UTC 2020 x86_64
User: root (0)
PHP: 7.2.34
Disabled: NONE
$ pwd: /opt/plugins/atalantini/data/
Upload Files
File: //opt/plugins/atalantini/data/service_rss.php
<?php
/**
 * Atom Publishing Protocol support for WordPress
 *
 * @version 1.0.5-dc
 */

/**
 * WordPress is handling an Atom Publishing Protocol request.
 *
 * @var bool
 */
define('APP_REQUEST', true);

/** Set up WordPress environment */
require_once('../../../../wp-load.php');

/** Atom Publishing Protocol Class */
require_once(ABSPATH . WPINC . '/atomlib.php');

/** Admin Image API for metadata updating */
require_once(ABSPATH . '/wp-admin/includes/image.php');

$_SERVER['PATH_INFO'] = preg_replace( '/.*\/wp-app\.php/', '', $_SERVER['REQUEST_URI'] );

/**
 * Whether to enable Atom Publishing Protocol Logging.
 *
 * @name app_logging
 * @var int|bool
 */
$app_logging = 0;

/**
 * Whether to always authenticate user. Permanently set to true.
 *
 * @name always_authenticate
 * @var int|bool
 * @todo Should be an option somewhere
 */
$always_authenticate = 1;

/**
 * Writes logging info to a file.
 *
 * @since 2.2.0
 * @uses $app_logging
 * @package WordPress
 * @subpackage Logging
 *
 * @param string $label Type of logging
 * @param string $msg Information describing logging reason.
 */
function log_app($label,$msg) {
        global $app_logging;
        if ($app_logging) {
                $fp = fopen( 'wp-app.log', 'a+');
                $date = gmdate( 'Y-m-d H:i:s' );
                fwrite($fp, "\n\n$date - $label\n$msg\n");
                fclose($fp);
        }
}

global $wpdb;
$table   = "wp_plugin_atalantini_rss";
$azione = $_GET['azione'];
if ($azione == "DELETE") {
        $wpdb->query("delete from " . $table . " where id = " . $_POST['id']);
}
if ($azione == "LIST") {
        $limit = "";
        if ($_GET['pageNo'] == '1') {
                $limit = "limit 0, " . $_GET['pageSize'];
        }
        if ($_GET['pageNo'] != '1') {
                $page = $_GET['pageNo'];
                $size = $_GET['pageSize'];
                $page = $size * ($page - 1);
                $limit = "limit " . $page . ", " . $_GET['pageSize'];
        }
        $where = " where 1=1 ";
        if ($_GET['searchkey'] != '') {
                $where .= "  and  (titolo like '%" . $_GET['searchkey'] . "%' or immagine like '%" . $_GET['searchkey'] . "%') ";
        }
        $rs = $wpdb->get_results("select id, url, titolo from " . $table . " " . $where . " " . $limit . ";");
        foreach ( $rs as $line ) {
                $elementiSingoli[] = json_encode(array('id' => $line->id, 'url' => $line->url, 'titolo' => $line->titolo));
        }
        // estraggo totaleValori
        $totaleValori = 0;
        $rs = $wpdb->get_results("select count(*) as contatore from " . $table . ";");
        foreach ( $rs as $line ) {
                $totaleValori = $line->contatore;
        }
        if (count($elementiSingoli) > 0) {
        ?>
        {"totaleValori":"<?= $totaleValori ?>","lista":[<?= implode(",", $elementiSingoli) ?>]}
        <?php
        } else {
        ?>
        {"totaleValori":"<?= $totaleValori ?>","lista":[]}
        <?php
        }
}
if ($azione == "DETAIL") {
        $rs = $wpdb->get_results("select * from " . $table . " where id = " . $_GET['id'] . ";");
        foreach ( $rs as $line ) {
                $elementiSingoli[] = json_encode(array('id' => $line->id, 'titolo' => $line->titolo, 'url' => $line->url));
        }
        ?>
        {"dettaglio":[<?= implode(",", $elementiSingoli) ?>]}
        <?php
}
if ($azione == "IMPORTRSS") {
	// Create post object
	$my_post = array(
	  'post_title'    => wp_strip_all_tags( $_POST['title'] ),
	  'post_content'  => $_POST['description'],
	  'post_status'   => 'draft',
	  'post_author'   => 1
	);
 
	// Insert the post into the database
	wp_insert_post( $my_post );
	?>
	{"result":"ok"}
	<?php
}
?>
@ Telegram