使用正则表达式定位特定的PHP标签
[英]Targeting specific PHP tag with regex
问题描述
All my wordpress websites have recently been hacked, and a very long PHP line has been added on top of all PHP files. 
我所有的wordpress网站最近都遭到了黑客攻击,并且在所有PHP文件的顶部添加了很长的PHP行。
It looks like that (juste a sample of the entire code) 看起来像这样(只是整个代码的示例)
<?php $gqmtlkp = '~ x24<!%o:!>! x242178}527}88:}35csboe))1/35.)1/14+9**-)1/2986+7452]88]5]48]32M3]317]445]212]445]43]321]y]252]18y]#>q%
The problem is that code is generated and is different in all files. 问题在于代码已生成,并且在所有文件中都不同。 But I noticed that every code contains 但是我注意到每个代码都包含
explode(chr((729-609))
Can someone help me with building a regex line, that will target first php tag (optional) containing : (numbers vary) 有人可以帮我建立一个正则表达式行,该行将针对第一个包含以下内容的php标签 (可选):(数字不同)
explode(chr((xxx-xxx))
so that I can automatically remove it in every files ? 这样我可以在每个文件中自动将其删除?
Thanks a lot for your help 非常感谢你的帮助
1 个解决方案
解决方案1
0 2016-04-23 03:04:36
Based on my understanding of your request you're looking to escape the following format: <?php(optional) explode(chr((xxx-xxx))) <- your sample was missing a third closing paranthesis for explode() function so I added it. 根据我对您的请求的理解,您正在寻求转义以下格式: <?php(optional) explode(chr((xxx-xxx))) <-您的示例缺少explode()函数的第三个闭合括号,因此我加了 If that's not right then just remove the last \\) portion. 如果不正确,则删除最后一个\\)部分。
Try this: /(\\<\\?php)? explode\\(chr\\(\\([0-9]{3,3}-[0-9]{3,3}\\)\\)\\)/ 试试这个: /(\\<\\?php)? explode\\(chr\\(\\([0-9]{3,3}-[0-9]{3,3}\\)\\)\\)/ /(\\<\\?php)? explode\\(chr\\(\\([0-9]{3,3}-[0-9]{3,3}\\)\\)\\)/
Not sure if space after optional first php tag is necessary. 不知道可选的第一个php标记后是否需要空格。 You can adjust it going from there. 您可以从那里进行调整。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.