Mass find/replace...
Marc Coyles
mcoyles at horbury.wakefield.sch.uk
Fri Dec 5 01:18:08 PST 2008
> + not \; or you will fork on every result.
>
> Additionally, is this injected code one long string or broken down
> by the
> mailer? Grep isn't the best way to deal with it. It's pretty easy
> to correct
> with perl, bit trickier if it's multiline, still not too hard:
>
> find /home/horbury -type f -exec \
> perl -pi.bak -e 's,<\? /\*\*/eval\(base64_decode\(.*?\?>,,s' {} +
>
Sadly that didn't work. It created .bak files for everything within /home/Horbury recursively, but didn't make any changes - the base64_decode is till present.
Additional point to note: this only needs performing on .php files, not all files...
Would I be correct in guessing it's because the string for perl to search for omits a space?
IE: within the files, it's as follows:
<?php /**/eval(base64_decode('thestring')); ?>
Whereas the perl appears to be looking for:
<?php/**/eval(base64_decode(*wildcard*?>
Also... how to delete all files ending in .bak recursively? *grin*
I'm presuming it'd be:
Find /home/horbury -type f -name "*.bak" -exec \
Rm *.bak
???
Ta!
Marc
More information about the freebsd-questions
mailing list