Date: Fri, 5 Dec 2008 08:21:53 -0000 From: "Marc Coyles" <mcoyles@horbury.wakefield.sch.uk> To: <freebsd-questions@freebsd.org> Cc: 'Mel' <fbsd.questions@rachie.is-a-geek.net> Subject: RE: Mass find/replace... Message-ID: <002f01c956b2$87dd3b40$9797b1c0$@wakefield.sch.uk> In-Reply-To: <200812050551.32850.fbsd.questions@rachie.is-a-geek.net> References: <002b01c95609$ed0c7200$c7255600$@wakefield.sch.uk> <1228395500.2781.41.camel@frodon.be-bif.ulb.ac.be> <200812050551.32850.fbsd.questions@rachie.is-a-geek.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> + not \; or you will fork on every result.
>=20
> Additionally, is this injected code one long string or broken down
> by the
> mailer? Grep isn't the best way to deal with it. It's pretty easy
> to correct
> with perl, bit trickier if it's multiline, still not too hard:
>=20
> find /home/horbury -type f -exec \
> perl -pi.bak -e 's,<\?/\*\*/eval\(base64_decode\(.*?\?>,,s'
> {} +
>=20
Hi Mel...
S'One long singleline string broken down by the mailer...
<?php /**/eval(base64_decode([the huge long string originally =
quoted]));?>
Have tried doing a find and replace using perl, initially just to =
replace the string, leaving an empty base64_decode(), however, one of =
the ICT Teachers has created paths with spaces in, which seemed to throw =
off the perl I was using... will give yours a try later today *fingers =
crossed*...
If worst comes to worst I can restore from backups, it'll just mean =
students lose a few days of work that they'd submitted thru Moodle (I've =
been off for a day or three, and this appears to have happened on the =
first day of my absence)
Ta fer the helpful suggestions thus far!
Marc A Coyles - Horbury School ICT Support Team
Mbl: 07850 518106
Land: 01924 282740 ext 730
Helpdesk: 01924 282740 ext 2000
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?002f01c956b2$87dd3b40$9797b1c0$>