Date: Fri, 5 Dec 2008 09:17:46 -0000 From: "Marc Coyles" <mcoyles@horbury.wakefield.sch.uk> To: <freebsd-questions@freebsd.org> Subject: RE: Mass find/replace... Message-ID: <004c01c956ba$56497410$02dc5c30$@wakefield.sch.uk> In-Reply-To: <200812050551.32850.fbsd.questions@rachie.is-a-geek.net> References: <002b01c95609$ed0c7200$c7255600$@wakefield.sch.uk> <1228395500.2781.41.camel@frodon.be-bif.ulb.ac.be> <200812050551.32850.fbsd.questions@rachie.is-a-geek.net>
index | next in thread | previous in thread | raw e-mail
> + not \; or you will fork on every result.
>
> Additionally, is this injected code one long string or broken down
> by the
> mailer? Grep isn't the best way to deal with it. It's pretty easy
> to correct
> with perl, bit trickier if it's multiline, still not too hard:
>
> find /home/horbury -type f -exec \
> perl -pi.bak -e 's,<\? /\*\*/eval\(base64_decode\(.*?\?>,,s' {} +
>
Sadly that didn't work. It created .bak files for everything within /home/Horbury recursively, but didn't make any changes - the base64_decode is till present.
Additional point to note: this only needs performing on .php files, not all files...
Would I be correct in guessing it's because the string for perl to search for omits a space?
IE: within the files, it's as follows:
<?php /**/eval(base64_decode('thestring')); ?>
Whereas the perl appears to be looking for:
<?php/**/eval(base64_decode(*wildcard*?>
Also... how to delete all files ending in .bak recursively? *grin*
I'm presuming it'd be:
Find /home/horbury -type f -name "*.bak" -exec \
Rm *.bak
???
Ta!
Marc
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?004c01c956ba$56497410$02dc5c30$>