Date: Fri, 5 Dec 2008 09:17:46 -0000 From: "Marc Coyles" <mcoyles@horbury.wakefield.sch.uk> To: <freebsd-questions@freebsd.org> Subject: RE: Mass find/replace... Message-ID: <004c01c956ba$56497410$02dc5c30$@wakefield.sch.uk> In-Reply-To: <200812050551.32850.fbsd.questions@rachie.is-a-geek.net> References: <002b01c95609$ed0c7200$c7255600$@wakefield.sch.uk> <1228395500.2781.41.camel@frodon.be-bif.ulb.ac.be> <200812050551.32850.fbsd.questions@rachie.is-a-geek.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> + not \; or you will fork on every result.
>=20
> Additionally, is this injected code one long string or broken down
> by the
> mailer? Grep isn't the best way to deal with it. It's pretty easy
> to correct
> with perl, bit trickier if it's multiline, still not too hard:
>=20
> find /home/horbury -type f -exec \
> perl -pi.bak -e 's,<\? /\*\*/eval\(base64_decode\(.*?\?>,,s' {} +
>=20
Sadly that didn't work. It created .bak files for everything within =
/home/Horbury recursively, but didn't make any changes - the =
base64_decode is till present.=20
Additional point to note: this only needs performing on .php files, not =
all files...=20
Would I be correct in guessing it's because the string for perl to =
search for omits a space?
IE: within the files, it's as follows:
<?php /**/eval(base64_decode('thestring')); ?>
Whereas the perl appears to be looking for:
<?php/**/eval(base64_decode(*wildcard*?>
Also... how to delete all files ending in .bak recursively? *grin*
I'm presuming it'd be:
Find /home/horbury -type f -name "*.bak" -exec \
Rm *.bak
???
Ta!
Marc
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?004c01c956ba$56497410$02dc5c30$>