1 | <?php |
2 | |
3 | /** |
4 | * Disable error reporting |
5 | * |
6 | * Set this to error_reporting( E_ALL ) or error_reporting( E_ALL | E_STRICT ) for debugging |
7 | */ |
8 | error_reporting(0); |
9 | |
10 | /** Set ABSPATH for execution */ |
11 | define( 'ABSPATH', dirname(dirname(__FILE__)) . '/' ); |
12 | define( 'WPINC', 'wp-includes' ); |
13 | |
14 | /** |
15 | * @ignore |
16 | */ |
17 | function __() {} |
18 | |
19 | /** |
20 | * @ignore |
21 | */ |
22 | function _x() {} |
23 | |
24 | |
25 | /** |
26 | * @ignore |
27 | */ |
28 | function add_filter() {} |
29 | |
30 | /** |
31 | * @ignore |
32 | */ |
33 | function esc_attr() {} |
34 | |
35 | /** |
36 | * @ignore |
37 | */ |
38 | function apply_filters() {} |
39 | |
40 | /** |
41 | * @ignore |
42 | */ |
43 | function get_option() {} |
44 | |
45 | /** |
46 | * @ignore |
47 | */ |
48 | function is_lighttpd_before_150() {} |
49 | |
50 | /** |
51 | * @ignore |
52 | */ |
53 | function add_action() {} |
54 | |
55 | /** |
56 | * @ignore |
57 | */ |
58 | function do_action_ref_array() {} |
59 | |
60 | /** |
61 | * @ignore |
62 | */ |
63 | function get_bloginfo() {} |
64 | |
65 | /** |
66 | * @ignore |
67 | */ |
68 | function is_admin() {return true;} |
69 | |
70 | /** |
71 | * @ignore |
72 | */ |
73 | function site_url() {} |
74 | |
75 | /** |
76 | * @ignore |
77 | */ |
78 | function admin_url() {} |
79 | |
80 | /** |
81 | * @ignore |
82 | */ |
83 | function wp_guess_url() {} |
84 | |
85 | function get_file($path) { |
86 | |
87 | if ( function_exists('realpath') ) |
88 | $path = realpath($path); |
89 | |
90 | if ( ! $path || ! @is_file($path) ) |
91 | return ''; |
92 | |
93 | return @file_get_contents($path); | //Arbitrary file disclosing
|
94 | } |
95 | |
96 | require(ABSPATH . '/wp-includes/script-loader.php'); |
97 | require(ABSPATH . '/wp-includes/version.php'); |
98 | |
99 | $load = preg_replace( '/[^a-z0-9,_-]+/i', '', $_GET['load'] ); |
100 | $load = explode(',', $load); |
101 | |
102 | if ( empty($load) ) |
103 | exit; |
104 | |
105 | $compress = ( isset($_GET['c']) && $_GET['c'] ); |
106 | $force_gzip = ( $compress && 'gzip' == $_GET['c'] ); |
107 | $rtl = ( isset($_GET['dir']) && 'rtl' == $_GET['dir'] ); |
108 | $expires_offset = 31536000; |
109 | $out = ''; |
110 | |
111 | $wp_styles = new WP_Styles(); |
112 | wp_default_styles($wp_styles); |
113 | |
114 | foreach( $load as $handle ) { |
115 | if ( !array_key_exists($handle, $wp_styles->registered) ) |
116 | continue; |
117 | |
118 | $style = $wp_styles->registered[$handle]; |
119 | $path = ABSPATH . $style->src; |
120 | |
121 | $content = get_file($path) . "\n"; | //Arbitrary file disclosing
|
122 | |
123 | if ( $rtl && isset($style->extra['rtl']) && $style->extra['rtl'] ) { |
124 | $rtl_path = is_bool($style->extra['rtl']) ? str_replace( '.css', '-rtl.css', $path ) : ABSPATH . $style->extra['rtl']; |
125 | $content .= get_file($rtl_path) . "\n"; | //Arbitrary file disclosing
|
126 | } |
127 | |
128 | $out .= str_replace( '../images/', 'images/', $content ); |
129 | } |
130 | |
131 | header('Content-Type: text/css'); |
132 | header('Expires: ' . gmdate( "D, d M Y H:i:s", time() + $expires_offset ) . ' GMT'); |
133 | header("Cache-Control: public, max-age=$expires_offset"); |
134 | |
135 | if ( $compress && ! ini_get('zlib.output_compression') && 'ob_gzhandler' != ini_get('output_handler') && isset($_SERVER['HTTP_ACCEPT_ENCODING']) ) { |
136 | header('Vary: Accept-Encoding'); // Handle proxies |
137 | if ( false !== strpos( strtolower($_SERVER['HTTP_ACCEPT_ENCODING']), 'deflate') && function_exists('gzdeflate') && ! $force_gzip ) { |
138 | header('Content-Encoding: deflate'); |
139 | $out = gzdeflate( $out, 3 ); |
140 | } elseif ( false !== strpos( strtolower($_SERVER['HTTP_ACCEPT_ENCODING']), 'gzip') && function_exists('gzencode') ) { |
141 | header('Content-Encoding: gzip'); |
142 | $out = gzencode( $out, 3 ); |
143 | } |
144 | } |
145 | |
146 | echo $out; | //Cross Site Scripting
|
147 | exit; |
148 | |