majick777 · August 24, 2023 12:29
diff --git a/clean-post-scripts.php b/clean-post-scripts.php
 <?php

 // ================================
 // CLEAN ALL SCRIPT TAGS FROM POSTS
 // ================================
 // 
 // Usage: Drop this file in your /wp-content/mu-plugins/ folder.
 //
 // Any post or page that contains a script tag will have it removed automatically.
 // This helps prevent re-infection while hardening your site security.
 // You can also run a querystring URL to loop and remove from all posts/pages.
 //
 // Since it's bad practice to have script tags in your post content anyway!
 // This treats all scripts as malware and removes them (eg. via MySQL injection.)
 // If you are in the practice of this, DO NOT USE until you manually edit and
 // move your own scripts out of any post content to a separately enuqeued file.

 // --- set post types to clean ---
 // Add any other custom post type slugs if and as needed...
 global $clean_post_types;
 $clean_post_types = array( 'post', 'page' );


 // ----------------------
 // Clean All Post Scripts
 // ----------------------
 // Usage: append /?clean-post-scripts=1 to your site's URL
 // Caution: always backup your database before running bulk edits like this!
 add_action( 'init', 'clean_all_post_scripts' );
 function clean_all_post_scripts() {

 	global $wpdb, $clean_post_types;

 	if ( !isset( $_REQUEST['clean-post-scripts'] ) || ( '1' != $_REQUEST['clean-post-scripts'] ) ) {
 		return;
 	}
 	if ( !is_array( $clean_post_types ) || ( count( $clean_post_types ) < 1 ) ) {
 		return;
 	}

 	$post_types = '';
 	foreach ( $clean_post_types as $clean_post_type ) {
 		$clean_post_type = sanitize_text_field( $clean_post_type );
 		if ( '' != $post_types ) {
 			$post_types .= ',';
 		}
 		$post_types .= "'" . $clean_post_type . "'";
 	}

 	$query = "SELECT ID, post_content FROM " . $wpdb->prefix . "posts WHERE post_type IN (" . $post_types . ")";
 	echo $query . '<br>';

 	$results = $wpdb->get_results( $query, ARRAY_A );
 	$found = 0;
 	if ( $results && is_array( $results ) && ( count( $results ) > 0 ) ) {
 		foreach ( $results as $i => $result ) {
 			$content = clean_post_content_script( $result['post_content'] );
 			if ( $content != $result['post_content'] ) {
 				// $query = "UPDATE " . $wpdb->prefix . "posts SET 'post_content' = %s WHERE ID = %d";
 				// $query = $wpdb->prepare( $query, $result['post_content'], $result['ID'] );
 				// $result = $wpdb->query( $query );
 				$data = array( 'post_content' => $content );
 				$where = array( 'ID' => $result['ID'] );
 				$update = $wpdb->update( $wpdb->prefix . "posts", $data, $where );
 				echo 'Found and removed script in post ID ' . $result['ID'] . ': ' . $update . '<br>';
 				$found++;
 			}
 		}
 		echo '<br>Checked ' . count( $results ) . ' posts. Found and removed script tag in ' . $found . ' posts.';
 	}

 	exit;
 }

 // -----------------------------------
 // Clean Script Tags from Current Post
 // -----------------------------------
 add_action( 'wp', 'clean_post_content_scripts', 1 );
 function clean_post_content_scripts() {
 	global $post, $clean_post_types;
 	if ( is_object( $post ) && is_singular() && !is_admin() ) {
 		if ( in_array( $post->post_type, $clean_post_types ) ) {
 			$content = clean_post_content_script( $post->post_content );
 			if ( $content != $post->post_content ) {
 				$args = array( 'ID' => $post->ID, 'post_content' => $content );
 				wp_update_post( $args );
 				$post = get_post( $post->ID );
 			}
 		}
 	}
 }

 // ------------------------------
 // Clean Script Tags from Content
 // ------------------------------
 function clean_post_content_script( $content ) {

 	$tag_open = '<script';
 	if ( !stristr( $content, $tag_open ) ) {
 		return $content;
 	}
 	while ( stristr( $content, $tag_open ) ) {
 		$pos = stripos( $content, $tag_open );
 		$chunks = str_split( $content, $pos );
 		$before = $chunks[0];
 		unset( $chunks[0] );
 		$remainder = implode( '', $chunks );
 		$tag_close = stristr( $remainder, '</script>' ) ? '</script>' : '>';
 		$posb = stripos( $remainder, $tag_close ) + strlen( $tag_close );
 		$chunks = str_split( $remainder, $posb );
 		unset( $chunks[0] );
 		$after = implode( '', $chunks );
 		$content = $before . $after;
 	}

 	return $content;
 }
	<?php

	// ================================
	// CLEAN ALL SCRIPT TAGS FROM POSTS
	// ================================
	//
	// Usage: Drop this file in your /wp-content/mu-plugins/ folder.
	//
	// Any post or page that contains a script tag will have it removed automatically.
	// This helps prevent re-infection while hardening your site security.
	// You can also run a querystring URL to loop and remove from all posts/pages.
	//
	// Since it's bad practice to have script tags in your post content anyway!
	// This treats all scripts as malware and removes them (eg. via MySQL injection.)
	// If you are in the practice of this, DO NOT USE until you manually edit and
	// move your own scripts out of any post content to a separately enuqeued file.

	// --- set post types to clean ---
	// Add any other custom post type slugs if and as needed...
	global $clean_post_types;
	$clean_post_types = array( 'post', 'page' );


	// ----------------------
	// Clean All Post Scripts
	// ----------------------
	// Usage: append /?clean-post-scripts=1 to your site's URL
	// Caution: always backup your database before running bulk edits like this!
	add_action( 'init', 'clean_all_post_scripts' );
	function clean_all_post_scripts() {

	global $wpdb, $clean_post_types;

	if ( !isset( $_REQUEST['clean-post-scripts'] ) \|\| ( '1' != $_REQUEST['clean-post-scripts'] ) ) {
	return;
	}
	if ( !is_array( $clean_post_types ) \|\| ( count( $clean_post_types ) < 1 ) ) {
	return;
	}

	$post_types = '';
	foreach ( $clean_post_types as $clean_post_type ) {
	$clean_post_type = sanitize_text_field( $clean_post_type );
	if ( '' != $post_types ) {
	$post_types .= ',';
	}
	$post_types .= "'" . $clean_post_type . "'";
	}

	$query = "SELECT ID, post_content FROM " . $wpdb->prefix . "posts WHERE post_type IN (" . $post_types . ")";
	echo $query . '<br>';

	$results = $wpdb->get_results( $query, ARRAY_A );
	$found = 0;
	if ( $results && is_array( $results ) && ( count( $results ) > 0 ) ) {
	foreach ( $results as $i => $result ) {
	$content = clean_post_content_script( $result['post_content'] );
	if ( $content != $result['post_content'] ) {
	// $query = "UPDATE " . $wpdb->prefix . "posts SET 'post_content' = %s WHERE ID = %d";
	// $query = $wpdb->prepare( $query, $result['post_content'], $result['ID'] );
	// $result = $wpdb->query( $query );
	$data = array( 'post_content' => $content );
	$where = array( 'ID' => $result['ID'] );
	$update = $wpdb->update( $wpdb->prefix . "posts", $data, $where );
	echo 'Found and removed script in post ID ' . $result['ID'] . ': ' . $update . '<br>';
	$found++;
	}
	}
	echo '<br>Checked ' . count( $results ) . ' posts. Found and removed script tag in ' . $found . ' posts.';
	}

	exit;
	}

	// -----------------------------------
	// Clean Script Tags from Current Post
	// -----------------------------------
	add_action( 'wp', 'clean_post_content_scripts', 1 );
	function clean_post_content_scripts() {
	global $post, $clean_post_types;
	if ( is_object( $post ) && is_singular() && !is_admin() ) {
	if ( in_array( $post->post_type, $clean_post_types ) ) {
	$content = clean_post_content_script( $post->post_content );
	if ( $content != $post->post_content ) {
	$args = array( 'ID' => $post->ID, 'post_content' => $content );
	wp_update_post( $args );
	$post = get_post( $post->ID );
	}
	}
	}
	}

	// ------------------------------
	// Clean Script Tags from Content
	// ------------------------------
	function clean_post_content_script( $content ) {

	$tag_open = '<script';
	if ( !stristr( $content, $tag_open ) ) {
	return $content;
	}
	while ( stristr( $content, $tag_open ) ) {
	$pos = stripos( $content, $tag_open );
	$chunks = str_split( $content, $pos );
	$before = $chunks[0];
	unset( $chunks[0] );
	$remainder = implode( '', $chunks );
	$tag_close = stristr( $remainder, '</script>' ) ? '</script>' : '>';
	$posb = stripos( $remainder, $tag_close ) + strlen( $tag_close );
	$chunks = str_split( $remainder, $posb );
	unset( $chunks[0] );
	$after = implode( '', $chunks );
	$content = $before . $after;
	}

	return $content;
	}