PHP deobfuscation, decryption, reconstruction tool

Obfuscated php code

<?php
 namespace Mgt\Varnish\Controller\Api; class PurgeUrl extends \Magento\Framework\App\Action\Action { protected $cachePurger; protected $config; public function __construct(\Magento\Framework\App\Action\Context $context, \Magento\CacheInvalidate\Model\PurgeCache $cachePurger, \Mgt\Varnish\Model\Cache\Config $config) { goto e35ec; d8d15: parent::__construct($context); goto F3715; e35ec: $this->cachePurger = $cachePurger; goto F9524; F9524: $this->config = $config; goto d8d15; F3715: } public function execute() { goto ae7ab; fff46: $secretKey = $request->getParam("\163\145\x63\x72\x65\x74\x4b\x65\171"); goto Db1d7; ae7ab: $request = $this->getRequest(); goto cce4a; ed70d: exit; goto F30cd; A0cd8: $body = []; goto fff46; Db1d7: $url = $request->getParam("\x75\x72\x6c"); goto d3b77; cce4a: $response = $this->getResponse(); goto A0cd8; d3b77: if (!($secretKey && $url)) { goto b6561; } goto B4d4f; a62e1: $body = json_encode($body); goto D35cb; d330c: $response->sendResponse(); goto ed70d; D35cb: $response->setHeader("\x43\x6f\156\164\x65\156\164\x2d\124\x79\160\x65", "\x61\x70\160\154\x69\x63\141\164\x69\x6f\156\57\x6a\163\157\156"); goto b3874; Ae27a: b6561: goto a62e1; B4d4f: try { goto Ebe5c; e0b1f: throw new \Exception("\123\x65\x63\x72\x65\x74\x20\141\160\151\x20\x6b\x65\x79\x20\151\163\x20\x6e\157\x74\40\143\x6f\162\x72\145\143\x74"); goto f224f; f224f: Dca30: goto Ee2e6; Ebe5c: $apiSecretKey = $this->config->getApiSecretKey(); goto a3419; d88a5: $body = ["\163\x75\x63\x63\x65\x73\163" => 1, "\x6d\145\x73\163\x61\x67\145" => sprintf("\124\150\145\x20\125\x52\x4c\40\x22\x25\x73\42\x20\x68\x61\x73\x20\x62\x65\145\156\40\x70\165\162\x67\x65\x64\56", $url)]; goto a141b; Ee2e6: $this->cachePurger->purgeUrlRequest($url); goto d88a5; a3419: if (!($secretKey != $apiSecretKey)) { goto Dca30; } goto e0b1f; a141b: } catch (\Exception $e) { $errorMessage = $e->getMessage(); $body = ["\163\165\x63\x63\x65\x73\163" => 0, "\155\145\x73\163\141\147\145" => $errorMessage]; } goto Ae27a; b3874: $response->setBody($body); goto d330c; F30cd: } }

Decoded(de-Obfuscated) php code

<?php

namespace Mgt\Varnish\Controller\Api;

class PurgeUrl extends \Magento\Framework\App\Action\Action
{
    protected $cachePurger;
    protected $config;
    public function __construct(\Magento\Framework\App\Action\Context $context, \Magento\CacheInvalidate\Model\PurgeCache $cachePurger, \Mgt\Varnish\Model\Cache\Config $config)
    {
        $this->cachePurger = $cachePurger;
        $this->config = $config;
        parent::__construct($context);
    }
    public function execute()
    {
        $request = $this->getRequest();
        $response = $this->getResponse();
        $body = [];
        $secretKey = $request->getParam("secretKey");
        $url = $request->getParam("url");
        if (!($secretKey && $url)) {
            goto b6561;
        }
        try {
            $apiSecretKey = $this->config->getApiSecretKey();
            if (!($secretKey != $apiSecretKey)) {
                $this->cachePurger->purgeUrlRequest($url);
                $body = ["success" => 1, "message" => sprintf("The URL \"%s\" has been purged.", $url)];
            }
            throw new \Exception("Secret api key is not correct");
        } catch (\Exception $e) {
            $errorMessage = $e->getMessage();
            $body = ["success" => 0, "message" => $errorMessage];
        }
        b6561:
        $body = json_encode($body);
        $response->setHeader("Content-Type", "application/json");
        $response->setBody($body);
        $response->sendResponse();
        exit;
    }
}

Malware detection & removal plugin for WordPress

（C）2020 Wordpress Doctor All rights reserved.