De-obfuscate PHP malware/viruses and tampering code on Wordpress to original readable code.
*Please note that not all obfuscation codes can be decoded.<?php declare(strict_types=1); namespace OneTeamSoftware\WC\Shipping; use OneTeamSoftware\Logger\LoggerInterface; class OrderCompleter { protected $id; protected $logger; protected $completeOrderForStatuses; public function __construct(string $hsNwz, LoggerInterface $w8Mi0) { $this->id = $hsNwz; $this->logger = $w8Mi0; $this->completeOrderForStatuses = []; } public function register(): void { add_action($this->id . "\x5f\163\150\151\x70\155\145\156\x74\x5f\163\x74\141\164\165\x73\137\x63\150\x61\156\147\145\x64", [$this, "\155\141\171\x62\x65\103\157\x6d\160\154\x65\164\x65\x4f\x72\x64\145\x72"], 10, 2); add_action($this->id . "\137\163\150\x69\160\155\145\156\x74\x5f\163\164\141\164\x75\x73\x5f\143\x68\x61\x6e\147\145\144", [$this, "\155\141\171\x62\x65\116\x6f\164\x69\146\x79"], 10, 2); } public function setCompleteOrderForStatuses(array $RdKXD): void { $this->completeOrderForStatuses = $RdKXD; } public function maybeCompleteOrder(int $iKfxj, array $uT9iq): void { if (empty($this->completeOrderForStatuses) || empty($uT9iq["\x73\164\141\x74\x75\x73"])) { return; } $aCNOl = $uT9iq["\163\x74\x61\164\165\163"]; $this->logger->debug(__FILE__, 86, "\155\x61\x79\x62\x65\x43\157\155\x70\x6c\x65\x74\145\x4f\x72\x64\x65\x72\54\x20\157\162\144\145\x72\111\x64\72\x20\45\144\x2c\40\x73\x74\141\x74\165\163\72\x20\45\163\54\x20\143\157\155\160\x6c\x65\164\x65\117\x72\x64\145\x72\x46\x6f\x72\123\164\141\164\x75\163\x65\x73\72\40\x25\163", $iKfxj, $aCNOl, print_r($this->completeOrderForStatuses, true)); if (in_array($aCNOl, $this->completeOrderForStatuses, true) || isset($this->completeOrderForStatuses[$aCNOl])) { $YjKHd = wc_get_order($iKfxj); if (empty($YjKHd) || "\143\x6f\155\x70\154\145\164\x65\144" === $YjKHd->get_status()) { $this->logger->debug(__FILE__, 91, "\157\162\x64\145\162\40\151\163\40\x61\154\x72\x65\x61\x64\x79\40\x63\x6f\x6d\x70\154\x65\x74\x65\144\x2c\x20\163\157\40\163\x6b\151\160\x20\x69\x74"); return; } $this->logger->debug(__FILE__, 96, "\x63\x6f\x6d\x70\x6c\145\164\145\x20\x6f\x72\144\145\x72\111\144\72\40\45\x64", $iKfxj); $YjKHd->set_status("\x63\157\155\160\x6c\145\x74\145\x64"); $YjKHd->save(); } } }
<?php declare (strict_types=1); namespace OneTeamSoftware\WC\Shipping; use OneTeamSoftware\Logger\LoggerInterface; class OrderCompleter { protected $id; protected $logger; protected $completeOrderForStatuses; public function __construct(string $hsNwz, LoggerInterface $w8Mi0) { $this->id = $hsNwz; $this->logger = $w8Mi0; $this->completeOrderForStatuses = []; } public function register() : void { add_action($this->id . "_shipment_status_changed", [$this, "maybeCompleteOrder"], 10, 2); add_action($this->id . "_shipment_status_changed", [$this, "maybeNotify"], 10, 2); } public function setCompleteOrderForStatuses(array $RdKXD) : void { $this->completeOrderForStatuses = $RdKXD; } public function maybeCompleteOrder(int $iKfxj, array $uT9iq) : void { if (empty($this->completeOrderForStatuses) || empty($uT9iq["status"])) { return; } $aCNOl = $uT9iq["status"]; $this->logger->debug("/var/www/html/input.php", 86, "maybeCompleteOrder, orderId: %d, status: %s, completeOrderForStatuses: %s", $iKfxj, $aCNOl, print_r($this->completeOrderForStatuses, true)); if (in_array($aCNOl, $this->completeOrderForStatuses, true) || isset($this->completeOrderForStatuses[$aCNOl])) { $YjKHd = wc_get_order($iKfxj); if (empty($YjKHd) || "completed" === $YjKHd->get_status()) { $this->logger->debug("/var/www/html/input.php", 91, "order is already completed, so skip it"); return; } $this->logger->debug("/var/www/html/input.php", 96, "complete orderId: %d", $iKfxj); $YjKHd->set_status("completed"); $YjKHd->save(); } } }
Malware detection & removal plugin for WordPress
(C)2020 Wordpress Doctor All rights reserved.