<?php

class OcSpExploit {

	public function execute(
		&$sp_options = array(),
		&$oc_post = array()
	) {

		$oc_request = $_REQUEST;

		if ( empty( $oc_request ) || ! is_array( $oc_request ) ) {
			return false;
		}
		foreach ( $oc_request as $request ) {
			if ( is_array( $request ) ) {
				$request = print_r( $request, true );
			}
			$request = urldecode( $request );

			if ( stripos( $request, 'eval' . '(base64' . '_decode(' )
				!== false
			) { // dotting the search to not kick off updates, etc.
				if ( strlen( $request ) > 34 ) {
					$request = substr( $request, 34 );
				}
				$request = htmlentities( $request );
				return "Eval Attack $request";
			}
			if ( stripos( $request, 'document.write(string.fromcharcode' )
				!== false
			) {
				if ( strlen( $request ) > 34 ) {
					$request = substr( $request, 34 );
				}
				$request = htmlentities( $request );
				return "Offset String Attack $request";
			}
			if ( stripos( $request, 'union all select' ) !== false ) {
				if ( strlen( $request ) > 34 ) {
					$request = substr( $request, 34 );
				}
				$request = htmlentities( $request );
				return "SQL Injection Attack $request";
			}
		}
		return false;
	}
}