43 lines
1.8 KiB
Python
43 lines
1.8 KiB
Python
#!/usr/bin/env python3
|
|
# The file has LITERAL backslash-quote because PHP string escaped onclick attr
|
|
path = "/var/www/html/wevia-ia/wevia-admin.php"
|
|
with open(path, "rb") as f:
|
|
raw = f.read()
|
|
|
|
# Build target EXACTLY: bytes for <div ...onclick="T(\'leads\')">🎯 Leads</div>
|
|
# The escape sequences visible in repr are literal backslashes in the file
|
|
target = (
|
|
b'<div class="tab" onclick="T(\\\'leads\\\')">'
|
|
b'\xf0\x9f\x8e\xaf Leads</div>'
|
|
)
|
|
# Actually \\\\\\' repr showed triple-backslash. Let me use concat of literal bytes
|
|
# File byte sequence: T ( \ ' leads \ ' )
|
|
# In Python bytes: b"T(\\'leads\\')" → 2 bytes 0x5c 0x27 twice
|
|
target2 = b'<div class="tab" onclick="T(\\\'leads\\\')">\xf0\x9f\x8e\xaf Leads</div>'
|
|
|
|
print("target bytes:", target2)
|
|
print("target len:", len(target2))
|
|
print("file contains target2:", target2 in raw)
|
|
|
|
# Try simpler: find by ASCII search
|
|
needle = b"Leads</div>"
|
|
idx = raw.find(needle)
|
|
if idx != -1:
|
|
block = raw[idx-80:idx+len(needle)]
|
|
print("exact 80 bytes before:", block)
|
|
# Extract full <div...Leads</div> tag
|
|
start = raw.rfind(b'<div class="tab"', 0, idx)
|
|
full = raw[start:idx+len(needle)]
|
|
print("FULL TAG:", full)
|
|
print("FULL TAG len:", len(full))
|
|
|
|
# Use this as target
|
|
if b"wevia-admin-crm.php" in raw:
|
|
print("ALREADY_PATCHED")
|
|
else:
|
|
new_link = b'<div class="tab" onclick="window.location.href=\\\'wevia-admin-crm.php\\\'" style="background:linear-gradient(90deg,rgba(34,211,238,.15),rgba(139,92,246,.15));color:#22d3ee;border:1px solid rgba(34,211,238,.3);font-weight:700">\xf0\x9f\x94\x97 CRM Bridge V67</div>'
|
|
new_raw = raw.replace(full, full + b"\n" + new_link, 1)
|
|
with open(path, "wb") as f:
|
|
f.write(new_raw)
|
|
print(f"PATCHED - size {len(raw)} → {len(new_raw)}")
|