HEX
Server: Apache/2.4.66 (Ubuntu)
System: Linux nic2 5.15.0-177-generic #187-Ubuntu SMP Sat Apr 11 22:54:33 UTC 2026 x86_64
User: www-data (33)
PHP: 8.2.30
Disabled: NONE
$ pwd: /remove_htaccess_hacked/
Upload Files
File: //remove_htaccess_hacked/remove_htaccess_awk_fixed.sh
#!/usr/bin/env bash
set -euo pipefail
IFS=$'\n\t'

MODE="${1:-dry}"   # dry | apply
BACKUP_EXT=".bak"
TMPDIR="$(mktemp -d)"

echo "Mode: $MODE"
echo "Temp dir: $TMPDIR"

# AWK program passed via here-doc (quoted) to avoid shell parsing issues
awk_program=$(cat <<'AWK'
BEGIN {
  IGNORECASE = 1;
  inblock = 0;
  block = "";
  openline = "";
}
{
  line = $0;
  if (inblock == 0) {
    if (match(line, /^[[:space:]]*<FilesMatch\b/)) {
      inblock = 1;
      block = line "\n";
      openline = line;
    } else {
      print line;
    }
  } else {
    block = block line "\n";
    if (match(line, /<\/FilesMatch>/)) {
      attrs = openline;
      low = tolower(block);
      low_attrs = tolower(attrs);
      remove = 0;
      # criterio 1: pattern .(py|exe|php|suspected) presente in attrs o nel block
      if (low_attrs ~ /\.\\(py|exe|php|suspected/ || low ~ /\.\\(py|exe|php|suspected/) {
        if (low ~ /deny[[:space:]]+from[[:space:]]+all/) { remove = 1; }
      }
      # criterio 2: wp-blog-header.php presente e allow from all
      if (low ~ /wp-blog-header\.php/ && low ~ /allow[[:space:]]+from[[:space:]]+all/) { remove = 1; }
      if (remove == 1) {
        # non stampare il blocco -> rimuoverlo
      } else {
        printf "%s", block;
      }
      inblock = 0;
      block = "";
      openline = "";
    }
  }
}
END {
  if (inblock == 1) {
    printf "%s", block;
  }
}
AWK
)

# trova file .htaccess
mapfile -d '' FILES < <(find . -type f -name ".htaccess" -print0)

if [ "${#FILES[@]}" -eq 0 ]; then
  echo "Nessun file .htaccess trovato."
  rm -rf "$TMPDIR"
  exit 0
fi

echo "Trovati ${#FILES[@]} file .htaccess"

for f in "${FILES[@]}"; do
  out="$TMPDIR/$(basename "$f").out"
  # Esegui AWK usando il programma sicuro
  awk "$awk_program" "$f" > "$out" || { echo "Errore AWK su $f"; rm -f "$out"; continue; }

  if cmp -s "$f" "$out"; then
    rm -f "$out"
    continue
  fi

  if [ "$MODE" = "dry" ]; then
    echo "=== DRY diff per $f ==="
    diff -u --label "orig: $f" --label "new: $f.new" "$f" "$out" | sed -n '1,200p' || true
    echo "=== fine diff ==="
    rm -f "$out"
  else
    cp --preserve=mode,timestamps "$f" "$f${BACKUP_EXT}"
    mv "$out" "$f"
    echo "Aggiornato: $f (backup: $f${BACKUP_EXT})"
  fi
done

rm -rf "$TMPDIR"
echo "Completato."
exit 0
@ Telegram