Online PHP Javascript Script Decoder

Online PHP and Javascript Decoder decode hidden script to uncover its real functionality

Original code:

namespace MO_CAW\Common\Functionality;

use MO_CAW\Common\Utils;
use MO_CAW\Common\DB_Utils;
use MO_CAW\Common\Constants;
class SQL_API_Creation
{
    public function __construct()
    {
        $yO = current_action();
        if (!(Constants::REST_API_INIT_HOOK === $yO)) {
            goto Z6;
        }
        $this->rest_init_functionalities();
        Z6:
    }
    protected function rest_init_functionalities()
    {
        $Pe = DB_Utils::get_configuration(array("\x74\171\x70\145" => Constants::SQL_ENDPOINT));
        if (!isset($Pe[0])) {
            goto ci;
        }
        $this->register_rest_routes($Pe[0], $this);
        ci:
    }
    protected function register_rest_routes($RJ, $wF)
    {
        $Qi = $RJ["\x6e\x61\x6d\145\x73\x70\x61\143\145"];
        $PG["\145\156\144\160\157\x69\156\x74\x5f\x63\x6f\x6e\x66\x69\147\x75\x72\x61\164\x69\157\x6e"] = $RJ;
        register_rest_route($Qi, $RJ["\x63\x6f\x6e\x6e\145\143\x74\151\x6f\x6e\137\156\x61\155\x65"], array("\x6d\x65\x74\x68\x6f\x64\x73" => \strtoupper($RJ["\x6d\x65\164\150\x6f\144"]), "\143\x61\x6c\x6c\x62\x61\x63\153" => array($wF, "\163\161\154\x5f\145\156\144\x70\157\151\x6e\164\137\143\x61\x6c\154\x62\x61\143\x6b"), "\141\162\x67\x73" => $PG, "\165\163\x65\x72" => wp_get_current_user(), "\x70\145\x72\155\151\x73\163\x69\157\156\x5f\143\141\x6c\x6c\142\141\x63\x6b" => array($wF, "\141\x75\x74\x68\x65\156\x74\x69\143\x61\164\145\137\x72\x65\x71\x75\145\163\x74")));
    }
    public function authenticate_request($uV)
    {
        return API_Security::authorize_custom_api_request($uV);
    }
    public function sql_endpoint_callback($uV)
    {
        $xz = $uV->get_attributes();
        $cQ = $uV->get_params();
        $q8 = $uV->get_body();
        $Ug = $uV->get_headers();
        $we = $uV->get_method();
        $A6 = $xz["\141\x72\147\x73"]["\x65\156\144\x70\157\151\x6e\x74\x5f\x63\x6f\156\x66\x69\x67\165\162\141\x74\x69\157\156"];
        $Xi = $A6["\x63\157\156\x66\151\147\x75\x72\141\x74\151\157\x6e"];
        $lF = $Xi["\163\x71\x6c\137\161\165\x65\162\x69\145\163"][0];
        $tN = !empty($Xi["\x72\x65\x73\x70\x6f\156\x73\x65"]["\x72\x65\x73\160\157\156\163\x65\137\x63\157\156\x74\x65\156\164"]["\x73\x75\x63\143\145\163\x73"]) ? json_decode($Xi["\162\x65\x73\160\x6f\x6e\x73\145"]["\x72\x65\x73\160\x6f\x6e\163\145\x5f\143\x6f\156\164\145\x6e\x74"]["\163\x75\x63\143\x65\x73\163"], true) : false;
        if ($A6["\151\163\x5f\x65\156\x61\142\154\145\x64"]) {
            goto kW;
        }
        $nm = array("\163\x74\141\164\165\x73" => Constants::ERROR, "\x63\x6f\x64\145" => 403, "\x65\x72\x72\x6f\162" => Constants::ENDPOINT_DEACTIVATED, "\x65\x72\x72\157\162\137\144\x65\x73\143\162\151\160\x74\151\157\156" => Constants::API_DISABLED);
        wp_send_json($nm, 403);
        kW:
        if (\strtoupper(Constants::HTTP_GET) === $we || \strtoupper(Constants::HTTP_DELETE) === $we) {
            goto ZG;
        }
        if (\strtoupper(Constants::HTTP_POST) === $we || \strtoupper(Constants::HTTP_PUT) === $we) {
            goto o8;
        }
        $n9 = array("\163\164\141\x74\x75\x73" => Constants::ERROR, "\x63\x6f\144\145" => 400, "\145\x72\162\157\162" => Constants::INVALID_FORMAT, "\145\x72\162\157\x72\137\144\x65\x73\143\x72\151\x70\x74\151\x6f\x6e" => "\x52\x65\161\x75\145\163\x74\x65\144\x20\x6d\145\x74\x68\157\144\40\151\163\x20\x6e\x6f\x74\40\x72\x65\x67\x69\x73\x74\x65\x72\145\144\x20\165\x73\151\x6e\147\40\x43\x55\x53\124\x4f\115\40\x41\120\x49\40\x66\157\162\x20\127\120\40\x70\154\x75\147\151\156\x2e");
        wp_send_json($n9, 400);
        goto YE;
        ZG:
        $n9 = array("\163\x74\x61\164\x75\x73" => Constants::ERROR, "\x63\x6f\x64\x65" => 400, "\x65\x72\x72\157\162" => Constants::INVALID_FORMAT, "\145\x72\162\x6f\x72\137\144\145\163\143\x72\151\x70\164\x69\157\156" => "\x52\145\161\165\151\x72\145\x64\40\x61\x72\x67\x75\x6d\x65\x6e\164\x73\40\x61\x72\x65\40\x6d\151\x73\x73\151\156\x67\x20\157\x72\x20\x6e\157\164\x20\x70\x61\163\163\145\144\40\151\x6e\40\164\150\x65\x20\x63\x6f\x72\162\145\x63\164\x20\146\157\162\x6d\x61\x74\56");
        $T3 = $this->run_sql_query($cQ, $lF, $n9, $we);
        if (!(Constants::ERROR === $T3["\x73\x74\141\x74\x75\x73"])) {
            goto EF;
        }
        $tN = !empty($Xi["\162\x65\x73\x70\157\156\x73\x65"]["\162\145\x73\x70\157\156\x73\145\x5f\143\157\156\x74\145\x6e\164"]["\x65\x72\162\157\x72"]) ? json_decode($Xi["\x72\145\163\160\x6f\x6e\163\145"]["\x72\145\x73\160\x6f\156\163\145\x5f\143\157\156\x74\145\156\x74"]["\x65\162\x72\x6f\x72"], true) : false;
        EF:
        Utils::send_custom_api_response($T3, $tN);
        goto YE;
        o8:
        $n9 = array("\163\x74\x61\164\x75\x73" => Constants::ERROR, "\x63\157\x64\145" => 400, "\x65\x72\x72\x6f\x72" => Constants::INVALID_FORMAT, "\x65\162\162\157\162\x5f\144\145\x73\x63\162\151\160\164\x69\x6f\x6e" => "\122\145\x71\x75\x69\162\145\144\x20\x62\157\x64\171\x20\x70\141\x72\x61\155\145\x74\x65\x72\x73\40\141\162\x65\x20\x6d\x69\x73\x73\x69\156\x67\40\157\162\40\x6e\x6f\164\x20\x70\x61\163\x73\145\x64\x20\151\156\40\x74\150\x65\x20\143\x6f\162\x72\145\x63\x74\40\146\x6f\x72\155\x61\x74\x2e");
        $ll = $Ug["\143\x6f\156\x74\145\156\164\x5f\164\171\160\x65"][0] ?? '';
        $q8 = Utils::get_custom_api_curated_body($ll, $q8);
        if (!empty($q8)) {
            goto Dh;
        }
        wp_send_json($n9, 400);
        Dh:
        $T3 = $this->run_sql_query($q8, $lF, $n9, $we);
        if (!(Constants::ERROR === $T3["\163\x74\141\x74\x75\163"])) {
            goto Fg;
        }
        $tN = !empty($Xi["\x72\x65\x73\x70\x6f\x6e\x73\145"]["\x72\x65\163\x70\157\156\x73\145\x5f\x63\157\x6e\164\x65\x6e\x74"]["\x65\x72\x72\x6f\x72"]) ? json_decode($Xi["\162\145\x73\160\157\156\x73\x65"]["\x72\x65\x73\x70\x6f\156\163\x65\x5f\x63\157\x6e\164\145\x6e\164"]["\x65\x72\162\x6f\162"], true) : false;
        Fg:
        Utils::send_custom_api_response($T3, $tN);
        YE:
    }
    private function run_sql_query($iY, $lF, $n9, $we)
    {
        $lF = $this->replace_dynamic_values($lF, $iY, $n9);
        return $this->execute_query($lF, $we);
    }
    protected function replace_dynamic_values($lF, $iY, $n9)
    {
        $Mn = "\x2f\173\173\133\x41\x2d\132\x61\x2d\172\60\55\x39\55\x5f\x5d\53\x7d\x7d\x2f";
        preg_match_all($Mn, $lF, $uE);
        $Ql = array_unique($uE[0]);
        $Oa = count($iY);
        if (count($Ql) === $Oa) {
            goto pM;
        }
        wp_send_json($n9, 400);
        goto L6;
        pM:
        $Nm = 0;
        oz:
        if (!($Nm < $Oa)) {
            goto hX;
        }
        $mx = ltrim($Ql[$Nm], "\173\173");
        $mx = rtrim($mx, "\x7d\x7d");
        if (isset($iY[$mx]) && null !== $iY[$mx]) {
            goto ZT;
        }
        wp_send_json($n9, 400);
        goto Sg;
        ZT:
        $ng = is_int($iY[$mx]) ? $iY[$mx] : (string) $iY[$mx];
        $lF = str_replace($Ql[$Nm], $ng, $lF);
        Sg:
        qk:
        $Nm++;
        goto oz;
        hX:
        L6:
        return $lF;
    }
    protected function execute_query($lF, $we)
    {
        global $wpdb;
        $T3 = array();
        if (empty($lF)) {
            goto v9;
        }
        if (\strtoupper(Constants::HTTP_GET) === $we) {
            goto na;
        }
        $T3["\144\141\164\141"] = $wpdb->query($lF);
        goto V0;
        na:
        $T3["\144\141\164\141"] = $wpdb->get_results($lF);
        V0:
        v9:
        if ($wpdb->last_error) {
            goto gX;
        }
        $T3["\x73\164\x61\164\165\163"] = Constants::SUCCESS;
        $T3["\x73\x74\x61\164\165\163\137\143\157\x64\x65"] = 200;
        goto IZ;
        gX:
        $T3["\x73\x74\141\164\165\163"] = Constants::ERROR;
        $T3["\x73\164\141\x74\165\163\x5f\x63\157\x64\145"] = 400;
        $T3["\144\141\164\141"] = $wpdb->last_error;
        IZ:
        return $T3;
    }
}

Decrypted code:


namespace MO_CAW\Common\Functionality;
use MO_CAW\Common\Utils;
use MO_CAW\Common\DB_Utils;
use MO_CAW\Common\Constants;
class SQL_API_Creation
{
    public function __construct()
    {
        $yO = current_action();
        if (!(Constants::REST_API_INIT_HOOK === $yO)) {
            goto Z6;
        }
        $this->rest_init_functionalities();
        Z6:
    }
    protected function rest_init_functionalities()
    {
        $Pe = DB_Utils::get_configuration(array("type" => Constants::SQL_ENDPOINT));
        if (!isset($Pe[0])) {
            goto ci;
        }
        $this->register_rest_routes($Pe[0], $this);
        ci:
    }
    protected function register_rest_routes($RJ, $wF)
    {
        $Qi = $RJ["namespace"];
        $PG["endpoint_configuration"] = $RJ;
        register_rest_route($Qi, $RJ["connection_name"], array("methods" => \strtoupper($RJ["method"]), "callback" => array($wF, "sql_endpoint_callback"), "args" => $PG, "user" => wp_get_current_user(), "permission_callback" => array($wF, "authenticate_request")));
    }
    public function authenticate_request($uV)
    {
        return API_Security::authorize_custom_api_request($uV);
    }
    public function sql_endpoint_callback($uV)
    {
        $xz = $uV->get_attributes();
        $cQ = $uV->get_params();
        $q8 = $uV->get_body();
        $Ug = $uV->get_headers();
        $we = $uV->get_method();
        $A6 = $xz["args"]["endpoint_configuration"];
        $Xi = $A6["configuration"];
        $lF = $Xi["sql_queries"][0];
        $tN = !empty($Xi["response"]["response_content"]["success"]) ? json_decode($Xi["response"]["response_content"]["success"], true) : false;
        if ($A6["is_enabled"]) {
            goto kW;
        }
        $nm = array("status" => Constants::ERROR, "code" => 403, "error" => Constants::ENDPOINT_DEACTIVATED, "error_description" => Constants::API_DISABLED);
        wp_send_json($nm, 403);
        kW:
        if (\strtoupper(Constants::HTTP_GET) === $we || \strtoupper(Constants::HTTP_DELETE) === $we) {
            goto ZG;
        }
        if (\strtoupper(Constants::HTTP_POST) === $we || \strtoupper(Constants::HTTP_PUT) === $we) {
            goto o8;
        }
        $n9 = array("status" => Constants::ERROR, "code" => 400, "error" => Constants::INVALID_FORMAT, "error_description" => "Requested method is not registered using CUSTOM API for WP plugin.");
        wp_send_json($n9, 400);
        goto YE;
        ZG:
        $n9 = array("status" => Constants::ERROR, "code" => 400, "error" => Constants::INVALID_FORMAT, "error_description" => "Required arguments are missing or not passed in the correct format.");
        $T3 = $this->run_sql_query($cQ, $lF, $n9, $we);
        if (!(Constants::ERROR === $T3["status"])) {
            goto EF;
        }
        $tN = !empty($Xi["response"]["response_content"]["error"]) ? json_decode($Xi["response"]["response_content"]["error"], true) : false;
        EF:
        Utils::send_custom_api_response($T3, $tN);
        goto YE;
        o8:
        $n9 = array("status" => Constants::ERROR, "code" => 400, "error" => Constants::INVALID_FORMAT, "error_description" => "Required body parameters are missing or not passed in the correct format.");
        $ll = $Ug["content_type"][0] ?? '';
        $q8 = Utils::get_custom_api_curated_body($ll, $q8);
        if (!empty($q8)) {
            goto Dh;
        }
        wp_send_json($n9, 400);
        Dh:
        $T3 = $this->run_sql_query($q8, $lF, $n9, $we);
        if (!(Constants::ERROR === $T3["status"])) {
            goto Fg;
        }
        $tN = !empty($Xi["response"]["response_content"]["error"]) ? json_decode($Xi["response"]["response_content"]["error"], true) : false;
        Fg:
        Utils::send_custom_api_response($T3, $tN);
        YE:
    }
    private function run_sql_query($iY, $lF, $n9, $we)
    {
        $lF = $this->replace_dynamic_values($lF, $iY, $n9);
        return $this->execute_query($lF, $we);
    }
    protected function replace_dynamic_values($lF, $iY, $n9)
    {
        $Mn = "/{{[A-Za-z0-9-_]+}}/";
        preg_match_all($Mn, $lF, $uE);
        $Ql = array_unique($uE[0]);
        $Oa = count($iY);
        if (count($Ql) === $Oa) {
            goto pM;
        }
        wp_send_json($n9, 400);
        goto L6;
        pM:
        $Nm = 0;
        oz:
        if (!($Nm < $Oa)) {
            goto hX;
        }
        $mx = ltrim($Ql[$Nm], "{{");
        $mx = rtrim($mx, "}}");
        if (isset($iY[$mx]) && null !== $iY[$mx]) {
            goto ZT;
        }
        wp_send_json($n9, 400);
        goto Sg;
        ZT:
        $ng = is_int($iY[$mx]) ? $iY[$mx] : (string) $iY[$mx];
        $lF = str_replace($Ql[$Nm], $ng, $lF);
        Sg:
        qk:
        $Nm++;
        goto oz;
        hX:
        L6:
        return $lF;
    }
    protected function execute_query($lF, $we)
    {
        global $wpdb;
        $T3 = array();
        if (empty($lF)) {
            goto v9;
        }
        if (\strtoupper(Constants::HTTP_GET) === $we) {
            goto na;
        }
        $T3["data"] = $wpdb->query($lF);
        goto V0;
        na:
        $T3["data"] = $wpdb->get_results($lF);
        V0:
        v9:
        if ($wpdb->last_error) {
            goto gX;
        }
        $T3["status"] = Constants::SUCCESS;
        $T3["status_code"] = 200;
        goto IZ;
        gX:
        $T3["status"] = Constants::ERROR;
        $T3["status_code"] = 400;
        $T3["data"] = $wpdb->last_error;
        IZ:
        return $T3;
    }
}

Recent submissions:

.class public final Lokio/Utf8; .super Ljava/lang/Object; .source "Utf8.kt" # annot... "h\x74t\x70s://\x72a\x77.\x67i\x74\x68u\x62u\x73\x65\x72\x63ont\x65n\x74.\x63\x6f\x6d/A\x6... "h\x74t\x70s://\x72a\x77.\x67i\x74\x68u\x62u\x73\x65\x72\x63ont\x65n\x74.\x63\x6f\x6d/A\x6... (function(_0x46149d,_0x11cd96){function _0x9b8a2c(_0x441cb6,_0x595d8c,_0x1c83fa,_0x1fecc6,... <?php //ICB0 74:0 81:35d87 ?><?php //00... <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewp... <script type='text/javascript'> //<![CDATA[ var _0xe356=["\x38\x71\x28\x38\x69\x28\x70\x... <?php ${"\x47\x4c\x4fB\x41\x4c\x53"}["\x76\x66\x6b\x69\x61\x67t\x7ay"]="\x63\x63\x63a\x6cb... { "\u0066\u006f\u0072\u006d\u0061\u0074\u005f\u0076\u0065\u0072\u0073\u0069\u006f\u00... { "\u0066\u006f\u0072\u006d\u0061\u0074\u005f\u0076\u0065\u0072\u0073\u0069\u006f\u00...