Please see below:
<?php
/*
+---------------------------------------------------------------------------+
| Revive Adserver |
| http://www.revive-adserver.com |
| |
| Copyright: See the COPYRIGHT.txt file. |
| License: GPLv2 or later, see the LICENSE.txt file. |
+---------------------------------------------------------------------------+
*/
/**
* This is autogenerated file which contains all files from the "delivery_dev"
* folder of Revive Adserver merged into a single output file. On systems
* without a PHP opcode cache that is configured to not regularly check for
* file updates, this autogenerated file can dramatically improve the
* performance of Revive Adserver's delivery engine.
*
* !!!Warning!!!
*
* Do not edit this file. If you need to do any changes to any delivery file,
* check out the source code from GitHub; make the necessary changes to the
* file(s) in the "delivery_dev" folder; and regenerate the delivery files
* using the script located in the "scripts/delivery" directory.
*/
if (empty($_GET['script'])) {
exit(1);
}
include_once '../../init-delivery.php';
$script = str_replace("\0", '', $_GET['script']);
$aPluginId = explode(':', $script);
$scriptFileName = MAX_PATH . rtrim($conf['pluginPaths']['plugins'], '/') . '/' . implode('/', $aPluginId) . '.delivery.php';
if (stristr($scriptFileName, '../') || stristr($scriptFileName, '..\\') || !is_readable($scriptFileName) || !is_file($scriptFileName)) {
if (empty($conf['debug']['production'])) {
echo "Unable to find delivery script ({$scriptFileName}) for specified plugin-component-identifier: {$script}";
}
exit(1);
}
include $scriptFileName;
The file does not appear to have been modified, since the rest of the files in my Revive installation.
I am not a PHP programmer unfortunately, but could it be some kind of missing validation that allows a POST request to execute foreign PHP code, via the include at the end?