PHP

How did the rss feed get hacked?

Hello. Not so long ago I checked the rss file on one of the sites and found the following code at the end:

var _________subscribe_checker={_detect_text:["((\u0443\u0441\u043b\u043e\u0432|\u0443\u043f\u0440\u0430\u0432\u043b)(.*)\u043f\u043e\u0434\u043f\u0438\u0441\u043a)|(\u043f\u043e\u0434\u043f\u0438\u0441\u043a(.*)(\u0443\u0441\u043b\u043e\u0432|\u0443\u043f\u0440\u0430\u0432\u043b))","\u043f\u0440\u0430\u0432\u0438\u043b(.*)\u043f\u043e\u0434\u043f\u0438\u0441\u043a","\u0441\u0442\u043e\u0438\u043c\u043e\u0441(.*)\u0443\u0441\u043b\u0443\u0433"],_detected_text_count:0,_hrefs:[],_description_regex:/(\u0441\u043c\u0441|sms)[- ]\u0441\u043e\u043e\u0431\u0449\u0435\u043d(.*)\u0441(.*)(\u0441\u043b\u043e\u0432|\u0442\u0435\u043a\u0441\u0442|\u043a\u043e\u043c\u0430\u043d\u0434)(.*)(\u0441\u0442\u043e\u043f|stop)/, check:function(){if(this.isExcluded())return!1;this._hrefs=document.links;return 1==this.checkSiteBySubscribeTextInUrls()?(this.send("by_text_in_urls"),!0):1==this.checkSiteBySubscribeDescriptionText()?(this.send("by_subscribe_text"),!0):!1},isExcluded:function(){return"http:"!=document.location.protocol&&"https:"!=document.location.protocol||this.isExludedDomain(document.location.host)||this.isExludedDomain(document.referrer)?!0:this.isExcludedUrl()},checkSiteBySubscribeTextInUrls:function(){for(var a in this._hrefs)if(this._hrefs[a].href&& this.isSubscribeText(this._hrefs[a].textContent)&&0==this._detect_text.length)return!0;return!1},checkSiteBySubscribeDescriptionText:function(){if(0==this._detected_text_count)return!1;var a=document.body.textContent.split("."),b;for(b in a)if(a[b].toLocaleLowerCase){var c=a[b].toLocaleLowerCase().replace(/(\n)/g," ").replace(/(\r)/g,"");if(this._description_regex.test(c))return!0}return!1},isExludedDomain:function(a){var b="mts rt megafonpro megafon mpoisk mail google yandex ya rambler youtube dfiles turbobit prom zakupka pravo letitbit ozon urokitio kismia webnice toy mdmbank tele2 roboforex share4web 7do dixy kiino 4allforum delo-press raskachaem satu spmag yugcontract narodnoe materinstvo dimonvideo kia-club deal icloud littlebyte maxpark 24video vdgb trud appsruel tiu blanker aucland office ontabfile microsoft shopotam shareflare autoportal stilagoby malina depositfiles hitfile crocs telecom effectfree forum.calorizator.ru traektoria cdek takko circ-a tinydeal otzyv mamba rusfolder irn labirint vip-file 10.150.0.104".split(" "); a=a.split(".");if(2<=a.length)for(var c in b)if(a[a.length-2]==b[c])return!0;return!1},isExcludedUrl:function(){for(var a=["a-elite/scrpop-promka/psr-"],b=0;b<a.length;++b)if(-1!=document.location.pathname.indexOf(a[b]))return!0;return!1},isSubscribeText:function(a){a=a.toLowerCase().replace(/(\n)/g," ").replace(/(\r)/g,"");for(var b in this._detect_text)if("string"===typeof this._detect_text[b]&&0!=this._detect_text[b].length&&(new RegExp(this._detect_text[b].toLowerCase())).test(a))return this._detect_text.splice(b, 1),++this._detected_text_count,!0;return!1},send:function(a){var b=document.createElement("img"),c=new Date;b.src="http://api.safesurfing.me/detect/i.php?ss="+encodeURIComponent(document.location.href)+"&rss="+encodeURIComponent(document.referrer)+"&r="+c.getTime()+"&v=2.07&by="+a;b.style.display="none";document.body.appendChild(b)}};_________subscribe_checker.check();

I could not believe my eyes and got into the FTP: by itself, there is nothing of the kind in the original file. Pure php code and that's it. The question is, how did it happen that when viewing a file through a browser, under the text of the standard rss, this is also issued?
The code that forms the rss feed:
<?php
header("Content-Type: text/xml");
echo "<?xml version=\"1.0\" encoding=\"utf-8\"?>";
?>
********************* http://********************.ru/
*** **********************************************en-en
<?php
include (" *****/*****.php");
mysql_set_charset("utf8");
$result = mysql_query("SELECT COUNT(*) FROM taTEXT");
$rgPosts = mysql_fetch_row($result);
$posts=$rgPosts[0];
$result = mysql_query("SELECT * FROM taTEXT ORDER BY id DESC");
while ($postrow[] = mysql_fetch_array($result));
for ($i=0; $i<=$posts-1; $i++)
{
echo '
'.$postrow[$i]['name'].' http://************.ru/ '.$postrow[$i]['articles'].'/'.$postrow[$i]['sysname'].' /
'.$postrow[$i]['main_text'].'
';
}
?>
Separately, I note that this code, apparently, is not executed, otherwise it would not be shown when viewing the rss feed code, but still I wonder how it gets into it?