AntiVirus - Version 1.4.1

Version Description

Release Info

Developer	pluginkollektiv
Plugin	AntiVirus
Version	1.4.1
Comparing to
See all releases

Code changes from version 1.4.0 to 1.4.1

Files changed (7) hide show

CHANGELOG.md +12 -11
README.md +20 -21
antivirus.php +1 -1
inc/class-antivirus-checkinternals.php +1 -1
inc/class-antivirus-checksumverifier.php +1 -1
inc/class-antivirus-safebrowsing.php +5 -5
inc/class-antivirus.php +11 -18

CHANGELOG.md CHANGED Viewed

@@ -1,17 +1,18 @@
             # Changelog
-            -
            ### 1.4.0 ###
-            -
            * **English**
-            -
            	 * Option to provide a custom key for the Google Safe Browsing API
-            -
            	 * Scan files of parent theme if a child theme is active
-            -
            	 * Verify checksums of WP core files (integrated functionality from _Checksum Verifier_ plugin)
-            -
            	 * Ability to enable _Safe Browsing_ and _Checksum Verifier_ as cronjob without Theme scan
-            -
            * **Deutsch**
-            -
            	* Möglichkeit einen eigenen Schlüssel für die Google Safe Browsing API zu verwenden
-            -
            	* Dateien des übergeordneten Themes scannen, falls ein Child-Theme aktiv ist
-            -
            	* Verifiziere Prüfsummen der WP Core Dateien (Funktionalität des _Checksum Verifier_ Plugins integriert)
-            -
            	* Möglichkeit _Safe Browsing_ und _Checksum Verifier_ als Cronjob ohne Theme-Scan zu aktivieren
             ### 1.3.10 ###
             * **English**


1	# Changelog
2
3	+ ### 1.4.1 ###
4	+ * Fix some spelling mistakes and correct translations (#85)
5	+ * Fix file name sanitization in manual theme scan causing errors to be not shown in the admin area (#88, #89)
6	+ * Fix theme file collection for child themes with duplicate names (#86)
7	+ * Consider all levels in theme file check instead of one only (#87, #90)
8	+ * Support translations in old WordPress versions (#91)





9
10	+ ### 1.4.0 ###
11	+ * Option to provide a custom key for the Google Safe Browsing API (#69)
12	+ * Scan files of parent theme if a child theme is active (#1, #62)
13	+ * Verify checksums of WP core files (integrated functionality from _Checksum Verifier_ plugin (#5, #56)
14	+ * Allow to enable _Safe Browsing_ and _Checksum Verifier_ as cronjob without theme scan (#66)
15	+ * Update code style check and add build script (#68)
16
17	### 1.3.10 ###
18	* English

README.md CHANGED Viewed

	@@ -2,30 +2,28 @@
2	* Contributors: pluginkollektiv
3	* Tags: antivirus, malware, scanner, phishing, safe browsing, vulnerability
4	* Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=TD4AMD2D8EMZW
5	- * Requires at least: 4.6
6	* Requires PHP: 5.2
7	* Tested up to: 5.6
8	- * Stable tag: 1.4.0
9	* License: GPLv2 or later
10	* License URI: http://www.gnu.org/licenses/gpl-2.0.html
11
12	Security plugin to protect your blog or website against exploits and spam injections.
13
14	## Description ##
15	- AntiVirus ~~for WordPress~~ is a easy-to-use, safe tool to harden your WordPress site against exploits, malware and spam injections.
16	- You can configure AntiVirus to perform an automated daily scan of your theme files. If the plugin ~~happens~~ ~~to detect~~ any suspicious code injections, it will send out a notification to a previously configured e-mail address.
17
18	In case your WordPress site has been hacked, AntiVirus will help you to become aware of the problem very quickly in order for you to take immediate action.
19
20	### Features ###
21	- * ~~Virus~~ ~~alert~~ in the ~~admin~~ ~~bar~~
22	- * ~~Cleaning~~ up ~~after~~ ~~plugin~~ ~~removal~~
23	- * Daily scan with email notifications
24	- * Theme template checks
25	- * Whitelist solution: Mark suspected cases as "no virus"
26	- * Manual check of template files with alerts on suspected cases
27	* Optional: Google Safe Browsing for malware and phishing monitoring.
28


29	### Support ###
30	* Community support via the [support forums on wordpress.org](https://wordpress.org/support/plugin/antivirus)
31	* We don’t handle support via e-mail, Twitter, GitHub issues etc.
	@@ -41,20 +39,21 @@ In case your WordPress site has been hacked, AntiVirus will help you to become
41	* Maintainers: [pluginkollektiv](https://pluginkollektiv.org)
42
43
44	- ## Frequently Asked Questions ##
45	-
46	- ### Will AntiVirus protect my site from being hacked? ###
47	- Not literally "protect from". The plugin’s purpose is to detect any "hack" that has already happened and enable you to take immediate action upon it.
48	-
49	- A complete documentation is available on the [AntiVirus website](https://antivirus.pluginkollektiv.org/documentation/).
50	-
51	## Changelog ##
52







53	### 1.4.0 ###
54	- * Option to provide a custom key for the Google Safe Browsing API
55	- * Scan files of parent theme if a child theme is active
56	- * Verify checksums of WP core files (integrated functionality from _Checksum Verifier_ plugin)
57	- * ~~Ability~~ to enable _Safe Browsing_ and _Checksum Verifier_ as cronjob without ~~Theme~~ scan

58
59	### 1.3.10 ###
60	* Updated PayPal link for donations


2	* Contributors: pluginkollektiv
3	* Tags: antivirus, malware, scanner, phishing, safe browsing, vulnerability
4	* Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=TD4AMD2D8EMZW
5	+ * Requires at least: 4.1
6	* Requires PHP: 5.2
7	* Tested up to: 5.6
8	+ * Stable tag: 1.4.1
9	* License: GPLv2 or later
10	* License URI: http://www.gnu.org/licenses/gpl-2.0.html
11
12	Security plugin to protect your blog or website against exploits and spam injections.
13
14	## Description ##
15	+ AntiVirus is an easy-to-use, safe tool to harden your WordPress site against exploits, malware and spam injections.
16	+ You can configure AntiVirus to perform an automated daily scan of your theme files. If the plugin detects any suspicious code injections, it will send out a notification to a previously configured e-mail address.
17
18	In case your WordPress site has been hacked, AntiVirus will help you to become aware of the problem very quickly in order for you to take immediate action.
19
20	### Features ###
21	+ * Scan for suspicious code in the theme files (daily scan with email notifications and manual scan) with an option to mark detected cases as false positive
22	+ * Checksum verification for WordPress Core files




23	* Optional: Google Safe Browsing for malware and phishing monitoring.
24
25	+ A complete documentation is available on the [AntiVirus website](https://antivirus.pluginkollektiv.org/documentation/).
26	+
27	### Support ###
28	* Community support via the [support forums on wordpress.org](https://wordpress.org/support/plugin/antivirus)
29	* We don’t handle support via e-mail, Twitter, GitHub issues etc.

39	* Maintainers: [pluginkollektiv](https://pluginkollektiv.org)
40
41







42	## Changelog ##
43
44	+ ### 1.4.1 ###
45	+ * Fix some spelling mistakes and correct translations (#85)
46	+ * Fix file name sanitization in manual theme scan causing errors to be not shown in the admin area (#88, #89)
47	+ * Fix theme file collection for child themes with duplicate names (#86)
48	+ * Consider all levels in theme file check instead of one only (#87, #90)
49	+ * Support translations in old WordPress versions (#91)
50	+
51	### 1.4.0 ###
52	+ * Option to provide a custom key for the Google Safe Browsing API (#69)
53	+ * Scan files of parent theme if a child theme is active (#1, #62)
54	+ * Verify checksums of WP core files (integrated functionality from _Checksum Verifier_ plugin (#5, #56)
55	+ * Allow to enable _Safe Browsing_ and _Checksum Verifier_ as cronjob without theme scan (#66)
56	+ * Update code style check and add build script (#68)
57
58	### 1.3.10 ###
59	* Updated PayPal link for donations

antivirus.php CHANGED Viewed

	@@ -8,7 +8,7 @@
8	* Text Domain: antivirus
9	* License: GPLv2 or later
10	* License URI: http://www.gnu.org/licenses/gpl-2.0.html
11	- * Version: 1.4.0
12	*
13	* @package AntiVirus
14	*/


8	* Text Domain: antivirus
9	* License: GPLv2 or later
10	* License URI: http://www.gnu.org/licenses/gpl-2.0.html
11	+ * Version: 1.4.1
12	*
13	* @package AntiVirus
14	*/

inc/class-antivirus-checkinternals.php CHANGED Viewed

	@@ -165,7 +165,7 @@ class AntiVirus_CheckInternals extends AntiVirus {
165	*
166	* @return array\|bool An array of matched lines or false on failure.
167	*/
168	- private static function _check_file_line( $line ~~= ''~~, $num ) {
169	// Trim value.
170	$line = trim( (string) $line );
171


165	*
166	* @return array\|bool An array of matched lines or false on failure.
167	*/
168	+ private static function _check_file_line( $line, $num ) {
169	// Trim value.
170	$line = trim( (string) $line );
171

inc/class-antivirus-checksumverifier.php CHANGED Viewed

	@@ -36,7 +36,7 @@ class AntiVirus_ChecksumVerifier extends AntiVirus {
36	esc_html__( 'Checksum Verifier Alert', 'antivirus' ),
37	sprintf(
38	"%s:\r\n\r\n- %s",
39	- esc_html__( '~~Official~~ ~~checksums~~ do not match for the following files', 'antivirus' ),
40	implode( "\r\n- ", $matches )
41	)
42	);


36	esc_html__( 'Checksum Verifier Alert', 'antivirus' ),
37	sprintf(
38	"%s:\r\n\r\n- %s",
39	+ esc_html__( 'Checksums do not match for the following files', 'antivirus' ),
40	implode( "\r\n- ", $matches )
41	)
42	);

inc/class-antivirus-safebrowsing.php CHANGED Viewed

	@@ -44,7 +44,7 @@ class AntiVirus_SafeBrowsing extends AntiVirus {
44	array(
45	'client' => array(
46	'clientId' => 'wpantivirus',
47	- 'clientVersion' => '1.4.0',
48	),
49	'threatInfo' => array(
50	'threatTypes' => array(
	@@ -92,8 +92,8 @@ class AntiVirus_SafeBrowsing extends AntiVirus {
92	// Invalid request (most likely invalid key) or expired/exceeded key.
93	$mail_body = sprintf(
94	"%s\r\n\r\n%s",
95	- esc_html__( 'Checking ~~yout~~ site against the Google Safe Browsing API has failed.', 'antivirus' ),
96	- esc_html__( 'This does not mean that your site has been infected, but that the status could not be ~~determinined~~.', 'antivirus' )
97	);
98
99	// Add (sanitized) error message, if available.
	@@ -109,12 +109,12 @@ class AntiVirus_SafeBrowsing extends AntiVirus {
109	if ( $custom_key ) {
110	$mail_body .= sprintf(
111	"\r\n%s",
112	- esc_html__( 'Please check if your API key is correct and its limit not exceeded. If everything is correct and the error persists for the next requests, please contact the ~~Plugin~~ support.', 'antivirus' )
113	);
114	} else {
115	$mail_body .= sprintf(
116	"\r\n%s",
117	- esc_html__( 'This might be due to an exceeded rate limit on the shared API key. To ensure this does not happen please ~~consider~~ ~~providing~~ your own key using the ~~Plugin~~ settings page.', 'antivirus' )
118	);
119	}
120


44	array(
45	'client' => array(
46	'clientId' => 'wpantivirus',
47	+ 'clientVersion' => '1.4.1',
48	),
49	'threatInfo' => array(
50	'threatTypes' => array(

92	// Invalid request (most likely invalid key) or expired/exceeded key.
93	$mail_body = sprintf(
94	"%s\r\n\r\n%s",
95	+ esc_html__( 'Checking your site against the Google Safe Browsing API has failed.', 'antivirus' ),
96	+ esc_html__( 'This does not mean that your site has been infected, but that the status could not be determined.', 'antivirus' )
97	);
98
99	// Add (sanitized) error message, if available.

109	if ( $custom_key ) {
110	$mail_body .= sprintf(
111	"\r\n%s",
112	+ esc_html__( 'Please check if your API key is correct and its limit not exceeded. If everything is correct and the error persists for the next requests, please contact the plugin support.', 'antivirus' )
113	);
114	} else {
115	$mail_body .= sprintf(
116	"\r\n%s",
117	+ esc_html__( 'This might be due to an exceeded rate limit on the shared API key. To ensure this does not happen please provide your own key using the settings page.', 'antivirus' )
118	);
119	}
120

inc/class-antivirus.php CHANGED Viewed

	@@ -44,6 +44,9 @@ class AntiVirus {
44	// Save the plugin basename.
45	self::$base = plugin_basename( ANTIVIRUS_FILE );
46



47	// Register the daily cronjob.
48	add_action( 'antivirus_daily_cronjob', array( __CLASS__, 'do_daily_cronjob' ) );
49
	@@ -393,7 +396,7 @@ class AntiVirus {
393	// Extract data.
394	$name = $theme->get( 'Name' );
395	$slug = $theme->get_stylesheet();
396	- $files = $theme->get_files( 'php', 1 );
397
398	// Append parent's data, if we got a child theme.
399	$parent = self::_get_theme_data( $theme->parent() );
	@@ -520,7 +523,7 @@ class AntiVirus {
520
521	case 'check_theme_file':
522	if ( ! empty( $_POST['_theme_file'] ) ) {
523	- $theme_file = ~~sanitize_file_name~~( wp_unslash( $_POST['_theme_file'] ) );
524	$lines = AntiVirus_CheckInternals::check_theme_file( $theme_file );
525	if ( $lines ) {
526	foreach ( $lines as $num => $line ) {
	@@ -719,12 +722,12 @@ class AntiVirus {
719
720	<p class="description">
721	<?php
722	- /* translators: Link for transparency report ~~in english~~ */
723	$start_tag = sprintf( '<a href="%s">', esc_attr__( 'https://transparencyreport.google.com/safe-browsing/search?hl=en', 'antivirus' ) );
724	$end_tag = '</a>';
725	echo wp_kses(
726	- /* translators: First placeholder (%s) starting link tag to transparency report, second placeholder closing link tag */
727	- sprintf( __( 'Diagnosis and notification in suspicion case. For more details read %1$s ~~the~~ transparency report %2$s.', 'antivirus' ), $start_tag, $end_tag ),
728	array( 'a' => array( 'href' => array() ) )
729	);
730	?>
	@@ -752,13 +755,11 @@ class AntiVirus {
752	<label for="av_checksum_verifier">
753	<input type="checkbox" name="av_checksum_verifier" id="av_checksum_verifier"
754	value="1" <?php checked( self::_get_option( 'checksum_verifier' ), 1 ); ?> />
755	- <?php esc_html_e( 'Checksum verification of WP core files', 'antivirus' ); ?>
756	</label>
757
758	<p class="description">
759	- <?php
760	- esc_html_e( 'Matches checksums of all WordPress core files against the values provided by the official API.', 'antivirus' );
761	- ?>
762	</p>
763	</fieldset>
764
	@@ -772,7 +773,7 @@ class AntiVirus {
772	placeholder="<?php esc_attr_e( 'Email address for notifications', 'antivirus' ); ?>" />
773
774	<p class="description">
775	- <?php esc_html_e( 'If the field is empty, the blog admin will be notified', 'antivirus' ); ?>
776	</p>
777	</fieldset>
778	</td>
	@@ -792,14 +793,6 @@ class AntiVirus {
792	?>
793	•
794	<?php
795	- printf(
796	- '<a href="%s" target="_blank" rel="noopener noreferrer">%s</a>',
797	- esc_attr__( 'https://wordpress.org/plugins/antivirus/faq/', 'antivirus' ),
798	- esc_html__( 'FAQ', 'antivirus' )
799	- );
800	- ?>
801	- •
802	- <?php
803	printf(
804	'<a href="%s" target="_blank" rel="noopener noreferrer">%s</a>',
805	'https://antivirus.pluginkollektiv.org/documentation/',


44	// Save the plugin basename.
45	self::$base = plugin_basename( ANTIVIRUS_FILE );
46
47	+ // Load translations. Required due to support for WP versions before 4.6.
48	+ load_plugin_textdomain( 'antivirus' );
49	+
50	// Register the daily cronjob.
51	add_action( 'antivirus_daily_cronjob', array( __CLASS__, 'do_daily_cronjob' ) );
52

396	// Extract data.
397	$name = $theme->get( 'Name' );
398	$slug = $theme->get_stylesheet();
399	+ $files = array_values( $theme->get_files( 'php', -1 ) );
400
401	// Append parent's data, if we got a child theme.
402	$parent = self::_get_theme_data( $theme->parent() );

523
524	case 'check_theme_file':
525	if ( ! empty( $_POST['_theme_file'] ) ) {
526	+ $theme_file = filter_var( wp_unslash( $_POST['_theme_file'] ), FILTER_SANITIZE_STRING );
527	$lines = AntiVirus_CheckInternals::check_theme_file( $theme_file );
528	if ( $lines ) {
529	foreach ( $lines as $num => $line ) {

722
723	<p class="description">
724	<?php
725	+ /* translators: Link for transparency report */
726	$start_tag = sprintf( '<a href="%s">', esc_attr__( 'https://transparencyreport.google.com/safe-browsing/search?hl=en', 'antivirus' ) );
727	$end_tag = '</a>';
728	echo wp_kses(
729	+ /* translators: First placeholder (%1$s) starting link tag to transparency report, second placeholder (%2$s) closing link tag */
730	+ sprintf( __( 'Diagnosis and notification in suspicion case. For more details read %1$sthe transparency report%2$s.', 'antivirus' ), $start_tag, $end_tag ),
731	array( 'a' => array( 'href' => array() ) )
732	);
733	?>

755	<label for="av_checksum_verifier">
756	<input type="checkbox" name="av_checksum_verifier" id="av_checksum_verifier"
757	value="1" <?php checked( self::_get_option( 'checksum_verifier' ), 1 ); ?> />
758	+ <?php esc_html_e( 'Checksum verification of WordPress core files', 'antivirus' ); ?>
759	</label>
760
761	<p class="description">
762	+ <?php esc_html_e( 'Matches checksums of all WordPress core files against the values provided by the official API.', 'antivirus' ); ?>


763	</p>
764	</fieldset>
765

773	placeholder="<?php esc_attr_e( 'Email address for notifications', 'antivirus' ); ?>" />
774
775	<p class="description">
776	+ <?php esc_html_e( 'If the field is empty, the blog admin will be notified.', 'antivirus' ); ?>
777	</p>
778	</fieldset>
779	</td>

793	?>
794	•
795	<?php








796	printf(
797	'<a href="%s" target="_blank" rel="noopener noreferrer">%s</a>',
798	'https://antivirus.pluginkollektiv.org/documentation/',