Anti-Malware Security and Brute-Force Firewall

Version Description

Major upgrade to the protection for wp-login.php Brute-Force attempts.
Fixes a bug in setting the permissions for read-only files so that they could still be cleaned.

Release Info

Developer	scheeeli
Plugin	Anti-Malware Security and Brute-Force Firewall
Version	4.14.47
Comparing to
See all releases

Version 4.14.47

Files changed (19) hide show

images/ELI-16x16.gif +0 -0
images/GOTMLS-16x16.gif +0 -0
images/blocked.gif +0 -0
images/btn_donateCC_WIDE.gif +0 -0
images/checked.gif +0 -0
images/index.php +761 -0
images/question.gif +0 -0
images/threat.gif +0 -0
images/wait.gif +0 -0
index.php +947 -0
languages/gotmls-es_ES.mo +0 -0
languages/gotmls-es_ES.po +336 -0
languages/gotmls.pot +341 -0
readme.txt +401 -0
safe-load.php +40 -0
safe-load/index.php +14 -0
safe-load/session.php +15 -0
safe-load/trace.php +35 -0
safe-load/wp-login.php +83 -0

images/ELI-16x16.gif ADDED Viewed

Binary file

images/GOTMLS-16x16.gif ADDED Viewed

Binary file

images/blocked.gif ADDED Viewed

Binary file

images/btn_donateCC_WIDE.gif ADDED Viewed

Binary file

images/checked.gif ADDED Viewed

Binary file

images/index.php ADDED Viewed

	@@ -0,0 +1,761 @@


1	+ <?php
2	+ /**
3	+ * GOTMLS Plugin Global Variables and Functions
4	+ * @package GOTMLS
5	+ */
6	+
7	+ define("GOTMLS_local_images_path", dirname(__FILE__)."/");
8	+
9	+ if (isset($_SERVER["SCRIPT_FILENAME"]) && __FILE__ == $_SERVER["SCRIPT_FILENAME"]) {
10	+ header("Content-type: image/gif");
11	+ $img_src = GOTMLS_local_images_path.'GOTMLS-16x16.gif';
12	+ if (!(file_exists($img_src) && $img_bin = @file_get_contents($img_src)))
13	+ $img_bin = base64_decode('R0lGODlhEAAQAIABAAAAAP///yH5BAEAAAEALAAAAAAQABAAAAIshB0Qm+eo2HuJNWdrjlFm3S2hKB7kViKaxZmr98YgSo/jzH6tiU0974MADwUAOw==');
14	+ die($img_bin);
15	+ } elseif (isset($_GET["no_error_reporting"]))
16	+ @error_reporting(0);
17	+
18	+ define("GOTMLS_plugin_dir", "gotmls");
19	+ define("GOTMLS_Version", "4.14.47");
20	+ define("GOTMLS_require_version", "3.0");
21	+ define("GOTMLS_Failed_to_list_LANGUAGE", __("Failed to list files in directory!",'gotmls'));
22	+ define("GOTMLS_Run_Complete_Scan_LANGUAGE", __("Run Complete Scan",'gotmls'));
23	+ define("GOTMLS_Run_Quick_Scan_LANGUAGE", __("Run Quick Scan",'gotmls'));
24	+ define("GOTMLS_View_Quarantine_LANGUAGE", __("View Quarantine",'gotmls'));
25	+ define("GOTMLS_Tested_your_site_LANGUAGE", __("Tested your site. It appears we didn't break anything",'gotmls'));
26	+ define("GOTMLS_require_version_LANGUAGE", sprintf(__("This Plugin requires WordPress version %s or higher",'gotmls'), GOTMLS_require_version));
27	+ define("GOTMLS_Scan_Settings_LANGUAGE", __("Scan Settings",'gotmls'));
28	+ define("GOTMLS_Loading_LANGUAGE", __("Loading, Please Wait ...",'gotmls'));
29	+ define("GOTMLS_too_long_LANGUAGE", __("If this is taking too long, click here.",'gotmls'));
30	+ define("GOTMLS_Could_not_find_server_LANGUAGE", __("Could not find server!",'gotmls'));
31	+ define("GOTMLS_Plugin_Updates_LANGUAGE", __("Plugin Updates for WP",'gotmls'));
32	+ define("GOTMLS_Searching_updates_LANGUAGE", __("Searching for updates ...",'gotmls'));
33	+ define("GOTMLS_Definition_Updates_LANGUAGE", __("Definition Updates",'gotmls'));
34	+ define("GOTMLS_Please_donate_LANGUAGE", __("Please make a donation for the use of this wonderful feature!",'gotmls'));
35	+ define("GOTMLS_update_images_path", "/wp-content/plugins/update/images/");
36	+ define("GOTMLS_siteurl", get_option("siteurl"));
37	+ if (isset($_SERVER["DOCUMENT_ROOT"]) && strpos($_SERVER["DOCUMENT_ROOT"], GOTMLS_local_images_path) === 0)
38	+ define("GOTMLS_images_path", str_replace($_SERVER["DOCUMENT_ROOT"], "", GOTMLS_local_images_path));
39	+ else
40	+ define("GOTMLS_images_path", GOTMLS_siteurl.str_replace("update", basename(dirname(GOTMLS_local_images_path)), GOTMLS_update_images_path));
41	+ define("GOTMLS_installation_key", md5(GOTMLS_siteurl));
42	+ $GLOBALS["GOTMLS_mt"] = ((isset($_GET["mt"])&&is_numeric($_GET["mt"]))?$_GET["mt"]:microtime(true));
43	+ define("GOTMLS_script_URI", preg_replace('/\&(last_)?mt=[0-9\.]+/','', str_replace('&', '&', htmlspecialchars($_SERVER["REQUEST_URI"], ENT_QUOTES))).'&mt='.$GLOBALS["GOTMLS_mt"]);
44	+ $GLOBALS["GOTMLS"] = get_option('GOTMLS_scan_log/'.(isset($_SERVER["REMOTE_ADDR"])?$_SERVER["REMOTE_ADDR"]:"0.0.0.0").'/'.$GLOBALS["GOTMLS_mt"], array());
45	+ $GOTMLS_loop_execution_time = 60;
46	+ $GOTMLS_chmod_file = (0644);
47	+ $GOTMLS_chmod_dir = (0755);
48	+ $GOTMLS_file_contents = "";
49	+ $GOTMLS_new_contents = "";
50	+ $GOTMLS_onLoad = "";
51	+ $GOTMLS_default_ext = "ieonly.";
52	+ $GOTMLS_encode = '/[\?\-a-z\: \.\=\/A-Z\&\_]/';
53	+ $GOTMLS_threat_files = array("htaccess"=>".htaccess","timthumb"=>"thumb.php");
54	+ $GOTMLS_core_files = array("wp_login"=>"/wp-login.php");
55	+ $GOTMLS_threat_levels = array(__("htaccess Threats",'gotmls')=>"htaccess",__("TimThumb Exploits",'gotmls')=>"timthumb",__("Backdoor Scripts",'gotmls')=>"backdoor",__("Known Threats",'gotmls')=>"known",__("WP-Login Updates",'gotmls')=>"wp_login",__("Potential Threats",'gotmls')=>"potential");
56	+ $GOTMLS_image_alt = array("wait"=>"...", "checked"=>"✔", "blocked"=>"X", "question"=>"?", "threat"=>"!");
57	+ $GOTMLS_threats_found = array();
58	+ $GOTMLS_dir_at_depth = array();
59	+ $GOTMLS_dirs_at_depth = array();
60	+ $GOTMLS_scanfiles = array();
61	+ $GOTMLS_skip_ext = array("png", "jpg", "jpeg", "gif", "bmp", "tif", "tiff", "psd", "fla", "flv", "mov", "mp3", "exe", "zip", "pdf", "css", "pot", "po", "mo", "so", "doc", "docx", "svg", "ttf");
62	+ $GOTMLS_skip_dirs = array(".", "..");
63	+ $GOTMLS_settings_array = get_option('GOTMLS_settings_array', array());
64	+ if (!(isset($GOTMLS_settings_array["msg_position"]) && is_array($GOTMLS_settings_array["msg_position"]) && count($GOTMLS_settings_array["msg_position"]) == 4))
65	+ $GOTMLS_settings_array["msg_position"] = array('80px', '40px', '400px', '600px');
66	+ if (!isset($GOTMLS_settings_array["menu_group"]))
67	+ $GOTMLS_settings_array["menu_group"] = 0;
68	+ if (!isset($GOTMLS_settings_array["scan_what"]))
69	+ $GOTMLS_settings_array["scan_what"] = 2;
70	+ if (!isset($GOTMLS_settings_array["scan_depth"]))
71	+ $GOTMLS_settings_array["scan_depth"] = -1;
72	+ if (!(isset($GOTMLS_settings_array["exclude_ext"]) && is_array($GOTMLS_settings_array["exclude_ext"])))
73	+ $GOTMLS_settings_array["exclude_ext"] = $GOTMLS_skip_ext;
74	+ if (!isset($GOTMLS_settings_array["check_custom"]))
75	+ $GOTMLS_settings_array["check_custom"] = "";
76	+ if (!(isset($GOTMLS_settings_array['exclude_dir']) && is_array($GOTMLS_settings_array['exclude_dir'])))
77	+ $GOTMLS_settings_array["exclude_dir"] = array();
78	+ $GOTMLS_total_percent = 0;
79	+ $GOTMLS_HeadersError = "";
80	+ function GOTMLS_admin_notices() {
81	+ global $GOTMLS_HeadersError;
82	+ if ($GOTMLS_HeadersError)
83	+ echo $GOTMLS_HeadersError;
84	+ }
85	+
86	+ function GOTMLS_array_recurse($array1, $array2) {
87	+ foreach ($array2 as $key => $value) {
88	+ if (!isset($array1[$key]) \|\| (isset($array1[$key]) && !is_array($array1[$key])))
89	+ $array1[$key] = array();
90	+ if (is_array($value))
91	+ $value = GOTMLS_array_recurse($array1[$key], $value);
92	+ $array1[$key] = $value;
93	+ }
94	+ return $array1;
95	+ }
96	+
97	+ function GOTMLS_array_replace_recursive($array1 = array()) {
98	+ $args = func_get_args();
99	+ $array1 = $args[0];
100	+ if (!is_array($array1))
101	+ $array1 = array();
102	+ for ($i = 1; $i < count($args); $i++)
103	+ if (is_array($args[$i]))
104	+ $array1 = GOTMLS_array_recurse($array1, $args[$i]);
105	+ return $array1;
106	+ }
107	+
108	+ function GOTMLS_update_scan_log($scan_log) {
109	+ if (is_array($scan_log)) {
110	+ $GLOBALS["GOTMLS"] = GOTMLS_array_replace_recursive($GLOBALS["GOTMLS"], $scan_log);
111	+ if (isset($GLOBALS["GOTMLS"]["scan"]["percent"]) && is_numeric($GLOBALS["GOTMLS"]["scan"]["percent"]) && ($GLOBALS["GOTMLS"]["scan"]["percent"] >= 100))
112	+ $GLOBALS["GOTMLS"]["scan"]["finish"] = time();
113	+ if (isset($GLOBALS["GOTMLS"]["scan"]))
114	+ update_option('GOTMLS_scan_log/'.(isset($_SERVER["REMOTE_ADDR"])?$_SERVER["REMOTE_ADDR"]:"0.0.0.0").'/'.$GLOBALS["GOTMLS_mt"], $GLOBALS["GOTMLS"]);
115	+ }
116	+ }
117	+
118	+ function GOTMLS_loaded() {
119	+ global $GOTMLS_HeadersError;
120	+ if (headers_sent($filename, $linenum)) {
121	+ if (!$filename)
122	+ $filename = __("an unknown file",'gotmls');
123	+ if (!is_numeric($linenum))
124	+ $linenum = __("unknown",'gotmls');
125	+ $GOTMLS_HeadersError = '<div class="error">'.sprintf(__('<b>Headers already sent</b> in %1$s on line %2$s.<br />This is not a good sign, it may just be a poorly written plugin but Headers should not have been sent at this point.<br />Check the code in the above mentioned file to fix this problem.','gotmls'), $filename, $linenum).'</div>';
126	+ } elseif (!session_id() && isset($_GET["eli"])) { @session_start(); $_SESSION["GOTMLS_debug"]=array();}
127	+ }
128	+
129	+ if (!function_exists("add_action")) {
130	+ GOTMLS_loaded();
131	+ GOTMLS_admin_notices();
132	+ }
133	+
134	+ function GOTMLS_fileperms($file) {
135	+ $perms = fileperms($file);
136	+ if (($perms & 0xC000) == 0xC000) {
137	+ $info = 's'; // Socket
138	+ } elseif (($perms & 0xA000) == 0xA000) {
139	+ $info = 'l'; // Symbolic Link
140	+ } elseif (($perms & 0x8000) == 0x8000) {
141	+ $info = '-'; // Regular
142	+ } elseif (($perms & 0x6000) == 0x6000) {
143	+ $info = 'b'; // Block special
144	+ } elseif (($perms & 0x4000) == 0x4000) {
145	+ $info = 'd'; // Directory
146	+ } elseif (($perms & 0x2000) == 0x2000) {
147	+ $info = 'c'; // Character special
148	+ } elseif (($perms & 0x1000) == 0x1000) {
149	+ $info = 'p'; // FIFO pipe
150	+ } else
151	+ $info = 'u'; // Unknown
152	+ // Owner
153	+ $info .= (($perms & 0x0100) ? 'r' : '-');
154	+ $info .= (($perms & 0x0080) ? 'w' : '-');
155	+ $info .= (($perms & 0x0040) ? (($perms & 0x0800) ? 's' : 'x' ) : (($perms & 0x0800) ? 'S' : '-'));
156	+ // Group
157	+ $info .= (($perms & 0x0020) ? 'r' : '-');
158	+ $info .= (($perms & 0x0010) ? 'w' : '-');
159	+ $info .= (($perms & 0x0008) ? (($perms & 0x0400) ? 's' : 'x' ) : (($perms & 0x0400) ? 'S' : '-'));
160	+ // World
161	+ $info .= (($perms & 0x0004) ? 'r' : '-');
162	+ $info .= (($perms & 0x0002) ? 'w' : '-');
163	+ $info .= (($perms & 0x0001) ? (($perms & 0x0200) ? 't' : 'x' ) : (($perms & 0x0200) ? 'T' : '-'));
164	+ return $info;
165	+ }
166	+
167	+ function GOTMLS_get_ext($filename) {
168	+ $nameparts = explode(".", ".$filename");
169	+ return strtolower($nameparts[(count($nameparts)-1)]);
170	+ }
171	+
172	+ function GOTMLS_check_threat($check_threats, $file='UNKNOWN') {
173	+ global $GOTMLS_threats_found, $GOTMLS_new_contents, $GOTMLS_file_contents;
174	+ $GOTMLS_threats_found = array();
175	+ if (is_array($check_threats)) {
176	+ foreach ($check_threats as $threat_name=>$threat_definitions) {
177	+ if (isset($_SESSION["GOTMLS_debug"])){ $_SESSION["GOTMLS_debug"]["threat_name"] = $threat_name;
178	+ $_SESSION["GOTMLS_debug"]["last"]["threat_name"] = microtime(true);}
179	+ if (is_array($threat_definitions) && count($threat_definitions) > 1 && strlen(array_shift($threat_definitions)) == 5) {
180	+ while ($threat_definition = array_shift($threat_definitions)) {
181	+ if ($found = @preg_match_all($threat_definition, $GOTMLS_file_contents, $threats_found)) {
182	+ foreach ($threats_found[0] as $find) {
183	+ $GOTMLS_threats_found[$find] = $threat_name;
184	+ $GOTMLS_new_contents = str_replace($find, "", $GOTMLS_new_contents);
185	+ }
186	+ }
187	+ }
188	+ }
189	+ if (isset($_SESSION["GOTMLS_debug"])){ $file_time = round(microtime(true) - $_SESSION["GOTMLS_debug"]["last"]["threat_name"], 6);
190	+ if (isset($_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["total"]))
191	+ $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["total"] += $file_time;
192	+ else
193	+ $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["total"] = $file_time;
194	+ if (isset($_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["count"]))
195	+ $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["count"] ++;
196	+ else
197	+ $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["count"] = 1;
198	+ if (!isset($_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["least"]) \|\| $file_time < $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["least"])
199	+ $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["least"] = $file_time;
200	+ if (!isset($_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["most"]) \|\| $file_time > $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["most"])
201	+ $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["most"] = $file_time;}
202	+ }
203	+ } elseif (strlen($check_threats) && isset($_GET['eli']) && substr($check_threats, 0, 1) == '/' && ($found = preg_match_all($check_threats, $GOTMLS_file_contents, $threats_found))) {
204	+ foreach ($threats_found[0] as $find) {
205	+ $GOTMLS_threats_found[$find] = "known";
206	+ $GOTMLS_new_contents = str_replace($find, "", $GOTMLS_new_contents);
207	+ }
208	+ }
209	+ if (isset($_SESSION["GOTMLS_debug"])){ $file_time = round(microtime(true) - $_SESSION["GOTMLS_debug"]["last"]["threat_level"], 6);
210	+ if (isset($_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_level"]]["total"]))
211	+ $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_level"]]["total"] += $file_time;
212	+ else
213	+ $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_level"]]["total"] = $file_time;
214	+ if (isset($_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_level"]]["count"]))
215	+ $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_level"]]["count"] ++;
216	+ else
217	+ $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_level"]]["count"] = 1;
218	+ if (!isset($_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_level"]]["least"]) \|\| $file_time < $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_level"]]["least"])
219	+ $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_level"]]["least"] = $file_time;
220	+ if (!isset($_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_level"]]["most"]) \|\| $file_time > $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_level"]]["most"])
221	+ $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_level"]]["most"] = $file_time;}
222	+ return count($GOTMLS_threats_found);
223	+ }
224	+
225	+ function GOTMLS_scanfile($file) {
226	+ global $GOTMLS_core_files, $wp_version, $GOTMLS_quarantine_dir, $GOTMLS_threat_levels, $GOTMLS_threat_files, $GOTMLS_definitions_array, $GOTMLS_threats_found, $GOTMLS_chmod_file, $GOTMLS_chmod_dir, $GOTMLS_settings_array, $GOTMLS_file_contents, $GOTMLS_new_contents;
227	+ $GOTMLS_threats_found = array();
228	+ $found = false;
229	+ $threat_link = "";
230	+ $className = "scanned";
231	+ $clean_file = GOTMLS_encode($file);
232	+ if (is_file($file) && ($filesize = filesize($file)) && ($GOTMLS_file_contents = @file_get_contents($file))) {
233	+ foreach ($GOTMLS_definitions_array["whitelist"] as $whitelist_file=>$non_threats) {
234	+ if (isset($non_threats[0])) {
235	+ $updated = $non_threats[0];
236	+ unset($non_threats[0]);
237	+ } else
238	+ $updated = "A0002";
239	+ if (is_array($non_threats) && count($non_threats) && substr(str_replace("\\", "/", $file), (-1 * strlen($whitelist_file))) == str_replace("\\", "/", $whitelist_file)) {
240	+ if (in_array(md5($GOTMLS_file_contents).'O'.$filesize, array_keys($non_threats), true))
241	+ return GOTMLS_return_threat($className, "checked.gif?$className", $file, $threat_link);
242	+ elseif (in_array(md5($GOTMLS_file_contents), $non_threats, true)) {
243	+ if (!(isset($GOTMLS_definitions_array["whitelist"][''.GOTMLS_get_ext($file)][0]) && $GOTMLS_definitions_array["whitelist"][''.GOTMLS_get_ext($file)][0] >= $updated))
244	+ $GOTMLS_definitions_array["whitelist"][''.GOTMLS_get_ext($file)][0] = $updated;
245	+ $GOTMLS_definitions_array["whitelist"][''.GOTMLS_get_ext($file)][md5($GOTMLS_file_contents).'O'.$filesize] = $updated;
246	+ unset($GOTMLS_definitions_array["whitelist"][$whitelist_file]);
247	+ update_option("GOTMLS_definitions_array", $GOTMLS_definitions_array);
248	+ return GOTMLS_return_threat($className, "checked.gif?$className", $file, $threat_link);
249	+ }
250	+ }
251	+ }
252	+ $GOTMLS_new_contents = $GOTMLS_file_contents;
253	+ if (isset($GLOBALS["GOTMLS"]["settings"]["check_custom"]) && strlen($GLOBALS["GOTMLS"]["settings"]["check_custom"]) && isset($_GET['eli']) && substr($GLOBALS["GOTMLS"]["settings"]["check_custom"], 0, 1) == '/' && ($found = GOTMLS_check_threat($GLOBALS["GOTMLS"]["settings"]["check_custom"]))) //don't use this without registration
254	+ $className = "known";
255	+ else {
256	+ if (isset($_SESSION["GOTMLS_debug"])){ $_SESSION["GOTMLS_debug"]["file"] = $file;
257	+ $_SESSION["GOTMLS_debug"]["last"]["total"] = microtime(true);}
258	+ foreach ($GOTMLS_threat_levels as $threat_level) {
259	+ if (isset($_SESSION["GOTMLS_debug"])){ $_SESSION["GOTMLS_debug"]["threat_level"] = $threat_level;
260	+ $_SESSION["GOTMLS_debug"]["last"]["threat_level"] = microtime(true);}
261	+ if (in_array($threat_level, $GLOBALS["GOTMLS"]["settings"]["check"]) && !$found && isset($GOTMLS_definitions_array[$threat_level]) && (!array_key_exists($threat_level,$GOTMLS_core_files) \|\| (substr($file."e", (-1 * strlen($GOTMLS_core_files[$threat_level]."e"))) == $GOTMLS_core_files[$threat_level]."e")) && (!array_key_exists($threat_level,$GOTMLS_threat_files) \|\| ((GOTMLS_get_ext($file) == "gotmls" && isset($_GET["eli"]) && $_GET["eli"] == "quarantine")?(substr(GOTMLS_decode(array_pop(explode(".", '.'.substr($file, strlen(dirname($file))+1, -7))))."e", (-1 * strlen($GOTMLS_threat_files[$threat_level]."e"))) == $GOTMLS_threat_files[$threat_level]."e"):(substr($file."e", (-1 * strlen($GOTMLS_threat_files[$threat_level]."e"))) == $GOTMLS_threat_files[$threat_level]."e"))) && ($found = GOTMLS_check_threat($GOTMLS_definitions_array[$threat_level],$file)))
262	+ $className = $threat_level;
263	+ }
264	+ if (isset($_SESSION["GOTMLS_debug"])){ $file_time = round(microtime(true) - $_SESSION["GOTMLS_debug"]["last"]["total"], 5);
265	+ if (isset($_SESSION["GOTMLS_debug"]["total"]["total"]))
266	+ $_SESSION["GOTMLS_debug"]["total"]["total"] += $file_time;
267	+ else
268	+ $_SESSION["GOTMLS_debug"]["total"]["total"] = $file_time;
269	+ if (isset($_SESSION["GOTMLS_debug"]["total"]["count"]))
270	+ $_SESSION["GOTMLS_debug"]["total"]["count"] ++;
271	+ else
272	+ $_SESSION["GOTMLS_debug"]["total"]["count"] = 1;
273	+ if (!isset($_SESSION["GOTMLS_debug"]["total"]["least"]) \|\| $file_time < $_SESSION["GOTMLS_debug"]["total"]["least"])
274	+ $_SESSION["GOTMLS_debug"]["total"]["least"] = $file_time;
275	+ if (!isset($_SESSION["GOTMLS_debug"]["total"]["most"]) \|\| $file_time > $_SESSION["GOTMLS_debug"]["total"]["most"])
276	+ $_SESSION["GOTMLS_debug"]["total"]["most"] = $file_time;}
277	+ }
278	+ } else {
279	+ $GOTMLS_file_contents = (filesize($file)?__("Failed to read file contents!",'gotmls').' '.(is_readable($file)?'(file_is_readable)':(file_exists($file)?(isset($_GET["eli"])?(@chmod($file, $GOTMLS_chmod_file)?'chmod':'read-only'):'(file_not_readable)'):'(does_not_exist)')):__("Empty file!",'gotmls'));
280	+ // $threat_link = GOTMLS_error_link($GOTMLS_file_contents, $file);
281	+ $className = "errors";
282	+ }
283	+ if (count($GOTMLS_threats_found)) {
284	+ $threat_link = '<a target="GOTMLS_iFrame" href="'.GOTMLS_script_URI.'&GOTMLS_scan='.$clean_file.'" id="list_'.$clean_file.'" onclick="loadIframe(\''.str_replace("\"", """, '<div style="float: left;">Examine File ... </div><div style="overflow: hidden; position: relative; height: 20px;"><div style="position: absolute; right: 0px; text-align: right; width: 9000px;">'.GOTMLS_strip4java($file)).'</div></div>\');" class="GOTMLS_plugin">';
285	+ if (isset($_POST["GOTMLS_fix"]) && is_array($_POST["GOTMLS_fix"]) && in_array($clean_file, $_POST["GOTMLS_fix"])) {
286	+ $file_date = explode(".", array_pop(GOTMLS_explode_dir($file)));
287	+ if (GOTMLS_get_ext($file) == "gotmls" && GOTMLS_trailingslashit($GOTMLS_quarantine_dir) == substr($file, 0, strlen(GOTMLS_trailingslashit($GOTMLS_quarantine_dir)))) {
288	+ if ($_POST["GOTMLS_fixing"] > 1 && @unlink($file))
289	+ $GOTMLS_file_contents = "";
290	+ elseif (count($file_date) > 1 && $GOTMLS_new_contents = @file_get_contents($file))
291	+ $file = GOTMLS_decode($file_date[count($file_date)-2]);
292	+ else
293	+ $GOTMLS_file_contents = "";
294	+ } elseif (isset($GOTMLS_threat_files[$className]) && GOTMLS_get_ext($GOTMLS_threat_files[$className]) == "php") {
295	+ $project = str_replace("_", "-", $className);
296	+ $source = wp_remote_get("http://$project.googlecode.com/svn/trunk/$project.php");
297	+ if (is_array($source) && isset($source["body"]) && strlen($source["body"]) > 500)
298	+ $GOTMLS_new_contents = $source["body"].$GOTMLS_new_contents;
299	+ else
300	+ $GOTMLS_file_contents = "";
301	+ } elseif (isset($GOTMLS_core_files[$className])) {
302	+ $source = wp_remote_get("http://core.svn.wordpress.org/tags/".$wp_version.$GOTMLS_core_files[$className]);
303	+ if (is_array($source) && isset($source["body"]) && strlen($source["body"]) > 500)
304	+ $GOTMLS_new_contents = $source["body"];
305	+ else
306	+ $GOTMLS_file_contents = "";
307	+ if (file_exists(dirname(__FILE__).'/../../../../wp-config.php')) {
308	+ $config = @file_get_contents(dirname(__FILE__).'/../../../../wp-config.php');
309	+ $head = "<?php if (file_exists(dirname(__FILE__).'/wp-content/plugins/gotmls/safe-load/wp-login.php')) require(dirname(__FILE__).'/wp-content/plugins/gotmls/safe-load/wp-login.php'); // Load Security Patch by GOTMLS.NET before the WordPress bootstrap. ?>";
310	+ if (strlen($config) && $head != substr($config, 0, strlen($head)))
311	+ @file_put_contents(dirname(__FILE__).'/../../../../wp-config.php', $head.$config);
312	+ }
313	+ } else
314	+ $GOTMLS_new_contents = trim(preg_replace('/<\?(php)?\s*(\?>\|$)/i', "", $GOTMLS_new_contents));
315	+ if (strlen($GOTMLS_file_contents) > 0 && ((@GOTMLS_file_put_contents(GOTMLS_quarantine($file), $GOTMLS_file_contents) !== false) \|\| ((is_writable(dirname(GOTMLS_quarantine($file))) \|\| (($GOTMLS_chmod_dir = fileperms(dirname(GOTMLS_quarantine($file)))) && ($chmoded_quarantine = @chmod(dirname(GOTMLS_quarantine($file)), 0777)))) && (@GOTMLS_file_put_contents(GOTMLS_quarantine($file), $GOTMLS_file_contents) !== false) && !($chmoded_quarantine && !@chmod(dirname(GOTMLS_quarantine($file)), $GOTMLS_chmod_dir)))) && (((strlen($GOTMLS_new_contents)==0 && isset($_GET["eli"]) && @unlink($file)) \|\| (@GOTMLS_file_put_contents($file, $GOTMLS_new_contents) !== false) \|\| ((is_writable(dirname($file)) \|\| (($GOTMLS_chmod_dir = fileperms(dirname($file))) && ($chmoded_dir = @chmod(dirname($file), 0777)))) && (is_writable($file) \|\| (($GOTMLS_chmod_file = fileperms($file)) && ($chmoded_file = @chmod($file, 0666)))) && (@GOTMLS_file_put_contents($file, $GOTMLS_new_contents) !== false) && !($chmoded_dir && !@chmod(dirname($file), $GOTMLS_chmod_dir)) && !($chmoded_file && !@chmod($file, $GOTMLS_chmod_file)))))) {
316	+ echo ' Success!';
317	+ return "/-->"."/\nfixedFile('$clean_file');\n/<!--"."/";
318	+ } elseif ($_POST["GOTMLS_fixing"] > 1 && $GOTMLS_file_contents == "") {
319	+ echo ' Deleted!';
320	+ return "/-->"."/\nfixedFile('$clean_file');\n/<!--"."/";
321	+ } else {
322	+ echo ' Failed!';
323	+ if (isset($_GET["eli"]))
324	+ print_r(array(get_current_user().'='.getmyuid().',gid='.getmygid().']<pre>[file_stat'=>stat($file),"strlen"=>strlen($GOTMLS_file_contents),'write_quarantine'=>((@GOTMLS_file_put_contents(GOTMLS_quarantine($file), $GOTMLS_file_contents) !== false)?'wrote_backup_file':'failed_write='.(file_exists(GOTMLS_quarantine($file))?GOTMLS_quarantine($file).GOTMLS_fileperms(GOTMLS_quarantine($file)):dirname(GOTMLS_quarantine($file)).GOTMLS_fileperms(dirname(GOTMLS_quarantine($file))))),"dir_writable"=>(is_writable(dirname($file))?'Yes':(@chmod(dirname($file), $GOTMLS_chmod_dir)?"chmod($GOTMLS_chmod_dir)":'read-only')),"file_writable"=>(is_writable($file)?"GOTMLS_file_put_contents($file):".((@GOTMLS_file_put_contents($file, $GOTMLS_new_contents) !== false)?'wrote_new':'failed_write'):fileperms($file).(chmod($file, 0664)?", chmod($file, $GOTMLS_chmod_file), ".GOTMLS_fileperms($file):'read-only')), "unlink"=>(strlen($GOTMLS_new_contents)==0?(@unlink($file)?'unlinked':'failed_delete'):'strlen:'.strlen($GOTMLS_new_contents)).'</pre>'));
325	+ return "/-->"."/\nfailedFile('$clean_file');\n/<!--"."/";
326	+ }
327	+ }
328	+ if ($className == "errors") {
329	+ $threat_link = GOTMLS_error_link($GOTMLS_file_contents, $file);
330	+ $imageFile = "/blocked";
331	+ } elseif ($className != "potential") {
332	+ $threat_link = '<input type="checkbox" name="GOTMLS_fix[]" value="'.$clean_file.'" id="check_'.$clean_file.(($className != "wp_login")?'" checked="'.$className:'').'" />'.$threat_link;
333	+ $imageFile = "threat";
334	+ } else
335	+ $imageFile = "question";
336	+ return GOTMLS_return_threat($className, $imageFile, $file, str_replace("GOTMLS_plugin", "GOTMLS_plugin $className", $threat_link));
337	+ } elseif (isset($_POST["GOTMLS_fix"]) && is_array($_POST["GOTMLS_fix"]) && in_array($clean_file, $_POST["GOTMLS_fix"])) {
338	+ $file_date = explode(".", array_pop(GOTMLS_explode_dir($file)));
339	+ if (GOTMLS_get_ext($file) == "gotmls" && GOTMLS_trailingslashit($GOTMLS_quarantine_dir) == substr($file, 0, strlen(GOTMLS_trailingslashit($GOTMLS_quarantine_dir)))) {
340	+ if ($_POST["GOTMLS_fixing"] > 1 && @unlink($file)) {
341	+ $GOTMLS_file_contents = "";
342	+ $msg = __("Deleted!",'gotmls');
343	+ echo " $msg";
344	+ return "/-->"."/\nfixedFile('$clean_file');\n/<!--"."/";
345	+ } elseif (count($file_date) > 1 && @rename($file, GOTMLS_decode($file_date[count($file_date)-2]))) {
346	+ $msg = __("Restored!",'gotmls');
347	+ echo " $msg";
348	+ return "/-->"."/\nfixedFile('$clean_file');\n/<!--"."/";
349	+ } else {
350	+ $msg = __("Restore Failed!",'gotmls');
351	+ echo " $msg";
352	+ return "";
353	+ }
354	+ } else {
355	+ $msg = __("Already Fixed!",'gotmls');
356	+ echo " $msg";
357	+ return "/-->"."/\nfixedFile('$clean_file');\n/<!--"."/";
358	+ }
359	+ } else
360	+ return GOTMLS_return_threat($className, ($className=="scanned"?"checked":"blocked").".gif?$className", $file, $threat_link);
361	+ }
362	+
363	+ function GOTMLS_remove_dots($dir) {
364	+ if ($dir != "." && $dir != "..")
365	+ return $dir;
366	+ }
367	+
368	+ function GOTMLS_getfiles($dir) {
369	+ $files = false;
370	+ if (is_dir($dir)) {
371	+ if (function_exists("scandir"))
372	+ $files = @scandir($dir);
373	+ if (is_array($files))
374	+ $files = array_filter($files, "GOTMLS_remove_dots");
375	+ elseif ($handle = @opendir($dir)) {
376	+ $files = array();
377	+ while (false !== ($entry = readdir($handle)))
378	+ if ($entry != "." && $entry != "..")
379	+ $files[] = "$entry";
380	+ closedir($handle);
381	+ } else {
382	+ $error = error_get_last();
383	+ $files .= (is_readable($dir)?(is_array($error) && isset($error["message"])?$error["message"]:"readable? "):(isset($_GET["eli"]) && @chmod($dir, 0775)?"chmod ":"readonly ")).GOTMLS_fileperms($dir);
384	+ }
385	+ }
386	+ return $files;
387	+ }
388	+
389	+ function GOTMLS_encode($unencoded_string) {
390	+ if (function_exists("base64_encode"))
391	+ $encoded_string = base64_encode($unencoded_string);
392	+ elseif (function_exists("mb_convert_encoding"))
393	+ $encoded_string = mb_convert_encoding($unencoded_string, "BASE64", "UTF-8");
394	+ else
395	+ $encoded_string = "Cannot encode: $unencoded_string function_exists: ";
396	+ $encoded_array = explode("=", $encoded_string.'=');
397	+ return strtr($encoded_array[0], "+/", "-_").(count($encoded_array)-1);
398	+ }
399	+
400	+ function GOTMLS_decode($encoded_string) {
401	+ $encoded_string = strtr(substr($encoded_string, 0, -1), "-_", "+/").str_repeat("=", intval('0'.substr($encoded_string, -1)));
402	+ if (function_exists("base64_decode"))
403	+ return base64_decode($encoded_string);
404	+ elseif (function_exists("mb_convert_encoding"))
405	+ return mb_convert_encoding($encoded_string, "UTF-8", "BASE64");
406	+ else
407	+ return "Cannot decode: $encoded_string";
408	+ }
409	+
410	+ function GOTMLS_return_threat($className, $imageFile, $fileName, $link = "") {
411	+ global $GOTMLS_image_alt;
412	+ $fileNameJS = GOTMLS_strip4java(str_replace(dirname($GLOBALS["GOTMLS"]["scan"]["dir"]), "...", $fileName));
413	+ $fileName64 = GOTMLS_encode($fileName);
414	+ $li_js = "/-->"."/";
415	+ if ($className != "scanned")
416	+ $li_js .= "\n$className++;\ndivx=document.getElementById('found_$className');\nif (divx) {\n\tvar newli = document.createElement('li');\n\tnewli.innerHTML='<img src=\"".GOTMLS_images_path.$imageFile.".gif\" height=16 width=16 alt=\"".$GOTMLS_image_alt[$imageFile]."\" style=\"float: left;\" id=\"$imageFile"."_$fileName64\">".GOTMLS_strip4java($link).$fileNameJS.($link?"</a>';\n\tdivx.display='block';":"';")."\n\tdivx.appendChild(newli);\n}";
417	+ if ($className == "errors")
418	+ $li_js .= "\ndivx=document.getElementById('wait_$fileName64');\nif (divx) {\n\tdivx.src='".GOTMLS_images_path."blocked.gif';\n\tdirerrors++;\n}";
419	+ elseif (is_file($fileName))
420	+ $li_js .= "\nscanned++;\n";
421	+ if ($className == "dir")
422	+ $li_js .= "\ndivx=document.getElementById('wait_$fileName64');\nif (divx)\n\tdivx.src='".GOTMLS_images_path."checked.gif';";
423	+ return $li_js."\n/<!--"."/";
424	+ }
425	+
426	+ function GOTMLS_slash($dir = __file__) {
427	+ if (substr($dir.' ', 1, 1) == ':' \|\| substr($dir.' ', 0, 1) == "\\")
428	+ return "\\";
429	+ else
430	+ return '/';
431	+ }
432	+
433	+ function GOTMLS_trailingslashit($dir = "") {
434	+ if (substr(' '.$dir, -1) != GOTMLS_slash($dir))
435	+ $dir .= GOTMLS_slash($dir);
436	+ return $dir;
437	+ }
438	+
439	+ function GOTMLS_explode_dir($dir, $pre = '') {
440	+ if (strlen($pre))
441	+ $dir = GOTMLS_slash($dir).$pre.$dir;
442	+ return explode(GOTMLS_slash($dir), $dir);
443	+ }
444	+
445	+ function GOTMLS_quarantine($file) {
446	+ global $GOTMLS_quarantine_dir;
447	+ if (!isset($GOTMLS_quarantine_dir)) {
448	+ $upload = wp_upload_dir();
449	+ $err403 = '<html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don\'t have permission to access this directory.</p></body></html>';
450	+ $GOTMLS_quarantine_dir = GOTMLS_trailingslashit($upload['basedir']).'quarantine';
451	+ if (!is_dir($GOTMLS_quarantine_dir) && !@mkdir($GOTMLS_quarantine_dir))
452	+ $GOTMLS_quarantine_dir = $upload['basedir'];
453	+ if (is_file(GOTMLS_trailingslashit($upload['basedir']).'.htaccess') && file_get_contents(GOTMLS_trailingslashit($upload['basedir']).'.htaccess') == 'Options -Indexes')
454	+ if (!@unlink(GOTMLS_trailingslashit($upload['basedir']).'.htaccess'))
455	+ @GOTMLS_file_put_contents(GOTMLS_trailingslashit($upload['basedir']).'.htaccess', '');
456	+ if (!is_file(GOTMLS_trailingslashit($GOTMLS_quarantine_dir).'.htaccess'))
457	+ @GOTMLS_file_put_contents(GOTMLS_trailingslashit($GOTMLS_quarantine_dir).'.htaccess', 'Options -Indexes');
458	+ if (!is_file(GOTMLS_trailingslashit($upload['basedir']).'index.php'))
459	+ @GOTMLS_file_put_contents(GOTMLS_trailingslashit($upload['basedir']).'index.php', $err403);
460	+ if (!is_file(GOTMLS_trailingslashit($GOTMLS_quarantine_dir).'index.php'))
461	+ @GOTMLS_file_put_contents(GOTMLS_trailingslashit($GOTMLS_quarantine_dir).'index.php', $err403);
462	+ }
463	+ return GOTMLS_trailingslashit($GOTMLS_quarantine_dir).GOTMLS_sexagesimal().'.'.GOTMLS_encode($file).'.GOTMLS';
464	+ }
465	+
466	+ function GOTMLS_update_status($status, $percent = -1) {
467	+ if (!(isset($GLOBALS["GOTMLS"]["scan"]["start"]) && is_numeric($GLOBALS["GOTMLS"]["scan"]["start"])))
468	+ $GLOBALS["GOTMLS"]["scan"]["start"] = time();
469	+ $microtime = ceil(time()-$GLOBALS["GOTMLS"]["scan"]["start"]);
470	+ GOTMLS_update_scan_log(array("scan" => array("microtime" => $microtime, "percent" => $percent)));
471	+ return "/-->"."/\nupdate_status('".GOTMLS_strip4java($status)."', $microtime, $percent);\n/<!--"."/";
472	+ }
473	+
474	+ function GOTMLS_flush($tag = "") {
475	+ $output = "";
476	+ if (!(isset($_GET["eli"]) && $_GET["eli"]=="debug") && ($output = @ob_get_contents())) {
477	+ @ob_clean();
478	+ $output = preg_replace('/\/\\<\!--\\/(.?)\/\--\>\\//s', "", "$output/-->*"."/");
479	+ }
480	+ echo "$output\n//flushed()\n";
481	+ if ($tag)
482	+ echo "\n</$tag>\n";
483	+ if (@ob_get_length())
484	+ @ob_flush();
485	+ if ($tag)
486	+ echo "<$tag>\n/<!--"."/";
487	+ }
488	+
489	+ function GOTMLS_readdir($dir, $current_depth = 1) {
490	+ global $GOTMLS_quarantine_dir, $GOTMLS_loop_execution_time, $GOTMLS_scanfiles, $GOTMLS_skip_dirs, $GOTMLS_skip_ext, $GOTMLS_dirs_at_depth, $GOTMLS_dir_at_depth, $GOTMLS_total_percent;
491	+ if ($dir != $GOTMLS_quarantine_dir \|\| $current_depth == 1) {
492	+ @set_time_limit($GOTMLS_loop_execution_time);
493	+ $entries = GOTMLS_getfiles($dir);
494	+ if (is_array($entries)) {
495	+ echo GOTMLS_return_threat("dirs", "wait", $dir).GOTMLS_update_status(sprintf(__("Preparing %s",'gotmls'), str_replace(dirname($GLOBALS["GOTMLS"]["scan"]["dir"]), "...", $dir)), $GOTMLS_total_percent);
496	+ $files = array();
497	+ $directories = array();
498	+ foreach ($entries as $entry) {
499	+ if (is_dir(GOTMLS_trailingslashit($dir).$entry))
500	+ $directories[] = $entry;
501	+ else
502	+ $files[] = $entry;
503	+ }
504	+ if (isset($_GET["eli"]) && $_GET["eli"] == "trace" && count($files)) {
505	+ $tracer_code = "(base64_decode('".base64_encode('if(isset($_SERVER["REMOTE_ADDR"]) && $_SERVER["REMOTE_ADDR"] == "'.$_SERVER["REMOTE_ADDR"].'" && is_file("'.GOTMLS_local_images_path.'../safe-load/trace.php")) {include_once("'.GOTMLS_local_images_path.'../safe-load/trace.php");GOTMLS_debug_trace(__FILE__);}')."'));";
506	+ foreach ($files as $file)
507	+ if (GOTMLS_get_ext($file) =="php" && $filecontents = @file_get_contents(GOTMLS_trailingslashit($dir).$file))
508	+ @GOTMLS_file_put_contents(GOTMLS_trailingslashit($dir).$file, preg_replace('/^<\?php(?! eval)/is', '<?php eval'.$tracer_code, $filecontents));
509	+ }
510	+ if ($_REQUEST["scan_type"] == "Quick Scan") {
511	+ $GOTMLS_dirs_at_depth[$current_depth] = count($directories);
512	+ $GOTMLS_dir_at_depth[$current_depth] = 0;
513	+ } else
514	+ $GOTMLS_scanfiles[GOTMLS_encode($dir)] = GOTMLS_strip4java(str_replace(dirname($GLOBALS["GOTMLS"]["scan"]["dir"]), "...", $dir));
515	+ foreach ($directories as $directory) {
516	+ $path = GOTMLS_trailingslashit($dir).$directory;
517	+ if (isset($_REQUEST["scan_depth"]) && is_numeric($_REQUEST["scan_depth"]) && ($_REQUEST["scan_depth"] != $current_depth) && !in_array($directory, $GOTMLS_skip_dirs)) {
518	+ $current_depth++;
519	+ $current_depth = GOTMLS_readdir($path, $current_depth);
520	+ } else {
521	+ echo GOTMLS_return_threat("skipdirs", "blocked", $path);
522	+ $GOTMLS_dir_at_depth[$current_depth]++;
523	+ }
524	+ }
525	+ if ($_REQUEST["scan_type"] == "Quick Scan") {
526	+ $echo = "";
527	+ echo GOTMLS_update_status(sprintf(__("Scanning %s",'gotmls'), str_replace(dirname($GLOBALS["GOTMLS"]["scan"]["dir"]), "...", $dir)), $GOTMLS_total_percent);
528	+ GOTMLS_flush("script");
529	+ foreach ($files as $file)
530	+ echo GOTMLS_check_file(GOTMLS_trailingslashit($dir).$file);
531	+ echo GOTMLS_return_threat("dir", "checked", $dir);
532	+ }
533	+ } else
534	+ echo GOTMLS_return_threat("errors", "blocked", $dir, GOTMLS_error_link(GOTMLS_Failed_to_list_LANGUAGE.' readdir:'.($entries===false?'(FALSE)':$entries)));
535	+ @set_time_limit($GOTMLS_loop_execution_time);
536	+ if ($current_depth-- && $_REQUEST["scan_type"] == "Quick Scan") {
537	+ $GOTMLS_dir_at_depth[$current_depth]++;
538	+ for ($GOTMLS_total_percent = 0, $depth = $current_depth; $depth >= 0; $depth--) {
539	+ echo "\n//(($GOTMLS_total_percent / $GOTMLS_dirs_at_depth[$depth]) + ($GOTMLS_dir_at_depth[$depth] / $GOTMLS_dirs_at_depth[$depth])) = ";
540	+ $GOTMLS_total_percent = (($GOTMLS_dirs_at_depth[$depth]?($GOTMLS_total_percent / $GOTMLS_dirs_at_depth[$depth]):0) + ($GOTMLS_dir_at_depth[$depth] / ($GOTMLS_dirs_at_depth[$depth]+1)));
541	+ echo "$GOTMLS_total_percent\n";
542	+ }
543	+ $GOTMLS_total_percent = floor($GOTMLS_total_percent * 100);
544	+ echo GOTMLS_update_status(sprintf(__("Scanned %s",'gotmls'), str_replace(dirname($GLOBALS["GOTMLS"]["scan"]["dir"]), "...", $dir)), $GOTMLS_total_percent);
545	+ }
546	+ GOTMLS_flush("script");
547	+ }
548	+ return $current_depth;
549	+ }
550	+
551	+ function GOTMLS_sexagesimal($timestamp = 0) {
552	+ if (!is_numeric($timestamp) && strlen($timestamp) == 5) {
553	+ foreach (str_split($timestamp) as $bit)
554	+ $timestamp .= "-".substr("00".(ord($bit)>96?ord($bit)-61:(ord($bit)>64?ord($bit)-55:ord($bit)-48)), -2);
555	+ return substr($timestamp, -14);
556	+ } else {
557	+ if (preg_match('/^[0-5][0-9]-[0-1][0-9]-[0-3][0-9]-[0-2][0-9]-[0-5][0-9]$/', $timestamp))
558	+ $date = $timestamp;
559	+ elseif (is_numeric($timestamp) && strlen(trim($timestamp.' ')) == 10)
560	+ $date = preg_replace('/^([0-9]{2})([0-9]{2})([0-9]{2})([0-9]{2})([0-9]{2})$/', "\\1-\\2-\\3-\\4-\\5", $timestamp);
561	+ else
562	+ $date = date("y-m-d-H-i", time());
563	+ foreach (explode("-", $date) as $bit)
564	+ $date .= (intval($bit)>35?chr(ord("a")+intval($bit)-36):(intval($bit)>9?chr(ord("A")+intval($bit)-10):substr('0'.$bit, -1)));
565	+ return substr($date, -5);
566	+ }
567	+ }
568	+
569	+ if (!function_exists('ur1encode')) { function ur1encode($url) {
570	+ global $GOTMLS_encode;
571	+ return preg_replace($GOTMLS_encode, '\'%\'.substr(\'00\'.strtoupper(dechex(ord(\'\0\'))),-2);', $url);
572	+ }}
573	+
574	+ function GOTMLS_strip4java($item) {
575	+ return preg_replace("/\\\\/", "\\\\\\\\", preg_replace("/(?<!\\\\)'/", "'+\"'\"+'", str_replace("\n", "", $item)));
576	+ }
577	+
578	+ function GOTMLS_error_link($errorTXT, $file = "", $class = "errors") {
579	+ if ($file)
580	+ $clean_file = 'loadIframe(\''.str_replace("\"", """, '<div style="float: left;">Examine File ... </div><div style="overflow: hidden; position: relative; height: 20px;"><div style="position: absolute; right: 0px; text-align: right; width: 9000px;">'.GOTMLS_strip4java($file)).'</div></div>\');" href="'.GOTMLS_script_URI.'&GOTMLS_scan='.GOTMLS_encode($file);
581	+ else
582	+ $clean_file = 'return false;';
583	+ return "<a title=\"$errorTXT\" target=\"GOTMLS_iFrame\" onclick=\"$clean_file\" class=\"GOTMLS_plugin $class\">";
584	+ }
585	+
586	+ function GOTMLS_check_file($file) {
587	+ global $GOTMLS_skip_ext;
588	+ $filesize = @filesize($file);
589	+ echo "/-->"."/\ndocument.getElementById('status_text').innerHTML='Checking ".GOTMLS_strip4java($file)." ($filesize bytes)';\n/<!--"."/";
590	+ if (GOTMLS_get_ext($file) == "bad")
591	+ echo GOTMLS_return_threat("bad", (@rename($file, GOTMLS_quarantine(substr($file, 0, -4)))?"checked":"blocked"), $file);
592	+ elseif (GOTMLS_get_ext($file) == "gotmls" && !(isset($_GET["eli"]) && $_GET["eli"] == "quarantine"))
593	+ echo GOTMLS_return_threat("bad", "checked", GOTMLS_decode(substr(array_pop(GOTMLS_explode_dir($file)), 0, -7)));
594	+ elseif (in_array(GOTMLS_get_ext($file), $GOTMLS_skip_ext))
595	+ echo GOTMLS_return_threat("skipped", "blocked", $file, GOTMLS_error_link(__("Skipped because of file extention!",'gotmls'), $file, "potential"));
596	+ elseif ($filesize===false)
597	+ echo GOTMLS_return_threat("errors", "blocked", $file, GOTMLS_error_link(__("Failed to determine file size!",'gotmls'), $file));
598	+ elseif (($filesize==0) \|\| ($filesize>((isset($_GET["eli"])&&is_numeric($_GET["eli"]))?$_GET["eli"]:1234567)))
599	+ echo GOTMLS_return_threat("skipped", "blocked", $file, GOTMLS_error_link(__("Skipped because of file size!",'gotmls')." ($filesize bytes)", $file, "potential"));
600	+ else {
601	+ try {
602	+ echo @GOTMLS_scanfile($file);
603	+ } catch (Exception $e) {
604	+ die("//Exception:".$e);
605	+ }
606	+ }
607	+ echo "/-->"."/\ndocument.getElementById('status_text').innerHTML='Checked ".GOTMLS_strip4java($file)."';\n/<!--"."/";
608	+ }
609	+
610	+ function GOTMLS_scandir($dir) {
611	+ global $GOTMLS_skip_ext;
612	+ echo "/<!--"."/".GOTMLS_update_status(sprintf(__("Scanning %s",'gotmls'), str_replace(dirname($GLOBALS["GOTMLS"]["scan"]["dir"]), "...", $dir)));
613	+ GOTMLS_flush();
614	+ $li_js = "/-->"."/\nscanNextDir(-1);\n/<!--"."/";
615	+ if (isset($_GET["GOTMLS_skip_dir"]) && $dir == GOTMLS_decode($_GET["GOTMLS_skip_dir"])) {
616	+ if (isset($_GET["GOTMLS_only_file"]) && strlen($_GET["GOTMLS_only_file"]))
617	+ echo GOTMLS_return_threat("errors", "blocked", GOTMLS_trailingslashit($dir).GOTMLS_decode($_GET["GOTMLS_only_file"]), GOTMLS_error_link("Failed to read this file!", GOTMLS_trailingslashit($dir).GOTMLS_decode($_GET["GOTMLS_only_file"])));
618	+ else
619	+ echo GOTMLS_return_threat("errors", "blocked", $dir, GOTMLS_error_link(__("Failed to read directory!",'gotmls')));
620	+ } else {
621	+ $files = GOTMLS_getfiles($dir);
622	+ if (is_array($files)) {
623	+ if (isset($_GET["GOTMLS_only_file"])) {
624	+ if (strlen($_GET["GOTMLS_only_file"])) {
625	+ $path = GOTMLS_trailingslashit($dir).GOTMLS_decode($_GET["GOTMLS_only_file"]);
626	+ if (is_file($path)) {
627	+ GOTMLS_check_file($path);
628	+ echo GOTMLS_return_threat("dir", "checked", $path);
629	+ }
630	+ } else {
631	+ foreach ($files as $file) {
632	+ $path = GOTMLS_trailingslashit($dir).$file;
633	+ if (is_file($path)) {
634	+ $file_ext = GOTMLS_get_ext($file);
635	+ $filesize = @filesize($path);
636	+ if (in_array($file_ext, $GOTMLS_skip_ext) \|\| ($filesize==0) \|\| ($filesize>((isset($_GET["eli"])&&is_numeric($_GET["eli"]))?$_GET["eli"]:1234567)))
637	+ echo GOTMLS_return_threat("skipped", "blocked", $path, GOTMLS_error_link(sprintf(__('Skipped because of file size (%1$s bytes) or file extention (%2$s)!','gotmls'), $filesize, $file_ext), $file, "potential"));
638	+ else
639	+ echo "/-->"."/\nscanfilesArKeys.push('".GOTMLS_encode($dir)."&GOTMLS_only_file=".GOTMLS_encode($file)."');\nscanfilesArNames.push('Re-Checking ".GOTMLS_strip4java($path)."');\n/<!--"."/".GOTMLS_return_threat("dirs", "wait", $path);
640	+ }
641	+ }
642	+ echo GOTMLS_return_threat("dir", "question", $dir);
643	+ }
644	+ } else {
645	+ foreach ($files as $file) {
646	+ $path = GOTMLS_trailingslashit($dir).$file;
647	+ if (is_file($path)) {
648	+ if (isset($_GET["GOTMLS_skip_file"]) && is_array($_GET["GOTMLS_skip_file"]) && in_array($path, $_GET["GOTMLS_skip_file"])) {
649	+ $li_js .= "/-->"."/\n//skipped $path;\n/<!--"."/";
650	+ if ($path == $_GET["GOTMLS_skip_file"][count($_GET["GOTMLS_skip_file"])-1])
651	+ echo GOTMLS_return_threat("errors", "blocked", $path, GOTMLS_error_link(__("Failed to read file!",'gotmls'), $path));
652	+ } else {
653	+ GOTMLS_check_file($path);
654	+ }
655	+ }
656	+ }
657	+ echo GOTMLS_return_threat("dir", "checked", $dir);
658	+ }
659	+ } else
660	+ echo GOTMLS_return_threat("errors", "blocked", $dir, GOTMLS_error_link(GOTMLS_Failed_to_list_LANGUAGE.' scandir:'.($files===false?' (FALSE)':$files)));
661	+ }
662	+ echo GOTMLS_update_status(sprintf(__("Scanned %s",'gotmls'), str_replace(dirname($GLOBALS["GOTMLS"]["scan"]["dir"]), "...", $dir)));
663	+ GOTMLS_update_scan_log(array("scan" => array("finish" => time())));
664	+ return $li_js;
665	+ }
666	+
667	+ function GOTMLS_reset_settings($item, $key) {
668	+ global $GOTMLS_settings_array;
669	+ $key_parts = explode("_", $key."_");
670	+ if (strlen($key_parts[0]) != 4 && $key_parts[0] != "exclude")
671	+ unset($GOTMLS_settings_array[$key]);
672	+ }
673	+
674	+ $GOTMLS_quarantine_dir = dirname(GOTMLS_quarantine(__FILE__));
675	+ $GOTMLS_default_ext .= "com";
676	+ $GOTMLS_encode .= substr($GOTMLS_default_ext, 0, 2);
677	+ if(!isset($_SERVER["SERVER_NAME"]) \|\| !$_SERVER["SERVER_NAME"]) {
678	+ if(!isset($_ENV["SERVER_NAME"]))
679	+ getenv("SERVER_NAME");
680	+ $_SERVER["SERVER_NAME"] = $_ENV["SERVER_NAME"];
681	+ }
682	+ if(!isset($_SERVER["SERVER_PORT"]) \|\| !$_SERVER["SERVER_PORT"]) {
683	+ if(!isset($_ENV["SERVER_PORT"]))
684	+ getenv("SERVER_PORT");
685	+ $_SERVER["SERVER_PORT"] = $_ENV["SERVER_PORT"];
686	+ }
687	+ $GOTMLS_protocol = "http";
688	+ if ((isset($_SERVER["HTTPS"]) && ($_SERVER["HTTPS"] == "on" \|\| $_SERVER["HTTPS"] == 1)) \|\| 'ssl'.$_SERVER["SERVER_PORT"] == 'ssl443')
689	+ $GOTMLS_protocol .= "s";
690	+ $GOTMLS_plugin_home = $GOTMLS_protocol.'://wordpress.'.$GOTMLS_default_ext;
691	+ $GOTMLS_update_home = $GOTMLS_protocol."://gotmls.net/";
692	+ $definition_version = "A0000";
693	+ $GOTMLS_definitions_array = maybe_unserialize(GOTMLS_decode('YToyOntzOjk6InBvdGVudGlhbCI7YToxMTp7czo0OiJldmFsIjthOjI6e2k6MDtzOjU6IkNDSUdHIjtpOjE7czoyNzoiL1teYS16XC8nIl1ldmFsXCguK1wpWztdKi9pIjt9czo5OiJhdXRoX3Bhc3MiO2E6Mjp7aTowO3M6NToiQ0NJR0ciO2k6MTtzOjI0OiIvXCRhdXRoX3Bhc3NbID1cdF0rLis7L2kiO31zOjIxOiJkb2N1bWVudC53cml0ZSBpZnJhbWUiO2E6Mjp7aTowO3M6NToiQ0NJR0ciO2k6MTtzOjUyOiIvZG9jdW1lbnRcLndyaXRlXChbJyJdPGlmcmFtZSAuKzxcL2lmcmFtZT5bJyJdXCk7Ki9pIjt9czoxNToicHJlZ19yZXBsYWNlIC9lIjthOjI6e2k6MDtzOjU6IkNDSUdHIjtpOjE7czo1MDoiL3ByZWdfcmVwbGFjZVsgXHRdKlwoLitbXC9cI1x8XVtpXSplW2ldKlsnIl0uK1wpL2kiO31zOjIwOiJleGVjIHN5c3RlbSBwYXNzdGhydSI7YToyOntpOjA7czo1OiJDQ0lHRyI7aToxO3M6NTg6Ii9cPFw_KC4rPylleGVjXCgoLis_KXN5c3RlbVwoKC4rPylwYXNzdGhydVwoLitmd3JpdGVcKC4rL3MiO31zOjI5OiJFeHRlcm5hbCBSZWRpcmVjdCBSZXdyaXRlUnVsZSI7YToyOntpOjA7czo1OiJDQ1ZFNCI7aToxO3M6MzA6Ii9SZXdyaXRlUnVsZSBbXiBdKyBodHRwXDpcL1wvLyI7fXM6MzU6Im5vIGVycm9yX3JlcG9ydGluZyBsb25nIGxpbmVzIGFsb25lIjthOjI6e2k6MDtzOjU6IkQzNUJhIjtpOjE7czo3OToiLzxcPyhwaHApKltcclxuXHQgXEBdKmVycm9yX3JlcG9ydGluZ1woMFwpOy4rP1thLXowLTlcL1wtXD0nIlwuXF17MjAwMH0uKj9cPz4vaSI7fXM6MjI6InByb3RlY3RlZCBieSBjb3B5cmlnaHQiO2E6Mjp7aTowO3M6NToiRDhNQ3ciO2k6MTtzOjEzNjoiL1wvXCogVGhpcyBmaWxlIGlzIHByb3RlY3RlZCBieSBjb3B5cmlnaHQgbGF3IGFuZCBwcm92aWRlZCB1bmRlciBsaWNlbnNlLiBSZXZlcnNlIGVuZ2luZWVyaW5nIG9mIHRoaXMgZmlsZSBpcyBzdHJpY3RseSBwcm9oaWJpdGVkLiBcKlwvLyI7fXM6MTk6ImEgc3BhbiBjb2xvciBGMUVGRTQiO2E6Mjp7aTowO3M6NToiRDhSQVAiO2k6MTtzOjExODoiL1w8YSBbXlw-XStcPlw8c3BhbiBzdHlsZT0iY29sb3JcOlwjRjFFRkU0OyJcPiguKz8pXDxcL3NwYW5cPlw8XC9hXD5cPHNwYW4gc3R5bGU9ImNvbG9yXDpcI0YxRUZFNDsiXD4oLis_KVw8XC9zcGFuXD4vaSI7fXM6MTc6IlZhcmlhYmxlIEZ1bmN0aW9uIjthOjI6e2k6MDtzOjU6IkU4NTZMIjtpOjE7czo2NzoiLyg8IVxkKVwkW1wkXHtdKlthLXpcLVxfMC05XStbXH0gXHRdKihcW1teXF1dK1xdWyBcdF0qKSpcKC4qP1wpXDsvaSI7fXM6MTE6IlRhZ2dlZCBDb2RlIjthOjI6e2k6MDtzOjU6IkU0TE1HIjtpOjE7czoyNDoiL1wjKFx3KylcIy4rP1wjXC9cMVwjL2lzIjt9fXM6OToid2hpdGVsaXN0IjthOjI6e3M6MzoicGhwIjthOjE3OntpOjA7czo1OiJFN0VNdiI7czozODoiNTg3M2NkMWNlYTYxMDgyMDJkMjEzNDdmMDFmMDRkY2ZPODE3MjgiO3M6NToiRDc1OXAiO3M6Mzk6IjAxMzYzNzI4Yzg0M2ZmOTNlOTZiNjk4M2NlMzhlYmE2TzE5NTYxOCI7czo1OiJENUE4MyI7czozODoiZDVmM2M5Y2FmZjE0ZDU3Yzg2MDhkNzhkYjAwOTRiZTBPNzM2NDMiO3M6NToiRDc1RDkiO3M6Mzg6IjU3YWY0OTgxOGJiYjk0OWRjMGFjNjM4NjczODY1NWJiTzI1ODUyIjtzOjU6IkQ3SkQ5IjtzOjM4OiJkNDk0MDQyNjBkNzlhNGNjMzc1NWMwMGY1NWRlMjA4OU8yNTY2MiI7czo1OiJEOFY4QSI7czozNzoiODY2MWZlMmJmYTU5OTVmNTQ2YTMzMDQ3ZTkwMzg1NmNPMTEzNiI7czo1OiJESUNGQyI7czozODoiODEyNWQ0MmM0YmU1NDNmODc0ZWE1ZjZhMWI1YmRlNTVPMjU4OTQiO3M6NToiRElDRkQiO3M6Mzk6ImVkZGI1ZmRhNzRkNDFkYmRhYzAxODE2NzUzNmQ4ZDUzTzIzMTMzOCI7czo1OiJESUNGRSI7czozODoiYzE1YTRkNWMzODM0NDRiOTVkMjg1NTlmODM0ODExMWRPMjI1ODgiO3M6NToiRTFSMnYiO3M6Mzg6ImUyMDgzOWM1NTlhNjZjN2NmNjI4NjUzYmEyNDg0ZWFlTzI2Mzk1IjtzOjU6IkUxUjJ4IjtzOjM4OiJmMzM4MmVjMTVjMDMwYmQzMmUyOTNmYWYzNDk3ZTI1M08xMTIyNiI7czo1OiJFMjMwQyI7czozNzoiMjhhOTJmNDY0OThkMzJiOWE3NGM1ODQ3Zjc1YzkxMmVPNzM5OSI7czo1OiJFMjMwQyI7czozNzoiZjAwYWFmMDFmZjAyZDU3NTZjMjY3YmNmOTIwZTRjMjhPMTU0MCI7czo1OiJFMkFNZiI7czozODoiNTdjNjQ3ZDkzZmJkNDc4NjhiODdiOTIxYmVlNjNhZjhPMjYzNzYiO3M6NToiRTVFRG8iO3M6Mzk6IjhlMmFmNDg4NmRjODFhNWQ5Mjg5ODY1YmJiODEzZWQxTzE5NTYxNyI7czo1OiJFNUlOUCI7czozNzoiZjgwZDllZjRiN2JmZDllZjU0MmQ5MDg3YTFkYjJhZTlPMjAxMCI7czo1OiJFN0VNdiI7fXM6MjoianMiO2E6Mjk6e2k6MDtzOjU6IkU5RzhqIjtzOjM3OiI1NTRiYzc2YzcwMzUxMTg3ZjRjZTA1ZGRjMDEyYWFlZE80Nzc2IjtzOjU6IkQ2NjdYIjtzOjM3OiI5YTljMTI1ODE0Yjk3MTU5ODJkMjQ2YTFlZTc4MDg0Zk81MzQ1IjtzOjU6IkQ2NjdYIjtzOjM4OiJlMzZhMDg2MTIzNzU2NDEyMjkzMjMxYWVhZDE3ZjI0Zk8zNzYyOSI7czo1OiJENzVBSCI7czozNzoiYTM4YWM1MjY2OTI0OTM4YTRmZjU1MTQzNjljNmI0MGRPNDY3NCI7czo1OiJENzVBSiI7czozNzoiMTA0M2ExZDdkODRlZTU2Zjg4MzFhNjBjZGZjNWRjMjhPNzA3NyI7czo1OiJENzVEUyI7czozODoiNmVjMTUwYjc5ODdjYWFlZjk4YjU5Yzg3YjlmNDcxYmVPMTE4NDIiO3M6NToiRTFSMm4iO3M6Mzg6IjYxNDdjY2VlN2FlZjlkYzBjNmViMTBkOGQ3YjMxMWY5TzcwODgzIjtzOjU6IkUxUjJ3IjtzOjM3OiJiYTMyOTM5NzBlMTNiMDNhMmVhOTJmNWI2YjViZjU0NE8zMzc3IjtzOjU6IkUyMk5xIjtzOjM3OiI2M2IwYWVkOWIwMmY4NzlhNmUwMjk1ZmJlYTdkYjg1NE80NzAyIjtzOjU6IkUyMzBEIjtzOjM3OiJlZjQxODhjYjBiNjBhNzIwMTdmNGM4YTFlODQwYWIxZU8yOTUwIjtzOjU6IkUyNDlMIjtzOjM3OiJmYjhiZjY3ODVlNTVlOWUzOWJlYTU1MjYzNWM0MmE2NE8zMjcwIjtzOjU6IkUyNjBDIjtzOjM5OiJhY2IzMzMyOWI5ZWY4YWFiZDhiZDczMTQyNjgwM2U0ZU8yMzI0ODIiO3M6NToiRTI2MEUiO3M6Mzg6IjZjZWI2NDc1OTI1ODhiY2Y0NjNiZWZkOTQwOGUyN2FkTzEyMDI1IjtzOjU6IkUyNjBIIjtzOjM3OiI1YTMxODI3N2ZlZGY0OTFhMDMwMWUxNzdhOWVmMTBiM080OTA4IjtzOjU6IkUyNjBKIjtzOjM4OiJkYmMzODA4NDczZGVmMDBmY2U0NWZlNTY0ZGM3MmRjYk8xNDcyMCI7czo1OiJFMjYwSyI7czozNzoiYjk4OWE1YmQ4NGY2ZWJjYmMxMzkzZWMwMDNlNmU5OTFPNDk2OSI7czo1OiJFMjdFRyI7czozODoiMDMwYjgzODkzNzZhNDJmZjNkYTE4NmJmNjU4MDYyMTdPMTY1MzEiO3M6NToiRTI5RDIiO3M6Mzc6ImRlZjI1N2RiYjBhYjgwNWM0OTk2ZmQ4YWJiMWE2YjQ5TzY3MTciO3M6NToiRTJINW4iO3M6Mzg6Ijc0ZDkwMzA0OTY4M2U1YmJlYTljY2I3NTQ0YTQyYmNhTzE3NDEzIjtzOjU6IkU1RURxIjtzOjM4OiI2MDNiZDE0Mjk5ZjYxYTczMjliMmQzNTNiMmI1NmMyZk8zNzY4OSI7czo1OiJFNUVEcCI7czozNzoiMDQyNmIzOTc1NGFhNmJjNzY2ZDg5ZWE0YzQxYmJkMDZPMzQ1NyI7czo1OiJFNUVEeCI7czozODoiZWFkYzU4MzI1MTNkNTY3MDg4NGE5NzVjNmRlMTBmMDFPMTk2MTUiO3M6NToiRTdVTUEiO3M6Mzg6IjM4ZGJjYzkyNTUyOTM2ODgxMmY1YzJmYmNiMzg5NjE2TzE0OTY1IjtzOjU6IkU3VU1CIjtzOjM3OiJhMWMxODIyN2U2ZTkzNzk4YzQ5M2FlZDk2ZWU2Y2M4NE8zMjY3IjtzOjU6IkU3VU1CIjtzOjM3OiIwNzgzODhhNjQzMWFhNWIwODM4YTg3MzJkMTg3ZmUyOU84OTEzIjtzOjU6IkU4QUFwIjtzOjM3OiJmM2IxYjI4NDI0MzZmN2EzMTFiMzllNGVmNGI0N2Y1OU80MzUyIjtzOjU6IkU4QkJVIjtzOjM3OiJkNzA5NDA2MTlhOTlkNTU1MTE2MTY3ZDRmYjM5Y2ExNU80Mzk3IjtzOjU6IkU5Q0x4IjtzOjM4OiJjYmRiZmM5MTg0ZDI4YWM1NWY4M2MwYjBkZjQwZmQ0M083OTQxNCI7czo1OiJFOUc4aiI7fX191'));
694	+
695	+ function GOTMLS_file_put_contents($file, $content) {
696	+ if (function_exists("file_put_contents"))
697	+ return file_put_contents($file, $content);
698	+ elseif ($fp = fopen($file, 'w')) {
699	+ fwrite($fp, $content);
700	+ fclose($fp);
701	+ return true;
702	+ } else
703	+ return false;
704	+ }
705	+
706	+ function GOTMLS_scan_log() {
707	+ global $wpdb;
708	+ if ($rs = $wpdb->get_row("SELECT substring_index(option_name, '/', -1) AS `mt`, option_name, option_value FROM `$wpdb->options` where option_name like 'GOTMLS_scan_log/%' ORDER BY mt DESC LIMIT 1", ARRAY_A))
709	+ $GOTMLS_scan_log = (isset($rs["option_name"])?get_option($rs["option_name"], array()):array());
710	+ $units = array("seconds"=>60,"minutes"=>60,"hours"=>24,"days"=>365,"years"=>10);
711	+ if (isset($GOTMLS_scan_log["scan"]["start"]) && is_numeric($GOTMLS_scan_log["scan"]["start"])) {
712	+ $time = (time() - $GOTMLS_scan_log["scan"]["start"]);
713	+ $ukeys = array_keys($units);
714	+ for ($unit = $ukeys[0], $key=0; (isset($units[$ukeys[$key]]) && $key < (count($ukeys) - 1) && $time >= $units[$ukeys[$key]]); $unit = $ukeys[++$key])
715	+ $time = floor($time/$units[$ukeys[$key]]);
716	+ if (1 == $time)
717	+ $unit = substr($unit, 0, -1);
718	+ $LastScan = "started $time $unit ago";
719	+ if (isset($GOTMLS_scan_log["scan"]["finish"]) && is_numeric($GOTMLS_scan_log["scan"]["finish"]) && ($GOTMLS_scan_log["scan"]["finish"] >= $GOTMLS_scan_log["scan"]["start"])) {
720	+ $time = ($GOTMLS_scan_log["scan"]["finish"] - $GOTMLS_scan_log["scan"]["start"]);
721	+ for ($unit = $ukeys[0], $key=0; (isset($units[$ukeys[$key]]) && $key < (count($ukeys) - 1) && $time >= $units[$ukeys[$key]]); $unit = $ukeys[++$key])
722	+ $time = floor($time/$units[$ukeys[$key]]);
723	+ if (1 == $time)
724	+ $unit = substr($unit, 0, -1);
725	+ $LastScan .= " and ran for $time $unit";// (".print_r(array("scan"=>$GOTMLS_scan_log["scan"]),1).")";
726	+ } else
727	+ $LastScan .= " and has not finish";// (".(isset($rs["mt"])?$rs["mt"]:")");
728	+ } else
729	+ $LastScan = "never started ";
730	+ return "Last ".(isset($GOTMLS_scan_log["scan"]["type"])?$GOTMLS_scan_log["scan"]["type"]:"Scan")." $LastScan.";
731	+ }
732	+
733	+ function GOTMLS_get_URL($URL) {
734	+ if (isset($_SERVER['HTTP_REFERER']))
735	+ $SERVER_HTTP_REFERER = $_SERVER['HTTP_REFERER'];
736	+ elseif (isset($_SERVER['HTTP_HOST']))
737	+ $SERVER_HTTP_REFERER = 'HOST://'.$_SERVER['HTTP_HOST'];
738	+ elseif (isset($_SERVER['SERVER_NAME']))
739	+ $SERVER_HTTP_REFERER = 'NAME://'.$_SERVER['SERVER_NAME'];
740	+ elseif (isset($_SERVER['SERVER_ADDR']))
741	+ $SERVER_HTTP_REFERER = 'ADDR://'.$_SERVER['SERVER_ADDR'];
742	+ else
743	+ $SERVER_HTTP_REFERER = 'NULL://not.anything.com';
744	+ $ReadFile = '';
745	+ if (function_exists('curl_init')) {
746	+ $curl_hndl = curl_init();
747	+ curl_setopt($curl_hndl, CURLOPT_URL, $URL);
748	+ curl_setopt($curl_hndl, CURLOPT_TIMEOUT, 30);
749	+ curl_setopt($curl_hndl, CURLOPT_REFERER, $SERVER_HTTP_REFERER);
750	+ if (isset($_SERVER['HTTP_USER_AGENT']))
751	+ curl_setopt($curl_hndl, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT']);
752	+ curl_setopt($curl_hndl, CURLOPT_HEADER, 0);
753	+ curl_setopt($curl_hndl, CURLOPT_RETURNTRANSFER, TRUE);
754	+ $ReadFile = curl_exec($curl_hndl);
755	+ curl_close($curl_hndl);
756	+ }
757	+ if (strlen($ReadFile) == 0 && function_exists('file_get_contents'))
758	+ $ReadFile = @file_get_contents($URL).'';
759	+ return $ReadFile;
760	+ }
761	+ ?>

images/question.gif ADDED Viewed

Binary file

images/threat.gif ADDED Viewed

Binary file

images/wait.gif ADDED Viewed

Binary file

index.php ADDED Viewed

	@@ -0,0 +1,947 @@


1	+ <?php
2	+ /*
3	+ Plugin Name: Anti-Malware and Brute-Force Security by ELI
4	+ Plugin URI: http://gotmls.net/
5	+ Author: Eli Scheetz
6	+ Text Domain: gotmls
7	+ Author URI: http://wordpress.ieonly.com/category/my-plugins/anti-malware/
8	+ Contributors: scheeeli, gotmls
9	+ Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
10	+ Description: This Anti-Virus/Anti-Malware plugin searches for Malware and other Virus like threats and vulnerabilities on your server and helps you remove them. It's always growing and changing to adapt to new threats so let me know if it's not working for you.
11	+ Version: 4.14.47
12	+ */
13	+ /* ___
14	+ * / /\ GOTMLS Main Plugin File
15	+ * / /:/ @package GOTMLS
16	+ * /__/::\
17	+ Copyright \__\/\:\__ © 2012-2014 Eli Scheetz (email: eli@gotmls.net)
18	+ * \ \:\/\
19	+ * \__\::/ This program is free software; you can redistribute it
20	+ * ___ /__/:/ and/or modify it under the terms of the GNU General Public
21	+ * /__/\ _\__\/ License as published by the Free Software Foundation;
22	+ * \ \:\ / /\ either version 2 of the License, or (at your option) any
23	+ * ___\ \:\ /:/ later version.
24	+ * / /\\ \:\/:/
25	+ / /:/ \ \::/ This program is distributed in the hope that it will be useful,
26	+ / /:/_ \__\/ but WITHOUT ANY WARRANTY; without even the implied warranty
27	+ /__/:/ /\__ of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
28	+ \ \:\/:/ /\ See the GNU General Public License for more details.
29	+ \ \::/ /:/
30	+ \ \:\/:/ You should have received a copy of the GNU General Public License
31	+ * \ \::/ with this program; if not, write to the Free Software Foundation,
32	+ * \__\/ Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
33	+
34	+ if (isset($_SERVER["SCRIPT_FILENAME"]) && __FILE__ == $_SERVER["SCRIPT_FILENAME"]) die('You are not allowed to call this page directly.<p>You could try starting <a href="http://'.$_SERVER["SERVER_NAME"].'">here</a>.');
35	+
36	+ define("GOTMLS_plugin_path", dirname(__FILE__).'/');
37	+ load_plugin_textdomain('gotmls', false, basename(GOTMLS_plugin_path).'/languages');
38	+ require_once(GOTMLS_plugin_path.'images/index.php');
39	+
40	+ function GOTMLS_install() {
41	+ global $wp_version;
42	+ if (version_compare($wp_version, GOTMLS_require_version, "<"))
43	+ die(GOTMLS_require_version_LANGUAGE);
44	+ }
45	+ register_activation_hook(__FILE__, "GOTMLS_install");
46	+
47	+ function GOTMLS_menu() {
48	+ global $GOTMLS_settings_array;
49	+ if (isset($_POST["GOTMLS_menu_group"]) && is_numeric($_POST["GOTMLS_menu_group"]) && $_POST["GOTMLS_menu_group"] != $GOTMLS_settings_array["menu_group"]) {
50	+ $GOTMLS_settings_array["menu_group"] = $_POST["GOTMLS_menu_group"];
51	+ update_option('GOTMLS_settings_array', $GOTMLS_settings_array);
52	+ }
53	+ $GOTMLS_Full_plugin_logo_URL = GOTMLS_images_path.'GOTMLS-16x16.gif';
54	+ $base_page = "GOTMLS-settings";
55	+ $base_function = "GOTMLS_settings";
56	+ $user_can = "activate_plugins";
57	+ $pluginTitle = "Anti-Malware";
58	+ $pageTitle = "$pluginTitle ".GOTMLS_Scan_Settings_LANGUAGE;
59	+ if ($GOTMLS_settings_array["menu_group"] == 2)
60	+ add_submenu_page("tools.php", $pageTitle, "<span style=\"background: url('$GOTMLS_Full_plugin_logo_URL') no-repeat; vertical-align: middle; border: 0 none; display: inline-block; height: 16px; width: 16px;\"></span> $pluginTitle", $user_can, $base_page, str_replace("-", "_", $base_page));
61	+ else {
62	+ if (is_multisite() && $GOTMLS_settings_array["menu_group"] > 2)
63	+ $user_can = "manage_network";
64	+ if (!function_exists("add_object_page") \|\| $GOTMLS_settings_array["menu_group"])
65	+ add_menu_page($pageTitle, $pluginTitle, $user_can, $base_page, $base_function, $GOTMLS_Full_plugin_logo_URL);
66	+ else
67	+ add_object_page($pageTitle, $pluginTitle, $user_can, $base_page, $base_function, $GOTMLS_Full_plugin_logo_URL);
68	+ add_submenu_page($base_page, "$pluginTitle ".GOTMLS_Scan_Settings_LANGUAGE, GOTMLS_Scan_Settings_LANGUAGE, $user_can, $base_page, $base_function);
69	+ add_submenu_page($base_page, "$pluginTitle ".GOTMLS_Run_Quick_Scan_LANGUAGE, GOTMLS_Run_Quick_Scan_LANGUAGE, $user_can, "$base_page&scan_type=Quick+Scan", $base_function);
70	+ add_submenu_page($base_page, "$pluginTitle ".GOTMLS_View_Quarantine_LANGUAGE, GOTMLS_View_Quarantine_LANGUAGE, $user_can, "$base_page&scan_type=Quarantine", $base_function);
71	+ }
72	+ }
73	+
74	+ function GOTMLS_display_header($pTitle, $optional_box = "") {
75	+ global $GOTMLS_onLoad, $GOTMLS_loop_execution_time, $GOTMLS_update_home, $GOTMLS_plugin_home, $GOTMLS_definitions_versions, $wp_version, $current_user, $GOTMLS_protocol, $GOTMLS_settings_array;
76	+ get_currentuserinfo();
77	+ $GOTMLS_url_parts = explode('/', GOTMLS_siteurl);
78	+ if (isset($_GET["check_site"]) && $_GET["check_site"] == 1)
79	+ echo '<br /><br /><div class="updated" id="check_site" style="z-index: 1234567; position: absolute; top: 1px; left: 1px; margin: 15px;"><img src="'.GOTMLS_images_path.'checked.gif" height=16 width=16 alt="✔"> '.GOTMLS_Tested_your_site_LANGUAGE.' ;-)</div><script type="text/javascript">window.parent.document.getElementById("check_site_warning").style.backgroundColor=\'#0C0\';</script><iframe style="width: 230px; height: 110px; position: absolute; right: 4px; bottom: 4px; border: none;" scrolling="no" src="http://wordpress.org/extend/plugins/GOTMLS/stats/?compatibility[version]='.$wp_version.'&compatibility[topic_version]='.GOTMLS_Version.'&compatibility[compatible]=1#compatibility-works"></iframe><a target="_blank" href="http://wordpress.org/extend/plugins/gotmls/faq/?compatibility[version]='.$wp_version.'&compatibility[topic_version]='.GOTMLS_Version.'&compatibility[compatible]=1#compatibility-works"><span style="width: 234px; height: 82px; position: absolute; right: 4px; bottom: 36px;"></span><span style="width: 345px; height: 32px; position: absolute; right: 84px; bottom: 4px;">Vote "Works" on WordPress.org -></span></a><style>#footer, #GOTMLS-Settings, #right-sidebar, #admin-page-container, #wpadminbar, #adminmenuback, #adminmenuwrap, #adminmenu {display: none !important;} #wpbody-content {padding-bottom: 0;} #wpcontent, #footer {margin-left: 5px !important;}';
80	+ else
81	+ echo '<style>#right-sidebar {float: right; margin-right: 10px; width: 290px;}';
82	+ $ver_info = GOTMLS_Version.'&p='.strtoupper(GOTMLS_plugin_dir).'&wp='.$wp_version.'&ts='.date("YmdHis").'&key='.GOTMLS_installation_key.'&d='.ur1encode(GOTMLS_siteurl);
83	+ $Update_Link = '<div style="text-align: center;"><a href="';
84	+ $new_version = "";
85	+ $file = basename(GOTMLS_plugin_path).'/index.php';
86	+ $current = get_site_transient("update_plugins");
87	+ if (isset($current->response[$file]->new_version)) {
88	+ $new_version = sprintf(__("Upgrade to %s now!",'gotmls'), $current->response[$file]->new_version).'<br /><br />';
89	+ $Update_Link .= wp_nonce_url(self_admin_url('update.php?action=upgrade-plugin&plugin=').$file, 'upgrade-plugin_'.$file);
90	+ }
91	+ $Update_Link .= "\">$new_version</a></div>";
92	+ $Definition_Updates = '?div=Definition_Updates';
93	+ foreach ($GOTMLS_definitions_versions as $definition_name=>$definition_version)
94	+ $Definition_Updates .= "&ver[$definition_name]=$definition_version";
95	+ echo '
96	+ .rounded-corners {margin: 10px; border-radius: 10px; -moz-border-radius: 10px; -webkit-border-radius: 10px; border: 1px solid #000;}
97	+ .shadowed-box {box-shadow: -3px 3px 3px #666; -moz-box-shadow: -3px 3px 3px #666; -webkit-box-shadow: -3px 3px 3px #666;}
98	+ .sidebar-box {background-color: #CCC;}
99	+ .sidebar-links {padding: 2px 5px; list-style: none;}
100	+ .sidebar-links li img {margin: 3px; height: 16px; vertical-align: middle;}
101	+ .sidebar-links li {margin-bottom: 0 !important}
102	+ .popup-box {background-color: #FFC; display: none; position: absolute; left: 0px; z-index: 10;}
103	+ .shadowed-text {text-shadow: #00F -1px 1px 1px;}
104	+ .sub-option {float: left; margin: 3px 5px;}
105	+ .inside p {margin: 10px;}
106	+ .GOTMLS_li, .GOTMLS_plugin li {list-style: none;}
107	+ .GOTMLS_plugin {margin: 5px; background: #cfc; border: 1px solid #0f0; padding: 0 5px; border-radius: 3px;}
108	+ .GOTMLS_plugin.known, .GOTMLS_plugin.backdoor, .GOTMLS_plugin.htaccess, .GOTMLS_plugin.timthumb, .GOTMLS_plugin.errors {background: #f99; border: 1px solid #f00;}
109	+ .GOTMLS_plugin.potential, .GOTMLS_plugin.wp_login, .GOTMLS_plugin.skipdirs, .GOTMLS_plugin.skipped {background: #ffc; border: 1px solid #fc6;}
110	+ .GOTMLS ul li {margin-left: 20px;}
111	+ .GOTMLS h2 {margin: 0 0 10px;}
112	+ .postbox {margin-right: 10px;}
113	+ #pastDonations li {list-style: none;}
114	+ #main-section {margin-right: 310px;}
115	+ #main-page-title {
116	+ background: url("'.$GOTMLS_protocol.'://1.gravatar.com/avatar/5feb789dd3a292d563fea3b885f786d6?s=64&r=G") no-repeat scroll 0 0 transparent;
117	+ line-height: 22px;
118	+ margin: 10px 0 0;
119	+ padding: 0 0 0 84px;}
120	+ </style>
121	+ <div id="div_file" class="shadowed-box rounded-corners sidebar-box" style="padding: 0; display: none; position: fixed; top: '.$GOTMLS_settings_array["msg_position"][1].'; left: '.$GOTMLS_settings_array["msg_position"][0].'; width: '.$GOTMLS_settings_array["msg_position"][3].'; height: '.$GOTMLS_settings_array["msg_position"][2].'; border: solid #c00; z-index: 112358;"><table style="width: 100%; height: 100%;" cellspacing="0" cellpadding="0"><tr><td style="border-bottom: 1px solid #EEEEEE;" colspan="2"><a class="rounded-corners" name="link_file" style="float: right; padding: 0 4px; margin: 6px; text-decoration: none; color: #C00; background-color: #FCC; border: solid #F00 1px;" href="#found_top" onclick="showhide(\'div_file\');">X</a><h3 onmousedown="grabDiv();" onmouseup="releaseDiv();" id="windowTitle" style="cursor: move; border-bottom: 0px none; z-index: 2345677; position: absolute; left: 0px; top: 0px; margin: 0px; padding: 6px; width: 90%; height: 20px;">'.GOTMLS_Loading_LANGUAGE.'</h3></td></tr><tr><td colspan="2" style="height: 100%"><div style="width: 100%; height: 100%; position: relative; padding: 0; margin: 0;" class="inside"><br /><br /><center><img src="'.GOTMLS_images_path.'wait.gif" height=16 width=16 alt="..."> '.GOTMLS_Loading_LANGUAGE.'<br /><br /><input type="button" onclick="showhide(\'GOTMLS_iFrame\', true);" value="'.GOTMLS_too_long_LANGUAGE.'" class="button-primary" /></center><iframe id="GOTMLS_iFrame" name="GOTMLS_iFrame" style="top: 0px; left: 0px; position: absolute; width: 100%; height: 100%; background-color: #CCC;"></iframe></td></tr><tr><td style="height: 20px;"><iframe id="GOTMLS_statusFrame" name="GOTMLS_statusFrame" style="width: 100%; height: 20px; background-color: #CCC;"></iframe></div></td><td style="height: 20px; width: 20px;"><h3 id="cornerGrab" onmousedown="grabCorner();" onmouseup="releaseCorner();" style="cursor: move; height: 24px; width: 24px; margin: 0; padding: 0; z-index: 2345678; position: absolute; right: 0px; bottom: 0px;">⇲</h3></td></tr></table></div>
122	+ <script type="text/javascript">
123	+ function showhide(id) {
124	+ divx = document.getElementById(id);
125	+ if (divx) {
126	+ if (divx.style.display == "none" \|\| arguments[1]) {
127	+ divx.style.display = "block";
128	+ divx.parentNode.className = (divx.parentNode.className+"close").replace(/close/gi,"");
129	+ return true;
130	+ } else {
131	+ divx.style.display = "none";
132	+ return false;
133	+ }
134	+ }
135	+ }
136	+ function loadIframe(title) {
137	+ showhide("GOTMLS_iFrame", true);
138	+ showhide("GOTMLS_iFrame");
139	+ document.getElementById("windowTitle").innerHTML = title;
140	+ showhide("div_file", true);
141	+ }
142	+ function cancelserver(divid) {
143	+ document.getElementById(divid).innerHTML = "<div class=\'updated\'>'.GOTMLS_Could_not_find_server_LANGUAGE.'</div>";
144	+ }
145	+ function checkupdateserver(server, divid) {
146	+ var updatescript = document.createElement("script");
147	+ updatescript.setAttribute("src", server);
148	+ divx = document.getElementById(divid);
149	+ if (divx) {
150	+ divx.appendChild(updatescript);
151	+ if (arguments[2])
152	+ return setTimeout("stopCheckingDefinitions = checkupdateserver(\'"+arguments[2]+"\',\'"+divid+"\')",15000);
153	+ else
154	+ return setTimeout("cancelserver(\'"+divid+"\')",'.($GOTMLS_loop_execution_time+1).'000+3000);
155	+ }
156	+ }
157	+ var IE = document.all?true:false;
158	+ if (!IE) document.captureEvents(Event.MOUSEMOVE)
159	+ document.onmousemove = getMouseXY;
160	+ var offsetX = 0;
161	+ var offsetY = 0;
162	+ var offsetW = 0;
163	+ var offsetH = 0;
164	+ var curX = 0;
165	+ var curY = 0;
166	+ var curDiv;
167	+ function getMouseXY(e) {
168	+ if (IE) { // grab the mouse pos if browser is IE
169	+ curX = event.clientX + document.body.scrollLeft;
170	+ curY = event.clientY + document.body.scrollTop;
171	+ } else { // grab the mouse pos if browser is Not IE
172	+ curX = e.pageX - document.body.scrollLeft;
173	+ curY = e.pageY - document.body.scrollTop;
174	+ }
175	+ if (curX < 0) {curX = 0;}
176	+ if (curY < 0) {curY = 0;}
177	+ if (offsetX && curX > 10) {curDiv.style.left = (curX - offsetX)+"px";}
178	+ if (offsetY && (curY - offsetY) > 0) {curDiv.style.top = (curY - offsetY)+"px";}
179	+ if (offsetW && (curX - offsetW) > 360) {curDiv.style.width = (curX - offsetW)+"px";}
180	+ if (offsetH && (curY - offsetH) > 200) {curDiv.style.height = (curY - offsetH)+"px";}
181	+ return true;
182	+ }
183	+ function px2num(px) {
184	+ return px.substring(0, px.length - 2);
185	+ }
186	+ function setDiv(DivID) {
187	+ curDiv=document.getElementById(DivID);
188	+ if (IE && curDiv)
189	+ DivID.style.position = "absolute";
190	+ }
191	+ function grabDiv() {
192	+ corner = document.getElementById("windowTitle");
193	+ if (corner) {
194	+ corner.style.width="100%";
195	+ corner.style.height="100%";
196	+ }
197	+ offsetX=curX-px2num(curDiv.style.left);
198	+ offsetY=curY-px2num(curDiv.style.top);
199	+ }
200	+ function releaseDiv() {
201	+ corner = document.getElementById("windowTitle");
202	+ if (corner) {
203	+ corner.style.width="90%";
204	+ corner.style.height="20px";
205	+ }
206	+ document.getElementById("GOTMLS_statusFrame").src = "'.GOTMLS_script_URI.'&GOTMLS_x="+curDiv.style.left+"&GOTMLS_y="+curDiv.style.top;
207	+ offsetX=0;
208	+ offsetY=0;
209	+ }
210	+ function grabCorner() {
211	+ corner = document.getElementById("cornerGrab");
212	+ if (corner) {
213	+ corner.style.width="100%";
214	+ corner.style.height="100%";
215	+ }
216	+ offsetW=curX-px2num(curDiv.style.width);
217	+ offsetH=curY-px2num(curDiv.style.height);
218	+ }
219	+ function releaseCorner() {
220	+ corner = document.getElementById("cornerGrab");
221	+ if (corner) {
222	+ corner.style.width="20px";
223	+ corner.style.height="20px";
224	+ }
225	+ document.getElementById("GOTMLS_statusFrame").src = "'.GOTMLS_script_URI.'&GOTMLS_w="+curDiv.style.width+"&GOTMLS_h="+curDiv.style.height;
226	+ offsetW=0;
227	+ offsetH=0;
228	+ }
229	+ setDiv("div_file");
230	+ </script>
231	+ <h1 id="main-page-title">'.$pTitle.'</h1>
232	+ <div id="right-sidebar" class="metabox-holder">
233	+ <div id="pluginupdates" class="shadowed-box stuffbox"><h3 class="hndle"><span>'.GOTMLS_Plugin_Updates_LANGUAGE.' '.$wp_version.'</span></h3>
234	+ <div id="findUpdates" class="inside"><center>'.GOTMLS_Searching_updates_LANGUAGE.'<br /><img src="'.GOTMLS_images_path.'wait.gif" height=16 width=16 alt="Wait..." /><br /><input type="button" value="Cancel" onclick="cancelserver(\'findUpdates\');" /></center></div>
235	+ '.$Update_Link.'
236	+ </div>
237	+ <script type="text/javascript">
238	+ stopCheckingUpdates = checkupdateserver("'.$GOTMLS_plugin_home.GOTMLS_update_images_path.'?js='.$ver_info.'", "findUpdates", "'.str_replace("://", "://www.", $GOTMLS_plugin_home).GOTMLS_update_images_path.'?js='.$ver_info.'");
239	+ </script>
240	+ <div id="definitionupdates" class="stuffbox shadowed-box"><h3 class="hndle"><span>'.GOTMLS_Definition_Updates_LANGUAGE.' ('.$definition_version.')</span></h3>
241	+ <script type="text/javascript">
242	+ function check_for_updates(chk) {
243	+ if (auto_img = document.getElementById("autoUpdateDownload")) {
244	+ auto_img.style.display="";
245	+ check_for_donation(chk);
246	+ }
247	+ }
248	+ function check_for_donation(chk) {
249	+ if (document.getElementById("autoUpdateDownload").src.replace(/^.+\?/,"")=="0") {
250	+ alert(chk+"\\n\\n'.GOTMLS_Please_donate_LANGUAGE.'");
251	+ if ('.str_replace("-", "", GOTMLS_sexagesimal($definition_version)).'0 > 10000000001 && chk.substr(0, 8) == "Changed " && chk.substr(8, 1) != "0")
252	+ window.open("'.$GOTMLS_update_home.GOTMLS_installation_key.'/donate/?donation-source="+chk, "_blank");
253	+ } else
254	+ alert(chk);
255	+ }
256	+ function sinupFormValidate(form) {
257	+ var error = "";
258	+ if(form["first_name"].value == "")
259	+ error += "'.__("First Name is a required field!",'gotmls').'\n";
260	+ if(form["last_name"].value == "")
261	+ error += "'.__("Last Name is a required field!",'gotmls').'\n";
262	+ if(form["user_email"].value == "")
263	+ error += "'.__("Email Address is a required field!",'gotmls').'\n";
264	+ else {
265	+ if (uem = document.getElementById("register_user_login"))
266	+ uem.value = form["user_email"].value;
267	+ if (uem = document.getElementById("register_redirect_to"))
268	+ uem.value = "/donate/?email="+form["user_email"].value.replace("@", "%40");
269	+ }
270	+ if(form["user_url"].value == "")
271	+ error += "'.__("Your WordPress Site URL is a required field!",'gotmls').'\n";
272	+ if(form["installation_key"].value == "")
273	+ error += "'.__("Plugin Installation Key is a required field!",'gotmls').'\n";
274	+ if(error != "") {
275	+ alert(error);
276	+ return false;
277	+ } else {
278	+ document.getElementById("Definition_Updates").innerHTML = \'<img src="'.GOTMLS_images_path.'wait.gif">'.__("Submitting Registration ...",'gotmls').'\';
279	+ setTimeout(\'stopCheckingDefinitions = checkupdateserver("'.$GOTMLS_update_home.$Definition_Updates.'&js='.$ver_info.'", "Definition_Updates");\', 6000);
280	+ showhide("registerKeyForm");
281	+ return true;
282	+ }
283	+ }
284	+ function downloadUpdates(dUpdates) {
285	+ foundUpdates = document.getElementById("autoUpdateForm");
286	+ if (foundUpdates)
287	+ foundUpdates.style.display = "";
288	+ }
289	+ </script>
290	+ <form id="updateform" method="post" name="updateform" action="'.GOTMLS_script_URI.'">
291	+ <img style="display: none; float: right; margin-right: 14px;" src="'.GOTMLS_images_path.'checked.gif" height=16 width=16 alt="definitions file updated" id="autoUpdateDownload" onclick="downloadUpdates(\'UpdateDownload\');">
292	+ <div id="Definition_Updates" class="inside"><center>'.__("Searching for updates ...",'gotmls').'<br /><img src="'.GOTMLS_images_path.'wait.gif" height=16 width=16 alt="Wait..." /><br /><input type="button" value="Cancel" onclick="cancelserver(\'Definition_Updates\');" /></center></div>
293	+ <div id="autoUpdateForm" style="display: none;" class="inside">
294	+ <input type="submit" name="auto_update" value="'.__("Download new definitions!",'gotmls').'">
295	+ </div>
296	+ </form>
297	+ <div id="registerKeyForm" style="display: none;" class="inside">
298	+ '.__("If you have not already registered your Key then register now and get instant access to definition updates.<p>*All fields are required and I will NOT share your registration information with anyone.</p>",'gotmls').'
299	+ <form id="registerform" onsubmit="return sinupFormValidate(this);" action="'.$GOTMLS_update_home.'wp-login.php?action=register" method="post" name="registerform" target="GOTMLS_iFrame"><input type="hidden" name="redirect_to" id="register_redirect_to" value="/donate/"><input type="hidden" name="user_login" id="register_user_login" value="">
300	+ <div>'.__("Your Full Name:",'gotmls').'</div>
301	+ <div style="float: left; width: 50%;"><input style="width: 100%;" id="first_name" type="text" name="first_name" value="'.$current_user->user_firstname.'" /></div>
302	+ <div style="float: left; width: 50%;"><input style="width: 100%;" id="last_name" type="text" name="last_name" value="'.$current_user->user_lastname.'" /></div>
303	+ <div style="clear: left; width: 100%;">
304	+ <div>'.__("A password will be e-mailed to this address:",'gotmls').'</div>
305	+ <input style="width: 100%;" id="user_email" type="text" name="user_email" value="'.$current_user->user_email.'" /></div>
306	+ <div>
307	+ <div>'.__("Your WordPress Site URL:",'gotmls').'</div>
308	+ <input style="width: 100%;" id="user_url" type="text" name="user_url" value="'.GOTMLS_siteurl.'" readonly /></div>
309	+ <div>
310	+ <div>'.__("Plugin Installation Key:",'gotmls').'</div>
311	+ <input style="width: 100%;" id="installation_key" type="text" name="installation_key" value="'.GOTMLS_installation_key.'" readonly /><input id="old_key" type="hidden" name="old_key" value="'.md5($GOTMLS_url_parts[2]).'" /></div>
312	+ <input style="width: 100%;" id="wp-submit" type="submit" name="wp-submit" value="Register Now!" /></form></div>
313	+ </div>
314	+ <script type="text/javascript">
315	+ var divNAtext = false;
316	+ function loadGOTMLS() {
317	+ clearTimeout(divNAtext);
318	+ setDivNAtext();
319	+ '.$GOTMLS_onLoad.'
320	+ }
321	+ function showRegForm() {
322	+ foundUpdates = document.getElementById("registerKeyForm");
323	+ if (foundUpdates)
324	+ foundUpdates.style.display = "block";
325	+ showRegFormTO = setTimeout("showRegForm()", 9000);
326	+ }
327	+ showRegFormTO = setTimeout("showRegForm()", 19000);
328	+ stopCheckingDefinitions = checkupdateserver("'.$GOTMLS_update_home.$Definition_Updates.'&js='.$ver_info.'", "Definition_Updates", "'.str_replace("://", "://www.", $GOTMLS_update_home).$Definition_Updates.'&js='.$ver_info.'");
329	+ if (divNAtext)
330	+ loadGOTMLS();
331	+ else
332	+ divNAtext=true;
333	+ </script>
334	+ <div id="pluginlinks" class="shadowed-box stuffbox"><h3 class="hndle"><span>'.__("Plugin Links",'gotmls').'</span></h3>
335	+ <div class="inside">
336	+ <div id="pastDonations"></div>
337	+ <form name="ppdform" id="ppdform" action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank">
338	+ <input type="hidden" name="cmd" value="_donations">
339	+ <input type="hidden" name="business" value="eli@gotmls.net">
340	+ <input type="hidden" name="no_shipping" value="1">
341	+ <input type="hidden" name="no_note" value="1">
342	+ <input type="hidden" name="currency_code" value="USD">
343	+ <input type="hidden" name="tax" value="0">
344	+ <input type="hidden" name="lc" value="US">
345	+ <input type="hidden" name="bn" value="PP-DonationsBF">
346	+ <input type="radio" name="amount" value="14.89">$14+
347	+ <input type="radio" name="amount" value="29.14" checked>$29+
348	+ <input type="radio" name="amount" value="49.75">$49+
349	+ <input type="radio" name="amount" value="76.00">$76
350	+ <input type="radio" name="amount" value="152.00">$152
351	+ <input type="hidden" name="item_name" value="Donation to Eli\'s Anti-Malware Plugin">
352	+ <input type="hidden" name="item_number" value="GOTMLS-key-'.GOTMLS_installation_key.'">
353	+ <input type="hidden" name="custom" value="key-'.GOTMLS_installation_key.'">
354	+ <input type="hidden" name="notify_url" value="'.$GOTMLS_update_home.GOTMLS_installation_key.'/ipn">
355	+ <input type="hidden" name="page_style" value="GOTMLS">
356	+ <input type="hidden" name="return" value="'.$GOTMLS_update_home.GOTMLS_installation_key.'/donate/?donation-source=paid">
357	+ <input type="hidden" name="cancel_return" value="'.$GOTMLS_update_home.GOTMLS_installation_key.'/donate/?donation-source=cancel">
358	+ <input type="image" id="pp_button" src="'.GOTMLS_images_path.'btn_donateCC_WIDE.gif" border="0" name="submitc" alt="'.__("Make a Donation with PayPal",'gotmls').'">
359	+ <div>
360	+ <ul class="sidebar-links">
361	+ <li style="float: right;"><b>on <a target="_blank" href="http://profiles.wordpress.org/scheeeli">WordPress.org</a></b><ul class="sidebar-links">
362	+ <li><a target="_blank" href="http://wordpress.org/extend/plugins/'.GOTMLS_plugin_dir.'/faq/">Plugin FAQs</a></li>
363	+ <li><a target="_blank" href="http://wordpress.org/support/plugin/'.GOTMLS_plugin_dir.'">Forum Posts</a></li>
364	+ <li><a target="_blank" href="http://wordpress.org/support/view/plugin-reviews/gotmls'.GOTMLS_plugin_dir.'">Plugin Reviews</a></li>
365	+ </ul></li>
366	+ <li><img src="'.$GOTMLS_update_home.'/favicon.ico" border="0" alt="Plugin site:"><b><a target="_blank" href="'.$GOTMLS_update_home.'">GOTMLS.NET</a></b></li>
367	+ <li><img src="'.$GOTMLS_plugin_home.'/favicon.ico" border="0" alt="Developer site:"><b><a target="_blank" href="'.$GOTMLS_plugin_home.'/category/my-plugins/anti-malware/">Eli\'s Blog</a></b></li>
368	+ <li><img src="//ssl.gstatic.com/ui/v1/icons/mail/favicon.ico" border="0" alt="mail:"><b><a target="_blank" href="mailto:eli@gotmls.net">Email Eli</a></b></li>
369	+ <li><iframe allowtransparency="true" frameborder="0" scrolling="no" src="//platform.twitter.com/widgets/follow_button.html?screen_name=GOTMLS&show_count=false" style="width:125px; height:20px;"></iframe></li>
370	+ </ul>
371	+ </div>
372	+ </form>
373	+ <a target="_blank" href="http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site='.urlencode(GOTMLS_siteurl).'">Google Safe Browsing Diagnostic</a>
374	+ </div>
375	+ </div>
376	+ '.$optional_box.'
377	+ </div>
378	+ <div id="admin-page-container">
379	+ <div id="main-section">';
380	+ }
381	+
382	+ function GOTMLS_settings() {
383	+ global $GOTMLS_quarantine_dir, $GOTMLS_definitions_array, $GOTMLS_threat_levels, $GOTMLS_scanfiles, $GOTMLS_loop_execution_time, $GOTMLS_skip_ext, $GOTMLS_skip_dirs, $GOTMLS_settings_array, $GOTMLS_dirs_at_depth, $GOTMLS_dir_at_depth, $GOTMLS_protocol;
384	+ $GOTMLS_menu_groups = array(__("Main Menu Item placed below <b>Comments</b> and above <b>Appearance</b>",'gotmls'),__("Main Menu Item placed below <b>Settings</b>",'gotmls'),__("Sub-Menu inside the <b>Tools</b> Menu Item",'gotmls'));
385	+ if (is_multisite() && current_user_can("manage_network"))
386	+ $GOTMLS_menu_groups[] = __("ONLY SHOW for <b>Network Admins</b>",'gotmls');
387	+ $GOTMLS_scan_groups = array();
388	+ $dirs = GOTMLS_explode_dir(__file__);
389	+ $scan_level = intval($GOTMLS_settings_array["scan_level"]);
390	+ $root_path = implode(GOTMLS_slash(), array_slice(GOTMLS_explode_dir(__file__), 0, (2 + $scan_level) * -1));
391	+ for ($SL=0;$SL<$scan_level;$SL++)
392	+ $GOTMLS_scan_groups[] = '<b>'.implode(GOTMLS_slash(), array_slice($dirs, -1 * (3 + $SL), 1)).'</b>';
393	+ if (isset($_POST["check"]))
394	+ $GOTMLS_settings_array["check"] = $_POST["check"];
395	+ if (isset($_POST["exclude_ext"])) {
396	+ if (strlen(trim(str_replace(",","",$_POST["exclude_ext"]).' ')) > 0)
397	+ $GOTMLS_settings_array["exclude_ext"] = preg_split('/[\s]([,]+[\s])+/', trim(str_replace('.', ',', $_POST["exclude_ext"])), -1, PREG_SPLIT_NO_EMPTY);
398	+ else
399	+ $GOTMLS_settings_array["exclude_ext"] = array();
400	+ }
401	+ if (isset($_GET['eli']) && $_GET['eli']=='quarantine')
402	+ $GOTMLS_skip_ext = $GOTMLS_settings_array["exclude_ext"];
403	+ else
404	+ $GOTMLS_skip_ext = array_merge($GOTMLS_settings_array["exclude_ext"], array("gotmls"));
405	+ if (isset($_POST["exclude_dir"])) {
406	+ if (strlen(trim(str_replace(",","",$_POST["exclude_dir"]).' ')) > 0)
407	+ $GOTMLS_settings_array["exclude_dir"] = preg_split('/[\s]([,]+[\s])+/', trim($_POST["exclude_dir"]), -1, PREG_SPLIT_NO_EMPTY);
408	+ else
409	+ $GOTMLS_settings_array["exclude_dir"] = array();
410	+ for ($d=0; $d<count($GOTMLS_settings_array["exclude_dir"]); $d++)
411	+ if (dirname($GOTMLS_settings_array["exclude_dir"][$d]) != ".")
412	+ $GOTMLS_settings_array["exclude_dir"][$d] = str_replace("\\", "", str_replace("/", "", str_replace(dirname($GOTMLS_settings_array["exclude_dir"][$d]), "", $GOTMLS_settings_array["exclude_dir"][$d])));
413	+ }
414	+ $GOTMLS_skip_dirs = array_merge($GOTMLS_settings_array["exclude_dir"], $GOTMLS_skip_dirs);
415	+ if (isset($_POST["scan_what"]) && is_numeric($_POST["scan_what"]) && $_POST["scan_what"] != $GOTMLS_settings_array["scan_what"])
416	+ $GOTMLS_settings_array["scan_what"] = $_POST["scan_what"];
417	+ if (isset($_POST["check_custom"]) && $_POST["check_custom"] != $GOTMLS_settings_array["check_custom"])
418	+ $GOTMLS_settings_array["check_custom"] = stripslashes($_POST["check_custom"]);
419	+ if (isset($_POST["scan_depth"]) && is_numeric($_POST["scan_depth"]) && $_POST["scan_depth"] != $GOTMLS_settings_array["scan_depth"])
420	+ $GOTMLS_settings_array["scan_depth"] = $_POST["scan_depth"];
421	+ if (isset($_POST['check_htaccess']) && is_numeric($_POST['check_htaccess']) && $_POST['check_htaccess'] != $GOTMLS_settings_array['check_htaccess'])
422	+ $GOTMLS_settings_array['check_htaccess'] = $_POST['check_htaccess'];
423	+ if (isset($_POST['check_timthumb']) && is_numeric($_POST['check_timthumb']) && $_POST['check_timthumb'] != $GOTMLS_settings_array['check_timthumb'])
424	+ $GOTMLS_settings_array['check_timthumb'] = $_POST['check_timthumb'];
425	+ if (isset($_POST['check_wp_login']) && is_numeric($_POST['check_wp_login']) && $_POST['check_wp_login'] != $GOTMLS_settings_array['check_wp_login'])
426	+ $GOTMLS_settings_array['check_wp_login'] = $_POST['check_wp_login'];
427	+ if (isset($_POST['check_known']) && is_numeric($_POST['check_known']) && $_POST['check_known'] != $GOTMLS_settings_array['check_known'])
428	+ $GOTMLS_settings_array['check_known'] = $_POST['check_known'];
429	+ if (isset($_POST['check_potential']) && is_numeric($_POST['check_potential']) && $_POST['check_potential'] != $GOTMLS_settings_array['check_potential'])
430	+ $GOTMLS_settings_array['check_potential'] = $_POST['check_potential'];
431	+ GOTMLS_update_scan_log(array("settings" => $GOTMLS_settings_array));
432	+ $scan_opts = '';
433	+ $scan_optjs = "<script type=\"text/javascript\">\nfunction showOnly(what) {\n";
434	+ foreach ($GOTMLS_scan_groups as $mg => $GOTMLS_scan_group) {
435	+ $scan_optjs .= "document.getElementById('only$mg').style.display = 'none';\n";
436	+ $scan_opts .= '<div style="position: relative; float: right; padding: 2px 0px 4px 30px;" id="scan_group_div_'.$mg.'"><input type="radio" name="scan_what" id="not-only'.$mg.'" value="'.$mg.'"'.($GOTMLS_settings_array["scan_what"]==$mg?' checked':'').' /><a style="text-decoration: none;" href="#scan_what" onclick="showOnly(\''.$mg.'\');document.getElementById(\'not-only'.$mg.'\').checked=true;">'.$GOTMLS_scan_group.'</a><br /><div class="rounded-corners" style="position: absolute; display: none; background-color: #CCF; padding: 10px; z-index: 10;" id="only'.$mg.'"><div style="position: relative; padding: 0 40px 0 0;"><a class="rounded-corners" style="position: absolute; right: 0; margin: 0; padding: 0 4px; text-decoration: none; color: #C00; background-color: #FCC; border: solid #F00 1px;" href="#scan_what" onclick="showhide(\'only'.$mg.'\');">X</a><b>'.str_replace(" ", " ", __("Only Scan These Folders:",'gotmls')).'</b></div>';
437	+ $dir = implode(GOTMLS_slash(), array_slice($dirs, 0, -1 * (2 + $mg)));
438	+ $files = GOTMLS_getfiles($dir);
439	+ if (is_array($files))
440	+ foreach ($files as $file)
441	+ if (is_dir(GOTMLS_trailingslashit($dir).$file))
442	+ $scan_opts .= '<br /><input type="checkbox" name="scan_only[]" value="'.$file.'" />'.$file;
443	+ $scan_opts .= '</div></div>';
444	+ }
445	+ $scan_optjs .= "document.getElementById('only'+what).style.display = 'block';\n}\n</script>";
446	+ $scan_opts = '><form method="POST" name="GOTMLS_Form" action="'.str_replace('&mt=', '&last_mt=', str_replace('&scan_type=', '&last_type=', GOTMLS_script_URI)).'"><input type="hidden" name="scan_type" id="scan_type" value="Complete Scan" /><div style="float: left;"><b>'.__("What to scan:",'gotmls').'</b></div><div style="float: left;">'.$scan_opts.$scan_optjs.'</div><div style="float: left;" id="scanwhatfolder"></div><br style="clear: left;" /><p><b>'.__("Scan Depth:",'gotmls').'</b> ('.__("how far do you want to drill down from your starting directory?",'gotmls').')</p><div style="padding: 0 30px;"><input type="text" value="'.$GOTMLS_settings_array["scan_depth"].'" name="scan_depth"> ('.__("-1 is infinite depth",'gotmls').')</div><p><b>'.__("What to look for:",'gotmls').'</b></p><div style="padding: 0 30px;">';//.print_r(array('<pre>',$GOTMLS_settings_array,'</pre>'),1);
447	+ foreach ($GOTMLS_threat_levels as $threat_level_name=>$threat_level) {
448	+ $scan_opts .= '<div style="padding: 0; position: relative;" id="check_'.$threat_level.'_div">';
449	+ if (isset($GOTMLS_definitions_array[$threat_level]))
450	+ $scan_opts .= '<input type="checkbox" name="check[]" id="check_'.$threat_level.'_Yes" value="'.$threat_level.'"'.(in_array($threat_level,$GLOBALS["GOTMLS"]["settings"]["check"])?' checked':'').' /> <a style="text-decoration: none;" href="#check_'.$threat_level.'_div_0" onclick="document.getElementById(\'check_'.$threat_level.'_Yes\').checked=true;showhide(\'dont_check_'.$threat_level.'\');">';
451	+ else
452	+ $scan_opts .= '<a title="'.__("Download Definition Updates to Use this feature",'gotmls').'"><img src="'.GOTMLS_images_path.'blocked.gif" height=16 width=16 alt="X">';
453	+ $scan_opts .= (isset($_GET['eli']) && isset($_SESSION['GOTMLS_'.$_GET['eli']][$threat_level])?print_r($_SESSION['GOTMLS_'.$_GET['eli']][$threat_level],1):"")."<b>$threat_level_name</b></a>";
454	+ if (!isset($GOTMLS_definitions_array[$threat_level]))
455	+ $scan_opts .= '<br /><div style="padding: 14px;" id="check_'.$threat_level.'_div_NA">'.__("Registration of your Installation Key is required for this feature",'gotmls').'</div>';
456	+ elseif (isset($_GET['eli'])) {
457	+ $scan_opts .= '<div style="padding: 0 20px; position: relative; top: -18px; display: none;" id="dont_check_'.$threat_level.'"><a class="rounded-corners" style="position: absolute; left: 0; margin: 0; padding: 0 4px; text-decoration: none; color: #C00; background-color: #FCC; border: solid #F00 1px;" href="#check_'.$threat_level.'_div_0" onclick="showhide(\'dont_check_'.$threat_level.'\');">X</a>';
458	+ foreach ($GOTMLS_definitions_array[$threat_level] as $threat_name => $threat_regex)
459	+ $scan_opts .= '<br /><input type="checkbox" name="dont_check[]" value="'.htmlspecialchars($threat_name).'"'.(in_array($threat_name, $GOTMLS_settings_array["dont_check"])?' checked /><script>showhide("dont_check_'.$threat_level.'", true);</script>':' />').(isset($_GET['eli']) && isset($_SESSION['GOTMLS_'.$_GET['eli']][$threat_name])?print_r($_SESSION['GOTMLS_'.$_GET['eli']][$threat_name],1):"").$threat_name;
460	+ $scan_opts .= '</div>';
461	+ }
462	+ $scan_opts .= '</div>';
463	+ }
464	+ if (isset($_GET['eli'])) { if (isset($_SESSION['GOTMLS_'.$_GET['eli']]['total'])) {$scan_opts .=print_r($_SESSION['GOTMLS_'.$_GET['eli']]['total'],1); unset($_SESSION['GOTMLS_'.$_GET['eli']]);} $scan_opts .= '<div style="padding: 10px;"><b>'.__("Custom RegExp:",'gotmls').'</b> ('.__("For very advanced users only. Do not use this without talking to Eli first. If used incorrectly you could easily break your site.",'gotmls').')<br /><input type="text" name="check_custom" style="width: 100%;" value="'.htmlspecialchars($GOTMLS_settings_array["check_custom"]).'" /></div>';}//still testing this option
465	+ $scan_opts .= '</div><p>'.__("<b>Skip files with the following extentions:</b> (a comma separated list of file extentions to be excluded from the scan)",'gotmls').'</p><div style="padding: 0 30px;"><input type="text" name="exclude_ext" value="'.implode(",", $GOTMLS_settings_array["exclude_ext"]).'" style="width: 100%;" /></div><p>'.__("<b>Skip directories with the following names:</b> (a comma separated list of folders to be excluded from the scan)",'gotmls').'</p><div style="padding: 0 30px;"><input type="text" name="exclude_dir" value="'.implode(",", $GOTMLS_settings_array["exclude_dir"]).'" style="width: 100%;" /></div><p style="text-align: right;"><input type="submit" id="complete_scan" value="'.GOTMLS_Run_Complete_Scan_LANGUAGE.'" class="button-primary" /></p></form></div></div>';
466	+ $menu_opts = '<div class="stuffbox shadowed-box">
467	+ <h3 class="hndle"><span>'.__("Menu Item Placement Options",'gotmls').'</span></h3>
468	+ <div class="inside"><form method="POST" name="GOTMLS_menu_Form">';
469	+ foreach ($GOTMLS_menu_groups as $mg => $GOTMLS_menu_group)
470	+ $menu_opts .= '<div style="padding: 4px;" id="menu_group_div_'.$mg.'"><input type="radio" name="GOTMLS_menu_group" value="'.$mg.'"'.($GOTMLS_settings_array["menu_group"]==$mg?' checked':'').' onchange="document.GOTMLS_menu_Form.submit();" />'.$GOTMLS_menu_group.'</div>';
471	+ @ob_start();
472	+ $OB_default_handlers = array("default output handler", "zlib output compression");
473	+ foreach (ob_list_handlers() as $OB_last_handler)
474	+ if (!in_array($OB_last_handler, $OB_default_handlers))
475	+ echo '<div class="error">'.sprintf(__("Another Plugin or Theme is using '%s' to handle output buffers. <br />This prevents actively outputing the buffer on-the-fly and will severely degrade the performance of this (and many other) Plugins. <br />Consider disabling caching and compression plugins (at least during the scanning process).",'gotmls'), $OB_last_handler).'</div>';
476	+ GOTMLS_display_header('Anti-Malware by <img style="vertical-align: middle;" alt="ELI" src="'.$GOTMLS_protocol.'://0.gravatar.com/avatar/69ad8428e97469d0dcd64f1f60c07bd8?s=64" /> at GOTMLS.NET', $menu_opts.'</form><br style="clear: left;" /></div></div>');
477	+ $scan_groups = array_merge(array(__("Scanned Files",'gotmls')=>"scanned",__("Selected Folders",'gotmls')=>"dirs",__("Scanned Folders",'gotmls')=>"dir",__("Skipped Folders",'gotmls')=>"skipdirs",__("Skipped Files",'gotmls')=>"skipped",__("Read/Write Errors",'gotmls')=>"errors",__("Quarantined Files",'gotmls')=>"bad"), $GOTMLS_threat_levels);
478	+ echo '<script type="text/javascript">
479	+ var percent = 0;
480	+ function changeFavicon(percent) {
481	+ var oldLink = document.getElementById("wait_gif");
482	+ if (oldLink) {
483	+ if (percent >= 100) {
484	+ document.getElementsByTagName("head")[0].removeChild(oldLink);
485	+ var link = document.createElement("link");
486	+ link.id = "wait_gif";
487	+ link.type = "image/gif";
488	+ link.rel = "shortcut icon";
489	+ var threats = '.implode(" + ", array_merge($GOTMLS_threat_levels, array(__("Potential Threats",'gotmls')=>"errors",__("WP-Login Updates",'gotmls')=>"errors"))).';
490	+ if (threats > 0) {
491	+ if ((errors * 2) == threats)
492	+ linkhref = "blocked";
493	+ else
494	+ linkhref = "threat";
495	+ } else
496	+ linkhref = "checked";
497	+ link.href = "'.GOTMLS_images_path.'"+linkhref+".gif";
498	+ document.getElementsByTagName("head")[0].appendChild(link);
499	+ }
500	+ } else {
501	+ var icons = document.getElementsByTagName("link");
502	+ var link = document.createElement("link");
503	+ link.id = "wait_gif";
504	+ link.type = "image/gif";
505	+ link.rel = "shortcut icon";
506	+ link.href = "'.GOTMLS_images_path.'wait.gif";
507	+ // document.head.appendChild(link);
508	+ document.getElementsByTagName("head")[0].appendChild(link);
509	+ }
510	+ }
511	+ function update_status(title, time) {
512	+ sdir = (dir+direrrors);
513	+ if (arguments[2] >= 0 && arguments[2] <= 100)
514	+ percent = arguments[2];
515	+ else
516	+ percent = Math.floor((sdir*100)/dirs);
517	+ scan_state = "6F6";
518	+ if (percent == 100) {
519	+ showhide("pause_button", true);
520	+ showhide("pause_button");
521	+ title = "<b>'.__("Scan Complete!",'gotmls').'</b>";
522	+ } else
523	+ scan_state = "99F";
524	+ changeFavicon(percent);
525	+ if (sdir) {
526	+ if (arguments[2] >= 0 && arguments[2] <= 100)
527	+ timeRemaining = Math.ceil(((time-startTime)*(100/percent))-(time-startTime));
528	+ else
529	+ timeRemaining = Math.ceil(((time-startTime)*(dirs/sdir))-(time-startTime));
530	+ if (timeRemaining > 59)
531	+ timeRemaining = Math.ceil(timeRemaining/60)+" Minute";
532	+ else
533	+ timeRemaining += " Second";
534	+ if (timeRemaining.substr(0, 2) != "1 ")
535	+ timeRemaining += "s";
536	+ } else
537	+ timeRemaining = "Calculating Time";
538	+ timeElapsed = Math.ceil(time);
539	+ if (timeElapsed > 59)
540	+ timeElapsed = Math.floor(timeElapsed/60)+" Minute";
541	+ else
542	+ timeElapsed += " Second";
543	+ if (timeElapsed.substr(0, 2) != "1 ")
544	+ timeElapsed += "s";
545	+ divHTML = \'<div align="center" style="vertical-align: middle; background-color: #ccc; z-index: 3; height: 18px; width: 100%; border: solid #000 1px; position: relative; padding: 10px 0;"><div style="height: 18px; padding: 10px 0; position: absolute; top: 0px; left: 0px; background-color: #\'+scan_state+\'; width: \'+percent+\'%"></div><div style="height: 32px; position: absolute; top: 3px; left: 10px; z-index: 5; line-height: 16px;" align="left">\'+sdir+" Folder"+(sdir==1?"":"s")+" Checked<br />"+timeElapsed+\' Elapsed</div><div style="height: 38px; position: absolute; top: 0px; left: 0px; width: 100%; z-index: 5; line-height: 38px; font-size: 30px; text-align: center;">\'+percent+\'%</div><div style="height: 32px; position: absolute; top: 3px; right: 10px; z-index: 5; line-height: 16px;" align="right">\'+(dirs-sdir)+" Folder"+((dirs-sdir)==1?"":"s")+" Remaining<br />"+timeRemaining+" Remaining</div></div>";
546	+ document.getElementById("status_bar").innerHTML = divHTML;
547	+ document.getElementById("status_text").innerHTML = title;
548	+ dis="none";
549	+ divHTML = \'<ul style="float: right; margin: 0 20px; text-align: right;">\';'."\n/<!--"."/";
550	+ $MAX = 0;
551	+ $vars = "var i, intrvl, direrrors=0";
552	+ $fix_button_js = "";
553	+ $found = "";
554	+ $li_js = "return false;";
555	+ foreach ($scan_groups as $scan_name => $scan_group) {
556	+ $vars .= ", $scan_group=0";
557	+ if ($MAX++ == 6) {
558	+ echo "/-->"."/\n\tif ($scan_group > 0)\n\t\tscan_state = ' potential'; \n\telse\n\t\tscan_state = '';\n\tdivHTML += '</ul><ul style=\"text-align: left;\"><li class=\"GOTMLS_li\"><a href=\"admin.php?page=GOTMLS-settings&scan_type=Quarantine\" title=\"View Quarantine\" class=\"GOTMLS_plugin'+scan_state+'\">'+$scan_group+' '+($scan_group==1?('$scan_name').slice(0,-1):'$scan_name')+'</a></li>';\n/<!--"."/";
559	+ $found = "Found ";
560	+ $fix_button_js = "\n\t\tdis='block';";
561	+ } else {
562	+ if ($found && !in_array($scan_group, $GLOBALS["GOTMLS"]["settings"]["check"]))
563	+ $potential_threat = ' potential" title="'.__("You are not currently scanning for this type of threat!",'gotmls');
564	+ else
565	+ $potential_threat = "";
566	+ echo "/-->"."/\n\tif ($scan_group > 0) {\n\t\tscan_state = ' href=\"#found_$scan_group\" onclick=\"$li_js showhide(\\'found_$scan_group\\', true);\" class=\"GOTMLS_plugin $scan_group\"';$fix_button_js".($MAX>6?"\n\tshowhide('found_$scan_group', true);":"")."\n\t} else\n\t\tscan_state = ' class=\"GOTMLS_plugin$potential_threat\"';\n\tdivHTML += '<li class=\"GOTMLS_li\"><a'+scan_state+'>$found'+$scan_group+' '+($scan_group==1?('$scan_name').slice(0,-1):'$scan_name')+'</a></li>';\n/<!--"."/";
567	+ }
568	+ $li_js = "";
569	+ if ($MAX > 11)
570	+ $fix_button_js = "";
571	+ }
572	+ echo "/-->".'/
573	+ document.getElementById("status_counts").innerHTML = divHTML+"</ul>";
574	+ document.getElementById("fix_button").style.display = dis;
575	+ }
576	+ '.$vars.';
577	+ function showOnly(what) {
578	+ document.getElementById("only_what").innerHTML = document.getElementById("only"+what).innerHTML;
579	+ }
580	+ var startTime = 0;
581	+ </script>
582	+ <div class="metabox-holder GOTMLS" style="width: 100%;" id="GOTMLS-Settings"><div class="postbox shadowed-box">
583	+ <div title="Click to toggle" onclick="showhide(\'GOTMLS-Settings-Form\');" class="handlediv"><br></div>
584	+ <h3 title="Click to toggle" onclick="showhide(\'GOTMLS-Settings-Form\');" style="cursor: pointer;" class="hndle"><span>'.GOTMLS_Scan_Settings_LANGUAGE.'</span></h3>
585	+ <div id="GOTMLS-Settings-Form" class="inside"';
586	+ if ((isset($_REQUEST["scan_type"]) && ($_REQUEST["scan_type"] == "Quarantine")) \|\| (isset($_REQUEST["scan_what"]) && is_numeric($_REQUEST["scan_what"]))) {
587	+ if (!isset($_REQUEST["scan_type"]))
588	+ $_REQUEST["scan_type"] = "Complete Scan";
589	+ update_option('GOTMLS_settings_array', $GOTMLS_settings_array);
590	+ echo ' style="display: none;"'.$scan_opts.'<form method="POST" target="GOTMLS_iFrame" name="GOTMLS_Form_clean"><input type="hidden" id="GOTMLS_fixing" name="GOTMLS_fixing" value="1"><div class="postbox shadowed-box"><div title="Click to toggle" onclick="showhide(\'GOTMLS-Scan-Progress\');" class="handlediv"><br></div><h3 title="Click to toggle" onclick="showhide(\'GOTMLS-Scan-Progress\');" style="cursor: pointer;" class="hndle"><span>'.$_REQUEST["scan_type"].' Status</span></h3>';
591	+ if ($_REQUEST["scan_type"] != "Quarantine") {
592	+ if ($_REQUEST["scan_what"] > -1)
593	+ GOTMLS_update_scan_log(array("scan" => array("dir" => implode(GOTMLS_slash(), array_slice($dirs, 0, -1 * (2 + $_REQUEST["scan_what"]))))));
594	+ echo '<div id="GOTMLS-Scan-Progress" class="inside">';
595	+ foreach ($_POST as $name => $value) {
596	+ if (substr($name, 0, 10) != 'GOTMLS_fix') {
597	+ if (is_array($value)) {
598	+ foreach ($value as $val)
599	+ echo '<input type="hidden" name="'.$name.'[]" value="'.htmlspecialchars($val).'">';
600	+ } else
601	+ echo '<input type="hidden" name="'.$name.'" value="'.htmlspecialchars($value).'">';
602	+ }
603	+ }
604	+ echo '<div id="status_text"><img src="'.GOTMLS_images_path.'wait.gif" height=16 width=16 alt="..."> '.GOTMLS_Loading_LANGUAGE.'</div><div id="status_bar"></div><p id="pause_button" style="display: none; position: absolute; left: 0; text-align: center; margin-left: -30px; padding-left: 50%;"><input type="button" value="Pause" class="button-primary" onclick="pauseresume(this);" id="resume_button" /></p><div id="status_counts"></div><p id="fix_button" style="display: none; text-align: center;"><input id="repair_button" type="submit" value="'.__("Automatically Fix SELECTED Files Now",'gotmls').'" class="button-primary" onclick="loadIframe(\'Examine Results\');" /></p></div></div>
605	+ <div class="postbox shadowed-box"><div title="Click to toggle" onclick="showhide(\'GOTMLS-Scan-Details\');" class="handlediv"><br></div><h3 title="Click to toggle" onclick="showhide(\'GOTMLS-Scan-Details\');" style="cursor: pointer;" class="hndle"><div style="float: right;"> ('.$GLOBALS["GOTMLS"]["scan"]["dir"].') </div><span>'.__("Scan Details:",'gotmls').'</span></h3>';
606	+ }
607	+ echo '<div id="GOTMLS-Scan-Details" class="inside">
608	+ <script type="text/javascript">
609	+ function checkAllFiles(check) {
610	+ var checkboxes = new Array();
611	+ checkboxes = document["GOTMLS_Form_clean"].getElementsByTagName("input");
612	+ for (var i=0; i<checkboxes.length; i++)
613	+ if (checkboxes[i].type == "checkbox")
614	+ checkboxes[i].checked = check;
615	+ }
616	+ function setvalAllFiles(val) {
617	+ var checkboxes = document.getElementById("GOTMLS_fixing");
618	+ if (checkboxes)
619	+ checkboxes.value = val;
620	+ }
621	+ </script>';
622	+ if ($_REQUEST["scan_type"] == "Quarantine") {
623	+ $entries = GOTMLS_getfiles($GOTMLS_quarantine_dir);
624	+ echo GOTMLS_scan_log()."\n<ul name=\"found_Quarantine\" id=\"found_Quarantine\" class=\"GOTMLS_plugin known\" style=\"background-color: #ccc; padding: 0;\"><h3>";
625	+ if (is_array($entries) && ($key = array_search(".htaccess", $entries)))
626	+ unset($entries[$key]);
627	+ if (is_array($entries) && ($key = array_search("index.php", $entries)))
628	+ unset($entries[$key]);
629	+ if (is_array($entries) && count($entries)) {
630	+ echo (count($entries)?'<input type="checkbox" onchange="checkAllFiles(this.checked); document.getElementById(\'fix_button\').style.display = \'block\';"> Check all ':'').count($entries).' Item'.(count($entries)==1?'':'s').' in Quarantine<span style="float: right;">Date Quarantined</span></h3><p id="fix_button" style="display: none; float: right;"><input id="repair_button" type="submit" value="'.__("Restore SELECTED files from Quarantine",'gotmls').'" class="button-primary" onclick="if (confirm(\''.__("Are you sure you want to overwrite the previously cleaned files with the selected files in the Quarantine?",'gotmls').'\')) { setvalAllFiles(1); loadIframe(\'File Restoration Results\'); } else return false;" /><br /><input id="delete_button" type="submit" class="button-primary" value="'.__("Delete SELECTED files from Quarantine",'gotmls').'" style="background-color: #C33; color: #FFF; background-image: linear-gradient(to bottom, #C22, #933); border-color: #933 #933 #900; box-shadow: 0 1px 0 rgba(230, 120, 120, 0.5) inset; text-decoration: none; text-shadow: 0 1px 0 rgba(0, 0, 0, 0.1); margin-top: 10px;" onclick="if (confirm(\''.__("Are you sure you want to permanently delete the selected files in the Quarantine?",'gotmls').'\')) { setvalAllFiles(2); loadIframe(\'File Deletion Results\'); } else return false;" /></p>'.__("<p><b>The following items have been found to contain malicious code, they have been cleaned, and the original infected file contents have been saved here in the Quarantine. The code is safe here and you do not need to do anything further with these files.</b></p> FYI - these files are found in:",'gotmls').' '.$GOTMLS_quarantine_dir;
631	+ sort($entries);
632	+ foreach ($entries as $entry) {
633	+ $file = GOTMLS_trailingslashit($GOTMLS_quarantine_dir).$entry;
634	+ $date = date("y-m-d-H-i",filemtime($file));
635	+ echo '<li><img src="'.GOTMLS_images_path.'/blocked.gif" height=16 width=16 alt="Q" style="float: left;">';
636	+ if (is_file($file) && GOTMLS_get_ext($entry) == "gotmls") {
637	+ $file_date = explode(".", $entry);
638	+ if (count($file_date) > 2 && strlen($file_date[0]) == 5)
639	+ $date = GOTMLS_sexagesimal($file_date[0]);
640	+ elseif (@rename($file, GOTMLS_trailingslashit($GOTMLS_quarantine_dir).GOTMLS_sexagesimal($date).".$entry"))
641	+ $file = GOTMLS_trailingslashit($GOTMLS_quarantine_dir).GOTMLS_sexagesimal($date).".$entry";
642	+ echo '<input type="checkbox" name="GOTMLS_fix[]" value="'.GOTMLS_encode($file).'" id="check_'.GOTMLS_encode($file).'" onchange="document.getElementById(\'fix_button\').style.display = \'block\';" />'.GOTMLS_error_link("View Quarantined File", $file).str_replace($root_path, "", GOTMLS_decode($file_date[count($file_date)-2]));
643	+ } else
644	+ echo '<li><img src="'.GOTMLS_images_path.'/blocked.gif" height=16 width=16 alt="?" style="float: left;">'.GOTMLS_error_link("Foreign File in Quarantine", $file).$file;
645	+ $date = explode("-", $date);
646	+ echo "</a> <span style='float: right; margin-right: 8px;'>(20$date[0]-$date[1]-$date[2] at $date[3]:$date[4])</span></li>";
647	+ }
648	+ } else
649	+ echo __("No Items in Quarantine",'gotmls').'</h3>';
650	+ echo "</ul>";
651	+ } elseif ($_REQUEST["scan_what"] > -1) {
652	+ if (!($dir = implode(GOTMLS_slash(), array_slice($dirs, 0, -1 * (2 + $_REQUEST["scan_what"]))))) $dir = "/";
653	+ foreach ($scan_groups as $scan_name => $scan_group)
654	+ echo "\n<ul name=\"found_$scan_group\" id=\"found_$scan_group\" class=\"GOTMLS_plugin $scan_group\" style=\"background-color: #ccc; display: none; padding: 0;\"><a class=\"rounded-corners\" name=\"link_$scan_group\" style=\"float: right; padding: 0 4px; margin: 5px 5px 0 30px; line-height: 16px; text-decoration: none; color: #C00; background-color: #FCC; border: solid #F00 1px;\" href=\"#found_top\" onclick=\"showhide('found_$scan_group');\">X</a><h3>$scan_name</h3>\n".($scan_group=='potential'?'<p>   * '.__("NOTE: These are probably not malicious scripts (but it's a good place to start looking <u>IF</u> your site is infected and no Known Threats were found).",'gotmls').'</p>':($scan_group=='wp_login'?'<p>   * '.__("NOTE: Your WordPress Login page has the old version of my brute-force protection installed. Upgrade this patch to improve the protection on the WordPress Login page and preserve the integrity of your WordPress core files. For more information on brute force attack prevention and the WordPress wp-login-php file ",'gotmls').' <a target="_blank" href="http://gotmls.net/tag/wp-login-php/">'.__("read my blog",'gotmls').'</a>.</p>':'<br />')).'</ul>';
655	+ GOTMLS_update_scan_log(array("scan" => array("start" => time(), "type" => $_REQUEST["scan_type"])));
656	+ while (in_array($OB_last_handler, $OB_default_handlers) && @ob_end_flush())
657	+ foreach (ob_list_handlers() as $OB_handler)
658	+ $OB_last_handler = $OB_handler;
659	+ @ob_start();
660	+ if ($_REQUEST["scan_type"] == "Quick Scan")
661	+ $li_js = "\nfunction testComplete() {\n\tif (percent != 100)\n\t\talert('".__("The Quick Scan was unable to finish because of a shortage of memory or a problem accessing a file. Please try using the Complete Scan, it is slower but it will handle these errors better and continue scanning the rest of the files.",'gotmls')."');\n}\nwindow.onload=testComplete;\n</script>\n<script type=\"text/javascript\">";
662	+ echo "\n<script type=\"text/javascript\">$li_js\n/<!--"."/";
663	+ if (is_dir($dir)) {
664	+ $GOTMLS_dirs_at_depth[0] = 1;
665	+ $GOTMLS_dir_at_depth[0] = 0;
666	+ if (!(isset($_GET["eli"]) && $_GET["eli"] == "NOQ")) {
667	+ $GOTMLS_dirs_at_depth[0]++;
668	+ GOTMLS_readdir($GOTMLS_quarantine_dir);
669	+ }
670	+ if (isset($_POST['scan_only']) && is_array($_POST['scan_only'])) {
671	+ $GOTMLS_dirs_at_depth[0] += (count($_POST['scan_only']) - 1);
672	+ foreach ($_POST['scan_only'] as $only_dir)
673	+ if (is_dir(GOTMLS_trailingslashit($dir).$only_dir))
674	+ GOTMLS_readdir(GOTMLS_trailingslashit($dir).$only_dir);
675	+ } else
676	+ GOTMLS_readdir($dir);
677	+ } else
678	+ echo GOTMLS_return_threat("errors", "blocked", $dir, GOTMLS_error_link("Not a valid directory!"));
679	+ if ($_REQUEST["scan_type"] == "Quick Scan")
680	+ echo GOTMLS_update_status(__("Completed!",'gotmls'), 100);
681	+ else {
682	+ echo GOTMLS_update_status(__("Starting Scan ...",'gotmls'))."/-->"."/";
683	+ echo "\nvar scriptSRC = '".GOTMLS_script_URI."&no_error_reporting&GOTMLS_scan=';\nvar scanfilesArKeys = new Array('".implode("','", array_keys($GOTMLS_scanfiles))."');\nvar scanfilesArNames = new Array('Scanning ".implode("','Scanning ", $GOTMLS_scanfiles)."');".'
684	+ var scanfilesI = 0;
685	+ var stopScanning;
686	+ var gotStuckOn = "";
687	+ function scanNextDir(gotStuck) {
688	+ clearTimeout(stopScanning);
689	+ if (gotStuck > -1) {
690	+ if (scanfilesArNames[gotStuck].substr(0, 3) != "Re-") {
691	+ if (scanfilesArNames[gotStuck].substr(0, 9) == "Checking ") {
692	+ scanfilesArNames.push(scanfilesArNames[gotStuck]);
693	+ scanfilesArKeys.push(scanfilesArKeys[gotStuck]+"&GOTMLS_skip_file[]="+encodeURIComponent(scanfilesArNames[gotStuck].substr(9)));
694	+ } else {
695	+ scanfilesArNames.push("Re-"+scanfilesArNames[gotStuck]);
696	+ scanfilesArKeys.push(scanfilesArKeys[gotStuck]+"&GOTMLS_only_file=");
697	+ }
698	+ } else {
699	+ scanfilesArNames.push("Got Stuck "+scanfilesArNames[gotStuck]);
700	+ scanfilesArKeys.push(scanfilesArKeys[gotStuck]+"&GOTMLS_skip_dir="+scanfilesArKeys[gotStuck]);
701	+ }
702	+ }
703	+ if (document.getElementById("resume_button").value != "Pause") {
704	+ stopScanning=setTimeout("scanNextDir(-1)", 1000);
705	+ startTime++;
706	+ }
707	+ else if (scanfilesI < scanfilesArKeys.length) {
708	+ document.getElementById("status_text").innerHTML = scanfilesArNames[scanfilesI];
709	+ var newscript = document.createElement("script");
710	+ newscript.setAttribute("src", scriptSRC+scanfilesArKeys[scanfilesI]);
711	+ divx = document.getElementById("found_scanned");
712	+ if (divx)
713	+ divx.appendChild(newscript);
714	+ stopScanning=setTimeout("scanNextDir("+(scanfilesI++)+")",'.$GOTMLS_loop_execution_time.'000);
715	+ }
716	+ }
717	+ startTime = ('.ceil(time()-$GLOBALS["GOTMLS"]["scan"]["start"]).'+3);
718	+ stopScanning=setTimeout("scanNextDir(-1)",3000);
719	+ function pauseresume(butt) {
720	+ if (butt.value == "Resume")
721	+ butt.value = "Pause";
722	+ else
723	+ butt.value = "Resume";
724	+ }
725	+ showhide("pause_button", true);'."\n/<!--"."/";
726	+ }
727	+ if (@ob_get_level()) {
728	+ GOTMLS_flush('script');
729	+ @ob_end_flush();
730	+ }
731	+ echo "/-->"."/\n</script>";
732	+ }
733	+ echo "\n</div></div></form>";
734	+ } else {
735	+ echo $scan_opts.'<div class="postbox shadowed-box"><div title="Click to toggle" onclick="showhide(\'GOTMLS-Scan-Progress\');" class="handlediv"><br></div><h3 title="Click to toggle" onclick="showhide(\'GOTMLS-Scan-Progress\');" style="cursor: pointer;" class="hndle"><span>'.__("Last Scan Status",'gotmls').'</span></h3><div id="GOTMLS-Scan-Progress" class="inside">'.GOTMLS_scan_log()."\n</div></div>";
736	+ }
737	+ echo "\n</div></div></div>";
738	+ }
739	+
740	+ function GOTMLS_set_plugin_action_links($links_array, $plugin_file) {
741	+ if ($plugin_file == substr(__file__, (-1 * strlen($plugin_file))) && strlen($plugin_file) > 10)
742	+ $links_array = array_merge(array('<a href="admin.php?page=GOTMLS-settings&scan_type=Quick+Scan">'.GOTMLS_Run_Quick_Scan_LANGUAGE.'</a>', '<a href="admin.php?page=GOTMLS-settings">'.GOTMLS_Scan_Settings_LANGUAGE.'</a>'), $links_array);
743	+ return $links_array;
744	+ }
745	+
746	+ function GOTMLS_set_plugin_row_meta($links_array, $plugin_file) {
747	+ if ($plugin_file == substr(__file__, (-1 * strlen($plugin_file))) && strlen($plugin_file) > 10)
748	+ $links_array = array_merge($links_array, array('<a target="_blank" href="http://gotmls.net/faqs/">FAQ</a>','<a target="_blank" href="http://gotmls.net/support/">Support</a>','<a target="_blank" href="https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE">Donate</a>'));
749	+ return $links_array;
750	+ }
751	+
752	+ function GOTMLS_init() {
753	+ global $GOTMLS_update_home, $GOTMLS_settings_array, $GOTMLS_onLoad, $GOTMLS_threat_levels, $wpdb, $GOTMLS_threats_found, $GOTMLS_settings_array, $GOTMLS_definitions_versions, $GOTMLS_definitions_array, $GOTMLS_file_contents, $GOTMLS_skip_ext;
754	+ if (!isset($GOTMLS_settings_array["scan_what"]))
755	+ $GOTMLS_settings_array["scan_what"] = 2;
756	+ if (!isset($GOTMLS_settings_array["scan_depth"]))
757	+ $GOTMLS_settings_array["scan_depth"] = -1;
758	+ if (isset($_REQUEST["scan_type"]) && $_REQUEST["scan_type"] == "Quick Scan") {
759	+ if (!isset($_REQUEST["scan_what"])) $_REQUEST["scan_what"] = 2;
760	+ if (!isset($_REQUEST["scan_depth"]))
761	+ $_REQUEST["scan_depth"] = 2;
762	+ if (!(isset($_POST["scan_only"]) && is_array($_POST["scan_only"])))
763	+ $_POST["scan_only"] = array("","wp-content/plugins","wp-content/themes");
764	+ }//$GOTMLS_settings_array["check_custom"] = stripslashes($_POST["check_custom"]);
765	+ if (!isset($GOTMLS_settings_array["check_custom"]))
766	+ $GOTMLS_settings_array["check_custom"] = "";
767	+ if (isset($GOTMLS_settings_array["scan_level"]) && is_numeric($GOTMLS_settings_array["scan_level"]))
768	+ $scan_level = intval($GOTMLS_settings_array["scan_level"]);
769	+ else
770	+ $scan_level = count(explode('/', trailingslashit(get_option("siteurl")))) - 1;
771	+ if (!(isset($GOTMLS_settings_array["dont_check"]) && is_array($GOTMLS_settings_array["dont_check"])))
772	+ $GOTMLS_settings_array["dont_check"] = array();
773	+ if (isset($_REQUEST["dont_check"]) && is_array($_REQUEST["dont_check"]) && count($_REQUEST["dont_check"]))
774	+ $GOTMLS_settings_array["dont_check"] = $_REQUEST["dont_check"];
775	+ if ($array = get_option('GOTMLS_definitions_array')) {
776	+ if (is_array($array))
777	+ $GOTMLS_definitions_array = $array;
778	+ } else {
779	+ $wpdb->query("DELETE FROM $wpdb->options WHERE `option_name` LIKE 'GOTMLS_known_%' OR `option_name` LIKE 'GOTMLS_definitions_array_%'");
780	+ array_walk($GOTMLS_settings_array, "GOTMLS_reset_settings");
781	+ }
782	+ foreach ($GOTMLS_definitions_array as $threat_level=>$definition_names)
783	+ foreach ($definition_names as $definition_name=>$definition_version)
784	+ if (is_array($definition_version))
785	+ if (!isset($GOTMLS_definitions_versions[$threat_level]) \|\| $definition_version[0] > $GOTMLS_definitions_versions[$threat_level])
786	+ $GOTMLS_definitions_versions[$threat_level] = $definition_version[0];
787	+ if (isset($_POST["UPDATE_definitions_array"])) {
788	+ $GOTnew_definitions = maybe_unserialize(GOTMLS_decode($_POST["UPDATE_definitions_array"]));
789	+ $GOTMLS_onLoad .= "check_for_updates('Downloaded Definitions');";
790	+ } elseif (isset($GOTMLS_definitions_array["wp_login"]["brute force possible on wp-login.php"]) && is_array($GOTMLS_definitions_array["wp_login"]["brute force possible on wp-login.php"]) && count($GOTMLS_definitions_array["wp_login"]["brute force possible on wp-login.php"]) == 2 && $GOTMLS_definitions_array["wp_login"]["brute force possible on wp-login.php"][0] == "D4OAB")
791	+ $GOTnew_definitions["wp_login"]["brute force possible on wp-login.php"] = array("D4OAC",'/if $file_exists\(.+?(\/plugins\/gotmls\/safe-load\.php\')[$\s]+require$.+?\1$;/i');
792	+ //elseif (file_exists(GOTMLS_plugin_path.'definitions_update.txt')) $GOTnew_definitions = maybe_unserialize(GOTMLS_decode(file_get_contents(GOTMLS_plugin_path.'definitions_update.txt')));
793	+ if (isset($GOTnew_definitions) && is_array($GOTnew_definitions)) {
794	+ $GOTMLS_definitions_array = GOTMLS_array_replace_recursive($GOTMLS_definitions_array, $GOTnew_definitions);
795	+ if (file_exists(GOTMLS_plugin_path.'definitions_update.txt'))
796	+ @unlink(GOTMLS_plugin_path.'definitions_update.txt');
797	+ if (isset($GOTMLS_settings_array["check"]))
798	+ unset($GOTMLS_settings_array["check"]);
799	+ update_option('GOTMLS_definitions_array', $GOTMLS_definitions_array);
800	+ foreach ($GOTMLS_definitions_array as $threat_level=>$definition_names)
801	+ foreach ($definition_names as $definition_name=>$definition_version)
802	+ if (is_array($definition_version))
803	+ if (!isset($GOTMLS_definitions_versions[$threat_level]) \|\| $definition_version[0] > $GOTMLS_definitions_versions[$threat_level])
804	+ $GOTMLS_definitions_versions[$threat_level] = $definition_version[0];
805	+ }
806	+ asort($GOTMLS_definitions_versions);
807	+ if (isset($_REQUEST["check"]) && is_array($_REQUEST["check"]))
808	+ $GOTMLS_settings_array["check"] = $_REQUEST["check"];
809	+ /* $threat_names = array_keys($GOTMLS_definitions_array["known"]);
810	+ foreach ($threat_names as $threat_name) {
811	+ if (isset($GOTMLS_definitions_array["known"][$threat_name]) && is_array($GOTMLS_definitions_array["known"][$threat_name]) && count($GOTMLS_definitions_array["known"][$threat_name]) > 1) {
812	+ if ($GOTMLS_definitions_array["known"][$threat_name][0] > $GOTMLS_definitions_version)
813	+ $GOTMLS_definitions_version = $GOTMLS_definitions_array["known"][$threat_name][0];
814	+ if (!(count($GOTMLS_settings_array["dont_check"]) && in_array($threat_name, $GOTMLS_settings_array["dont_check"]))) {
815	+ $GOTMLS_threat_levels[$threat_name] = count($GOTMLS_definitions_array["known"][$threat_name]);
816	+ if (!isset($GOTMLS_settings_array["check"]) && $GOTMLS_threat_levels[$threat_name] > 2)
817	+ $GOTMLS_settings_array["check"] = "known";
818	+ }
819	+ }
820	+ }*/
821	+ if (!isset($GOTMLS_settings_array["check"]))
822	+ $GOTMLS_settings_array["check"] = $GOTMLS_threat_levels;
823	+ if (isset($_POST["GOTMLS_fix"]) && !is_array($_POST["GOTMLS_fix"]))
824	+ $_POST["GOTMLS_fix"] = array($_POST["GOTMLS_fix"]);
825	+ GOTMLS_update_scan_log(array("settings" => $GOTMLS_settings_array));
826	+ if (isset($_POST['GOTMLS_whitelist']) && isset($_POST['GOTMLS_chksum'])) {
827	+ $file = GOTMLS_decode($_POST['GOTMLS_whitelist']);
828	+ $chksum = explode("O", $_POST['GOTMLS_chksum']."O");
829	+ if (strlen($chksum[0]) == 32 && strlen($chksum[1]) == 32 && is_file($file) && md5(@file_get_contents($file)) == $chksum[0]) {
830	+ $filesize = @filesize($file);
831	+ if (true) {
832	+ if (!isset($GOTMLS_definitions_array["whitelist"][$file][0]))
833	+ $GOTMLS_definitions_array["whitelist"][$file][0] = "A0002";
834	+ $GOTMLS_definitions_array["whitelist"][$file][$chksum[0].'O'.$filesize] = "A0002";
835	+ } else
836	+ unset($GOTMLS_definitions_array["whitelist"][$file]);
837	+ update_option("GOTMLS_definitions_array", $GOTMLS_definitions_array);
838	+ die("<html><body>Added $file to Whitelist!<br /><iframe style='width: 90%; height: 350px;' src='$GOTMLS_update_home?whitelist=".$_POST['GOTMLS_whitelist']."&hash=$chksum[0]&size=$filesize&key=$chksum[1]'></iframe></body></html>");
839	+ } else echo "<li>Invalid Data!</li>";
840	+ } elseif (isset($_GET["GOTMLS_scan"])) {
841	+ $file = GOTMLS_decode($_GET["GOTMLS_scan"]);
842	+ if (is_dir($file)) {
843	+ @error_reporting(0);
844	+ @header("Content-type: text/javascript");
845	+ if (isset($GOTMLS_settings_array["exclude_ext"]) && is_array($GOTMLS_settings_array["exclude_ext"]))
846	+ $GOTMLS_skip_ext = $GOTMLS_settings_array["exclude_ext"];
847	+ @ob_start();
848	+ echo GOTMLS_scandir($file);
849	+ if (@ob_get_level()) {
850	+ GOTMLS_flush();
851	+ @ob_end_flush();
852	+ }
853	+ die('//END OF JavaScript');
854	+ } else {
855	+ if (!file_exists($file))
856	+ die(sprintf(__("The file %s does not exist.",'gotmls'), $file)."<br />\n".(file_exists(GOTMLS_quarantine($file))?sprintf(__("You could <a %s>try viewing the quarantined backup file</a>.",'gotmls'), 'target="GOTMLS_iFrame" href="'.GOTMLS_script_URI.'&GOTMLS_scan='.GOTMLS_encode(GOTMLS_quarantine($file)).'"'):__("The file must have already been delete.",'gotmls'))."<script type=\"text/javascript\">\nwindow.parent.showhide('GOTMLS_iFrame', true);\n</script>");
857	+ else {
858	+ $clean_file = $file;
859	+ if (GOTMLS_get_ext($file) == 'gotmls' && dirname($file) == dirname(GOTMLS_quarantine($file))) {
860	+ $clean_file = 'Quarantined: '.GOTMLS_decode(array_pop(explode(".", '.'.substr($file, strlen(dirname($file))+1, -7))));
861	+ $_GET["eli"] = "quarantine";
862	+ }
863	+ GOTMLS_scanfile($file);
864	+ if (isset($GOTMLS_threats_found) && is_array($GOTMLS_threats_found) && count($GOTMLS_threats_found)) {
865	+ $fa = '';
866	+ $f = 1;
867	+ foreach ($GOTMLS_threats_found as $threats_found=>$threats_name) {
868	+ $fpos = 0;
869	+ $flen = 0;
870	+ $potential_threat = str_replace("\r", "", $threats_found);
871	+ while (($fpos = strpos(str_replace("\r", "", $GOTMLS_file_contents), ($potential_threat), $flen + $fpos)) !== false) {
872	+ $flen = strlen($potential_threat);
873	+ $fa .= ' <a title="'.htmlspecialchars($threats_name).'" href="javascript:select_text_range(\'ta_file\', '.($fpos).', '.($fpos + $flen).');">['.$f++.']</a>';
874	+ }
875	+ if (0 == $flen)
876	+ $fa = 'ERROR['.($f++).']: Threat_size{'.strlen($potential_threat).'} } Content_size{'.strlen(str_replace("\r", "", $GOTMLS_file_contents)).'}';
877	+ }
878	+ } else
879	+ $fa = " No Threats Found";
880	+ die("\n".'<script type="text/javascript">
881	+ function select_text_range(ta_id, start, end) {
882	+ ta_element = document.getElementById(ta_id);
883	+ ta_element.focus();
884	+ if(ta_element.setSelectionRange)
885	+ ta_element.setSelectionRange(start, end);
886	+ else {
887	+ var r = ta_element.createTextRange();
888	+ r.collapse(true);
889	+ r.moveEnd(\'character\', end);
890	+ r.moveStart(\'character\', start);
891	+ r.select();
892	+ }
893	+ }
894	+ window.parent.showhide("GOTMLS_iFrame", true);
895	+ </script><table style="top: 0px; left: 0px; width: 100%; height: 100%; position: absolute;"><tr><td style="width: 100%"><form style="margin: 0;" method="post"'.(is_file($clean_file)?' onsubmit="return confirm(\''.__("Are you sure this file is not infected and you want to ignore it in future scans?",'gotmls').'\');"><input type="hidden" name="GOTMLS_whitelist" value="'.GOTMLS_encode($clean_file).'"><input type="hidden" name="GOTMLS_chksum" value="'.md5($GOTMLS_file_contents).'O'.GOTMLS_installation_key.'"><input type="submit" value="Whitelist this file" style="float: right;">':(is_file(GOTMLS_quarantine($clean_file))?' >':'>')).'</form><div id="fileperms" class="shadowed-box rounded-corners" style="display: none; position: absolute; left: 8px; top: 29px; background-color: #ccc; border: medium solid #C00; box-shadow: -3px 3px 3px #666; border-radius: 10px; padding: 10px;"><b>File Details</b><br />permissions:'.GOTMLS_fileperms($file).'<br />modified:'.date(" Y-m-d H:i:s ", filemtime($file)).'<br />changed:'.date(" Y-m-d H:i:s ", filectime($file)).'</div><div style="overflow: auto;"><span onmouseover="document.getElementById(\'fileperms\').style.display=\'block\';" onmouseout="document.getElementById(\'fileperms\').style.display=\'none\';">'.__("Potential threats in file:",'gotmls').'</span> ('.$fa.' )</div></td></tr><tr><td style="height: 100%"><textarea id="ta_file" style="width: 100%; height: 100%">'.htmlentities(str_replace("\r", "", $GOTMLS_file_contents)).'</textarea></td></tr></table>');
896	+ }
897	+ }
898	+ } elseif (isset($_POST['GOTMLS_fix']) && is_array($_POST['GOTMLS_fix'])) {
899	+ $callAlert = "clearTimeout(callAlert);\ncallAlert=setTimeout('alert_repaired(1)', 30000);";
900	+ $li_js = "\n<script type=\"text/javascript\">\nvar callAlert;\nfunction alert_repaired(failed) {\nclearTimeout(callAlert);\nif (failed)\nfilesFailed='the rest, try again to change more.';\nwindow.parent.check_for_donation('Changed '+filesFixed+' files, failed to change '+filesFailed);\n}\n$callAlert\nwindow.parent.showhide('GOTMLS_iFrame', true);\nfilesFixed=0;\nfilesFailed=0;\nfunction fixedFile(file) {\n filesFixed++;\nwindow.parent.document.getElementById('list_'+file).className='GOTMLS_plugin';\nwindow.parent.document.getElementById('check_'+file).checked=false;\n }\n function failedFile(file) {\n filesFailed++;\nwindow.parent.document.getElementById('check_'+file).checked=false; \n}\n</script>\n<script type=\"text/javascript\">\n/<!--"."/";
901	+ foreach ($_POST["GOTMLS_fix"] as $path) {
902	+ if (file_exists(GOTMLS_decode($path))) {
903	+ echo '<li>fixing '.GOTMLS_decode($path).' ...';
904	+ $li_js .= GOTMLS_scanfile(GOTMLS_decode($path));
905	+ echo "</li>\n$li_js/-->"."/\n$callAlert\n</script>\n";
906	+ $li_js = "<script type=\"text/javascript\">\n/<!--"."/";
907	+ }
908	+ }
909	+ die('<div id="check_site_warning" style="background-color: #F00;">'.sprintf(__("Because some threats were automatically fixed we need to check to make sure the removal did not break your site. If this stays Red and the frame below does not load please <a %s>revert the changes</a> made during the automated fix process.",'gotmls'), 'target="test_frame" href="admin.php?page=GOTMLS-settings&scan_type=Quarantine"').' <span style="color: #F00;">'.__("Never mind, it worked!",'gotmls').'</span></div><br /><iframe id="test_frame" name="test_frame" src="'.GOTMLS_script_URI.'&check_site=1" style="width: 100%; height: 200px"></iframe>'.$li_js."/-->"."/\nalert_repaired(0);\n</script>\n");
910	+ } elseif (isset($_POST["GOTMLS_fixing"]))
911	+ die("<script type=\"text/javascript\">\nwindow.parent.showhide('GOTMLS_iFrame', true);\nalert('".__("Nothing Selected to be Changed!",'gotmls')."');\n</script>".__("Done!",'gotmls'));
912	+ if (isset($_POST["scan_level"]) && is_numeric($_POST["scan_level"]))
913	+ $scan_level = intval($_POST["scan_level"]);
914	+ if (isset($scan_level) && is_numeric($scan_level))
915	+ $GOTMLS_settings_array["scan_level"] = intval($scan_level);
916	+ else
917	+ $GOTMLS_settings_array["scan_level"] = count(explode('/', trailingslashit(get_option("siteurl")))) - 1;
918	+ if (isset($_GET["GOTMLS_x"]) \|\| isset($_GET["GOTMLS_y"]) \|\| isset($_GET["GOTMLS_h"]) \|\| isset($_GET["GOTMLS_w"])) {
919	+ if (isset($_GET["GOTMLS_x"]))
920	+ $GOTMLS_settings_array["msg_position"][0] = $_GET["GOTMLS_x"];
921	+ if (isset($_GET["GOTMLS_y"]))
922	+ $GOTMLS_settings_array["msg_position"][1] = $_GET["GOTMLS_y"];
923	+ if (isset($_GET["GOTMLS_h"]))
924	+ $GOTMLS_settings_array["msg_position"][2] = $_GET["GOTMLS_h"];
925	+ if (isset($_GET["GOTMLS_w"]))
926	+ $GOTMLS_settings_array["msg_position"][3] = $_GET["GOTMLS_w"];
927	+ $_GET["GOTMLS_msg"] = "New window position saved. ";//.print_r($GOTMLS_settings_array["msg_position"], true);
928	+ }
929	+ update_option('GOTMLS_settings_array', $GOTMLS_settings_array);
930	+ if (isset($_GET["GOTMLS_msg"]))
931	+ die('<body style="margin: 0; padding: 0;">'.$_GET["GOTMLS_msg"].'</body>');
932	+ }
933	+ if (function_exists("is_admin") && is_admin() && ((isset($_POST['GOTMLS_whitelist']) && isset($_POST['GOTMLS_chksum'])) \|\| (isset($_GET["GOTMLS_scan"]) && is_dir(GOTMLS_decode($_GET["GOTMLS_scan"]))))) {
934	+ @set_time_limit($GOTMLS_loop_execution_time-5);
935	+ GOTMLS_loaded();
936	+ GOTMLS_init();
937	+ die("\n//PHP to Javascript Error!\n");
938	+ } else {
939	+ add_filter("plugin_row_meta", "GOTMLS_set_plugin_row_meta", 1, 2);
940	+ add_filter("plugin_action_links", "GOTMLS_set_plugin_action_links", 1, 2);
941	+ add_action("plugins_loaded", "GOTMLS_loaded");
942	+ add_action("admin_notices", "GOTMLS_admin_notices");
943	+ add_action("admin_menu", "GOTMLS_menu");
944	+ add_action("network_admin_menu", "GOTMLS_menu");
945	+ $init = add_action("admin_init", "GOTMLS_init");
946	+ }
947	+ ?>

languages/gotmls-es_ES.mo ADDED Viewed

Binary file

languages/gotmls-es_ES.po ADDED Viewed

	@@ -0,0 +1,336 @@


1	+ # SOME DESCRIPTIVE TITLE.
2	+ # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
3	+ # This file is distributed under the same license as the PACKAGE package.
4	+ # Eli Scheetz <eli@gotmls.net>, 2014.
5	+ #
6	+ #, fuzzy
7	+ msgid ""
8	+ msgstr ""
9	+ "Project-Id-Version: GOTMLS\n"
10	+ "Report-Msgid-Bugs-To: eli@gotmls.net\n"
11	+ "POT-Creation-Date: 2014-02-24 11:27+0100\n"
12	+ "PO-Revision-Date: 2014-02-08 13:43-1000\n"
13	+ "Last-Translator: jelena kovacevic <jecajeca260@gmail.com>\n"
14	+ "Language-Team: Andrew Kurtis <andrewk@webhostinghub.com>\n"
15	+ "Language: es_ES\n"
16	+ "MIME-Version: 1.0\n"
17	+ "Content-Type: text/plain; charset=UTF-8\n"
18	+ "Content-Transfer-Encoding: 8bit\n"
19	+
20	+ msgid "Upgrade to %s now!"
21	+ msgstr "¡Actualice a %s ahora!"
22	+
23	+ msgid "First Name is a required field!"
24	+ msgstr "¡Nombre es un campo requerido!"
25	+
26	+ msgid "Last Name is a required field!"
27	+ msgstr "¡Apellidos es un campo requerido!"
28	+
29	+ msgid "Email Address is a required field!"
30	+ msgstr "¡Dirección Email es una campo requerido!"
31	+
32	+ msgid "Your WordPress Site URL is a required field!"
33	+ msgstr "¡Su URL del Sitio de Wordpress es una campo requerido!"
34	+
35	+ msgid "Plugin Installation Key is a required field!"
36	+ msgstr "¡La llave de Instalación del Plugin es un campo requerido!"
37	+
38	+ msgid "Submitting Registration ..."
39	+ msgstr "Cargando ..."
40	+
41	+ msgid "Download new definitions!"
42	+ msgstr "¡Bajar nuevas definiciones!"
43	+
44	+ msgid "If you have not already registered your Key then register now and get instant access to definition updates.<p>*All fields are required and I will NOT share your registration information with anyone.</p>"
45	+ msgstr "Si aún no ha registrado su clave, entonces regístrese ahora y obtenga acceso inmediato a las actualizaciones de las definiciones.<p>* Todos los campos son requeridos y NO compartirán su información de registro con nadie.</p>"
46	+
47	+ msgid "Your Full Name:"
48	+ msgstr "Su Nombre Completo:"
49	+
50	+ msgid "A password will be e-mailed to this address:"
51	+ msgstr "Una contraseña será enviada por correo electrónico a esta dirección:"
52	+
53	+ msgid "Your WordPress Site URL:"
54	+ msgstr "Su URL del Sitio WordPress:"
55	+
56	+ msgid "Plugin Installation Key:"
57	+ msgstr "Su Llave de Instalación del Plugin:"
58	+
59	+ msgid "Plugin Links"
60	+ msgstr "Enlaces del Plugin"
61	+
62	+ msgid "Make a Donation with PayPal"
63	+ msgstr "Haga una Donación con PayPal"
64	+
65	+ msgid "Main Menu Item placed below <b>Comments</b> and above <b>Appearance</b>"
66	+ msgstr "Elemento del Menú Principal posicionado debajo de <b>Comentarios</b> y arriba de <b>Apariencia</b>"
67	+
68	+ msgid "Main Menu Item placed below <b>Settings</b>"
69	+ msgstr "Elemento del Menú Principal posicionado debajo de <b>Ajustes</b>"
70	+
71	+ msgid "Sub-Menu inside the <b>Tools</b> Menu Item"
72	+ msgstr "Submenú dentro del Elemento del Menú <b>Herramientas</b>"
73	+
74	+ msgid "ONLY SHOW for <b>Network Admins</b>"
75	+ msgstr "SOLO MOSTRAR para <b>Administradores de Red</b>"
76	+
77	+ msgid "Only Scan These Folders:"
78	+ msgstr "Solo Escanear Estos Archivos:"
79	+
80	+ msgid "What to scan:"
81	+ msgstr "Qué escanear:"
82	+
83	+ msgid "Scan Depth:"
84	+ msgstr "Profundidad de Escaneo:"
85	+
86	+ msgid "how far do you want to drill down from your starting directory?"
87	+ msgstr "¿cuán lejos desea bajar desde su directorio de comienzo?"
88	+
89	+ msgid "-1 is infinite depth"
90	+ msgstr "-1 es profundidad infinita"
91	+
92	+ msgid "What to look for:"
93	+ msgstr "Qué buscar:"
94	+
95	+ msgid "Download Definition Updates to Use this feature"
96	+ msgstr "Bajar Actualizaciones de Definición para Usar esta característica"
97	+
98	+ msgid "Registration of your Installation Key is required for this feature"
99	+ msgstr "El registro de su Llave de instalación es requerido para esta característica"
100	+
101	+ msgid "Custom RegExp:"
102	+ msgstr "RegExp Personalizada:"
103	+
104	+ msgid "For very advanced users only. Do not use this without talking to Eli first. If used incorrectly you could easily break your site."
105	+ msgstr "Sólo para usuarios muy avanzados. No utilice esto sin hablar con Eli primero. Si se utiliza de forma incorrecta se podía romper fácilmente su sitio."
106	+
107	+ msgid "<b>Skip files with the following extentions:</b> (a comma separated list of file extentions to be excluded from the scan)"
108	+ msgstr "<b>Omitir archivos con las siguientes extensiones:</b> (una lista separada por coma de extensiones de archivos a ser excluidos del escaneo)"
109	+
110	+ msgid "<b>Skip directories with the following names:</b> (a comma separated list of folders to be excluded from the scan)"
111	+ msgstr "<b>Saltar directorios con los nombres siguientes:</b> (una lista separada por coma de carpetas a ser excluidas del escaneo)"
112	+
113	+ msgid "Menu Item Placement Options"
114	+ msgstr "Opciones de Posicionamiento del Elemento del Menú"
115	+
116	+ msgid "Another Plugin or Theme is using '%s' to handle output buffers. <br />This prevents actively outputing the buffer on-the-fly and will severely degrade the performance of this (and many other) Plugins. <br />Consider disabling caching and compression plugins (at least during the scanning process)."
117	+ msgstr "Otro Plugin o Tema está utilizando '%s' para manejar buffers de salida. <br />Esto evita enviar hacia afuera activamente al búfer en la marcha y se degradará seriamente el rendimiento de este (y muchos otros) Plugins. <br />Considere deshabilitar el almacenamiento en caché y los plugins de compresión (al menos durante el proceso de escaneando)."
118	+
119	+ msgid "Scanned Files"
120	+ msgstr "Archivos Escaneados"
121	+
122	+ msgid "Selected Folders"
123	+ msgstr "Carpetas Seleccionadas"
124	+
125	+ msgid "Scanned Folders"
126	+ msgstr "Carpetas Escaneadas"
127	+
128	+ msgid "Skipped Folders"
129	+ msgstr "Carpetas Omitidas"
130	+
131	+ msgid "Skipped Files"
132	+ msgstr "Archivos Omitidos"
133	+
134	+ msgid "Read/Write Errors"
135	+ msgstr "Errores de Lectura/Escritura"
136	+
137	+ msgid "Quarantined Files"
138	+ msgstr "Archivos en Cuarentena"
139	+
140	+ msgid "Scan Complete!"
141	+ msgstr "¡Scan Completo!"
142	+
143	+ msgid "You are not currently scanning for this type of threat!"
144	+ msgstr "¡Usted no está actualmente escaneando para este tipo de amenaza!"
145	+
146	+ msgid "Automatically Fix SELECTED Files Now"
147	+ msgstr "Arreglar Archivos SELECCIONADOS Automáticamente Ahora"
148	+
149	+ msgid "Scan Details:"
150	+ msgstr "Detalles del Escaneo:"
151	+
152	+ msgid "Restore SELECTED files from Quarantine"
153	+ msgstr "Restaurar archivos SELECCIONADOS de la Cuarentena"
154	+
155	+ msgid "Are you sure you want to overwrite the previously cleaned files with the selected files in the Quarantine?"
156	+ msgstr "¿Está seguro que desea sobrescribir los archivos limpiados anteriormente con los archivos seleccionados en la Cuarentena?"
157	+
158	+ msgid "Delete SELECTED files from Quarantine"
159	+ msgstr "Borrados archivos SELECCIONADOS de la Cuarentena"
160	+
161	+ msgid "Are you sure you want to permanently delete the selected files in the Quarantine?"
162	+ msgstr "¿Está seguro que desea borrar permanentemente los archivos seleccionados en la Cuarentena?"
163	+
164	+ msgid "<p><b>The following items have been found to contain malicious code, they have been cleaned, and the original infected file contents have been saved here in the Quarantine. The code is safe here and you do not need to do anything further with these files.</b></p> FYI - these files are found in:"
165	+ msgstr "<p><b> Los siguientes elementos han sido encontrados como que contienen código malicioso, ellos han sido limpiados, y los contenidos de archivo originalmente infectados han sido salvados aquí en la Cuarentena. El código es seguro aquí y usted no necesita hacer nada más con estos archivos </b></p> PARA-SU-INFORMACIÓN - estos archivos se encuentran en:"
166	+
167	+ msgid "No Items in Quarantine"
168	+ msgstr "No hay Elementos en Cuarentena"
169	+
170	+ msgid "NOTE: These are probably not malicious scripts (but it's a good place to start looking <u>IF</u> your site is infected and no Known Threats were found)."
171	+ msgstr "NOTA: Estos son scripts probablemente no maliciosos (pero es un buen lugar para empezar a buscar <u>SI</u> su sitio está infectado y no se encontraron amenazas conocidas)."
172	+
173	+ msgid "NOTE: Your WordPress Login page is susceptible to a brute-force attack (just like any other login page). These types of attacks are becoming more prevalent these days and can sometimes cause your server to become slow or unresponsive, even if the attacks do not succeed in gaining access to your site. Applying this patch will block access to the WordPress Login page whenever this type of attack is detected. For more information on this subject"
174	+ msgstr "NOTA: Su página Inicio de sesión de WordPress es susceptible a un ataque de fuerza bruta (al igual que cualquier otra página de inicio de sesión). Estos tipos de ataques son cada vez más frecuentes en estos días y, a veces pueden provocar que el servidor se vuelva lento o no responda, aunque los ataques no tienen éxito en el acceso a su sitio. La aplicación de este parche bloqueará el acceso a la página de WordPress sesión cada vez que se detecta este tipo de ataque. Para obtener más información sobre este tema"
175	+
176	+ msgid "read my blog"
177	+ msgstr "lea mi blog"
178	+
179	+ msgid "The Quick Scan was unable to finish because of a shortage of memory or a problem accessing a file. Please try using the Complete Scan, it is slower but it will handle these errors better and continue scanning the rest of the files."
180	+ msgstr "El Escaneo Rápido no pudo terminar debido a la escasez de memoria o un problema de acceso a un archivo. Por favor, trate de usar el Escaneo Completo, es más lento pero va a manejar estos errores mejor y continuará escaneando el resto de los archivos."
181	+
182	+ msgid "Completed!"
183	+ msgstr "¡Completado!"
184	+
185	+ msgid "Starting Scan ..."
186	+ msgstr "Comenzando Scan ..."
187	+
188	+ msgid "Last Scan Status"
189	+ msgstr "Estatus del Último Escaneo"
190	+
191	+ msgid "The file %s does not exist."
192	+ msgstr "El archivo %s no existe."
193	+
194	+ msgid "You could <a %s>try viewing the quarantined backup file</a>."
195	+ msgstr "Usted puede <a %s> probar ver el archivo de backup en cuarentena</a>."
196	+
197	+ msgid "The file must have already been delete."
198	+ msgstr "El archivo debe ya haber sido borrado."
199	+
200	+ msgid "Are you sure this file is not infected and you want to ignore it in future scans?"
201	+ msgstr "¿Está seguro de que este archivo no está infectado y desea ignorarlo en análisis futuros?"
202	+
203	+ msgid "Potential threats in file:"
204	+ msgstr "Amenazas potenciales en el archivo:"
205	+
206	+ msgid "Because some threats were automatically fixed we need to check to make sure the removal did not break your site. If this stays Red and the frame below does not load please <a %s>revert the changes</a> made during the automated fix process."
207	+ msgstr "Debido a que algunas amenazas se fijaron automáticamente tenemos que comprobar para asegurar que la eliminación no rompió su sitio. Si permanece en Rojo y los frames de abajo no se cargan por favor <a %s> revierta los cambios </a> hechos durante el proceso de corrección automática."
208	+
209	+ msgid "Never mind, it worked!"
210	+ msgstr "¡No importa, funcionó!"
211	+
212	+ msgid "Nothing Selected to be Changed!"
213	+ msgstr "¡Nada seleccionado para ser Cambiando!"
214	+
215	+ msgid "Done!"
216	+ msgstr "¡Hecho!"
217	+
218	+ msgid "Run Quick Scan"
219	+ msgstr "Ejecutar Escaneo Rápido"
220	+
221	+ msgid "Run Complete Scan"
222	+ msgstr "Ejecutar Escaneo Completo"
223	+
224	+ msgid "View Quarantine"
225	+ msgstr "Ver Garantía"
226	+
227	+ msgid "Tested your site. It appears we didn't break anything"
228	+ msgstr "Probado en su sitio. Parece ser que no rompimos nada"
229	+
230	+ msgid "This Plugin requires WordPress version %s or higher"
231	+ msgstr "Este plugin requiere la versión %s de WordPress o superior"
232	+
233	+ msgid "Scan Settings"
234	+ msgstr "Ajustes de Scan"
235	+
236	+ msgid "Loading, Please Wait ..."
237	+ msgstr "Cargando, Por Favor Espere ..."
238	+
239	+ msgid "If this is taking too long, click here."
240	+ msgstr "¿Mucho tiempo ha pasado? pulse aquí"
241	+
242	+ msgid "Could not find server!"
243	+ msgstr "¡No se pudo encontrar el servidor!"
244	+
245	+ msgid "Plugin Updates for WP"
246	+ msgstr "Actualizaciones de plugin para WP"
247	+
248	+ msgid "Searching for updates ..."
249	+ msgstr "Buscando actualizaciones ..."
250	+
251	+ msgid "Definition Updates"
252	+ msgstr "Actualizaciones de Definición"
253	+
254	+ msgid "Please make a donation for the use of this wonderful feature!"
255	+ msgstr "¡Por favor haga una donación para el uso de esta característica maravillosa!"
256	+
257	+ msgid "an unknown file"
258	+ msgstr "un archivo desconocido"
259	+
260	+ msgid "unknown"
261	+ msgstr "desconocido"
262	+
263	+ msgid "<b>Headers already sent</b> in %1$s on line %2$s.<br />This is not a good sign, it may just be a poorly written plugin but Headers should not have been sent at this point.<br />Check the code in the above mentioned file to fix this problem."
264	+ msgstr "<b>Headers ya enviados</b> en %1$s en la línea %2$s. <br />Esto no es una buena señal, puede ser sólo un plugin mal escrito pero los Headers no deberían haber sido enviados en este punto. <br />Compruebe el código en el archivo mencionado anteriormente para solucionar este problema."
265	+
266	+ msgid "<b>Session not found</b>, some functionality may be diminished.<br />If you are getting this error consistently it may mean that this site is unable to maintain a persistent session.<br />Check with your hosting provider or see if you can enable sessions on this site."
267	+ msgstr "<b>Sesión no encontrada</b>, algunas funciones pueden verse disminuidas. <br />Si usted está recibiendo este error constantemente puede significar que este sitio es incapaz de mantener una sesión persistente. <br />Consulte con su proveedor de hosting o vea si se puede permitir sesiones de este sitio."
268	+
269	+ msgid "Failed to read file contents!"
270	+ msgstr "¡Error al leer los contenidos del archivo!"
271	+
272	+ msgid "Deleted!"
273	+ msgstr "¡Borrado!"
274	+
275	+ msgid "Restored!"
276	+ msgstr "¡Restaurado!"
277	+
278	+ msgid "Restore Failed!"
279	+ msgstr "¡Restauración Fallida!"
280	+
281	+ msgid "Already Fixed!"
282	+ msgstr "¡Ya se Arregló!"
283	+
284	+ msgid "htaccess Threats"
285	+ msgstr "Amenazas de htaccess"
286	+
287	+ msgid "TimThumb Exploits"
288	+ msgstr "Exploits de TimThumb"
289	+
290	+ msgid "Backdoor Scripts"
291	+ msgstr "Scripts de Backdoor"
292	+
293	+ msgid "Known Threats"
294	+ msgstr "Amenazas Conocidas"
295	+
296	+ msgid "WP-Login Vulnerability "
297	+ msgstr "Vulnerabilidad de WP-Login "
298	+
299	+ msgid "Potential Threats"
300	+ msgstr "Amenazas Potenciales"
301	+
302	+ msgid "Unknown"
303	+ msgstr "Desconocido"
304	+
305	+ msgid "Preparing %s"
306	+ msgstr "Preparando %s"
307	+
308	+ msgid "Scanning %s"
309	+ msgstr "Escaneando %s"
310	+
311	+ msgid "Failed to list files in directory!"
312	+ msgstr "¡Falló listar los archivos en el directorio!"
313	+
314	+ msgid "Scanned %s"
315	+ msgstr "Escaneado %s"
316	+
317	+ msgid "Skipped because of file extention!"
318	+ msgstr "¡Omitido debido a la extensión del archivo!"
319	+
320	+ msgid "Failed to determine file size!"
321	+ msgstr "¡Falló determinar el tamaño!"
322	+
323	+ msgid "Skipped because of file size!"
324	+ msgstr "¡Omitido debido al tamaño del archivo!"
325	+
326	+ msgid "Failed to read directory!"
327	+ msgstr "¡Falló leer el directorio!"
328	+
329	+ msgid "Skipped because of file size (%1$s bytes) or file extention (%2$s)!"
330	+ msgstr "¡Omitido debido al tamaño del archivo (%1$s bytes) o la extensión del archivo (%2$s)!"
331	+
332	+ msgid "Failed to read file!"
333	+ msgstr "¡Falló leer el archivo!"
334	+
335	+ msgid "Empty file!"
336	+ msgstr "¡archivo vacío!"

languages/gotmls.pot ADDED Viewed

	@@ -0,0 +1,341 @@


1	+ # SOME DESCRIPTIVE TITLE.
2	+ # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
3	+ # This file is distributed under the same license as the PACKAGE package.
4	+ # Eli Scheetz <eli@gotmls.net>, 2014.
5	+ #
6	+ #, fuzzy
7	+ msgid ""
8	+ msgstr ""
9	+ "Project-Id-Version: GOTMLS\n"
10	+ "Report-Msgid-Bugs-To: eli@gotmls.net\n"
11	+ "POT-Creation-Date: 2014-11-22 21:08+0900\n"
12	+ "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
13	+ "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
14	+ "Language-Team: LANGUAGE <LL@li.org>\n"
15	+ "Language: \n"
16	+ "MIME-Version: 1.0\n"
17	+ "Content-Type: text/plain; charset=UTF-8\n"
18	+ "Content-Transfer-Encoding: 8bit\n"
19	+
20	+ #, php-format
21	+ msgid "Upgrade to %s now!"
22	+ msgstr ""
23	+
24	+ msgid "First Name is a required field!"
25	+ msgstr ""
26	+
27	+ msgid "Last Name is a required field!"
28	+ msgstr ""
29	+
30	+ msgid "Email Address is a required field!"
31	+ msgstr ""
32	+
33	+ msgid "Your WordPress Site URL is a required field!"
34	+ msgstr ""
35	+
36	+ msgid "Plugin Installation Key is a required field!"
37	+ msgstr ""
38	+
39	+ msgid "Submitting Registration ..."
40	+ msgstr ""
41	+
42	+ msgid "Searching for updates ..."
43	+ msgstr ""
44	+
45	+ msgid "Download new definitions!"
46	+ msgstr ""
47	+
48	+ msgid "If you have not already registered your Key then register now and get instant access to definition updates.<p>*All fields are required and I will NOT share your registration information with anyone.</p>"
49	+ msgstr ""
50	+
51	+ msgid "Your Full Name:"
52	+ msgstr ""
53	+
54	+ msgid "A password will be e-mailed to this address:"
55	+ msgstr ""
56	+
57	+ msgid "Your WordPress Site URL:"
58	+ msgstr ""
59	+
60	+ msgid "Plugin Installation Key:"
61	+ msgstr ""
62	+
63	+ msgid "Plugin Links"
64	+ msgstr ""
65	+
66	+ msgid "Make a Donation with PayPal"
67	+ msgstr ""
68	+
69	+ msgid "Main Menu Item placed below <b>Comments</b> and above <b>Appearance</b>"
70	+ msgstr ""
71	+
72	+ msgid "Main Menu Item placed below <b>Settings</b>"
73	+ msgstr ""
74	+
75	+ msgid "Sub-Menu inside the <b>Tools</b> Menu Item"
76	+ msgstr ""
77	+
78	+ msgid "ONLY SHOW for <b>Network Admins</b>"
79	+ msgstr ""
80	+
81	+ msgid "Only Scan These Folders:"
82	+ msgstr ""
83	+
84	+ msgid "What to scan:"
85	+ msgstr ""
86	+
87	+ msgid "Scan Depth:"
88	+ msgstr ""
89	+
90	+ msgid "how far do you want to drill down from your starting directory?"
91	+ msgstr ""
92	+
93	+ msgid "-1 is infinite depth"
94	+ msgstr ""
95	+
96	+ msgid "What to look for:"
97	+ msgstr ""
98	+
99	+ msgid "Download Definition Updates to Use this feature"
100	+ msgstr ""
101	+
102	+ msgid "Registration of your Installation Key is required for this feature"
103	+ msgstr ""
104	+
105	+ msgid "Custom RegExp:"
106	+ msgstr ""
107	+
108	+ msgid "For very advanced users only. Do not use this without talking to Eli first. If used incorrectly you could easily break your site."
109	+ msgstr ""
110	+
111	+ msgid "<b>Skip files with the following extentions:</b> (a comma separated list of file extentions to be excluded from the scan)"
112	+ msgstr ""
113	+
114	+ msgid "<b>Skip directories with the following names:</b> (a comma separated list of folders to be excluded from the scan)"
115	+ msgstr ""
116	+
117	+ msgid "Menu Item Placement Options"
118	+ msgstr ""
119	+
120	+ #, php-format
121	+ msgid "Another Plugin or Theme is using '%s' to handle output buffers. <br />This prevents actively outputing the buffer on-the-fly and will severely degrade the performance of this (and many other) Plugins. <br />Consider disabling caching and compression plugins (at least during the scanning process)."
122	+ msgstr ""
123	+
124	+ msgid "Scanned Files"
125	+ msgstr ""
126	+
127	+ msgid "Selected Folders"
128	+ msgstr ""
129	+
130	+ msgid "Scanned Folders"
131	+ msgstr ""
132	+
133	+ msgid "Skipped Folders"
134	+ msgstr ""
135	+
136	+ msgid "Skipped Files"
137	+ msgstr ""
138	+
139	+ msgid "Read/Write Errors"
140	+ msgstr ""
141	+
142	+ msgid "Quarantined Files"
143	+ msgstr ""
144	+
145	+ msgid "Potential Threats"
146	+ msgstr ""
147	+
148	+ msgid "WP-Login Updates"
149	+ msgstr ""
150	+
151	+ msgid "Scan Complete!"
152	+ msgstr ""
153	+
154	+ msgid "You are not currently scanning for this type of threat!"
155	+ msgstr ""
156	+
157	+ msgid "Automatically Fix SELECTED Files Now"
158	+ msgstr ""
159	+
160	+ msgid "Scan Details:"
161	+ msgstr ""
162	+
163	+ msgid "Restore SELECTED files from Quarantine"
164	+ msgstr ""
165	+
166	+ msgid "Are you sure you want to overwrite the previously cleaned files with the selected files in the Quarantine?"
167	+ msgstr ""
168	+
169	+ msgid "Delete SELECTED files from Quarantine"
170	+ msgstr ""
171	+
172	+ msgid "Are you sure you want to permanently delete the selected files in the Quarantine?"
173	+ msgstr ""
174	+
175	+ msgid "<p><b>The following items have been found to contain malicious code, they have been cleaned, and the original infected file contents have been saved here in the Quarantine. The code is safe here and you do not need to do anything further with these files.</b></p> FYI - these files are found in:"
176	+ msgstr ""
177	+
178	+ msgid "No Items in Quarantine"
179	+ msgstr ""
180	+
181	+ msgid "NOTE: These are probably not malicious scripts (but it's a good place to start looking <u>IF</u> your site is infected and no Known Threats were found)."
182	+ msgstr ""
183	+
184	+ msgid "NOTE: Your WordPress Login page has the old version of my brute-force protection installed. Upgrade this patch to improve the protection on the WordPress Login page and preserve the integrity of your WordPress core files. For more information on brute force attack prevention and the WordPress wp-login-php file "
185	+ msgstr ""
186	+
187	+ msgid "read my blog"
188	+ msgstr ""
189	+
190	+ msgid "The Quick Scan was unable to finish because of a shortage of memory or a problem accessing a file. Please try using the Complete Scan, it is slower but it will handle these errors better and continue scanning the rest of the files."
191	+ msgstr ""
192	+
193	+ msgid "Completed!"
194	+ msgstr ""
195	+
196	+ msgid "Starting Scan ..."
197	+ msgstr ""
198	+
199	+ msgid "Last Scan Status"
200	+ msgstr ""
201	+
202	+ #, php-format
203	+ msgid "The file %s does not exist."
204	+ msgstr ""
205	+
206	+ #, php-format
207	+ msgid "You could <a %s>try viewing the quarantined backup file</a>."
208	+ msgstr ""
209	+
210	+ msgid "The file must have already been delete."
211	+ msgstr ""
212	+
213	+ msgid "Are you sure this file is not infected and you want to ignore it in future scans?"
214	+ msgstr ""
215	+
216	+ msgid "Potential threats in file:"
217	+ msgstr ""
218	+
219	+ #, php-format
220	+ msgid "Because some threats were automatically fixed we need to check to make sure the removal did not break your site. If this stays Red and the frame below does not load please <a %s>revert the changes</a> made during the automated fix process."
221	+ msgstr ""
222	+
223	+ msgid "Never mind, it worked!"
224	+ msgstr ""
225	+
226	+ msgid "Nothing Selected to be Changed!"
227	+ msgstr ""
228	+
229	+ msgid "Done!"
230	+ msgstr ""
231	+
232	+ msgid "Failed to list files in directory!"
233	+ msgstr ""
234	+
235	+ msgid "Run Complete Scan"
236	+ msgstr ""
237	+
238	+ msgid "Run Quick Scan"
239	+ msgstr ""
240	+
241	+ msgid "View Quarantine"
242	+ msgstr ""
243	+
244	+ msgid "Tested your site. It appears we didn't break anything"
245	+ msgstr ""
246	+
247	+ #, php-format
248	+ msgid "This Plugin requires WordPress version %s or higher"
249	+ msgstr ""
250	+
251	+ msgid "Scan Settings"
252	+ msgstr ""
253	+
254	+ msgid "Loading, Please Wait ..."
255	+ msgstr ""
256	+
257	+ msgid "If this is taking too long, click here."
258	+ msgstr ""
259	+
260	+ msgid "Could not find server!"
261	+ msgstr ""
262	+
263	+ msgid "Plugin Updates for WP"
264	+ msgstr ""
265	+
266	+ msgid "Definition Updates"
267	+ msgstr ""
268	+
269	+ msgid "Please make a donation for the use of this wonderful feature!"
270	+ msgstr ""
271	+
272	+ msgid "htaccess Threats"
273	+ msgstr ""
274	+
275	+ msgid "TimThumb Exploits"
276	+ msgstr ""
277	+
278	+ msgid "Backdoor Scripts"
279	+ msgstr ""
280	+
281	+ msgid "Known Threats"
282	+ msgstr ""
283	+
284	+ msgid "an unknown file"
285	+ msgstr ""
286	+
287	+ msgid "unknown"
288	+ msgstr ""
289	+
290	+ #, php-format
291	+ msgid "<b>Headers already sent</b> in %1$s on line %2$s.<br />This is not a good sign, it may just be a poorly written plugin but Headers should not have been sent at this point.<br />Check the code in the above mentioned file to fix this problem."
292	+ msgstr ""
293	+
294	+ msgid "Failed to read file contents!"
295	+ msgstr ""
296	+
297	+ msgid "Empty file!"
298	+ msgstr ""
299	+
300	+ msgid "Deleted!"
301	+ msgstr ""
302	+
303	+ msgid "Restored!"
304	+ msgstr ""
305	+
306	+ msgid "Restore Failed!"
307	+ msgstr ""
308	+
309	+ msgid "Already Fixed!"
310	+ msgstr ""
311	+
312	+ #, php-format
313	+ msgid "Preparing %s"
314	+ msgstr ""
315	+
316	+ #, php-format
317	+ msgid "Scanning %s"
318	+ msgstr ""
319	+
320	+ #, php-format
321	+ msgid "Scanned %s"
322	+ msgstr ""
323	+
324	+ msgid "Skipped because of file extention!"
325	+ msgstr ""
326	+
327	+ msgid "Failed to determine file size!"
328	+ msgstr ""
329	+
330	+ msgid "Skipped because of file size!"
331	+ msgstr ""
332	+
333	+ msgid "Failed to read directory!"
334	+ msgstr ""
335	+
336	+ #, php-format
337	+ msgid "Skipped because of file size (%1$s bytes) or file extention (%2$s)!"
338	+ msgstr ""
339	+
340	+ msgid "Failed to read file!"
341	+ msgstr ""

readme.txt ADDED Viewed

	@@ -0,0 +1,401 @@


1	+ === Anti-Malware and Brute-Force Security by ELI ===
2	+ Plugin URI: http://gotmls.net/
3	+ Author: Eli Scheetz
4	+ Author URI: http://wordpress.ieonly.com/category/my-plugins/anti-malware/
5	+ Contributors: scheeeli, gotmls
6	+ Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
7	+ Tags: anti-malware, security, plugin, scan, automatic, repair, remove, malware, virus, threat, hacked, malicious, scripts, infection, timthumb, exploit, block, brute-force, wp-login, patch, antimalware
8	+ Version: 4.14.47
9	+ Stable tag: 4.14.47
10	+ Requires at least: 3.0
11	+ Tested up to: 4.0.1
12	+
13	+ This Anti-Malware plugin searches for Malware and other Virus like threats and security vulnerabilities on your server and it helps you remove them.
14	+
15	+ == Description ==
16	+
17	+ Features:
18	+
19	+ * Automatic removal of "Known Threats".
20	+ * Download definitions of new threat as they are discovered.
21	+ * Automatically upgrade vulnerable versions of timthumb scripts.
22	+ * Automatically patch wp-login.php to block brute-force attacks.
23	+ * Run a Quick Scan from the admin menu.
24	+ * Customize Scan Setting.
25	+ * Run a Complete Scan from the Settings Page.
26	+
27	+ Updated November 20th
28	+
29	+ Register this plugin at [GOTMLS.NET](http://gotmls.net/) and get access to new definitions of "Known Threats" and added features like Automatic Removal, plus patches for specific security vulnerabilities like old versions of timthumb. Updated definition files can be downloaded automatically within the admin once your Key is registered. Otherwise, this plugin just scans for "Potential Threats" and leaves it up to you to identify and remove the malicious ones.
30	+
31	+ NOTICE: This plugin make use of a "phone home" feature to check for updates. This is not unlike what WordPress already does with all your plugins. Staying up-to-date is an essential part of any worthwhile security plugin and it will let you know when there are new plugin and definition update available. If you're allergic to "phone home" scripts then don't use this plugin (or WordPress at all for that matter).
32	+
33	+ Special thanks to:
34	+
35	+ * Graeme Morris of socialidentitydesign.com for the logo design.
36	+ * Jelena Kovacevic and Andrew Kurtis of webhostinghub.com for providing the Spanish translation.
37	+
38	+ == Installation ==
39	+
40	+ 1. Download and unzip the plugin into your WordPress plugins directory (usually `/wp-content/plugins/`).
41	+ 1. Activate the plugin through the 'Plugins' menu in your WordPress Admin.
42	+ 1. Register on gotmls.net and download the newest definition update to scan for Known Threats.
43	+
44	+ == Frequently Asked Questions ==
45	+
46	+ = Why should I register? =
47	+
48	+ If you register on [GOTMLS.NET](http://gotmls.net/) you will have access to download definitions of New Threats and added features like automatic removal of "Known Threats" and patches for specific security issues like old versions of timthumb and brute-force attacks on wp-login.php. Otherwise, this plugin only scans for "Potential Threats" on your site, it would then be up to you to identify the good from the bad and remove them accordingly.
49	+
50	+ = Why can't I automatically remove the "Potential Threats" in yellow? =
51	+
52	+ Many of these files may use eval and other powerful PHP function for perfectly legitimate reasons and removing that code from the files would likely cripple or even break your site so I have only enabled the Auto remove feature for "Know Threats".
53	+
54	+ = How do I know if any of the "Potential Threats" are dangerous? =
55	+
56	+ Click on the linked filename to examine it, then click each numbered link above the file content box to highlight the suspicious code. If you cannot tell whether or not the code is malicious just leave it alone or ask someone else to look at it for you. If you find that it is malicious please send me a copy of the file so that I can add it to my definition update as a "Know Threat", then it can be automatically removed.
57	+
58	+ = Why does the wp-login.php file show up as a vulnerability (even on a fresh install of WordPress)? =
59	+
60	+ The WordPress Login page is susceptible to a brute-force attack (just like any other login page). These types of attacks are becoming more prevalent these days and can sometimes cause your server to become slow or unresponsive, even if the attacks do not succeed in gaining access to your site. This plugin can apply a patch that will block access to the WordPress Login page whenever this type of attack is detected. For more information on this subject [read my blog](http://gotmls.net/tag/wp-login-php/).
61	+
62	+ = What if the scan gets stuck part way through? =
63	+
64	+ First just leave it for a while. If there are a lot of files on your server it could take quite a while and could sometimes appear to not be moving along at all even if it really is working. If it still seems stuck after a while then try running the scan again, be sure you try both the Complete Scan and the Quick scan.
65	+
66	+ = How did I get hacked in the first place? =
67	+
68	+ First, don't take the attack personally. Lots of hackers routinely run automated script that crawl the internet looking for easy targets. Your site probably got hacked because you are unknowingly an easy target. This might be because you are running an older version of WordPress or have installed a Plugin or Theme with a backdoor or known security vulnerability. However, the most common type of infection I see is cross-conamination. This can happen when your site is on a shared server with other exploitable sites that got infected. In most shared hosting environments it's possible for hackers to use an one infected site to infect other sites on the same server, sometimes even if the sites are on different accounts.
69	+
70	+ = What can I do to prevent it from happening again? =
71	+
72	+ There is no sure way to protect your site from every kind of hack attempt. That said, don't be an easy target. Some basic steps should include: hardening your password, keeping all your sites up-to-date, and run regular scans with Anti-Malware software like [GOTMLS.NET](http://gotmls.net/)
73	+
74	+ = Why does sucuri.net or the Google Safe Browsing Diagnostic page still say my site is infected after I have removed the malicious code? =
75	+
76	+ sucuri.net caches their scan results and will not refresh the scan until you click the small link near the bottom of the page that says "Force a Re-scan" to clear the cache. Google also caches your infected pages and usually takes some time before crawling your site again, but you can speed up that process by Requesting a Review in the Malware or Security section of [Google Webmaster Tools](https://www.google.com/webmasters/tools/). It is a good idea to have a Webmaster Tools account for your site anyway as it can provide lots of other helpful information about your site.
77	+
78	+ == Screenshots ==
79	+
80	+ 1. The menu showing Anti-Malware options.
81	+ 2. The Scan Setting page in the admin.
82	+ 3. An example scan that found some threats.
83	+ 4. The results window when "Automatic Repair" fixes threats.
84	+ 5. The Quarantine showing threats that have been fix already.
85	+
86	+ == Changelog ==
87	+
88	+ = 4.14.47 =
89	+ * Major upgrade to the protection for wp-login.php Brute-Force attempts.
90	+ * Fixes a bug in setting the permissions for read-only files so that they could still be cleaned.
91	+
92	+ = 3.15.16 =
93	+ * Fixes a minor bug with pass-by-reference which raises a fatal error in PHP v5.4.
94	+
95	+ = 3.15.15 =
96	+ * Enhanced the Examine File window with better styles and more info.
97	+ * Changed form submission of encrypted file lists to array values instead of keys.
98	+ * Fixes other minor bugs.
99	+
100	+ = 3.14.24 =
101	+ * Made the Examine File window sizable.
102	+ * Fixed a few small bugs and removed some old code.
103	+ * Added a link to my new twitter account.
104	+
105	+ = 3.14.08 =
106	+ * Re-purposed Quick Scan to just scan the most affected areas.
107	+ * Set the registration form to display by defaulted in the definition update section.
108	+ * Fixed a few small bugs in advanced features and directory depth determination.
109	+
110	+ = 3.13.11 =
111	+ * Fixed a session bug to display the last directory scanned.
112	+
113	+ = 3.13.10 =
114	+ * Fixed a few small cosmetic bugs for WP 3.8.
115	+
116	+ = 3.12.27 =
117	+ * Added Spanish translation, thanks to Jelena Kovacevic and Andrew Kurtis at webhostinghub.com.
118	+
119	+ = 3.11.28 =
120	+ * Updated string in the code and added a .pot file to be ready for translation into other languages.
121	+ * Added "Select All" checkbox to Quarantine and a new button to delete items from the Quarantine.
122	+ * Added a trace.php file for advanced session tracking.
123	+
124	+ = 3.08.31 =
125	+ * Fixed undefined index bug with menu_group item in settings array.
126	+
127	+ = 3.08.02 =
128	+ * Added support for multisite network admin menu and the ability to restrict admin access.
129	+
130	+ = 3.07.27 =
131	+ * Fixed a session bug in the progress bar related to the last release.
132	+
133	+ = 3.07.26 =
134	+ * Fixed a session bug that conflicted with jigoshop. (Thanks dragonflyfla)
135	+
136	+ = 3.07.19 =
137	+ * Fixed a few bug in the Whitelist definition feature.
138	+
139	+ = 3.07.06 =
140	+ * Added SSL support for definition updates and registration form.
141	+ * Upgraded the Whitelist feature so the it could not contain duplicates.
142	+
143	+ = 1.3.05.31 =
144	+ * Downgraded the WP-Login threat and changed it to an opt-in fix.
145	+
146	+ = 1.3.05.14 =
147	+ * Fixed a bug in the Add to Whitelist feature so the you do not need to update the definitions after whitelisting a file.
148	+
149	+ = 1.3.05.13 =
150	+ * Fixed two bugs in the last release.
151	+
152	+ = 1.3.05.11 =
153	+ * Added ability to whitelist files.
154	+
155	+ = 1.3.04.19 =
156	+ * Fixed a major bug in yesterdays release broke the login page on some sites.
157	+
158	+ = 1.3.04.17 =
159	+ * Added a patch for the wp-login.php brute force attack that has been going around.
160	+ * Created a process to restore files from the Quarantine.
161	+ * Fixed a few other small bugs including path issues on Winblows server.
162	+
163	+ = 1.3.02.15 =
164	+ * Improved security on the Quarantine directory to fix the 500 error on some servers.
165	+
166	+ = 1.2.12.31 =
167	+ * Fixed count of Quarantined items.
168	+ * Added htaccess security to the Uploads directory.
169	+
170	+ = 1.2.12.30 =
171	+ * Fixed progress bar bug in the last release.
172	+ * Linked the Quarantined items to the File Examiner.
173	+
174	+ = 1.2.12.29 =
175	+ * Brought back the TimThumb and htaccess scan categories.
176	+ * Added a scan category for Backdoor Scripts.
177	+
178	+ = 1.2.12.14 =
179	+ * Fixed bugs in the last release.
180	+
181	+ = 1.2.12.12 =
182	+ * Consolidated the Definition Types and added a Whitelist category.
183	+ * Completely redesigned the Definition Updates to handle incremental updates.
184	+ * Added "View Quarantine" to the menu.
185	+
186	+ = 1.2.11.15 =
187	+ * Enhanced Output Buffer to work with compression enabled (like ob_gzhandler).
188	+ * Moved the quarantine to the uploads directory to protect against blanket inclusion.
189	+
190	+ = 1.2.10.31 =
191	+ * Fixed Output Buffer issue for when ob_start has already been called.
192	+
193	+ = 1.2.10.27 =
194	+ * Enhanced the Automatic Fix process to handle bad directory permissions.
195	+ * Added more detailed error messages for different types of file errors.
196	+ * Fixed calculation for Time Remaining on the Progress Bar.
197	+
198	+ = 1.2.10.16 =
199	+ * Re-calibrated the Progress Bar on the Quick Scan.
200	+ * Improved overall error handling.
201	+ * Minor UI enhancements and a few bug fixes.
202	+
203	+ = 1.2.10.05 =
204	+ * Completely revamped the scan engine to handle large file systems with better error handling.
205	+ * Enhanced the results for the Automatic Fix process.
206	+ * Fixed a few other small bugs.
207	+
208	+ = 1.2.09.22 =
209	+ * Enhanced the iFrame for the File Viewer and Automatic Fix process.
210	+ * Improved error handling during the scan.
211	+ * Fixed update checker script.
212	+
213	+ = 1.2.09.15 =
214	+ * Fixed major bug in unregistered scan definition interpretation that causes many false positives.
215	+ * Moved the File Viewer and Automatic Fix process into an iFrame to decrease scan time and memory usage.
216	+ * Enhanced the Automatic Fix process for better success with read-only files.
217	+ * Improved code cleanup process and general efficiency of the scan.
218	+
219	+ = 1.2.08.31 =
220	+ * Encoded definition update for better compatibility with some servers that have post limitation.
221	+ * Improved the code cleanup expression that is applied after removal of known threats.
222	+
223	+ = 1.2.07.29 =
224	+ * Fixed return URL on Donate form.
225	+
226	+ = 1.2.07.20 =
227	+ * Fixed XSS vulnerability.
228	+
229	+ = 1.2.05.20 =
230	+ * Changed registration to allow for multiple sites/keys to be registered under one user/email.
231	+
232	+ = 1.2.05.04 =
233	+ * Fixed "Invalid Threat level" Error on default values for pre-registration scans.
234	+ * Changed auto-update path to update threat level array for all new definition updates.
235	+
236	+ = 1.2.04.24 =
237	+ * Fixed auto-update script to update scan level even if there is no new definitions.
238	+
239	+ = 1.2.04.09 =
240	+ * Added more info about registration to the readme file.
241	+ * Updated timthumb replacement patch to version 2.8.10 per WordPress.org plugins requirement.
242	+ * Fixed menu option placement to work just as well as a sub-menu under tools.
243	+
244	+ = 1.2.04.08 =
245	+ * Fixed option to exclude directories so that the scan would not get stuck if omitted.
246	+ * Added support for winblows servers using BACKSLASH directory structures.
247	+
248	+ = 1.2.04.04 =
249	+ * Added option to exclude directories.
250	+ * Changed definition updates to write to the DB instead of a file.
251	+ * Added better messages about available updates.
252	+ * Added more FAQs to the readme.
253	+
254	+ = 1.2.03.28 =
255	+ * Fixed registration form.
256	+
257	+ = 1.2.03.27 =
258	+ * Fixed some of the links on the settings page.
259	+
260	+ = 1.2.03.23 =
261	+ * First BETA versions available for WordPress.
262	+
263	+ == Upgrade Notice ==
264	+
265	+ = 4.14.47 =
266	+ Major upgrade to the protection for Brute-Force attempts, and a bug fix for resetting the permissions of read-only files.
267	+
268	+ = 3.15.16 =
269	+ Fixes a minor bug with pass-by-reference which raises a fatal error in PHP v5.4.
270	+
271	+ = 3.15.15 =
272	+ Enhanced the Examine File window with better styles and more info, changed form submission of encrypted file lists, and fixes other minor bugs.
273	+
274	+ = 3.14.24 =
275	+ Made the Examine File window sizable, fixed a few small bugs, removed some old code, and added a link to twitter.
276	+
277	+ = 3.14.08 =
278	+ Re-purposed Quick Scan to just scan the most affected areas and fixed a few small bugs.
279	+
280	+ = 3.13.11 =
281	+ Fixed a session bug to display the last directory scanned.
282	+
283	+ = 3.13.10 =
284	+ Fixed a few small cosmetic bugs for WP 3.8.
285	+
286	+ = 3.12.27 =
287	+ Added Spanish translation, thanks to Jelena Kovacevic and Andrew Kurtis.
288	+
289	+ = 3.11.28 =
290	+ Updated code and added a .pot file for translation into other languages and added more Quarantine options and a file for advanced session tracking.
291	+
292	+ = 3.08.31 =
293	+ Fixed undefined index bug with menu_group item in settings array.
294	+
295	+ = 3.08.02 =
296	+ Added support for multisite network admin menu and the ability to restrict admin access.
297	+
298	+ = 3.07.27 =
299	+ Fixed a session bug in the progress bar related to the last release.
300	+
301	+ = 3.07.26 =
302	+ Fixed a session bug that conflicted with jigoshop. (Thanks dragonflyfla)
303	+
304	+ = 3.07.19 =
305	+ Fixed a few bug in the Whitelist definition feature.
306	+
307	+ = 3.07.06 =
308	+ Added SSL support for definition updates and upgraded the Whitelist feature.
309	+
310	+ = 1.3.05.31 =
311	+ Downgraded the WP-Login threat and changed it to an opt-in fix.
312	+
313	+ = 1.3.05.14 =
314	+ Fixed a bug in the Add to Whitelist feature so the you do not need to update the definitions after whitelisting a file.
315	+
316	+ = 1.3.05.13 =
317	+ Fixed two bugs in the last release.
318	+
319	+ = 1.3.05.11 =
320	+ Added ability to whitelist files.
321	+
322	+ = 1.3.04.19 =
323	+ Fixed a major bug in yesterdays release broke the login page on some sites.
324	+
325	+ = 1.3.04.17 =
326	+ Added a patch for the wp-login.php brute force attack and fixed a few other small bugs.
327	+
328	+ = 1.3.02.15 =
329	+ Improved security on the Quarantine directory to fix the 500 error on some servers.
330	+
331	+ = 1.2.12.31 =
332	+ Fixed count of Quarantined items and added htaccess security to the Uploads directory.
333	+
334	+ = 1.2.12.30 =
335	+ Fixed progress bar bug and linked the Quarantined items to the File Examiner.
336	+
337	+ = 1.2.12.29 =
338	+ Brought back the TimThumb and htaccess scan categories and added a category for Backdoor Scripts.
339	+
340	+ = 1.2.12.14 =
341	+ Fixed bugs in the last release.
342	+
343	+ = 1.2.12.12 =
344	+ BETA Release: Consolidated Definition Types and completely redesigned the Definition Updates.
345	+
346	+ = 1.2.11.15 =
347	+ Enhanced Output Buffer to work with compression enabled and moved the quarantine.
348	+
349	+ = 1.2.10.31 =
350	+ Fixed Output Buffer issue for when ob_start has already been called.
351	+
352	+ = 1.2.10.27 =
353	+ Enhanced the Automatic Fix to handle bad directory permissions, added more detailed error messages, and fixed calculation for Time Remaining.
354	+
355	+ = 1.2.10.16 =
356	+ Re-calibrated the Progress Bar, improved error handling, and fixed a few minor bugs.
357	+
358	+ = 1.2.10.05 =
359	+ Completely revamped the scan engine, enhanced the Automatic Fix results, and fixed a few other small bugs.
360	+
361	+ = 1.2.09.22 =
362	+ Enhanced the iFrame for the File Viewer and Automatic Fix process and improved error handling.
363	+
364	+ = 1.2.09.15 =
365	+ Fixed major bug in unregistered scan definition interpretation and moved the File Viewer and Automatic Fix into an iFrame for efficiency and enhanced for better success with read-only files.
366	+
367	+ = 1.2.08.31 =
368	+ Encoded definition update to broaden server compatibility and improved the code cleanup expression after threat removal.
369	+
370	+ = 1.2.07.29 =
371	+ Fixed return URL on Donate form.
372	+
373	+ = 1.2.07.20 =
374	+ Fixed XSS vulnerability.
375	+
376	+ = 1.2.05.20 =
377	+ Changed registration to allow for multiple sites/keys to be registered under one user/email.
378	+
379	+ = 1.2.05.04 =
380	+ Fixed Threat Level error and changed auto-update path to update threat level array for all new definition updates.
381	+
382	+ = 1.2.04.24 =
383	+ Fixed auto-update script to update scan level even if there is no new definitions.
384	+
385	+ = 1.2.04.09 =
386	+ Added more info about registration to the readme file, Updated timthumb replacement patch to version 2.8.10, and fixed menu option placement.
387	+
388	+ = 1.2.04.08 =
389	+ Fixed option to exclude directories and added support for winblows servers using BACKSLASH directory structures.
390	+
391	+ = 1.2.04.04 =
392	+ Changed definition updates to write to the DB instead of a file and added better messages about available updates.
393	+
394	+ = 1.2.03.28 =
395	+ Fixed registration form.
396	+
397	+ = 1.2.03.27 =
398	+ Fixed some of the links on the settings page.
399	+
400	+ = 1.2.03.23 =
401	+ First BETA versions available for WordPress.

safe-load.php ADDED Viewed

	@@ -0,0 +1,40 @@


1	+ <?php
2	+ // START Security Patch by GOTMLS.NET
3	+ //if(!session_save_path()) session_save_path(dirname(__FILE__).'/images/');
4	+ if (!session_id())
5	+ @session_start();
6	+ if (!(isset($_SESSION["GOTMLS_login_attempts"]) && strlen($_SESSION["GOTMLS_login_attempts"]."") > 0 && is_numeric($_SESSION["GOTMLS_login_attempts"])))
7	+ $_SESSION["GOTMLS_login_attempts"] = 0;
8	+ if (!(isset($_SESSION["GOTMLS_login_ok"]) && $_SESSION["GOTMLS_login_ok"] === true))
9	+ $_SESSION["GOTMLS_login_ok"] = false;
10	+ if ($_SESSION["GOTMLS_login_ok"] && $_SESSION["GOTMLS_login_attempts"] == 0)
11	+ $_SESSION["GOTMLS_login_attempts"] = 1;
12	+ @date_default_timezone_set(@date_default_timezone_get());
13	+ $GOTMLS_time = @date("mdHm");
14	+ if (file_exists(dirname(__FILE__).'/../../../.GOTMLS.failed.login.attempt.from.'.$_SERVER["REMOTE_ADDR"].'.php'))
15	+ include(dirname(__FILE__).'/../../../.GOTMLS.failed.login.attempt.from.'.$_SERVER["REMOTE_ADDR"].'.php');
16	+ elseif (isset($_GET["GOTMLS_SESSION_check"]) && is_numeric($_GET["GOTMLS_SESSION_check"])) {
17	+ if ($_SESSION["GOTMLS_login_attempts"] == 0) {
18	+ $_SESSION["GOTMLS_login_attempts"] = 1;
19	+ if ('IP'.str_replace('.','',$_SERVER["REMOTE_ADDR"]) == 'IP'.$_GET["GOTMLS_SESSION_check"])
20	+ die("<script>window.location.replace('wp-login.php?GOTMLS_SESSION_check=$GOTMLS_time');</script>");
21	+ elseif ($_GET["GOTMLS_SESSION_check"] == $GOTMLS_time \|\| ($_GET["GOTMLS_SESSION_check"] + 1) == $GOTMLS_time) {
22	+ if (@file_put_contents(dirname(__FILE__).'/../../../.GOTMLS.failed.login.attempt.from.'.$_SERVER["REMOTE_ADDR"].'.php', '<?php $_SESSION["GOTMLS_login_attempts"] = 1; //set this value to 0 to block all login attempts from this IP '.$_SERVER["REMOTE_ADDR"]))
23	+ die('SESSION FAILURE: Your IP address has been logged.');
24	+ else
25	+ die('SESSION FAILURE: No way to login.');
26	+ }
27	+ } else
28	+ die('SESSION TEST PASSED! You should be able to login now.');
29	+ }
30	+ if ($_SERVER["REQUEST_METHOD"] == "POST" \|\| isset($_POST["user_login"])) {
31	+ $_SESSION["GOTMLS_login_attempts"]++;
32	+ if ($_SESSION["GOTMLS_login_attempts"] < 2 \|\| $_SESSION["GOTMLS_login_attempts"] > 6)
33	+ die("<html><head><title>Login Error</title></head><body style='margin-top: 0;'><!-- ".$_SESSION["GOTMLS_login_attempts"]." -->\n".'<div id="help-meta" style="background-color: #CCCCCC; display: none; margin: 0 15px; padding: 10px; border-bottom-left-radius: 5px; border-bottom-right-radius: 5px;">This message is shown whenever a possible brute-force attack is detected. Click the link below to have another shot at logging in.<br><iframe src="wp-login.php?GOTMLS_SESSION_check='.str_replace('.','',$_SERVER["REMOTE_ADDR"]).'" style="width: 100%; height: 35px; margin: 10px 0;"></iframe></div><div style="background-color: #CCCCCC; margin: 0 25px; float: right; padding: 10px; border-bottom-left-radius: 5px; border-bottom-right-radius: 5px;"><a onclick="hbox=document.getElementById(\'help-meta\');if (hbox.style.display==\'block\') hbox.style.display=\'none\'; else hbox.style.display=\'block\';" href="#help-meta">Help</a></div><br>'."\n<p>Just what do you think you are doing?</p><p><a href='wp-login.php'>Open the login page to try again</a></p></body></html>");
34	+ } else {
35	+ $_SESSION["GOTMLS_login_ok"] = true;
36	+ $_SESSION["GOTMLS_login_attempts"] = 1;
37	+ }
38	+ $save_GOTMLS_login_attempts = $_SESSION['GOTMLS_login_attempts'];
39	+ $save_GOTMLS_login_ok = $_SESSION['GOTMLS_login_ok'];
40	+ // END Security Patch by GOTMLS.NET

safe-load/index.php ADDED Viewed

	@@ -0,0 +1,14 @@


1	+ <?php
2	+ /**
3	+ * GOTMLS Brute-Force protections
4	+ * @package GOTMLS
5	+ */
6	+
7	+ if (!$_SESSION["GOTMLS_detected_attacks"])
8	+ $_SESSION["GOTMLS_detected_attacks"] = '&attack[]=DIRECT_LOAD';
9	+ foreach (array("REMOTE_ADDR", "HTTP_HOST", "REQUEST_URI", "HTTP_REFERER", "HTTP_USER_AGENT") as $var)
10	+ $_SESSION["GOTMLS_detected_attacks"] .= (isset($_SERVER[$var])?"&SERVER_$var=".urlencode($_SERVER[$var]):"");
11	+ foreach (array("log") as $var)
12	+ $_SESSION["GOTMLS_detected_attacks"] .= (isset($_POST[$var])?"&POST_$var=".urlencode($_POST[$var]):"");
13	+ header("location: http://safe-load.gotmls.net/report.php?ver=4.14.47".$_SESSION["GOTMLS_detected_attacks"]);
14	+ die();

safe-load/session.php ADDED Viewed

	@@ -0,0 +1,15 @@


1	+ <?php
2	+ /**
3	+ * GOTMLS SESSION Start
4	+ * @package GOTMLS
5	+ */
6	+
7	+ if (!defined(GOTMLS_SESSION_TIME))
8	+ define("GOTMLS_SESSION_TIME", microtime(true));
9	+ if (!@session_id())
10	+ @session_start();
11	+ if (isset($_SESSION["GOTMLS_SESSION_TIME"]))
12	+ $_SESSION["GOTMLS_SESSION_LAST"] = $_SESSION["GOTMLS_SESSION_TIME"];
13	+ else
14	+ $_SESSION["GOTMLS_SESSION_LAST"] = 0;
15	+ $_SESSION["GOTMLS_SESSION_TIME"] = GOTMLS_SESSION_TIME;

safe-load/trace.php ADDED Viewed

	@@ -0,0 +1,35 @@


1	+ <?php // Debug Tracer function by ELI at GOTMLS.NET
2	+ if (!function_exists("GOTMLS_debug_trace")) {
3	+ function GOTMLS_debug_trace($file) {
4	+ $mt = microtime(true);
5	+ if (!session_id())
6	+ @session_start();
7	+ if (!isset($_SESSION["GOTMLS_traces"]))
8	+ $_SESSION["GOTMLS_traces"] = 0;
9	+ if (!isset($_SESSION["GOTMLS_trace_includes"]))
10	+ $_SESSION["GOTMLS_trace_includes"] = array();
11	+ if (isset($_SESSION["GOTMLS_trace_includes"][$_SESSION["GOTMLS_traces"]][$file]))
12	+ $_SESSION["GOTMLS_traces"] = $mt;
13	+ if (!$GOTMLS_headers_sent && $GOTMLS_headers_sent = headers_sent($filename, $linenum)) {
14	+ if (!$filename)
15	+ $filename = __("an unknown file",'gotmls');
16	+ if (!is_numeric($linenum))
17	+ $linenum = __("unknown",'gotmls');
18	+ $mt .= sprintf(__(': Headers sent by %1$s on line %2$s.','gotmls'), $filename, $linenum);
19	+ }
20	+ if (!(isset($_SESSION["GOTMLS_OBs"]) && is_array($_SESSION["GOTMLS_OBs"])))
21	+ $_SESSION["GOTMLS_OBs"] = array();
22	+ if (($OBs = ob_list_handlers()) && is_array($OBs) && (count($_SESSION["GOTMLS_OBs"]) != count($OBs))) {
23	+ $mt .= print_r(array("ob"=>ob_list_handlers()),1);
24	+ $_SESSION["GOTMLS_OBs"] = $OBs;
25	+ }
26	+ $_SESSION["GOTMLS_trace_includes"][$_SESSION["GOTMLS_traces"]][$file] = $mt;
27	+ if (isset($_GET["GOTMLS_traces"]) && count($_SESSION["GOTMLS_trace_includes"][$_SESSION["GOTMLS_traces"]]) > $_GET["GOTMLS_includes"]) {
28	+ $_SESSION["GOTMLS_traces"] = $mt;
29	+ foreach ($_SESSION["GOTMLS_trace_includes"] as $trace => $array)
30	+ if ($trace < $_GET["GOTMLS_traces"])
31	+ unset($_SESSION["GOTMLS_trace_includes"][$trace]);
32	+ die(print_r(array("<a href='?GOTMLS_traces=".substr($_SESSION["GOTMLS_traces"], 0, 10)."'>".substr($_SESSION["GOTMLS_traces"], 0, 10)."</a><pre>",$_SESSION["GOTMLS_trace_includes"],"<pre>")));
33	+ }
34	+ }
35	+ }

safe-load/wp-login.php ADDED Viewed

	@@ -0,0 +1,83 @@


1	+ <?php
2	+ /**
3	+ * GOTMLS wp-login protection
4	+ * @package GOTMLS
5	+ */
6	+
7	+ include(dirname(__FILE__)."/session.php");
8	+ if (!defined(GOTMLS_REQUEST_METHOD))
9	+ define("GOTMLS_REQUEST_METHOD", (isset($_SERVER["REQUEST_METHOD"])?strtoupper($_SERVER["REQUEST_METHOD"]):"none"));
10	+ function GOTMLS_update_log_file($dont_force_write = true) {
11	+ if (!defined(GOTMLS_SESSION_FILE))
12	+ define("GOTMLS_SESSION_FILE", dirname(__FILE__)."/_SESSION/index.php");
13	+ if (is_file(GOTMLS_SESSION_FILE))
14	+ include(GOTMLS_SESSION_FILE);
15	+ else {
16	+ if (!is_dir(dirname(GOTMLS_SESSION_FILE)))
17	+ @mkdir(dirname(GOTMLS_SESSION_FILE));
18	+ if (is_dir(dirname(GOTMLS_SESSION_FILE)))
19	+ if (!is_file(GOTMLS_SESSION_FILE))
20	+ if (file_put_contents(GOTMLS_SESSION_FILE, "<?php if (!defined(GOTMLS_INSTALL_TIME)) define('GOTMLS_INSTALL_TIME', '".GOTMLS_SESSION_TIME."');"))
21	+ include(GOTMLS_SESSION_FILE);
22	+ }
23	+ if (!defined(GOTMLS_INSTALL_TIME))
24	+ return false;
25	+ else {
26	+ $GOTMLS_LOGIN_ARRAY = array("ADDR"=>(isset($_SERVER["REMOTE_ADDR"])?$_SERVER["REMOTE_ADDR"]:"REMOTE_ADDR"), "AGENT"=>(isset($_SERVER["HTTP_USER_AGENT"])?$_SERVER["HTTP_USER_AGENT"]:"HTTP_USER_AGENT"), "TIME"=>GOTMLS_INSTALL_TIME);
27	+ $GOTMLS_LOGIN_KEY = md5(maybe_serialize($GOTMLS_LOGIN_ARRAY));
28	+ if (!defined(GOTMLS_LOG_FILE))
29	+ define("GOTMLS_LOG_FILE", dirname(GOTMLS_SESSION_FILE)."/.GOTMLS.$GOTMLS_LOGIN_KEY.php");
30	+ if (is_file(GOTMLS_LOG_FILE))
31	+ include(GOTMLS_LOG_FILE);
32	+ if (GOTMLS_REQUEST_METHOD == "POST")
33	+ $GLOBALS["GOTMLS"]["logins"][$GOTMLS_LOGIN_KEY][GOTMLS_REQUEST_METHOD][GOTMLS_INSTALL_TIME] = $GOTMLS_LOGIN_ARRAY;
34	+ else
35	+ $GLOBALS["GOTMLS"]["logins"][$GOTMLS_LOGIN_KEY][GOTMLS_REQUEST_METHOD] = GOTMLS_INSTALL_TIME;
36	+ @file_put_contents(GOTMLS_LOG_FILE, '<?php $GLOBALS["GOTMLS"]["logins"]["'.$GOTMLS_LOGIN_KEY.'"]=maybe_unserialize(base64_decode("'.base64_encode(maybe_serialize($GLOBALS["GOTMLS"]["logins"][$GOTMLS_LOGIN_KEY])).'"));');
37	+ if (isset($GLOBALS["GOTMLS"]["logins"][$GOTMLS_LOGIN_KEY]) && is_array($GLOBALS["GOTMLS"]["logins"][$GOTMLS_LOGIN_KEY]))
38	+ return $GOTMLS_LOGIN_KEY;
39	+ else
40	+ return 0;
41	+ }
42	+ }
43	+ if ((GOTMLS_REQUEST_METHOD == "POST") && isset($_POST["log"]) && isset($_POST["pwd"]) && !isset($GOTMLS_logins[$GOTMLS_LOGIN_KEY]["whitelist"])) {
44	+ if (!(isset($_SESSION["GOTMLS_detected_attacks"]) && $_SESSION["GOTMLS_SESSION_LAST"]))
45	+ $_SESSION["GOTMLS_detected_attacks"] = '&attack[]=NO_SESSION';
46	+ if (!isset($_SERVER["REMOTE_ADDR"]))
47	+ $_SESSION["GOTMLS_detected_attacks"] .= '&attack[]=NO_REMOTE_ADDR';
48	+ if (!isset($_SERVER["HTTP_USER_AGENT"]))
49	+ $_SESSION["GOTMLS_detected_attacks"] .= '&attack[]=NO_HTTP_USER_AGENT';
50	+ if (!isset($_SERVER["HTTP_REFERER"]))
51	+ $_SESSION["GOTMLS_detected_attacks"] .= '&attack[]=NO_HTTP_REFERER';
52	+ if (!$_SESSION["GOTMLS_detected_attacks"]) {
53	+ if (isset($_SESSION["GOTMLS_login_attempts"]) && is_numeric($_SESSION["GOTMLS_login_attempts"]) && strlen($_SESSION["GOTMLS_login_attempts"]."") > 0)
54	+ $_SESSION["GOTMLS_login_attempts"]++;
55	+ else {
56	+ if ($GOTMLS_LOGIN_KEY = GOTMLS_update_log_file()) {
57	+ if (!(isset($GLOBALS["GOTMLS"]["logins"][$GOTMLS_LOGIN_KEY]["POST"]) && is_array($GLOBALS["GOTMLS"]["logins"][$GOTMLS_LOGIN_KEY]["POST"])))
58	+ $_SESSION["GOTMLS_detected_attacks"] .= '&attack[]=NO_LOGIN_ATTEMPTS';
59	+ elseif (!isset($GLOBALS["GOTMLS"]["logins"][$GOTMLS_LOGIN_KEY]["GET"]))
60	+ $_SESSION["GOTMLS_detected_attacks"] .= '&attack[]=NO_LOGIN_GETS';
61	+ else {
62	+ $_SESSION["GOTMLS_login_attempts"] = 0;
63	+ foreach ($GLOBALS["GOTMLS"]["logins"][$GOTMLS_LOGIN_KEY]["POST"] as $LOGIN_TIME=>$LOGIN_ARRAY) {
64	+ if ($LOGIN_TIME > $GLOBALS["GOTMLS"]["logins"][$GOTMLS_LOGIN_KEY]["GET"])
65	+ $_SESSION["GOTMLS_login_attempts"]++;
66	+ else
67	+ unset($GLOBALS["GOTMLS"]["logins"][$GOTMLS_LOGIN_KEY]["POST"][$LOGIN_TIME]);
68	+ }
69	+ }
70	+ } else
71	+ $_SESSION["GOTMLS_detected_attacks"] .= '&attack[]=NO_LOG_FILE';
72	+ }
73	+ if (!(isset($_SESSION["GOTMLS_login_attempts"]) && is_numeric($_SESSION["GOTMLS_login_attempts"]) && ($_SESSION["GOTMLS_login_attempts"] < 6) && $_SESSION["GOTMLS_login_attempts"]))
74	+ $_SESSION["GOTMLS_detected_attacks"] .= '&attack[]=TOO_MANY_login_attempts';
75	+ }
76	+ if ($_SESSION["GOTMLS_detected_attacks"])
77	+ include(dirname(__FILE__)."/index.php");
78	+ } else {
79	+ if (isset($_SERVER["SCRIPT_FILENAME"]) && basename(__FILE__) == basename($_SERVER["SCRIPT_FILENAME"]))
80	+ GOTMLS_update_log_file();
81	+ $_SESSION["GOTMLS_detected_attacks"] = '';
82	+ $_SESSION["GOTMLS_login_attempts"] = 0;
83	+ }

Anti-Malware Security and Brute-Force Firewall - Version 4.14.47

Version Description

Release Info

Version 4.14.47