Anti-Malware Security and Brute-Force Firewall

Version Description

Improved rewrite compatibility of session check for the Brute-Force Protection Installation.

Release Info

Developer	scheeeli
Plugin	Anti-Malware Security and Brute-Force Firewall
Version	4.14.62
Comparing to
See all releases

Code changes from version 4.14.59 to 4.14.62

Files changed (5) hide show

images/index.php +35 -32
index.php +58 -53
readme.txt +8 -2
safe-load.php +0 -40
safe-load/index.php +1 -1

images/index.php CHANGED Viewed

	@@ -10,7 +10,7 @@ function GOTMLS_define($DEF, $val) {
10	define($DEF, $val);
11	}}
12
13	- GOTMLS_define("GOTMLS_Version", "4.14.59");
14	GOTMLS_define("GOTMLS_require_version", "3.3");
15	GOTMLS_define("GOTMLS_plugin_dir", "gotmls");
16	GOTMLS_define("GOTMLS_local_images_path", dirname(__FILE__)."/");
	@@ -46,25 +46,24 @@ function GOTMLS_decode($encoded_string) {
46	return "Cannot decode: $encoded_string";
47	}}
48
49	- if ((isset($~~_SERVER~~["~~DOCUMENT_ROOT~~"]) && ($~~SCRIPT_FILE = str_replace($_SERVER~~["~~DOCUMENT_ROOT~~"]~~, "", isset($_SERVER["SCRIPT_FILENAME"]~~)~~?$_SERVER["SCRIPT_FILENAME"]:isset($_SERVER["SCRIPT_NAME"])?$_SERVER["SCRIPT_NAME"]:""))~~ && ~~strlen~~(~~$SCRIPT_FILE) > strlen~~(~~"/".basename(__FILE__~~)) ~~&& substr(__FILE__~~, ~~-1 * strlen(~~$~~SCRIPT_FILE~~)) ~~== substr($SCRIPT_FILE, -1 * strlen(__FILE__))) \|\| !defined("GOTMLS_plugin_path"))~~ {
50	- ~~$file = explode~~("~~?",~~ ~~GOTMLS_script_URI.~~"?");
51	- if (~~isset~~(~~$_GET[~~"~~test~~"]) ~~&& GOTMLS_get_ext($file[0]~~) ~~== "js") {~~
52	- ~~$file = explode~~("/"~~, $file[0]~~);
53	- ~~$file~~ ~~= substr~~(~~array_pop~~($~~file~~), ~~0, -2)."php";~~
54	- ~~header~~("~~Content-type:~~ ~~text/javascript~~");
55	- if ~~(is_file(GOTMLS_plugin_path."safe-load/$file"))~~
56	- ~~require_once(GOTMLS_plugin_path.~~"~~safe-load/$file~~");
57	- if (~~isset(~~$~~_SESSION~~["~~GOTMLS_TEST_SESSION_JS~~"]))
58	- ~~$img_bin~~ = ~~$_SESSION[~~"~~GOTMLS_TEST_SESSION_JS~~"];
59	else
60	- ~~$img_bin =~~ "/* GOTMLS SESSION ~~NOT~~ ~~SET~~ */";
61	- $_SESSION["GOTMLS_TEST_SESSION_JS"] = GOTMLS_decode($_GET['test']);
62	- } else {
63	- header("Content-type: image/gif");
64	- $img_src = GOTMLS_local_images_path.'GOTMLS-16x16.gif';
65	- if (!(file_exists($img_src) && $img_bin = @file_get_contents($img_src)))
66	- $img_bin = GOTMLS_decode('R0lGODlhEAAQAIABAAAAAP///yH5BAEAAAEALAAAAAAQABAAAAIshB0Qm+eo2HuJNWdrjlFm3S2hKB7kViKaxZmr98YgSo/jzH6tiU0974MADwUAOw==');
67	}





68	die($img_bin);
69	} elseif (isset($_GET["no_error_reporting"]))
70	@error_reporting(0);
	@@ -201,9 +200,10 @@ function GOTMLS_loaded() {
201	if (!is_numeric($linenum))
202	$linenum = __("unknown",'gotmls');
203	$GOTMLS_HeadersError = '<div class="error">'.sprintf(__('<b>Headers already sent</b> in %1$s on line %2$s.<br />This is not a good sign, it may just be a poorly written plugin but Headers should not have been sent at this point.<br />Check the code in the above mentioned file to fix this problem.','gotmls'), $filename, $linenum).'</div>';
204	- }
205	- ~~elseif (!session_id() && isset($_GET["SESSION"]))~~ @session_start();
206	- if (session_id() && isset($_GET["SESSION"]) && ~~!isset(~~$~~_SESSION~~["GOTMLS_debug"~~]))~~ $_SESSION["GOTMLS_debug"]~~=array(~~);

207	}
208
209	if (!function_exists("add_action")) {
	@@ -270,6 +270,8 @@ function GOTMLS_check_threat($check_threats, $file='UNKNOWN') {
270	}
271	if (isset($_SESSION["GOTMLS_debug"])) {
272	$file_time = round(microtime(true) - $_SESSION["GOTMLS_debug"]["last"]["threat_name"], 5);


273	if (isset($_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["total"]))
274	$_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["total"] += $file_time;
275	else
	@@ -309,7 +311,7 @@ function GOTMLS_check_threat($check_threats, $file='UNKNOWN') {
309	}
310
311	function GOTMLS_scanfile($file) {
312	- global $GOTMLS_core_files, $wp_version, $GOTMLS_threat_levels, $GOTMLS_threat_files, $~~GOTMLS_definitions_array, $~~GOTMLS_threats_found, $GOTMLS_chmod_file, $GOTMLS_chmod_dir, $GOTMLS_file_contents, $GOTMLS_new_contents;
313	$GOTMLS_threats_found = array();
314	$found = false;
315	$threat_link = "";
	@@ -318,7 +320,7 @@ function GOTMLS_scanfile($file) {
318	$file_name = GOTMLS_explode_dir($file);
319	$file_parts = explode(".", ".".array_pop($file_name));
320	if (is_file($file) && ($filesize = filesize($file)) && ($GOTMLS_file_contents = @file_get_contents($file))) {
321	- foreach ($~~GOTMLS_definitions_array~~["whitelist"] as $whitelist_file=>$non_threats) {
322	if (isset($non_threats[0])) {
323	$updated = $non_threats[0];
324	unset($non_threats[0]);
	@@ -328,11 +330,11 @@ function GOTMLS_scanfile($file) {
328	if (in_array(md5($GOTMLS_file_contents).'O'.$filesize, array_keys($non_threats), true))
329	return GOTMLS_return_threat($className, "checked.gif?$className", $file, $threat_link);
330	elseif (in_array(md5($GOTMLS_file_contents), $non_threats, true)) {
331	- if (!(isset($~~GOTMLS_definitions_array~~["whitelist"][''.GOTMLS_get_ext($file)][0]) && $~~GOTMLS_definitions_array~~["whitelist"][''.GOTMLS_get_ext($file)][0] >= $updated))
332	- $~~GOTMLS_definitions_array~~["whitelist"][''.GOTMLS_get_ext($file)][0] = $updated;
333	- $~~GOTMLS_definitions_array~~["whitelist"][''.GOTMLS_get_ext($file)][md5($GOTMLS_file_contents).'O'.$filesize] = $updated;
334	- unset($~~GOTMLS_definitions_array~~["whitelist"][$whitelist_file]);
335	- update_option("GOTMLS_definitions_array", $~~GOTMLS_definitions_array~~);
336	return GOTMLS_return_threat($className, "checked.gif?$className", $file, $threat_link);
337	}
338	}
	@@ -350,7 +352,7 @@ function GOTMLS_scanfile($file) {
350	$_SESSION["GOTMLS_debug"]["threat_level"] = $threat_level;
351	$_SESSION["GOTMLS_debug"]["last"]["threat_level"] = microtime(true);
352	}
353	- if (in_array($threat_level, $GLOBALS["GOTMLS"]["log"]["settings"]["check"]) && !$found && isset($~~GOTMLS_definitions_array~~[$threat_level]) && (!array_key_exists($threat_level,$GOTMLS_core_files) \|\| (substr($file."e", (-1 * strlen($GOTMLS_core_files[$threat_level]."e"))) == $GOTMLS_core_files[$threat_level]."e")) && (!array_key_exists($threat_level,$GOTMLS_threat_files) \|\| ((GOTMLS_get_ext($file) == "gotmls" && isset($_GET["eli"]) && $_GET["eli"] == "quarantine")?(substr(GOTMLS_decode(array_pop(explode(".", '.'.substr($file, strlen(dirname($file))+1, -7))))."e", (-1 * strlen($GOTMLS_threat_files[$threat_level]."e"))) == $GOTMLS_threat_files[$threat_level]."e"):(substr($file."e", (-1 * strlen($GOTMLS_threat_files[$threat_level]."e"))) == $GOTMLS_threat_files[$threat_level]."e"))) && ($found = GOTMLS_check_threat($~~GOTMLS_definitions_array~~[$threat_level],$file)))
354	$className = $threat_level;
355	}
356	if (isset($_SESSION["GOTMLS_debug"])) {
	@@ -760,11 +762,12 @@ function GOTMLS_reset_settings($item, $key) {
760
761	$GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"] = dirname(GOTMLS_quarantine(__FILE__));
762	$GLOBALS["GOTMLS"]["tmp"]["default_ext"] .= "com";
763	- ~~$GOTMLS_update_home~~ = $GLOBALS["GOTMLS"]["tmp"]["protocol"]."//gotmls.net/";
764	- ~~$GOTMLS_plugin_home = $GLOBALS[~~"~~GOTMLS~~"~~]["tmp"]["protocol"].'//wordpress.'.$GLOBALS["GOTMLS"]["tmp"]["default_ext"]~~;

765	$GLOBALS["GOTMLS"]["tmp"]["Definition"]["Default"] = "ECJKF";
766	$GOTMLS_encode .= substr($GLOBALS["GOTMLS"]["tmp"]["default_ext"], 0, 2);
767	- $~~GOTMLS_definitions_array~~ = maybe_unserialize(GOTMLS_decode('YToyOntzOjk6InBvdGVudGlhbCI7YToxMjp7czo0OiJldmFsIjthOjI6e2k6MDtzOjU6IkVBUExxIjtpOjE7czozNToiL1teYS16XC8nIl1ldmFsXChbXlwpXStbJyJcc1wpO10rL2kiO31zOjk6ImF1dGhfcGFzcyI7YToyOntpOjA7czo1OiJDQ0lHRyI7aToxO3M6MjQ6Ii9cJGF1dGhfcGFzc1sgPVx0XSsuKzsvaSI7fXM6MjE6ImRvY3VtZW50LndyaXRlIGlmcmFtZSI7YToyOntpOjA7czo1OiJDQ0lHRyI7aToxO3M6NTI6Ii9kb2N1bWVudFwud3JpdGVcKFsnIl08aWZyYW1lIC4rPFwvaWZyYW1lPlsnIl1cKTsqL2kiO31zOjE1OiJwcmVnX3JlcGxhY2UgL2UiO2E6Mjp7aTowO3M6NToiQ0NJR0ciO2k6MTtzOjUwOiIvcHJlZ19yZXBsYWNlWyBcdF0qXCguK1tcL1wjXHxdW2ldKmVbaV0qWyciXS4rXCkvaSI7fXM6MjA6ImV4ZWMgc3lzdGVtIHBhc3N0aHJ1IjthOjI6e2k6MDtzOjU6IkVBUExnIjtpOjE7czo1MToiLzxcPy4rP2V4ZWNcKC4rP3N5c3RlbVwoLis_cGFzc3RocnVcKC4rZndyaXRlXCguKy9zIjt9czoyOToiRXh0ZXJuYWwgUmVkaXJlY3QgUmV3cml0ZVJ1bGUiO2E6Mjp7aTowO3M6NToiQ0NWRTQiO2k6MTtzOjMwOiIvUmV3cml0ZVJ1bGUgW14gXSsgaHR0cFw6XC9cLy8iO31zOjM1OiJubyBlcnJvcl9yZXBvcnRpbmcgbG9uZyBsaW5lcyBhbG9uZSI7YToyOntpOjA7czo1OiJEMzVCYSI7aToxO3M6Nzk6Ii88XD8ocGhwKSpbXHJcblx0IFxAXSplcnJvcl9yZXBvcnRpbmdcKDBcKTsuKz9bYS16MC05XC9cLVw9JyJcLlxdezIwMDB9Lio_XD8-L2kiO31zOjIyOiJwcm90ZWN0ZWQgYnkgY29weXJpZ2h0IjthOjI6e2k6MDtzOjU6IkQ4TUN3IjtpOjE7czoxMzY6Ii9cL1wqIFRoaXMgZmlsZSBpcyBwcm90ZWN0ZWQgYnkgY29weXJpZ2h0IGxhdyBhbmQgcHJvdmlkZWQgdW5kZXIgbGljZW5zZS4gUmV2ZXJzZSBlbmdpbmVlcmluZyBvZiB0aGlzIGZpbGUgaXMgc3RyaWN0bHkgcHJvaGliaXRlZC4gXCpcLy8iO31zOjE5OiJhIHNwYW4gY29sb3IgRjFFRkU0IjthOjI6e2k6MDtzOjU6IkQ4UkFQIjtpOjE7czoxMTg6Ii9cPGEgW15cPl0rXD5cPHNwYW4gc3R5bGU9ImNvbG9yXDpcI0YxRUZFNDsiXD4oLis_KVw8XC9zcGFuXD5cPFwvYVw-XDxzcGFuIHN0eWxlPSJjb2xvclw6XCNGMUVGRTQ7Ilw-KC4rPylcPFwvc3Bhblw-L2kiO31zOjE3OiJWYXJpYWJsZSBGdW5jdGlvbiI7YToyOntpOjA7czo1OiJFODU2TCI7aToxO3M6Njc6Ii8oPCFcZClcJFtcJFx7XSpbYS16XC1cXzAtOV0rW1x9IFx0XSooXFtbXlxdXStcXVsgXHRdKikqXCguKj9cKVw7L2kiO31zOjExOiJUYWdnZWQgQ29kZSI7YToyOntpOjA7czo1OiJFNExNRyI7aToxO3M6MjQ6Ii9cIyhcdyspXCMuKz9cI1wvXDFcIy9pcyI7fXM6MTU6ImNyZWF0ZV9mdW5jdGlvbiI7YToyOntpOjA7czo1OiJFQVBMbSI7aToxO3M6NzU6Ii8oXCRbYS16XzAtOV0rWz1cc1xAXSspP2NyZWF0ZV9mdW5jdGlvblwoW14sXStbLFxzXStcJFthLXpfMC05XStbXHNcKV0rOyovaSI7fX1zOjk6IndoaXRlbGlzdCI7YToyOntzOjM6InBocCI7YToyMjp7aTowO3M6NToiRUNKS0YiO3M6Mzg6IjU4NzNjZDFjZWE2MTA4MjAyZDIxMzQ3ZjAxZjA0ZGNmTzgxNzI4IjtzOjU6IkQ3NTlwIjtzOjM5OiIwMTM2MzcyOGM4NDNmZjkzZTk2YjY5ODNjZTM4ZWJhNk8xOTU2MTgiO3M6NToiRDVBODMiO3M6Mzg6ImQ1ZjNjOWNhZmYxNGQ1N2M4NjA4ZDc4ZGIwMDk0YmUwTzczNjQzIjtzOjU6IkQ3NUQ5IjtzOjM4OiI1N2FmNDk4MThiYmI5NDlkYzBhYzYzODY3Mzg2NTViYk8yNTg1MiI7czo1OiJEN0pEOSI7czozODoiZDQ5NDA0MjYwZDc5YTRjYzM3NTVjMDBmNTVkZTIwODlPMjU2NjIiO3M6NToiRDhWOEEiO3M6Mzc6Ijg2NjFmZTJiZmE1OTk1ZjU0NmEzMzA0N2U5MDM4NTZjTzExMzYiO3M6NToiRElDRkMiO3M6Mzg6IjgxMjVkNDJjNGJlNTQzZjg3NGVhNWY2YTFiNWJkZTU1TzI1ODk0IjtzOjU6IkRJQ0ZEIjtzOjM5OiJlZGRiNWZkYTc0ZDQxZGJkYWMwMTgxNjc1MzZkOGQ1M08yMzEzMzgiO3M6NToiRElDRkUiO3M6Mzg6ImMxNWE0ZDVjMzgzNDQ0Yjk1ZDI4NTU5ZjgzNDgxMTFkTzIyNTg4IjtzOjU6IkUxUjJ2IjtzOjM4OiJlMjA4MzljNTU5YTY2YzdjZjYyODY1M2JhMjQ4NGVhZU8yNjM5NSI7czo1OiJFMVIyeCI7czozODoiZjMzODJlYzE1YzAzMGJkMzJlMjkzZmFmMzQ5N2UyNTNPMTEyMjYiO3M6NToiRTIzMEMiO3M6Mzc6IjI4YTkyZjQ2NDk4ZDMyYjlhNzRjNTg0N2Y3NWM5MTJlTzczOTkiO3M6NToiRTIzMEMiO3M6Mzc6ImYwMGFhZjAxZmYwMmQ1NzU2YzI2N2JjZjkyMGU0YzI4TzE1NDAiO3M6NToiRTJBTWYiO3M6Mzg6IjU3YzY0N2Q5M2ZiZDQ3ODY4Yjg3YjkyMWJlZTYzYWY4TzI2Mzc2IjtzOjU6IkU1RURvIjtzOjM5OiI4ZTJhZjQ4ODZkYzgxYTVkOTI4OTg2NWJiYjgxM2VkMU8xOTU2MTciO3M6NToiRTVJTlAiO3M6Mzc6ImY4MGQ5ZWY0YjdiZmQ5ZWY1NDJkOTA4N2ExZGIyYWU5TzIwMTAiO3M6NToiRTdFTXYiO3M6Mzg6IjVmOTI3ZjNhOTczMjE4ZDA3ZTQzZWExYzY5ZmMwMzMxTzI2Nzc2IjtzOjU6IkVBNjZsIjtzOjM4OiJhNWIxYTczZTBjNDI5ODk1MDc1MGE4YmNkOTYyN2VhZk8yNjgxMSI7czo1OiJFQ0NFMCI7czozNzoiNjQ5NDRlMjI1MTEzYmUxODM5NGQ1YmMwMWZiM2I1MzdPNzUzMCI7czo1OiJFQ0NFMyI7czozODoiOTdlNDM4ZDZjOWM2NGEyMDJiOTMwNzg2ZDI3NjIwNWJPNjI0NTgiO3M6NToiRUNDRTMiO3M6Mzg6IjY3ZWMxYjE1M2NjM2YzZTM2ZmJlZTU5MDI5YTkzZDRhTzI1OTE0IjtzOjU6IkVDSktGIjt9czoyOiJqcyI7YTozMTp7aTowO3M6NToiRUNIOVgiO3M6Mzc6IjU1NGJjNzZjNzAzNTExODdmNGNlMDVkZGMwMTJhYWVkTzQ3NzYiO3M6NToiRDY2N1giO3M6Mzc6IjlhOWMxMjU4MTRiOTcxNTk4MmQyNDZhMWVlNzgwODRmTzUzNDUiO3M6NToiRDY2N1giO3M6Mzg6ImUzNmEwODYxMjM3NTY0MTIyOTMyMzFhZWFkMTdmMjRmTzM3NjI5IjtzOjU6IkQ3NUFIIjtzOjM3OiJhMzhhYzUyNjY5MjQ5MzhhNGZmNTUxNDM2OWM2YjQwZE80Njc0IjtzOjU6IkQ3NUFKIjtzOjM3OiIxMDQzYTFkN2Q4NGVlNTZmODgzMWE2MGNkZmM1ZGMyOE83MDc3IjtzOjU6IkQ3NURTIjtzOjM4OiI2ZWMxNTBiNzk4N2NhYWVmOThiNTljODdiOWY0NzFiZU8xMTg0MiI7czo1OiJFMVIybiI7czozODoiNjE0N2NjZWU3YWVmOWRjMGM2ZWIxMGQ4ZDdiMzExZjlPNzA4ODMiO3M6NToiRTFSMnciO3M6Mzc6ImJhMzI5Mzk3MGUxM2IwM2EyZWE5MmY1YjZiNWJmNTQ0TzMzNzciO3M6NToiRTIyTnEiO3M6Mzc6IjYzYjBhZWQ5YjAyZjg3OWE2ZTAyOTVmYmVhN2RiODU0TzQ3MDIiO3M6NToiRTIzMEQiO3M6Mzc6ImVmNDE4OGNiMGI2MGE3MjAxN2Y0YzhhMWU4NDBhYjFlTzI5NTAiO3M6NToiRTI0OUwiO3M6Mzc6ImZiOGJmNjc4NWU1NWU5ZTM5YmVhNTUyNjM1YzQyYTY0TzMyNzAiO3M6NToiRTI2MEMiO3M6Mzk6ImFjYjMzMzI5YjllZjhhYWJkOGJkNzMxNDI2ODAzZTRlTzIzMjQ4MiI7czo1OiJFMjYwRSI7czozODoiNmNlYjY0NzU5MjU4OGJjZjQ2M2JlZmQ5NDA4ZTI3YWRPMTIwMjUiO3M6NToiRTI2MEgiO3M6Mzc6IjVhMzE4Mjc3ZmVkZjQ5MWEwMzAxZTE3N2E5ZWYxMGIzTzQ5MDgiO3M6NToiRTI2MEoiO3M6Mzg6ImRiYzM4MDg0NzNkZWYwMGZjZTQ1ZmU1NjRkYzcyZGNiTzE0NzIwIjtzOjU6IkUyNjBLIjtzOjM3OiJiOTg5YTViZDg0ZjZlYmNiYzEzOTNlYzAwM2U2ZTk5MU80OTY5IjtzOjU6IkUyN0VHIjtzOjM4OiIwMzBiODM4OTM3NmE0MmZmM2RhMTg2YmY2NTgwNjIxN08xNjUzMSI7czo1OiJFMjlEMiI7czozNzoiZGVmMjU3ZGJiMGFiODA1YzQ5OTZmZDhhYmIxYTZiNDlPNjcxNyI7czo1OiJFMkg1biI7czozODoiNzRkOTAzMDQ5NjgzZTViYmVhOWNjYjc1NDRhNDJiY2FPMTc0MTMiO3M6NToiRTVFRHEiO3M6Mzg6IjYwM2JkMTQyOTlmNjFhNzMyOWIyZDM1M2IyYjU2YzJmTzM3Njg5IjtzOjU6IkU1RURwIjtzOjM3OiIwNDI2YjM5NzU0YWE2YmM3NjZkODllYTRjNDFiYmQwNk8zNDU3IjtzOjU6IkU1RUR4IjtzOjM4OiJlYWRjNTgzMjUxM2Q1NjcwODg0YTk3NWM2ZGUxMGYwMU8xOTYxNSI7czo1OiJFN1VNQSI7czozODoiMzhkYmNjOTI1NTI5MzY4ODEyZjVjMmZiY2IzODk2MTZPMTQ5NjUiO3M6NToiRTdVTUIiO3M6Mzc6ImExYzE4MjI3ZTZlOTM3OThjNDkzYWVkOTZlZTZjYzg0TzMyNjciO3M6NToiRTdVTUIiO3M6Mzc6IjA3ODM4OGE2NDMxYWE1YjA4MzhhODczMmQxODdmZTI5Tzg5MTMiO3M6NToiRThBQXAiO3M6Mzc6ImYzYjFiMjg0MjQzNmY3YTMxMWIzOWU0ZWY0YjQ3ZjU5TzQzNTIiO3M6NToiRThCQlUiO3M6Mzc6ImQ3MDk0MDYxOWE5OWQ1NTUxMTYxNjdkNGZiMzljYTE1TzQzOTciO3M6NToiRTlDTHgiO3M6Mzg6ImNiZGJmYzkxODRkMjhhYzU1ZjgzYzBiMGRmNDBmZDQzTzc5NDE0IjtzOjU6IkU5RzhqIjtzOjM4OiJlZjNhZTkwMTQ1MjVjZjgxMTg3YWZhYTYxYmNhNzM3ZU8zNzY5MSI7czo1OiJFQ0NFMSI7czozODoiZjQ0OGM1OTNjMjQyZDEzNGU5NzMzYTg0YzdhNGQyNmNPMTUyNDgiO3M6NToiRUNIOVgiO319fQ3'));
768
769	function GOTMLS_file_put_contents($file, $content) {
770	if (function_exists("file_put_contents"))


10	define($DEF, $val);
11	}}
12
13	+ GOTMLS_define("GOTMLS_Version", "4.14.62");
14	GOTMLS_define("GOTMLS_require_version", "3.3");
15	GOTMLS_define("GOTMLS_plugin_dir", "gotmls");
16	GOTMLS_define("GOTMLS_local_images_path", dirname(__FILE__)."/");

46	return "Cannot decode: $encoded_string";
47	}}
48
49	+ if (isset($_GET["SESSION"]) && is_numeric($_GET["SESSION"]) && preg_match('\|(.*?/gotmls\.js\?SESSION=)\|', GOTMLS_script_URI, $match)) {
50	+ header("Content-type: text/javascript");
51	+ if (is_file(GOTMLS_plugin_path."safe-load/session.php"))
52	+ require_once(GOTMLS_plugin_path."safe-load/session.php");
53	+ if (isset($_SESSION["GOTMLS_SESSION_TEST"]))
54	+ die("/* GOTMLS SESSION PASS */\nif('undefined' != typeof stopCheckingSession && stopCheckingSession)\n\tclearTimeout(stopCheckingSession);\nshowhide('GOTMLS_patch_searching', true);\nshowhide('GOTMLS_patch_searching');\nshowhide('GOTMLS_patch_button', true);\n");
55	+ else {
56	+ $_SESSION["GOTMLS_SESSION_TEST"] = $_GET["SESSION"] + 1;
57	+ if ($_GET["SESSION"] > 0)
58	+ die("/* GOTMLS SESSION FAIL */\nif('undefined' != typeof stopCheckingSession && stopCheckingSession)\n\tclearTimeout(stopCheckingSession);\ndocument.getElementById('GOTMLS_patch_searching').innerHTML = '<div class=\"error\">Your Server could not start a Session!</div>';");
59	else
60	+ die("/* GOTMLS SESSION TEST */\nif('undefined' != typeof stopCheckingSession && stopCheckingSession)\n\tclearTimeout(stopCheckingSession);alert('".$match[0].$_SESSION["GOTMLS_SESSION_TEST"]."');\nstopCheckingSession = checkupdateserver('".$match[0].$_SESSION["GOTMLS_SESSION_TEST"]."', 'GOTMLS_patch_searching');");






61	}
62	+ } elseif ((isset($_SERVER["DOCUMENT_ROOT"]) && ($SCRIPT_FILE = str_replace($_SERVER["DOCUMENT_ROOT"], "", isset($_SERVER["SCRIPT_FILENAME"])?$_SERVER["SCRIPT_FILENAME"]:isset($_SERVER["SCRIPT_NAME"])?$_SERVER["SCRIPT_NAME"]:"")) && strlen($SCRIPT_FILE) > strlen("/".basename(__FILE__)) && substr(__FILE__, -1 * strlen($SCRIPT_FILE)) == substr($SCRIPT_FILE, -1 * strlen(__FILE__))) \|\| !defined("GOTMLS_plugin_path")) {
63	+ header("Content-type: image/gif");
64	+ $img_src = GOTMLS_local_images_path.'GOTMLS-16x16.gif';
65	+ if (!(file_exists($img_src) && $img_bin = @file_get_contents($img_src)))
66	+ $img_bin = GOTMLS_decode('R0lGODlhEAAQAIABAAAAAP///yH5BAEAAAEALAAAAAAQABAAAAIshB0Qm+eo2HuJNWdrjlFm3S2hKB7kViKaxZmr98YgSo/jzH6tiU0974MADwUAOw==');
67	die($img_bin);
68	} elseif (isset($_GET["no_error_reporting"]))
69	@error_reporting(0);

200	if (!is_numeric($linenum))
201	$linenum = __("unknown",'gotmls');
202	$GOTMLS_HeadersError = '<div class="error">'.sprintf(__('<b>Headers already sent</b> in %1$s on line %2$s.<br />This is not a good sign, it may just be a poorly written plugin but Headers should not have been sent at this point.<br />Check the code in the above mentioned file to fix this problem.','gotmls'), $filename, $linenum).'</div>';
203	+ } elseif (!session_id() && isset($_GET["SESSION"]))
204	+ @session_start();
205	+ if (session_id() && isset($_GET["SESSION"]) && $_GET["SESSION"] == "GOTMLS_debug" && !isset($_SESSION["GOTMLS_debug"]))
206	+ $_SESSION["GOTMLS_debug"]=array();
207	}
208
209	if (!function_exists("add_action")) {

270	}
271	if (isset($_SESSION["GOTMLS_debug"])) {
272	$file_time = round(microtime(true) - $_SESSION["GOTMLS_debug"]["last"]["threat_name"], 5);
273	+ if (isset($_GET["GOTMLS_debug"]) && is_numeric($_GET["GOTMLS_debug"]) && $file_time > $_GET["GOTMLS_debug"])
274	+ echo "\n//GOTMLS_debug $file_time $threat_name $file\n";
275	if (isset($_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["total"]))
276	$_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["total"] += $file_time;
277	else

311	}
312
313	function GOTMLS_scanfile($file) {
314	+ global $GOTMLS_core_files, $wp_version, $GOTMLS_threat_levels, $GOTMLS_threat_files, $GOTMLS_threats_found, $GOTMLS_chmod_file, $GOTMLS_chmod_dir, $GOTMLS_file_contents, $GOTMLS_new_contents;
315	$GOTMLS_threats_found = array();
316	$found = false;
317	$threat_link = "";

320	$file_name = GOTMLS_explode_dir($file);
321	$file_parts = explode(".", ".".array_pop($file_name));
322	if (is_file($file) && ($filesize = filesize($file)) && ($GOTMLS_file_contents = @file_get_contents($file))) {
323	+ foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"] as $whitelist_file=>$non_threats) {
324	if (isset($non_threats[0])) {
325	$updated = $non_threats[0];
326	unset($non_threats[0]);

330	if (in_array(md5($GOTMLS_file_contents).'O'.$filesize, array_keys($non_threats), true))
331	return GOTMLS_return_threat($className, "checked.gif?$className", $file, $threat_link);
332	elseif (in_array(md5($GOTMLS_file_contents), $non_threats, true)) {
333	+ if (!(isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"][''.GOTMLS_get_ext($file)][0]) && $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"][''.GOTMLS_get_ext($file)][0] >= $updated))
334	+ $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"][''.GOTMLS_get_ext($file)][0] = $updated;
335	+ $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"][''.GOTMLS_get_ext($file)][md5($GOTMLS_file_contents).'O'.$filesize] = $updated;
336	+ unset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"][$whitelist_file]);
337	+ update_option("GOTMLS_definitions_array", $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]);
338	return GOTMLS_return_threat($className, "checked.gif?$className", $file, $threat_link);
339	}
340	}

352	$_SESSION["GOTMLS_debug"]["threat_level"] = $threat_level;
353	$_SESSION["GOTMLS_debug"]["last"]["threat_level"] = microtime(true);
354	}
355	+ if (in_array($threat_level, $GLOBALS["GOTMLS"]["log"]["settings"]["check"]) && !$found && isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"][$threat_level]) && (!array_key_exists($threat_level,$GOTMLS_core_files) \|\| (substr($file."e", (-1 * strlen($GOTMLS_core_files[$threat_level]."e"))) == $GOTMLS_core_files[$threat_level]."e")) && (!array_key_exists($threat_level,$GOTMLS_threat_files) \|\| ((GOTMLS_get_ext($file) == "gotmls" && isset($_GET["eli"]) && $_GET["eli"] == "quarantine")?(substr(GOTMLS_decode(array_pop(explode(".", '.'.substr($file, strlen(dirname($file))+1, -7))))."e", (-1 * strlen($GOTMLS_threat_files[$threat_level]."e"))) == $GOTMLS_threat_files[$threat_level]."e"):(substr($file."e", (-1 * strlen($GOTMLS_threat_files[$threat_level]."e"))) == $GOTMLS_threat_files[$threat_level]."e"))) && ($found = GOTMLS_check_threat($GLOBALS["GOTMLS"]["tmp"]["definitions_array"][$threat_level],$file)))
356	$className = $threat_level;
357	}
358	if (isset($_SESSION["GOTMLS_debug"])) {

762
763	$GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"] = dirname(GOTMLS_quarantine(__FILE__));
764	$GLOBALS["GOTMLS"]["tmp"]["default_ext"] .= "com";
765	+ GOTMLS_define("GOTMLS_plugin_home", $GLOBALS["GOTMLS"]["tmp"]["protocol"].'//gotmls.net/');
766	+ GOTMLS_define("GOTMLS_update_home", GOTMLS_plugin_home);
767	+ GOTMLS_define("GOTMLS_blog_home", $GLOBALS["GOTMLS"]["tmp"]["protocol"].'//wordpress.'.$GLOBALS["GOTMLS"]["tmp"]["default_ext"]);
768	$GLOBALS["GOTMLS"]["tmp"]["Definition"]["Default"] = "ECJKF";
769	$GOTMLS_encode .= substr($GLOBALS["GOTMLS"]["tmp"]["default_ext"], 0, 2);
770	+ $GLOBALS["GOTMLS"]["tmp"]["definitions_array"] = maybe_unserialize(GOTMLS_decode('YToyOntzOjk6InBvdGVudGlhbCI7YToxMjp7czo0OiJldmFsIjthOjI6e2k6MDtzOjU6IkVBUExxIjtpOjE7czozNToiL1teYS16XC8nIl1ldmFsXChbXlwpXStbJyJcc1wpO10rL2kiO31zOjk6ImF1dGhfcGFzcyI7YToyOntpOjA7czo1OiJDQ0lHRyI7aToxO3M6MjQ6Ii9cJGF1dGhfcGFzc1sgPVx0XSsuKzsvaSI7fXM6MjE6ImRvY3VtZW50LndyaXRlIGlmcmFtZSI7YToyOntpOjA7czo1OiJDQ0lHRyI7aToxO3M6NTI6Ii9kb2N1bWVudFwud3JpdGVcKFsnIl08aWZyYW1lIC4rPFwvaWZyYW1lPlsnIl1cKTsqL2kiO31zOjE1OiJwcmVnX3JlcGxhY2UgL2UiO2E6Mjp7aTowO3M6NToiQ0NJR0ciO2k6MTtzOjUwOiIvcHJlZ19yZXBsYWNlWyBcdF0qXCguK1tcL1wjXHxdW2ldKmVbaV0qWyciXS4rXCkvaSI7fXM6MjA6ImV4ZWMgc3lzdGVtIHBhc3N0aHJ1IjthOjI6e2k6MDtzOjU6IkVBUExnIjtpOjE7czo1MToiLzxcPy4rP2V4ZWNcKC4rP3N5c3RlbVwoLis_cGFzc3RocnVcKC4rZndyaXRlXCguKy9zIjt9czoyOToiRXh0ZXJuYWwgUmVkaXJlY3QgUmV3cml0ZVJ1bGUiO2E6Mjp7aTowO3M6NToiQ0NWRTQiO2k6MTtzOjMwOiIvUmV3cml0ZVJ1bGUgW14gXSsgaHR0cFw6XC9cLy8iO31zOjM1OiJubyBlcnJvcl9yZXBvcnRpbmcgbG9uZyBsaW5lcyBhbG9uZSI7YToyOntpOjA7czo1OiJEMzVCYSI7aToxO3M6Nzk6Ii88XD8ocGhwKSpbXHJcblx0IFxAXSplcnJvcl9yZXBvcnRpbmdcKDBcKTsuKz9bYS16MC05XC9cLVw9JyJcLlxdezIwMDB9Lio_XD8-L2kiO31zOjIyOiJwcm90ZWN0ZWQgYnkgY29weXJpZ2h0IjthOjI6e2k6MDtzOjU6IkQ4TUN3IjtpOjE7czoxMzY6Ii9cL1wqIFRoaXMgZmlsZSBpcyBwcm90ZWN0ZWQgYnkgY29weXJpZ2h0IGxhdyBhbmQgcHJvdmlkZWQgdW5kZXIgbGljZW5zZS4gUmV2ZXJzZSBlbmdpbmVlcmluZyBvZiB0aGlzIGZpbGUgaXMgc3RyaWN0bHkgcHJvaGliaXRlZC4gXCpcLy8iO31zOjE5OiJhIHNwYW4gY29sb3IgRjFFRkU0IjthOjI6e2k6MDtzOjU6IkQ4UkFQIjtpOjE7czoxMTg6Ii9cPGEgW15cPl0rXD5cPHNwYW4gc3R5bGU9ImNvbG9yXDpcI0YxRUZFNDsiXD4oLis_KVw8XC9zcGFuXD5cPFwvYVw-XDxzcGFuIHN0eWxlPSJjb2xvclw6XCNGMUVGRTQ7Ilw-KC4rPylcPFwvc3Bhblw-L2kiO31zOjE3OiJWYXJpYWJsZSBGdW5jdGlvbiI7YToyOntpOjA7czo1OiJFODU2TCI7aToxO3M6Njc6Ii8oPCFcZClcJFtcJFx7XSpbYS16XC1cXzAtOV0rW1x9IFx0XSooXFtbXlxdXStcXVsgXHRdKikqXCguKj9cKVw7L2kiO31zOjExOiJUYWdnZWQgQ29kZSI7YToyOntpOjA7czo1OiJFNExNRyI7aToxO3M6MjQ6Ii9cIyhcdyspXCMuKz9cI1wvXDFcIy9pcyI7fXM6MTU6ImNyZWF0ZV9mdW5jdGlvbiI7YToyOntpOjA7czo1OiJFQVBMbSI7aToxO3M6NzU6Ii8oXCRbYS16XzAtOV0rWz1cc1xAXSspP2NyZWF0ZV9mdW5jdGlvblwoW14sXStbLFxzXStcJFthLXpfMC05XStbXHNcKV0rOyovaSI7fX1zOjk6IndoaXRlbGlzdCI7YToyOntzOjM6InBocCI7YToyMjp7aTowO3M6NToiRUNKS0YiO3M6Mzg6IjU4NzNjZDFjZWE2MTA4MjAyZDIxMzQ3ZjAxZjA0ZGNmTzgxNzI4IjtzOjU6IkQ3NTlwIjtzOjM5OiIwMTM2MzcyOGM4NDNmZjkzZTk2YjY5ODNjZTM4ZWJhNk8xOTU2MTgiO3M6NToiRDVBODMiO3M6Mzg6ImQ1ZjNjOWNhZmYxNGQ1N2M4NjA4ZDc4ZGIwMDk0YmUwTzczNjQzIjtzOjU6IkQ3NUQ5IjtzOjM4OiI1N2FmNDk4MThiYmI5NDlkYzBhYzYzODY3Mzg2NTViYk8yNTg1MiI7czo1OiJEN0pEOSI7czozODoiZDQ5NDA0MjYwZDc5YTRjYzM3NTVjMDBmNTVkZTIwODlPMjU2NjIiO3M6NToiRDhWOEEiO3M6Mzc6Ijg2NjFmZTJiZmE1OTk1ZjU0NmEzMzA0N2U5MDM4NTZjTzExMzYiO3M6NToiRElDRkMiO3M6Mzg6IjgxMjVkNDJjNGJlNTQzZjg3NGVhNWY2YTFiNWJkZTU1TzI1ODk0IjtzOjU6IkRJQ0ZEIjtzOjM5OiJlZGRiNWZkYTc0ZDQxZGJkYWMwMTgxNjc1MzZkOGQ1M08yMzEzMzgiO3M6NToiRElDRkUiO3M6Mzg6ImMxNWE0ZDVjMzgzNDQ0Yjk1ZDI4NTU5ZjgzNDgxMTFkTzIyNTg4IjtzOjU6IkUxUjJ2IjtzOjM4OiJlMjA4MzljNTU5YTY2YzdjZjYyODY1M2JhMjQ4NGVhZU8yNjM5NSI7czo1OiJFMVIyeCI7czozODoiZjMzODJlYzE1YzAzMGJkMzJlMjkzZmFmMzQ5N2UyNTNPMTEyMjYiO3M6NToiRTIzMEMiO3M6Mzc6IjI4YTkyZjQ2NDk4ZDMyYjlhNzRjNTg0N2Y3NWM5MTJlTzczOTkiO3M6NToiRTIzMEMiO3M6Mzc6ImYwMGFhZjAxZmYwMmQ1NzU2YzI2N2JjZjkyMGU0YzI4TzE1NDAiO3M6NToiRTJBTWYiO3M6Mzg6IjU3YzY0N2Q5M2ZiZDQ3ODY4Yjg3YjkyMWJlZTYzYWY4TzI2Mzc2IjtzOjU6IkU1RURvIjtzOjM5OiI4ZTJhZjQ4ODZkYzgxYTVkOTI4OTg2NWJiYjgxM2VkMU8xOTU2MTciO3M6NToiRTVJTlAiO3M6Mzc6ImY4MGQ5ZWY0YjdiZmQ5ZWY1NDJkOTA4N2ExZGIyYWU5TzIwMTAiO3M6NToiRTdFTXYiO3M6Mzg6IjVmOTI3ZjNhOTczMjE4ZDA3ZTQzZWExYzY5ZmMwMzMxTzI2Nzc2IjtzOjU6IkVBNjZsIjtzOjM4OiJhNWIxYTczZTBjNDI5ODk1MDc1MGE4YmNkOTYyN2VhZk8yNjgxMSI7czo1OiJFQ0NFMCI7czozNzoiNjQ5NDRlMjI1MTEzYmUxODM5NGQ1YmMwMWZiM2I1MzdPNzUzMCI7czo1OiJFQ0NFMyI7czozODoiOTdlNDM4ZDZjOWM2NGEyMDJiOTMwNzg2ZDI3NjIwNWJPNjI0NTgiO3M6NToiRUNDRTMiO3M6Mzg6IjY3ZWMxYjE1M2NjM2YzZTM2ZmJlZTU5MDI5YTkzZDRhTzI1OTE0IjtzOjU6IkVDSktGIjt9czoyOiJqcyI7YTozMTp7aTowO3M6NToiRUNIOVgiO3M6Mzc6IjU1NGJjNzZjNzAzNTExODdmNGNlMDVkZGMwMTJhYWVkTzQ3NzYiO3M6NToiRDY2N1giO3M6Mzc6IjlhOWMxMjU4MTRiOTcxNTk4MmQyNDZhMWVlNzgwODRmTzUzNDUiO3M6NToiRDY2N1giO3M6Mzg6ImUzNmEwODYxMjM3NTY0MTIyOTMyMzFhZWFkMTdmMjRmTzM3NjI5IjtzOjU6IkQ3NUFIIjtzOjM3OiJhMzhhYzUyNjY5MjQ5MzhhNGZmNTUxNDM2OWM2YjQwZE80Njc0IjtzOjU6IkQ3NUFKIjtzOjM3OiIxMDQzYTFkN2Q4NGVlNTZmODgzMWE2MGNkZmM1ZGMyOE83MDc3IjtzOjU6IkQ3NURTIjtzOjM4OiI2ZWMxNTBiNzk4N2NhYWVmOThiNTljODdiOWY0NzFiZU8xMTg0MiI7czo1OiJFMVIybiI7czozODoiNjE0N2NjZWU3YWVmOWRjMGM2ZWIxMGQ4ZDdiMzExZjlPNzA4ODMiO3M6NToiRTFSMnciO3M6Mzc6ImJhMzI5Mzk3MGUxM2IwM2EyZWE5MmY1YjZiNWJmNTQ0TzMzNzciO3M6NToiRTIyTnEiO3M6Mzc6IjYzYjBhZWQ5YjAyZjg3OWE2ZTAyOTVmYmVhN2RiODU0TzQ3MDIiO3M6NToiRTIzMEQiO3M6Mzc6ImVmNDE4OGNiMGI2MGE3MjAxN2Y0YzhhMWU4NDBhYjFlTzI5NTAiO3M6NToiRTI0OUwiO3M6Mzc6ImZiOGJmNjc4NWU1NWU5ZTM5YmVhNTUyNjM1YzQyYTY0TzMyNzAiO3M6NToiRTI2MEMiO3M6Mzk6ImFjYjMzMzI5YjllZjhhYWJkOGJkNzMxNDI2ODAzZTRlTzIzMjQ4MiI7czo1OiJFMjYwRSI7czozODoiNmNlYjY0NzU5MjU4OGJjZjQ2M2JlZmQ5NDA4ZTI3YWRPMTIwMjUiO3M6NToiRTI2MEgiO3M6Mzc6IjVhMzE4Mjc3ZmVkZjQ5MWEwMzAxZTE3N2E5ZWYxMGIzTzQ5MDgiO3M6NToiRTI2MEoiO3M6Mzg6ImRiYzM4MDg0NzNkZWYwMGZjZTQ1ZmU1NjRkYzcyZGNiTzE0NzIwIjtzOjU6IkUyNjBLIjtzOjM3OiJiOTg5YTViZDg0ZjZlYmNiYzEzOTNlYzAwM2U2ZTk5MU80OTY5IjtzOjU6IkUyN0VHIjtzOjM4OiIwMzBiODM4OTM3NmE0MmZmM2RhMTg2YmY2NTgwNjIxN08xNjUzMSI7czo1OiJFMjlEMiI7czozNzoiZGVmMjU3ZGJiMGFiODA1YzQ5OTZmZDhhYmIxYTZiNDlPNjcxNyI7czo1OiJFMkg1biI7czozODoiNzRkOTAzMDQ5NjgzZTViYmVhOWNjYjc1NDRhNDJiY2FPMTc0MTMiO3M6NToiRTVFRHEiO3M6Mzg6IjYwM2JkMTQyOTlmNjFhNzMyOWIyZDM1M2IyYjU2YzJmTzM3Njg5IjtzOjU6IkU1RURwIjtzOjM3OiIwNDI2YjM5NzU0YWE2YmM3NjZkODllYTRjNDFiYmQwNk8zNDU3IjtzOjU6IkU1RUR4IjtzOjM4OiJlYWRjNTgzMjUxM2Q1NjcwODg0YTk3NWM2ZGUxMGYwMU8xOTYxNSI7czo1OiJFN1VNQSI7czozODoiMzhkYmNjOTI1NTI5MzY4ODEyZjVjMmZiY2IzODk2MTZPMTQ5NjUiO3M6NToiRTdVTUIiO3M6Mzc6ImExYzE4MjI3ZTZlOTM3OThjNDkzYWVkOTZlZTZjYzg0TzMyNjciO3M6NToiRTdVTUIiO3M6Mzc6IjA3ODM4OGE2NDMxYWE1YjA4MzhhODczMmQxODdmZTI5Tzg5MTMiO3M6NToiRThBQXAiO3M6Mzc6ImYzYjFiMjg0MjQzNmY3YTMxMWIzOWU0ZWY0YjQ3ZjU5TzQzNTIiO3M6NToiRThCQlUiO3M6Mzc6ImQ3MDk0MDYxOWE5OWQ1NTUxMTYxNjdkNGZiMzljYTE1TzQzOTciO3M6NToiRTlDTHgiO3M6Mzg6ImNiZGJmYzkxODRkMjhhYzU1ZjgzYzBiMGRmNDBmZDQzTzc5NDE0IjtzOjU6IkU5RzhqIjtzOjM4OiJlZjNhZTkwMTQ1MjVjZjgxMTg3YWZhYTYxYmNhNzM3ZU8zNzY5MSI7czo1OiJFQ0NFMSI7czozODoiZjQ0OGM1OTNjMjQyZDEzNGU5NzMzYTg0YzdhNGQyNmNPMTUyNDgiO3M6NToiRUNIOVgiO319fQ3'));
771
772	function GOTMLS_file_put_contents($file, $content) {
773	if (function_exists("file_put_contents"))

index.php CHANGED Viewed

	@@ -8,7 +8,7 @@ Author URI: http://wordpress.ieonly.com/category/my-plugins/anti-malware/
8	Contributors: scheeeli, gotmls
9	Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
10	Description: This Anti-Virus/Anti-Malware plugin searches for Malware and other Virus like threats and vulnerabilities on your server and helps you remove them. It's always growing and changing to adapt to new threats so let me know if it's not working for you.
11	- Version: 4.14.59
12	*/
13	if (isset($_SERVER["DOCUMENT_ROOT"]) && ($SCRIPT_FILE = str_replace($_SERVER["DOCUMENT_ROOT"], "", isset($_SERVER["SCRIPT_FILENAME"])?$_SERVER["SCRIPT_FILENAME"]:isset($_SERVER["SCRIPT_NAME"])?$_SERVER["SCRIPT_NAME"]:"")) && strlen($SCRIPT_FILE) > strlen("/".basename(__FILE__)) && substr(__FILE__, -1 * strlen($SCRIPT_FILE)) == substr($SCRIPT_FILE, -1 * strlen(__FILE__)))
14	include(dirname(__FILE__)."/safe-load/index.php");
	@@ -105,14 +105,14 @@ function GOTMLS_admin_add_help_tab() {
105	}
106
107	function GOTMLS_display_header($optional_box = "") {
108	- global $GOTMLS_onLoad, $GOTMLS_loop_execution_time, $~~GOTMLS_update_home, $GOTMLS_plugin_home, $~~wp_version, $current_user;
109	get_currentuserinfo();
110	$GOTMLS_url_parts = explode('/', GOTMLS_siteurl);
111	if (isset($_GET["check_site"]) && $_GET["check_site"] == 1)
112	echo '<div id="check_site" style="z-index: 1234567;"><img src="'.GOTMLS_images_path.'checked.gif" height=16 width=16 alt="✔"> '.__("Tested your site. It appears we didn't break anything",'gotmls').' ;-)</div><script type="text/javascript">window.parent.document.getElementById("check_site_warning").style.backgroundColor=\'#0C0\';</script><li>Please <a target="_blank" href="https://wordpress.org/plugins/gotmls/stats/?compatibility%5Bversion%5D='.$wp_version.'&compatibility%5Btopic_version%5D='.GOTMLS_Version.'&compatibility%5Bcompatible%5D=1#compatibility-works">Vote "Works"</a> or <a target="_blank" href="https://wordpress.org/support/view/plugin-reviews/gotmls#postform">write a "Five-Star" Reviews</a> on WordPress.org if you like this plugin.</li><style>#footer, #GOTMLS-metabox-container, #GOTMLS-right-sidebar, #admin-page-container, #wpadminbar, #adminmenuback, #adminmenuwrap, #adminmenu, .error, .updated, .update-nag {display: none !important;} #wpbody-content {padding-bottom: 0;} #wpbody, html.wp-toolbar {padding-top: 0 !important;} #wpcontent, #footer {margin-left: 5px !important;}';
113	else
114	echo '<style>#GOTMLS-right-sidebar {float: right; margin-right: 0px;}';
115	- $~~ver_info~~ = GOTMLS_Version.'&p='.strtoupper(GOTMLS_plugin_dir).'&wp='.$wp_version.'&ts='.date("YmdHis").'&key='.GOTMLS_installation_key.'&d='.ur1encode(GOTMLS_siteurl);
116	$Update_Link = '<div style="text-align: center;"><a href="';
117	$new_version = "";
118	$file = basename(GOTMLS_plugin_path).'/index.php';
	@@ -351,7 +351,7 @@ setDiv("div_file");
351	</form>
352	<div id="registerKeyForm" style="display: none;">'.__("<p>If you already registered your Key then you can get instant access to definition updates.</p>",'gotmls').'<input type="button" style="width: 100%;" value="'.__("Check for Definition Updates Now!",'gotmls').'" onclick="check_for_updates(\'Definition_Updates\');" />
353	'.__("<p>If you have not already registered your Key then register now and get instant access to definition updates.</p><p>* All fields are required and I will NOT share your registration information with anyone.</p>",'gotmls').'
354	- <form id="registerform" onsubmit="return sinupFormValidate(this);" action="'~~.$GOTMLS_update_home~~.'wp-login.php?action=register" method="post" name="registerform" target="GOTMLS_iFrame"><input type="hidden" name="redirect_to" id="register_redirect_to" value="/donate/"><input type="hidden" name="user_login" id="register_user_login" value="">
355	<div>'.__("Your Full Name:",'gotmls').'</div>
356	<div style="float: left; width: 50%;"><input style="width: 100%;" id="first_name" type="text" name="first_name" value="'.$current_user->user_firstname.'" /></div>
357	<div style="float: left; width: 50%;"><input style="width: 100%;" id="last_name" type="text" name="last_name" value="'.$current_user->user_lastname.'" /></div>
	@@ -368,7 +368,7 @@ setDiv("div_file");
368	<script type="text/javascript">
369	function check_for_updates(update_type) {
370	showhide(update_type, true);
371	- stopCheckingDefinitions = checkupdateserver("'.$~~GOTMLS_update_home.$GLOBALS["GOTMLS"]["tmp"]["Definition"]["Updates"]~~.'~~&js='.$ver_info.'~~", update_type, "'.str_replace("://", "://www.", $~~GOTMLS_update_home~~)~~.$GLOBALS["GOTMLS"]["tmp"]["Definition"]["Updates"]~~.'~~&js='.$ver_info.'~~");
372	}
373	function updates_complete(chk) {
374	if (auto_img = document.getElementById("autoUpdateDownload")) {
	@@ -386,7 +386,7 @@ setDiv("div_file");
386	if (document.getElementById("autoUpdateDownload").src.replace(/^.+\?/,"")=="0") {
387	alert(chk+"\\n\\n'.__("Please make a donation for the use of this wonderful feature!",'gotmls').'");
388	if (check_for_registration() && chk.substr(0, 8) == "Changed " && chk.substr(8, 1) != "0")
389	- window.open("'.$GOTMLS_update_home.~~GOTMLS_installation_key.~~'/donate/?donation-source="+chk, "_blank");
390	} else
391	alert(chk);
392	}
	@@ -413,7 +413,8 @@ setDiv("div_file");
413	return false;
414	} else {
415	document.getElementById("Definition_Updates").innerHTML = \'<img src="'.GOTMLS_images_path.'wait.gif">'.__("Submitting Registration ...",'gotmls').'\';
416	- ~~setTimeout~~(~~\'stopCheckingDefinitions = checkupdateserver(~~"~~'.$GOTMLS_update_home.$GLOBALS["GOTMLS"]["tmp"]["Definition"]["Updates"].'&js='.$ver_info.'", "~~Definition_Updates"~~);\'~~, ~~6000~~);

417	showhide("registerKeyForm");
418	return true;
419	}
	@@ -452,10 +453,10 @@ setDiv("div_file");
452	<input type="hidden" name="item_name" value="Donation to Eli\'s Anti-Malware Plugin">
453	<input type="hidden" name="item_number" value="GOTMLS-key-'.GOTMLS_installation_key.'">
454	<input type="hidden" name="custom" value="key-'.GOTMLS_installation_key.'">
455	- <input type="hidden" name="notify_url" value="'.$GOTMLS_update_home.GOTMLS_installation_key.'/ipn">
456	<input type="hidden" name="page_style" value="GOTMLS">
457	- <input type="hidden" name="return" value="'~~.$GOTMLS_update_home~~.~~GOTMLS_installation_key~~.'/donate/?donation-source=paid">
458	- <input type="hidden" name="cancel_return" value="'~~.$GOTMLS_update_home~~.~~GOTMLS_installation_key~~.'/donate/?donation-source=cancel">
459	<input type="image" id="pp_button" src="'.GOTMLS_images_path.'btn_donateCC_WIDE.gif" border="0" name="submitc" alt="'.__("Make a Donation with PayPal",'gotmls').'">
460	<div>
461	<ul class="GOTMLS-sidebar-links">
	@@ -464,8 +465,8 @@ setDiv("div_file");
464	<li><a target="_blank" href="https://wordpress.org/support/plugin/'.GOTMLS_plugin_dir.'">Forum Posts</a></li>
465	<li><a target="_blank" href="https://wordpress.org/support/view/plugin-reviews/'.GOTMLS_plugin_dir.'">Plugin Reviews</a></li>
466	</ul></li>
467	- <li><img src="'~~.$GOTMLS_update_home~~.'/favicon.ico" border="0" alt="Plugin site:"><b><a target="_blank" href="'~~.$GOTMLS_update_home~~.'">GOTMLS.NET</a></b></li>
468	- <li><img src="'~~.$GOTMLS_plugin_home~~.'/favicon.ico" border="0" alt="Developer site:"><b><a target="_blank" href="'~~.$GOTMLS_plugin_home~~.'/category/my-plugins/anti-malware/">Eli\'s Blog</a></b></li>
469	<li><img src="https://ssl.gstatic.com/ui/v1/icons/mail/favicon.ico" border="0" alt="mail:"><b><a target="_blank" href="mailto:eli@gotmls.net">Email Eli</a></b></li>
470	<li><iframe allowtransparency="true" frameborder="0" scrolling="no" src="https://platform.twitter.com/widgets/follow_button.html?screen_name=GOTMLS&show_count=false" style="width:125px; height:20px;"></iframe></li>
471	</ul>
	@@ -658,7 +659,7 @@ function GOTMLS_View_Quarantine() {
658	}
659
660	function GOTMLS_settings() {
661	- global $current_user, $wp_version, $~~GOTMLS_definitions_array, $~~GOTMLS_threat_levels, $GOTMLS_scanfiles, $GOTMLS_loop_execution_time, $GOTMLS_skip_dirs, $GOTMLS_dirs_at_depth, $GOTMLS_dir_at_depth;
662	$GOTMLS_scan_groups = array();
663	$dirs = GOTMLS_explode_dir(__file__);
664	for ($SL=0;$SL<intval($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"]);$SL++)
	@@ -736,20 +737,20 @@ function GOTMLS_settings() {
736	foreach ($GOTMLS_threat_levels as $threat_level_name=>$threat_level) {
737	$scan_opts .= '
738	<div style="padding: 0; position: relative;" id="check_'.$threat_level.'_div">';
739	- if (isset($~~GOTMLS_definitions_array~~[$threat_level]))
740	$scan_opts .= '
741	<input type="checkbox" name="check[]" id="check_'.$threat_level.'_Yes" value="'.$threat_level.'"'.(in_array($threat_level,$GLOBALS["GOTMLS"]["log"]["settings"]["check"])?' checked':'').' /> <a style="text-decoration: none;" href="#check_'.$threat_level.'_div_0" onclick="document.getElementById(\'check_'.$threat_level.'_Yes\').checked=true;showhide(\'dont_check_'.$threat_level.'\');">';
742	else
743	$scan_opts .= '
744	<a title="'.__("Download Definition Updates to Use this feature",'gotmls').'"><img src="'.GOTMLS_images_path.'blocked.gif" height=16 width=16 alt="X">';
745	$scan_opts .= (isset($_GET["SESSION"]) && isset($_SESSION["GOTMLS_debug"][$threat_level])?print_r($_SESSION["GOTMLS_debug"][$threat_level],1):"")."<b>$threat_level_name</b></a>";
746	- if (!isset($~~GOTMLS_definitions_array~~[$threat_level]))
747	$scan_opts .= '<br />
748	<div style="padding: 14px;" id="check_'.$threat_level.'_div_NA">'.__("Registration of your Installation Key is required for this feature",'gotmls').'</div>';
749	elseif (isset($_GET["SESSION"])) {
750	$scan_opts .= '
751	<div style="padding: 0 20px; position: relative; top: -18px; display: none;" id="dont_check_'.$threat_level.'"><a class="rounded-corners" style="position: absolute; left: 0; margin: 0; padding: 0 4px; text-decoration: none; color: #C00; background-color: #FCC; border: solid #F00 1px;" href="#check_'.$threat_level.'_div_0" onclick="showhide(\'dont_check_'.$threat_level.'\');">X</a>';
752	- foreach ($~~GOTMLS_definitions_array~~[$threat_level] as $threat_name => $threat_regex)
753	$scan_opts .= '<br />
754	<input type="checkbox" name="dont_check[]" value="'.htmlspecialchars($threat_name).'"'.(in_array($threat_name, $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"])?' checked /><script>showhide("dont_check_'.$threat_level.'", true);</script>':' />').(isset($_SESSION["GOTMLS_debug"][$threat_name])?print_r($_SESSION["GOTMLS_debug"][$threat_name],1):"").$threat_name;
755	$scan_opts .= '
	@@ -1024,37 +1025,41 @@ showhide("pause_button", true);'."\n/<!--"."/";
1024	$patch_action = "";
1025	$find = "#if\s$([^\&]+\&\&)?\sfile_exists\((.+?)(safe-load\|wp-login)\.php'$\)\s*require(_once)?$(.+?)(safe-load\|wp-login)\.php'$;#";
1026	$head = str_replace(array('#', '\$', '\$', '(_once)?', ')\\.', '\\s*', '(.+?)(', '\|', '([^\\&]+\\&\\&)?'), array(' ', '(', ')', '_once', '.', ' ', '\''.dirname(__FILE__).'/', '/', '!in_array($_SERVER["REMOTE_ADDR"], array("'.$_SERVER["REMOTE_ADDR"].'")) &&'), $find);
1027	- if (~~file_exists~~(dirname(__FILE__).'/../../../wp-config.php') ~~&& ($config = @file_get_contents(dirname(__FILE__~~)~~.'/../../../wp-config.php'))~~ ~~&& strlen($config) && ($patch_found = preg_match($find, $config)))~~ {
1028	- if (~~strpos~~($config, ~~substr~~(~~$head,~~ ~~strpos~~($~~head, "file_exists"~~)))) {
1029	- if (~~isset(~~$~~_POST["GOTMLS_patching"])~~ && ~~GOTMLS_file_put_contents~~(~~dirname(__FILE__).'/../../../wp-config.php', preg_replace('#<\?[ph\s]+(//.\s)*\?>#i', "", preg_replace(~~$find, ~~"",~~ $config))))
1030	- $~~patch_action~~ .= ~~'<div~~ ~~class=~~"~~error~~"~~>'.__("Removed~~ ~~Brute-Force Protection",'gotmls').'</div>';~~
1031	- ~~else~~
1032	- $~~patch_status~~ = 1;
1033	- } else {
1034	- ~~if (isset(~~$~~_POST["GOTMLS_patching"])~~ && ~~GOTMLS_file_put_contents(dirname(__FILE__).'/../../../wp-config.php', preg_replace($find, "$head", $config))) {~~
1035	- ~~$patch_action~~ .= ~~'<div class="updated">'.__("Upgraded Brute-Force Protection",'gotmls').'</div>';~~








1036	$patch_status = 1;
1037	- } ~~else~~
1038	- ~~$patch_status~~ ~~= 2;~~
1039	- }
1040	- } elseif (isset($_POST["GOTMLS_patching"]) && strlen($config) && ($patch_found == 0) && GOTMLS_file_put_contents(dirname(__FILE__).'/../../../wp-config.php', "<?php$head// Load Brute-Force Protection by GOTMLS.NET before the WordPress bootstrap. ?>$config")) {
1041	- $patch_action .= '<div class="~~updated~~">'.__("~~Installed Brute~~-~~Force~~ ~~Protection~~",'gotmls').'</div>';
1042	- $patch_status = 1;
1043	- }
1044	if (file_exists(dirname(__FILE__).'/../../../wp-login.php') && ($login = @file_get_contents(dirname(__FILE__).'/../../../wp-login.php')) && strlen($login) && (preg_match($find, $login))) {
1045	if (isset($_POST["GOTMLS_patching"]) && ($source = wp_remote_get("http://core.svn.wordpress.org/tags/".$wp_version.'/wp-login.php')) && is_array($source) && isset($source["body"]) && (strlen($source["body"]) > 500) && GOTMLS_file_put_contents(dirname(__FILE__).'/../../../wp-login.php', $source["body"]))
1046	$patch_action .= '<div class="updated">'.__("Removed Old Brute-Force Login Patch",'gotmls').'</div>';
1047	else
1048	$patch_status = 2;
1049	}
1050	- $js = GOTMLS_encode("\nif(stopSettingSession)\n\tclearTimeout(stopSettingSession);\nif(stopCheckingSession)\n\tclearTimeout(stopCheckingSession);\nshowhide('GOTMLS_patch_searching', true);\nshowhide('GOTMLS_patch_searching');\nshowhide('GOTMLS_patch_button', true);\n");
1051	$sec_opts = '
1052	<p><img src="'.GOTMLS_images_path.'checked.gif"><b>Revolution Slider Exploit Protection (Automatically Enabled)</b></p><div style="padding: 0 30px;">'.__("This protection is automatically activated with this plugin because of the widespread attack on WordPress that are affecting so many site right now. It is still recommended that you make sure to upgrade and older versions of the Revolution Slider plugin, especially those included in some themes that will not update automatically. Even if you do not have Revolution Slider on your site it still can't hurt to have this protection installed.",'gotmls').'</div><hr />
1053	'.$patch_action.'
1054	<form method="POST" name="GOTMLS_Form_patch"><p style="float: right;"><input type="submit" value="'.$patch_attr[$patch_status]["action"].'" style="'.($patch_status?'">':' display: none;" id="GOTMLS_patch_button"><div id="GOTMLS_patch_searching" style="float: right;">'.__("Checking for session compatibility ...",'gotmls').' <img src="'.GOTMLS_images_path.'wait.gif" height=16 width=16 alt="Wait..." /></div>').'<input type="hidden" name="GOTMLS_patching" value="1"></p><p><img src="'.GOTMLS_images_path.$patch_attr[$patch_status]["icon"].'.gif"><b>Brute-force Protection '.$patch_attr[$patch_status]["status"].'</b></p><div style="padding: 0 30px;">   * '.$patch_attr[$patch_status]["language"].__(" For more information on Brute-Force attack prevention and the WordPress wp-login-php file ",'gotmls').' <a target="_blank" href="http://gotmls.net/tag/wp-login-php/">'.__("read my blog",'gotmls').'</a>.</div></form>
1055	<script type="text/javascript">
1056	- ~~stopSettingSession~~ = checkupdateserver("'.GOTMLS_images_path.'~~session~~.js?~~test~~=~~'.$js.'~~", "GOTMLS_patch_searching");
1057	- stopCheckingSession = checkupdateserver("'.GOTMLS_images_path.'session.js?test='.$js.'", "GOTMLS_patch_searching");
1058	</script>';
1059	$admin_notice = "";
1060	if ($current_user->user_login == "admin") {
	@@ -1079,7 +1084,7 @@ function GOTMLS_set_plugin_row_meta($links_array, $plugin_file) {
1079	}
1080
1081	function GOTMLS_init() {
1082	- global $~~GOTMLS_update_home, $~~GOTMLS_onLoad, $GOTMLS_threat_levels, $wpdb, $GOTMLS_threats_found, $~~GOTMLS_definitions_array, $~~GOTMLS_file_contents;
1083	if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_what"]))
1084	$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_what"] = 2;
1085	if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_depth"]))
	@@ -1103,13 +1108,13 @@ function GOTMLS_init() {
1103	$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"] = $_REQUEST["dont_check"];
1104	if ($array = get_option('GOTMLS_definitions_array')) {
1105	if (is_array($array))
1106	- $~~GOTMLS_definitions_array~~ = $array;
1107	} else {
1108	$wpdb->query("DELETE FROM $wpdb->options WHERE `option_name` LIKE 'GOTMLS_known_%' OR `option_name` LIKE 'GOTMLS_definitions_array_%'");
1109	array_walk($GLOBALS["GOTMLS"]["tmp"]["settings_array"], "GOTMLS_reset_settings");
1110	}
1111	$GOTMLS_definitions_versions = array();
1112	- foreach ($~~GOTMLS_definitions_array~~ as $threat_level=>$definition_names)
1113	foreach ($definition_names as $definition_name=>$definition_version)
1114	if (is_array($definition_version))
1115	if (!isset($GOTMLS_definitions_versions[$threat_level]) \|\| $definition_version[0] > $GOTMLS_definitions_versions[$threat_level])
	@@ -1117,17 +1122,17 @@ function GOTMLS_init() {
1117	if (isset($_POST["UPDATE_definitions_array"])) {
1118	$GOTnew_definitions = maybe_unserialize(GOTMLS_decode($_POST["UPDATE_definitions_array"]));
1119	$GOTMLS_onLoad .= "updates_complete('Downloaded Definitions');";
1120	- } elseif (isset($~~GOTMLS_definitions_array~~["wp_login"]["brute force possible on wp-login.php"]) && is_array($~~GOTMLS_definitions_array~~["wp_login"]["brute force possible on wp-login.php"]) && count($~~GOTMLS_definitions_array~~["wp_login"]["brute force possible on wp-login.php"]) == 2 && $~~GOTMLS_definitions_array~~["wp_login"]["brute force possible on wp-login.php"][0] == "D4OAB")
1121	$GOTnew_definitions["wp_login"]["brute force possible on wp-login.php"] = array("D4OAC",'/if $file_exists\(.+?(\/plugins\/gotmls\/safe-load\.php\')[$\s]+require$.+?\1$;/i');
1122	//elseif (file_exists(GOTMLS_plugin_path.'definitions_update.txt')) $GOTnew_definitions = maybe_unserialize(GOTMLS_decode(file_get_contents(GOTMLS_plugin_path.'definitions_update.txt')));
1123	if (isset($GOTnew_definitions) && is_array($GOTnew_definitions)) {
1124	- $~~GOTMLS_definitions_array~~ = GOTMLS_array_replace_recursive($~~GOTMLS_definitions_array~~, $GOTnew_definitions);
1125	if (file_exists(GOTMLS_plugin_path.'definitions_update.txt'))
1126	@unlink(GOTMLS_plugin_path.'definitions_update.txt');
1127	if (isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"]))
1128	unset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"]);
1129	- update_option('GOTMLS_definitions_array', $~~GOTMLS_definitions_array~~);
1130	- foreach ($~~GOTMLS_definitions_array~~ as $threat_level=>$definition_names)
1131	foreach ($definition_names as $definition_name=>$definition_version)
1132	if (is_array($definition_version))
1133	if (!isset($GOTMLS_definitions_versions[$threat_level]) \|\| $definition_version[0] > $GOTMLS_definitions_versions[$threat_level])
	@@ -1139,13 +1144,13 @@ function GOTMLS_init() {
1139	$GLOBALS["GOTMLS"]["tmp"]["Definition"]["Updates"] .= "&ver[$definition_name]=".$GLOBALS["GOTMLS"]["tmp"]["Definition"]["Latest"];
1140	if (isset($_REQUEST["check"]) && is_array($_REQUEST["check"]))
1141	$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"] = $_REQUEST["check"];
1142	- /* $threat_names = array_keys($~~GOTMLS_definitions_array~~["known"]);
1143	foreach ($threat_names as $threat_name) {
1144	- if (isset($~~GOTMLS_definitions_array~~["known"][$threat_name]) && is_array($~~GOTMLS_definitions_array~~["known"][$threat_name]) && count($~~GOTMLS_definitions_array~~["known"][$threat_name]) > 1) {
1145	- if ($~~GOTMLS_definitions_array~~["known"][$threat_name][0] > $GOTMLS_definitions_version)
1146	- $GOTMLS_definitions_version = $~~GOTMLS_definitions_array~~["known"][$threat_name][0];
1147	if (!(count($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"]) && in_array($threat_name, $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"]))) {
1148	- $GOTMLS_threat_levels[$threat_name] = count($~~GOTMLS_definitions_array~~["known"][$threat_name]);
1149	if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"]) && $GOTMLS_threat_levels[$threat_name] > 2)
1150	$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"] = "known";
1151	}
	@@ -1162,13 +1167,13 @@ function GOTMLS_init() {
1162	if (strlen($chksum[0]) == 32 && strlen($chksum[1]) == 32 && is_file($file) && md5(@file_get_contents($file)) == $chksum[0]) {
1163	$filesize = @filesize($file);
1164	if (true) {
1165	- if (!isset($~~GOTMLS_definitions_array~~["whitelist"][$file][0]))
1166	- $~~GOTMLS_definitions_array~~["whitelist"][$file][0] = "A0002";
1167	- $~~GOTMLS_definitions_array~~["whitelist"][$file][$chksum[0].'O'.$filesize] = "A0002";
1168	} else
1169	- unset($~~GOTMLS_definitions_array~~["whitelist"][$file]);
1170	- update_option("GOTMLS_definitions_array", $~~GOTMLS_definitions_array~~);
1171	- die("<html><body>Added $file to Whitelist!<br /><iframe style='width: 90%; height: 350px;' src='$GOTMLS_update_home?whitelist=".$_POST['GOTMLS_whitelist']."&hash=$chksum[0]&size=$filesize&key=$chksum[1]'></iframe></body></html>");
1172	} else echo "<li>Invalid Data!</li>";
1173	} elseif (isset($_GET["GOTMLS_scan"])) {
1174	$file = GOTMLS_decode($_GET["GOTMLS_scan"]);


8	Contributors: scheeeli, gotmls
9	Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
10	Description: This Anti-Virus/Anti-Malware plugin searches for Malware and other Virus like threats and vulnerabilities on your server and helps you remove them. It's always growing and changing to adapt to new threats so let me know if it's not working for you.
11	+ Version: 4.14.62
12	*/
13	if (isset($_SERVER["DOCUMENT_ROOT"]) && ($SCRIPT_FILE = str_replace($_SERVER["DOCUMENT_ROOT"], "", isset($_SERVER["SCRIPT_FILENAME"])?$_SERVER["SCRIPT_FILENAME"]:isset($_SERVER["SCRIPT_NAME"])?$_SERVER["SCRIPT_NAME"]:"")) && strlen($SCRIPT_FILE) > strlen("/".basename(__FILE__)) && substr(__FILE__, -1 * strlen($SCRIPT_FILE)) == substr($SCRIPT_FILE, -1 * strlen(__FILE__)))
14	include(dirname(__FILE__)."/safe-load/index.php");

105	}
106
107	function GOTMLS_display_header($optional_box = "") {
108	+ global $GOTMLS_onLoad, $GOTMLS_loop_execution_time, $wp_version, $current_user;
109	get_currentuserinfo();
110	$GOTMLS_url_parts = explode('/', GOTMLS_siteurl);
111	if (isset($_GET["check_site"]) && $_GET["check_site"] == 1)
112	echo '<div id="check_site" style="z-index: 1234567;"><img src="'.GOTMLS_images_path.'checked.gif" height=16 width=16 alt="✔"> '.__("Tested your site. It appears we didn't break anything",'gotmls').' ;-)</div><script type="text/javascript">window.parent.document.getElementById("check_site_warning").style.backgroundColor=\'#0C0\';</script><li>Please <a target="_blank" href="https://wordpress.org/plugins/gotmls/stats/?compatibility%5Bversion%5D='.$wp_version.'&compatibility%5Btopic_version%5D='.GOTMLS_Version.'&compatibility%5Bcompatible%5D=1#compatibility-works">Vote "Works"</a> or <a target="_blank" href="https://wordpress.org/support/view/plugin-reviews/gotmls#postform">write a "Five-Star" Reviews</a> on WordPress.org if you like this plugin.</li><style>#footer, #GOTMLS-metabox-container, #GOTMLS-right-sidebar, #admin-page-container, #wpadminbar, #adminmenuback, #adminmenuwrap, #adminmenu, .error, .updated, .update-nag {display: none !important;} #wpbody-content {padding-bottom: 0;} #wpbody, html.wp-toolbar {padding-top: 0 !important;} #wpcontent, #footer {margin-left: 5px !important;}';
113	else
114	echo '<style>#GOTMLS-right-sidebar {float: right; margin-right: 0px;}';
115	+ $Update_Definitions = GOTMLS_update_home.'definitions.js'.$GLOBALS["GOTMLS"]["tmp"]["Definition"]["Updates"].'&js='.GOTMLS_Version.'&p='.strtoupper(GOTMLS_plugin_dir).'&wp='.$wp_version.'&ts='.date("YmdHis").'&key='.GOTMLS_installation_key.'&d='.ur1encode(GOTMLS_siteurl);
116	$Update_Link = '<div style="text-align: center;"><a href="';
117	$new_version = "";
118	$file = basename(GOTMLS_plugin_path).'/index.php';

351	</form>
352	<div id="registerKeyForm" style="display: none;">'.__("<p>If you already registered your Key then you can get instant access to definition updates.</p>",'gotmls').'<input type="button" style="width: 100%;" value="'.__("Check for Definition Updates Now!",'gotmls').'" onclick="check_for_updates(\'Definition_Updates\');" />
353	'.__("<p>If you have not already registered your Key then register now and get instant access to definition updates.</p><p>* All fields are required and I will NOT share your registration information with anyone.</p>",'gotmls').'
354	+ <form id="registerform" onsubmit="return sinupFormValidate(this);" action="'.GOTMLS_plugin_home.'wp-login.php?action=register" method="post" name="registerform" target="GOTMLS_iFrame"><input type="hidden" name="redirect_to" id="register_redirect_to" value="/donate/"><input type="hidden" name="user_login" id="register_user_login" value="">
355	<div>'.__("Your Full Name:",'gotmls').'</div>
356	<div style="float: left; width: 50%;"><input style="width: 100%;" id="first_name" type="text" name="first_name" value="'.$current_user->user_firstname.'" /></div>
357	<div style="float: left; width: 50%;"><input style="width: 100%;" id="last_name" type="text" name="last_name" value="'.$current_user->user_lastname.'" /></div>

368	<script type="text/javascript">
369	function check_for_updates(update_type) {
370	showhide(update_type, true);
371	+ stopCheckingDefinitions = checkupdateserver("'.$Update_Definitions.'", update_type, "'.str_replace("://", "://www.", $Update_Definitions).'");
372	}
373	function updates_complete(chk) {
374	if (auto_img = document.getElementById("autoUpdateDownload")) {

386	if (document.getElementById("autoUpdateDownload").src.replace(/^.+\?/,"")=="0") {
387	alert(chk+"\\n\\n'.__("Please make a donation for the use of this wonderful feature!",'gotmls').'");
388	if (check_for_registration() && chk.substr(0, 8) == "Changed " && chk.substr(8, 1) != "0")
389	+ window.open("'.GOTMLS_update_home.'donate.php?donation-source="+chk, "_blank");
390	} else
391	alert(chk);
392	}

413	return false;
414	} else {
415	document.getElementById("Definition_Updates").innerHTML = \'<img src="'.GOTMLS_images_path.'wait.gif">'.__("Submitting Registration ...",'gotmls').'\';
416	+ showhide("Definition_Updates", true);
417	+ stopCheckingDefinitions = checkupdateserver("'.$Update_Definitions.'", "Definition_Updates");
418	showhide("registerKeyForm");
419	return true;
420	}

453	<input type="hidden" name="item_name" value="Donation to Eli\'s Anti-Malware Plugin">
454	<input type="hidden" name="item_number" value="GOTMLS-key-'.GOTMLS_installation_key.'">
455	<input type="hidden" name="custom" value="key-'.GOTMLS_installation_key.'">
456	+ <input type="hidden" name="notify_url" value="'.GOTMLS_update_home.GOTMLS_installation_key.'/ipn">
457	<input type="hidden" name="page_style" value="GOTMLS">
458	+ <input type="hidden" name="return" value="'.GOTMLS_plugin_home.'donate/?donation-source=paid">
459	+ <input type="hidden" name="cancel_return" value="'.GOTMLS_plugin_home.'donate/?donation-source=cancel">
460	<input type="image" id="pp_button" src="'.GOTMLS_images_path.'btn_donateCC_WIDE.gif" border="0" name="submitc" alt="'.__("Make a Donation with PayPal",'gotmls').'">
461	<div>
462	<ul class="GOTMLS-sidebar-links">

465	<li><a target="_blank" href="https://wordpress.org/support/plugin/'.GOTMLS_plugin_dir.'">Forum Posts</a></li>
466	<li><a target="_blank" href="https://wordpress.org/support/view/plugin-reviews/'.GOTMLS_plugin_dir.'">Plugin Reviews</a></li>
467	</ul></li>
468	+ <li><img src="'.GOTMLS_plugin_home.'favicon.ico" border="0" alt="Plugin site:"><b><a target="_blank" href="'.GOTMLS_plugin_home.'">GOTMLS.NET</a></b></li>
469	+ <li><img src="'.GOTMLS_blog_home.'/favicon.ico" border="0" alt="Developer site:"><b><a target="_blank" href="'.GOTMLS_blog_home.'/category/my-plugins/anti-malware/">Eli\'s Blog</a></b></li>
470	<li><img src="https://ssl.gstatic.com/ui/v1/icons/mail/favicon.ico" border="0" alt="mail:"><b><a target="_blank" href="mailto:eli@gotmls.net">Email Eli</a></b></li>
471	<li><iframe allowtransparency="true" frameborder="0" scrolling="no" src="https://platform.twitter.com/widgets/follow_button.html?screen_name=GOTMLS&show_count=false" style="width:125px; height:20px;"></iframe></li>
472	</ul>

659	}
660
661	function GOTMLS_settings() {
662	+ global $current_user, $wp_version, $GOTMLS_threat_levels, $GOTMLS_scanfiles, $GOTMLS_loop_execution_time, $GOTMLS_skip_dirs, $GOTMLS_dirs_at_depth, $GOTMLS_dir_at_depth;
663	$GOTMLS_scan_groups = array();
664	$dirs = GOTMLS_explode_dir(__file__);
665	for ($SL=0;$SL<intval($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"]);$SL++)

737	foreach ($GOTMLS_threat_levels as $threat_level_name=>$threat_level) {
738	$scan_opts .= '
739	<div style="padding: 0; position: relative;" id="check_'.$threat_level.'_div">';
740	+ if (isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"][$threat_level]))
741	$scan_opts .= '
742	<input type="checkbox" name="check[]" id="check_'.$threat_level.'_Yes" value="'.$threat_level.'"'.(in_array($threat_level,$GLOBALS["GOTMLS"]["log"]["settings"]["check"])?' checked':'').' /> <a style="text-decoration: none;" href="#check_'.$threat_level.'_div_0" onclick="document.getElementById(\'check_'.$threat_level.'_Yes\').checked=true;showhide(\'dont_check_'.$threat_level.'\');">';
743	else
744	$scan_opts .= '
745	<a title="'.__("Download Definition Updates to Use this feature",'gotmls').'"><img src="'.GOTMLS_images_path.'blocked.gif" height=16 width=16 alt="X">';
746	$scan_opts .= (isset($_GET["SESSION"]) && isset($_SESSION["GOTMLS_debug"][$threat_level])?print_r($_SESSION["GOTMLS_debug"][$threat_level],1):"")."<b>$threat_level_name</b></a>";
747	+ if (!isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"][$threat_level]))
748	$scan_opts .= '<br />
749	<div style="padding: 14px;" id="check_'.$threat_level.'_div_NA">'.__("Registration of your Installation Key is required for this feature",'gotmls').'</div>';
750	elseif (isset($_GET["SESSION"])) {
751	$scan_opts .= '
752	<div style="padding: 0 20px; position: relative; top: -18px; display: none;" id="dont_check_'.$threat_level.'"><a class="rounded-corners" style="position: absolute; left: 0; margin: 0; padding: 0 4px; text-decoration: none; color: #C00; background-color: #FCC; border: solid #F00 1px;" href="#check_'.$threat_level.'_div_0" onclick="showhide(\'dont_check_'.$threat_level.'\');">X</a>';
753	+ foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"][$threat_level] as $threat_name => $threat_regex)
754	$scan_opts .= '<br />
755	<input type="checkbox" name="dont_check[]" value="'.htmlspecialchars($threat_name).'"'.(in_array($threat_name, $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"])?' checked /><script>showhide("dont_check_'.$threat_level.'", true);</script>':' />').(isset($_SESSION["GOTMLS_debug"][$threat_name])?print_r($_SESSION["GOTMLS_debug"][$threat_name],1):"").$threat_name;
756	$scan_opts .= '

1025	$patch_action = "";
1026	$find = "#if\s$([^\&]+\&\&)?\sfile_exists\((.+?)(safe-load\|wp-login)\.php'$\)\s*require(_once)?$(.+?)(safe-load\|wp-login)\.php'$;#";
1027	$head = str_replace(array('#', '\$', '\$', '(_once)?', ')\\.', '\\s*', '(.+?)(', '\|', '([^\\&]+\\&\\&)?'), array(' ', '(', ')', '_once', '.', ' ', '\''.dirname(__FILE__).'/', '/', '!in_array($_SERVER["REMOTE_ADDR"], array("'.$_SERVER["REMOTE_ADDR"].'")) &&'), $find);
1028	+ if (is_file(dirname(__FILE__).'/../../../wp-config.php')) {
1029	+ if (($config = @file_get_contents(dirname(__FILE__).'/../../../wp-config.php')) && strlen($config)) {
1030	+ if ($patch_found = preg_match($find, $config)) {
1031	+ if (strpos($config, substr($head, strpos($head, "file_exists")))) {
1032	+ if (isset($_POST["GOTMLS_patching"]) && GOTMLS_file_put_contents(dirname(__FILE__).'/../../../wp-config.php', preg_replace('#<\?[ph\s]+(//.\s)*\?>#i', "", preg_replace($find, "", $config))))
1033	+ $patch_action .= '<div class="error">'.__("Removed Brute-Force Protection",'gotmls').'</div>';
1034	+ else
1035	+ $patch_status = 1;
1036	+ } else {
1037	+ if (isset($_POST["GOTMLS_patching"]) && GOTMLS_file_put_contents(dirname(__FILE__).'/../../../wp-config.php', preg_replace($find, "$head", $config))) {
1038	+ $patch_action .= '<div class="updated">'.__("Upgraded Brute-Force Protection",'gotmls').'</div>';
1039	+ $patch_status = 1;
1040	+ } else
1041	+ $patch_status = 2;
1042	+ }
1043	+ } elseif (isset($_POST["GOTMLS_patching"]) && strlen($config) && ($patch_found == 0) && GOTMLS_file_put_contents(dirname(__FILE__).'/../../../wp-config.php', "<?php$head// Load Brute-Force Protection by GOTMLS.NET before the WordPress bootstrap. ?>$config")) {
1044	+ $patch_action .= '<div class="updated">'.__("Installed Brute-Force Protection",'gotmls').'</div>';
1045	$patch_status = 1;
1046	+ }
1047	+ } else
1048	+ $patch_action .= '<div class="error">'.__("wp-config.php Not Readable!",'gotmls').'</div>';
1049	+ } else
1050	+ $patch_action .= '<div class="error">'.__("wp-config.php Not Found!",'gotmls').'</div>';


1051	if (file_exists(dirname(__FILE__).'/../../../wp-login.php') && ($login = @file_get_contents(dirname(__FILE__).'/../../../wp-login.php')) && strlen($login) && (preg_match($find, $login))) {
1052	if (isset($_POST["GOTMLS_patching"]) && ($source = wp_remote_get("http://core.svn.wordpress.org/tags/".$wp_version.'/wp-login.php')) && is_array($source) && isset($source["body"]) && (strlen($source["body"]) > 500) && GOTMLS_file_put_contents(dirname(__FILE__).'/../../../wp-login.php', $source["body"]))
1053	$patch_action .= '<div class="updated">'.__("Removed Old Brute-Force Login Patch",'gotmls').'</div>';
1054	else
1055	$patch_status = 2;
1056	}

1057	$sec_opts = '
1058	<p><img src="'.GOTMLS_images_path.'checked.gif"><b>Revolution Slider Exploit Protection (Automatically Enabled)</b></p><div style="padding: 0 30px;">'.__("This protection is automatically activated with this plugin because of the widespread attack on WordPress that are affecting so many site right now. It is still recommended that you make sure to upgrade and older versions of the Revolution Slider plugin, especially those included in some themes that will not update automatically. Even if you do not have Revolution Slider on your site it still can't hurt to have this protection installed.",'gotmls').'</div><hr />
1059	'.$patch_action.'
1060	<form method="POST" name="GOTMLS_Form_patch"><p style="float: right;"><input type="submit" value="'.$patch_attr[$patch_status]["action"].'" style="'.($patch_status?'">':' display: none;" id="GOTMLS_patch_button"><div id="GOTMLS_patch_searching" style="float: right;">'.__("Checking for session compatibility ...",'gotmls').' <img src="'.GOTMLS_images_path.'wait.gif" height=16 width=16 alt="Wait..." /></div>').'<input type="hidden" name="GOTMLS_patching" value="1"></p><p><img src="'.GOTMLS_images_path.$patch_attr[$patch_status]["icon"].'.gif"><b>Brute-force Protection '.$patch_attr[$patch_status]["status"].'</b></p><div style="padding: 0 30px;">   * '.$patch_attr[$patch_status]["language"].__(" For more information on Brute-Force attack prevention and the WordPress wp-login-php file ",'gotmls').' <a target="_blank" href="http://gotmls.net/tag/wp-login-php/">'.__("read my blog",'gotmls').'</a>.</div></form>
1061	<script type="text/javascript">
1062	+ stopCheckingSession = checkupdateserver("'.GOTMLS_images_path.'gotmls.js?SESSION=0", "GOTMLS_patch_searching");

1063	</script>';
1064	$admin_notice = "";
1065	if ($current_user->user_login == "admin") {

1084	}
1085
1086	function GOTMLS_init() {
1087	+ global $GOTMLS_onLoad, $GOTMLS_threat_levels, $wpdb, $GOTMLS_threats_found, $GOTMLS_file_contents;
1088	if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_what"]))
1089	$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_what"] = 2;
1090	if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_depth"]))

1108	$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"] = $_REQUEST["dont_check"];
1109	if ($array = get_option('GOTMLS_definitions_array')) {
1110	if (is_array($array))
1111	+ $GLOBALS["GOTMLS"]["tmp"]["definitions_array"] = $array;
1112	} else {
1113	$wpdb->query("DELETE FROM $wpdb->options WHERE `option_name` LIKE 'GOTMLS_known_%' OR `option_name` LIKE 'GOTMLS_definitions_array_%'");
1114	array_walk($GLOBALS["GOTMLS"]["tmp"]["settings_array"], "GOTMLS_reset_settings");
1115	}
1116	$GOTMLS_definitions_versions = array();
1117	+ foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"] as $threat_level=>$definition_names)
1118	foreach ($definition_names as $definition_name=>$definition_version)
1119	if (is_array($definition_version))
1120	if (!isset($GOTMLS_definitions_versions[$threat_level]) \|\| $definition_version[0] > $GOTMLS_definitions_versions[$threat_level])

1122	if (isset($_POST["UPDATE_definitions_array"])) {
1123	$GOTnew_definitions = maybe_unserialize(GOTMLS_decode($_POST["UPDATE_definitions_array"]));
1124	$GOTMLS_onLoad .= "updates_complete('Downloaded Definitions');";
1125	+ } elseif (isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_login"]["brute force possible on wp-login.php"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_login"]["brute force possible on wp-login.php"]) && count($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_login"]["brute force possible on wp-login.php"]) == 2 && $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_login"]["brute force possible on wp-login.php"][0] == "D4OAB")
1126	$GOTnew_definitions["wp_login"]["brute force possible on wp-login.php"] = array("D4OAC",'/if $file_exists\(.+?(\/plugins\/gotmls\/safe-load\.php\')[$\s]+require$.+?\1$;/i');
1127	//elseif (file_exists(GOTMLS_plugin_path.'definitions_update.txt')) $GOTnew_definitions = maybe_unserialize(GOTMLS_decode(file_get_contents(GOTMLS_plugin_path.'definitions_update.txt')));
1128	if (isset($GOTnew_definitions) && is_array($GOTnew_definitions)) {
1129	+ $GLOBALS["GOTMLS"]["tmp"]["definitions_array"] = GOTMLS_array_replace_recursive($GLOBALS["GOTMLS"]["tmp"]["definitions_array"], $GOTnew_definitions);
1130	if (file_exists(GOTMLS_plugin_path.'definitions_update.txt'))
1131	@unlink(GOTMLS_plugin_path.'definitions_update.txt');
1132	if (isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"]))
1133	unset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"]);
1134	+ update_option('GOTMLS_definitions_array', $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]);
1135	+ foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"] as $threat_level=>$definition_names)
1136	foreach ($definition_names as $definition_name=>$definition_version)
1137	if (is_array($definition_version))
1138	if (!isset($GOTMLS_definitions_versions[$threat_level]) \|\| $definition_version[0] > $GOTMLS_definitions_versions[$threat_level])

1144	$GLOBALS["GOTMLS"]["tmp"]["Definition"]["Updates"] .= "&ver[$definition_name]=".$GLOBALS["GOTMLS"]["tmp"]["Definition"]["Latest"];
1145	if (isset($_REQUEST["check"]) && is_array($_REQUEST["check"]))
1146	$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"] = $_REQUEST["check"];
1147	+ /* $threat_names = array_keys($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"]);
1148	foreach ($threat_names as $threat_name) {
1149	+ if (isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"][$threat_name]) && is_array($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"][$threat_name]) && count($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"][$threat_name]) > 1) {
1150	+ if ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"][$threat_name][0] > $GOTMLS_definitions_version)
1151	+ $GOTMLS_definitions_version = $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"][$threat_name][0];
1152	if (!(count($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"]) && in_array($threat_name, $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"]))) {
1153	+ $GOTMLS_threat_levels[$threat_name] = count($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"][$threat_name]);
1154	if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"]) && $GOTMLS_threat_levels[$threat_name] > 2)
1155	$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"] = "known";
1156	}

1167	if (strlen($chksum[0]) == 32 && strlen($chksum[1]) == 32 && is_file($file) && md5(@file_get_contents($file)) == $chksum[0]) {
1168	$filesize = @filesize($file);
1169	if (true) {
1170	+ if (!isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"][$file][0]))
1171	+ $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"][$file][0] = "A0002";
1172	+ $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"][$file][$chksum[0].'O'.$filesize] = "A0002";
1173	} else
1174	+ unset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"][$file]);
1175	+ update_option("GOTMLS_definitions_array", $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]);
1176	+ die("<html><body>Added $file to Whitelist!<br /><iframe style='width: 90%; height: 350px;' src='".GOTMLS_update_home."whitelist.html?whitelist=".$_POST['GOTMLS_whitelist']."&hash=$chksum[0]&size=$filesize&key=$chksum[1]'></iframe></body></html>");
1177	} else echo "<li>Invalid Data!</li>";
1178	} elseif (isset($_GET["GOTMLS_scan"])) {
1179	$file = GOTMLS_decode($_GET["GOTMLS_scan"]);

readme.txt CHANGED Viewed

	@@ -5,8 +5,8 @@ Author URI: http://wordpress.ieonly.com/category/my-plugins/anti-malware/
5	Contributors: scheeeli, gotmls
6	Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
7	Tags: anti-malware, security, plugin, scan, automatic, repair, remove, malware, virus, threat, hacked, malicious, scripts, infection, timthumb, exploit, block, brute-force, wp-login, patch, antimalware, revslider, Revolution Slider
8	- Version: 4.14.59
9	- Stable tag: 4.14.59
10	Requires at least: 3.3
11	Tested up to: 4.1
12
	@@ -89,6 +89,9 @@ sucuri.net caches their scan results and will not refresh the scan until you cli
89
90	== Changelog ==
91



92	= 4.14.59 =
93	* Improved session check for the option to Install Brute-Force Protection and added an error message on failure.
94	* Improved support for Multisite by only allowing Network Admins access to the Anti-Malware menu.
	@@ -292,6 +295,9 @@ sucuri.net caches their scan results and will not refresh the scan until you cli
292
293	== Upgrade Notice ==
294



295	= 4.14.59 =
296	Improved session check for the Brute-Force Protection and support for Multisite menu.
297


5	Contributors: scheeeli, gotmls
6	Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
7	Tags: anti-malware, security, plugin, scan, automatic, repair, remove, malware, virus, threat, hacked, malicious, scripts, infection, timthumb, exploit, block, brute-force, wp-login, patch, antimalware, revslider, Revolution Slider
8	+ Version: 4.14.62
9	+ Stable tag: 4.14.62
10	Requires at least: 3.3
11	Tested up to: 4.1
12

89
90	== Changelog ==
91
92	+ = 4.14.62 =
93	+ * Improved rewrite compatibility of session check for the Brute-Force Protection Installation.
94	+
95	= 4.14.59 =
96	* Improved session check for the option to Install Brute-Force Protection and added an error message on failure.
97	* Improved support for Multisite by only allowing Network Admins access to the Anti-Malware menu.

295
296	== Upgrade Notice ==
297
298	+ = 4.14.62 =
299	+ Improved rewrite compatibility of session check for the Brute-Force Protection Installation.
300	+
301	= 4.14.59 =
302	Improved session check for the Brute-Force Protection and support for Multisite menu.
303

safe-load.php DELETED Viewed

@@ -1,40 +0,0 @@
-            -
            <?php
-            -
            // START Security Patch by GOTMLS.NET
-            -
            //if(!session_save_path())	session_save_path(dirname(__FILE__).'/images/');
-            -
            if (!session_id())
-            -
            	@session_start();
-            -
            if (!(isset($_SESSION["GOTMLS_login_attempts"]) && strlen($_SESSION["GOTMLS_login_attempts"]."") > 0 && is_numeric($_SESSION["GOTMLS_login_attempts"])))
-            -
            	$_SESSION["GOTMLS_login_attempts"] = 0;
-            -
            if (!(isset($_SESSION["GOTMLS_login_ok"]) && $_SESSION["GOTMLS_login_ok"] === true))
-            -
            	$_SESSION["GOTMLS_login_ok"] = false;
-            -
            if ($_SESSION["GOTMLS_login_ok"] && $_SESSION["GOTMLS_login_attempts"] == 0)
-            -
            	$_SESSION["GOTMLS_login_attempts"] = 1;
-            -
            @date_default_timezone_set(@date_default_timezone_get());
-            -
            $GOTMLS_time = @date("mdHm");
-            -
            if (file_exists(dirname(__FILE__).'/../../../.GOTMLS.failed.login.attempt.from.'.$_SERVER["REMOTE_ADDR"].'.php'))
-            -
            	include(dirname(__FILE__).'/../../../.GOTMLS.failed.login.attempt.from.'.$_SERVER["REMOTE_ADDR"].'.php');
-            -
            elseif (isset($_GET["GOTMLS_SESSION_check"]) && is_numeric($_GET["GOTMLS_SESSION_check"])) {
-            -
            	if ($_SESSION["GOTMLS_login_attempts"] == 0) {
-            -
            		$_SESSION["GOTMLS_login_attempts"] = 1;
-            -
            		if ('IP'.str_replace('.','',$_SERVER["REMOTE_ADDR"]) == 'IP'.$_GET["GOTMLS_SESSION_check"])
-            -
            			die("<script>window.location.replace('wp-login.php?GOTMLS_SESSION_check=$GOTMLS_time');</script>");
-            -
            		elseif ($_GET["GOTMLS_SESSION_check"] == $GOTMLS_time || ($_GET["GOTMLS_SESSION_check"] + 1) == $GOTMLS_time) {
-            -
            			if (@file_put_contents(dirname(__FILE__).'/../../../.GOTMLS.failed.login.attempt.from.'.$_SERVER["REMOTE_ADDR"].'.php', '<?php $_SESSION["GOTMLS_login_attempts"] = 1; //set this value to 0 to block all login attempts from this IP '.$_SERVER["REMOTE_ADDR"]))
-            -
            				die('SESSION FAILURE: Your IP address has been logged.');
-            -
            			else
-            -
            				die('SESSION FAILURE: No way to login.');
-            -
            		}
-            -
            	} else
-            -
            		die('SESSION TEST PASSED! You should be able to login now.');
-            -
            }
-            -
            if ($_SERVER["REQUEST_METHOD"] == "POST" || isset($_POST["user_login"])) {
-            -
            	$_SESSION["GOTMLS_login_attempts"]++;
-            -
            	if ($_SESSION["GOTMLS_login_attempts"] < 2 || $_SESSION["GOTMLS_login_attempts"] > 6)
-            -
            		die("<html><head><title>Login Error</title></head><body style='margin-top: 0;'><!-- ".$_SESSION["GOTMLS_login_attempts"]." -->\n".'<div id="help-meta" style="background-color: #CCCCCC; display: none; margin: 0 15px; padding: 10px; border-bottom-left-radius: 5px; border-bottom-right-radius: 5px;">This message is shown whenever a possible brute-force attack is detected. Click the link below to have another shot at logging in.<br><iframe src="wp-login.php?GOTMLS_SESSION_check='.str_replace('.','',$_SERVER["REMOTE_ADDR"]).'" style="width: 100%; height: 35px; margin: 10px 0;"></iframe></div><div style="background-color: #CCCCCC; margin: 0 25px; float: right; padding: 10px; border-bottom-left-radius: 5px; border-bottom-right-radius: 5px;"><a onclick="hbox=document.getElementById(\'help-meta\');if (hbox.style.display==\'block\') hbox.style.display=\'none\'; else hbox.style.display=\'block\';" href="#help-meta">Help</a></div><br>'."\n<p>Just what do you think you are doing?</p><p><a href='wp-login.php'>Open the login page to try again</a></p></body></html>");
-            -
            } else {
-            -
            	$_SESSION["GOTMLS_login_ok"] = true;
-            -
            	$_SESSION["GOTMLS_login_attempts"] = 1;
-            -
            }
-            -
            $save_GOTMLS_login_attempts = $_SESSION['GOTMLS_login_attempts'];
-            -
            $save_GOTMLS_login_ok = $_SESSION['GOTMLS_login_ok'];
-            -
            // END Security Patch by GOTMLS.NET

safe-load/index.php CHANGED Viewed

	@@ -12,5 +12,5 @@ foreach (array("REMOTE_ADDR", "HTTP_HOST", "REQUEST_URI", "HTTP_REFERER", "HTTP_
12	$_SESSION["GOTMLS_detected_attacks"] .= (isset($_SERVER[$var])?"&SERVER_$var=".urlencode($_SERVER[$var]):"");
13	foreach (array("log") as $var)
14	$_SESSION["GOTMLS_detected_attacks"] .= (isset($_POST[$var])?"&POST_$var=".urlencode($_POST[$var]):"");
15	- header("location: http://safe-load.gotmls.net/report.php?ver=4.14.59".$_SESSION["GOTMLS_detected_attacks"]);
16	die();


12	$_SESSION["GOTMLS_detected_attacks"] .= (isset($_SERVER[$var])?"&SERVER_$var=".urlencode($_SERVER[$var]):"");
13	foreach (array("log") as $var)
14	$_SESSION["GOTMLS_detected_attacks"] .= (isset($_POST[$var])?"&POST_$var=".urlencode($_POST[$var]):"");
15	+ header("location: http://safe-load.gotmls.net/report.php?ver=4.14.62".$_SESSION["GOTMLS_detected_attacks"]);
16	die();

Anti-Malware Security and Brute-Force Firewall - Version 4.14.62

Version Description

Release Info

Code changes from version 4.14.59 to 4.14.62