Anti-Malware Security and Brute-Force Firewall

Version Description

Fixed a problem with deleting files from the Quarantine folder.
Added a descriptive reason to the error displayed if the fix was unsuccessful.
Added link to restore the default location of the Examine Results window.

Release Info

Developer	scheeeli
Plugin	Anti-Malware Security and Brute-Force Firewall
Version	4.14.65
Comparing to
See all releases

Code changes from version 4.14.64 to 4.14.65

Files changed (4) hide show

images/index.php +45 -56
index.php +67 -25
readme.txt +11 -3
safe-load/index.php +1 -1

images/index.php CHANGED Viewed

	@@ -10,12 +10,12 @@ function GOTMLS_define($DEF, $val) {
10	define($DEF, $val);
11	}}
12
13	- GOTMLS_define("GOTMLS_Version", "4.14.64");
14	GOTMLS_define("GOTMLS_require_version", "3.3");
15	GOTMLS_define("GOTMLS_plugin_dir", "gotmls");
16	GOTMLS_define("GOTMLS_local_images_path", dirname(__FILE__)."/");
17	GOTMLS_define("GOTMLS_plugin_path", dirname(GOTMLS_local_images_path).'/');
18	- $GLOBALS["GOTMLS"] = array("tmp"=>array("mt"=>((isset($_GET["mt"])&&is_numeric($_GET["mt"]))?$_GET["mt"]:microtime(true)), "default_ext"=>"ieonly.", "skip_ext"=>array("png", "jpg", "jpeg", "gif", "bmp", "tif", "tiff", "psd", "fla", "flv", "mov", "mp3", "exe", "zip", "pdf", "css", "pot", "po", "mo", "so", "doc", "docx", "svg", "ttf")));
19	GOTMLS_define("GOTMLS_script_URI", preg_replace('/\&(last_)?mt=[0-9\.]+/','', str_replace('&', '&', htmlspecialchars($_SERVER["REQUEST_URI"], ENT_QUOTES))).'&mt='.$GLOBALS["GOTMLS"]["tmp"]["mt"]);
20
21	if (!function_exists("GOTMLS_encode")) {
	@@ -27,7 +27,7 @@ function GOTMLS_encode($unencoded_string) {
27	else
28	$encoded_string = "Cannot encode: $unencoded_string function_exists: ";
29	$encoded_array = explode("=", $encoded_string.'=');
30	- return strtr($encoded_array[0], "+/", "-_").(count($encoded_array)-1);
31	}}
32
33	if (!function_exists("GOTMLS_decode")) {
	@@ -137,7 +137,7 @@ $GOTMLS_skip_dirs = array(".", "..");
137	if (isset($_REQEUST['img']) && substr(strtolower($_SERVER["SCRIPT_FILENAME"]), -15) == "/admin-ajax.php" && !in_array(GOTMLS_get_ext($_REQEUST['img']), $GLOBALS["GOTMLS"]["tmp"]["skip_ext"]))
138	include(dirname(__FILE__)."/../safe-load/index.php");
139	if (!(isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"]) && count($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"]) == 4))
140	- $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"] = ~~array('80px', '40px', '400px', '600px')~~;
141	if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["menu_group"]))
142	$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["menu_group"] = 0;
143	if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_what"]))
	@@ -212,36 +212,38 @@ if (!function_exists("add_action")) {
212	}
213
214	function GOTMLS_fileperms($file) {
215	- $perms = fileperms($file);
216	- if (($perms & 0xC000) == 0xC000) {
217	- $info = 's'; // Socket
218	- } elseif (($perms & 0xA000) == 0xA000) {
219	- $info = 'l'; // Symbolic Link
220	- } elseif (($perms & 0x8000) == 0x8000) {
221	- $info = '-'; // Regular
222	- } elseif (($perms & 0x6000) == 0x6000) {
223	- $info = 'b'; // Block special
224	- } elseif (($perms & 0x4000) == 0x4000) {
225	- $info = 'd'; // Directory
226	- } elseif (($perms & 0x2000) == 0x2000) {
227	- $info = 'c'; // Character special
228	- } elseif (($perms & 0x1000) == 0x1000) {
229	- $info = 'p'; // FIFO pipe















230	} else
231	- ~~$info~~ = ~~'u'~~; ~~// Unknown~~
232	- // Owner
233	- $info .= (($perms & 0x0100) ? 'r' : '-');
234	- $info .= (($perms & 0x0080) ? 'w' : '-');
235	- $info .= (($perms & 0x0040) ? (($perms & 0x0800) ? 's' : 'x' ) : (($perms & 0x0800) ? 'S' : '-'));
236	- // Group
237	- $info .= (($perms & 0x0020) ? 'r' : '-');
238	- $info .= (($perms & 0x0010) ? 'w' : '-');
239	- $info .= (($perms & 0x0008) ? (($perms & 0x0400) ? 's' : 'x' ) : (($perms & 0x0400) ? 'S' : '-'));
240	- // World
241	- $info .= (($perms & 0x0004) ? 'r' : '-');
242	- $info .= (($perms & 0x0002) ? 'w' : '-');
243	- $info .= (($perms & 0x0001) ? (($perms & 0x0200) ? 't' : 'x' ) : (($perms & 0x0200) ? 'T' : '-'));
244	- return $info;
245	}
246
247	function GOTMLS_get_ext($filename) {
	@@ -372,7 +374,7 @@ function GOTMLS_scanfile($file) {
372	}
373	}
374	} else {
375	- $GOTMLS_file_contents = (filesize($file)?__("Failed to read file contents!",'gotmls').' ~~'.(is_readable($~~file)?'~~(file_is_readable~~)':(~~file_exists($file)?(~~isset($_GET["eli"])?(@chmod($file, $GOTMLS_chmod_file)?'~~chmod~~':'read-only'):'~~(file_not_readable~~)'):'(~~does_not_exist)~~')):__("~~Empty~~ ~~file~~!",'gotmls'));
376	// $threat_link = GOTMLS_error_link($GOTMLS_file_contents, $file);
377	$className = "errors";
378	}
	@@ -380,9 +382,7 @@ function GOTMLS_scanfile($file) {
380	$threat_link = '<a target="GOTMLS_iFrame" href="'.GOTMLS_script_URI.'&GOTMLS_scan='.$clean_file.'" id="list_'.$clean_file.'" onclick="loadIframe(\''.str_replace("\"", """, '<div style="float: left;">Examine File ... </div><div style="overflow: hidden; position: relative; height: 20px;"><div style="position: absolute; right: 0px; text-align: right; width: 9000px;">'.GOTMLS_strip4java($file)).'</div></div>\');" class="GOTMLS_plugin">';
381	if (isset($_POST["GOTMLS_fix"]) && is_array($_POST["GOTMLS_fix"]) && in_array($clean_file, $_POST["GOTMLS_fix"])) {
382	if (GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]) == substr($file, 0, strlen(GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"])))) {
383	- if ($~~_POST["GOTMLS_fixing"]~~ > 1 && @~~unlink~~($file))
384	- $GOTMLS_file_contents = "";
385	- elseif (count($file_parts) > 1 && strtolower($file_parts[count($file_parts)-1]) == "gotmls" && $GOTMLS_new_contents = @file_get_contents($file))
386	$file = GOTMLS_decode($file_parts[count($file_parts)-2]);
387	else
388	$GOTMLS_new_contents = trim(preg_replace('/<\?(php)?\s*(\?>\|$)/i', "", $GOTMLS_new_contents));
	@@ -407,16 +407,13 @@ function GOTMLS_scanfile($file) {
407	}
408	} else
409	$GOTMLS_new_contents = trim(preg_replace('/<\?(php)?\s*(\?>\|$)/i', "", $GOTMLS_new_contents));
410	- if (strlen($GOTMLS_file_contents) > 0 && ((@GOTMLS_file_put_contents(GOTMLS_quarantine($file), $GOTMLS_file_contents) !== false) \|\| ((is_writable(dirname(GOTMLS_quarantine($file))) \|\| (($GOTMLS_chmod_dir = fileperms(dirname(GOTMLS_quarantine($file)))) && ($chmoded_quarantine = @chmod(dirname(GOTMLS_quarantine($file)), 0777)))) && (@GOTMLS_file_put_contents(GOTMLS_quarantine($file), $GOTMLS_file_contents) !== false) && !($chmoded_quarantine && !@chmod(dirname(GOTMLS_quarantine($file)), $GOTMLS_chmod_dir)))) && (((strlen($GOTMLS_new_contents)==0 && isset($_GET["eli"]) && @unlink($file)) \|\| (@GOTMLS_file_put_contents($file, $GOTMLS_new_contents) !== false) \|\| ((is_writable(dirname($file)) \|\| (($GOTMLS_chmod_dir = fileperms(dirname($file))) && ($chmoded_dir = @chmod(dirname($file), 0777)))) && (is_writable($file) \|\| (($GOTMLS_chmod_file = fileperms($file)) && ($chmoded_file = @chmod($file, 0666)))) && (@GOTMLS_file_put_contents($file, $GOTMLS_new_contents) !== false) && !($chmoded_dir && !@chmod(dirname($file), $GOTMLS_chmod_dir)) && !($chmoded_file && !@chmod($file, $GOTMLS_chmod_file)))))) {
411	- echo ' Success!';
412	- return "/-->"."/\nfixedFile('$clean_file');\n/<!--"."/";
413	- } elseif ($_POST["GOTMLS_fixing"] > 1 && $GOTMLS_file_contents == "") {
414	- echo ' Deleted!';
415	return "/-->"."/\nfixedFile('$clean_file');\n/<!--"."/";
416	} else {
417	- echo ' ~~Failed~~!';
418	if (isset($_GET["eli"]))
419	- ~~print_r~~(~~array(get_current_user(~~).'='.~~getmyuid~~().',gid='.getmygid().']<pre>[file_stat'=>stat($file),"strlen"=>strlen($GOTMLS_file_contents),'write_quarantine'=>((@GOTMLS_file_put_contents(GOTMLS_quarantine($file), $GOTMLS_file_contents) !== false)?'wrote_backup_file':'failed_write='.(file_exists(GOTMLS_quarantine($file))?GOTMLS_quarantine($file).GOTMLS_fileperms(GOTMLS_quarantine($file)):dirname(GOTMLS_quarantine($file)).GOTMLS_fileperms(dirname(GOTMLS_quarantine($file))))),"dir_writable"=>(is_writable(dirname($file))?'Yes':(@chmod(dirname($file), $GOTMLS_chmod_dir)?"chmod($GOTMLS_chmod_dir)":'read-only')),"file_writable"=>(is_writable($file)?"GOTMLS_file_put_contents($file):".((@GOTMLS_file_put_contents($file, $GOTMLS_new_contents) !== false)?'wrote_new':'failed_write'):fileperms($file).(chmod($file, 0664)?", chmod($file, $GOTMLS_chmod_file), ".GOTMLS_fileperms($file):'read-only')), "unlink"=>(strlen($GOTMLS_new_contents)==0?(@unlink($file)?'unlinked':'failed_delete'):'strlen:'.strlen($GOTMLS_new_contents)).'</pre>'));
420	return "/-->"."/\nfailedFile('$clean_file');\n/<!--"."/";
421	}
422	}
	@@ -431,23 +428,15 @@ function GOTMLS_scanfile($file) {
431	return GOTMLS_return_threat($className, $imageFile, $file, str_replace("GOTMLS_plugin", "GOTMLS_plugin $className", $threat_link));
432	} elseif (isset($_POST["GOTMLS_fix"]) && is_array($_POST["GOTMLS_fix"]) && in_array($clean_file, $_POST["GOTMLS_fix"])) {
433	if (GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]) == substr($file, 0, strlen(GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"])))) {
434	- if ($~~_POST["GOTMLS_fixing"]~~ > 1 && @~~unlink~~($file)) {
435	- ~~$GOTMLS_file_contents~~ = "";
436	- $msg = __("Deleted!",'gotmls');
437	- echo " $msg";
438	- return "/-->"."/\nfixedFile('$clean_file');\n/<!--"."/";
439	- } elseif (count($file_parts) > 1 && strtolower($file_parts[count($file_parts)-1]) == "gotmls" && @rename($file, GOTMLS_decode($file_parts[count($file_parts)-2]))) {
440	- $msg = __("Restored!",'gotmls');
441	- echo " $msg";
442	return "/-->"."/\nfixedFile('$clean_file');\n/<!--"."/";
443	} else {
444	- ~~$msg~~ = __("Restore Failed!",'gotmls');
445	- echo " $msg";
446	return "";
447	}
448	} else {
449	- ~~$msg~~ = __("Already Fixed!",'gotmls');
450	- echo " $msg";
451	return "/-->"."/\nfixedFile('$clean_file');\n/<!--"."/";
452	}
453	} else


10	define($DEF, $val);
11	}}
12
13	+ GOTMLS_define("GOTMLS_Version", "4.14.65");
14	GOTMLS_define("GOTMLS_require_version", "3.3");
15	GOTMLS_define("GOTMLS_plugin_dir", "gotmls");
16	GOTMLS_define("GOTMLS_local_images_path", dirname(__FILE__)."/");
17	GOTMLS_define("GOTMLS_plugin_path", dirname(GOTMLS_local_images_path).'/');
18	+ $GLOBALS["GOTMLS"] = array("tmp"=>array("mt"=>((isset($_GET["mt"])&&is_numeric($_GET["mt"]))?$_GET["mt"]:microtime(true)), "default_ext"=>"ieonly.", "skip_ext"=>array("png", "jpg", "jpeg", "gif", "bmp", "tif", "tiff", "psd", "fla", "flv", "mov", "mp3", "exe", "zip", "pdf", "css", "pot", "po", "mo", "so", "doc", "docx", "svg", "ttf"),"default" => array("msg_position" => array('80px', '40px', '400px', '600px'))));
19	GOTMLS_define("GOTMLS_script_URI", preg_replace('/\&(last_)?mt=[0-9\.]+/','', str_replace('&', '&', htmlspecialchars($_SERVER["REQUEST_URI"], ENT_QUOTES))).'&mt='.$GLOBALS["GOTMLS"]["tmp"]["mt"]);
20
21	if (!function_exists("GOTMLS_encode")) {

27	else
28	$encoded_string = "Cannot encode: $unencoded_string function_exists: ";
29	$encoded_array = explode("=", $encoded_string.'=');
30	+ return strtr($encoded_array[0], "+/0", "-_=").(count($encoded_array)-1);
31	}}
32
33	if (!function_exists("GOTMLS_decode")) {

137	if (isset($_REQEUST['img']) && substr(strtolower($_SERVER["SCRIPT_FILENAME"]), -15) == "/admin-ajax.php" && !in_array(GOTMLS_get_ext($_REQEUST['img']), $GLOBALS["GOTMLS"]["tmp"]["skip_ext"]))
138	include(dirname(__FILE__)."/../safe-load/index.php");
139	if (!(isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"]) && count($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"]) == 4))
140	+ $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"] = $GLOBALS["GOTMLS"]["tmp"]["default"]["msg_position"];
141	if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["menu_group"]))
142	$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["menu_group"] = 0;
143	if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_what"]))

212	}
213
214	function GOTMLS_fileperms($file) {
215	+ if ($perms = @fileperms($file)) {
216	+ if (($perms & 0xC000) == 0xC000) {
217	+ $info = 's'; // Socket
218	+ } elseif (($perms & 0xA000) == 0xA000) {
219	+ $info = 'l'; // Symbolic Link
220	+ } elseif (($perms & 0x8000) == 0x8000) {
221	+ $info = '-'; // Regular
222	+ } elseif (($perms & 0x6000) == 0x6000) {
223	+ $info = 'b'; // Block special
224	+ } elseif (($perms & 0x4000) == 0x4000) {
225	+ $info = 'd'; // Directory
226	+ } elseif (($perms & 0x2000) == 0x2000) {
227	+ $info = 'c'; // Character special
228	+ } elseif (($perms & 0x1000) == 0x1000) {
229	+ $info = 'p'; // FIFO pipe
230	+ } else
231	+ $info = 'u'; // Unknown
232	+ // Owner
233	+ $info .= (($perms & 0x0100) ? 'r' : '-');
234	+ $info .= (($perms & 0x0080) ? 'w' : '-');
235	+ $info .= (($perms & 0x0040) ? (($perms & 0x0800) ? 's' : 'x' ) : (($perms & 0x0800) ? 'S' : '-'));
236	+ // Group
237	+ $info .= (($perms & 0x0020) ? 'r' : '-');
238	+ $info .= (($perms & 0x0010) ? 'w' : '-');
239	+ $info .= (($perms & 0x0008) ? (($perms & 0x0400) ? 's' : 'x' ) : (($perms & 0x0400) ? 'S' : '-'));
240	+ // World
241	+ $info .= (($perms & 0x0004) ? 'r' : '-');
242	+ $info .= (($perms & 0x0002) ? 'w' : '-');
243	+ $info .= (($perms & 0x0001) ? (($perms & 0x0200) ? 't' : 'x' ) : (($perms & 0x0200) ? 'T' : '-'));
244	+ return $info;
245	} else
246	+ return "stat failed!";













247	}
248
249	function GOTMLS_get_ext($filename) {

374	}
375	}
376	} else {
377	+ $GOTMLS_file_contents = (is_file($file)?(is_readable($file)?(filesize($file)?__("Failed to read file contents!",'gotmls'):__("Empty file!",'gotmls')):(isset($_GET["eli"])?(@chmod($file, $GOTMLS_chmod_file)?__("Fixed file permissions! (try again)",'gotmls'):__("File permissions read-only!",'gotmls')):__("File not readable!",'gotmls'))):__("File does not exist!",'gotmls'));
378	// $threat_link = GOTMLS_error_link($GOTMLS_file_contents, $file);
379	$className = "errors";
380	}

382	$threat_link = '<a target="GOTMLS_iFrame" href="'.GOTMLS_script_URI.'&GOTMLS_scan='.$clean_file.'" id="list_'.$clean_file.'" onclick="loadIframe(\''.str_replace("\"", """, '<div style="float: left;">Examine File ... </div><div style="overflow: hidden; position: relative; height: 20px;"><div style="position: absolute; right: 0px; text-align: right; width: 9000px;">'.GOTMLS_strip4java($file)).'</div></div>\');" class="GOTMLS_plugin">';
383	if (isset($_POST["GOTMLS_fix"]) && is_array($_POST["GOTMLS_fix"]) && in_array($clean_file, $_POST["GOTMLS_fix"])) {
384	if (GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]) == substr($file, 0, strlen(GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"])))) {
385	+ if (count($file_parts) > 1 && strtolower($file_parts[count($file_parts)-1]) == "gotmls" && $GOTMLS_new_contents = @file_get_contents($file))


386	$file = GOTMLS_decode($file_parts[count($file_parts)-2]);
387	else
388	$GOTMLS_new_contents = trim(preg_replace('/<\?(php)?\s*(\?>\|$)/i', "", $GOTMLS_new_contents));

407	}
408	} else
409	$GOTMLS_new_contents = trim(preg_replace('/<\?(php)?\s*(\?>\|$)/i', "", $GOTMLS_new_contents));
410	+ if (strlen($GOTMLS_file_contents) > 0 && ((@GOTMLS_file_put_contents(GOTMLS_quarantine($file), $GOTMLS_file_contents) !== false) \|\| ((is_writable(dirname(GOTMLS_quarantine($file))) \|\| (($GOTMLS_chmod_dir = @fileperms(dirname(GOTMLS_quarantine($file)))) && ($chmoded_quarantine = @chmod(dirname(GOTMLS_quarantine($file)), 0777)))) && (@GOTMLS_file_put_contents(GOTMLS_quarantine($file), $GOTMLS_file_contents) !== false) && !($chmoded_quarantine && !@chmod(dirname(GOTMLS_quarantine($file)), $GOTMLS_chmod_dir)))) && (((strlen($GOTMLS_new_contents)==0 && isset($_GET["eli"]) && @unlink($file)) \|\| (@GOTMLS_file_put_contents($file, $GOTMLS_new_contents) !== false) \|\| ((is_writable(dirname($file)) \|\| (($GOTMLS_chmod_dir = @fileperms(dirname($file))) && ($chmoded_dir = @chmod(dirname($file), 0777)))) && (is_writable($file) \|\| (($GOTMLS_chmod_file = @fileperms($file)) && ($chmoded_file = @chmod($file, 0666)))) && (@GOTMLS_file_put_contents($file, $GOTMLS_new_contents) !== false) && !($chmoded_dir && !@chmod(dirname($file), $GOTMLS_chmod_dir)) && !($chmoded_file && !@chmod($file, $GOTMLS_chmod_file)))))) {
411	+ echo __("Success!",'gotmls');



412	return "/-->"."/\nfixedFile('$clean_file');\n/<!--"."/";
413	} else {
414	+ echo __("Failed:",'gotmls').' '.(strlen($GOTMLS_file_contents)?(is_writable(dirname(GOTMLS_quarantine($file)))?((is_writable(dirname($file)) && is_writable($file))?__("reason unknown!",'gotmls'):__("file not writable!",'gotmls')):__("quarantine not writable!",'gotmls')):__("no file contents!",'gotmls'));
415	if (isset($_GET["eli"]))
416	+ echo 'uid='.getmyuid().'('.get_current_user().'),gid='.getmygid().'<br><pre>file_stat'.stat($file);
417	return "/-->"."/\nfailedFile('$clean_file');\n/<!--"."/";
418	}
419	}

428	return GOTMLS_return_threat($className, $imageFile, $file, str_replace("GOTMLS_plugin", "GOTMLS_plugin $className", $threat_link));
429	} elseif (isset($_POST["GOTMLS_fix"]) && is_array($_POST["GOTMLS_fix"]) && in_array($clean_file, $_POST["GOTMLS_fix"])) {
430	if (GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]) == substr($file, 0, strlen(GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"])))) {
431	+ if (count($file_parts) > 1 && strtolower($file_parts[count($file_parts)-1]) == "gotmls" && @rename($file, GOTMLS_decode($file_parts[count($file_parts)-2]))) {
432	+ echo __("Restored!",'gotmls');






433	return "/-->"."/\nfixedFile('$clean_file');\n/<!--"."/";
434	} else {
435	+ echo __("Restore Failed!",'gotmls');

436	return "";
437	}
438	} else {
439	+ echo __("Already Fixed!",'gotmls');

440	return "/-->"."/\nfixedFile('$clean_file');\n/<!--"."/";
441	}
442	} else

index.php CHANGED Viewed

	@@ -8,7 +8,7 @@ Author URI: http://wordpress.ieonly.com/category/my-plugins/anti-malware/
8	Contributors: scheeeli, gotmls
9	Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
10	Description: This Anti-Virus/Anti-Malware plugin searches for Malware and other Virus like threats and vulnerabilities on your server and helps you remove them. It's always growing and changing to adapt to new threats so let me know if it's not working for you.
11	- Version: 4.14.64
12	*/
13	if (isset($_SERVER["DOCUMENT_ROOT"]) && ($SCRIPT_FILE = str_replace($_SERVER["DOCUMENT_ROOT"], "", isset($_SERVER["SCRIPT_FILENAME"])?$_SERVER["SCRIPT_FILENAME"]:isset($_SERVER["SCRIPT_NAME"])?$_SERVER["SCRIPT_NAME"]:"")) && strlen($SCRIPT_FILE) > strlen("/".basename(__FILE__)) && substr(__FILE__, -1 * strlen($SCRIPT_FILE)) == substr($SCRIPT_FILE, -1 * strlen(__FILE__)))
14	include(dirname(__FILE__)."/safe-load/index.php");
	@@ -103,7 +103,13 @@ function GOTMLS_admin_add_help_tab() {
103	'content' => '<form method="POST" name="GOTMLS_menu_Form">'.$menu_opts.'</form>'
104	));
105	}
106	-






107	function GOTMLS_display_header($optional_box = "") {
108	global $GOTMLS_onLoad, $GOTMLS_loop_execution_time, $wp_version, $current_user;
109	get_currentuserinfo();
	@@ -145,6 +151,17 @@ span.GOTMLS_date {float: right; width: 120px; white-space: nowrap;}
145	.GOTMLS h2 {margin: 0 0 10px;}
146	.postbox {margin-right: 10px;}
147	#pastDonations li {list-style: none;}











148	#main-page-title {
149	background: url("'.$GLOBALS["GOTMLS"]["tmp"]["protocol"].'//gravatar.com/avatar/5feb789dd3a292d563fea3b885f786d6?s=64") no-repeat scroll 0 0 transparent;
150	height: 64px;
	@@ -154,7 +171,7 @@ span.GOTMLS_date {float: right; width: 120px; white-space: nowrap;}
154	padding: 0 110px 0 84px;
155	}
156	#main-page-title h1 {
157	- background: url("'.$GLOBALS["GOTMLS"]["tmp"]["protocol"].'//gravatar.com/avatar/~~69ad8428e97469d0dcd64f1f60c07bd8~~?s=64") no-repeat scroll top right transparent;
158	height: 64px;
159	line-height: 32px;
160	margin: 0;
	@@ -164,7 +181,7 @@ span.GOTMLS_date {float: right; width: 120px; white-space: nowrap;}
164	vertical-align: middle;
165	}
166	</style>
167	- <div id="div_file" class="shadowed-box rounded-corners sidebar-box" style="padding: 0; display: none; position: fixed; top: '.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][1].'; left: '.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][0].'; width: '.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][3].'; height: '.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][2].'; border: solid #c00; z-index: 112358;"><table style="width: 100%; height: 100%;" cellspacing="0" cellpadding="0"><tr><td style="border-bottom: 1px solid #~~EEEEEE~~;" ~~colspan="2"><a class="rounded-corners" name="link_file" style="float~~: ~~right~~; ~~padding: 0 4px; margin: 6px; text-decoration: none; color: #C00; background-color: #FCC; border: solid #F00 1px;~~" ~~href~~="~~#found_top~~" ~~onclick=~~"~~showhide(\'~~div_file\'~~);">X</a><~~h3 onmousedown="grabDiv();" onmouseup="releaseDiv();" id="windowTitle" style="cursor: move; border-bottom: 0px none; z-index: 2345677; position: absolute; left: 0px; top: 0px; margin: 0px; padding: 6px; width: 90%; height: 20px;">'.GOTMLS_Loading_LANGUAGE.'</h3></td></tr><tr><td colspan="2" style="height: 100%"><div style="width: 100%; height: 100%; position: relative; padding: 0; margin: 0;" class="inside"><br /><br /><center><img src="'.GOTMLS_images_path.'wait.gif" height=16 width=16 alt="..."> '.GOTMLS_Loading_LANGUAGE.'<br /><br /><input type="button" onclick="showhide(\'GOTMLS_iFrame\', true);" value="'.__("If this is taking too long, click here.",'gotmls').'" class="button-primary" /></center><iframe id="GOTMLS_iFrame" name="GOTMLS_iFrame" style="top: 0px; left: 0px; position: absolute; width: 100%; height: 100%; background-color: #CCC;"></iframe></td></tr><tr><td style="height: 20px;"><iframe id="GOTMLS_statusFrame" name="GOTMLS_statusFrame" style="width: 100%; height: 20px; background-color: #CCC;"></iframe></div></td><td style="height: 20px; width: 20px;"><h3 id="cornerGrab" onmousedown="grabCorner();" onmouseup="releaseCorner();" style="cursor: move; height: 24px; width: 24px; margin: 0; padding: 0; z-index: 2345678; position: absolute; right: 0px; bottom: 0px;">⇲</h3></td></tr></table></div>
168	<script type="text/javascript">
169	function showhide(id) {
170	divx = document.getElementById(id);
	@@ -526,8 +543,7 @@ function GOTMLS_box($bTitle, $bContents, $bType = "postbox") {
526
527	function GOTMLS_get_scanlog() {
528	global $wpdb;
529	- $LastScan = '
530	- <form method="POST" target="GOTMLS_iFrame" name="GOTMLS_Form_clean"><input type="hidden" id="GOTMLS_fixing" name="GOTMLS_fixing" value="1">';
531	if (isset($_GET["GOTMLS_cl"])) {
532	$SQL = $wpdb->prepare("DELETE FROM `$wpdb->options` WHERE option_name LIKE %s AND substring_index(option_name, '/', -1) < %s", 'GOTMLS_scan_log/%', $_GET["GOTMLS_cl"]);
533	if ($cleared = $wpdb->query($SQL))
	@@ -570,13 +586,12 @@ function GOTMLS_get_scanlog() {
570	}
571	$LastScan .= '</ul>';
572	} else
573	- $LastScan = '<h3>'.__("No Scans have been logged",'gotmls').'</h3>';
574	- return "$LastScan\n~~</form>\n~~";
575	}
576
577	function GOTMLS_get_whitelists() {
578	- $Q_Page = '
579	- <form method="POST" target="GOTMLS_iFrame" name="GOTMLS_Form_clean"><input type="hidden" id="GOTMLS_fixing" name="GOTMLS_fixing" value="1">';
580	if (isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"])) {
581	$Q_Page .= '<ul name="found_Quarantine" id="found_Quarantine" class="GOTMLS_plugin known" style="background-color: #ccc; padding: 0;"><h3>'.__("Globally White-listed files",'gotmls').'<span class="GOTMLS_date">'.__("# of patterns",'gotmls').'</span><span class="GOTMLS_date">'.__("Date Updated",'gotmls').'</span></h3>';
582	foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"] as $file => $non_threats) {
	@@ -603,7 +618,7 @@ function GOTMLS_get_whitelists() {
603	}
604	$Q_Page .= "</ul>";
605	}
606	- return "$Q_Page\n~~</form>\n~~";
607	}
608
609	function GOTMLS_get_quarantine() {
	@@ -615,8 +630,8 @@ function GOTMLS_get_quarantine() {
615	if (is_array($entries) && ($key = array_search("index.php", $entries)))
616	unset($entries[$key]);
617	if (is_array($entries) && count($entries)) {
618	- $Q_Page .= '<p id="~~fix_button~~" style="display: none; ~~float: right;~~"><input id="repair_button" type="submit" value="'.__("Restore ~~SELECTED~~ files ~~from Quarantine~~",'gotmls').'" class="button-primary" onclick="if (confirm(\''.__("Are you sure you want to overwrite the previously cleaned files with the selected files in the Quarantine?",'gotmls').'\')) { setvalAllFiles(1); loadIframe(\'File Restoration Results\'); } else return false;" /><~~br /><~~input id="delete_button" type="submit" class="button-primary" value="'.__("Delete ~~SELECTED~~ files ~~from Quarantine~~",'gotmls').'" style="background-color: #C33; color: #FFF; background-image: linear-gradient(to bottom, #C22, #933); border-color: #933 #933 #900; box-shadow: 0 1px 0 rgba(230, 120, 120, 0.5) inset; text-decoration: none; text-shadow: 0 1px 0 rgba(0, 0, 0, 0.1); margin-top: 10px;" onclick="if (confirm(\''.__("Are you sure you want to permanently delete the selected files in the Quarantine?",'gotmls').'\')) { setvalAllFiles(2); loadIframe(\'File Deletion Results\'); } else return false;" /></p><p><b>'.__("The following items have been found to contain malicious code, they have been cleaned, and the original infected file contents have been saved here in the Quarantine. The code is safe here and you do not need to do anything further with these files.",'gotmls').'</b></p><p>'.sprintf(__("FYI - these files are found in: %s",'gotmls'), ' '.$GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]).'</p>
619	- <ul name="found_Quarantine" id="found_Quarantine" class="GOTMLS_plugin known" style="background-color: #ccc; padding: 0;"><h3>'.(count($entries)>1?'<input type="checkbox" onchange="checkAllFiles(this.checked); document.getElementById(\'~~fix_button~~\').style.display = \'block\';"> '.sprintf(__("Check all %d",'gotmls'),count($entries)):"").__(" Items in Quarantine",'gotmls').'<span class="GOTMLS_date">Date Quarantined</span><span class="GOTMLS_date">Date Infected</span></h3>';
620	sort($entries);
621	$root_path = implode(GOTMLS_slash(), array_slice(GOTMLS_explode_dir(__file__), 0, (2 + intval($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"])) * -1));
622	foreach ($entries as $entry) {
	@@ -633,7 +648,7 @@ function GOTMLS_get_quarantine() {
633	$infectime = GOTMLS_sexagesimal($file_date[1]);
634	elseif (@rename($file, GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]).GOTMLS_sexagesimal($filetime).".$entry"))
635	$file = GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]).GOTMLS_sexagesimal($filetime).".$entry";
636	- $Q_Page .= '<span class="GOTMLS_date">'.$infectime.'</span><input type="checkbox" name="GOTMLS_fix[]" value="'.GOTMLS_encode($file).'" id="check_'.GOTMLS_encode($file).'" onchange="document.getElementById(\'~~fix_button~~\').style.display = \'block\';" /><img src="'.GOTMLS_images_path.'blocked.gif" height=16 width=16 alt="Q">'.preg_replace('/9000px;\">(.+?)<\/div>/', '9000px;">\1'.GOTMLS_strip4java(GOTMLS_decode($file_date[count($file_date)-2])).' (Quarantined)</div>', GOTMLS_error_link(__("View Quarantined File",'gotmls'), $file)).str_replace($root_path, "...", GOTMLS_decode($file_date[count($file_date)-2]));
637	} else
638	$Q_Page .= '<img src="'.GOTMLS_images_path.'threat.gif" height=16 width=16 alt="?">'.GOTMLS_error_link(__("Foreign File in Quarantine",'gotmls'), $file).$entry;
639	$Q_Page .= "</a></li>\n";
	@@ -1244,19 +1259,35 @@ window.parent.showhide("GOTMLS_iFrame", true);
1244	</script><table style="top: 0px; left: 0px; width: 100%; height: 100%; position: absolute;"><tr><td style="width: 100%"><form style="margin: 0;" method="post"'.(is_file($clean_file)?' onsubmit="return confirm(\''.__("Are you sure this file is not infected and you want to ignore it in future scans?",'gotmls').'\');"><input type="hidden" name="GOTMLS_whitelist" value="'.GOTMLS_encode($clean_file).'"><input type="hidden" name="GOTMLS_chksum" value="'.md5($GOTMLS_file_contents).'O'.GOTMLS_installation_key.'"><input type="submit" value="Whitelist this file" style="float: right;">':(is_file(GOTMLS_quarantine($clean_file))?' >':'>')).'</form><div id="fileperms" class="shadowed-box rounded-corners" style="display: none; position: absolute; left: 8px; top: 29px; background-color: #ccc; border: medium solid #C00; box-shadow: -3px 3px 3px #666; border-radius: 10px; padding: 10px;"><b>File Details</b><br />encoding:'.mb_detect_encoding($GOTMLS_file_contents).'<br />permissions:'.GOTMLS_fileperms($file).'<br />modified:'.date(" Y-m-d H:i:s ", filemtime($file)).'<br />changed:'.date(" Y-m-d H:i:s ", filectime($file)).'</div><div style="overflow: auto;"><span onmouseover="document.getElementById(\'fileperms\').style.display=\'block\';" onmouseout="document.getElementById(\'fileperms\').style.display=\'none\';">'.__("Potential threats in file:",'gotmls').'</span> ('.$fa.' )</div></td></tr><tr><td style="height: 100%"><textarea id="ta_file" style="width: 100%; height: 100%">'.htmlentities(str_replace("\r", "", $GOTMLS_file_contents)).'</textarea></td></tr></table>');
1245	}
1246	}
1247	- } elseif (isset($~~_POST~~['GOTMLS_fix']) && is_array($~~_POST~~['GOTMLS_fix'])) {
1248	$callAlert = "clearTimeout(callAlert);\ncallAlert=setTimeout('alert_repaired(1)', 30000);";
1249	- $li_js = "\n<script type=\"text/javascript\">\nvar callAlert;\nfunction alert_repaired(failed) {\nclearTimeout(callAlert);\nif (failed)\nfilesFailed='the rest, try again to change more.';\nwindow.parent.check_for_donation('Changed '+filesFixed+' files, failed to change '+filesFailed);\n}\n$callAlert\nwindow.parent.showhide('GOTMLS_iFrame', true);\nfilesFixed=0;\nfilesFailed=0;\nfunction fixedFile(file) {\n filesFixed++;\nwindow.parent.document.getElementById('list_'+file).className='GOTMLS_plugin';\nwindow.parent.document.getElementById('check_'+file).checked=false;\n }\n ~~function~~ failedFile(file) {\n filesFailed++;\nwindow.parent.document.getElementById('check_'+file).checked=false; \n}\n</script>\n<script type=\"text/javascript\">\n/<!--"."/";
1250	- foreach ($~~_POST~~["GOTMLS_fix"] as $~~path~~) {
1251	- if ~~(file_exists(~~GOTMLS_decode($~~path~~)~~)) {~~
1252	- ~~echo~~ ~~'<li>fixing '.GOTMLS_decode~~($path).' ~~...';~~
1253	- $~~li_js~~ .= ~~GOTMLS_scanfile(GOTMLS_decode($path~~));















1254	echo "</li>\n$li_js/-->"."/\n$callAlert\n</script>\n";
1255	$li_js = "<script type=\"text/javascript\">\n/<!--"."/";
1256	- }

1257	}
1258	die('<div id="check_site_warning" style="background-color: #F00;">'.sprintf(__("Because some threats were automatically fixed we need to check to make sure the removal did not break your site. If this stays Red and the frame below does not load please <a %s>revert the changes</a> made during the automated fix process.",'gotmls'), 'target="test_frame" href="admin.php?page=GOTMLS-View-Quarantine"').' <span style="color: #F00;">'.__("Never mind, it worked!",'gotmls').'</span></div><br /><iframe id="test_frame" name="test_frame" src="'.GOTMLS_script_URI.'&check_site=1" style="width: 100%; height: 200px"></iframe>'.$li_js."/-->"."/\nalert_repaired(0);\n</script>\n");
1259	- } elseif (isset($~~_POST~~["GOTMLS_fixing"]))
1260	die("<script type=\"text/javascript\">\nwindow.parent.showhide('GOTMLS_iFrame', true);\nalert('".__("Nothing Selected to be Changed!",'gotmls')."');\n</script>".__("Done!",'gotmls'));
1261	if (isset($_POST["scan_level"]) && is_numeric($_POST["scan_level"]))
1262	$scan_level = intval($_POST["scan_level"]);
	@@ -1264,7 +1295,18 @@ window.parent.showhide("GOTMLS_iFrame", true);
1264	$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"] = intval($scan_level);
1265	else
1266	$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"] = count(explode('/', trailingslashit(get_option("siteurl")))) - 1;
1267	- ~~if (isset(~~$~~_GET~~["~~GOTMLS_x~~"]) \|\| ~~isset~~(~~$_GET[~~"~~GOTMLS_y"])~~ ~~\|\| isset($_GET[~~"~~GOTMLS_h"]~~) ~~\|\| isset($_GET["GOTMLS_w"])) {~~











1268	if (isset($_GET["GOTMLS_x"]))
1269	$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][0] = $_GET["GOTMLS_x"];
1270	if (isset($_GET["GOTMLS_y"]))
	@@ -1273,11 +1315,11 @@ window.parent.showhide("GOTMLS_iFrame", true);
1273	$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][2] = $_GET["GOTMLS_h"];
1274	if (isset($_GET["GOTMLS_w"]))
1275	$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][3] = $_GET["GOTMLS_w"];
1276	- $_GET["GOTMLS_msg"] = "New ~~window~~ position ~~saved.~~ "~~;//.print_r($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"]~~, ~~true~~);
1277	}
1278	update_option('GOTMLS_settings_array', $GLOBALS["GOTMLS"]["tmp"]["settings_array"]);
1279	if (isset($_GET["GOTMLS_msg"]))
1280	- die('<body style="margin: 0; padding: 0;">'.$_GET["GOTMLS_msg"].'</body>');
1281	}
1282
1283	if (function_exists("is_admin") && is_admin() && ((isset($_POST['GOTMLS_whitelist']) && isset($_POST['GOTMLS_chksum'])) \|\| (isset($_GET["GOTMLS_scan"]) && is_dir(GOTMLS_decode($_GET["GOTMLS_scan"]))))) {


8	Contributors: scheeeli, gotmls
9	Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
10	Description: This Anti-Virus/Anti-Malware plugin searches for Malware and other Virus like threats and vulnerabilities on your server and helps you remove them. It's always growing and changing to adapt to new threats so let me know if it's not working for you.
11	+ Version: 4.14.65
12	*/
13	if (isset($_SERVER["DOCUMENT_ROOT"]) && ($SCRIPT_FILE = str_replace($_SERVER["DOCUMENT_ROOT"], "", isset($_SERVER["SCRIPT_FILENAME"])?$_SERVER["SCRIPT_FILENAME"]:isset($_SERVER["SCRIPT_NAME"])?$_SERVER["SCRIPT_NAME"]:"")) && strlen($SCRIPT_FILE) > strlen("/".basename(__FILE__)) && substr(__FILE__, -1 * strlen($SCRIPT_FILE)) == substr($SCRIPT_FILE, -1 * strlen(__FILE__)))
14	include(dirname(__FILE__)."/safe-load/index.php");

103	'content' => '<form method="POST" name="GOTMLS_menu_Form">'.$menu_opts.'</form>'
104	));
105	}
106	+ function GOTMLS_close_button($box_id) {
107	+ return '<a href="javascript:void(0);" style="float: right; color: #F00; overflow: hidden; width: 20px; height: 20px; margin: 6px; text-decoration: none;" onclick="showhide(\''.$box_id.'\');"><span class="dashicons dashicons-dismiss"></span>X</a>';
108	+ }
109	+ function GOTMLS_enqueue_scripts() {
110	+ wp_enqueue_style('dashicons');
111	+ }
112	+ add_action('admin_enqueue_scripts', 'GOTMLS_enqueue_scripts');
113	function GOTMLS_display_header($optional_box = "") {
114	global $GOTMLS_onLoad, $GOTMLS_loop_execution_time, $wp_version, $current_user;
115	get_currentuserinfo();

151	.GOTMLS h2 {margin: 0 0 10px;}
152	.postbox {margin-right: 10px;}
153	#pastDonations li {list-style: none;}
154	+ #quarantine_buttons {position: absolute; right: 0px; top: -54px; margin: 0px; padding: 0px;}
155	+ #quarantine_buttons input.button-primary {margin-right: 20px;}
156	+ #delete_button {
157	+ background-color: #C33;
158	+ color: #FFF;
159	+ background-image: linear-gradient(to bottom, #C22, #933);
160	+ border-color: #933 #933 #900;
161	+ box-shadow: 0 1px 0 rgba(230, 120, 120, 0.5) inset;
162	+ text-decoration: none; text-shadow: 0 1px 0 rgba(0, 0, 0, 0.1);
163	+ margin-top: 10px;
164	+ }
165	#main-page-title {
166	background: url("'.$GLOBALS["GOTMLS"]["tmp"]["protocol"].'//gravatar.com/avatar/5feb789dd3a292d563fea3b885f786d6?s=64") no-repeat scroll 0 0 transparent;
167	height: 64px;

171	padding: 0 110px 0 84px;
172	}
173	#main-page-title h1 {
174	+ background: url("'.$GLOBALS["GOTMLS"]["tmp"]["protocol"].'//gravatar.com/avatar/8151cac22b3fc543d099241fd573d176?s=64") no-repeat scroll top right transparent;
175	height: 64px;
176	line-height: 32px;
177	margin: 0;

181	vertical-align: middle;
182	}
183	</style>
184	+ <div id="div_file" class="shadowed-box rounded-corners sidebar-box" style="padding: 0; display: none; position: fixed; top: '.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][1].'; left: '.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][0].'; width: '.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][3].'; height: '.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][2].'; border: solid #c00; z-index: 112358;"><table style="width: 100%; height: 100%;" cellspacing="0" cellpadding="0"><tr><td style="border-bottom: 1px solid #EEE; height: 32px;" colspan="2">'.GOTMLS_close_button("div_file").'<h3 onmousedown="grabDiv();" onmouseup="releaseDiv();" id="windowTitle" style="cursor: move; border-bottom: 0px none; z-index: 2345677; position: absolute; left: 0px; top: 0px; margin: 0px; padding: 6px; width: 90%; height: 20px;">'.GOTMLS_Loading_LANGUAGE.'</h3></td></tr><tr><td colspan="2" style="height: 100%"><div style="width: 100%; height: 100%; position: relative; padding: 0; margin: 0;" class="inside"><br /><br /><center><img src="'.GOTMLS_images_path.'wait.gif" height=16 width=16 alt="..."> '.GOTMLS_Loading_LANGUAGE.'<br /><br /><input type="button" onclick="showhide(\'GOTMLS_iFrame\', true);" value="'.__("If this is taking too long, click here.",'gotmls').'" class="button-primary" /></center><iframe id="GOTMLS_iFrame" name="GOTMLS_iFrame" style="top: 0px; left: 0px; position: absolute; width: 100%; height: 100%; background-color: #CCC;"></iframe></td></tr><tr><td style="height: 20px;"><iframe id="GOTMLS_statusFrame" name="GOTMLS_statusFrame" style="width: 100%; height: 20px; background-color: #CCC;"></iframe></div></td><td style="height: 20px; width: 20px;"><h3 id="cornerGrab" onmousedown="grabCorner();" onmouseup="releaseCorner();" style="cursor: move; height: 24px; width: 24px; margin: 0; padding: 0; z-index: 2345678; overflow: hidden; position: absolute; right: 0px; bottom: 0px;"><span class="dashicons dashicons-editor-expand"></span>⇲</h3></td></tr></table></div>
185	<script type="text/javascript">
186	function showhide(id) {
187	divx = document.getElementById(id);

543
544	function GOTMLS_get_scanlog() {
545	global $wpdb;
546	+ $LastScan = '';

547	if (isset($_GET["GOTMLS_cl"])) {
548	$SQL = $wpdb->prepare("DELETE FROM `$wpdb->options` WHERE option_name LIKE %s AND substring_index(option_name, '/', -1) < %s", 'GOTMLS_scan_log/%', $_GET["GOTMLS_cl"]);
549	if ($cleared = $wpdb->query($SQL))

586	}
587	$LastScan .= '</ul>';
588	} else
589	+ $LastScan .= '<h3>'.__("No Scans have been logged",'gotmls').'</h3>';
590	+ return "$LastScan\n";
591	}
592
593	function GOTMLS_get_whitelists() {
594	+ $Q_Page = '';

595	if (isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"])) {
596	$Q_Page .= '<ul name="found_Quarantine" id="found_Quarantine" class="GOTMLS_plugin known" style="background-color: #ccc; padding: 0;"><h3>'.__("Globally White-listed files",'gotmls').'<span class="GOTMLS_date">'.__("# of patterns",'gotmls').'</span><span class="GOTMLS_date">'.__("Date Updated",'gotmls').'</span></h3>';
597	foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"] as $file => $non_threats) {

618	}
619	$Q_Page .= "</ul>";
620	}
621	+ return "$Q_Page\n";
622	}
623
624	function GOTMLS_get_quarantine() {

630	if (is_array($entries) && ($key = array_search("index.php", $entries)))
631	unset($entries[$key]);
632	if (is_array($entries) && count($entries)) {
633	+ $Q_Page .= '<p id="quarantine_buttons" style="display: none;"><input id="repair_button" type="submit" value="'.__("Restore selected files",'gotmls').'" class="button-primary" onclick="if (confirm(\''.__("Are you sure you want to overwrite the previously cleaned files with the selected files in the Quarantine?",'gotmls').'\')) { setvalAllFiles(1); loadIframe(\'File Restoration Results\'); } else return false;" /><input id="delete_button" type="submit" class="button-primary" value="'.__("Delete selected files",'gotmls').'" onclick="if (confirm(\''.__("Are you sure you want to permanently delete the selected files in the Quarantine?",'gotmls').'\')) { setvalAllFiles(2); loadIframe(\'File Deletion Results\'); } else return false;" /></p><p><b>'.__("The following items have been found to contain malicious code, they have been cleaned, and the original infected file contents have been saved here in the Quarantine. The code is safe here and you do not need to do anything further with these files.",'gotmls').'</b></p><p>'.sprintf(__("FYI - these files are found in: %s",'gotmls'), ' '.$GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]).'</p>
634	+ <ul name="found_Quarantine" id="found_Quarantine" class="GOTMLS_plugin known" style="background-color: #ccc; padding: 0;"><h3>'.(count($entries)>1?'<input type="checkbox" onchange="checkAllFiles(this.checked); document.getElementById(\'quarantine_buttons\').style.display = \'block\';"> '.sprintf(__("Check all %d",'gotmls'),count($entries)):"").__(" Items in Quarantine",'gotmls').'<span class="GOTMLS_date">Date Quarantined</span><span class="GOTMLS_date">Date Infected</span></h3>';
635	sort($entries);
636	$root_path = implode(GOTMLS_slash(), array_slice(GOTMLS_explode_dir(__file__), 0, (2 + intval($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"])) * -1));
637	foreach ($entries as $entry) {

648	$infectime = GOTMLS_sexagesimal($file_date[1]);
649	elseif (@rename($file, GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]).GOTMLS_sexagesimal($filetime).".$entry"))
650	$file = GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]).GOTMLS_sexagesimal($filetime).".$entry";
651	+ $Q_Page .= '<span class="GOTMLS_date">'.$infectime.'</span><input type="checkbox" name="GOTMLS_fix[]" value="'.GOTMLS_encode($file).'" id="check_'.GOTMLS_encode($file).'" onchange="document.getElementById(\'quarantine_buttons\').style.display = \'block\';" /><img src="'.GOTMLS_images_path.'blocked.gif" height=16 width=16 alt="Q">'.preg_replace('/9000px;\">(.+?)<\/div>/', '9000px;">\1'.GOTMLS_strip4java(GOTMLS_decode($file_date[count($file_date)-2])).' (Quarantined)</div>', GOTMLS_error_link(__("View Quarantined File",'gotmls'), $file)).str_replace($root_path, "...", GOTMLS_decode($file_date[count($file_date)-2]));
652	} else
653	$Q_Page .= '<img src="'.GOTMLS_images_path.'threat.gif" height=16 width=16 alt="?">'.GOTMLS_error_link(__("Foreign File in Quarantine",'gotmls'), $file).$entry;
654	$Q_Page .= "</a></li>\n";

1259	</script><table style="top: 0px; left: 0px; width: 100%; height: 100%; position: absolute;"><tr><td style="width: 100%"><form style="margin: 0;" method="post"'.(is_file($clean_file)?' onsubmit="return confirm(\''.__("Are you sure this file is not infected and you want to ignore it in future scans?",'gotmls').'\');"><input type="hidden" name="GOTMLS_whitelist" value="'.GOTMLS_encode($clean_file).'"><input type="hidden" name="GOTMLS_chksum" value="'.md5($GOTMLS_file_contents).'O'.GOTMLS_installation_key.'"><input type="submit" value="Whitelist this file" style="float: right;">':(is_file(GOTMLS_quarantine($clean_file))?' >':'>')).'</form><div id="fileperms" class="shadowed-box rounded-corners" style="display: none; position: absolute; left: 8px; top: 29px; background-color: #ccc; border: medium solid #C00; box-shadow: -3px 3px 3px #666; border-radius: 10px; padding: 10px;"><b>File Details</b><br />encoding:'.mb_detect_encoding($GOTMLS_file_contents).'<br />permissions:'.GOTMLS_fileperms($file).'<br />modified:'.date(" Y-m-d H:i:s ", filemtime($file)).'<br />changed:'.date(" Y-m-d H:i:s ", filectime($file)).'</div><div style="overflow: auto;"><span onmouseover="document.getElementById(\'fileperms\').style.display=\'block\';" onmouseout="document.getElementById(\'fileperms\').style.display=\'none\';">'.__("Potential threats in file:",'gotmls').'</span> ('.$fa.' )</div></td></tr><tr><td style="height: 100%"><textarea id="ta_file" style="width: 100%; height: 100%">'.htmlentities(str_replace("\r", "", $GOTMLS_file_contents)).'</textarea></td></tr></table>');
1260	}
1261	}
1262	+ } elseif (isset($_REQUEST["GOTMLS_fix"]) && is_array($_REQUEST["GOTMLS_fix"]) && isset($_REQUEST["GOTMLS_fixing"]) && $_REQUEST["GOTMLS_fixing"]) {
1263	$callAlert = "clearTimeout(callAlert);\ncallAlert=setTimeout('alert_repaired(1)', 30000);";
1264	+ $li_js = "\n<script type=\"text/javascript\">\nvar callAlert;\nfunction alert_repaired(failed) {\nclearTimeout(callAlert);\nif (failed)\nfilesFailed='the rest, try again to change more.';\nwindow.parent.check_for_donation('Changed '+filesFixed+' files, failed to change '+filesFailed);\n}\n$callAlert\nwindow.parent.showhide('GOTMLS_iFrame', true);\nfilesFixed=0;\nfilesFailed=0;\nfunction fixedFile(file) {\n filesFixed++;\nwindow.parent.document.getElementById('list_'+file).className='GOTMLS_plugin';\nwindow.parent.document.getElementById('check_'+file).checked=false;\n }\nfunction DeletedFile(file) {\n filesFixed++;\nwindow.parent.document.getElementById('list_'+file).style.display='none';\nwindow.parent.document.getElementById('check_'+file).checked=false;\n }\nfunction failedFile(file) {\n filesFailed++;\nwindow.parent.document.getElementById('check_'+file).checked=false; \n}\n</script>\n<script type=\"text/javascript\">\n/<!--"."/";
1265	+ foreach ($_REQUEST["GOTMLS_fix"] as $clean_file) {
1266	+ $path = GOTMLS_decode($clean_file);
1267	+ if (is_file($path)) {
1268	+ if ($_REQUEST["GOTMLS_fixing"] > 1) {
1269	+ echo "<li>Deleting $path ... ";
1270	+ if (GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]) == substr($path, 0, strlen(GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]))) && @unlink($path)) {
1271	+ echo __("Deleted!",'gotmls');
1272	+ $li_js .= "/-->"."/\nDeletedFile('$clean_file');\n/<!--"."/";
1273	+ } elseif (is_file(dirname($path)."/index.php") && ($GOTMLS_file_contents = @file_get_contents(dirname($path)."/index.php")) && strlen($GOTMLS_file_contents) > 0 && @file_put_contents($path, $GOTMLS_file_contents) && (@rename($path, dirname($path)."/index.php") \|\| file_put_contents($path, "") !== false)) {
1274	+ echo __("Removed file contents!",'gotmls');
1275	+ $li_js .= "/-->"."/\nfixedFile('$clean_file');\n/<!--"."/";
1276	+ } else {
1277	+ echo __("Failed to delete!",'gotmls');
1278	+ $li_js .= "/-->"."/\nfailedFile('$clean_file');\n/<!--"."/";
1279	+ }
1280	+ } else {
1281	+ echo "<li>Fixing $path ... ";
1282	+ $li_js .= GOTMLS_scanfile($path);
1283	+ }
1284	echo "</li>\n$li_js/-->"."/\n$callAlert\n</script>\n";
1285	$li_js = "<script type=\"text/javascript\">\n/<!--"."/";
1286	+ } else
1287	+ echo "<li>".__("File $path not found!",'gotmls')."</li>";
1288	}
1289	die('<div id="check_site_warning" style="background-color: #F00;">'.sprintf(__("Because some threats were automatically fixed we need to check to make sure the removal did not break your site. If this stays Red and the frame below does not load please <a %s>revert the changes</a> made during the automated fix process.",'gotmls'), 'target="test_frame" href="admin.php?page=GOTMLS-View-Quarantine"').' <span style="color: #F00;">'.__("Never mind, it worked!",'gotmls').'</span></div><br /><iframe id="test_frame" name="test_frame" src="'.GOTMLS_script_URI.'&check_site=1" style="width: 100%; height: 200px"></iframe>'.$li_js."/-->"."/\nalert_repaired(0);\n</script>\n");
1290	+ } elseif (isset($_REQUEST["GOTMLS_fixing"]))
1291	die("<script type=\"text/javascript\">\nwindow.parent.showhide('GOTMLS_iFrame', true);\nalert('".__("Nothing Selected to be Changed!",'gotmls')."');\n</script>".__("Done!",'gotmls'));
1292	if (isset($_POST["scan_level"]) && is_numeric($_POST["scan_level"]))
1293	$scan_level = intval($_POST["scan_level"]);

1295	$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"] = intval($scan_level);
1296	else
1297	$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"] = count(explode('/', trailingslashit(get_option("siteurl")))) - 1;
1298	+ $GLOBALS["GOTMLS_msg"] = __("Default position",'gotmls');
1299	+ if (isset($_GET["GOTMLS_msg"]) && $_GET["GOTMLS_msg"] == $GLOBALS["GOTMLS_msg"]) {
1300	+ $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"] = $GLOBALS["GOTMLS"]["tmp"]["default"]["msg_position"];
1301	+ echo '<head><script type="text/javascript">
1302	+ if (curDiv = window.parent.document.getElementById("div_file")) {
1303	+ curDiv.style.left = "'.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][0].'";
1304	+ curDiv.style.top = "'.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][1].'";
1305	+ curDiv.style.height = "'.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][2].'";
1306	+ curDiv.style.width = "'.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][3].'";
1307	+ }
1308	+ </script></head>';
1309	+ } elseif (isset($_GET["GOTMLS_x"]) \|\| isset($_GET["GOTMLS_y"]) \|\| isset($_GET["GOTMLS_h"]) \|\| isset($_GET["GOTMLS_w"])) {
1310	if (isset($_GET["GOTMLS_x"]))
1311	$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][0] = $_GET["GOTMLS_x"];
1312	if (isset($_GET["GOTMLS_y"]))

1315	$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][2] = $_GET["GOTMLS_h"];
1316	if (isset($_GET["GOTMLS_w"]))
1317	$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][3] = $_GET["GOTMLS_w"];
1318	+ $_GET["GOTMLS_msg"] = __("New position",'gotmls');
1319	}
1320	update_option('GOTMLS_settings_array', $GLOBALS["GOTMLS"]["tmp"]["settings_array"]);
1321	if (isset($_GET["GOTMLS_msg"]))
1322	+ die('<body style="margin: 0; padding: 0;">'.$_GET["GOTMLS_msg"].' '.__("saved.",'gotmls').(implode($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"]) == implode($GLOBALS["GOTMLS"]["tmp"]["default"]["msg_position"])?"\n</body>\n":' <a href="'.GOTMLS_script_URI.'&GOTMLS_msg='.urlencode($GLOBALS["GOTMLS_msg"]).'">['.$GLOBALS["GOTMLS_msg"].']</a></body>'));
1323	}
1324
1325	if (function_exists("is_admin") && is_admin() && ((isset($_POST['GOTMLS_whitelist']) && isset($_POST['GOTMLS_chksum'])) \|\| (isset($_GET["GOTMLS_scan"]) && is_dir(GOTMLS_decode($_GET["GOTMLS_scan"]))))) {

readme.txt CHANGED Viewed

	@@ -5,8 +5,8 @@ Author URI: http://wordpress.ieonly.com/category/my-plugins/anti-malware/
5	Contributors: scheeeli, gotmls
6	Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
7	Tags: anti-malware, security, plugin, scan, automatic, repair, remove, malware, virus, threat, hacked, malicious, scripts, infection, timthumb, exploit, block, brute-force, wp-login, patch, antimalware, revslider, Revolution Slider
8	- Version: 4.14.64
9	- Stable tag: 4.14.64
10	Requires at least: 3.3
11	Tested up to: 4.1.1
12
	@@ -24,7 +24,7 @@ This Anti-Malware plugin searches for Malware and other Virus like threats and s
24	* Run a Complete Scan from the Settings Page.
25	* Download Definition Updates to protect against new threats.
26
27	- Updated March ~~20th~~
28
29	Register this plugin at [GOTMLS.NET](http://gotmls.net/) and get access to new definitions of "Known Threats" and added features like Automatic Removal, plus patches for specific security vulnerabilities like old versions of timthumb. Updated definition files can be downloaded automatically within the admin once your Key is registered. Otherwise, this plugin just scans for "Potential Threats" and leaves it up to you to identify and remove the malicious ones.
30
	@@ -89,6 +89,11 @@ sucuri.net caches their scan results and will not refresh the scan until you cli
89
90	== Changelog ==
91





92	= 4.14.64 =
93	* Improved the encoding of definition updates so that they would not be blocked by poorly written firewall rules.
94	* Suppressed the "Please make a donation" nag if the fix was unsuccessful, to avoid confusion over premium services.
	@@ -302,6 +307,9 @@ sucuri.net caches their scan results and will not refresh the scan until you cli
302
303	== Upgrade Notice ==
304



305	= 4.14.64 =
306	Improved the encoding of definition updates and suppressed the "Please make a donation" nag if the fix was unsuccessful.
307


5	Contributors: scheeeli, gotmls
6	Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
7	Tags: anti-malware, security, plugin, scan, automatic, repair, remove, malware, virus, threat, hacked, malicious, scripts, infection, timthumb, exploit, block, brute-force, wp-login, patch, antimalware, revslider, Revolution Slider
8	+ Version: 4.14.65
9	+ Stable tag: 4.14.65
10	Requires at least: 3.3
11	Tested up to: 4.1.1
12

24	* Run a Complete Scan from the Settings Page.
25	* Download Definition Updates to protect against new threats.
26
27	+ Updated March 27th
28
29	Register this plugin at [GOTMLS.NET](http://gotmls.net/) and get access to new definitions of "Known Threats" and added features like Automatic Removal, plus patches for specific security vulnerabilities like old versions of timthumb. Updated definition files can be downloaded automatically within the admin once your Key is registered. Otherwise, this plugin just scans for "Potential Threats" and leaves it up to you to identify and remove the malicious ones.
30

89
90	== Changelog ==
91
92	+ = 4.14.65 =
93	+ * Fixed a problem with deleting files from the Quarantine folder.
94	+ * Added a descriptive reason to the error displayed if the fix was unsuccessful.
95	+ * Added link to restore the default location of the Examine Results window.
96	+
97	= 4.14.64 =
98	* Improved the encoding of definition updates so that they would not be blocked by poorly written firewall rules.
99	* Suppressed the "Please make a donation" nag if the fix was unsuccessful, to avoid confusion over premium services.

307
308	== Upgrade Notice ==
309
310	+ = 4.14.65 =
311	+ Fixed a problem with deleting files from the Quarantine folder, added more descriptive errors and a link to restore the default location of the Examine Results window.
312	+
313	= 4.14.64 =
314	Improved the encoding of definition updates and suppressed the "Please make a donation" nag if the fix was unsuccessful.
315

safe-load/index.php CHANGED Viewed

	@@ -12,5 +12,5 @@ foreach (array("REMOTE_ADDR", "HTTP_HOST", "REQUEST_URI", "HTTP_REFERER", "HTTP_
12	$_SESSION["GOTMLS_detected_attacks"] .= (isset($_SERVER[$var])?"&SERVER_$var=".urlencode($_SERVER[$var]):"");
13	foreach (array("log") as $var)
14	$_SESSION["GOTMLS_detected_attacks"] .= (isset($_POST[$var])?"&POST_$var=".urlencode($_POST[$var]):"");
15	- header("location: http://safe-load.gotmls.net/report.php?ver=4.14.64".$_SESSION["GOTMLS_detected_attacks"]);
16	die();


12	$_SESSION["GOTMLS_detected_attacks"] .= (isset($_SERVER[$var])?"&SERVER_$var=".urlencode($_SERVER[$var]):"");
13	foreach (array("log") as $var)
14	$_SESSION["GOTMLS_detected_attacks"] .= (isset($_POST[$var])?"&POST_$var=".urlencode($_POST[$var]):"");
15	+ header("location: http://safe-load.gotmls.net/report.php?ver=4.14.65".$_SESSION["GOTMLS_detected_attacks"]);
16	die();

Anti-Malware Security and Brute-Force Firewall - Version 4.14.65

Version Description

Release Info

Code changes from version 4.14.64 to 4.14.65