Anti-Malware Security and Brute-Force Firewall

Version Description

Created an automatic update feature that downloads any new definition updates before starting the scan.
Added WordPress Core files to the new definitions update process and included a scan option to check the integrity of the Core files.
Automatically whitelisted the unmodified WordPress Core files.
Made more improvements to the Brute-Force protection patch and other minor cosmetic changes to the interface.
Protected the HTML in my plugin from filter injections and fixed a few other minor bugs.

Release Info

Developer	scheeeli
Plugin	Anti-Malware Security and Brute-Force Firewall
Version	4.15.16
Comparing to
See all releases

Code changes from version 4.14.65 to 4.15.16

Files changed (4) hide show

images/index.php +112 -95
index.php +100 -96
readme.txt +14 -4
safe-load/index.php +1 -1

images/index.php CHANGED Viewed

	@@ -10,12 +10,12 @@ function GOTMLS_define($DEF, $val) {
10	define($DEF, $val);
11	}}
12
13	- GOTMLS_define("GOTMLS_Version", "4.14.65");
14	GOTMLS_define("GOTMLS_require_version", "3.3");
15	GOTMLS_define("GOTMLS_plugin_dir", "gotmls");
16	GOTMLS_define("GOTMLS_local_images_path", dirname(__FILE__)."/");
17	GOTMLS_define("GOTMLS_plugin_path", dirname(GOTMLS_local_images_path).'/');
18	- $GLOBALS["GOTMLS"] = array("tmp"=>array("mt"=>((isset($_GET["mt"])&&is_numeric($_GET["mt"]))?$_GET["mt"]:microtime(true)), "default_ext"=>"ieonly.", "skip_ext"=>array("png", "jpg", "jpeg", "gif", "bmp", "tif", "tiff", "psd", "fla", "flv", "mov", "mp3", "exe", "zip", "pdf", "css", "pot", "po", "mo", "so", "doc", "docx", "svg", "ttf"),"default" => array("msg_position" => array('80px', '40px', '400px', '600px'))));
19	GOTMLS_define("GOTMLS_script_URI", preg_replace('/\&(last_)?mt=[0-9\.]+/','', str_replace('&', '&', htmlspecialchars($_SERVER["REQUEST_URI"], ENT_QUOTES))).'&mt='.$GLOBALS["GOTMLS"]["tmp"]["mt"]);
20
21	if (!function_exists("GOTMLS_encode")) {
	@@ -125,8 +125,6 @@ $GOTMLS_new_contents = "";
125	$GOTMLS_onLoad = "";
126	$GOTMLS_encode = '/[\?\-a-z\: \.\=\/A-Z\&\_]/';
127	$GOTMLS_threat_files = array("htaccess"=>".htaccess","timthumb"=>"thumb.php");
128	- $GOTMLS_core_files = array("wp_login"=>"/wp-login.php");
129	- $GOTMLS_threat_levels = array(__("htaccess Threats",'gotmls')=>"htaccess",__("TimThumb Exploits",'gotmls')=>"timthumb",__("Backdoor Scripts",'gotmls')=>"backdoor",__("Known Threats",'gotmls')=>"known",__("WP-Login Updates",'gotmls')=>"wp_login",__("Potential Threats",'gotmls')=>"potential");
130	$GOTMLS_image_alt = array("wait"=>"...", "checked"=>"✔", "blocked"=>"X", "question"=>"?", "threat"=>"!");
131	$GOTMLS_threats_found = array();
132	$GOTMLS_dir_at_depth = array();
	@@ -252,40 +250,56 @@ function GOTMLS_get_ext($filename) {
252	}
253
254	function GOTMLS_check_threat($check_threats, $file='UNKNOWN') {
255	- global $GOTMLS_threats_found, $GOTMLS_new_contents, $GOTMLS_file_contents;
256	$GOTMLS_threats_found = array();
257	if (is_array($check_threats)) {
258	- ~~foreach~~ (~~$check_threats~~ as $~~threat_name=>$threat_definitions~~) {
259	- if (isset($~~_SESSION~~["~~GOTMLS_debug~~"])) {
260	- $~~_SESSION~~["~~GOTMLS_debug~~"]["~~threat_name~~"] = $~~threat_name;~~
261	- $~~_SESSION["GOTMLS_debug"]["last"]["threat_name"]~~ = ~~microtime~~(~~true~~);









262	}
263	- if ~~(is_array($threat_definitions)~~ ~~&& count($threat_definitions) > 1 && strlen(array_shift($threat_definitions)) == 5)~~ {
264	- ~~while~~ ($~~threat_definition~~ = ~~array_shift(~~$threat_definitions)) {
265	- if (~~$found = @preg_match_all~~($~~threat_definition, $GOTMLS_file_contents, $threats_found~~)) {
266	- ~~foreach (~~$~~threats_found~~[0] as $~~find) {~~
267	- $~~GOTMLS_threats_found~~[~~$find~~] = ~~$threat_name~~;
268	- ~~$GOTMLS_new_contents = str_replace($find, "", $GOTMLS_new_contents);~~







269	}
270	}
271	}
272	- }
273	- if (~~isset~~($_SESSION["GOTMLS_debug"])~~) {~~
274	- ~~$file_time~~ ~~= round~~(~~microtime~~(~~true) -~~ $~~_SESSION~~["GOTMLS_debug"]["~~last~~"]["~~threat_name~~"]~~, 5~~);
275	- if ~~(isset($_GET[~~"GOTMLS_debug~~"])~~ ~~&& is_numeric(~~$~~_GET["GOTMLS_debug"])~~ && $~~file_time~~ > $~~_GET[~~"~~GOTMLS_debug"])~~
276	- ~~echo~~ "~~\n//~~GOTMLS_debug $~~file_time $~~threat_name ~~$file\n~~";
277	- ~~if (isset(~~$_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["total"]))
278	- ~~$_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["total"] += $file_time;~~
279	- ~~else~~
280	- $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["~~total~~"] ~~= $file_time;~~
281	- ~~if (isset(~~$_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["count"]))
282	- ~~$_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["count"] ++;~~
283	- ~~else~~
284	- $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["~~count~~"] = 1;
285	- ~~if (!isset(~~$_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["least"]) \|\| $file_time ~~< $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["least"])~~
286	- $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["~~least~~"] = $file_time;
287	- ~~if (!isset(~~$_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["most"]) \|\| $file_time ~~> $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["most"])~~
288	- ~~$_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["most"] = $file_time;~~
289	}
290	}
291	} elseif (strlen($check_threats) && isset($_GET['eli']) && substr($check_threats, 0, 1) == '/' && ($found = preg_match_all($check_threats, $GOTMLS_file_contents, $threats_found))) {
	@@ -313,7 +327,7 @@ function GOTMLS_check_threat($check_threats, $file='UNKNOWN') {
313	}
314
315	function GOTMLS_scanfile($file) {
316	- global $~~GOTMLS_core_files, $~~wp_version, $~~GOTMLS_threat_levels, $~~GOTMLS_threat_files, $GOTMLS_threats_found, $GOTMLS_chmod_file, $GOTMLS_chmod_dir, $GOTMLS_file_contents, $GOTMLS_new_contents;
317	$GOTMLS_threats_found = array();
318	$found = false;
319	$threat_link = "";
	@@ -322,39 +336,34 @@ function GOTMLS_scanfile($file) {
322	$file_name = GOTMLS_explode_dir($file);
323	$file_parts = explode(".", ".".array_pop($file_name));
324	if (is_file($file) && ($filesize = filesize($file)) && ($GOTMLS_file_contents = @file_get_contents($file))) {




325	foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"] as $whitelist_file=>$non_threats) {
326	- if (~~isset~~($non_threats~~[0]~~)) {
327	- ~~$updated~~ = $non_threats[0];
328	- unset($non_threats[0]);
329	- } ~~else~~
330	- $updated = "A0002";
331	- if (is_array($non_threats) && count($non_threats) && substr(str_replace("\\", "/", $file), (-1 * strlen($whitelist_file))) == str_replace("\\", "/", $whitelist_file)) {
332	- if (in_array(md5($GOTMLS_file_contents).'O'.$filesize, array_keys($non_threats), true))
333	- return GOTMLS_return_threat($className, "checked.gif?$className", $file, $threat_link);
334	- elseif (in_array(md5($GOTMLS_file_contents), $non_threats, true)) {
335	- if (!(isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"][''.GOTMLS_get_ext($file)][0]) && $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"][''.GOTMLS_get_ext($file)][0] >= $updated))
336	- $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"][''.GOTMLS_get_ext($file)][0] = $updated;
337	- $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"][''.GOTMLS_get_ext($file)][md5($GOTMLS_file_contents).'O'.$filesize] = $updated;
338	- unset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"][$whitelist_file]);
339	- update_option("GOTMLS_definitions_array", $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]);
340	- return GOTMLS_return_threat($className, "checked.gif?$className", $file, $threat_link);
341	- }
342	}
343	}


344	$GOTMLS_new_contents = $GOTMLS_file_contents;
345	if (isset($GLOBALS["GOTMLS"]["log"]["settings"]["check_custom"]) && strlen($GLOBALS["GOTMLS"]["log"]["settings"]["check_custom"]) && isset($_GET['eli']) && substr($GLOBALS["GOTMLS"]["log"]["settings"]["check_custom"], 0, 1) == '/' && ($found = GOTMLS_check_threat($GLOBALS["GOTMLS"]["log"]["settings"]["check_custom"])))
346	$className = "known";
347	else {

348	if (isset($_SESSION["GOTMLS_debug"])) {
349	$_SESSION["GOTMLS_debug"]["file"] = $file;
350	$_SESSION["GOTMLS_debug"]["last"]["total"] = microtime(true);
351	}
352	- foreach ($~~GOTMLS_threat_levels~~ as $threat_level) {
353	if (isset($_SESSION["GOTMLS_debug"])) {
354	$_SESSION["GOTMLS_debug"]["threat_level"] = $threat_level;
355	$_SESSION["GOTMLS_debug"]["last"]["threat_level"] = microtime(true);
356	}
357	- if (in_array($threat_level, $GLOBALS["GOTMLS"]["log"]["settings"]["check"]) && !$found && isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"][$threat_level]) && (~~!array_key_exists(~~$threat_level~~,$GOTMLS_core_files)~~ \|\| (substr($file~~."e"~~, ~~(-1~~ * strlen(~~$GOTMLS_core_files[$threat_level]."e"~~))) == ~~$GOTMLS_core_files[$threat_level]."e"))~~ && (~~!array_key_exists(~~$~~threat_level,$GOTMLS_threat_files) \|\| ((GOTMLS_get_ext($file) ==~~ "~~gotmls~~" ~~&& isset($_GET~~["~~eli~~"]~~) && $_GET~~["~~eli~~"] == "~~quarantine~~"~~)?(substr(GOTMLS_decode(array_pop(explode(~~"."~~, '.'.substr(~~$~~file, strlen(dirname($file~~))~~+1, -7~~)~~)))."e",~~ ~~(-1~~ * strlen($~~GOTMLS_threat_files[$~~threat_level~~]."e")))~~ == $GOTMLS_threat_files~~[$threat_level]."e"~~):(substr($file."e", (-1 * strlen($GOTMLS_threat_files[$threat_level]."e"))) == $GOTMLS_threat_files[$threat_level]."e"))) && ($found = GOTMLS_check_threat($GLOBALS["GOTMLS"]["tmp"]["definitions_array"][$threat_level],$file)))
358	$className = $threat_level;
359	}
360	if (isset($_SESSION["GOTMLS_debug"])) {
	@@ -388,32 +397,25 @@ function GOTMLS_scanfile($file) {
388	$GOTMLS_new_contents = trim(preg_replace('/<\?(php)?\s*(\?>\|$)/i', "", $GOTMLS_new_contents));
389	} elseif (isset($GOTMLS_threat_files[$className]) && GOTMLS_get_ext($GOTMLS_threat_files[$className]) == "php") {
390	$project = str_replace("_", "-", $className);
391	- $source = ~~wp_remote_get~~("http://$project.googlecode.com/svn/trunk/$project.php");
392	- ~~if (is_array(~~$~~source)~~ && ~~isset(~~$source~~["body"]) && strlen($source["body"]) > 500)~~
393	- $GOTMLS_new_contents = $source["body"].$GOTMLS_new_contents;
394	else
395	$GOTMLS_file_contents = "";
396	- } elseif (~~isset(~~$~~GOTMLS_core_files[$~~className])) {
397	- $~~source~~ = ~~wp_remote_get~~("~~http://core.svn.wordpress.org~~/~~tags~~/"~~.$wp_version.$GOTMLS_core_files[~~$~~className]~~);
398	- if (~~is_array~~($~~source~~) && isset($~~source~~["~~body~~"]) && strlen($source["~~body~~"]) > ~~500~~)
399	- $GOTMLS_new_contents = $source~~["body"]~~;
400	else
401	$GOTMLS_file_contents = "";
402	- if (file_exists(dirname(__FILE__).'/../../../../wp-config.php')) {
403	- $config = @file_get_contents(dirname(__FILE__).'/../../../../wp-config.php');
404	- $head = "<?php if (file_exists(dirname(__FILE__).'/wp-content/plugins/gotmls/safe-load/wp-login.php')) require(dirname(__FILE__).'/wp-content/plugins/gotmls/safe-load/wp-login.php'); // Load Security Patch by GOTMLS.NET before the WordPress bootstrap. ?>";
405	- if (strlen($config) && $head != substr($config, 0, strlen($head)))
406	- @file_put_contents(dirname(__FILE__).'/../../../../wp-config.php', $head.$config);
407	- }
408	} else
409	$GOTMLS_new_contents = trim(preg_replace('/<\?(php)?\s*(\?>\|$)/i', "", $GOTMLS_new_contents));
410	- if (strlen($GOTMLS_file_contents) > 0 && ((@GOTMLS_file_put_contents(GOTMLS_quarantine($file), $GOTMLS_file_contents) !== false) ~~\|\| ((is_writable(dirname(GOTMLS_quarantine($file))) \|\| (($GOTMLS_chmod_dir = @fileperms(dirname(GOTMLS_quarantine($file))))~~ && (~~$chmoded_quarantine = @chmod~~(dirname(GOTMLS_quarantine($file)), 0777)))) && (@GOTMLS_file_put_contents(GOTMLS_quarantine($file), $GOTMLS_file_contents) !== false) && !($chmoded_quarantine && !@chmod(dirname(GOTMLS_quarantine($file)), $GOTMLS_chmod_dir)))) && (((strlen($GOTMLS_new_contents)==0 && isset($_GET["eli"]) && @unlink($file)) \|\| (@GOTMLS_file_put_contents($file, $GOTMLS_new_contents) !== false) ~~\|\| ((is_writable(dirname($file~~)) \|\| (($GOTMLS_chmod_dir = @fileperms(dirname($file))) && ($chmoded_dir = @chmod(dirname($file), 0777)))) && (is_writable($file) \|\| (($GOTMLS_chmod_file = @fileperms($file)) && ($chmoded_file = @chmod($file, 0666)))) && (@GOTMLS_file_put_contents($file, $GOTMLS_new_contents) !== false) && !($chmoded_dir && !@chmod(dirname($file), $GOTMLS_chmod_dir)) && !($chmoded_file && !@chmod($file, $GOTMLS_chmod_file)))))) {
411	echo __("Success!",'gotmls');
412	return "/-->"."/\nfixedFile('$clean_file');\n/<!--"."/";
413	} else {
414	- echo __("Failed:",'gotmls').' '.(strlen($GOTMLS_file_contents)?(is_writable(dirname(GOTMLS_quarantine($file)))?((is_writable(dirname($file)) && is_writable($file))?__("reason unknown!",'gotmls'):__("file not writable!",'gotmls')):__("quarantine not writable!",'gotmls')):__("no file contents!",'gotmls'));
415	if (isset($_GET["eli"]))
416	- echo 'uid='.getmyuid().'('.get_current_user().'),gid='.getmygid().'<br><pre>file_stat'.stat($file);
417	return "/-->"."/\nfailedFile('$clean_file');\n/<!--"."/";
418	}
419	}
	@@ -421,7 +423,7 @@ function GOTMLS_scanfile($file) {
421	$threat_link = GOTMLS_error_link($GOTMLS_file_contents, $file);
422	$imageFile = "/blocked";
423	} elseif ($className != "potential") {
424	- $threat_link = '<input type="checkbox" name="GOTMLS_fix[]" value="'.$clean_file.'" id="check_'.$clean_file.(($className != "~~wp_login~~")?'" checked="'.$className:'').'" />'.$threat_link;
425	$imageFile = "threat";
426	} else
427	$imageFile = "question";
	@@ -518,10 +520,26 @@ function GOTMLS_explode_dir($dir, $pre = '') {
518	return explode(GOTMLS_slash($dir), $dir);
519	}
520
















521	function GOTMLS_quarantine($file = __FILE__) {
522	if (!(isset($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]) && is_dir($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]))) {
523	$upload = wp_upload_dir();
524	- $err403 = '<html><head><title>403 Forbidden~~</title></head><~~body><h1>Forbidden</h1><p>You don\'t have permission to access this directory.</p~~></body></html~~>';
525	$recoveryPHP = '<'.'?php
526	if ((isset($_SERVER["SCRIPT_FILENAME"]) && strlen($_SERVER["SCRIPT_FILENAME"]) > strlen(basename(__FILE__)) && substr(__FILE__, -1 * strlen($_SERVER["SCRIPT_FILENAME"])) == substr($_SERVER["SCRIPT_FILENAME"], -1 * strlen(__FILE__))) \|\| !defined("GOTMLS_plugin_path"))
527	die("'.$err403.'");
	@@ -531,13 +549,13 @@ if ((isset($_SERVER["SCRIPT_FILENAME"]) && strlen($_SERVER["SCRIPT_FILENAME"]) >
531	$GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"] = str_replace("/", GOTMLS_slash(), $upload['basedir']);
532	if (is_file(GOTMLS_trailingslashit($upload['basedir']).'.htaccess') && file_get_contents(GOTMLS_trailingslashit($upload['basedir']).'.htaccess') == 'Options -Indexes')
533	if (!@unlink(GOTMLS_trailingslashit($upload['basedir']).'.htaccess'))
534	- @GOTMLS_file_put_contents(GOTMLS_trailingslashit($upload['basedir']).'.htaccess', '');
535	if (!is_file(GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]).'.htaccess'))
536	- @GOTMLS_file_put_contents(GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]).'.htaccess', 'Options -Indexes');
537	if (!is_file(GOTMLS_trailingslashit($upload['basedir']).'index.php'))
538	- @GOTMLS_file_put_contents(GOTMLS_trailingslashit($upload['basedir']).'index.php', $err403);
539	if (!is_file(GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]).'index.php') \|\| (@file_get_contents(GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]).'index.php') != $recoveryPHP))
540	- @GOTMLS_file_put_contents(GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]).'index.php', $recoveryPHP);
541	}
542	return GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]).(is_file($file)?GOTMLS_sexagesimal(date("y-m-d-H-i", filectime($file))).'.'.GOTMLS_sexagesimal(date("y-m-d-H-i", filemtime($file))):GOTMLS_sexagesimal(date("y-m-d-H-i", time()))).'.'.GOTMLS_encode($file?$file:__FILE__).'.GOTMLS';
543	}
	@@ -584,7 +602,7 @@ function GOTMLS_readdir($dir, $current_depth = 1) {
584	$tracer_code = "(base64_decode('".base64_encode('if(isset($_SERVER["REMOTE_ADDR"]) && $_SERVER["REMOTE_ADDR"] == "'.$_SERVER["REMOTE_ADDR"].'" && is_file("'.GOTMLS_local_images_path.'../safe-load/trace.php")) {include_once("'.GOTMLS_local_images_path.'../safe-load/trace.php");GOTMLS_debug_trace(__FILE__);}')."'));";
585	foreach ($files as $file)
586	if (GOTMLS_get_ext($file) == "php" && $filecontents = @file_get_contents(GOTMLS_trailingslashit($dir).$file))
587	- @GOTMLS_file_put_contents(GOTMLS_trailingslashit($dir).$file, preg_replace('/^<\?php(?! eval)/is', '<?php eval'.$tracer_code, $filecontents));
588	}
589	if ($_REQUEST["scan_type"] == "Quick Scan") {
590	$GOTMLS_dirs_at_depth[$current_depth] = count($directories);
	@@ -610,7 +628,7 @@ function GOTMLS_readdir($dir, $current_depth = 1) {
610	echo GOTMLS_return_threat("dir", "checked", $dir);
611	}
612	} else
613	- echo GOTMLS_return_threat("errors", "blocked", $dir, GOTMLS_error_link(GOTMLS_Failed_to_list_LANGUAGE.' readdir:'.($entries===false?'(~~FALSE~~)':$entries)));
614	@set_time_limit($GOTMLS_loop_execution_time);
615	if ($current_depth-- && $_REQUEST["scan_type"] == "Quick Scan") {
616	$GOTMLS_dir_at_depth[$current_depth]++;
	@@ -752,21 +770,31 @@ function GOTMLS_reset_settings($item, $key) {
752	$GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"] = dirname(GOTMLS_quarantine(__FILE__));
753	$GLOBALS["GOTMLS"]["tmp"]["default_ext"] .= "com";
754	GOTMLS_define("GOTMLS_plugin_home", $GLOBALS["GOTMLS"]["tmp"]["protocol"].'//gotmls.net/');
755	- GOTMLS_define("GOTMLS_update_home", ~~GOTMLS_plugin_home~~);
756	GOTMLS_define("GOTMLS_blog_home", $GLOBALS["GOTMLS"]["tmp"]["protocol"].'//wordpress.'.$GLOBALS["GOTMLS"]["tmp"]["default_ext"]);
757	$GLOBALS["GOTMLS"]["tmp"]["Definition"]["Default"] = "ECJKF";
758	$GOTMLS_encode .= substr($GLOBALS["GOTMLS"]["tmp"]["default_ext"], 0, 2);
759	$GLOBALS["GOTMLS"]["tmp"]["definitions_array"] = maybe_unserialize(GOTMLS_decode('YToyOntzOjk6InBvdGVudGlhbCI7YToxMjp7czo0OiJldmFsIjthOjI6e2k6MDtzOjU6IkVBUExxIjtpOjE7czozNToiL1teYS16XC8nIl1ldmFsXChbXlwpXStbJyJcc1wpO10rL2kiO31zOjk6ImF1dGhfcGFzcyI7YToyOntpOjA7czo1OiJDQ0lHRyI7aToxO3M6MjQ6Ii9cJGF1dGhfcGFzc1sgPVx0XSsuKzsvaSI7fXM6MjE6ImRvY3VtZW50LndyaXRlIGlmcmFtZSI7YToyOntpOjA7czo1OiJDQ0lHRyI7aToxO3M6NTI6Ii9kb2N1bWVudFwud3JpdGVcKFsnIl08aWZyYW1lIC4rPFwvaWZyYW1lPlsnIl1cKTsqL2kiO31zOjE1OiJwcmVnX3JlcGxhY2UgL2UiO2E6Mjp7aTowO3M6NToiQ0NJR0ciO2k6MTtzOjUwOiIvcHJlZ19yZXBsYWNlWyBcdF0qXCguK1tcL1wjXHxdW2ldKmVbaV0qWyciXS4rXCkvaSI7fXM6MjA6ImV4ZWMgc3lzdGVtIHBhc3N0aHJ1IjthOjI6e2k6MDtzOjU6IkVBUExnIjtpOjE7czo1MToiLzxcPy4rP2V4ZWNcKC4rP3N5c3RlbVwoLis_cGFzc3RocnVcKC4rZndyaXRlXCguKy9zIjt9czoyOToiRXh0ZXJuYWwgUmVkaXJlY3QgUmV3cml0ZVJ1bGUiO2E6Mjp7aTowO3M6NToiQ0NWRTQiO2k6MTtzOjMwOiIvUmV3cml0ZVJ1bGUgW14gXSsgaHR0cFw6XC9cLy8iO31zOjM1OiJubyBlcnJvcl9yZXBvcnRpbmcgbG9uZyBsaW5lcyBhbG9uZSI7YToyOntpOjA7czo1OiJEMzVCYSI7aToxO3M6Nzk6Ii88XD8ocGhwKSpbXHJcblx0IFxAXSplcnJvcl9yZXBvcnRpbmdcKDBcKTsuKz9bYS16MC05XC9cLVw9JyJcLlxdezIwMDB9Lio_XD8-L2kiO31zOjIyOiJwcm90ZWN0ZWQgYnkgY29weXJpZ2h0IjthOjI6e2k6MDtzOjU6IkQ4TUN3IjtpOjE7czoxMzY6Ii9cL1wqIFRoaXMgZmlsZSBpcyBwcm90ZWN0ZWQgYnkgY29weXJpZ2h0IGxhdyBhbmQgcHJvdmlkZWQgdW5kZXIgbGljZW5zZS4gUmV2ZXJzZSBlbmdpbmVlcmluZyBvZiB0aGlzIGZpbGUgaXMgc3RyaWN0bHkgcHJvaGliaXRlZC4gXCpcLy8iO31zOjE5OiJhIHNwYW4gY29sb3IgRjFFRkU0IjthOjI6e2k6MDtzOjU6IkQ4UkFQIjtpOjE7czoxMTg6Ii9cPGEgW15cPl0rXD5cPHNwYW4gc3R5bGU9ImNvbG9yXDpcI0YxRUZFNDsiXD4oLis_KVw8XC9zcGFuXD5cPFwvYVw-XDxzcGFuIHN0eWxlPSJjb2xvclw6XCNGMUVGRTQ7Ilw-KC4rPylcPFwvc3Bhblw-L2kiO31zOjE3OiJWYXJpYWJsZSBGdW5jdGlvbiI7YToyOntpOjA7czo1OiJFODU2TCI7aToxO3M6Njc6Ii8oPCFcZClcJFtcJFx7XSpbYS16XC1cXzAtOV0rW1x9IFx0XSooXFtbXlxdXStcXVsgXHRdKikqXCguKj9cKVw7L2kiO31zOjExOiJUYWdnZWQgQ29kZSI7YToyOntpOjA7czo1OiJFNExNRyI7aToxO3M6MjQ6Ii9cIyhcdyspXCMuKz9cI1wvXDFcIy9pcyI7fXM6MTU6ImNyZWF0ZV9mdW5jdGlvbiI7YToyOntpOjA7czo1OiJFQVBMbSI7aToxO3M6NzU6Ii8oXCRbYS16XzAtOV0rWz1cc1xAXSspP2NyZWF0ZV9mdW5jdGlvblwoW14sXStbLFxzXStcJFthLXpfMC05XStbXHNcKV0rOyovaSI7fX1zOjk6IndoaXRlbGlzdCI7YToyOntzOjM6InBocCI7YToyMjp7aTowO3M6NToiRUNKS0YiO3M6Mzg6IjU4NzNjZDFjZWE2MTA4MjAyZDIxMzQ3ZjAxZjA0ZGNmTzgxNzI4IjtzOjU6IkQ3NTlwIjtzOjM5OiIwMTM2MzcyOGM4NDNmZjkzZTk2YjY5ODNjZTM4ZWJhNk8xOTU2MTgiO3M6NToiRDVBODMiO3M6Mzg6ImQ1ZjNjOWNhZmYxNGQ1N2M4NjA4ZDc4ZGIwMDk0YmUwTzczNjQzIjtzOjU6IkQ3NUQ5IjtzOjM4OiI1N2FmNDk4MThiYmI5NDlkYzBhYzYzODY3Mzg2NTViYk8yNTg1MiI7czo1OiJEN0pEOSI7czozODoiZDQ5NDA0MjYwZDc5YTRjYzM3NTVjMDBmNTVkZTIwODlPMjU2NjIiO3M6NToiRDhWOEEiO3M6Mzc6Ijg2NjFmZTJiZmE1OTk1ZjU0NmEzMzA0N2U5MDM4NTZjTzExMzYiO3M6NToiRElDRkMiO3M6Mzg6IjgxMjVkNDJjNGJlNTQzZjg3NGVhNWY2YTFiNWJkZTU1TzI1ODk0IjtzOjU6IkRJQ0ZEIjtzOjM5OiJlZGRiNWZkYTc0ZDQxZGJkYWMwMTgxNjc1MzZkOGQ1M08yMzEzMzgiO3M6NToiRElDRkUiO3M6Mzg6ImMxNWE0ZDVjMzgzNDQ0Yjk1ZDI4NTU5ZjgzNDgxMTFkTzIyNTg4IjtzOjU6IkUxUjJ2IjtzOjM4OiJlMjA4MzljNTU5YTY2YzdjZjYyODY1M2JhMjQ4NGVhZU8yNjM5NSI7czo1OiJFMVIyeCI7czozODoiZjMzODJlYzE1YzAzMGJkMzJlMjkzZmFmMzQ5N2UyNTNPMTEyMjYiO3M6NToiRTIzMEMiO3M6Mzc6IjI4YTkyZjQ2NDk4ZDMyYjlhNzRjNTg0N2Y3NWM5MTJlTzczOTkiO3M6NToiRTIzMEMiO3M6Mzc6ImYwMGFhZjAxZmYwMmQ1NzU2YzI2N2JjZjkyMGU0YzI4TzE1NDAiO3M6NToiRTJBTWYiO3M6Mzg6IjU3YzY0N2Q5M2ZiZDQ3ODY4Yjg3YjkyMWJlZTYzYWY4TzI2Mzc2IjtzOjU6IkU1RURvIjtzOjM5OiI4ZTJhZjQ4ODZkYzgxYTVkOTI4OTg2NWJiYjgxM2VkMU8xOTU2MTciO3M6NToiRTVJTlAiO3M6Mzc6ImY4MGQ5ZWY0YjdiZmQ5ZWY1NDJkOTA4N2ExZGIyYWU5TzIwMTAiO3M6NToiRTdFTXYiO3M6Mzg6IjVmOTI3ZjNhOTczMjE4ZDA3ZTQzZWExYzY5ZmMwMzMxTzI2Nzc2IjtzOjU6IkVBNjZsIjtzOjM4OiJhNWIxYTczZTBjNDI5ODk1MDc1MGE4YmNkOTYyN2VhZk8yNjgxMSI7czo1OiJFQ0NFMCI7czozNzoiNjQ5NDRlMjI1MTEzYmUxODM5NGQ1YmMwMWZiM2I1MzdPNzUzMCI7czo1OiJFQ0NFMyI7czozODoiOTdlNDM4ZDZjOWM2NGEyMDJiOTMwNzg2ZDI3NjIwNWJPNjI0NTgiO3M6NToiRUNDRTMiO3M6Mzg6IjY3ZWMxYjE1M2NjM2YzZTM2ZmJlZTU5MDI5YTkzZDRhTzI1OTE0IjtzOjU6IkVDSktGIjt9czoyOiJqcyI7YTozMTp7aTowO3M6NToiRUNIOVgiO3M6Mzc6IjU1NGJjNzZjNzAzNTExODdmNGNlMDVkZGMwMTJhYWVkTzQ3NzYiO3M6NToiRDY2N1giO3M6Mzc6IjlhOWMxMjU4MTRiOTcxNTk4MmQyNDZhMWVlNzgwODRmTzUzNDUiO3M6NToiRDY2N1giO3M6Mzg6ImUzNmEwODYxMjM3NTY0MTIyOTMyMzFhZWFkMTdmMjRmTzM3NjI5IjtzOjU6IkQ3NUFIIjtzOjM3OiJhMzhhYzUyNjY5MjQ5MzhhNGZmNTUxNDM2OWM2YjQwZE80Njc0IjtzOjU6IkQ3NUFKIjtzOjM3OiIxMDQzYTFkN2Q4NGVlNTZmODgzMWE2MGNkZmM1ZGMyOE83MDc3IjtzOjU6IkQ3NURTIjtzOjM4OiI2ZWMxNTBiNzk4N2NhYWVmOThiNTljODdiOWY0NzFiZU8xMTg0MiI7czo1OiJFMVIybiI7czozODoiNjE0N2NjZWU3YWVmOWRjMGM2ZWIxMGQ4ZDdiMzExZjlPNzA4ODMiO3M6NToiRTFSMnciO3M6Mzc6ImJhMzI5Mzk3MGUxM2IwM2EyZWE5MmY1YjZiNWJmNTQ0TzMzNzciO3M6NToiRTIyTnEiO3M6Mzc6IjYzYjBhZWQ5YjAyZjg3OWE2ZTAyOTVmYmVhN2RiODU0TzQ3MDIiO3M6NToiRTIzMEQiO3M6Mzc6ImVmNDE4OGNiMGI2MGE3MjAxN2Y0YzhhMWU4NDBhYjFlTzI5NTAiO3M6NToiRTI0OUwiO3M6Mzc6ImZiOGJmNjc4NWU1NWU5ZTM5YmVhNTUyNjM1YzQyYTY0TzMyNzAiO3M6NToiRTI2MEMiO3M6Mzk6ImFjYjMzMzI5YjllZjhhYWJkOGJkNzMxNDI2ODAzZTRlTzIzMjQ4MiI7czo1OiJFMjYwRSI7czozODoiNmNlYjY0NzU5MjU4OGJjZjQ2M2JlZmQ5NDA4ZTI3YWRPMTIwMjUiO3M6NToiRTI2MEgiO3M6Mzc6IjVhMzE4Mjc3ZmVkZjQ5MWEwMzAxZTE3N2E5ZWYxMGIzTzQ5MDgiO3M6NToiRTI2MEoiO3M6Mzg6ImRiYzM4MDg0NzNkZWYwMGZjZTQ1ZmU1NjRkYzcyZGNiTzE0NzIwIjtzOjU6IkUyNjBLIjtzOjM3OiJiOTg5YTViZDg0ZjZlYmNiYzEzOTNlYzAwM2U2ZTk5MU80OTY5IjtzOjU6IkUyN0VHIjtzOjM4OiIwMzBiODM4OTM3NmE0MmZmM2RhMTg2YmY2NTgwNjIxN08xNjUzMSI7czo1OiJFMjlEMiI7czozNzoiZGVmMjU3ZGJiMGFiODA1YzQ5OTZmZDhhYmIxYTZiNDlPNjcxNyI7czo1OiJFMkg1biI7czozODoiNzRkOTAzMDQ5NjgzZTViYmVhOWNjYjc1NDRhNDJiY2FPMTc0MTMiO3M6NToiRTVFRHEiO3M6Mzg6IjYwM2JkMTQyOTlmNjFhNzMyOWIyZDM1M2IyYjU2YzJmTzM3Njg5IjtzOjU6IkU1RURwIjtzOjM3OiIwNDI2YjM5NzU0YWE2YmM3NjZkODllYTRjNDFiYmQwNk8zNDU3IjtzOjU6IkU1RUR4IjtzOjM4OiJlYWRjNTgzMjUxM2Q1NjcwODg0YTk3NWM2ZGUxMGYwMU8xOTYxNSI7czo1OiJFN1VNQSI7czozODoiMzhkYmNjOTI1NTI5MzY4ODEyZjVjMmZiY2IzODk2MTZPMTQ5NjUiO3M6NToiRTdVTUIiO3M6Mzc6ImExYzE4MjI3ZTZlOTM3OThjNDkzYWVkOTZlZTZjYzg0TzMyNjciO3M6NToiRTdVTUIiO3M6Mzc6IjA3ODM4OGE2NDMxYWE1YjA4MzhhODczMmQxODdmZTI5Tzg5MTMiO3M6NToiRThBQXAiO3M6Mzc6ImYzYjFiMjg0MjQzNmY3YTMxMWIzOWU0ZWY0YjQ3ZjU5TzQzNTIiO3M6NToiRThCQlUiO3M6Mzc6ImQ3MDk0MDYxOWE5OWQ1NTUxMTYxNjdkNGZiMzljYTE1TzQzOTciO3M6NToiRTlDTHgiO3M6Mzg6ImNiZGJmYzkxODRkMjhhYzU1ZjgzYzBiMGRmNDBmZDQzTzc5NDE0IjtzOjU6IkU5RzhqIjtzOjM4OiJlZjNhZTkwMTQ1MjVjZjgxMTg3YWZhYTYxYmNhNzM3ZU8zNzY5MSI7czo1OiJFQ0NFMSI7czozODoiZjQ0OGM1OTNjMjQyZDEzNGU5NzMzYTg0YzdhNGQyNmNPMTUyNDgiO3M6NToiRUNIOVgiO319fQ3'));
760
761	function GOTMLS_file_put_contents($file, $content) {





762	if (function_exists("file_put_contents"))
763	- return file_put_contents($file, $content);
764	elseif ($fp = fopen($file, 'w')) {
765	fwrite($fp, $content);
766	fclose($fp);
767	- return true;
768	} else
769	- return false;





770	}
771
772	function GOTMLS_scan_log() {
	@@ -799,20 +827,9 @@ function GOTMLS_scan_log() {
799	}
800
801	function GOTMLS_get_URL($URL) {
802	- $~~ReadFile~~ = '';
803	- if (~~function_exists('curl_init'~~)~~) {~~
804	- ~~$curl_hndl~~ = ~~curl_init~~();
805	- ~~curl_setopt(~~$~~curl_hndl,~~ ~~CURLOPT_URL,~~ $~~URL~~);
806	- ~~curl_setopt(~~$~~curl_hndl, CURLOPT_TIMEOUT, 30)~~;
807	- curl_setopt($curl_hndl, CURLOPT_REFERER, $SERVER_HTTP_REFERER);
808	- if (isset($_SERVER['HTTP_USER_AGENT']))
809	- curl_setopt($curl_hndl, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT']);
810	- curl_setopt($curl_hndl, CURLOPT_HEADER, 0);
811	- curl_setopt($curl_hndl, CURLOPT_RETURNTRANSFER, TRUE);
812	- $ReadFile = curl_exec($curl_hndl);
813	- curl_close($curl_hndl);
814	- }
815	- if (strlen($ReadFile) == 0 && function_exists('file_get_contents'))
816	- $ReadFile = @file_get_contents($URL).'';
817	- return $ReadFile;
818	}


10	define($DEF, $val);
11	}}
12
13	+ GOTMLS_define("GOTMLS_Version", "4.15.16");
14	GOTMLS_define("GOTMLS_require_version", "3.3");
15	GOTMLS_define("GOTMLS_plugin_dir", "gotmls");
16	GOTMLS_define("GOTMLS_local_images_path", dirname(__FILE__)."/");
17	GOTMLS_define("GOTMLS_plugin_path", dirname(GOTMLS_local_images_path).'/');
18	+ $GLOBALS["GOTMLS"] = array("tmp"=>array("mt"=>((isset($_GET["mt"])&&is_numeric($_GET["mt"]))?$_GET["mt"]:microtime(true)), "threat_levels" => array(__("htaccess Threats",'gotmls')=>"htaccess",__("TimThumb Exploits",'gotmls')=>"timthumb",__("Backdoor Scripts",'gotmls')=>"backdoor",__("Known Threats",'gotmls')=>"known",__("Core File Changes",'gotmls')=>"wp_core",__("Potential Threats",'gotmls')=>"potential"), "default_ext"=>"ieonly.", "skip_ext"=>array("png", "jpg", "jpeg", "gif", "bmp", "tif", "tiff", "psd", "fla", "flv", "mov", "mp3", "exe", "zip", "pdf", "css", "pot", "po", "mo", "so", "doc", "docx", "svg", "ttf"),"default" => array("msg_position" => array('80px', '40px', '400px', '600px'))));
19	GOTMLS_define("GOTMLS_script_URI", preg_replace('/\&(last_)?mt=[0-9\.]+/','', str_replace('&', '&', htmlspecialchars($_SERVER["REQUEST_URI"], ENT_QUOTES))).'&mt='.$GLOBALS["GOTMLS"]["tmp"]["mt"]);
20
21	if (!function_exists("GOTMLS_encode")) {

125	$GOTMLS_onLoad = "";
126	$GOTMLS_encode = '/[\?\-a-z\: \.\=\/A-Z\&\_]/';
127	$GOTMLS_threat_files = array("htaccess"=>".htaccess","timthumb"=>"thumb.php");


128	$GOTMLS_image_alt = array("wait"=>"...", "checked"=>"✔", "blocked"=>"X", "question"=>"?", "threat"=>"!");
129	$GOTMLS_threats_found = array();
130	$GOTMLS_dir_at_depth = array();

250	}
251
252	function GOTMLS_check_threat($check_threats, $file='UNKNOWN') {
253	+ global $wp_version, $GOTMLS_threats_found, $GOTMLS_new_contents, $GOTMLS_file_contents;
254	$GOTMLS_threats_found = array();
255	if (is_array($check_threats)) {
256	+ $path = str_replace("//", "/", "/".str_replace("\\", "/", substr($file, strlen(ABSPATH))));
257	+ if (substr($file, 0, strlen(ABSPATH)) == ABSPATH && isset($check_threats["$wp_version"]["$path"])) {
258	+ if (($check_threats["$wp_version"]["$path"] != md5($GOTMLS_file_contents)."O".strlen($GOTMLS_file_contents)) && ($source = GOTMLS_get_URL("http://core.svn.wordpress.org/tags/$wp_version$path")) && ($check_threats["$wp_version"]["$path"] == md5($source)."O".strlen($source))) {
259	+ for ($start = 0, $end = 0, $len = strlen($source); ($start == 0 \|\| $end == 0) && $len > 0; $len--){
260	+ if ($start == 0 && substr($source, 0, $len) == substr($GOTMLS_file_contents, 0, $len))
261	+ $start = $len;
262	+ if ($end == 0 && substr($source, -1 * $len) == substr($GOTMLS_file_contents, -1 * $len))
263	+ $end = $len;
264	+ }
265	+ if (!(($start + $end < strlen($GOTMLS_file_contents)) && ($find = ($end?substr($GOTMLS_file_contents, $start, -1 * $end):substr($GOTMLS_file_contents, $start)))))
266	+ $find = $GOTMLS_file_contents;
267	+ $GOTMLS_threats_found["$find"] = "Core File Modified";
268	+ $GOTMLS_new_contents = $source;
269	}
270	+ } else {
271	+ foreach ($check_threats as $threat_name=>$threat_definitions) {
272	+ if (isset($_SESSION["GOTMLS_debug"])) {
273	+ $_SESSION["GOTMLS_debug"]["threat_name"] = $threat_name;
274	+ $_SESSION["GOTMLS_debug"]["last"]["threat_name"] = microtime(true);
275	+ }
276	+ if (is_array($threat_definitions) && count($threat_definitions) > 1 && strlen(array_shift($threat_definitions)) == 5) {
277	+ while ($threat_definition = array_shift($threat_definitions)) {
278	+ if ($found = @preg_match_all($threat_definition, $GOTMLS_file_contents, $threats_found)) {
279	+ foreach ($threats_found[0] as $find) {
280	+ $GOTMLS_threats_found[$find] = $threat_name;
281	+ $GOTMLS_new_contents = str_replace($find, "", $GOTMLS_new_contents);
282	+ }
283	}
284	}
285	}
286	+ if (isset($_SESSION["GOTMLS_debug"])) {
287	+ $file_time = round(microtime(true) - $_SESSION["GOTMLS_debug"]["last"]["threat_name"], 5);
288	+ if (isset($_GET["GOTMLS_debug"]) && is_numeric($_GET["GOTMLS_debug"]) && $file_time > $_GET["GOTMLS_debug"])
289	+ echo "\n//GOTMLS_debug $file_time $threat_name $file\n";
290	+ if (isset($_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["total"]))
291	+ $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["total"] += $file_time;
292	+ else
293	+ $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["total"] = $file_time;
294	+ if (isset($_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["count"]))
295	+ $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["count"] ++;
296	+ else
297	+ $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["count"] = 1;
298	+ if (!isset($_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["least"]) \|\| $file_time < $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["least"])
299	+ $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["least"] = $file_time;
300	+ if (!isset($_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["most"]) \|\| $file_time > $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["most"])
301	+ $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["most"] = $file_time;
302	+ }
303	}
304	}
305	} elseif (strlen($check_threats) && isset($_GET['eli']) && substr($check_threats, 0, 1) == '/' && ($found = preg_match_all($check_threats, $GOTMLS_file_contents, $threats_found))) {

327	}
328
329	function GOTMLS_scanfile($file) {
330	+ global $wp_version, $GOTMLS_threat_files, $GOTMLS_threats_found, $GOTMLS_chmod_file, $GOTMLS_chmod_dir, $GOTMLS_file_contents, $GOTMLS_new_contents;
331	$GOTMLS_threats_found = array();
332	$found = false;
333	$threat_link = "";

336	$file_name = GOTMLS_explode_dir($file);
337	$file_parts = explode(".", ".".array_pop($file_name));
338	if (is_file($file) && ($filesize = filesize($file)) && ($GOTMLS_file_contents = @file_get_contents($file))) {
339	+ if (isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]["$wp_version"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]["$wp_version"]))
340	+ $whitelist = array_flip($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]["$wp_version"]);
341	+ else
342	+ $whitelist = array();
343	foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"] as $whitelist_file=>$non_threats) {
344	+ if (is_array($non_threats) && count($non_threats) > 1) {
345	+ if (isset($non_threats[0]))
346	+ unset($non_threats[0]);
347	+ $whitelist = array_merge($whitelist, $non_threats);












348	}
349	}
350	+ if (isset($whitelist[md5($GOTMLS_file_contents).'O'.$filesize]))
351	+ return GOTMLS_return_threat($className, "checked.gif?$className", $file, $threat_link);
352	$GOTMLS_new_contents = $GOTMLS_file_contents;
353	if (isset($GLOBALS["GOTMLS"]["log"]["settings"]["check_custom"]) && strlen($GLOBALS["GOTMLS"]["log"]["settings"]["check_custom"]) && isset($_GET['eli']) && substr($GLOBALS["GOTMLS"]["log"]["settings"]["check_custom"], 0, 1) == '/' && ($found = GOTMLS_check_threat($GLOBALS["GOTMLS"]["log"]["settings"]["check_custom"])))
354	$className = "known";
355	else {
356	+ $path = str_replace("//", "/", "/".str_replace("\\", "/", substr($file, strlen(ABSPATH))));
357	if (isset($_SESSION["GOTMLS_debug"])) {
358	$_SESSION["GOTMLS_debug"]["file"] = $file;
359	$_SESSION["GOTMLS_debug"]["last"]["total"] = microtime(true);
360	}
361	+ foreach ($GLOBALS["GOTMLS"]["tmp"]["threat_levels"] as $threat_level) {
362	if (isset($_SESSION["GOTMLS_debug"])) {
363	$_SESSION["GOTMLS_debug"]["threat_level"] = $threat_level;
364	$_SESSION["GOTMLS_debug"]["last"]["threat_level"] = microtime(true);
365	}
366	+ if (in_array($threat_level, $GLOBALS["GOTMLS"]["log"]["settings"]["check"]) && !$found && isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"][$threat_level]) && ($threat_level != "wp_core" \|\| (substr($file, 0, strlen(ABSPATH)) == ABSPATH && isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]["$wp_version"]["$path"]))) && (!array_key_exists($threat_level, $GOTMLS_threat_files) \|\| (substr($file."e", (-1 * strlen($GOTMLS_threat_files[$threat_level]."e"))) == $GOTMLS_threat_files[$threat_level]."e")) && ($found = GOTMLS_check_threat($GLOBALS["GOTMLS"]["tmp"]["definitions_array"][$threat_level],$file)))
367	$className = $threat_level;
368	}
369	if (isset($_SESSION["GOTMLS_debug"])) {

397	$GOTMLS_new_contents = trim(preg_replace('/<\?(php)?\s*(\?>\|$)/i', "", $GOTMLS_new_contents));
398	} elseif (isset($GOTMLS_threat_files[$className]) && GOTMLS_get_ext($GOTMLS_threat_files[$className]) == "php") {
399	$project = str_replace("_", "-", $className);
400	+ if (($source = GOTMLS_get_URL("http://$project.googlecode.com/svn/trunk/$project.php")) && strlen($source) > 500)
401	+ $GOTMLS_new_contents = $source;

402	else
403	$GOTMLS_file_contents = "";
404	+ } elseif ($className == 'wp_core') {
405	+ $path = str_replace("//", "/", "/".str_replace("\\", "/", substr($file, strlen(ABSPATH))));
406	+ if (substr($file, 0, strlen(ABSPATH)) == ABSPATH && isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]["$wp_version"]["$path"]) && ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]["$wp_version"]["$path"] != md5($GOTMLS_file_contents)."O".strlen($GOTMLS_file_contents)) && ($source = GOTMLS_get_URL("http://core.svn.wordpress.org/tags/$wp_version$path")) && ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]["$wp_version"]["$path"] == md5($source)."O".strlen($source)))
407	+ $GOTMLS_new_contents = $source;
408	else
409	$GOTMLS_file_contents = "";






410	} else
411	$GOTMLS_new_contents = trim(preg_replace('/<\?(php)?\s*(\?>\|$)/i', "", $GOTMLS_new_contents));
412	+ if (strlen($GOTMLS_file_contents) > 0 && (@GOTMLS_file_put_contents(GOTMLS_quarantine($file), $GOTMLS_file_contents) !== false) && ((strlen($GOTMLS_new_contents)==0 && isset($_GET["eli"]) && @unlink($file)) \|\| (@GOTMLS_file_put_contents($file, $GOTMLS_new_contents) !== false))) {
413	echo __("Success!",'gotmls');
414	return "/-->"."/\nfixedFile('$clean_file');\n/<!--"."/";
415	} else {
416	+ echo __("Failed:",'gotmls').' '.(strlen($GOTMLS_file_contents)?(is_writable(dirname(GOTMLS_quarantine($file)))?((is_writable(dirname($file)) && is_writable($file))?__("reason unknown!",'gotmls'):__("file not writable!",'gotmls')):__("quarantine not writable!",'gotmls').' '):__("no file contents!",'gotmls'));
417	if (isset($_GET["eli"]))
418	+ echo 'uid='.getmyuid().'('.get_current_user().'),gid='.getmygid().(is_writable(dirname(GOTMLS_quarantine($file)))?'<br><pre>file_stat'.print_r(stat($file), true):'<br><pre>'.dirname(GOTMLS_quarantine($file)).' stat'.print_r(stat(dirname(GOTMLS_quarantine($file))), true));
419	return "/-->"."/\nfailedFile('$clean_file');\n/<!--"."/";
420	}
421	}

423	$threat_link = GOTMLS_error_link($GOTMLS_file_contents, $file);
424	$imageFile = "/blocked";
425	} elseif ($className != "potential") {
426	+ $threat_link = '<input type="checkbox" name="GOTMLS_fix[]" value="'.$clean_file.'" id="check_'.$clean_file.(($className != "wp_core")?'" checked="'.$className:'').'" />'.$threat_link;
427	$imageFile = "threat";
428	} else
429	$imageFile = "question";

520	return explode(GOTMLS_slash($dir), $dir);
521	}
522
523	+ function GOTMLS_html_tags($tags, $inner = array()) {
524	+ $html = "";
525	+ if (!is_array($tags))
526	+ return $html;
527	+ foreach ($tags as $tag => $contents) {
528	+ $html .= ($tag=="html"?"<!DOCTYPE html>":"")."<$tag".(isset($inner[$tag])?" ".$inner[$tag]:"").">";
529	+ if (is_array($contents))
530	+ $html .= GOTMLS_html_tags($contents, $inner);
531	+ else
532	+ $html .= $contents;
533	+ $html .= "</$tag>";
534	+ }
535	+ return $html;
536	+ }
537	+
538	+
539	function GOTMLS_quarantine($file = __FILE__) {
540	if (!(isset($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]) && is_dir($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]))) {
541	$upload = wp_upload_dir();
542	+ $err403 = GOTMLS_html_tags(array("html" => array("head" => array("title" => "403 Forbidden"), "body" => "<h1>Forbidden</h1>\n<p>You don't have permission to access this directory.</p>")));
543	$recoveryPHP = '<'.'?php
544	if ((isset($_SERVER["SCRIPT_FILENAME"]) && strlen($_SERVER["SCRIPT_FILENAME"]) > strlen(basename(__FILE__)) && substr(__FILE__, -1 * strlen($_SERVER["SCRIPT_FILENAME"])) == substr($_SERVER["SCRIPT_FILENAME"], -1 * strlen(__FILE__))) \|\| !defined("GOTMLS_plugin_path"))
545	die("'.$err403.'");

549	$GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"] = str_replace("/", GOTMLS_slash(), $upload['basedir']);
550	if (is_file(GOTMLS_trailingslashit($upload['basedir']).'.htaccess') && file_get_contents(GOTMLS_trailingslashit($upload['basedir']).'.htaccess') == 'Options -Indexes')
551	if (!@unlink(GOTMLS_trailingslashit($upload['basedir']).'.htaccess'))
552	+ GOTMLS_file_put_contents(GOTMLS_trailingslashit($upload['basedir']).'.htaccess', '');
553	if (!is_file(GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]).'.htaccess'))
554	+ GOTMLS_file_put_contents(GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]).'.htaccess', 'Options -Indexes');
555	if (!is_file(GOTMLS_trailingslashit($upload['basedir']).'index.php'))
556	+ GOTMLS_file_put_contents(GOTMLS_trailingslashit($upload['basedir']).'index.php', $err403);
557	if (!is_file(GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]).'index.php') \|\| (@file_get_contents(GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]).'index.php') != $recoveryPHP))
558	+ GOTMLS_file_put_contents(GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]).'index.php', $recoveryPHP);
559	}
560	return GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]).(is_file($file)?GOTMLS_sexagesimal(date("y-m-d-H-i", filectime($file))).'.'.GOTMLS_sexagesimal(date("y-m-d-H-i", filemtime($file))):GOTMLS_sexagesimal(date("y-m-d-H-i", time()))).'.'.GOTMLS_encode($file?$file:__FILE__).'.GOTMLS';
561	}

602	$tracer_code = "(base64_decode('".base64_encode('if(isset($_SERVER["REMOTE_ADDR"]) && $_SERVER["REMOTE_ADDR"] == "'.$_SERVER["REMOTE_ADDR"].'" && is_file("'.GOTMLS_local_images_path.'../safe-load/trace.php")) {include_once("'.GOTMLS_local_images_path.'../safe-load/trace.php");GOTMLS_debug_trace(__FILE__);}')."'));";
603	foreach ($files as $file)
604	if (GOTMLS_get_ext($file) == "php" && $filecontents = @file_get_contents(GOTMLS_trailingslashit($dir).$file))
605	+ GOTMLS_file_put_contents(GOTMLS_trailingslashit($dir).$file, preg_replace('/^<\?php(?! eval)/is', '<?php eval'.$tracer_code, $filecontents));
606	}
607	if ($_REQUEST["scan_type"] == "Quick Scan") {
608	$GOTMLS_dirs_at_depth[$current_depth] = count($directories);

628	echo GOTMLS_return_threat("dir", "checked", $dir);
629	}
630	} else
631	+ echo GOTMLS_return_threat("errors", "blocked", $dir, GOTMLS_error_link(GOTMLS_Failed_to_list_LANGUAGE.' readdir:'.($entries===false?'('.GOTMLS_fileperms($dir).')':$entries)));
632	@set_time_limit($GOTMLS_loop_execution_time);
633	if ($current_depth-- && $_REQUEST["scan_type"] == "Quick Scan") {
634	$GOTMLS_dir_at_depth[$current_depth]++;

770	$GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"] = dirname(GOTMLS_quarantine(__FILE__));
771	$GLOBALS["GOTMLS"]["tmp"]["default_ext"] .= "com";
772	GOTMLS_define("GOTMLS_plugin_home", $GLOBALS["GOTMLS"]["tmp"]["protocol"].'//gotmls.net/');
773	+ GOTMLS_define("GOTMLS_update_home", "http://updates.gotmls.net/".GOTMLS_installation_key.'/');
774	GOTMLS_define("GOTMLS_blog_home", $GLOBALS["GOTMLS"]["tmp"]["protocol"].'//wordpress.'.$GLOBALS["GOTMLS"]["tmp"]["default_ext"]);
775	$GLOBALS["GOTMLS"]["tmp"]["Definition"]["Default"] = "ECJKF";
776	$GOTMLS_encode .= substr($GLOBALS["GOTMLS"]["tmp"]["default_ext"], 0, 2);
777	$GLOBALS["GOTMLS"]["tmp"]["definitions_array"] = maybe_unserialize(GOTMLS_decode('YToyOntzOjk6InBvdGVudGlhbCI7YToxMjp7czo0OiJldmFsIjthOjI6e2k6MDtzOjU6IkVBUExxIjtpOjE7czozNToiL1teYS16XC8nIl1ldmFsXChbXlwpXStbJyJcc1wpO10rL2kiO31zOjk6ImF1dGhfcGFzcyI7YToyOntpOjA7czo1OiJDQ0lHRyI7aToxO3M6MjQ6Ii9cJGF1dGhfcGFzc1sgPVx0XSsuKzsvaSI7fXM6MjE6ImRvY3VtZW50LndyaXRlIGlmcmFtZSI7YToyOntpOjA7czo1OiJDQ0lHRyI7aToxO3M6NTI6Ii9kb2N1bWVudFwud3JpdGVcKFsnIl08aWZyYW1lIC4rPFwvaWZyYW1lPlsnIl1cKTsqL2kiO31zOjE1OiJwcmVnX3JlcGxhY2UgL2UiO2E6Mjp7aTowO3M6NToiQ0NJR0ciO2k6MTtzOjUwOiIvcHJlZ19yZXBsYWNlWyBcdF0qXCguK1tcL1wjXHxdW2ldKmVbaV0qWyciXS4rXCkvaSI7fXM6MjA6ImV4ZWMgc3lzdGVtIHBhc3N0aHJ1IjthOjI6e2k6MDtzOjU6IkVBUExnIjtpOjE7czo1MToiLzxcPy4rP2V4ZWNcKC4rP3N5c3RlbVwoLis_cGFzc3RocnVcKC4rZndyaXRlXCguKy9zIjt9czoyOToiRXh0ZXJuYWwgUmVkaXJlY3QgUmV3cml0ZVJ1bGUiO2E6Mjp7aTowO3M6NToiQ0NWRTQiO2k6MTtzOjMwOiIvUmV3cml0ZVJ1bGUgW14gXSsgaHR0cFw6XC9cLy8iO31zOjM1OiJubyBlcnJvcl9yZXBvcnRpbmcgbG9uZyBsaW5lcyBhbG9uZSI7YToyOntpOjA7czo1OiJEMzVCYSI7aToxO3M6Nzk6Ii88XD8ocGhwKSpbXHJcblx0IFxAXSplcnJvcl9yZXBvcnRpbmdcKDBcKTsuKz9bYS16MC05XC9cLVw9JyJcLlxdezIwMDB9Lio_XD8-L2kiO31zOjIyOiJwcm90ZWN0ZWQgYnkgY29weXJpZ2h0IjthOjI6e2k6MDtzOjU6IkQ4TUN3IjtpOjE7czoxMzY6Ii9cL1wqIFRoaXMgZmlsZSBpcyBwcm90ZWN0ZWQgYnkgY29weXJpZ2h0IGxhdyBhbmQgcHJvdmlkZWQgdW5kZXIgbGljZW5zZS4gUmV2ZXJzZSBlbmdpbmVlcmluZyBvZiB0aGlzIGZpbGUgaXMgc3RyaWN0bHkgcHJvaGliaXRlZC4gXCpcLy8iO31zOjE5OiJhIHNwYW4gY29sb3IgRjFFRkU0IjthOjI6e2k6MDtzOjU6IkQ4UkFQIjtpOjE7czoxMTg6Ii9cPGEgW15cPl0rXD5cPHNwYW4gc3R5bGU9ImNvbG9yXDpcI0YxRUZFNDsiXD4oLis_KVw8XC9zcGFuXD5cPFwvYVw-XDxzcGFuIHN0eWxlPSJjb2xvclw6XCNGMUVGRTQ7Ilw-KC4rPylcPFwvc3Bhblw-L2kiO31zOjE3OiJWYXJpYWJsZSBGdW5jdGlvbiI7YToyOntpOjA7czo1OiJFODU2TCI7aToxO3M6Njc6Ii8oPCFcZClcJFtcJFx7XSpbYS16XC1cXzAtOV0rW1x9IFx0XSooXFtbXlxdXStcXVsgXHRdKikqXCguKj9cKVw7L2kiO31zOjExOiJUYWdnZWQgQ29kZSI7YToyOntpOjA7czo1OiJFNExNRyI7aToxO3M6MjQ6Ii9cIyhcdyspXCMuKz9cI1wvXDFcIy9pcyI7fXM6MTU6ImNyZWF0ZV9mdW5jdGlvbiI7YToyOntpOjA7czo1OiJFQVBMbSI7aToxO3M6NzU6Ii8oXCRbYS16XzAtOV0rWz1cc1xAXSspP2NyZWF0ZV9mdW5jdGlvblwoW14sXStbLFxzXStcJFthLXpfMC05XStbXHNcKV0rOyovaSI7fX1zOjk6IndoaXRlbGlzdCI7YToyOntzOjM6InBocCI7YToyMjp7aTowO3M6NToiRUNKS0YiO3M6Mzg6IjU4NzNjZDFjZWE2MTA4MjAyZDIxMzQ3ZjAxZjA0ZGNmTzgxNzI4IjtzOjU6IkQ3NTlwIjtzOjM5OiIwMTM2MzcyOGM4NDNmZjkzZTk2YjY5ODNjZTM4ZWJhNk8xOTU2MTgiO3M6NToiRDVBODMiO3M6Mzg6ImQ1ZjNjOWNhZmYxNGQ1N2M4NjA4ZDc4ZGIwMDk0YmUwTzczNjQzIjtzOjU6IkQ3NUQ5IjtzOjM4OiI1N2FmNDk4MThiYmI5NDlkYzBhYzYzODY3Mzg2NTViYk8yNTg1MiI7czo1OiJEN0pEOSI7czozODoiZDQ5NDA0MjYwZDc5YTRjYzM3NTVjMDBmNTVkZTIwODlPMjU2NjIiO3M6NToiRDhWOEEiO3M6Mzc6Ijg2NjFmZTJiZmE1OTk1ZjU0NmEzMzA0N2U5MDM4NTZjTzExMzYiO3M6NToiRElDRkMiO3M6Mzg6IjgxMjVkNDJjNGJlNTQzZjg3NGVhNWY2YTFiNWJkZTU1TzI1ODk0IjtzOjU6IkRJQ0ZEIjtzOjM5OiJlZGRiNWZkYTc0ZDQxZGJkYWMwMTgxNjc1MzZkOGQ1M08yMzEzMzgiO3M6NToiRElDRkUiO3M6Mzg6ImMxNWE0ZDVjMzgzNDQ0Yjk1ZDI4NTU5ZjgzNDgxMTFkTzIyNTg4IjtzOjU6IkUxUjJ2IjtzOjM4OiJlMjA4MzljNTU5YTY2YzdjZjYyODY1M2JhMjQ4NGVhZU8yNjM5NSI7czo1OiJFMVIyeCI7czozODoiZjMzODJlYzE1YzAzMGJkMzJlMjkzZmFmMzQ5N2UyNTNPMTEyMjYiO3M6NToiRTIzMEMiO3M6Mzc6IjI4YTkyZjQ2NDk4ZDMyYjlhNzRjNTg0N2Y3NWM5MTJlTzczOTkiO3M6NToiRTIzMEMiO3M6Mzc6ImYwMGFhZjAxZmYwMmQ1NzU2YzI2N2JjZjkyMGU0YzI4TzE1NDAiO3M6NToiRTJBTWYiO3M6Mzg6IjU3YzY0N2Q5M2ZiZDQ3ODY4Yjg3YjkyMWJlZTYzYWY4TzI2Mzc2IjtzOjU6IkU1RURvIjtzOjM5OiI4ZTJhZjQ4ODZkYzgxYTVkOTI4OTg2NWJiYjgxM2VkMU8xOTU2MTciO3M6NToiRTVJTlAiO3M6Mzc6ImY4MGQ5ZWY0YjdiZmQ5ZWY1NDJkOTA4N2ExZGIyYWU5TzIwMTAiO3M6NToiRTdFTXYiO3M6Mzg6IjVmOTI3ZjNhOTczMjE4ZDA3ZTQzZWExYzY5ZmMwMzMxTzI2Nzc2IjtzOjU6IkVBNjZsIjtzOjM4OiJhNWIxYTczZTBjNDI5ODk1MDc1MGE4YmNkOTYyN2VhZk8yNjgxMSI7czo1OiJFQ0NFMCI7czozNzoiNjQ5NDRlMjI1MTEzYmUxODM5NGQ1YmMwMWZiM2I1MzdPNzUzMCI7czo1OiJFQ0NFMyI7czozODoiOTdlNDM4ZDZjOWM2NGEyMDJiOTMwNzg2ZDI3NjIwNWJPNjI0NTgiO3M6NToiRUNDRTMiO3M6Mzg6IjY3ZWMxYjE1M2NjM2YzZTM2ZmJlZTU5MDI5YTkzZDRhTzI1OTE0IjtzOjU6IkVDSktGIjt9czoyOiJqcyI7YTozMTp7aTowO3M6NToiRUNIOVgiO3M6Mzc6IjU1NGJjNzZjNzAzNTExODdmNGNlMDVkZGMwMTJhYWVkTzQ3NzYiO3M6NToiRDY2N1giO3M6Mzc6IjlhOWMxMjU4MTRiOTcxNTk4MmQyNDZhMWVlNzgwODRmTzUzNDUiO3M6NToiRDY2N1giO3M6Mzg6ImUzNmEwODYxMjM3NTY0MTIyOTMyMzFhZWFkMTdmMjRmTzM3NjI5IjtzOjU6IkQ3NUFIIjtzOjM3OiJhMzhhYzUyNjY5MjQ5MzhhNGZmNTUxNDM2OWM2YjQwZE80Njc0IjtzOjU6IkQ3NUFKIjtzOjM3OiIxMDQzYTFkN2Q4NGVlNTZmODgzMWE2MGNkZmM1ZGMyOE83MDc3IjtzOjU6IkQ3NURTIjtzOjM4OiI2ZWMxNTBiNzk4N2NhYWVmOThiNTljODdiOWY0NzFiZU8xMTg0MiI7czo1OiJFMVIybiI7czozODoiNjE0N2NjZWU3YWVmOWRjMGM2ZWIxMGQ4ZDdiMzExZjlPNzA4ODMiO3M6NToiRTFSMnciO3M6Mzc6ImJhMzI5Mzk3MGUxM2IwM2EyZWE5MmY1YjZiNWJmNTQ0TzMzNzciO3M6NToiRTIyTnEiO3M6Mzc6IjYzYjBhZWQ5YjAyZjg3OWE2ZTAyOTVmYmVhN2RiODU0TzQ3MDIiO3M6NToiRTIzMEQiO3M6Mzc6ImVmNDE4OGNiMGI2MGE3MjAxN2Y0YzhhMWU4NDBhYjFlTzI5NTAiO3M6NToiRTI0OUwiO3M6Mzc6ImZiOGJmNjc4NWU1NWU5ZTM5YmVhNTUyNjM1YzQyYTY0TzMyNzAiO3M6NToiRTI2MEMiO3M6Mzk6ImFjYjMzMzI5YjllZjhhYWJkOGJkNzMxNDI2ODAzZTRlTzIzMjQ4MiI7czo1OiJFMjYwRSI7czozODoiNmNlYjY0NzU5MjU4OGJjZjQ2M2JlZmQ5NDA4ZTI3YWRPMTIwMjUiO3M6NToiRTI2MEgiO3M6Mzc6IjVhMzE4Mjc3ZmVkZjQ5MWEwMzAxZTE3N2E5ZWYxMGIzTzQ5MDgiO3M6NToiRTI2MEoiO3M6Mzg6ImRiYzM4MDg0NzNkZWYwMGZjZTQ1ZmU1NjRkYzcyZGNiTzE0NzIwIjtzOjU6IkUyNjBLIjtzOjM3OiJiOTg5YTViZDg0ZjZlYmNiYzEzOTNlYzAwM2U2ZTk5MU80OTY5IjtzOjU6IkUyN0VHIjtzOjM4OiIwMzBiODM4OTM3NmE0MmZmM2RhMTg2YmY2NTgwNjIxN08xNjUzMSI7czo1OiJFMjlEMiI7czozNzoiZGVmMjU3ZGJiMGFiODA1YzQ5OTZmZDhhYmIxYTZiNDlPNjcxNyI7czo1OiJFMkg1biI7czozODoiNzRkOTAzMDQ5NjgzZTViYmVhOWNjYjc1NDRhNDJiY2FPMTc0MTMiO3M6NToiRTVFRHEiO3M6Mzg6IjYwM2JkMTQyOTlmNjFhNzMyOWIyZDM1M2IyYjU2YzJmTzM3Njg5IjtzOjU6IkU1RURwIjtzOjM3OiIwNDI2YjM5NzU0YWE2YmM3NjZkODllYTRjNDFiYmQwNk8zNDU3IjtzOjU6IkU1RUR4IjtzOjM4OiJlYWRjNTgzMjUxM2Q1NjcwODg0YTk3NWM2ZGUxMGYwMU8xOTYxNSI7czo1OiJFN1VNQSI7czozODoiMzhkYmNjOTI1NTI5MzY4ODEyZjVjMmZiY2IzODk2MTZPMTQ5NjUiO3M6NToiRTdVTUIiO3M6Mzc6ImExYzE4MjI3ZTZlOTM3OThjNDkzYWVkOTZlZTZjYzg0TzMyNjciO3M6NToiRTdVTUIiO3M6Mzc6IjA3ODM4OGE2NDMxYWE1YjA4MzhhODczMmQxODdmZTI5Tzg5MTMiO3M6NToiRThBQXAiO3M6Mzc6ImYzYjFiMjg0MjQzNmY3YTMxMWIzOWU0ZWY0YjQ3ZjU5TzQzNTIiO3M6NToiRThCQlUiO3M6Mzc6ImQ3MDk0MDYxOWE5OWQ1NTUxMTYxNjdkNGZiMzljYTE1TzQzOTciO3M6NToiRTlDTHgiO3M6Mzg6ImNiZGJmYzkxODRkMjhhYzU1ZjgzYzBiMGRmNDBmZDQzTzc5NDE0IjtzOjU6IkU5RzhqIjtzOjM4OiJlZjNhZTkwMTQ1MjVjZjgxMTg3YWZhYTYxYmNhNzM3ZU8zNzY5MSI7czo1OiJFQ0NFMSI7czozODoiZjQ0OGM1OTNjMjQyZDEzNGU5NzMzYTg0YzdhNGQyNmNPMTUyNDgiO3M6NToiRUNIOVgiO319fQ3'));
778
779	function GOTMLS_file_put_contents($file, $content) {
780	+ global $GOTMLS_chmod_file, $GOTMLS_chmod_dir;
781	+ if ((is_dir(dirname($file)) \|\| @mkdir(dirname($file), $GOTMLS_chmod_dir, true)) && !is_writable(dirname($file)) && ($GOTMLS_chmod_dir = @fileperms(dirname($file))))
782	+ $chmoded_dir = @chmod(dirname($file), 0777);
783	+ if (is_file($file) && !is_writable($file) && ($GOTMLS_chmod_file = @fileperms($file)))
784	+ $chmoded_file = @chmod($file, 0666);
785	if (function_exists("file_put_contents"))
786	+ $return = @file_put_contents($file, $content);
787	elseif ($fp = fopen($file, 'w')) {
788	fwrite($fp, $content);
789	fclose($fp);
790	+ $return = true;
791	} else
792	+ $return = false;
793	+ if ($chmoded_file)
794	+ @chmod($file, $GOTMLS_chmod_file);
795	+ if ($chmoded_dir)
796	+ @chmod(dirname($file), $GOTMLS_chmod_dir);
797	+ return $return;
798	}
799
800	function GOTMLS_scan_log() {

827	}
828
829	function GOTMLS_get_URL($URL) {
830	+ $response = "";
831	+ $request = wp_remote_get($URL);
832	+ if (200 == wp_remote_retrieve_response_code($request))
833	+ $response = wp_remote_retrieve_body($request);
834	+ return $response;











835	}

index.php CHANGED Viewed

	@@ -8,7 +8,7 @@ Author URI: http://wordpress.ieonly.com/category/my-plugins/anti-malware/
8	Contributors: scheeeli, gotmls
9	Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
10	Description: This Anti-Virus/Anti-Malware plugin searches for Malware and other Virus like threats and vulnerabilities on your server and helps you remove them. It's always growing and changing to adapt to new threats so let me know if it's not working for you.
11	- Version: 4.14.65
12	*/
13	if (isset($_SERVER["DOCUMENT_ROOT"]) && ($SCRIPT_FILE = str_replace($_SERVER["DOCUMENT_ROOT"], "", isset($_SERVER["SCRIPT_FILENAME"])?$_SERVER["SCRIPT_FILENAME"]:isset($_SERVER["SCRIPT_NAME"])?$_SERVER["SCRIPT_NAME"]:"")) && strlen($SCRIPT_FILE) > strlen("/".basename(__FILE__)) && substr(__FILE__, -1 * strlen($SCRIPT_FILE)) == substr($SCRIPT_FILE, -1 * strlen(__FILE__)))
14	include(dirname(__FILE__)."/safe-load/index.php");
	@@ -103,8 +103,8 @@ function GOTMLS_admin_add_help_tab() {
103	'content' => '<form method="POST" name="GOTMLS_menu_Form">'.$menu_opts.'</form>'
104	));
105	}
106	- function GOTMLS_close_button($box_id) {
107	- return '<a href="javascript:void(0);" style="float: right; color: #F00; overflow: hidden; width: 20px; height: 20px; ~~margin: 6px;~~ text-decoration: none;" onclick="showhide(\''.$box_id.'\');"><span class="dashicons dashicons-dismiss"></span>X</a>';
108	}
109	function GOTMLS_enqueue_scripts() {
110	wp_enqueue_style('dashicons');
	@@ -118,7 +118,7 @@ function GOTMLS_display_header($optional_box = "") {
118	echo '<div id="check_site" style="z-index: 1234567;"><img src="'.GOTMLS_images_path.'checked.gif" height=16 width=16 alt="✔"> '.__("Tested your site. It appears we didn't break anything",'gotmls').' ;-)</div><script type="text/javascript">window.parent.document.getElementById("check_site_warning").style.backgroundColor=\'#0C0\';</script><li>Please <a target="_blank" href="https://wordpress.org/plugins/gotmls/stats/?compatibility%5Bversion%5D='.$wp_version.'&compatibility%5Btopic_version%5D='.GOTMLS_Version.'&compatibility%5Bcompatible%5D=1#compatibility-works">Vote "Works"</a> or <a target="_blank" href="https://wordpress.org/support/view/plugin-reviews/gotmls#postform">write a "Five-Star" Reviews</a> on WordPress.org if you like this plugin.</li><style>#footer, #GOTMLS-metabox-container, #GOTMLS-right-sidebar, #admin-page-container, #wpadminbar, #adminmenuback, #adminmenuwrap, #adminmenu, .error, .updated, .update-nag {display: none !important;} #wpbody-content {padding-bottom: 0;} #wpbody, html.wp-toolbar {padding-top: 0 !important;} #wpcontent, #footer {margin-left: 5px !important;}';
119	else
120	echo '<style>#GOTMLS-right-sidebar {float: right; margin-right: 0px;}';
121	- $Update_Definitions = ~~GOTMLS_update_home~~.'definitions.js'.$GLOBALS["GOTMLS"]["tmp"]["Definition"]["Updates"].'&js='.GOTMLS_Version.'&p='.strtoupper(GOTMLS_plugin_dir).'&wp='.$wp_version.'&ts='.date("YmdHis").'&key='.GOTMLS_installation_key.'&d='.ur1encode(GOTMLS_siteurl);
122	$Update_Link = '<div style="text-align: center;"><a href="';
123	$new_version = "";
124	$file = basename(GOTMLS_plugin_path).'/index.php';
	@@ -146,7 +146,7 @@ span.GOTMLS_date {float: right; width: 120px; white-space: nowrap;}
146	.GOTMLS_li, .GOTMLS_plugin li {list-style: none;}
147	.GOTMLS_plugin {margin: 5px; background: #cfc; border: 1px solid #0f0; padding: 0 5px; border-radius: 3px;}
148	.GOTMLS_plugin.known, .GOTMLS_plugin.backdoor, .GOTMLS_plugin.htaccess, .GOTMLS_plugin.timthumb, .GOTMLS_plugin.errors {background: #f99; border: 1px solid #f00;}
149	- .GOTMLS_plugin.potential, .GOTMLS_plugin.~~wp_login~~, .GOTMLS_plugin.skipdirs, .GOTMLS_plugin.skipped {background: #ffc; border: 1px solid #fc6;}
150	.GOTMLS ul li {margin-left: 20px;}
151	.GOTMLS h2 {margin: 0 0 10px;}
152	.postbox {margin-right: 10px;}
	@@ -461,14 +461,14 @@ setDiv("div_file");
461	<input type="hidden" name="lc" value="US">
462	<input type="hidden" name="bn" value="PP-DonationsBF">
463	<input type="radio" name="amount" value="14.89">$14+
464	- <input type="radio" name="amount" value="29.14" checked>$29+
465	- <input type="radio" name="amount" value="49.75">$49+
466	<input type="radio" name="amount" value="76.00">$76
467	<input type="radio" name="amount" value="152.00">$152
468	<input type="hidden" name="item_name" value="Donation to Eli\'s Anti-Malware Plugin">
469	<input type="hidden" name="item_number" value="GOTMLS-key-'.GOTMLS_installation_key.'">
470	<input type="hidden" name="custom" value="key-'.GOTMLS_installation_key.'">
471	- <input type="hidden" name="notify_url" value="'.~~GOTMLS_update_home~~.GOTMLS_installation_key.'/ipn">
472	<input type="hidden" name="page_style" value="GOTMLS">
473	<input type="hidden" name="return" value="'.GOTMLS_plugin_home.'donate/?donation-source=paid">
474	<input type="hidden" name="cancel_return" value="'.GOTMLS_plugin_home.'donate/?donation-source=cancel">
	@@ -480,8 +480,8 @@ setDiv("div_file");
480	<li><a target="_blank" href="https://wordpress.org/support/plugin/'.GOTMLS_plugin_dir.'">Forum Posts</a></li>
481	<li><a target="_blank" href="https://wordpress.org/support/view/plugin-reviews/'.GOTMLS_plugin_dir.'">Plugin Reviews</a></li>
482	</ul></li>
483	- <li><img src="'.~~GOTMLS_plugin_home.'favicon.ico~~" border="0" alt="Plugin site:"><b><a target="_blank" href="'.GOTMLS_plugin_home.'">GOTMLS.NET</a></b></li>
484	- <li><img src="'.~~GOTMLS_blog_home.'~~/~~favicon.ico~~" border="0" alt="Developer site:"><b><a target="_blank" href="'.GOTMLS_blog_home.'/category/my-plugins/anti-malware/">Eli\'s Blog</a></b></li>
485	<li><img src="https://ssl.gstatic.com/ui/v1/icons/mail/favicon.ico" border="0" alt="mail:"><b><a target="_blank" href="mailto:eli@gotmls.net">Email Eli</a></b></li>
486	<li><iframe allowtransparency="true" frameborder="0" scrolling="no" src="https://platform.twitter.com/widgets/follow_button.html?screen_name=GOTMLS&show_count=false" style="width:125px; height:20px;"></iframe></li>
487	</ul>
	@@ -603,18 +603,12 @@ function GOTMLS_get_whitelists() {
603	$Q_Page .= '<li style="margin: 4px 12px;"><span class="GOTMLS_date">'.count($non_threats).'</span><span class="GOTMLS_date">'.$updated."</span>$file</li>\n";
604	//if (is_array($non_threats) && count($non_threats)) $Q_Page .= print_r($non_threats, 1);
605	}
606	- $~~Q_Page~~ .= "~~</ul>~~";
607	- }
608	- if (~~isset(~~$GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]) && ~~is_array(~~$~~GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]~~)) {
609	- $Q_Page .= '<ul ~~name="found_Quarantine" id="found_Quarantine" class="GOTMLS_plugin known"~~ style="~~background-color~~: ~~#ccc;~~ ~~padding: 0~~;"><~~h3>'.__("WP Core files",'gotmls').'<~~span class="GOTMLS_date">'.__(~~"# of patterns",'gotmls'~~).'</span~~><span class="GOTMLS_date"~~>~~'.__("Date~~ ~~Updated~~"~~,'gotmls').'</span></h3>'~~;
610	- ~~foreach~~ ($~~GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]~~ as $~~file~~ => $non_threats) {
611	- ~~if (isset($non_threats[0])) {~~
612	- $updated = GOTMLS_sexagesimal($non_threats[0]);
613	- unset($non_threats[0]);
614	- } else
615	- $updated = "Unknown";
616	- $Q_Page .= "\n<li><span class=\"GOTMLS_date\">".count($non_threats)."</span><span class=\"GOTMLS_date\">$updated</span>$file</li>";
617	- if (is_array($non_threats) && count($non_threats)) $Q_Page .= print_r($non_threats, 1);
618	}
619	$Q_Page .= "</ul>";
620	}
	@@ -672,7 +666,7 @@ function GOTMLS_View_Quarantine() {
672	}
673
674	function GOTMLS_settings() {
675	- global $current_user, $wp_version, $~~GOTMLS_threat_levels, $~~GOTMLS_scanfiles, $GOTMLS_loop_execution_time, $GOTMLS_skip_dirs, $GOTMLS_dirs_at_depth, $GOTMLS_dir_at_depth;
676	$GOTMLS_scan_groups = array();
677	$dirs = GOTMLS_explode_dir(__file__);
678	for ($SL=0;$SL<intval($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"]);$SL++)
	@@ -689,6 +683,12 @@ function GOTMLS_settings() {
689	$GLOBALS["GOTMLS"]["tmp"]["skip_ext"] = $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"];
690	else
691	$GLOBALS["GOTMLS"]["tmp"]["skip_ext"] = array_merge($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"], array("gotmls"));






692	if (isset($_POST["exclude_dir"])) {
693	if (strlen(trim(str_replace(",","",$_POST["exclude_dir"]).' ')) > 0)
694	$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_dir"] = preg_split('/[\s]([,]+[\s])+/', trim($_POST["exclude_dir"]), -1, PREG_SPLIT_NO_EMPTY);
	@@ -709,8 +709,8 @@ function GOTMLS_settings() {
709	$GLOBALS["GOTMLS"]["tmp"]["settings_array"]['check_htaccess'] = $_POST['check_htaccess'];
710	if (isset($_POST['check_timthumb']) && is_numeric($_POST['check_timthumb']) && $_POST['check_timthumb'] != $GLOBALS["GOTMLS"]["tmp"]["settings_array"]['check_timthumb'])
711	$GLOBALS["GOTMLS"]["tmp"]["settings_array"]['check_timthumb'] = $_POST['check_timthumb'];
712	- if (isset($_POST['~~check_wp_login~~']) && is_numeric($_POST['~~check_wp_login~~']) && $_POST['~~check_wp_login~~'] != $GLOBALS["GOTMLS"]["tmp"]["settings_array"]['~~check_wp_login~~'])
713	- $GLOBALS["GOTMLS"]["tmp"]["settings_array"]['~~check_wp_login~~'] = $_POST['~~check_wp_login~~'];
714	if (isset($_POST['check_known']) && is_numeric($_POST['check_known']) && $_POST['check_known'] != $GLOBALS["GOTMLS"]["tmp"]["settings_array"]['check_known'])
715	$GLOBALS["GOTMLS"]["tmp"]["settings_array"]['check_known'] = $_POST['check_known'];
716	if (isset($_POST['check_potential']) && is_numeric($_POST['check_potential']) && $_POST['check_potential'] != $GLOBALS["GOTMLS"]["tmp"]["settings_array"]['check_potential'])
	@@ -720,71 +720,66 @@ function GOTMLS_settings() {
720	elseif (isset($_POST["exclude_ext"]))
721	$GLOBALS["GOTMLS"]["tmp"]["settings_array"]['skip_quarantine'] = 0;
722	GOTMLS_update_scan_log(array("settings" => $GLOBALS["GOTMLS"]["tmp"]["settings_array"]));
723	- $~~scan_opts~~ = '';
724	$scan_optjs = "\n<script type=\"text/javascript\">\nfunction showOnly(what) {\n";
725	foreach ($GOTMLS_scan_groups as $mg => $GOTMLS_scan_group) {
726	$scan_optjs .= "document.getElementById('only$mg').style.display = 'none';\n";
727	- $~~scan_opts~~ .= '
728	- <div style="position: relative; float: right; padding: 2px 0px 4px 30px;" id="scan_group_div_'.$mg.'"><input type="radio" name="scan_what" id="not-only'.$mg.'" value="'.$mg.'"'.($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_what"]==$mg?' checked':'').' /><a style="text-decoration: none;" href="#scan_what" onclick="showOnly(\''.$mg.'\');document.getElementById(\'not-only'.$mg.'\').checked=true;">~~'.$GOTMLS_scan_group.'</a><br />~~
729	- <div class="rounded-corners" style="position: absolute; display: none; background-color: #CCF; padding: 10px; z-index: 10;" id="only'.$mg.'"><div style="position: relative; padding: 0 40px 0 0;"><a class="rounded-corners" style="position: absolute; right: 0; margin: 0; padding: 0 4px; text-decoration: none; color: #C00; background-color: #FCC; border: solid #F00 1px;" href="#scan_what" onclick="showhide(\'only'.$mg.'\');">X</~~a><b>'.str_replace(" ", " ", __("Only Scan These Folders:",'gotmls')).'</b></~~div>';
730	$dir = implode(GOTMLS_slash(), array_slice($dirs, 0, -1 * (2 + $mg)));
731	$files = GOTMLS_getfiles($dir);
732	if (is_array($files))
733	foreach ($files as $file)
734	if (is_dir(GOTMLS_trailingslashit($dir).$file))
735	- $~~scan_opts~~ .= '
736	- ~~<br~~ ~~/><input type~~=~~"checkbox"~~ ~~name="scan_only[]" value="~~'~~.$file.'" />'.$file;~~
737	- $~~scan_opts~~ .= '
738	- </div>
739	- </div>';
740	}
741	- $scan_optjs .= "document.getElementById('only'+what).style.display = 'block';\n}\n</script>";
742	$scan_opts = '
743	<form method="POST" name="GOTMLS_Form" action="'.str_replace('&mt=', '&last_mt=', str_replace('&scan_type=', '&last_type=', GOTMLS_script_URI)).'"><input type="hidden" name="scan_type" id="scan_type" value="Complete Scan" />
744	- <div style="float: left;"><b>'.__("What to ~~scan~~:",'gotmls').'</b></~~div~~>
745	- <div style="float: left;">'.$scan_opts.$scan_optjs.'</div>
746	- <div style="float: left;" id="scanwhatfolder"></div><br style="clear: left;" />
747	- <p><b>'.__("Scan Depth:",'gotmls').'</b> ('.__("how far do you want to drill down from your starting directory?",'gotmls').')</p>
748	- <div style="padding: 0 30px;"><input type="text" value="'.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_depth"].'" name="scan_depth"> ('.__("-1 is infinite depth",'gotmls').')</div><p><b>'.__("What to look for:",'gotmls').'</b></p>
749	<div style="padding: 0 30px;">';
750	- foreach ($~~GOTMLS_threat_levels~~ as $threat_level_name=>$threat_level) {
751	- $scan_opts .= '
752	- ~~<div~~ ~~style=~~"~~padding:~~ 0; ~~position: relative;~~" ~~id=~~"~~check_'.$~~threat_level~~.'_div~~"~~>';~~
753	- if (~~isset~~($GLOBALS["GOTMLS"]["~~tmp~~"]["~~definitions_array~~"][~~$threat_level~~]))
754	- $~~scan_opts~~ ~~.= '~~
755	- ~~<input~~ ~~type="checkbox" name="check[]" id="check_'.$threat_level.'_Yes" value="'.$threat_level.'"'.~~(~~in_array~~($~~threat_level,$GLOBALS~~["~~GOTMLS~~"][~~"log"~~]~~["settings"]["check"]~~)~~?' checked':''~~).' /> <a style="text-decoration: none;" href="#check_'.$threat_level.'_div_0" onclick="document.getElementById(\'check_'.$threat_level.'_Yes\').checked=true;showhide(\'dont_check_'.$threat_level.'\');">';
756	- ~~else~~
757	- $scan_opts .= '
758	- <a ~~title~~="~~'.__("Download~~ ~~Definition~~ ~~Updates~~ to ~~Use~~ ~~this~~ ~~feature~~",'~~gotmls')~~.'"><~~img~~ ~~src~~="~~'.GOTMLS_images_path.'blocked.gif~~" ~~height~~=16 ~~width~~=16 ~~alt~~="X">';
759	- ~~$scan_opts~~ .= (~~isset(~~$~~_GET~~["~~SESSION~~"]~~) && isset($_SESSION~~["~~GOTMLS_debug~~"][~~$threat_level])?print_r($_SESSION[~~"~~GOTMLS_debug~~"][$threat_level],1)~~:"")."<b>$threat_level_name</b></a>";~~
760	- if ~~(!isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"][$threat_level]))~~
761	- $~~scan_opts~~ .= '~~<br~~ />
762	- ~~<div~~ ~~style="padding:~~ ~~14px;" id="check_~~'~~.$threat_level.'_div_NA">'.__("Registration of your Installation Key is required for this feature",'gotmls').'</div>';~~
763	- ~~elseif (isset($_GET["SESSION"])) {~~
764	- ~~$scan_opts .= '~~
765	- ~~<div~~ style="padding: 0 20px; position: relative; top: -18px; display: none;" id="dont_check_'.$threat_level.'"><a class="rounded-corners" style="position: absolute; left: 0; margin: 0; padding: 0 4px; text-decoration: none; color: #C00; background-color: #FCC; border: solid #F00 1px;" href="#check_'.$threat_level.'_div_0" onclick="showhide(\'dont_check_'.$threat_level.'\');">X</a>';
766	- ~~foreach~~ (~~$GLOBALS[~~"~~GOTMLS~~"]["~~tmp~~"]["~~definitions_array~~"~~][$~~threat_level] as ~~$threat_name~~ => ~~$threat_regex~~)
767	- $scan_opts .= '<br />
768	- <input type="checkbox" name="dont_check[]" value="'.htmlspecialchars($threat_name).'"'.(in_array($threat_name, $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"])?' checked /><script>showhide("dont_check_'.$threat_level.'", true);</script>':' />').(isset($_SESSION["GOTMLS_debug"][$threat_name])?print_r($_SESSION["GOTMLS_debug"][$threat_name],1):"").$threat_name;
769	- $scan_opts .= '
770	- </div>';
771	- }
772	$scan_opts .= '
773	</div>';
774	}






775	if (isset($_GET["SESSION"]) && isset($_SESSION["GOTMLS_debug"]['total'])) {$scan_opts .= print_r($_SESSION["GOTMLS_debug"]['total'],1); unset($_SESSION["GOTMLS_debug"]);}
776	if (isset($_GET["eli"])) {//still testing this option
777	$scan_opts .= '
778	- <div style="padding: 10px;"><b>'.__("Custom RegExp:",'gotmls').'</b> ('.__("For very advanced users only. Do not use this without talking to Eli first. If used incorrectly you could easily break your site.",'gotmls').')~~<br /><~~input type="text" name="check_custom" style="width: 100%;" value="'.htmlspecialchars($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check_custom"]).'" /></div>';
779	}
780	$scan_opts .= '
781	- </~~div~~>
782	- <~~p>'.__(~~"~~<b>Skip~~ ~~files~~ ~~with~~ ~~the~~ ~~following~~ ~~extentions:</b>~~ (a ~~comma separated list of file extentions to be excluded from the scan)~~"~~,'gotmls'~~).'~~</p~~>
783	- <div style="padding: 0 30px;"><input type="text" name="exclude_ext" value="'.implode(",", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"]).'" style="width: 100%;" /></div>
784	<p>'.__("<b>Skip directories with the following names:</b> (a comma separated list of folders to be excluded from the scan)",'gotmls').'</p>
785	<div style="padding: 0 30px;"><input type="text" name="exclude_dir" value="'.implode(",", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_dir"]).'" style="width: 100%;" /></div>
786	- <p style="~~float~~: ~~right;~~"~~><input~~ ~~type~~="~~submit~~" id="~~complete_scan~~" ~~value~~="'.__("~~Run~~ ~~Complete~~ ~~Scan~~",'gotmls').'" ~~class~~="~~button~~-~~primary~~" ~~/></p~~>
787	- <~~p><~~b>'.GOTMLS_Skip_Quarantine_LANGUAGE.'</b~~> <~~input type="checkbox" name="skip_quarantine" value="1"'.((isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["skip_quarantine"]) && $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["skip_quarantine"])?" checked":"").'></p></form>';
788	@ob_start();
789	$OB_default_handlers = array("default output handler", "zlib output compression");
790	$OB_handlers = @ob_list_handlers();
	@@ -793,7 +788,7 @@ function GOTMLS_settings() {
793	if (!in_array($OB_last_handler, $OB_default_handlers))
794	echo '<div class="error">'.sprintf(__("Another Plugin or Theme is using '%s' to handle output buffers. <br />This prevents actively outputing the buffer on-the-fly and will severely degrade the performance of this (and many other) Plugins. <br />Consider disabling caching and compression plugins (at least during the scanning process).",'gotmls'), $OB_last_handler).'</div>';
795	GOTMLS_display_header();
796	- $scan_groups = array_merge(array(__("Scanned Files",'gotmls')=>"scanned",__("Selected Folders",'gotmls')=>"dirs",__("Scanned Folders",'gotmls')=>"dir",__("Skipped Folders",'gotmls')=>"skipdirs",__("Skipped Files",'gotmls')=>"skipped",__("Read/Write Errors",'gotmls')=>"errors",__("Quarantined Files",'gotmls')=>"bad"), $~~GOTMLS_threat_levels~~);
797	echo '<script type="text/javascript">
798	var percent = 0;
799	function changeFavicon(percent) {
	@@ -805,7 +800,7 @@ function changeFavicon(percent) {
805	link.id = "wait_gif";
806	link.type = "image/gif";
807	link.rel = "shortcut icon";
808	- var threats = '.implode(" + ", array_merge($~~GOTMLS_threat_levels~~, array(__("Potential Threats",'gotmls')=>"errors",__("WP-Login Updates",'gotmls')=>"errors"))).';
809	if (threats > 0) {
810	if ((errors * 2) == threats)
811	linkhref = "blocked";
	@@ -918,7 +913,7 @@ var startTime = 0;
918	</script>'.GOTMLS_box($_REQUEST["scan_type"].' Status', '<div id="status_text"><img src="'.GOTMLS_images_path.'wait.gif" height=16 width=16 alt="..."> '.GOTMLS_Loading_LANGUAGE.'</div><div id="status_bar"></div><p id="pause_button" style="display: none; position: absolute; left: 0; text-align: center; margin-left: -30px; padding-left: 50%;"><input type="button" value="Pause" class="button-primary" onclick="pauseresume(this);" id="resume_button" /></p><div id="status_counts"></div><p id="fix_button" style="display: none; text-align: center;"><input id="repair_button" type="submit" value="'.GOTMLS_Automatically_Fix_LANGUAGE.'" class="button-primary" onclick="loadIframe(\'Examine Results\');" /></p>');
919	$scan_groups_UL = "";
920	foreach ($scan_groups as $scan_name => $scan_group)
921	- $scan_groups_UL .= "\n<ul name=\"found_$scan_group\" id=\"found_$scan_group\" class=\"GOTMLS_plugin $scan_group\" style=\"background-color: #ccc; display: none; padding: 0;\"><a class=\"rounded-corners\" name=\"link_$scan_group\" style=\"float: right; padding: 0 4px; margin: 5px 5px 0 30px; line-height: 16px; text-decoration: none; color: #C00; background-color: #FCC; border: solid #F00 1px;\" href=\"#found_top\" onclick=\"showhide('found_$scan_group');\">X</a><h3>$scan_name</h3>\n".($scan_group=='potential'?'<p>   * '.__("NOTE: These are probably not malicious scripts (but it's a good place to start looking <u>IF</u> your site is infected and no Known Threats were found).",'gotmls').'</p>':($scan_group=='~~wp_login~~'?'<p>   * '.__("NOTE: ~~Your~~ ~~WordPress~~ ~~Login~~ ~~page~~ ~~has~~ the ~~old~~ ~~version~~ of my ~~brute-force~~ ~~protection installed~~. ~~Upgrade~~ ~~this~~ ~~patch~~ to ~~improve~~ ~~the~~ ~~protection~~ on the ~~WordPress~~ ~~Login~~ ~~page~~ ~~and~~ ~~preserve~~ ~~the~~ ~~integrity~~ of ~~your~~ ~~WordPress core~~ files. ~~For~~ ~~more~~ ~~information~~ on ~~brute~~ ~~force~~ ~~attack prevention and~~ the ~~WordPress~~ ~~wp-login-php~~ ~~file~~ ~~",'gotmls').'~~ <a ~~target="_blank"~~ ~~href="http://gotmls~~.~~net/tag/wp-login-php/~~"~~>'.__("read my blog"~~,'gotmls').'</~~a>.</~~p>':'<br />')).'</ul>';
922	if (!($dir = implode(GOTMLS_slash(), array_slice($dirs, 0, -1 * (2 + $_REQUEST["scan_what"]))))) $dir = "/";
923	GOTMLS_update_scan_log(array("scan" => array("dir" => $dir, "start" => time(), "type" => $_REQUEST["scan_type"])));
924	echo GOTMLS_box('<div style="float: right;"> ('.$GLOBALS["GOTMLS"]["log"]["scan"]["dir"].') </div>'.__("Scan Details:",'gotmls'), $scan_groups_UL);
	@@ -1038,31 +1033,32 @@ showhide("pause_button", true);'."\n/<!--"."/";
1038	$patch_action = "";
1039	$find = "#if\s$([^\&]+\&\&)?\sfile_exists\((.+?)(safe-load\|wp-login)\.php'$\)\s*require(_once)?$(.+?)(safe-load\|wp-login)\.php'$;#";
1040	$head = str_replace(array('#', '\$', '\$', '(_once)?', ')\\.', '\\s*', '(.+?)(', '\|', '([^\\&]+\\&\\&)?'), array(' ', '(', ')', '_once', '.', ' ', '\''.dirname(__FILE__).'/', '/', '!in_array($_SERVER["REMOTE_ADDR"], array("'.$_SERVER["REMOTE_ADDR"].'")) &&'), $find);
1041	- if (is_file(~~dirname(__FILE__)~~.'~~/../../../~~wp-config.php')) {
1042	- if (($config = @file_get_contents(~~dirname(__FILE__)~~.'~~/../../../~~wp-config.php')) && strlen($config)) {
1043	if ($patch_found = preg_match($find, $config)) {
1044	if (strpos($config, substr($head, strpos($head, "file_exists")))) {
1045	- if (isset($_POST["GOTMLS_patching"]) && GOTMLS_file_put_contents(~~dirname(__FILE__)~~.'~~/../../../~~wp-config.php', preg_replace('#<\?[ph\s]+(//.\s)*\?>#i', "", preg_replace($find, "", $config))))
1046	$patch_action .= '<div class="error">'.__("Removed Brute-Force Protection",'gotmls').'</div>';
1047	else
1048	$patch_status = 1;
1049	} else {
1050	- if (isset($_POST["GOTMLS_patching"]) && GOTMLS_file_put_contents(~~dirname(__FILE__)~~.'~~/../../../~~wp-config.php', preg_replace($find, "$head", $config))) {
1051	$patch_action .= '<div class="updated">'.__("Upgraded Brute-Force Protection",'gotmls').'</div>';
1052	$patch_status = 1;
1053	} else
1054	$patch_status = 2;
1055	}
1056	- } elseif (isset($_POST["GOTMLS_patching"]) && strlen($config) && ($patch_found == 0) && GOTMLS_file_put_contents(~~dirname(__FILE__)~~.'~~/../../../~~wp-config.php', "<?php$head// Load Brute-Force Protection by GOTMLS.NET before the WordPress bootstrap. ?>$config")) {
1057	$patch_action .= '<div class="updated">'.__("Installed Brute-Force Protection",'gotmls').'</div>';
1058	$patch_status = 1;
1059	- }

1060	} else
1061	$patch_action .= '<div class="error">'.__("wp-config.php Not Readable!",'gotmls').'</div>';
1062	} else
1063	$patch_action .= '<div class="error">'.__("wp-config.php Not Found!",'gotmls').'</div>';
1064	- if (file_exists(~~dirname(__FILE__)~~.'~~/../../../~~wp-login.php') && ($login = @file_get_contents(~~dirname(__FILE__)~~.'~~/../../../~~wp-login.php')) && strlen($login) && (preg_match($find, $login))) {
1065	- if (isset($_POST["GOTMLS_patching"]) && ($source = ~~wp_remote_get~~("http://core.svn.wordpress.org/tags/".$wp_version.'/wp-login.php')) && ~~is_array~~(~~$source) && isset($source["body"]) && (~~strlen($source~~["body"]~~) > 500) && GOTMLS_file_put_contents(~~dirname(__FILE__)~~.'~~/../../../~~wp-login.php', $source~~["body"]~~))
1066	$patch_action .= '<div class="updated">'.__("Removed Old Brute-Force Login Patch",'gotmls').'</div>';
1067	else
1068	$patch_status = 2;
	@@ -1097,7 +1093,7 @@ function GOTMLS_set_plugin_row_meta($links_array, $plugin_file) {
1097	}
1098
1099	function GOTMLS_init() {
1100	- global $GOTMLS_onLoad, $~~GOTMLS_threat_levels~~, $wpdb, $GOTMLS_threats_found, $GOTMLS_file_contents;
1101	if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_what"]))
1102	$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_what"] = 2;
1103	if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_depth"]))
	@@ -1132,12 +1128,18 @@ function GOTMLS_init() {
1132	if (is_array($definition_version))
1133	if (!isset($GOTMLS_definitions_versions[$threat_level]) \|\| $definition_version[0] > $GOTMLS_definitions_versions[$threat_level])
1134	$GOTMLS_definitions_versions[$threat_level] = $definition_version[0];
1135	- if (isset($_POST["UPDATE_definitions_array"])) {
1136	- ~~$GOTnew_definitions~~ ~~= maybe_unserialize~~(~~GOTMLS_decode~~($_POST["UPDATE_definitions_array"]));
1137	- $~~GOTMLS_onLoad~~ .= "~~updates_complete('Downloaded Definitions'~~);";
1138	- } ~~elseif~~ (~~isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_login"]["brute force possible on wp-login.php"]) &&~~ is_array($~~GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_login"]["brute force possible on wp-login.php"]~~) ~~&& count($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_login"]["brute force possible on wp-login.php"]~~) ~~== 2 && $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_login"]["brute force possible on wp-login.php"][0] == "D4OAB")~~
1139	- $~~GOTnew_definitions["wp_login"]["brute~~ ~~force~~ ~~possible on wp-login.php~~"~~] = array~~(~~"D4OAC",~~'~~/if~~ ~~$file_exists\(.+?(\/plugins\/gotmls\/safe-load\.php\~~')~~[$\s]+require$.+?\1$;/i')~~;
1140	- //elseif (~~file_exists~~(~~GOTMLS_plugin_path~~.'~~definitions_update~~.~~txt~~')) $GOTnew_definitions = maybe_unserialize(~~GOTMLS_decode~~(~~file_get_contents(GOTMLS_plugin_path.'definitions_update.txt'~~)));






1141	if (isset($GOTnew_definitions) && is_array($GOTnew_definitions)) {
1142	$GLOBALS["GOTMLS"]["tmp"]["definitions_array"] = GOTMLS_array_replace_recursive($GLOBALS["GOTMLS"]["tmp"]["definitions_array"], $GOTnew_definitions);
1143	if (file_exists(GOTMLS_plugin_path.'definitions_update.txt'))
	@@ -1163,14 +1165,14 @@ function GOTMLS_init() {
1163	if ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"][$threat_name][0] > $GOTMLS_definitions_version)
1164	$GOTMLS_definitions_version = $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"][$threat_name][0];
1165	if (!(count($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"]) && in_array($threat_name, $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"]))) {
1166	- $~~GOTMLS_threat_levels~~[$threat_name] = count($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"][$threat_name]);
1167	- if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"]) && $~~GOTMLS_threat_levels~~[$threat_name] > 2)
1168	$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"] = "known";
1169	}
1170	}
1171	}*/
1172	if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"]))
1173	- $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"] = $~~GOTMLS_threat_levels~~;
1174	if (isset($_POST["GOTMLS_fix"]) && !is_array($_POST["GOTMLS_fix"]))
1175	$_POST["GOTMLS_fix"] = array($_POST["GOTMLS_fix"]);
1176	GOTMLS_update_scan_log(array("settings" => $GLOBALS["GOTMLS"]["tmp"]["settings_array"]));
	@@ -1186,7 +1188,7 @@ function GOTMLS_init() {
1186	} else
1187	unset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"][$file]);
1188	update_option("GOTMLS_definitions_array", $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]);
1189	- die("<html><body>Added $file to Whitelist!<br ~~/><~~iframe style='width: 90%; height: 350px;' src='".~~GOTMLS_update_home~~."whitelist.html?whitelist=".$_POST['GOTMLS_whitelist']."&hash=$chksum[0]&size=$filesize&key=$chksum[1]'></iframe~~></body></html~~>");
1190	} else echo "<li>Invalid Data!</li>";
1191	} elseif (isset($_GET["GOTMLS_scan"])) {
1192	$file = GOTMLS_decode($_GET["GOTMLS_scan"]);
	@@ -1256,7 +1258,7 @@ function select_text_range(ta_id, start, end) {
1256	}
1257	}
1258	window.parent.showhide("GOTMLS_iFrame", true);
1259	- </script><table style="top: 0px; left: 0px; width: 100%; height: 100%; position: absolute;"><tr><td style="width: 100%"><form style="margin: 0;" method="post"'.(is_file($clean_file)?' onsubmit="return confirm(\''.__("Are you sure this file is not infected and you want to ignore it in future scans?",'gotmls').'\');"><input type="hidden" name="GOTMLS_whitelist" value="'.GOTMLS_encode($clean_file).'"><input type="hidden" name="GOTMLS_chksum" value="'.md5($GOTMLS_file_contents).'O'.GOTMLS_installation_key.'"><input type="submit" value="Whitelist this file" style="float: right;">':(is_file(GOTMLS_quarantine($clean_file))?' >':'>')).'</form><div id="fileperms" class="shadowed-box rounded-corners" style="display: none; position: absolute; left: 8px; top: 29px; background-color: #ccc; border: medium solid #C00; box-shadow: -3px 3px 3px #666; border-radius: 10px; padding: 10px;"><b>File Details</b><br />encoding:'.mb_detect_encoding($GOTMLS_file_contents).'<br />permissions:'.GOTMLS_fileperms($file).'<br />modified:'.date(" Y-m-d H:i:s ", filemtime($file)).'<br />changed:'.date(" Y-m-d H:i:s ", filectime($file)).'</div><div style="overflow: auto;"><span onmouseover="document.getElementById(\'fileperms\').style.display=\'block\';" onmouseout="document.getElementById(\'fileperms\').style.display=\'none\';">'.__("Potential threats in file:",'gotmls').'</span> ('.$fa.' )</div></td></tr><tr><td style="height: 100%"><textarea id="ta_file" style="width: 100%; height: 100%">'.htmlentities(str_replace("\r", "", $GOTMLS_file_contents)).'</textarea></td></tr></table>');
1260	}
1261	}
1262	} elseif (isset($_REQUEST["GOTMLS_fix"]) && is_array($_REQUEST["GOTMLS_fix"]) && isset($_REQUEST["GOTMLS_fixing"]) && $_REQUEST["GOTMLS_fixing"]) {
	@@ -1270,7 +1272,7 @@ window.parent.showhide("GOTMLS_iFrame", true);
1270	if (GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]) == substr($path, 0, strlen(GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]))) && @unlink($path)) {
1271	echo __("Deleted!",'gotmls');
1272	$li_js .= "/-->"."/\nDeletedFile('$clean_file');\n/<!--"."/";
1273	- } elseif (is_file(dirname($path)."/index.php") && ($GOTMLS_file_contents = @file_get_contents(dirname($path)."/index.php")) && strlen($GOTMLS_file_contents) > 0 && ~~@file_put_contents~~($path, $GOTMLS_file_contents) && (@rename($path, dirname($path)."/index.php") \|\| ~~file_put_contents~~($path, "") !== false)) {
1274	echo __("Removed file contents!",'gotmls');
1275	$li_js .= "/-->"."/\nfixedFile('$clean_file');\n/<!--"."/";
1276	} else {
	@@ -1296,16 +1298,18 @@ window.parent.showhide("GOTMLS_iFrame", true);
1296	else
1297	$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"] = count(explode('/', trailingslashit(get_option("siteurl")))) - 1;
1298	$GLOBALS["GOTMLS_msg"] = __("Default position",'gotmls');

1299	if (isset($_GET["GOTMLS_msg"]) && $_GET["GOTMLS_msg"] == $GLOBALS["GOTMLS_msg"]) {
1300	$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"] = $GLOBALS["GOTMLS"]["tmp"]["default"]["msg_position"];
1301	- ~~echo~~ '~~<head~~><~~script type="text/javascript">~~

1302	if (curDiv = window.parent.document.getElementById("div_file")) {
1303	curDiv.style.left = "'.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][0].'";
1304	curDiv.style.top = "'.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][1].'";
1305	curDiv.style.height = "'.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][2].'";
1306	curDiv.style.width = "'.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][3].'";
1307	}
1308	- </script~~></~~head>';
1309	} elseif (isset($_GET["GOTMLS_x"]) \|\| isset($_GET["GOTMLS_y"]) \|\| isset($_GET["GOTMLS_h"]) \|\| isset($_GET["GOTMLS_w"])) {
1310	if (isset($_GET["GOTMLS_x"]))
1311	$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][0] = $_GET["GOTMLS_x"];
	@@ -1319,11 +1323,11 @@ if (curDiv = window.parent.document.getElementById("div_file")) {
1319	}
1320	update_option('GOTMLS_settings_array', $GLOBALS["GOTMLS"]["tmp"]["settings_array"]);
1321	if (isset($_GET["GOTMLS_msg"]))
1322	- die(~~'<body~~ ~~style=~~"~~margin:~~ 0; ~~padding: 0;">'.$~~_GET["GOTMLS_msg"].' '.__("saved.",'gotmls').(implode($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"]) == implode($GLOBALS["GOTMLS"]["tmp"]["default"]["msg_position"])?"~~\n</body>\n~~":' <a href="'.GOTMLS_script_URI.'&GOTMLS_msg='.urlencode($GLOBALS["GOTMLS_msg"]).'">['.$GLOBALS["GOTMLS_msg"].']</a~~></body~~>'));
1323	}
1324
1325	if (function_exists("is_admin") && is_admin() && ((isset($_POST['GOTMLS_whitelist']) && isset($_POST['GOTMLS_chksum'])) \|\| (isset($_GET["GOTMLS_scan"]) && is_dir(GOTMLS_decode($_GET["GOTMLS_scan"]))))) {
1326	- @set_time_limit($GOTMLS_loop_execution_time-5);
1327	GOTMLS_loaded();
1328	GOTMLS_init();
1329	die("\n//PHP to Javascript Error!\n");


8	Contributors: scheeeli, gotmls
9	Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
10	Description: This Anti-Virus/Anti-Malware plugin searches for Malware and other Virus like threats and vulnerabilities on your server and helps you remove them. It's always growing and changing to adapt to new threats so let me know if it's not working for you.
11	+ Version: 4.15.16
12	*/
13	if (isset($_SERVER["DOCUMENT_ROOT"]) && ($SCRIPT_FILE = str_replace($_SERVER["DOCUMENT_ROOT"], "", isset($_SERVER["SCRIPT_FILENAME"])?$_SERVER["SCRIPT_FILENAME"]:isset($_SERVER["SCRIPT_NAME"])?$_SERVER["SCRIPT_NAME"]:"")) && strlen($SCRIPT_FILE) > strlen("/".basename(__FILE__)) && substr(__FILE__, -1 * strlen($SCRIPT_FILE)) == substr($SCRIPT_FILE, -1 * strlen(__FILE__)))
14	include(dirname(__FILE__)."/safe-load/index.php");

103	'content' => '<form method="POST" name="GOTMLS_menu_Form">'.$menu_opts.'</form>'
104	));
105	}
106	+ function GOTMLS_close_button($box_id, $margin = '6px') {
107	+ return '<a href="javascript:void(0);" style="float: right; color: #F00; overflow: hidden; width: 20px; height: 20px; text-decoration: none; margin: '.$margin.'" onclick="showhide(\''.$box_id.'\');"><span class="dashicons dashicons-dismiss"></span>X</a>';
108	}
109	function GOTMLS_enqueue_scripts() {
110	wp_enqueue_style('dashicons');

118	echo '<div id="check_site" style="z-index: 1234567;"><img src="'.GOTMLS_images_path.'checked.gif" height=16 width=16 alt="✔"> '.__("Tested your site. It appears we didn't break anything",'gotmls').' ;-)</div><script type="text/javascript">window.parent.document.getElementById("check_site_warning").style.backgroundColor=\'#0C0\';</script><li>Please <a target="_blank" href="https://wordpress.org/plugins/gotmls/stats/?compatibility%5Bversion%5D='.$wp_version.'&compatibility%5Btopic_version%5D='.GOTMLS_Version.'&compatibility%5Bcompatible%5D=1#compatibility-works">Vote "Works"</a> or <a target="_blank" href="https://wordpress.org/support/view/plugin-reviews/gotmls#postform">write a "Five-Star" Reviews</a> on WordPress.org if you like this plugin.</li><style>#footer, #GOTMLS-metabox-container, #GOTMLS-right-sidebar, #admin-page-container, #wpadminbar, #adminmenuback, #adminmenuwrap, #adminmenu, .error, .updated, .update-nag {display: none !important;} #wpbody-content {padding-bottom: 0;} #wpbody, html.wp-toolbar {padding-top: 0 !important;} #wpcontent, #footer {margin-left: 5px !important;}';
119	else
120	echo '<style>#GOTMLS-right-sidebar {float: right; margin-right: 0px;}';
121	+ $Update_Definitions = GOTMLS_plugin_home.'definitions.js'.$GLOBALS["GOTMLS"]["tmp"]["Definition"]["Updates"].'&js='.GOTMLS_Version.'&p='.strtoupper(GOTMLS_plugin_dir).'&wp='.$wp_version.'&ts='.date("YmdHis").'&key='.GOTMLS_installation_key.'&d='.ur1encode(GOTMLS_siteurl);
122	$Update_Link = '<div style="text-align: center;"><a href="';
123	$new_version = "";
124	$file = basename(GOTMLS_plugin_path).'/index.php';

146	.GOTMLS_li, .GOTMLS_plugin li {list-style: none;}
147	.GOTMLS_plugin {margin: 5px; background: #cfc; border: 1px solid #0f0; padding: 0 5px; border-radius: 3px;}
148	.GOTMLS_plugin.known, .GOTMLS_plugin.backdoor, .GOTMLS_plugin.htaccess, .GOTMLS_plugin.timthumb, .GOTMLS_plugin.errors {background: #f99; border: 1px solid #f00;}
149	+ .GOTMLS_plugin.potential, .GOTMLS_plugin.wp_core, .GOTMLS_plugin.skipdirs, .GOTMLS_plugin.skipped {background: #ffc; border: 1px solid #fc6;}
150	.GOTMLS ul li {margin-left: 20px;}
151	.GOTMLS h2 {margin: 0 0 10px;}
152	.postbox {margin-right: 10px;}

461	<input type="hidden" name="lc" value="US">
462	<input type="hidden" name="bn" value="PP-DonationsBF">
463	<input type="radio" name="amount" value="14.89">$14+
464	+ <input type="radio" id="default_level_donation" name="amount" value="29.14" checked>$29+
465	+ <input type="radio" id="higher_level_donation" name="amount" value="49.75">$49+
466	<input type="radio" name="amount" value="76.00">$76
467	<input type="radio" name="amount" value="152.00">$152
468	<input type="hidden" name="item_name" value="Donation to Eli\'s Anti-Malware Plugin">
469	<input type="hidden" name="item_number" value="GOTMLS-key-'.GOTMLS_installation_key.'">
470	<input type="hidden" name="custom" value="key-'.GOTMLS_installation_key.'">
471	+ <input type="hidden" name="notify_url" value="'.GOTMLS_plugin_home.GOTMLS_installation_key.'/ipn">
472	<input type="hidden" name="page_style" value="GOTMLS">
473	<input type="hidden" name="return" value="'.GOTMLS_plugin_home.'donate/?donation-source=paid">
474	<input type="hidden" name="cancel_return" value="'.GOTMLS_plugin_home.'donate/?donation-source=cancel">

480	<li><a target="_blank" href="https://wordpress.org/support/plugin/'.GOTMLS_plugin_dir.'">Forum Posts</a></li>
481	<li><a target="_blank" href="https://wordpress.org/support/view/plugin-reviews/'.GOTMLS_plugin_dir.'">Plugin Reviews</a></li>
482	</ul></li>
483	+ <li><img src="//gravatar.com/avatar/5feb789dd3a292d563fea3b885f786d6?s=16" border="0" alt="Plugin site:"><b><a target="_blank" href="'.GOTMLS_plugin_home.'">GOTMLS.NET</a></b></li>
484	+ <li><img src="//gravatar.com/avatar/8151cac22b3fc543d099241fd573d176?s=16" border="0" alt="Developer site:"><b><a target="_blank" href="'.GOTMLS_blog_home.'/category/my-plugins/anti-malware/">Eli\'s Blog</a></b></li>
485	<li><img src="https://ssl.gstatic.com/ui/v1/icons/mail/favicon.ico" border="0" alt="mail:"><b><a target="_blank" href="mailto:eli@gotmls.net">Email Eli</a></b></li>
486	<li><iframe allowtransparency="true" frameborder="0" scrolling="no" src="https://platform.twitter.com/widgets/follow_button.html?screen_name=GOTMLS&show_count=false" style="width:125px; height:20px;"></iframe></li>
487	</ul>

603	$Q_Page .= '<li style="margin: 4px 12px;"><span class="GOTMLS_date">'.count($non_threats).'</span><span class="GOTMLS_date">'.$updated."</span>$file</li>\n";
604	//if (is_array($non_threats) && count($non_threats)) $Q_Page .= print_r($non_threats, 1);
605	}
606	+ if (isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"])) {
607	+ $Q_Page .= '<h3>'.__("WordPress Core files",'gotmls').'<span class="GOTMLS_date">'.__("# of files",'gotmls').'</span></h3>';
608	+ foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"] as $ver => $files) {
609	+ $Q_Page .= '<li style="margin: 4px 12px;"><span class="GOTMLS_date">'.count($files)."</span>Version $ver</li>\n";
610	+ //if (is_array($non_threats) && count($non_threats)) $Q_Page .= print_r($non_threats, 1);
611	+ }






612	}
613	$Q_Page .= "</ul>";
614	}

666	}
667
668	function GOTMLS_settings() {
669	+ global $current_user, $wp_version, $GOTMLS_scanfiles, $GOTMLS_loop_execution_time, $GOTMLS_skip_dirs, $GOTMLS_dirs_at_depth, $GOTMLS_dir_at_depth;
670	$GOTMLS_scan_groups = array();
671	$dirs = GOTMLS_explode_dir(__file__);
672	for ($SL=0;$SL<intval($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"]);$SL++)

683	$GLOBALS["GOTMLS"]["tmp"]["skip_ext"] = $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"];
684	else
685	$GLOBALS["GOTMLS"]["tmp"]["skip_ext"] = array_merge($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"], array("gotmls"));
686	+ if (isset($_POST["UPDATE_definitions_checkbox"])) {
687	+ if (isset($_POST[$_POST["UPDATE_definitions_checkbox"]]) && $_POST[$_POST["UPDATE_definitions_checkbox"]] == 1)
688	+ $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["auto_UPDATE_definitions"] = 1;
689	+ else
690	+ $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["auto_UPDATE_definitions"] = "";
691	+ }
692	if (isset($_POST["exclude_dir"])) {
693	if (strlen(trim(str_replace(",","",$_POST["exclude_dir"]).' ')) > 0)
694	$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_dir"] = preg_split('/[\s]([,]+[\s])+/', trim($_POST["exclude_dir"]), -1, PREG_SPLIT_NO_EMPTY);

709	$GLOBALS["GOTMLS"]["tmp"]["settings_array"]['check_htaccess'] = $_POST['check_htaccess'];
710	if (isset($_POST['check_timthumb']) && is_numeric($_POST['check_timthumb']) && $_POST['check_timthumb'] != $GLOBALS["GOTMLS"]["tmp"]["settings_array"]['check_timthumb'])
711	$GLOBALS["GOTMLS"]["tmp"]["settings_array"]['check_timthumb'] = $_POST['check_timthumb'];
712	+ if (isset($_POST['check_wp_core']) && is_numeric($_POST['check_wp_core']) && $_POST['check_wp_core'] != $GLOBALS["GOTMLS"]["tmp"]["settings_array"]['check_wp_core'])
713	+ $GLOBALS["GOTMLS"]["tmp"]["settings_array"]['check_wp_core'] = $_POST['check_wp_core'];
714	if (isset($_POST['check_known']) && is_numeric($_POST['check_known']) && $_POST['check_known'] != $GLOBALS["GOTMLS"]["tmp"]["settings_array"]['check_known'])
715	$GLOBALS["GOTMLS"]["tmp"]["settings_array"]['check_known'] = $_POST['check_known'];
716	if (isset($_POST['check_potential']) && is_numeric($_POST['check_potential']) && $_POST['check_potential'] != $GLOBALS["GOTMLS"]["tmp"]["settings_array"]['check_potential'])

720	elseif (isset($_POST["exclude_ext"]))
721	$GLOBALS["GOTMLS"]["tmp"]["settings_array"]['skip_quarantine'] = 0;
722	GOTMLS_update_scan_log(array("settings" => $GLOBALS["GOTMLS"]["tmp"]["settings_array"]));
723	+ $scan_whatopts = '';
724	$scan_optjs = "\n<script type=\"text/javascript\">\nfunction showOnly(what) {\n";
725	foreach ($GOTMLS_scan_groups as $mg => $GOTMLS_scan_group) {
726	$scan_optjs .= "document.getElementById('only$mg').style.display = 'none';\n";
727	+ $scan_whatopts = '
728	+ </div>
729	+ </div>'.$scan_whatopts;
730	$dir = implode(GOTMLS_slash(), array_slice($dirs, 0, -1 * (2 + $mg)));
731	$files = GOTMLS_getfiles($dir);
732	if (is_array($files))
733	foreach ($files as $file)
734	if (is_dir(GOTMLS_trailingslashit($dir).$file))
735	+ $scan_whatopts = '<input type="checkbox" name="scan_only[]" value="'.$file.'" />'.$file.'<br />'.$scan_whatopts;
736	+ $scan_whatopts = '
737	+ <div style="padding: 4px 30px;" id="scan_group_div_'.$mg.'"><input type="radio" name="scan_what" id="not-only'.$mg.'" value="'.$mg.'"'.($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_what"]==$mg?' checked':'').' /><a style="text-decoration: none;" href="#scan_what" onclick="showOnly(\''.$mg.'\');document.getElementById(\'not-only'.$mg.'\').checked=true;">'.$GOTMLS_scan_group.'</a><br />
738	+ <div class="rounded-corners" style="position: absolute; display: none; background-color: #CCF; margin: 0; padding: 10px; z-index: 10;" id="only'.$mg.'"><div style="padding-bottom: 6px;">'.GOTMLS_close_button('only'.$mg, 0).'<b>'.str_replace(" ", " ", __("Only Scan These Folders:",'gotmls')).'</b></div>'.$scan_whatopts;

739	}
740	+ $scan_optjs .= "document.getElementById('only'+what).style.display = 'block';\n}".((isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["auto_UPDATE_definitions"]) && $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["auto_UPDATE_definitions"])?"\nfunction auto_UPDATE_check() {\n\tif (auto_UPdef_check = document.getElementById('auto_UPDATE_definitions_check'))\n\t\tauto_UPdef_check.checked = true;\n}\nif (window.addEventListener)\n\twindow.addEventListener('load', auto_UPDATE_check)\nelse\n\tdocument.attachEvent('onload', auto_UPDATE_check);\n":"")."</script>";
741	$scan_opts = '
742	<form method="POST" name="GOTMLS_Form" action="'.str_replace('&mt=', '&last_mt=', str_replace('&scan_type=', '&last_type=', GOTMLS_script_URI)).'"><input type="hidden" name="scan_type" id="scan_type" value="Complete Scan" />
743	+ <div style="float: left;"><p><b>'.__("What to look for:",'gotmls').'</b></p>




744	<div style="padding: 0 30px;">';
745	+ foreach ($GLOBALS["GOTMLS"]["tmp"]["threat_levels"] as $threat_level_name=>$threat_level) {
746	+ $scan_opts .= '<div style="padding: 0; position: relative;" id="check_'.$threat_level.'_div">';
747	+ if (($threat_level != "wp_core" && isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"][$threat_level])) \|\| isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"][$threat_level]["$wp_version"])) {
748	+ $scan_opts .= '<input type="checkbox" name="check[]" id="check_'.$threat_level.'_Yes" value="'.$threat_level.'"'.(in_array($threat_level,$GLOBALS["GOTMLS"]["log"]["settings"]["check"])?' checked':'').' /> <a style="text-decoration: none;" href="#check_'.$threat_level.'_div_0" onclick="document.getElementById(\'check_'.$threat_level.'_Yes\').checked=true;showhide(\'dont_check_'.$threat_level.'\');"><b>'.$threat_level_name."</b></a>\n";
749	+ if (isset($_GET["SESSION"])) {
750	+ if (isset($_SESSION["GOTMLS_debug"][$threat_level]))
751	+ print_r($_SESSION["GOTMLS_debug"][$threat_level],1);
752	+ $scan_opts .= '
753	+ <div style="padding: 0 20px; position: relative; top: -18px; display: none;" id="dont_check_'.$threat_level.'"><a class="rounded-corners" style="position: absolute; left: 0; margin: 0; padding: 0 4px; text-decoration: none; color: #C00; background-color: #FCC; border: solid #F00 1px;" href="#check_'.$threat_level.'_div_0" onclick="showhide(\'dont_check_'.$threat_level.'\');">X</a>';
754	+ foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"][$threat_level] as $threat_name => $threat_regex)
755	+ $scan_opts .= '<br />
756	+ <input type="checkbox" name="dont_check[]" value="'.htmlspecialchars($threat_name).'"'.(in_array($threat_name, $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"])?' checked /><script>showhide("dont_check_'.$threat_level.'", true);</script>':' />').(isset($_SESSION["GOTMLS_debug"][$threat_name])?print_r($_SESSION["GOTMLS_debug"][$threat_name],1):"").$threat_name;
757	+ $scan_opts .= '
758	+ </div>';
759	+ }
760	+ } else
761	+ $scan_opts .= '<a title="'.__("Download Definition Updates to Use this feature",'gotmls').'"><img src="'.GOTMLS_images_path.'blocked.gif" height=16 width=16 alt="X"><b>  '.$threat_level_name.'</b><br /><div style="padding: 14px;" id="check_'.$threat_level.'_div_NA">'.__("Registration of your Installation Key is required for this feature",'gotmls').'</div>';





762	$scan_opts .= '
763	</div>';
764	}
765	+ $scan_opts .= '</div></div>
766	+ <div style="float: left;"><p><b>'.__("What to scan:",'gotmls').'</b></p>'.$scan_whatopts.$scan_optjs.'</div>
767	+ <div style="float: left;" id="scanwhatfolder"></div>
768	+ <div style="float: left;"><p><b>'.__("Scan Depth:",'gotmls').'</b></p>
769	+ <div style="padding: 0 30px;"><input type="text" value="'.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_depth"].'" name="scan_depth" size="5"><br />'.__("how far to drill down",'gotmls').'<br />('.__("-1 is infinite depth",'gotmls').')</div></div>
770	+ <br style="clear: left;">';
771	if (isset($_GET["SESSION"]) && isset($_SESSION["GOTMLS_debug"]['total'])) {$scan_opts .= print_r($_SESSION["GOTMLS_debug"]['total'],1); unset($_SESSION["GOTMLS_debug"]);}
772	if (isset($_GET["eli"])) {//still testing this option
773	$scan_opts .= '
774	+ <div style="padding: 10px;"><p><b>'.__("Custom RegExp:",'gotmls').'</b> ('.__("For very advanced users only. Do not use this without talking to Eli first. If used incorrectly you could easily break your site.",'gotmls').')</p><input type="text" name="check_custom" style="width: 100%;" value="'.htmlspecialchars($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check_custom"]).'" /></div>';
775	}
776	$scan_opts .= '
777	+ <p>'.__("<b>Skip files with the following extentions:</b> (a comma separated list of file extentions to be excluded from the scan)",'gotmls').((str_replace(",gotmls", "", implode(",", $GLOBALS["GOTMLS"]["tmp"]["skip_ext"]))!=implode(",", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"]))?' <a href="javascript:void(0);" onclick="document.getElementById(\'exclude_ext\').value = \''.str_replace(",gotmls", "", implode(",", $GLOBALS["GOTMLS"]["tmp"]["skip_ext"])).'\';">[Restore Defaults]</a>':"").'</p>
778	+ <div style="padding: 0 30px;"><input type="text" name="exclude_ext" id="exclude_ext" value="'.implode(",", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"]).'" style="width: 100%;" /></div>

779	<p>'.__("<b>Skip directories with the following names:</b> (a comma separated list of folders to be excluded from the scan)",'gotmls').'</p>
780	<div style="padding: 0 30px;"><input type="text" name="exclude_dir" value="'.implode(",", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_dir"]).'" style="width: 100%;" /></div>
781	+ <table style="width: 100%" cellspacing="10"><tr><td nowrap valign="top" style="white-space: nowrap; width: 1px; border-bottom: #F00 solid 2px;"><b>'.__("Automatically Update Definitions:",'gotmls').'</b></td><td colspan=2 style="border-bottom: #F00 solid 2px;"><div id="UPDATE_definitions_div"><span style="color: #C00;">'.__("This new BETA feature is only available to registered users who have donated at a certain level.",'gotmls').'</span></div></td></tr><tr><td nowrap>
782	+ <b>'.GOTMLS_Skip_Quarantine_LANGUAGE.'</b></td><td><input type="checkbox" name="skip_quarantine" value="1"'.((isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["skip_quarantine"]) && $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["skip_quarantine"])?" checked":"").'></td><td align="right" valign="bottom"><input type="submit" id="complete_scan" value="'.__("Run Complete Scan",'gotmls').'" class="button-primary" /></td></tr></table></form>';
783	@ob_start();
784	$OB_default_handlers = array("default output handler", "zlib output compression");
785	$OB_handlers = @ob_list_handlers();

788	if (!in_array($OB_last_handler, $OB_default_handlers))
789	echo '<div class="error">'.sprintf(__("Another Plugin or Theme is using '%s' to handle output buffers. <br />This prevents actively outputing the buffer on-the-fly and will severely degrade the performance of this (and many other) Plugins. <br />Consider disabling caching and compression plugins (at least during the scanning process).",'gotmls'), $OB_last_handler).'</div>';
790	GOTMLS_display_header();
791	+ $scan_groups = array_merge(array(__("Scanned Files",'gotmls')=>"scanned",__("Selected Folders",'gotmls')=>"dirs",__("Scanned Folders",'gotmls')=>"dir",__("Skipped Folders",'gotmls')=>"skipdirs",__("Skipped Files",'gotmls')=>"skipped",__("Read/Write Errors",'gotmls')=>"errors",__("Quarantined Files",'gotmls')=>"bad"), $GLOBALS["GOTMLS"]["tmp"]["threat_levels"]);
792	echo '<script type="text/javascript">
793	var percent = 0;
794	function changeFavicon(percent) {

800	link.id = "wait_gif";
801	link.type = "image/gif";
802	link.rel = "shortcut icon";
803	+ var threats = '.implode(" + ", array_merge($GLOBALS["GOTMLS"]["tmp"]["threat_levels"], array(__("Potential Threats",'gotmls')=>"errors",__("WP-Login Updates",'gotmls')=>"errors"))).';
804	if (threats > 0) {
805	if ((errors * 2) == threats)
806	linkhref = "blocked";

913	</script>'.GOTMLS_box($_REQUEST["scan_type"].' Status', '<div id="status_text"><img src="'.GOTMLS_images_path.'wait.gif" height=16 width=16 alt="..."> '.GOTMLS_Loading_LANGUAGE.'</div><div id="status_bar"></div><p id="pause_button" style="display: none; position: absolute; left: 0; text-align: center; margin-left: -30px; padding-left: 50%;"><input type="button" value="Pause" class="button-primary" onclick="pauseresume(this);" id="resume_button" /></p><div id="status_counts"></div><p id="fix_button" style="display: none; text-align: center;"><input id="repair_button" type="submit" value="'.GOTMLS_Automatically_Fix_LANGUAGE.'" class="button-primary" onclick="loadIframe(\'Examine Results\');" /></p>');
914	$scan_groups_UL = "";
915	foreach ($scan_groups as $scan_name => $scan_group)
916	+ $scan_groups_UL .= "\n<ul name=\"found_$scan_group\" id=\"found_$scan_group\" class=\"GOTMLS_plugin $scan_group\" style=\"background-color: #ccc; display: none; padding: 0;\"><a class=\"rounded-corners\" name=\"link_$scan_group\" style=\"float: right; padding: 0 4px; margin: 5px 5px 0 30px; line-height: 16px; text-decoration: none; color: #C00; background-color: #FCC; border: solid #F00 1px;\" href=\"#found_top\" onclick=\"showhide('found_$scan_group');\">X</a><h3>$scan_name</h3>\n".($scan_group=='potential'?'<p>   * '.__("NOTE: These are probably not malicious scripts (but it's a good place to start looking <u>IF</u> your site is infected and no Known Threats were found).",'gotmls').'</p>':($scan_group=='wp_core'?'<p>   * '.sprintf(__("NOTE: We have detected changes to the WordPress Core files on your site. This could be an intentional modification or the malicious work of a hacker. We can restore these files to their original state to preserve the integrity of your original WordPress %s installation.",'gotmls'), $wp_version).'</p>':'<br />')).'</ul>';
917	if (!($dir = implode(GOTMLS_slash(), array_slice($dirs, 0, -1 * (2 + $_REQUEST["scan_what"]))))) $dir = "/";
918	GOTMLS_update_scan_log(array("scan" => array("dir" => $dir, "start" => time(), "type" => $_REQUEST["scan_type"])));
919	echo GOTMLS_box('<div style="float: right;"> ('.$GLOBALS["GOTMLS"]["log"]["scan"]["dir"].') </div>'.__("Scan Details:",'gotmls'), $scan_groups_UL);

1033	$patch_action = "";
1034	$find = "#if\s$([^\&]+\&\&)?\sfile_exists\((.+?)(safe-load\|wp-login)\.php'$\)\s*require(_once)?$(.+?)(safe-load\|wp-login)\.php'$;#";
1035	$head = str_replace(array('#', '\$', '\$', '(_once)?', ')\\.', '\\s*', '(.+?)(', '\|', '([^\\&]+\\&\\&)?'), array(' ', '(', ')', '_once', '.', ' ', '\''.dirname(__FILE__).'/', '/', '!in_array($_SERVER["REMOTE_ADDR"], array("'.$_SERVER["REMOTE_ADDR"].'")) &&'), $find);
1036	+ if (is_file(ABSPATH.'wp-config.php')) {
1037	+ if (($config = @file_get_contents(ABSPATH.'wp-config.php')) && strlen($config)) {
1038	if ($patch_found = preg_match($find, $config)) {
1039	if (strpos($config, substr($head, strpos($head, "file_exists")))) {
1040	+ if (isset($_POST["GOTMLS_patching"]) && GOTMLS_file_put_contents(ABSPATH.'wp-config.php', preg_replace('#<\?[ph\s]+(//.\s)*\?>#i', "", preg_replace($find, "", $config))))
1041	$patch_action .= '<div class="error">'.__("Removed Brute-Force Protection",'gotmls').'</div>';
1042	else
1043	$patch_status = 1;
1044	} else {
1045	+ if (isset($_POST["GOTMLS_patching"]) && GOTMLS_file_put_contents(ABSPATH.'wp-config.php', preg_replace($find, "$head", $config))) {
1046	$patch_action .= '<div class="updated">'.__("Upgraded Brute-Force Protection",'gotmls').'</div>';
1047	$patch_status = 1;
1048	} else
1049	$patch_status = 2;
1050	}
1051	+ } elseif (isset($_POST["GOTMLS_patching"]) && strlen($config) && ($patch_found == 0) && GOTMLS_file_put_contents(ABSPATH.'wp-config.php', "<?php$head// Load Brute-Force Protection by GOTMLS.NET before the WordPress bootstrap. ?>$config")) {
1052	$patch_action .= '<div class="updated">'.__("Installed Brute-Force Protection",'gotmls').'</div>';
1053	$patch_status = 1;
1054	+ } elseif (isset($_POST["GOTMLS_patching"]))
1055	+ $patch_action .= '<div class="updated">'.sprintf(__("Failed to install Brute-Force Protection (wp-config.php %s)",'gotmls'),(is_readable(ABSPATH.'wp-config.php')?'read-'.(is_writable(ABSPATH.'wp-config.php')?'write':'only'):"unreadable").": ".strlen($config).GOTMLS_fileperms(ABSPATH.'wp-config.php')).'</div>';
1056	} else
1057	$patch_action .= '<div class="error">'.__("wp-config.php Not Readable!",'gotmls').'</div>';
1058	} else
1059	$patch_action .= '<div class="error">'.__("wp-config.php Not Found!",'gotmls').'</div>';
1060	+ if (file_exists(ABSPATH.'wp-login.php') && ($login = @file_get_contents(ABSPATH.'wp-login.php')) && strlen($login) && (preg_match($find, $login))) {
1061	+ if (isset($_POST["GOTMLS_patching"]) && ($source = GOTMLS_get_URL("http://core.svn.wordpress.org/tags/".$wp_version.'/wp-login.php')) && (strlen($source) > 500) && GOTMLS_file_put_contents(ABSPATH.'wp-login.php', $source))
1062	$patch_action .= '<div class="updated">'.__("Removed Old Brute-Force Login Patch",'gotmls').'</div>';
1063	else
1064	$patch_status = 2;

1093	}
1094
1095	function GOTMLS_init() {
1096	+ global $GOTMLS_onLoad, $wp_version, $wpdb, $GOTMLS_threats_found, $GOTMLS_file_contents;
1097	if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_what"]))
1098	$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_what"] = 2;
1099	if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_depth"]))

1128	if (is_array($definition_version))
1129	if (!isset($GOTMLS_definitions_versions[$threat_level]) \|\| $definition_version[0] > $GOTMLS_definitions_versions[$threat_level])
1130	$GOTMLS_definitions_versions[$threat_level] = $definition_version[0];
1131	+ if (isset($_POST["UPDATE_definitions_array"]) && strlen($_POST["UPDATE_definitions_array"])) {
1132	+ if (strlen($_POST["UPDATE_definitions_array"]) > 1) {
1133	+ $GOTnew_definitions = maybe_unserialize(GOTMLS_decode($_POST["UPDATE_definitions_array"]));
1134	+ if (is_array($GOTnew_definitions))
1135	+ $GOTMLS_onLoad .= "updates_complete('Downloaded Definitions');";
1136	+ } elseif (($DEF = GOTMLS_get_URL(GOTMLS_update_home.'definitions.php?ver='.GOTMLS_Version.'&wp='.$wp_version.'&ts='.date("YmdHis").'&d='.ur1encode(GOTMLS_siteurl))) && (($GOT_definitions = GOTMLS_decode($DEF)) != serialize($GLOBALS["GOTMLS"]["tmp"]["definitions_array"])) && is_array($GOTnew_definitions = maybe_unserialize($GOT_definitions)) && count($GOTnew_definitions)) {
1137	+ $GLOBALS["GOTMLS"]["tmp"]["definitions_array"] = $GOTnew_definitions;
1138	+ $GOTnew_definitions = array();
1139	+ $GOTMLS_onLoad .= "updates_complete('New Definitions Automatically Installed :-)');";
1140	+ } else
1141	+ $GOTnew_definitions = "";
1142	+ } //elseif (file_exists(GOTMLS_plugin_path.'definitions_update.txt')) $GOTnew_definitions = maybe_unserialize(GOTMLS_decode(file_get_contents(GOTMLS_plugin_path.'definitions_update.txt')));
1143	if (isset($GOTnew_definitions) && is_array($GOTnew_definitions)) {
1144	$GLOBALS["GOTMLS"]["tmp"]["definitions_array"] = GOTMLS_array_replace_recursive($GLOBALS["GOTMLS"]["tmp"]["definitions_array"], $GOTnew_definitions);
1145	if (file_exists(GOTMLS_plugin_path.'definitions_update.txt'))

1165	if ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"][$threat_name][0] > $GOTMLS_definitions_version)
1166	$GOTMLS_definitions_version = $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"][$threat_name][0];
1167	if (!(count($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"]) && in_array($threat_name, $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"]))) {
1168	+ $GLOBALS["GOTMLS"]["tmp"]["threat_levels"][$threat_name] = count($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"][$threat_name]);
1169	+ if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"]) && $GLOBALS["GOTMLS"]["tmp"]["threat_levels"][$threat_name] > 2)
1170	$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"] = "known";
1171	}
1172	}
1173	}*/
1174	if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"]))
1175	+ $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"] = $GLOBALS["GOTMLS"]["tmp"]["threat_levels"];
1176	if (isset($_POST["GOTMLS_fix"]) && !is_array($_POST["GOTMLS_fix"]))
1177	$_POST["GOTMLS_fix"] = array($_POST["GOTMLS_fix"]);
1178	GOTMLS_update_scan_log(array("settings" => $GLOBALS["GOTMLS"]["tmp"]["settings_array"]));

1188	} else
1189	unset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"][$file]);
1190	update_option("GOTMLS_definitions_array", $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]);
1191	+ die(GOTMLS_html_tags(array("html" => array("body" => "Added $file to Whitelist!<br />\n<iframe style='width: 90%; height: 350px;' src='".GOTMLS_plugin_home."whitelist.html?whitelist=".$_POST['GOTMLS_whitelist']."&hash=$chksum[0]&size=$filesize&key=$chksum[1]'></iframe>"))));
1192	} else echo "<li>Invalid Data!</li>";
1193	} elseif (isset($_GET["GOTMLS_scan"])) {
1194	$file = GOTMLS_decode($_GET["GOTMLS_scan"]);

1258	}
1259	}
1260	window.parent.showhide("GOTMLS_iFrame", true);
1261	+ </script><table style="top: 0px; left: 0px; width: 100%; height: 100%; position: absolute;"><tr><td style="width: 100%"><form style="margin: 0;" method="post"'.(is_file($clean_file)?' onsubmit="return confirm(\''.__("Are you sure this file is not infected and you want to ignore it in future scans?",'gotmls').'\');"><input type="hidden" name="GOTMLS_whitelist" value="'.GOTMLS_encode($clean_file).'"><input type="hidden" name="GOTMLS_chksum" value="'.md5($GOTMLS_file_contents).'O'.GOTMLS_installation_key.'"><input type="submit" value="Whitelist this file" style="float: right;">':(is_file(GOTMLS_quarantine($clean_file))?' >':'>')).'</form><div id="fileperms" class="shadowed-box rounded-corners" style="display: none; position: absolute; left: 8px; top: 29px; background-color: #ccc; border: medium solid #C00; box-shadow: -3px 3px 3px #666; border-radius: 10px; padding: 10px;"><b>File Details</b><br />encoding: '.mb_detect_encoding($GOTMLS_file_contents).'<br />size: '.strlen($GOTMLS_file_contents).' ('.filesize($file).'bytes)<br />permissions: '.GOTMLS_fileperms($file).'<br />modified:'.date(" Y-m-d H:i:s ", filemtime($file)).'<br />changed:'.date(" Y-m-d H:i:s ", filectime($file)).'</div><div style="overflow: auto;"><span onmouseover="document.getElementById(\'fileperms\').style.display=\'block\';" onmouseout="document.getElementById(\'fileperms\').style.display=\'none\';">'.__("Potential threats in file:",'gotmls').'</span> ('.$fa.' )</div></td></tr><tr><td style="height: 100%"><textarea id="ta_file" style="width: 100%; height: 100%">'.htmlentities(str_replace("\r", "", $GOTMLS_file_contents)).'</textarea></td></tr></table>');
1262	}
1263	}
1264	} elseif (isset($_REQUEST["GOTMLS_fix"]) && is_array($_REQUEST["GOTMLS_fix"]) && isset($_REQUEST["GOTMLS_fixing"]) && $_REQUEST["GOTMLS_fixing"]) {

1272	if (GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]) == substr($path, 0, strlen(GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]))) && @unlink($path)) {
1273	echo __("Deleted!",'gotmls');
1274	$li_js .= "/-->"."/\nDeletedFile('$clean_file');\n/<!--"."/";
1275	+ } elseif (is_file(dirname($path)."/index.php") && ($GOTMLS_file_contents = @file_get_contents(dirname($path)."/index.php")) && strlen($GOTMLS_file_contents) > 0 && GOTMLS_file_put_contents($path, $GOTMLS_file_contents) && (@rename($path, dirname($path)."/index.php") \|\| GOTMLS_file_put_contents($path, "") !== false)) {
1276	echo __("Removed file contents!",'gotmls');
1277	$li_js .= "/-->"."/\nfixedFile('$clean_file');\n/<!--"."/";
1278	} else {

1298	else
1299	$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"] = count(explode('/', trailingslashit(get_option("siteurl")))) - 1;
1300	$GLOBALS["GOTMLS_msg"] = __("Default position",'gotmls');
1301	+ $properties = array("body" => 'style="margin: 0; padding: 0;"');
1302	if (isset($_GET["GOTMLS_msg"]) && $_GET["GOTMLS_msg"] == $GLOBALS["GOTMLS_msg"]) {
1303	$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"] = $GLOBALS["GOTMLS"]["tmp"]["default"]["msg_position"];
1304	+ $gl = '><';
1305	+ $properties["html"] = $gl.'head'.$gl.'script type="text/javascript">
1306	if (curDiv = window.parent.document.getElementById("div_file")) {
1307	curDiv.style.left = "'.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][0].'";
1308	curDiv.style.top = "'.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][1].'";
1309	curDiv.style.height = "'.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][2].'";
1310	curDiv.style.width = "'.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][3].'";
1311	}
1312	+ </script'.$gl.'/head';
1313	} elseif (isset($_GET["GOTMLS_x"]) \|\| isset($_GET["GOTMLS_y"]) \|\| isset($_GET["GOTMLS_h"]) \|\| isset($_GET["GOTMLS_w"])) {
1314	if (isset($_GET["GOTMLS_x"]))
1315	$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][0] = $_GET["GOTMLS_x"];

1323	}
1324	update_option('GOTMLS_settings_array', $GLOBALS["GOTMLS"]["tmp"]["settings_array"]);
1325	if (isset($_GET["GOTMLS_msg"]))
1326	+ die(GOTMLS_html_tags(array("html" => array("body" => $_GET["GOTMLS_msg"].' '.__("saved.",'gotmls').(implode($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"]) == implode($GLOBALS["GOTMLS"]["tmp"]["default"]["msg_position"])?"":' <a href="'.GOTMLS_script_URI.'&GOTMLS_msg='.urlencode($GLOBALS["GOTMLS_msg"]).'">['.$GLOBALS["GOTMLS_msg"].']</a>'))), $properties));
1327	}
1328
1329	if (function_exists("is_admin") && is_admin() && ((isset($_POST['GOTMLS_whitelist']) && isset($_POST['GOTMLS_chksum'])) \|\| (isset($_GET["GOTMLS_scan"]) && is_dir(GOTMLS_decode($_GET["GOTMLS_scan"]))))) {
1330	+ @set_time_limit($GOTMLS_loop_execution_time - 5);
1331	GOTMLS_loaded();
1332	GOTMLS_init();
1333	die("\n//PHP to Javascript Error!\n");

readme.txt CHANGED Viewed

	@@ -5,10 +5,10 @@ Author URI: http://wordpress.ieonly.com/category/my-plugins/anti-malware/
5	Contributors: scheeeli, gotmls
6	Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
7	Tags: anti-malware, security, plugin, scan, automatic, repair, remove, malware, virus, threat, hacked, malicious, scripts, infection, timthumb, exploit, block, brute-force, wp-login, patch, antimalware, revslider, Revolution Slider
8	- Version: 4.14.65
9	- Stable tag: 4.14.65
10	Requires at least: 3.3
11	- Tested up to: 4.~~1.1~~
12
13	This Anti-Malware plugin searches for Malware and other Virus like threats and security vulnerabilities on your server and it helps you remove them.
14
	@@ -24,7 +24,7 @@ This Anti-Malware plugin searches for Malware and other Virus like threats and s
24	* Run a Complete Scan from the Settings Page.
25	* Download Definition Updates to protect against new threats.
26
27	- Updated ~~March~~ ~~27th~~
28
29	Register this plugin at [GOTMLS.NET](http://gotmls.net/) and get access to new definitions of "Known Threats" and added features like Automatic Removal, plus patches for specific security vulnerabilities like old versions of timthumb. Updated definition files can be downloaded automatically within the admin once your Key is registered. Otherwise, this plugin just scans for "Potential Threats" and leaves it up to you to identify and remove the malicious ones.
30
	@@ -89,6 +89,13 @@ sucuri.net caches their scan results and will not refresh the scan until you cli
89
90	== Changelog ==
91







92	= 4.14.65 =
93	* Fixed a problem with deleting files from the Quarantine folder.
94	* Added a descriptive reason to the error displayed if the fix was unsuccessful.
	@@ -307,6 +314,9 @@ sucuri.net caches their scan results and will not refresh the scan until you cli
307
308	== Upgrade Notice ==
309



310	= 4.14.65 =
311	Fixed a problem with deleting files from the Quarantine folder, added more descriptive errors and a link to restore the default location of the Examine Results window.
312


5	Contributors: scheeeli, gotmls
6	Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
7	Tags: anti-malware, security, plugin, scan, automatic, repair, remove, malware, virus, threat, hacked, malicious, scripts, infection, timthumb, exploit, block, brute-force, wp-login, patch, antimalware, revslider, Revolution Slider
8	+ Version: 4.15.16
9	+ Stable tag: 4.15.16
10	Requires at least: 3.3
11	+ Tested up to: 4.2
12
13	This Anti-Malware plugin searches for Malware and other Virus like threats and security vulnerabilities on your server and it helps you remove them.
14

24	* Run a Complete Scan from the Settings Page.
25	* Download Definition Updates to protect against new threats.
26
27	+ Updated April 25th
28
29	Register this plugin at [GOTMLS.NET](http://gotmls.net/) and get access to new definitions of "Known Threats" and added features like Automatic Removal, plus patches for specific security vulnerabilities like old versions of timthumb. Updated definition files can be downloaded automatically within the admin once your Key is registered. Otherwise, this plugin just scans for "Potential Threats" and leaves it up to you to identify and remove the malicious ones.
30

89
90	== Changelog ==
91
92	+ = 4.15.16 =
93	+ * Created an automatic update feature that downloads any new definition updates before starting the scan.
94	+ * Added WordPress Core files to the new definitions update process and included a scan option to check the integrity of the Core files.
95	+ * Automatically whitelisted the unmodified WordPress Core files.
96	+ * Made more improvements to the Brute-Force protection patch and other minor cosmetic changes to the interface.
97	+ * Protected the HTML in my plugin from filter injections and fixed a few other minor bugs.
98	+
99	= 4.14.65 =
100	* Fixed a problem with deleting files from the Quarantine folder.
101	* Added a descriptive reason to the error displayed if the fix was unsuccessful.

314
315	== Upgrade Notice ==
316
317	+ = 4.15.16 =
318	+ Created definition automatic updates that include WordPress Core files for integrity checking and whitelisting, made more improvements to the Brute-Force protection patch, and a few other cosmetic changes and minor bug fixes.
319	+
320	= 4.14.65 =
321	Fixed a problem with deleting files from the Quarantine folder, added more descriptive errors and a link to restore the default location of the Examine Results window.
322

safe-load/index.php CHANGED Viewed

	@@ -12,5 +12,5 @@ foreach (array("REMOTE_ADDR", "HTTP_HOST", "REQUEST_URI", "HTTP_REFERER", "HTTP_
12	$_SESSION["GOTMLS_detected_attacks"] .= (isset($_SERVER[$var])?"&SERVER_$var=".urlencode($_SERVER[$var]):"");
13	foreach (array("log") as $var)
14	$_SESSION["GOTMLS_detected_attacks"] .= (isset($_POST[$var])?"&POST_$var=".urlencode($_POST[$var]):"");
15	- header("location: http://safe-load.gotmls.net/report.php?ver=4.14.65".$_SESSION["GOTMLS_detected_attacks"]);
16	die();


12	$_SESSION["GOTMLS_detected_attacks"] .= (isset($_SERVER[$var])?"&SERVER_$var=".urlencode($_SERVER[$var]):"");
13	foreach (array("log") as $var)
14	$_SESSION["GOTMLS_detected_attacks"] .= (isset($_POST[$var])?"&POST_$var=".urlencode($_POST[$var]):"");
15	+ header("location: http://safe-load.gotmls.net/report.php?ver=4.15.16".$_SESSION["GOTMLS_detected_attacks"]);
16	die();

Anti-Malware Security and Brute-Force Firewall - Version 4.15.16

Version Description

Release Info

Code changes from version 4.14.65 to 4.15.16