Anti-Malware Security and Brute-Force Firewall - Version 4.15.21

Version Description

  • Hardened admin_init with current_user_can and realpath on the quarantine file deletion (thanks to J.D. Grimes).
Download this release

Release Info

Developer scheeeli
Plugin Icon 128x128 Anti-Malware Security and Brute-Force Firewall
Version 4.15.21
Comparing to
See all releases

Code changes from version 4.15.20 to 4.15.21

Files changed (4) hide show
  1. images/index.php +1 -1
  2. index.php +229 -219
  3. readme.txt +9 -3
  4. safe-load/index.php +1 -1
images/index.php CHANGED
@@ -10,7 +10,7 @@ function GOTMLS_define($DEF, $val) {
10
  define($DEF, $val);
11
  }}
12
 
13
- GOTMLS_define("GOTMLS_Version", "4.15.20");
14
  GOTMLS_define("GOTMLS_require_version", "3.3");
15
  GOTMLS_define("GOTMLS_plugin_dir", "gotmls");
16
  GOTMLS_define("GOTMLS_local_images_path", dirname(__FILE__)."/");
10
  define($DEF, $val);
11
  }}
12
 
13
+ GOTMLS_define("GOTMLS_Version", "4.15.21");
14
  GOTMLS_define("GOTMLS_require_version", "3.3");
15
  GOTMLS_define("GOTMLS_plugin_dir", "gotmls");
16
  GOTMLS_define("GOTMLS_local_images_path", dirname(__FILE__)."/");
index.php CHANGED
@@ -8,7 +8,7 @@ Author URI: http://wordpress.ieonly.com/category/my-plugins/anti-malware/
8
  Contributors: scheeeli, gotmls
9
  Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
10
  Description: This Anti-Virus/Anti-Malware plugin searches for Malware and other Virus like threats and vulnerabilities on your server and helps you remove them. It's always growing and changing to adapt to new threats so let me know if it's not working for you.
11
- Version: 4.15.20
12
  */
13
  if (isset($_SERVER["DOCUMENT_ROOT"]) && ($SCRIPT_FILE = str_replace($_SERVER["DOCUMENT_ROOT"], "", isset($_SERVER["SCRIPT_FILENAME"])?$_SERVER["SCRIPT_FILENAME"]:isset($_SERVER["SCRIPT_NAME"])?$_SERVER["SCRIPT_NAME"]:"")) && strlen($SCRIPT_FILE) > strlen("/".basename(__FILE__)) && substr(__FILE__, -1 * strlen($SCRIPT_FILE)) == substr($SCRIPT_FILE, -1 * strlen(__FILE__)))
14
  include(dirname(__FILE__)."/safe-load/index.php");
@@ -45,11 +45,19 @@ function GOTMLS_install() {
45
  }
46
  register_activation_hook(__FILE__, "GOTMLS_install");
47
 
48
- function GOTMLS_menu() {
49
  if (is_multisite())
50
  $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"] = "manage_network";
51
  elseif (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"]) || $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"] == "manage_network")
52
  $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"] = "activate_plugins";
 
 
 
 
 
 
 
 
53
  if (isset($_POST["GOTMLS_menu_group"]) && is_numeric($_POST["GOTMLS_menu_group"])) {
54
  $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["menu_group"] = $_POST["GOTMLS_menu_group"];
55
  /* $capabilities = array();
@@ -1092,239 +1100,241 @@ function GOTMLS_set_plugin_row_meta($links_array, $plugin_file) {
1092
 
1093
  function GOTMLS_init() {
1094
  global $GOTMLS_onLoad, $wp_version, $wpdb, $GOTMLS_threats_found, $GOTMLS_file_contents;
1095
- if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_what"]))
1096
- $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_what"] = 2;
1097
- if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_depth"]))
1098
- $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_depth"] = -1;
1099
- if (isset($_REQUEST["scan_type"]) && $_REQUEST["scan_type"] == "Quick Scan") {
1100
- if (!isset($_REQUEST["scan_what"])) $_REQUEST["scan_what"] = 2;
1101
- if (!isset($_REQUEST["scan_depth"]))
1102
- $_REQUEST["scan_depth"] = 2;
1103
- if (!(isset($_POST["scan_only"]) && is_array($_POST["scan_only"])))
1104
- $_POST["scan_only"] = array("","wp-content/plugins","wp-content/themes");
1105
- }//$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check_custom"] = stripslashes($_POST["check_custom"]);
1106
- if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check_custom"]))
1107
- $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check_custom"] = "";
1108
- if (isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"]) && is_numeric($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"]))
1109
- $scan_level = intval($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"]);
1110
- else
1111
- $scan_level = count(explode('/', trailingslashit(get_option("siteurl")))) - 1;
1112
- if (!(isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"])))
1113
- $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"] = array();
1114
- if (isset($_REQUEST["dont_check"]) && is_array($_REQUEST["dont_check"]) && count($_REQUEST["dont_check"]))
1115
- $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"] = $_REQUEST["dont_check"];
1116
- if ($array = get_option('GOTMLS_definitions_array')) {
1117
- if (is_array($array))
1118
- $GLOBALS["GOTMLS"]["tmp"]["definitions_array"] = $array;
1119
- } else {
1120
- $wpdb->query("DELETE FROM $wpdb->options WHERE `option_name` LIKE 'GOTMLS_known_%' OR `option_name` LIKE 'GOTMLS_definitions_array_%'");
1121
- array_walk($GLOBALS["GOTMLS"]["tmp"]["settings_array"], "GOTMLS_reset_settings");
1122
- }
1123
- $GOTMLS_definitions_versions = array();
1124
- foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"] as $threat_level=>$definition_names)
1125
- foreach ($definition_names as $definition_name=>$definition_version)
1126
- if (is_array($definition_version) && isset($definition_version[0]) && strlen($definition_version[0]) == 5)
1127
- if (!isset($GOTMLS_definitions_versions[$threat_level]) || $definition_version[0] > $GOTMLS_definitions_versions[$threat_level])
1128
- $GOTMLS_definitions_versions[$threat_level] = $definition_version[0];
1129
- if (isset($_POST["UPDATE_definitions_array"]) && strlen($_POST["UPDATE_definitions_array"])) {
1130
- if (strlen($_POST["UPDATE_definitions_array"]) > 1) {
1131
- $GOTnew_definitions = maybe_unserialize(GOTMLS_decode($_POST["UPDATE_definitions_array"]));
1132
- if (is_array($GOTnew_definitions))
1133
- $GOTMLS_onLoad .= "updates_complete('Downloaded Definitions');";
1134
- } elseif (($DEF = GOTMLS_get_URL(GOTMLS_update_home.'definitions.php?ver='.GOTMLS_Version.'&wp='.$wp_version.'&ts='.date("YmdHis").'&d='.ur1encode(GOTMLS_siteurl))) && (($GOT_definitions = GOTMLS_decode($DEF)) != serialize($GLOBALS["GOTMLS"]["tmp"]["definitions_array"])) && is_array($GOTnew_definitions = maybe_unserialize($GOT_definitions)) && count($GOTnew_definitions)) {
1135
- $GLOBALS["GOTMLS"]["tmp"]["definitions_array"] = $GOTnew_definitions;
1136
- $GOTnew_definitions = array();
1137
- $GOTMLS_onLoad .= "updates_complete('New Definitions Automatically Installed :-)');";
1138
- } else
1139
- $GOTnew_definitions = "";
1140
- } //elseif (file_exists(GOTMLS_plugin_path.'definitions_update.txt')) $GOTnew_definitions = maybe_unserialize(GOTMLS_decode(file_get_contents(GOTMLS_plugin_path.'definitions_update.txt')));
1141
- if (isset($GOTnew_definitions) && is_array($GOTnew_definitions)) {
1142
- $GLOBALS["GOTMLS"]["tmp"]["definitions_array"] = GOTMLS_array_replace_recursive($GLOBALS["GOTMLS"]["tmp"]["definitions_array"], $GOTnew_definitions);
1143
- if (file_exists(GOTMLS_plugin_path.'definitions_update.txt'))
1144
- @unlink(GOTMLS_plugin_path.'definitions_update.txt');
1145
- if (isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"]))
1146
- unset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"]);
1147
- update_option('GOTMLS_definitions_array', $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]);
1148
  foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"] as $threat_level=>$definition_names)
1149
  foreach ($definition_names as $definition_name=>$definition_version)
1150
  if (is_array($definition_version) && isset($definition_version[0]) && strlen($definition_version[0]) == 5)
1151
  if (!isset($GOTMLS_definitions_versions[$threat_level]) || $definition_version[0] > $GOTMLS_definitions_versions[$threat_level])
1152
  $GOTMLS_definitions_versions[$threat_level] = $definition_version[0];
1153
- }
1154
- asort($GOTMLS_definitions_versions);
1155
- $GLOBALS["GOTMLS"]["tmp"]["Definition"]["Updates"] = '?div=Definition_Updates';
1156
- foreach ($GOTMLS_definitions_versions as $definition_name=>$GLOBALS["GOTMLS"]["tmp"]["Definition"]["Latest"])
1157
- $GLOBALS["GOTMLS"]["tmp"]["Definition"]["Updates"] .= "&ver[$definition_name]=".$GLOBALS["GOTMLS"]["tmp"]["Definition"]["Latest"];
1158
- if (isset($_REQUEST["check"]) && is_array($_REQUEST["check"]))
1159
- $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"] = $_REQUEST["check"];
1160
- /* $threat_names = array_keys($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"]);
1161
- foreach ($threat_names as $threat_name) {
1162
- if (isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"][$threat_name]) && is_array($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"][$threat_name]) && count($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"][$threat_name]) > 1) {
1163
- if ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"][$threat_name][0] > $GOTMLS_definitions_version)
1164
- $GOTMLS_definitions_version = $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"][$threat_name][0];
1165
- if (!(count($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"]) && in_array($threat_name, $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"]))) {
1166
- $GLOBALS["GOTMLS"]["tmp"]["threat_levels"][$threat_name] = count($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"][$threat_name]);
1167
- if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"]) && $GLOBALS["GOTMLS"]["tmp"]["threat_levels"][$threat_name] > 2)
1168
- $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"] = "known";
1169
- }
1170
- }
1171
- }*/
1172
- if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"])) {
1173
- $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"] = $GLOBALS["GOTMLS"]["tmp"]["threat_levels"];
1174
- update_option("GOTMLS_settings_array", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]);
1175
- }
1176
- if (isset($_POST["GOTMLS_fix"]) && !is_array($_POST["GOTMLS_fix"]))
1177
- $_POST["GOTMLS_fix"] = array($_POST["GOTMLS_fix"]);
1178
- GOTMLS_update_scan_log(array("settings" => $GLOBALS["GOTMLS"]["tmp"]["settings_array"]));
1179
- if (isset($_POST['GOTMLS_whitelist']) && isset($_POST['GOTMLS_chksum'])) {
1180
- $file = GOTMLS_decode($_POST['GOTMLS_whitelist']);
1181
- $chksum = explode("O", $_POST['GOTMLS_chksum']."O");
1182
- if (strlen($chksum[0]) == 32 && strlen($chksum[1]) == 32 && is_file($file) && md5(@file_get_contents($file)) == $chksum[0]) {
1183
- $filesize = @filesize($file);
1184
- if (true) {
1185
- if (!isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"][$file][0]))
1186
- $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"][$file][0] = "A0002";
1187
- $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"][$file][$chksum[0].'O'.$filesize] = "A0002";
1188
  } else
1189
- unset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"][$file]);
1190
- update_option("GOTMLS_definitions_array", $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]);
1191
- die(GOTMLS_html_tags(array("html" => array("body" => "Added $file to Whitelist!<br />\n<iframe style='width: 90%; height: 350px;' src='".GOTMLS_plugin_home."whitelist.html?whitelist=".$_POST['GOTMLS_whitelist']."&hash=$chksum[0]&size=$filesize&key=$chksum[1]'></iframe>"))));
1192
- } else echo "<li>Invalid Data!</li>";
1193
- } elseif (isset($_GET["GOTMLS_scan"])) {
1194
- $file = GOTMLS_decode($_GET["GOTMLS_scan"]);
1195
- if (is_dir($file)) {
1196
- @error_reporting(0);
1197
- @header("Content-type: text/javascript");
1198
- if (isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"]))
1199
- $GLOBALS["GOTMLS"]["tmp"]["skip_ext"] = $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"];
1200
- @ob_start();
1201
- echo GOTMLS_scandir($file);
1202
- if (@ob_get_level()) {
1203
- GOTMLS_flush();
1204
- @ob_end_flush();
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1205
  }
1206
- die('//END OF JavaScript');
1207
- } else {
1208
- if (!file_exists($file))
1209
- die(sprintf(__("The file %s does not exist.",'gotmls'), $file)."<br />\n".(file_exists(GOTMLS_quarantine($file))?sprintf(__("You could <a %s>try viewing the quarantined backup file</a>.",'gotmls'), 'target="GOTMLS_iFrame" href="'.GOTMLS_script_URI.'&GOTMLS_scan='.GOTMLS_encode(GOTMLS_quarantine($file)).'"'):__("The file must have already been delete.",'gotmls'))."<script type=\"text/javascript\">\nwindow.parent.showhide('GOTMLS_iFrame', true);\n</script>");
1210
- else {
1211
- $clean_file = $file;
1212
- if (GOTMLS_get_ext($file) == 'gotmls' && dirname($file) == dirname(GOTMLS_quarantine($file))) {
1213
- $clean_file = 'Quarantined: '.GOTMLS_decode(array_pop(explode(".", '.'.substr($file, strlen(dirname($file))+1, -7))));
1214
- $_GET["eli"] = "quarantine";
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1215
  }
1216
- GOTMLS_scanfile($file);
1217
- $fa = "";
1218
- $function = 'GOTMLS_decode';
1219
- $decode_list = array("Base64" => '/base64_decode\([\'"]([0-9\+\/\=a-z]+)[\'"]\)/', "Hex" => '/(\\\\x[0-9a-f]{2})/');
1220
- if (isset($_GET[$function]) && is_array($_GET[$function])) {
1221
- foreach ($_GET[$function] as $decode) {
1222
- if (isset($decode_list[$decode])) {
1223
- $GOTMLS_file_contents = preg_replace($decode_list[$decode].substr($GLOBALS["GOTMLS"]["tmp"]["default_ext"], 0, 2), $function.$decode.'("\1")', $GOTMLS_file_contents);
1224
- $fa .= " $decode decoded";
1225
- } else
1226
- $fa .= " NO-$decode";
1227
  }
1228
- } elseif (isset($GOTMLS_threats_found) && is_array($GOTMLS_threats_found) && count($GOTMLS_threats_found)) {
1229
- $f = 1;
1230
- foreach ($GOTMLS_threats_found as $threats_found=>$threats_name) {
1231
- $fpos = 0;
1232
- $flen = 0;
1233
- $potential_threat = str_replace("\r", "", $threats_found);
1234
- while (($fpos = strpos(str_replace("\r", "", $GOTMLS_file_contents), ($potential_threat), $flen + $fpos)) !== false) {
1235
- $flen = strlen($potential_threat);
1236
- $fa .= ' <a title="'.htmlspecialchars($threats_name).'" href="javascript:select_text_range(\'ta_file\', '.($fpos).', '.($fpos + $flen).');">['.$f++.']</a>';
 
 
1237
  }
1238
- if (0 == $flen)
1239
- $fa = 'ERROR['.($f++).']: Threat_size{'.strlen($potential_threat).'} } Content_size{'.strlen(str_replace("\r", "", $GOTMLS_file_contents)).'}';
1240
- }
1241
- } else
1242
- $fa = " No Threats Found";
1243
- foreach ($decode_list as $decode => $regex)
1244
- if (preg_match($regex.substr($GLOBALS["GOTMLS"]["tmp"]["default_ext"], 0, 1), $GOTMLS_file_contents))
1245
- $fa .= ' <a href="'.GOTMLS_script_URI.'&'.$function.'[]='.$decode.'">decode['.$decode.']</a>';
1246
- die("\n".'<script type="text/javascript">
1247
- function select_text_range(ta_id, start, end) {
1248
- ta_element = document.getElementById(ta_id);
1249
- ta_element.focus();
1250
- if(ta_element.setSelectionRange)
1251
- ta_element.setSelectionRange(start, end);
1252
- else {
1253
- var r = ta_element.createTextRange();
1254
- r.collapse(true);
1255
- r.moveEnd(\'character\', end);
1256
- r.moveStart(\'character\', start);
1257
- r.select();
 
 
 
 
 
 
 
 
 
 
 
1258
  }
1259
- }
1260
- window.parent.showhide("GOTMLS_iFrame", true);
1261
- </script><table style="top: 0px; left: 0px; width: 100%; height: 100%; position: absolute;"><tr><td style="width: 100%"><form style="margin: 0;" method="post"'.(is_file($clean_file)?' onsubmit="return confirm(\''.__("Are you sure this file is not infected and you want to ignore it in future scans?",'gotmls').'\');"><input type="hidden" name="GOTMLS_whitelist" value="'.GOTMLS_encode($clean_file).'"><input type="hidden" name="GOTMLS_chksum" value="'.md5($GOTMLS_file_contents).'O'.GOTMLS_installation_key.'"><input type="submit" value="Whitelist this file" style="float: right;">':(is_file(GOTMLS_quarantine($clean_file))?' >':'>')).'</form><div id="fileperms" class="shadowed-box rounded-corners" style="display: none; position: absolute; left: 8px; top: 29px; background-color: #ccc; border: medium solid #C00; box-shadow: -3px 3px 3px #666; border-radius: 10px; padding: 10px;"><b>File Details</b><br />encoding: '.mb_detect_encoding($GOTMLS_file_contents).'<br />size: '.strlen($GOTMLS_file_contents).' ('.filesize($file).'bytes)<br />permissions: '.GOTMLS_fileperms($file).'<br />modified:'.date(" Y-m-d H:i:s ", filemtime($file)).'<br />changed:'.date(" Y-m-d H:i:s ", filectime($file)).'</div><div style="overflow: auto;"><span onmouseover="document.getElementById(\'fileperms\').style.display=\'block\';" onmouseout="document.getElementById(\'fileperms\').style.display=\'none\';">'.__("Potential threats in file:",'gotmls').'</span> ('.$fa.' )</div></td></tr><tr><td style="height: 100%"><textarea id="ta_file" style="width: 100%; height: 100%">'.htmlentities(str_replace("\r", "", $GOTMLS_file_contents)).'</textarea></td></tr></table>');
1262
  }
1263
- }
1264
- } elseif (isset($_REQUEST["GOTMLS_fix"]) && is_array($_REQUEST["GOTMLS_fix"]) && isset($_REQUEST["GOTMLS_fixing"]) && $_REQUEST["GOTMLS_fixing"]) {
1265
- $callAlert = "clearTimeout(callAlert);\ncallAlert=setTimeout('alert_repaired(1)', 30000);";
1266
- $li_js = "\n<script type=\"text/javascript\">\nvar callAlert;\nfunction alert_repaired(failed) {\nclearTimeout(callAlert);\nif (failed)\nfilesFailed='the rest, try again to change more.';\nwindow.parent.check_for_donation('Changed '+filesFixed+' files, failed to change '+filesFailed);\n}\n$callAlert\nwindow.parent.showhide('GOTMLS_iFrame', true);\nfilesFixed=0;\nfilesFailed=0;\nfunction fixedFile(file) {\n filesFixed++;\nwindow.parent.document.getElementById('list_'+file).className='GOTMLS_plugin';\nwindow.parent.document.getElementById('check_'+file).checked=false;\n }\nfunction DeletedFile(file) {\n filesFixed++;\nwindow.parent.document.getElementById('list_'+file).style.display='none';\nwindow.parent.document.getElementById('check_'+file).checked=false;\n }\nfunction failedFile(file) {\n filesFailed++;\nwindow.parent.document.getElementById('check_'+file).checked=false; \n}\n</script>\n<script type=\"text/javascript\">\n/*<!--*"."/";
1267
- @set_time_limit($GLOBALS["GOTMLS"]["tmp"]['execution_time'] * 2);
1268
- foreach ($_REQUEST["GOTMLS_fix"] as $clean_file) {
1269
- $path = GOTMLS_decode($clean_file);
1270
- if (is_file($path)) {
1271
- if ($_REQUEST["GOTMLS_fixing"] > 1) {
1272
- echo "<li>Deleting $path ... ";
1273
- if (GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]) == substr($path, 0, strlen(GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]))) && @unlink($path)) {
1274
- echo __("Deleted!",'gotmls');
1275
- $li_js .= "/*-->*"."/\nDeletedFile('$clean_file');\n/*<!--*"."/";
1276
- } elseif (GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]) == substr($path, 0, strlen(GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]))) && is_file(dirname($path)."/index.php") && ($GOTMLS_file_contents = @file_get_contents(dirname($path)."/index.php")) && strlen($GOTMLS_file_contents) > 0 && GOTMLS_file_put_contents($path, $GOTMLS_file_contents) && (@rename($path, dirname($path)."/index.php") || GOTMLS_file_put_contents($path, "") !== false)) {
1277
- echo __("Removed file contents!",'gotmls');
1278
- $li_js .= "/*-->*"."/\nfixedFile('$clean_file');\n/*<!--*"."/";
 
 
 
1279
  } else {
1280
- echo __("Failed to delete!",'gotmls');
1281
- $li_js .= "/*-->*"."/\nfailedFile('$clean_file');\n/*<!--*"."/";
1282
  }
1283
- } else {
1284
- echo "<li>Fixing $path ... ";
1285
- $li_js .= GOTMLS_scanfile($path);
1286
- }
1287
- echo "</li>\n$li_js/*-->*"."/\n$callAlert\n</script>\n";
1288
- $li_js = "<script type=\"text/javascript\">\n/*<!--*"."/";
1289
- } else
1290
- echo "<li>".__("File ".htmlentities($path)." not found!",'gotmls')."</li>";
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1291
  }
1292
- die('<div id="check_site_warning" style="background-color: #F00;">'.sprintf(__("Because some threats were automatically fixed we need to check to make sure the removal did not break your site. If this stays Red and the frame below does not load please <a %s>revert the changes</a> made during the automated fix process.",'gotmls'), 'target="test_frame" href="admin.php?page=GOTMLS-View-Quarantine"').' <span style="color: #F00;">'.__("Never mind, it worked!",'gotmls').'</span></div><br /><iframe id="test_frame" name="test_frame" src="'.GOTMLS_script_URI.'&check_site=1" style="width: 100%; height: 200px"></iframe>'.$li_js."/*-->*"."/\nalert_repaired(0);\n</script>\n");
1293
- } elseif (isset($_REQUEST["GOTMLS_fixing"]))
1294
- die("<script type=\"text/javascript\">\nwindow.parent.showhide('GOTMLS_iFrame', true);\nalert('".__("Nothing Selected to be Changed!",'gotmls')."');\n</script>".__("Done!",'gotmls'));
1295
- if (isset($_POST["scan_level"]) && is_numeric($_POST["scan_level"]))
1296
- $scan_level = intval($_POST["scan_level"]);
1297
- if (isset($scan_level) && is_numeric($scan_level))
1298
- $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"] = intval($scan_level);
1299
- else
1300
- $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"] = count(explode('/', trailingslashit(get_option("siteurl")))) - 1;
1301
- $GLOBALS["GOTMLS_msg"] = __("Default position",'gotmls');
1302
- $properties = array("body" => 'style="margin: 0; padding: 0;"');
1303
- if (isset($_GET["GOTMLS_msg"]) && $_GET["GOTMLS_msg"] == $GLOBALS["GOTMLS_msg"]) {
1304
- $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"] = $GLOBALS["GOTMLS"]["tmp"]["default"]["msg_position"];
1305
- $gl = '><';
1306
- $properties["html"] = $gl.'head'.$gl.'script type="text/javascript">
1307
- if (curDiv = window.parent.document.getElementById("div_file")) {
1308
- curDiv.style.left = "'.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][0].'";
1309
- curDiv.style.top = "'.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][1].'";
1310
- curDiv.style.height = "'.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][2].'";
1311
- curDiv.style.width = "'.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][3].'";
1312
- }
1313
- </script'.$gl.'/head';
1314
- } elseif (isset($_GET["GOTMLS_x"]) || isset($_GET["GOTMLS_y"]) || isset($_GET["GOTMLS_h"]) || isset($_GET["GOTMLS_w"])) {
1315
- if (isset($_GET["GOTMLS_x"]))
1316
- $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][0] = $_GET["GOTMLS_x"];
1317
- if (isset($_GET["GOTMLS_y"]))
1318
- $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][1] = $_GET["GOTMLS_y"];
1319
- if (isset($_GET["GOTMLS_h"]))
1320
- $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][2] = $_GET["GOTMLS_h"];
1321
- if (isset($_GET["GOTMLS_w"]))
1322
- $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][3] = $_GET["GOTMLS_w"];
1323
- $_GET["GOTMLS_msg"] = __("New position",'gotmls');
1324
  }
1325
- update_option("GOTMLS_settings_array", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]);
1326
- if (isset($_GET["GOTMLS_msg"]))
1327
- die(GOTMLS_html_tags(array("html" => array("body" => htmlentities($_GET["GOTMLS_msg"]).' '.__("saved.",'gotmls').(implode($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"]) == implode($GLOBALS["GOTMLS"]["tmp"]["default"]["msg_position"])?"":' <a href="'.GOTMLS_script_URI.'&GOTMLS_msg='.urlencode($GLOBALS["GOTMLS_msg"]).'">['.$GLOBALS["GOTMLS_msg"].']</a>'))), $properties));
1328
  }
1329
 
1330
  if (function_exists("is_admin") && is_admin() && ((isset($_POST['GOTMLS_whitelist']) && isset($_POST['GOTMLS_chksum'])) || (isset($_GET["GOTMLS_scan"]) && is_dir(GOTMLS_decode($_GET["GOTMLS_scan"]))))) {
8
  Contributors: scheeeli, gotmls
9
  Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
10
  Description: This Anti-Virus/Anti-Malware plugin searches for Malware and other Virus like threats and vulnerabilities on your server and helps you remove them. It's always growing and changing to adapt to new threats so let me know if it's not working for you.
11
+ Version: 4.15.21
12
  */
13
  if (isset($_SERVER["DOCUMENT_ROOT"]) && ($SCRIPT_FILE = str_replace($_SERVER["DOCUMENT_ROOT"], "", isset($_SERVER["SCRIPT_FILENAME"])?$_SERVER["SCRIPT_FILENAME"]:isset($_SERVER["SCRIPT_NAME"])?$_SERVER["SCRIPT_NAME"]:"")) && strlen($SCRIPT_FILE) > strlen("/".basename(__FILE__)) && substr(__FILE__, -1 * strlen($SCRIPT_FILE)) == substr($SCRIPT_FILE, -1 * strlen(__FILE__)))
14
  include(dirname(__FILE__)."/safe-load/index.php");
45
  }
46
  register_activation_hook(__FILE__, "GOTMLS_install");
47
 
48
+ function GOTMLS_user_can() {
49
  if (is_multisite())
50
  $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"] = "manage_network";
51
  elseif (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"]) || $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"] == "manage_network")
52
  $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"] = "activate_plugins";
53
+ if (current_user_can($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"]))
54
+ return true;
55
+ else
56
+ return false;
57
+ }
58
+
59
+ function GOTMLS_menu() {
60
+ GOTMLS_user_can();
61
  if (isset($_POST["GOTMLS_menu_group"]) && is_numeric($_POST["GOTMLS_menu_group"])) {
62
  $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["menu_group"] = $_POST["GOTMLS_menu_group"];
63
  /* $capabilities = array();
1100
 
1101
  function GOTMLS_init() {
1102
  global $GOTMLS_onLoad, $wp_version, $wpdb, $GOTMLS_threats_found, $GOTMLS_file_contents;
1103
+ if (GOTMLS_user_can()) {
1104
+ if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_what"]))
1105
+ $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_what"] = 2;
1106
+ if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_depth"]))
1107
+ $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_depth"] = -1;
1108
+ if (isset($_REQUEST["scan_type"]) && $_REQUEST["scan_type"] == "Quick Scan") {
1109
+ if (!isset($_REQUEST["scan_what"])) $_REQUEST["scan_what"] = 2;
1110
+ if (!isset($_REQUEST["scan_depth"]))
1111
+ $_REQUEST["scan_depth"] = 2;
1112
+ if (!(isset($_POST["scan_only"]) && is_array($_POST["scan_only"])))
1113
+ $_POST["scan_only"] = array("","wp-content/plugins","wp-content/themes");
1114
+ }//$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check_custom"] = stripslashes($_POST["check_custom"]);
1115
+ if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check_custom"]))
1116
+ $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check_custom"] = "";
1117
+ if (isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"]) && is_numeric($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"]))
1118
+ $scan_level = intval($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"]);
1119
+ else
1120
+ $scan_level = count(explode('/', trailingslashit(get_option("siteurl")))) - 1;
1121
+ if (!(isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"])))
1122
+ $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"] = array();
1123
+ if (isset($_REQUEST["dont_check"]) && is_array($_REQUEST["dont_check"]) && count($_REQUEST["dont_check"]))
1124
+ $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"] = $_REQUEST["dont_check"];
1125
+ if ($array = get_option('GOTMLS_definitions_array')) {
1126
+ if (is_array($array))
1127
+ $GLOBALS["GOTMLS"]["tmp"]["definitions_array"] = $array;
1128
+ } else {
1129
+ $wpdb->query("DELETE FROM $wpdb->options WHERE `option_name` LIKE 'GOTMLS_known_%' OR `option_name` LIKE 'GOTMLS_definitions_array_%'");
1130
+ array_walk($GLOBALS["GOTMLS"]["tmp"]["settings_array"], "GOTMLS_reset_settings");
1131
+ }
1132
+ $GOTMLS_definitions_versions = array();
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1133
  foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"] as $threat_level=>$definition_names)
1134
  foreach ($definition_names as $definition_name=>$definition_version)
1135
  if (is_array($definition_version) && isset($definition_version[0]) && strlen($definition_version[0]) == 5)
1136
  if (!isset($GOTMLS_definitions_versions[$threat_level]) || $definition_version[0] > $GOTMLS_definitions_versions[$threat_level])
1137
  $GOTMLS_definitions_versions[$threat_level] = $definition_version[0];
1138
+ if (isset($_POST["UPDATE_definitions_array"]) && strlen($_POST["UPDATE_definitions_array"])) {
1139
+ if (strlen($_POST["UPDATE_definitions_array"]) > 1) {
1140
+ $GOTnew_definitions = maybe_unserialize(GOTMLS_decode($_POST["UPDATE_definitions_array"]));
1141
+ if (is_array($GOTnew_definitions))
1142
+ $GOTMLS_onLoad .= "updates_complete('Downloaded Definitions');";
1143
+ } elseif (($DEF = GOTMLS_get_URL(GOTMLS_update_home.'definitions.php?ver='.GOTMLS_Version.'&wp='.$wp_version.'&ts='.date("YmdHis").'&d='.ur1encode(GOTMLS_siteurl))) && (($GOT_definitions = GOTMLS_decode($DEF)) != serialize($GLOBALS["GOTMLS"]["tmp"]["definitions_array"])) && is_array($GOTnew_definitions = maybe_unserialize($GOT_definitions)) && count($GOTnew_definitions)) {
1144
+ $GLOBALS["GOTMLS"]["tmp"]["definitions_array"] = $GOTnew_definitions;
1145
+ $GOTnew_definitions = array();
1146
+ $GOTMLS_onLoad .= "updates_complete('New Definitions Automatically Installed :-)');";
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1147
  } else
1148
+ $GOTnew_definitions = "";
1149
+ } //elseif (file_exists(GOTMLS_plugin_path.'definitions_update.txt')) $GOTnew_definitions = maybe_unserialize(GOTMLS_decode(file_get_contents(GOTMLS_plugin_path.'definitions_update.txt')));
1150
+ if (isset($GOTnew_definitions) && is_array($GOTnew_definitions)) {
1151
+ $GLOBALS["GOTMLS"]["tmp"]["definitions_array"] = GOTMLS_array_replace_recursive($GLOBALS["GOTMLS"]["tmp"]["definitions_array"], $GOTnew_definitions);
1152
+ if (file_exists(GOTMLS_plugin_path.'definitions_update.txt'))
1153
+ @unlink(GOTMLS_plugin_path.'definitions_update.txt');
1154
+ if (isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"]))
1155
+ unset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"]);
1156
+ update_option('GOTMLS_definitions_array', $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]);
1157
+ foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"] as $threat_level=>$definition_names)
1158
+ foreach ($definition_names as $definition_name=>$definition_version)
1159
+ if (is_array($definition_version) && isset($definition_version[0]) && strlen($definition_version[0]) == 5)
1160
+ if (!isset($GOTMLS_definitions_versions[$threat_level]) || $definition_version[0] > $GOTMLS_definitions_versions[$threat_level])
1161
+ $GOTMLS_definitions_versions[$threat_level] = $definition_version[0];
1162
+ }
1163
+ asort($GOTMLS_definitions_versions);
1164
+ $GLOBALS["GOTMLS"]["tmp"]["Definition"]["Updates"] = '?div=Definition_Updates';
1165
+ foreach ($GOTMLS_definitions_versions as $definition_name=>$GLOBALS["GOTMLS"]["tmp"]["Definition"]["Latest"])
1166
+ $GLOBALS["GOTMLS"]["tmp"]["Definition"]["Updates"] .= "&ver[$definition_name]=".$GLOBALS["GOTMLS"]["tmp"]["Definition"]["Latest"];
1167
+ if (isset($_REQUEST["check"]) && is_array($_REQUEST["check"]))
1168
+ $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"] = $_REQUEST["check"];
1169
+ /* $threat_names = array_keys($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"]);
1170
+ foreach ($threat_names as $threat_name) {
1171
+ if (isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"][$threat_name]) && is_array($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"][$threat_name]) && count($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"][$threat_name]) > 1) {
1172
+ if ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"][$threat_name][0] > $GOTMLS_definitions_version)
1173
+ $GOTMLS_definitions_version = $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"][$threat_name][0];
1174
+ if (!(count($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"]) && in_array($threat_name, $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"]))) {
1175
+ $GLOBALS["GOTMLS"]["tmp"]["threat_levels"][$threat_name] = count($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"][$threat_name]);
1176
+ if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"]) && $GLOBALS["GOTMLS"]["tmp"]["threat_levels"][$threat_name] > 2)
1177
+ $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"] = "known";
1178
+ }
1179
  }
1180
+ }*/
1181
+ if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"])) {
1182
+ $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"] = $GLOBALS["GOTMLS"]["tmp"]["threat_levels"];
1183
+ update_option("GOTMLS_settings_array", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]);
1184
+ }
1185
+ if (isset($_POST["GOTMLS_fix"]) && !is_array($_POST["GOTMLS_fix"]))
1186
+ $_POST["GOTMLS_fix"] = array($_POST["GOTMLS_fix"]);
1187
+ GOTMLS_update_scan_log(array("settings" => $GLOBALS["GOTMLS"]["tmp"]["settings_array"]));
1188
+ if (isset($_POST['GOTMLS_whitelist']) && isset($_POST['GOTMLS_chksum'])) {
1189
+ $file = GOTMLS_decode($_POST['GOTMLS_whitelist']);
1190
+ $chksum = explode("O", $_POST['GOTMLS_chksum']."O");
1191
+ if (strlen($chksum[0]) == 32 && strlen($chksum[1]) == 32 && is_file($file) && md5(@file_get_contents($file)) == $chksum[0]) {
1192
+ $filesize = @filesize($file);
1193
+ if (true) {
1194
+ if (!isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"][$file][0]))
1195
+ $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"][$file][0] = "A0002";
1196
+ $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"][$file][$chksum[0].'O'.$filesize] = "A0002";
1197
+ } else
1198
+ unset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"][$file]);
1199
+ update_option("GOTMLS_definitions_array", $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]);
1200
+ die(GOTMLS_html_tags(array("html" => array("body" => "Added $file to Whitelist!<br />\n<iframe style='width: 90%; height: 350px;' src='".GOTMLS_plugin_home."whitelist.html?whitelist=".$_POST['GOTMLS_whitelist']."&hash=$chksum[0]&size=$filesize&key=$chksum[1]'></iframe>"))));
1201
+ } else echo "<li>Invalid Data!</li>";
1202
+ } elseif (isset($_GET["GOTMLS_scan"])) {
1203
+ $file = GOTMLS_decode($_GET["GOTMLS_scan"]);
1204
+ if (is_dir($file)) {
1205
+ @error_reporting(0);
1206
+ @header("Content-type: text/javascript");
1207
+ if (isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"]))
1208
+ $GLOBALS["GOTMLS"]["tmp"]["skip_ext"] = $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"];
1209
+ @ob_start();
1210
+ echo GOTMLS_scandir($file);
1211
+ if (@ob_get_level()) {
1212
+ GOTMLS_flush();
1213
+ @ob_end_flush();
1214
  }
1215
+ die('//END OF JavaScript');
1216
+ } else {
1217
+ if (!file_exists($file))
1218
+ die(sprintf(__("The file %s does not exist.",'gotmls'), $file)."<br />\n".(file_exists(GOTMLS_quarantine($file))?sprintf(__("You could <a %s>try viewing the quarantined backup file</a>.",'gotmls'), 'target="GOTMLS_iFrame" href="'.GOTMLS_script_URI.'&GOTMLS_scan='.GOTMLS_encode(GOTMLS_quarantine($file)).'"'):__("The file must have already been delete.",'gotmls'))."<script type=\"text/javascript\">\nwindow.parent.showhide('GOTMLS_iFrame', true);\n</script>");
1219
+ else {
1220
+ $clean_file = $file;
1221
+ if (GOTMLS_get_ext($file) == 'gotmls' && dirname($file) == dirname(GOTMLS_quarantine($file))) {
1222
+ $clean_file = 'Quarantined: '.GOTMLS_decode(array_pop(explode(".", '.'.substr($file, strlen(dirname($file))+1, -7))));
1223
+ $_GET["eli"] = "quarantine";
 
 
1224
  }
1225
+ GOTMLS_scanfile($file);
1226
+ $fa = "";
1227
+ $function = 'GOTMLS_decode';
1228
+ $decode_list = array("Base64" => '/base64_decode\([\'"]([0-9\+\/\=a-z]+)[\'"]\)/', "Hex" => '/(\\\\x[0-9a-f]{2})/');
1229
+ if (isset($_GET[$function]) && is_array($_GET[$function])) {
1230
+ foreach ($_GET[$function] as $decode) {
1231
+ if (isset($decode_list[$decode])) {
1232
+ $GOTMLS_file_contents = preg_replace($decode_list[$decode].substr($GLOBALS["GOTMLS"]["tmp"]["default_ext"], 0, 2), $function.$decode.'("\1")', $GOTMLS_file_contents);
1233
+ $fa .= " $decode decoded";
1234
+ } else
1235
+ $fa .= " NO-$decode";
1236
  }
1237
+ } elseif (isset($GOTMLS_threats_found) && is_array($GOTMLS_threats_found) && count($GOTMLS_threats_found)) {
1238
+ $f = 1;
1239
+ foreach ($GOTMLS_threats_found as $threats_found=>$threats_name) {
1240
+ $fpos = 0;
1241
+ $flen = 0;
1242
+ $potential_threat = str_replace("\r", "", $threats_found);
1243
+ while (($fpos = strpos(str_replace("\r", "", $GOTMLS_file_contents), ($potential_threat), $flen + $fpos)) !== false) {
1244
+ $flen = strlen($potential_threat);
1245
+ $fa .= ' <a title="'.htmlspecialchars($threats_name).'" href="javascript:select_text_range(\'ta_file\', '.($fpos).', '.($fpos + $flen).');">['.$f++.']</a>';
1246
+ }
1247
+ if (0 == $flen)
1248
+ $fa = 'ERROR['.($f++).']: Threat_size{'.strlen($potential_threat).'} } Content_size{'.strlen(str_replace("\r", "", $GOTMLS_file_contents)).'}';
1249
+ }
1250
+ } else
1251
+ $fa = " No Threats Found";
1252
+ foreach ($decode_list as $decode => $regex)
1253
+ if (preg_match($regex.substr($GLOBALS["GOTMLS"]["tmp"]["default_ext"], 0, 1), $GOTMLS_file_contents))
1254
+ $fa .= ' <a href="'.GOTMLS_script_URI.'&'.$function.'[]='.$decode.'">decode['.$decode.']</a>';
1255
+ die("\n".'<script type="text/javascript">
1256
+ function select_text_range(ta_id, start, end) {
1257
+ ta_element = document.getElementById(ta_id);
1258
+ ta_element.focus();
1259
+ if(ta_element.setSelectionRange)
1260
+ ta_element.setSelectionRange(start, end);
1261
+ else {
1262
+ var r = ta_element.createTextRange();
1263
+ r.collapse(true);
1264
+ r.moveEnd(\'character\', end);
1265
+ r.moveStart(\'character\', start);
1266
+ r.select();
1267
+ }
1268
  }
1269
+ window.parent.showhide("GOTMLS_iFrame", true);
1270
+ </script><table style="top: 0px; left: 0px; width: 100%; height: 100%; position: absolute;"><tr><td style="width: 100%"><form style="margin: 0;" method="post"'.(is_file($clean_file)?' onsubmit="return confirm(\''.__("Are you sure this file is not infected and you want to ignore it in future scans?",'gotmls').'\');"><input type="hidden" name="GOTMLS_whitelist" value="'.GOTMLS_encode($clean_file).'"><input type="hidden" name="GOTMLS_chksum" value="'.md5($GOTMLS_file_contents).'O'.GOTMLS_installation_key.'"><input type="submit" value="Whitelist this file" style="float: right;">':(is_file(GOTMLS_quarantine($clean_file))?' >':'>')).'</form><div id="fileperms" class="shadowed-box rounded-corners" style="display: none; position: absolute; left: 8px; top: 29px; background-color: #ccc; border: medium solid #C00; box-shadow: -3px 3px 3px #666; border-radius: 10px; padding: 10px;"><b>File Details</b><br />encoding: '.mb_detect_encoding($GOTMLS_file_contents).'<br />size: '.strlen($GOTMLS_file_contents).' ('.filesize($file).'bytes)<br />permissions: '.GOTMLS_fileperms($file).'<br />modified:'.date(" Y-m-d H:i:s ", filemtime($file)).'<br />changed:'.date(" Y-m-d H:i:s ", filectime($file)).'</div><div style="overflow: auto;"><span onmouseover="document.getElementById(\'fileperms\').style.display=\'block\';" onmouseout="document.getElementById(\'fileperms\').style.display=\'none\';">'.__("Potential threats in file:",'gotmls').'</span> ('.$fa.' )</div></td></tr><tr><td style="height: 100%"><textarea id="ta_file" style="width: 100%; height: 100%">'.htmlentities(str_replace("\r", "", $GOTMLS_file_contents)).'</textarea></td></tr></table>');
1271
+ }
1272
  }
1273
+ } elseif (isset($_REQUEST["GOTMLS_fix"]) && is_array($_REQUEST["GOTMLS_fix"]) && isset($_REQUEST["GOTMLS_fixing"]) && $_REQUEST["GOTMLS_fixing"]) {
1274
+ $callAlert = "clearTimeout(callAlert);\ncallAlert=setTimeout('alert_repaired(1)', 30000);";
1275
+ $li_js = "\n<script type=\"text/javascript\">\nvar callAlert;\nfunction alert_repaired(failed) {\nclearTimeout(callAlert);\nif (failed)\nfilesFailed='the rest, try again to change more.';\nwindow.parent.check_for_donation('Changed '+filesFixed+' files, failed to change '+filesFailed);\n}\n$callAlert\nwindow.parent.showhide('GOTMLS_iFrame', true);\nfilesFixed=0;\nfilesFailed=0;\nfunction fixedFile(file) {\n filesFixed++;\nwindow.parent.document.getElementById('list_'+file).className='GOTMLS_plugin';\nwindow.parent.document.getElementById('check_'+file).checked=false;\n }\nfunction DeletedFile(file) {\n filesFixed++;\nwindow.parent.document.getElementById('list_'+file).style.display='none';\nwindow.parent.document.getElementById('check_'+file).checked=false;\n }\nfunction failedFile(file) {\n filesFailed++;\nwindow.parent.document.getElementById('check_'+file).checked=false; \n}\n</script>\n<script type=\"text/javascript\">\n/*<!--*"."/";
1276
+ @set_time_limit($GLOBALS["GOTMLS"]["tmp"]['execution_time'] * 2);
1277
+ foreach ($_REQUEST["GOTMLS_fix"] as $clean_file) {
1278
+ $path = realpath(GOTMLS_decode($clean_file));
1279
+ if (is_file($path)) {
1280
+ if ($_REQUEST["GOTMLS_fixing"] > 1) {
1281
+ echo "<li>Deleting $path ... ";
1282
+ if (GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]) == substr($path, 0, strlen(GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]))) && @unlink($path)) {
1283
+ echo __("Deleted!",'gotmls');
1284
+ $li_js .= "/*-->*"."/\nDeletedFile('$clean_file');\n/*<!--*"."/";
1285
+ } elseif (GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]) == substr($path, 0, strlen(GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]))) && is_file(dirname($path)."/index.php") && ($GOTMLS_file_contents = @file_get_contents(dirname($path)."/index.php")) && strlen($GOTMLS_file_contents) > 0 && GOTMLS_file_put_contents($path, $GOTMLS_file_contents) && (@rename($path, dirname($path)."/index.php") || GOTMLS_file_put_contents($path, "") !== false)) {
1286
+ echo __("Removed file contents!",'gotmls');
1287
+ $li_js .= "/*-->*"."/\nfixedFile('$clean_file');\n/*<!--*"."/";
1288
+ } else {
1289
+ echo __("Failed to delete!",'gotmls');
1290
+ $li_js .= "/*-->*"."/\nfailedFile('$clean_file');\n/*<!--*"."/";
1291
+ }
1292
  } else {
1293
+ echo "<li>Fixing $path ... ";
1294
+ $li_js .= GOTMLS_scanfile($path);
1295
  }
1296
+ echo "</li>\n$li_js/*-->*"."/\n$callAlert\n</script>\n";
1297
+ $li_js = "<script type=\"text/javascript\">\n/*<!--*"."/";
1298
+ } else
1299
+ echo "<li>".__("File ".htmlentities($path)." not found!",'gotmls')."</li>";
1300
+ }
1301
+ die('<div id="check_site_warning" style="background-color: #F00;">'.sprintf(__("Because some threats were automatically fixed we need to check to make sure the removal did not break your site. If this stays Red and the frame below does not load please <a %s>revert the changes</a> made during the automated fix process.",'gotmls'), 'target="test_frame" href="admin.php?page=GOTMLS-View-Quarantine"').' <span style="color: #F00;">'.__("Never mind, it worked!",'gotmls').'</span></div><br /><iframe id="test_frame" name="test_frame" src="'.GOTMLS_script_URI.'&check_site=1" style="width: 100%; height: 200px"></iframe>'.$li_js."/*-->*"."/\nalert_repaired(0);\n</script>\n");
1302
+ } elseif (isset($_REQUEST["GOTMLS_fixing"]))
1303
+ die("<script type=\"text/javascript\">\nwindow.parent.showhide('GOTMLS_iFrame', true);\nalert('".__("Nothing Selected to be Changed!",'gotmls')."');\n</script>".__("Done!",'gotmls'));
1304
+ if (isset($_POST["scan_level"]) && is_numeric($_POST["scan_level"]))
1305
+ $scan_level = intval($_POST["scan_level"]);
1306
+ if (isset($scan_level) && is_numeric($scan_level))
1307
+ $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"] = intval($scan_level);
1308
+ else
1309
+ $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"] = count(explode('/', trailingslashit(get_option("siteurl")))) - 1;
1310
+ $GLOBALS["GOTMLS_msg"] = __("Default position",'gotmls');
1311
+ $properties = array("body" => 'style="margin: 0; padding: 0;"');
1312
+ if (isset($_GET["GOTMLS_msg"]) && $_GET["GOTMLS_msg"] == $GLOBALS["GOTMLS_msg"]) {
1313
+ $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"] = $GLOBALS["GOTMLS"]["tmp"]["default"]["msg_position"];
1314
+ $gl = '><';
1315
+ $properties["html"] = $gl.'head'.$gl.'script type="text/javascript">
1316
+ if (curDiv = window.parent.document.getElementById("div_file")) {
1317
+ curDiv.style.left = "'.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][0].'";
1318
+ curDiv.style.top = "'.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][1].'";
1319
+ curDiv.style.height = "'.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][2].'";
1320
+ curDiv.style.width = "'.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][3].'";
1321
+ }
1322
+ </script'.$gl.'/head';
1323
+ } elseif (isset($_GET["GOTMLS_x"]) || isset($_GET["GOTMLS_y"]) || isset($_GET["GOTMLS_h"]) || isset($_GET["GOTMLS_w"])) {
1324
+ if (isset($_GET["GOTMLS_x"]))
1325
+ $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][0] = $_GET["GOTMLS_x"];
1326
+ if (isset($_GET["GOTMLS_y"]))
1327
+ $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][1] = $_GET["GOTMLS_y"];
1328
+ if (isset($_GET["GOTMLS_h"]))
1329
+ $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][2] = $_GET["GOTMLS_h"];
1330
+ if (isset($_GET["GOTMLS_w"]))
1331
+ $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][3] = $_GET["GOTMLS_w"];
1332
+ $_GET["GOTMLS_msg"] = __("New position",'gotmls');
1333
  }
1334
+ update_option("GOTMLS_settings_array", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]);
1335
+ if (isset($_GET["GOTMLS_msg"]))
1336
+ die(GOTMLS_html_tags(array("html" => array("body" => htmlentities($_GET["GOTMLS_msg"]).' '.__("saved.",'gotmls').(implode($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"]) == implode($GLOBALS["GOTMLS"]["tmp"]["default"]["msg_position"])?"":' <a href="'.GOTMLS_script_URI.'&GOTMLS_msg='.urlencode($GLOBALS["GOTMLS_msg"]).'">['.$GLOBALS["GOTMLS_msg"].']</a>'))), $properties));
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1337
  }
 
 
 
1338
  }
1339
 
1340
  if (function_exists("is_admin") && is_admin() && ((isset($_POST['GOTMLS_whitelist']) && isset($_POST['GOTMLS_chksum'])) || (isset($_GET["GOTMLS_scan"]) && is_dir(GOTMLS_decode($_GET["GOTMLS_scan"]))))) {
readme.txt CHANGED
@@ -5,8 +5,8 @@ Author URI: http://wordpress.ieonly.com/category/my-plugins/anti-malware/
5
  Contributors: scheeeli, gotmls
6
  Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
7
  Tags: anti-malware, security, scanner, automatic, repair, remove, malware, virus, threat, hacked, malicious, infection, timthumb, exploit, block, brute-force, wp-login, patch, antimalware, revslider, Revolution Slider
8
- Version: 4.15.20
9
- Stable tag: 4.15.20
10
  Requires at least: 3.3
11
  Tested up to: 4.2.2
12
 
@@ -24,7 +24,7 @@ This Anti-Malware scanner searches for Malware, Viruses, and other security thre
24
  * Run a Complete Scan from the Settings Page.
25
  * Download Definition Updates to protect against new threats.
26
 
27
- Updated May 8th
28
 
29
  Register this plugin at [GOTMLS.NET](http://gotmls.net/) and get access to new definitions of "Known Threats" and added features like Automatic Removal, plus patches for specific security vulnerabilities like old versions of timthumb. Updated definition files can be downloaded automatically within the admin once your Key is registered. Otherwise, this plugin just scans for "Potential Threats" and leaves it up to you to identify and remove the malicious ones.
30
 
@@ -89,6 +89,9 @@ sucuri.net caches their scan results and will not refresh the scan until you cli
89
 
90
  == Changelog ==
91
 
 
 
 
92
  = 4.15.20 =
93
  * Hardened against XSS vulnerabilities in the admin (thanks to Tim Coen).
94
  * Added feature to restore default settings for Exclude Extensions.
@@ -325,6 +328,9 @@ sucuri.net caches their scan results and will not refresh the scan until you cli
325
 
326
  == Upgrade Notice ==
327
 
 
 
 
328
  = 4.15.20 =
329
  Hardened against XSS in the admin, changed encoding of the index.php file in the Quarantine, added more info to some error messages and a feature to restore a default setting, and fixed a few small bugs.
330
 
5
  Contributors: scheeeli, gotmls
6
  Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
7
  Tags: anti-malware, security, scanner, automatic, repair, remove, malware, virus, threat, hacked, malicious, infection, timthumb, exploit, block, brute-force, wp-login, patch, antimalware, revslider, Revolution Slider
8
+ Version: 4.15.21
9
+ Stable tag: 4.15.21
10
  Requires at least: 3.3
11
  Tested up to: 4.2.2
12
 
24
  * Run a Complete Scan from the Settings Page.
25
  * Download Definition Updates to protect against new threats.
26
 
27
+ Updated May 15th
28
 
29
  Register this plugin at [GOTMLS.NET](http://gotmls.net/) and get access to new definitions of "Known Threats" and added features like Automatic Removal, plus patches for specific security vulnerabilities like old versions of timthumb. Updated definition files can be downloaded automatically within the admin once your Key is registered. Otherwise, this plugin just scans for "Potential Threats" and leaves it up to you to identify and remove the malicious ones.
30
 
89
 
90
  == Changelog ==
91
 
92
+ = 4.15.21 =
93
+ * Hardened admin_init with current_user_can and realpath on the quarantine file deletion (thanks to J.D. Grimes).
94
+
95
  = 4.15.20 =
96
  * Hardened against XSS vulnerabilities in the admin (thanks to Tim Coen).
97
  * Added feature to restore default settings for Exclude Extensions.
328
 
329
  == Upgrade Notice ==
330
 
331
+ = 4.15.21 =
332
+ Hardened admin_init with current_user_can and realpath on the quarantine file deletion (thanks to J.D. Grimes).
333
+
334
  = 4.15.20 =
335
  Hardened against XSS in the admin, changed encoding of the index.php file in the Quarantine, added more info to some error messages and a feature to restore a default setting, and fixed a few small bugs.
336
 
safe-load/index.php CHANGED
@@ -12,5 +12,5 @@ foreach (array("REMOTE_ADDR", "HTTP_HOST", "REQUEST_URI", "HTTP_REFERER", "HTTP_
12
  $_SESSION["GOTMLS_detected_attacks"] .= (isset($_SERVER[$var])?"&SERVER_$var=".urlencode($_SERVER[$var]):"");
13
  foreach (array("log") as $var)
14
  $_SESSION["GOTMLS_detected_attacks"] .= (isset($_POST[$var])?"&POST_$var=".urlencode($_POST[$var]):"");
15
- header("location: http://safe-load.gotmls.net/report.php?ver=4.15.20".$_SESSION["GOTMLS_detected_attacks"]);
16
  die();
12
  $_SESSION["GOTMLS_detected_attacks"] .= (isset($_SERVER[$var])?"&SERVER_$var=".urlencode($_SERVER[$var]):"");
13
  foreach (array("log") as $var)
14
  $_SESSION["GOTMLS_detected_attacks"] .= (isset($_POST[$var])?"&POST_$var=".urlencode($_POST[$var]):"");
15
+ header("location: http://safe-load.gotmls.net/report.php?ver=4.15.21".$_SESSION["GOTMLS_detected_attacks"]);
16
  die();