Anti-Malware Security and Brute-Force Firewall

Version Description

Hardened against injected HTML content by encoding the tags with variables.
Fixed debug option to exclude individual definitions.

Release Info

Developer	scheeeli
Plugin	Anti-Malware Security and Brute-Force Firewall
Version	4.15.24
Comparing to
See all releases

Code changes from version 4.15.23 to 4.15.24

Files changed (4) hide show

images/index.php +53 -41
index.php +73 -84
readme.txt +15 -3
safe-load/index.php +1 -1

images/index.php CHANGED Viewed

	@@ -10,7 +10,7 @@ function GOTMLS_define($DEF, $val) {
10	define($DEF, $val);
11	}}
12
13	- GOTMLS_define("GOTMLS_Version", "4.15.23");
14	GOTMLS_define("GOTMLS_require_version", "3.3");
15	GOTMLS_define("GOTMLS_plugin_dir", "gotmls");
16	GOTMLS_define("GOTMLS_local_images_path", dirname(__FILE__)."/");
	@@ -274,11 +274,9 @@ function GOTMLS_check_threat($check_threats, $file='UNKNOWN') {
274	}
275	} else {
276	foreach ($check_threats as $threat_name=>$threat_definitions) {
277	- if (isset($_SESSION["GOTMLS_debug"])) {
278	$_SESSION["GOTMLS_debug"]["threat_name"] = $threat_name;
279	$_SESSION["GOTMLS_debug"]["last"]["threat_name"] = microtime(true);
280	- }
281	- if (is_array($threat_definitions) && count($threat_definitions) > 1 && strlen(array_shift($threat_definitions)) == 5) {
282	while ($threat_definition = array_shift($threat_definitions)) {
283	if ($found = @preg_match_all($threat_definition, $GOTMLS_file_contents, $threats_found)) {
284	foreach ($threats_found[0] as $find) {
	@@ -287,8 +285,6 @@ function GOTMLS_check_threat($check_threats, $file='UNKNOWN') {
287	}
288	}
289	}
290	- }
291	- if (isset($_SESSION["GOTMLS_debug"])) {
292	$file_time = round(microtime(true) - $_SESSION["GOTMLS_debug"]["last"]["threat_name"], 5);
293	if (isset($_GET["GOTMLS_debug"]) && is_numeric($_GET["GOTMLS_debug"]) && $file_time > $_GET["GOTMLS_debug"])
294	echo "\n//GOTMLS_debug $file_time $threat_name $file\n";
	@@ -304,6 +300,15 @@ function GOTMLS_check_threat($check_threats, $file='UNKNOWN') {
304	$_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["least"] = $file_time;
305	if (!isset($_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["most"]) \|\| $file_time > $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["most"])
306	$_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["most"] = $file_time;









307	}
308	}
309	}
	@@ -334,6 +339,8 @@ function GOTMLS_check_threat($check_threats, $file='UNKNOWN') {
334	function GOTMLS_scanfile($file) {
335	global $wp_version, $GOTMLS_threat_files, $GOTMLS_threats_found, $GOTMLS_chmod_file, $GOTMLS_chmod_dir, $GOTMLS_file_contents, $GOTMLS_new_contents;
336	$GOTMLS_threats_found = array();


337	$found = false;
338	$threat_link = "";
339	$className = "scanned";
	@@ -393,43 +400,40 @@ function GOTMLS_scanfile($file) {
393	$className = "errors";
394	}
395	if (count($GOTMLS_threats_found)) {
396	- $threat_link = '<a target="GOTMLS_iFrame" href="'.GOTMLS_script_URI.'&GOTMLS_scan='.$clean_file.'" id="list_'.$clean_file.'" onclick="loadIframe(\''.str_replace("\"", """, '<div style="float: left;">Examine File ...&nbsp~~;</~~div><div style="overflow: hidden; position: relative; height: 20px;"><div style="position: absolute; right: 0px; text-align: right; width: 9000px;">'.GOTMLS_strip4java($file)).'</div~~></~~div>\');" class="GOTMLS_plugin">';
397	- if (isset($_POST["GOTMLS_fix"]) && is_array($_POST["GOTMLS_fix"]) && in_array($clean_file, $_POST["GOTMLS_fix"])) {
398	- if (GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]) == substr($file, 0, strlen(GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"])))) {
399	- if (count($file_parts) > 1 && strtolower($file_parts[count($file_parts)-1]) == "gotmls" && $GOTMLS_new_contents = @file_get_contents($file))
400	- $file = GOTMLS_decode($file_parts[count($file_parts)-2]);
401	- else
402	- $GOTMLS_new_contents = trim(preg_replace('/<\?(php)?\s*(\?>\|$)/i', "", $GOTMLS_new_contents));
403	- } elseif (isset($GOTMLS_threat_files[$className]) && GOTMLS_get_ext($GOTMLS_threat_files[$className]) == "php") {
404	- $project = str_replace("_", "-", $className);
405	- if (($source = GOTMLS_get_URL("http://$project.googlecode.com/svn/trunk/$project.php")) && strlen($source) > 500)
406	- $GOTMLS_new_contents = $source;
407	- else
408	- $GOTMLS_file_contents = "";
409	- } elseif ($className == 'wp_core') {
410	- $path = str_replace("//", "/", "/".str_replace("\\", "/", substr($file, strlen(ABSPATH))));
411	- if (substr($file, 0, strlen(ABSPATH)) == ABSPATH && isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]["$wp_version"]["$path"]) && ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]["$wp_version"]["$path"] != md5($GOTMLS_file_contents)."O".strlen($GOTMLS_file_contents)) && ($source = GOTMLS_get_URL("http://core.svn.wordpress.org/tags/$wp_version$path")) && ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]["$wp_version"]["$path"] == md5($source)."O".strlen($source)))
412	- $GOTMLS_new_contents = $source;
413	- else
414	- $GOTMLS_file_contents = "";
415	- } else
416	- $GOTMLS_new_contents = trim(preg_replace('/<\?(php)?\s*(\?>\|$)/i', "", $GOTMLS_new_contents));
417	- if (strlen($GOTMLS_file_contents) > 0 && (GOTMLS_write_quarantine($file, $className) !== false) && ((strlen($GOTMLS_new_contents)==0 && isset($_GET["eli"]) && @unlink($file)) \|\| (GOTMLS_file_put_contents($file, $GOTMLS_new_contents) !== false))) {
418	- echo __("Success!",'gotmls');
419	- return "/-->"."/\nfixedFile('$clean_file');\n/<!--"."/";
420	- } else {
421	- echo __("Failed:",'gotmls').' '.(strlen($GOTMLS_file_contents)?(is_writable(dirname(GOTMLS_quarantine($file)))?((is_writable(dirname($file)) && is_writable($file))?__("reason unknown!",'gotmls'):__("file not writable!",'gotmls')):__("quarantine not writable!",'gotmls').' '):__("no file contents!",'gotmls'));
422	- if (isset($_GET["eli"]))
423	- echo 'uid='.getmyuid().'('.get_current_user().'),gid='.getmygid().(is_writable(dirname(GOTMLS_quarantine($file)))?'<br><pre>file_stat'.print_r(stat($file), true):'<br><pre>'.dirname(GOTMLS_quarantine($file)).' stat'.print_r(stat(dirname(GOTMLS_quarantine($file))), true));
424	- return "/-->"."/\nfailedFile('$clean_file');\n/<!--"."/";
425	- }
426	- }
427	if ($className == "errors") {
428	$threat_link = GOTMLS_error_link($GOTMLS_file_contents, $file);
429	$imageFile = "/blocked";
430	} elseif ($className != "potential") {
431	- $~~threat_link = '<input type=~~"~~checkbox~~" ~~name=~~"GOTMLS_fix[]" ~~value="'.$clean_file.'"~~ ~~id="check_'.$clean_file.~~(($~~className~~ != "~~wp_core~~")~~?'" checked="'.$className:''~~)~~.'"~~ ~~/>'.$threat_link;~~
























432	$imageFile = "threat";



433	} else
434	$imageFile = "question";
435	return GOTMLS_return_threat($className, $imageFile, $file, str_replace("GOTMLS_plugin", "GOTMLS_plugin $className", $threat_link));
	@@ -437,14 +441,14 @@ function GOTMLS_scanfile($file) {
437	if (GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]) == substr($file, 0, strlen(GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"])))) {
438	if (count($file_parts) > 1 && strtolower($file_parts[count($file_parts)-1]) == "gotmls" && @rename($file, GOTMLS_decode($file_parts[count($file_parts)-2]))) {
439	echo __("Restored!",'gotmls');
440	- return "/-->"."/\nfixedFile('$clean_file');\n/<!--"."/";
441	} else {
442	echo __("Restore Failed!",'gotmls');
443	return "";
444	}
445	} else {
446	echo __("Already Fixed!",'gotmls');
447	- return "/-->"."/\nfixedFile('$clean_file');\n/<!--"."/";
448	}
449	} else
450	return GOTMLS_return_threat($className, ($className=="scanned"?"checked":"blocked").".gif?$className", $file, $threat_link);
	@@ -541,7 +545,7 @@ function GOTMLS_html_tags($tags, $inner = array()) {
541
542	function GOTMLS_write_quarantine($file, $className) {
543	global $wpdb, $current_user, $GOTMLS_file_contents, $GOTMLS_new_contents, $GOTMLS_threats_found;
544	- $insert = array("post_author"~~=>$current_user->ID~~, "post_content"=>GOTMLS_encode($GOTMLS_file_contents), "post_mime_type"=>md5($GOTMLS_file_contents), "post_title"=>$file, "ping_status"=>$className, "post_status"=>"Quarantined", "post_type"=>"GOTMLS_quarantine", "post_content_filtered"=>GOTMLS_encode($GOTMLS_new_contents));
545	$insert["post_date"] = date("Y-m-d H:i:s");
546	$insert["post_date_gmt"] = $insert["post_date"];
547	if (is_file($file)) {
	@@ -575,6 +579,14 @@ function GOTMLS_write_quarantine($file, $className) {
575	return GOTMLS_file_put_contents(GOTMLS_quarantine($file), $GOTMLS_file_contents);
576	}
577








578	function GOTMLS_quarantine($file = __FILE__) {
579	if (!(isset($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]) && is_dir($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]))) {
580	$upload = wp_upload_dir();


10	define($DEF, $val);
11	}}
12
13	+ GOTMLS_define("GOTMLS_Version", "4.15.24");
14	GOTMLS_define("GOTMLS_require_version", "3.3");
15	GOTMLS_define("GOTMLS_plugin_dir", "gotmls");
16	GOTMLS_define("GOTMLS_local_images_path", dirname(__FILE__)."/");

274	}
275	} else {
276	foreach ($check_threats as $threat_name=>$threat_definitions) {
277	+ if (isset($_SESSION["GOTMLS_debug"]) && is_array($threat_definitions) && count($threat_definitions) > 1 && strlen(array_shift($threat_definitions)) == 5 && (!(isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"]) && in_array($threat_name, $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"])))) {
278	$_SESSION["GOTMLS_debug"]["threat_name"] = $threat_name;
279	$_SESSION["GOTMLS_debug"]["last"]["threat_name"] = microtime(true);


280	while ($threat_definition = array_shift($threat_definitions)) {
281	if ($found = @preg_match_all($threat_definition, $GOTMLS_file_contents, $threats_found)) {
282	foreach ($threats_found[0] as $find) {

285	}
286	}
287	}


288	$file_time = round(microtime(true) - $_SESSION["GOTMLS_debug"]["last"]["threat_name"], 5);
289	if (isset($_GET["GOTMLS_debug"]) && is_numeric($_GET["GOTMLS_debug"]) && $file_time > $_GET["GOTMLS_debug"])
290	echo "\n//GOTMLS_debug $file_time $threat_name $file\n";

300	$_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["least"] = $file_time;
301	if (!isset($_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["most"]) \|\| $file_time > $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["most"])
302	$_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["most"] = $file_time;
303	+ } elseif (is_array($threat_definitions) && count($threat_definitions) > 1 && strlen(array_shift($threat_definitions)) == 5) {
304	+ while ($threat_definition = array_shift($threat_definitions)) {
305	+ if ($found = @preg_match_all($threat_definition, $GOTMLS_file_contents, $threats_found)) {
306	+ foreach ($threats_found[0] as $find) {
307	+ $GOTMLS_threats_found[$find] = $threat_name;
308	+ $GOTMLS_new_contents = str_replace($find, "", $GOTMLS_new_contents);
309	+ }
310	+ }
311	+ }
312	}
313	}
314	}

339	function GOTMLS_scanfile($file) {
340	global $wp_version, $GOTMLS_threat_files, $GOTMLS_threats_found, $GOTMLS_chmod_file, $GOTMLS_chmod_dir, $GOTMLS_file_contents, $GOTMLS_new_contents;
341	$GOTMLS_threats_found = array();
342	+ $gt = ">";
343	+ $lt = "<";
344	$found = false;
345	$threat_link = "";
346	$className = "scanned";

400	$className = "errors";
401	}
402	if (count($GOTMLS_threats_found)) {
403	+ $threat_link = $lt.'a target="GOTMLS_iFrame" href="'.GOTMLS_script_URI.'&GOTMLS_scan='.$clean_file.'" id="list_'.$clean_file.'" onclick="loadIframe(\''.str_replace("\"", """, $lt.'div style="float: left;"'.$gt.'Examine File ... '.$lt.'/div'.$gt.$lt.'div style="overflow: hidden; position: relative; height: 20px;"'.$gt.$lt.'div style="position: absolute; right: 0px; text-align: right; width: 9000px;"'.$gt.GOTMLS_strip4java($file)).$lt.'/div'.$gt.$lt.'/div'.$gt.'\');" class="GOTMLS_plugin"'.$gt;






























404	if ($className == "errors") {
405	$threat_link = GOTMLS_error_link($GOTMLS_file_contents, $file);
406	$imageFile = "/blocked";
407	} elseif ($className != "potential") {
408	+ if (isset($_POST["GOTMLS_fix"]) && is_array($_POST["GOTMLS_fix"]) && in_array($clean_file, $_POST["GOTMLS_fix"])) {
409	+ if ($className == "timthumb") {
410	+ if (($source = GOTMLS_get_URL("http://$className.googlecode.com/svn/trunk/$className.php")) && strlen($source) > 500)
411	+ $GOTMLS_new_contents = $source;
412	+ else
413	+ $GOTMLS_file_contents = "";
414	+ } elseif ($className == 'wp_core') {
415	+ $path = str_replace("//", "/", "/".str_replace("\\", "/", substr($file, strlen(ABSPATH))));
416	+ if (substr($file, 0, strlen(ABSPATH)) == ABSPATH && isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]["$wp_version"]["$path"]) && ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]["$wp_version"]["$path"] != md5($GOTMLS_file_contents)."O".strlen($GOTMLS_file_contents)) && ($source = GOTMLS_get_URL("http://core.svn.wordpress.org/tags/$wp_version$path")) && ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]["$wp_version"]["$path"] == md5($source)."O".strlen($source)))
417	+ $GOTMLS_new_contents = $source;
418	+ else
419	+ $GOTMLS_file_contents = "";
420	+ } else
421	+ $GOTMLS_new_contents = trim(preg_replace('/'.$lt.'\?(php)?\s*(\?'.$gt.'\|$)/i', "", $GOTMLS_new_contents));
422	+ if (strlen($GOTMLS_file_contents) > 0 && (GOTMLS_write_quarantine($file, $className) !== false) && ((strlen($GOTMLS_new_contents)==0 && isset($_GET["eli"]) && @unlink($file)) \|\| (GOTMLS_file_put_contents($file, $GOTMLS_new_contents) !== false))) {
423	+ echo __("Success!",'gotmls');
424	+ return "/--{$gt}"."/\nfixedFile('$clean_file');\n/{$lt}!--"."/";
425	+ } else {
426	+ echo __("Failed:",'gotmls').' '.(strlen($GOTMLS_file_contents)?(is_writable(dirname(GOTMLS_quarantine($file)))?((is_writable(dirname($file)) && is_writable($file))?__("reason unknown!",'gotmls'):__("file not writable!",'gotmls')):__("quarantine not writable!",'gotmls').' '):__("no file contents!",'gotmls'));
427	+ if (isset($_GET["eli"]))
428	+ echo 'uid='.getmyuid().'('.get_current_user().'),gid='.getmygid().(is_writable(dirname(GOTMLS_quarantine($file)))?$lt.'br'.$gt.$lt.'pre'.$gt.'file_stat'.print_r(stat($file), true):$lt.'br'.$gt.$lt.'pre'.$gt.dirname(GOTMLS_quarantine($file)).' stat'.print_r(stat(dirname(GOTMLS_quarantine($file))), true));
429	+ return "/--{$gt}"."/\nfailedFile('$clean_file');\n/{$lt}!--"."/";
430	+ }
431	+ }
432	+ $threat_link = $lt.'input type="checkbox" name="GOTMLS_fix[]" value="'.$clean_file.'" id="check_'.$clean_file.(($className != "wp_core")?'" checked="'.$className:'').'" /'.$gt.$threat_link;
433	$imageFile = "threat";
434	+ } elseif (isset($_POST["GOTMLS_fix"]) && is_array($_POST["GOTMLS_fix"]) && in_array($clean_file, $_POST["GOTMLS_fix"])) {
435	+ echo __("Already Fixed!",'gotmls');
436	+ return "/-->"."/\nfixedFile('$clean_file');\n/<!--"."/";
437	} else
438	$imageFile = "question";
439	return GOTMLS_return_threat($className, $imageFile, $file, str_replace("GOTMLS_plugin", "GOTMLS_plugin $className", $threat_link));

441	if (GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]) == substr($file, 0, strlen(GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"])))) {
442	if (count($file_parts) > 1 && strtolower($file_parts[count($file_parts)-1]) == "gotmls" && @rename($file, GOTMLS_decode($file_parts[count($file_parts)-2]))) {
443	echo __("Restored!",'gotmls');
444	+ return "/--{$gt}"."/\nfixedFile('$clean_file');\n/{$lt}!--"."/";
445	} else {
446	echo __("Restore Failed!",'gotmls');
447	return "";
448	}
449	} else {
450	echo __("Already Fixed!",'gotmls');
451	+ return "/--{$gt}"."/\nfixedFile('$clean_file');\n/{$lt}!--"."/";
452	}
453	} else
454	return GOTMLS_return_threat($className, ($className=="scanned"?"checked":"blocked").".gif?$className", $file, $threat_link);

545
546	function GOTMLS_write_quarantine($file, $className) {
547	global $wpdb, $current_user, $GOTMLS_file_contents, $GOTMLS_new_contents, $GOTMLS_threats_found;
548	+ $insert = array("post_author"=>GOTMLS_get_current_user_id(), "post_content"=>GOTMLS_encode($GOTMLS_file_contents), "post_mime_type"=>md5($GOTMLS_file_contents), "post_title"=>$file, "ping_status"=>$className, "post_status"=>"Quarantined", "post_type"=>"GOTMLS_quarantine", "post_content_filtered"=>GOTMLS_encode($GOTMLS_new_contents));
549	$insert["post_date"] = date("Y-m-d H:i:s");
550	$insert["post_date_gmt"] = $insert["post_date"];
551	if (is_file($file)) {

579	return GOTMLS_file_put_contents(GOTMLS_quarantine($file), $GOTMLS_file_contents);
580	}
581
582	+ function GOTMLS_get_current_user_id() {
583	+ global $current_user;//, $GOTMLS_new_contents, $GOTMLS_file_contents, $GOTMLS_threats_found;
584	+ if ($current_user = @get_current_user())
585	+ return $current_user->ID;
586	+ else
587	+ return 1;
588	+ }
589	+
590	function GOTMLS_quarantine($file = __FILE__) {
591	if (!(isset($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]) && is_dir($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]))) {
592	$upload = wp_upload_dir();

index.php CHANGED Viewed

	@@ -8,7 +8,7 @@ Author URI: http://wordpress.ieonly.com/category/my-plugins/anti-malware/
8	Contributors: scheeeli, gotmls
9	Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
10	Description: This Anti-Virus/Anti-Malware plugin searches for Malware and other Virus like threats and vulnerabilities on your server and helps you remove them. It's always growing and changing to adapt to new threats so let me know if it's not working for you.
11	- Version: 4.15.23
12	*/
13	if (isset($_SERVER["DOCUMENT_ROOT"]) && ($SCRIPT_FILE = str_replace($_SERVER["DOCUMENT_ROOT"], "", isset($_SERVER["SCRIPT_FILENAME"])?$_SERVER["SCRIPT_FILENAME"]:isset($_SERVER["SCRIPT_NAME"])?$_SERVER["SCRIPT_NAME"]:"")) && strlen($SCRIPT_FILE) > strlen("/".basename(__FILE__)) && substr(__FILE__, -1 * strlen($SCRIPT_FILE)) == substr($SCRIPT_FILE, -1 * strlen(__FILE__)))
14	include(dirname(__FILE__)."/safe-load/index.php");
	@@ -676,9 +676,11 @@ function GOTMLS_View_Quarantine() {
676	function GOTMLS_settings() {
677	global $current_user, $wp_version, $GOTMLS_scanfiles, $GOTMLS_skip_dirs, $GOTMLS_dirs_at_depth, $GOTMLS_dir_at_depth;
678	$GOTMLS_scan_groups = array();


679	$dirs = GOTMLS_explode_dir(__file__);
680	for ($SL=0;$SL<intval($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"]);$SL++)
681	- $GOTMLS_scan_groups[] = '<b>'.implode(GOTMLS_slash(), array_slice($dirs, -1 * (3 + $SL), 1)).'</b>';
682	if (isset($_POST["check"]))
683	$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"] = $_POST["check"];
684	if (isset($_POST["exclude_ext"])) {
	@@ -727,75 +729,62 @@ function GOTMLS_settings() {
727	$GLOBALS["GOTMLS"]["tmp"]["settings_array"]['skip_quarantine'] = 0;
728	GOTMLS_update_scan_log(array("settings" => $GLOBALS["GOTMLS"]["tmp"]["settings_array"]));
729	$scan_whatopts = '';
730	- $scan_optjs = "\n<script type=\"text/javascript\">\nfunction showOnly(what) {\n";
731	foreach ($GOTMLS_scan_groups as $mg => $GOTMLS_scan_group) {
732	$scan_optjs .= "document.getElementById('only$mg').style.display = 'none';\n";
733	- $scan_whatopts = '
734	- </div>
735	- </div>'.$scan_whatopts;
736	$dir = implode(GOTMLS_slash(), array_slice($dirs, 0, -1 * (2 + $mg)));
737	$files = GOTMLS_getfiles($dir);
738	if (is_array($files))
739	foreach ($files as $file)
740	if (is_dir(GOTMLS_trailingslashit($dir).$file))
741	- $scan_whatopts = '<input type="checkbox" name="scan_only[]" value="'.$file.'" />'.$file.'<br />'.$scan_whatopts;
742	- $scan_whatopts = '
743	- <div style="padding: 4px 30px;" id="scan_group_div_'.$mg.'"><input type="radio" name="scan_what" id="not-only'.$mg.'" value="'.$mg.'"'.($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_what"]==$mg?' checked':'').' /><a style="text-decoration: none;" href="#scan_what" onclick="showOnly(\''.$mg.'\');document.getElementById(\'not-only'.$mg.'\').checked=true;">'.$GOTMLS_scan_group.'</a><br />
744	- <div class="rounded-corners" style="position: absolute; display: none; background-color: #CCF; margin: 0; padding: 10px; z-index: 10;" id="only'.$mg.'"><div style="padding-bottom: 6px;">'.GOTMLS_close_button('only'.$mg, 0).'<b>'.str_replace(" ", " ", __("Only Scan These Folders:",'gotmls')).'</b></div>'.$scan_whatopts;
745	}
746	- $scan_optjs .= "document.getElementById('only'+what).style.display = 'block';\n}".((isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["auto_UPDATE_definitions"]) && $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["auto_UPDATE_definitions"])?"\nfunction auto_UPDATE_check() {\n\tif (auto_UPdef_check = document.getElementById('auto_UPDATE_definitions_check'))\n\t\tauto_UPdef_check.checked = true;\n}\nif (window.addEventListener)\n\twindow.addEventListener('load', auto_UPDATE_check)\nelse\n\tdocument.attachEvent('onload', auto_UPDATE_check);\n":"")."</script>";
747	- $scan_opts = '
748	- ~~<form~~ ~~method~~="~~POST"~~ ~~name=~~"~~GOTMLS_Form" action="~~'.~~str_replace(~~'~~&mt=~~', '~~&last_mt=~~', ~~str_replace('&scan_type='~~, '~~&last_type=~~'~~, GOTMLS_script_URI~~)).'~~"><input type="hidden" name="scan_type" id="scan_type" value="Complete Scan" />~~
749	- <div style="~~float~~: ~~left~~;"~~><p><b>~~'~~.__("What to look for:",'gotmls').'</b></p>~~
750	- <div style="padding: 0 30px;">';
751	foreach ($GLOBALS["GOTMLS"]["tmp"]["threat_levels"] as $threat_level_name=>$threat_level) {
752	- $scan_opts .= '<div style="padding: 0; position: relative;" id="check_'.$threat_level.'_div">';
753	if (($threat_level != "wp_core" && isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"][$threat_level])) \|\| isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"][$threat_level]["$wp_version"])) {
754	- $scan_opts .= '<input type="checkbox" name="check[]" id="check_'.$threat_level.'_Yes" value="'.$threat_level.'"'.(in_array($threat_level,$GLOBALS["GOTMLS"]["log"]["settings"]["check"])?' checked':'').' /> <a style="text-decoration: none;" href="#check_'.$threat_level.'_div_0" onclick="document.getElementById(\'check_'.$threat_level.'_Yes\').checked=true;showhide(\'dont_check_'.$threat_level.'\');"~~><b>~~'~~.$threat_level_name~~."</b~~></~~a>\n";
755	if (isset($_GET["SESSION"])) {
756	if (isset($_SESSION["GOTMLS_debug"][$threat_level]))
757	print_r($_SESSION["GOTMLS_debug"][$threat_level],1);
758	- $scan_opts .= '
759	- <div style="padding: 0 20px; position: relative; top: -18px; display: none;" id="dont_check_'.$threat_level.'"><a class="rounded-corners" style="position: absolute; left: 0; margin: 0; padding: 0 4px; text-decoration: none; color: #C00; background-color: #FCC; border: solid #F00 1px;" href="#check_'.$threat_level.'_div_0" onclick="showhide(\'dont_check_'.$threat_level.'\');">X</a>';
760	foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"][$threat_level] as $threat_name => $threat_regex)
761	- $scan_opts .= '<br />
762	- ~~<input type="checkbox" name="dont_check[]" value="'.htmlspecialchars(~~$~~threat_name).'"'.(in_array($threat_name,~~ ~~$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"])?'~~ ~~checked /><script>showhide(~~"~~dont_check_'.$threat_level.'", true);</script>':' />').(isset(~~$~~_SESSION["GOTMLS_debug"][~~$~~threat_name])?print_r($_SESSION[~~"~~GOTMLS_debug"][$threat_name],1):"").$threat_name~~;
763	- $scan_opts .= '
764	- </div>';
765	}
766	} else
767	- $scan_opts .= '<a title="'.__("Download Definition Updates to Use this feature",'gotmls').'"><img src="'.GOTMLS_images_path.'blocked.gif" height=16 width=16 alt="X"><b>  '.$threat_level_name.'</b><br ~~/><~~div style="padding: 14px;" id="check_'.$threat_level.'_div_NA"><span style="color: #F00">'.__("Download the new definitions (Right sidebar) to activate this feature.",'gotmls').~~'</~~span~~></~~div>';
768	- $scan_opts .= '
769	- </div>';
770	}
771	- $scan_opts .= '</div~~></~~div>
772	- <div style="float: left;"><p><b>'.__("What to scan:",'gotmls').'</b~~></~~p>'.$scan_whatopts.$scan_optjs.'</div>
773	- <div style="float: left;" id="scanwhatfolder"~~></~~div>
774	- <div style="float: left;"><p><b>'.__("Scan Depth:",'gotmls').'</b~~></~~p>
775	- <div style="padding: 0 30px;"><input type="text" value="'.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_depth"].'" name="scan_depth" size="5"><br />'.__("how far to drill down",'gotmls').'<br />('.__("-1 is infinite depth",'gotmls').')</div~~></~~div>
776	- <br style="clear: left;">';
777	if (isset($_GET["SESSION"]) && isset($_SESSION["GOTMLS_debug"]['total'])) {$scan_opts .= print_r($_SESSION["GOTMLS_debug"]['total'],1); unset($_SESSION["GOTMLS_debug"]);}
778	if (isset($_GET["eli"])) {//still testing this option
779	- $scan_opts .= '
780	- <div style="padding: 10px;"><p><b>'.__("Custom RegExp:",'gotmls').'</b> ('.__("For very advanced users only. Do not use this without talking to Eli first. If used incorrectly you could easily break your site.",'gotmls').')</p><input type="text" name="check_custom" style="width: 100%;" value="'.htmlspecialchars($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check_custom"]).'" /></div>';
781	}
782	- $scan_opts .= '
783	- ~~<p>~~'.__("~~<b>Skip~~ ~~files~~ ~~with~~ ~~the~~ ~~following~~ extentions~~:</b>~~",'gotmls').~~(($default_exclude_ext!=~~implode(",", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"]))?' ~~<a href~~="~~javascript~~:~~void(0);"~~ ~~onclick=~~"~~document.getElementById(\'exclude_ext\').value~~ ~~= \~~''.$~~default_exclude_ext~~.'\'~~;">[Restore Defaults]</a>':"")~~.'~~</p>~~
784	- ~~<div style="padding: 0 30px;"><input type="text" placeholder="~~'.__("a ~~comma~~ ~~separated~~ ~~list~~ of ~~file extentions to skip~~",'gotmls').'~~" name="exclude_ext" id="exclude_ext" value="~~'.~~implode(",", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"])~~.'~~" style="width: 100%;" /></div>~~
785	- ~~<p>~~'.__("~~<b>Skip~~ ~~directories~~ ~~with~~ ~~the~~ ~~following~~ names~~:</b>~~",'gotmls').'~~</p>~~
786	- ~~<div~~ style="~~padding~~: 0 ~~30px;~~"~~><input~~ ~~type~~="~~text~~" ~~placeholder~~="'.__("a ~~folder~~ ~~name~~ or ~~comma~~ ~~separated~~ ~~list~~ of ~~folder~~ ~~names~~ to ~~skip~~",'gotmls').'" name="~~exclude_dir~~" value="'.~~implode~~(",", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["~~exclude_dir~~"]).'" ~~style~~="~~width:~~ ~~100%;~~" ~~/></div>~~
787	- <table style="width: 100%" cellspacing="10"><tr><td nowrap valign="top" style="white-space: nowrap; width: 1px; border-bottom: #F00 solid 2px;"><b>'.__("Automatically Update Definitions:",'gotmls').'</b></td><td colspan=2 style="border-bottom: #F00 solid 2px;"><div id="UPDATE_definitions_div"><span style="color: #C00;">'.__("This new BETA feature is only available to registered users who have donated at a certain level.",'gotmls').'</span></div></td></tr><tr><td nowrap>
788	- <b>'.GOTMLS_Skip_Quarantine_LANGUAGE.'</b></td><td><input type="checkbox" name="skip_quarantine" value="1"'.((isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["skip_quarantine"]) && $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["skip_quarantine"])?" checked":"").'></td><td align="right" valign="bottom"><input type="submit" id="complete_scan" value="'.__("Run Complete Scan",'gotmls').'" class="button-primary" /></td></tr></table></form>';
789	@ob_start();
790	$OB_default_handlers = array("default output handler", "zlib output compression");
791	$OB_handlers = @ob_list_handlers();
792	if (is_array($OB_handlers) && count($OB_handlers))
793	foreach ($OB_handlers as $OB_last_handler)
794	if (!in_array($OB_last_handler, $OB_default_handlers))
795	- echo '<div class="error">'.sprintf(__("Another Plugin or Theme is using '%s' to handle output buffers. <br />This prevents actively outputing the buffer on-the-fly and will severely degrade the performance of this (and many other) Plugins. <br />Consider disabling caching and compression plugins (at least during the scanning process).",'gotmls'), $OB_last_handler).~~'</~~div>';
796	GOTMLS_display_header();
797	$scan_groups = array_merge(array(__("Scanned Files",'gotmls')=>"scanned",__("Selected Folders",'gotmls')=>"dirs",__("Scanned Folders",'gotmls')=>"dir",__("Skipped Folders",'gotmls')=>"skipdirs",__("Skipped Files",'gotmls')=>"skipped",__("Read/Write Errors",'gotmls')=>"errors",__("Quarantined Files",'gotmls')=>"bad"), $GLOBALS["GOTMLS"]["tmp"]["threat_levels"]);
798	- echo '<script type="text/javascript">
799	var percent = 0;
800	function changeFavicon(percent) {
801	var oldLink = document.getElementById("wait_gif");
	@@ -838,7 +827,7 @@ function update_status(title, time) {
838	if (percent == 100) {
839	showhide("pause_button", true);
840	showhide("pause_button");
841	- title = "<b>'.__("Scan Complete!",'gotmls').'</b>";
842	} else
843	scan_state = "99F";
844	changeFavicon(percent);
	@@ -862,11 +851,12 @@ function update_status(title, time) {
862	timeElapsed += " Second";
863	if (timeElapsed.substr(0, 2) != "1 ")
864	timeElapsed += "s";
865	- divHTML = \'<div align="center" style="vertical-align: middle; background-color: #ccc; z-index: 3; height: 18px; width: 100%; border: solid #000 1px; position: relative; padding: 10px 0;"><div style="height: 18px; padding: 10px 0; position: absolute; top: 0px; left: 0px; background-color: #\'+scan_state+\'; width: \'+percent+\'%"~~></~~div><div style="height: 32px; position: absolute; top: 3px; left: 10px; z-index: 5; line-height: 16px;" align="left">\'+sdir+" Folder"+(sdir==1?"":"s")+" Checked<br />"+timeElapsed+\' Elapsed</div><div style="height: 38px; position: absolute; top: 0px; left: 0px; width: 100%; z-index: 5; line-height: 38px; font-size: 30px; text-align: center;">\'+percent+\'~~%</~~div><div style="height: 32px; position: absolute; top: 3px; right: 10px; z-index: 5; line-height: 16px;" align="right">\'+(dirs-sdir)+" Folder"+((dirs-sdir)==1?"":"s")+" Remaining<br />"+timeRemaining+" Remaining</div~~></~~div>";
866	document.getElementById("status_bar").innerHTML = divHTML;
867	document.getElementById("status_text").innerHTML = title;
868	dis="none";
869	- divHTML = \'<ul style="float: right; margin: 0 20px; text-align: right;">\';'."\~~n/<!--"."/"~~;

870	$MAX = 0;
871	$vars = "var i, intrvl, direrrors=0";
872	$fix_button_js = "";
	@@ -875,7 +865,7 @@ function update_status(title, time) {
875	foreach ($scan_groups as $scan_name => $scan_group) {
876	$vars .= ", $scan_group=0";
877	if ($MAX++ == 6) {
878	- echo "/-->"."/\n\tif ($scan_group > 0)\n\t\tscan_state = ' potential'; \n\telse\n\t\tscan_state = '';\n\tdivHTML += '</ul><ul style=\"text-align: left;\"><li class=\"GOTMLS_li\"><a href=\"admin.php?page=GOTMLS-View-Quarantine\" class=\"GOTMLS_plugin".((isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["skip_quarantine"]) && $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["skip_quarantine"])?" potential\" title=\"".GOTMLS_Skip_Quarantine_LANGUAGE:"'+scan_state+'\" title=\"".GOTMLS_View_Quarantine_LANGUAGE)."\">'+$scan_group+' '+($scan_group==1?('$scan_name').slice(0,-1):'$scan_name')+'</a></li>';\n/<!--"."/";
879	$found = "Found ";
880	$fix_button_js = "\n\t\tdis='block';";
881	} else {
	@@ -883,14 +873,14 @@ function update_status(title, time) {
883	$potential_threat = ' potential" title="'.__("You are not currently scanning for this type of threat!",'gotmls');
884	else
885	$potential_threat = "";
886	- echo "/-->"."/\n\tif ($scan_group > 0) {\n\t\tscan_state = ' href=\"#found_$scan_group\" onclick=\"$li_js showhide(\\'found_$scan_group\\', true);\" class=\"GOTMLS_plugin $scan_group\"';$fix_button_js".($MAX>6?"\n\tshowhide('found_$scan_group', true);":"")."\n\t} else\n\t\tscan_state = ' class=\"GOTMLS_plugin$potential_threat\"';\n\tdivHTML += '<li class=\"GOTMLS_li\"><a'+scan_state+'>$found'+$scan_group+' '+($scan_group==1?('$scan_name').slice(0,-1):'$scan_name')+'</a></li>';\n/<!--"."/";
887	}
888	$li_js = "";
889	if ($MAX > 11)
890	$fix_button_js = "";
891	}
892	- echo "/-->".'/
893	- document.getElementById("status_counts").innerHTML = divHTML+"</ul>";
894	document.getElementById("fix_button").style.display = dis;
895	}
896	'.$vars.';
	@@ -898,7 +888,7 @@ function showOnly(what) {
898	document.getElementById("only_what").innerHTML = document.getElementById("only"+what).innerHTML;
899	}
900	var startTime = 0;
901	- </script>'.GOTMLS_box(GOTMLS_Scan_Settings_LANGUAGE, $scan_opts);
902	if (isset($_REQUEST["scan_what"]) && is_numeric($_REQUEST["scan_what"]) && ($_REQUEST["scan_what"] > -1)) {
903	if (!isset($_REQUEST["scan_type"]))
904	$_REQUEST["scan_type"] = "Complete Scan";
	@@ -907,30 +897,29 @@ var startTime = 0;
907	if (substr($name, 0, 10) != 'GOTMLS_fix') {
908	if (is_array($value)) {
909	foreach ($value as $val)
910	- echo '<input type="hidden" name="'.$name.'[]" value="'.htmlspecialchars($val).'">';
911	} else
912	- echo '<input type="hidden" name="'.$name.'" value="'.htmlspecialchars($value).'">';
913	}
914	}
915	- echo '
916	- ~~<form~~ ~~method="POST" target="GOTMLS_iFrame" name="GOTMLS_Form_clean"><input~~ type="~~hidden~~" ~~id="GOTMLS_fixing" name="GOTMLS_fixing" value="1">~~
917	- <script type="text/javascript">
918	showhide("inside_'.md5(GOTMLS_Scan_Settings_LANGUAGE).'");
919	- </script>'.GOTMLS_box(htmlentities($_REQUEST["scan_type"]).' Status', '<div id="status_text"><img src="'.GOTMLS_images_path.'wait.gif" height=16 width=16 alt="..."> '.GOTMLS_Loading_LANGUAGE.'</div><div id="status_bar"~~></~~div><p id="pause_button" style="display: none; position: absolute; left: 0; text-align: center; margin-left: -30px; padding-left: 50%;"><input type="button" value="Pause" class="button-primary" onclick="pauseresume(this);" id="resume_button" ~~/></~~p><div id="status_counts"~~></~~div><p id="fix_button" style="display: none; text-align: center;"><input id="repair_button" type="submit" value="'.GOTMLS_Automatically_Fix_LANGUAGE.'" class="button-primary" onclick="loadIframe(\'Examine Results\');" ~~/></~~p>');
920	$scan_groups_UL = "";
921	foreach ($scan_groups as $scan_name => $scan_group)
922	- $scan_groups_UL .= "\n<ul name=\"found_$scan_group\" id=\"found_$scan_group\" class=\"GOTMLS_plugin $scan_group\" style=\"background-color: #ccc; display: none; padding: 0;\"><a class=\"rounded-corners\" name=\"link_$scan_group\" style=\"float: right; padding: 0 4px; margin: 5px 5px 0 30px; line-height: 16px; text-decoration: none; color: #C00; background-color: #FCC; border: solid #F00 1px;\" href=\"#found_top\" onclick=\"showhide('found_$scan_group');\">X</a><h3>$scan_name</h3>\n".($scan_group=='potential'?'<p>   * '.__("NOTE: These are probably not malicious scripts (but it's a good place to start looking <u>IF</u> your site is infected and no Known Threats were found).",'gotmls').'</p>':($scan_group=='wp_core'?'<p>   * '.sprintf(__("NOTE: We have detected changes to the WordPress Core files on your site. This could be an intentional modification or the malicious work of a hacker. We can restore these files to their original state to preserve the integrity of your original WordPress %s installation.",'gotmls'), $wp_version).' (for more info <a target="_blank" href="http://gotmls.net/tag/wp-core-files/">'.__("read my blog",'gotmls').'</a>)~~.</~~p>':'<br />')).'</ul>';
923	if (!($dir = implode(GOTMLS_slash(), array_slice($dirs, 0, -1 * (2 + $_REQUEST["scan_what"]))))) $dir = "/";
924	GOTMLS_update_scan_log(array("scan" => array("dir" => $dir, "start" => time(), "type" => htmlentities($_REQUEST["scan_type"]))));
925	- echo GOTMLS_box('<div style="float: right;"> ('.$GLOBALS["GOTMLS"]["log"]["scan"]["dir"].')&nbsp~~;</~~div>'.__("Scan Details:",'gotmls'), $scan_groups_UL);
926	$no_flush_LANGUAGE = __("Not flushing OB Handlers: %s",'gotmls');
927	if (isset($_REQUEST["no_ob_end_flush"]))
928	- echo '<div class="error">'.sprintf($no_flush_LANGUAGE, print_r(ob_list_handlers(), 1))."</div>\n";
929	elseif (is_array($OB_handlers) && count($OB_handlers)) {
930	// $GOTMLS_OB_handlers = get_option("GOTMLS_OB_handlers", array());
931	foreach (array_reverse($OB_handlers) as $OB_handler) {
932	if (isset($GOTMLS_OB_handlers[$OB_handler]) && $GOTMLS_OB_handlers[$OB_handler] == "no_end_flush")
933	- echo '<div class="error">'.sprintf($no_flush_LANGUAGE, $OB_handler)."</div>\n";
934	elseif (in_array($OB_handler, $OB_default_handlers)) {
935	// $GOTMLS_OB_handlers[$OB_handler] = "no_end_flush";
936	// update_option("GOTMLS_OB_handlers", $GOTMLS_OB_handlers);
	@@ -942,8 +931,8 @@ var startTime = 0;
942	}
943	@ob_start();
944	if ($_REQUEST["scan_type"] == "Quick Scan")
945	- $li_js = "\nfunction testComplete() {\n\tif (percent != 100)\n\t\talert('".__("The Quick Scan was unable to finish because of a shortage of memory or a problem accessing a file. Please try using the Complete Scan, it is slower but it will handle these errors better and continue scanning the rest of the files.",'gotmls')."');\n}\nwindow.onload=testComplete;\n</script>\n<script type=\"text/javascript\">";
946	- echo "\n<script type=\"text/javascript\">$li_js\n/<!--"."/";
947	if (is_dir($dir)) {
948	$GOTMLS_dirs_at_depth[0] = 1;
949	$GOTMLS_dir_at_depth[0] = 0;
	@@ -963,7 +952,7 @@ var startTime = 0;
963	if ($_REQUEST["scan_type"] == "Quick Scan")
964	echo GOTMLS_update_status(__("Completed!",'gotmls'), 100);
965	else {
966	- echo GOTMLS_update_status(__("Starting Scan ...",'gotmls'))."/-->"."/";
967	echo "\nvar scriptSRC = '".GOTMLS_script_URI."&no_error_reporting&GOTMLS_scan=';\nvar scanfilesArKeys = new Array('".implode("','", array_keys($GOTMLS_scanfiles))."');\nvar scanfilesArNames = new Array('Scanning ".implode("','Scanning ", $GOTMLS_scanfiles)."');".'
968	var scanfilesI = 0;
969	var stopScanning;
	@@ -1006,13 +995,13 @@ if (butt.value == "Resume")
1006	else
1007	butt.value = "Resume";
1008	}
1009	- showhide("pause_button", true);'."\n/<!--"."/";
1010	}
1011	if (@ob_get_level()) {
1012	GOTMLS_flush('script');
1013	@ob_end_flush();
1014	}
1015	- echo "/-->"."/\n</script>";
1016	} else {
1017	$patch_attr = array(
1018	array(
	@@ -1043,47 +1032,47 @@ showhide("pause_button", true);'."\n/<!--"."/";
1043	if (($config = @file_get_contents(ABSPATH.'wp-config.php')) && strlen($config)) {
1044	if ($patch_found = preg_match($find, $config)) {
1045	if (strpos($config, substr($head, strpos($head, "file_exists")))) {
1046	- if (isset($_POST["GOTMLS_patching"]) && GOTMLS_file_put_contents(ABSPATH.'wp-config.php', preg_replace('~~#<\?~~[ph\s]+(//.\s)*\?>#i', "", preg_replace($find, "", $config))))
1047	- $patch_action .= '<div class="error">'.__("Removed Brute-Force Protection",'gotmls').'</div>';
1048	else
1049	$patch_status = 1;
1050	} else {
1051	if (isset($_POST["GOTMLS_patching"]) && GOTMLS_file_put_contents(ABSPATH.'wp-config.php', preg_replace($find, "$head", $config))) {
1052	- $patch_action .= '<div class="updated">'.__("Upgraded Brute-Force Protection",'gotmls').'</div>';
1053	$patch_status = 1;
1054	} else
1055	$patch_status = 2;
1056	}
1057	- } elseif (isset($_POST["GOTMLS_patching"]) && strlen($config) && ($patch_found == 0) && GOTMLS_file_put_contents(ABSPATH.'wp-config.php', "<?php$head// Load Brute-Force Protection by GOTMLS.NET before the WordPress bootstrap. ~~?>$~~config")) {
1058	- $patch_action .= '<div class="updated">'.__("Installed Brute-Force Protection",'gotmls').'</div>';
1059	$patch_status = 1;
1060	} elseif (isset($_POST["GOTMLS_patching"]))
1061	- $patch_action .= '<div class="updated">'.sprintf(__("Failed to install Brute-Force Protection (wp-config.php %s)",'gotmls'),(is_readable(ABSPATH.'wp-config.php')?'read-'.(is_writable(ABSPATH.'wp-config.php')?'write':'only'):"unreadable").": ".strlen($config).GOTMLS_fileperms(ABSPATH.'wp-config.php')).'</div>';
1062	} else
1063	- $patch_action .= '<div class="error">'.__("wp-config.php Not Readable!",'gotmls').'</div>';
1064	} else
1065	- $patch_action .= '<div class="error">'.__("wp-config.php Not Found!",'gotmls').'</div>';
1066	if (file_exists(ABSPATH.'wp-login.php') && ($login = @file_get_contents(ABSPATH.'wp-login.php')) && strlen($login) && (preg_match($find, $login))) {
1067	if (isset($_POST["GOTMLS_patching"]) && ($source = GOTMLS_get_URL("http://core.svn.wordpress.org/tags/".$wp_version.'/wp-login.php')) && (strlen($source) > 500) && GOTMLS_file_put_contents(ABSPATH.'wp-login.php', $source))
1068	- $patch_action .= '<div class="updated">'.__("Removed Old Brute-Force Login Patch",'gotmls').'</div>';
1069	else
1070	$patch_status = 2;
1071	}
1072	$sec_opts = '
1073	- <p><img src="'.GOTMLS_images_path.'checked.gif"><b>Revolution Slider Exploit Protection (Automatically Enabled)</b~~></~~p><div style="padding: 0 30px;">'.__("This protection is automatically activated with this plugin because of the widespread attack on WordPress that are affecting so many site right now. It is still recommended that you make sure to upgrade and older versions of the Revolution Slider plugin, especially those included in some themes that will not update automatically. Even if you do not have Revolution Slider on your site it still can't hurt to have this protection installed.",'gotmls').'</div><hr />
1074	'.$patch_action.'
1075	- <form method="POST" name="GOTMLS_Form_patch"><p style="float: right;"><input type="submit" value="'.$patch_attr[$patch_status]["action"].'" style="'.($patch_status?'">':' display: none;" id="GOTMLS_patch_button"><div id="GOTMLS_patch_searching" style="float: right;">'.__("Checking for session compatibility ...",'gotmls').' <img src="'.GOTMLS_images_path.'wait.gif" height=16 width=16 alt="Wait..." ~~/></~~div>').'<input type="hidden" name="GOTMLS_patching" value="1"~~></~~p><p><img src="'.GOTMLS_images_path.$patch_attr[$patch_status]["icon"].'.gif"><b>Brute-force Protection '.$patch_attr[$patch_status]["status"].'</b~~></~~p><div style="padding: 0 30px;">   * '.$patch_attr[$patch_status]["language"].__(" For more information on Brute-Force attack prevention and the WordPress wp-login-php file ",'gotmls').' <a target="_blank" href="http://gotmls.net/tag/wp-login-php/">'.__("read my blog",'gotmls').'</a~~>.</~~div~~></~~form>
1076	- <script type="text/javascript">
1077	stopCheckingSession = checkupdateserver("'.GOTMLS_images_path.'gotmls.js?SESSION=0", "GOTMLS_patch_searching");
1078	- </script>';
1079	$admin_notice = "";
1080	if ($current_user->user_login == "admin") {
1081	- $admin_notice .= '<hr />
1082	- <form method="POST" name="GOTMLS_Form_admin"><p><img src="'.GOTMLS_images_path.'threat.gif"><b>Admin Notice</b~~></~~p><div style="padding: 0 30px;">Your username is "admin", this is the most commonly guessed username by hackers and brute-force scripts. It is highly recommended that you change your username immediately~~.</~~div~~></~~form>';
1083	}
1084	echo GOTMLS_box("Firewall Options", $sec_opts.$admin_notice);
1085	}
1086	- echo "\n</div~~></~~div~~></~~div>";
1087	}
1088
1089	function GOTMLS_set_plugin_action_links($links_array, $plugin_file) {
	@@ -1118,10 +1107,10 @@ function GOTMLS_init() {
1118	$scan_level = intval($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"]);
1119	else
1120	$scan_level = count(explode('/', trailingslashit(get_option("siteurl")))) - 1;
1121	- if (!(isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"])))
1122	- $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"] = array();
1123	if (isset($_REQUEST["dont_check"]) && is_array($_REQUEST["dont_check"]) && count($_REQUEST["dont_check"]))
1124	$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"] = $_REQUEST["dont_check"];


1125	if ($array = get_option('GOTMLS_definitions_array')) {
1126	if (is_array($array))
1127	$GLOBALS["GOTMLS"]["tmp"]["definitions_array"] = $array;


8	Contributors: scheeeli, gotmls
9	Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
10	Description: This Anti-Virus/Anti-Malware plugin searches for Malware and other Virus like threats and vulnerabilities on your server and helps you remove them. It's always growing and changing to adapt to new threats so let me know if it's not working for you.
11	+ Version: 4.15.24
12	*/
13	if (isset($_SERVER["DOCUMENT_ROOT"]) && ($SCRIPT_FILE = str_replace($_SERVER["DOCUMENT_ROOT"], "", isset($_SERVER["SCRIPT_FILENAME"])?$_SERVER["SCRIPT_FILENAME"]:isset($_SERVER["SCRIPT_NAME"])?$_SERVER["SCRIPT_NAME"]:"")) && strlen($SCRIPT_FILE) > strlen("/".basename(__FILE__)) && substr(__FILE__, -1 * strlen($SCRIPT_FILE)) == substr($SCRIPT_FILE, -1 * strlen(__FILE__)))
14	include(dirname(__FILE__)."/safe-load/index.php");

676	function GOTMLS_settings() {
677	global $current_user, $wp_version, $GOTMLS_scanfiles, $GOTMLS_skip_dirs, $GOTMLS_dirs_at_depth, $GOTMLS_dir_at_depth;
678	$GOTMLS_scan_groups = array();
679	+ $gt = ">";
680	+ $lt = "<";
681	$dirs = GOTMLS_explode_dir(__file__);
682	for ($SL=0;$SL<intval($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"]);$SL++)
683	+ $GOTMLS_scan_groups[] = $lt.'b'.$gt.implode(GOTMLS_slash(), array_slice($dirs, -1 * (3 + $SL), 1)).$lt.'/b'.$gt;
684	if (isset($_POST["check"]))
685	$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"] = $_POST["check"];
686	if (isset($_POST["exclude_ext"])) {

729	$GLOBALS["GOTMLS"]["tmp"]["settings_array"]['skip_quarantine'] = 0;
730	GOTMLS_update_scan_log(array("settings" => $GLOBALS["GOTMLS"]["tmp"]["settings_array"]));
731	$scan_whatopts = '';
732	+ $scan_optjs = "\n{$lt}script type=\"text/javascript\"$gt\nfunction showOnly(what) {\n";
733	foreach ($GOTMLS_scan_groups as $mg => $GOTMLS_scan_group) {
734	$scan_optjs .= "document.getElementById('only$mg').style.display = 'none';\n";
735	+ $scan_whatopts = "\n$lt/div$gt\n$lt/div$gt\n$scan_whatopts";


736	$dir = implode(GOTMLS_slash(), array_slice($dirs, 0, -1 * (2 + $mg)));
737	$files = GOTMLS_getfiles($dir);
738	if (is_array($files))
739	foreach ($files as $file)
740	if (is_dir(GOTMLS_trailingslashit($dir).$file))
741	+ $scan_whatopts = $lt.'input type="checkbox" name="scan_only[]" value="'.$file.'" /'.$gt.$file.$lt.'br /'.$gt.$scan_whatopts;
742	+ $scan_whatopts = "\n$lt".'div style="padding: 4px 30px;" id="scan_group_div_'.$mg.'"'.$gt.$lt.'input type="radio" name="scan_what" id="not-only'.$mg.'" value="'.$mg.'"'.($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_what"]==$mg?' checked':'').' /'.$gt.$lt.'a style="text-decoration: none;" href="#scan_what" onclick="showOnly(\''.$mg.'\');document.getElementById(\'not-only'.$mg.'\').checked=true;"'."$gt$GOTMLS_scan_group$lt/a$gt{$lt}br /$gt\n$lt".'div class="rounded-corners" style="position: absolute; display: none; background-color: #CCF; margin: 0; padding: 10px; z-index: 10;" id="only'.$mg.'"'.$gt.$lt.'div style="padding-bottom: 6px;"'.$gt.GOTMLS_close_button('only'.$mg, 0).$lt.'b'.$gt.str_replace(" ", " ", __("Only Scan These Folders:",'gotmls')).$lt.'/b'.$gt.$lt.'/div'.$gt.$scan_whatopts;


743	}
744	+ $scan_optjs .= "document.getElementById('only'+what).style.display = 'block';\n}".((isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["auto_UPDATE_definitions"]) && $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["auto_UPDATE_definitions"])?"\nfunction auto_UPDATE_check() {\n\tif (auto_UPdef_check = document.getElementById('auto_UPDATE_definitions_check'))\n\t\tauto_UPdef_check.checked = true;\n}\nif (window.addEventListener)\n\twindow.addEventListener('load', auto_UPDATE_check)\nelse\n\tdocument.attachEvent('onload', auto_UPDATE_check);\n":"")."$lt/script$gt";
745	+ $scan_opts = "\n$lt".'form method="POST" name="GOTMLS_Form" action="'.str_replace('&mt=', '&last_mt=', str_replace('&scan_type=', '&last_type=', GOTMLS_script_URI)).'"'.$gt.$lt.'input type="hidden" name="scan_type" id="scan_type" value="Complete Scan" /'.$gt.'
746	+ '.$lt.'div style="float: left;"'.$gt.$lt.'p'.$gt.$lt.'b'.$gt.__("What to look for:",'gotmls').$lt.'/b'.$gt.$lt.'/p'.$gt.'
747	+ '.$lt.'div style="padding: 0 30px;"'.$gt;

748	foreach ($GLOBALS["GOTMLS"]["tmp"]["threat_levels"] as $threat_level_name=>$threat_level) {
749	+ $scan_opts .= $lt.'div style="padding: 0; position: relative;" id="check_'.$threat_level.'_div"'.$gt;
750	if (($threat_level != "wp_core" && isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"][$threat_level])) \|\| isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"][$threat_level]["$wp_version"])) {
751	+ $scan_opts .= $lt.'input type="checkbox" name="check[]" id="check_'.$threat_level.'_Yes" value="'.$threat_level.'"'.(in_array($threat_level,$GLOBALS["GOTMLS"]["log"]["settings"]["check"])?' checked':'').' /'.$gt.' '.$lt.'a style="text-decoration: none;" href="#check_'.$threat_level.'_div_0" onclick="document.getElementById(\'check_'.$threat_level.'_Yes\').checked=true;showhide(\'dont_check_'.$threat_level.'\');"'."$gt{$lt}b$gt$threat_level_name$lt/b$gt$lt/a$gt\n";
752	if (isset($_GET["SESSION"])) {
753	if (isset($_SESSION["GOTMLS_debug"][$threat_level]))
754	print_r($_SESSION["GOTMLS_debug"][$threat_level],1);
755	+ $scan_opts .= "\n$lt".'div style="padding: 0 20px; position: relative; top: -18px; display: none;" id="dont_check_'.$threat_level.'"'.$gt.$lt.'a class="rounded-corners" style="position: absolute; left: 0; margin: 0; padding: 0 4px; text-decoration: none; color: #C00; background-color: #FCC; border: solid #F00 1px;" href="#check_'.$threat_level.'_div_0" onclick="showhide(\'dont_check_'.$threat_level.'\');"'.$gt.'X'.$lt.'/a'.$gt;

756	foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"][$threat_level] as $threat_name => $threat_regex)
757	+ $scan_opts .= $lt."br /$gt\n$lt".'input type="checkbox" name="dont_check[]" value="'.htmlspecialchars($threat_name).'"'.(in_array($threat_name, $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"])?' checked /'.$gt.$lt.'script'.$gt.'showhide("dont_check_'.$threat_level.'", true);'.$lt.'/script'.$gt:' /'.$gt).(isset($_SESSION["GOTMLS_debug"][$threat_name])?print_r($_SESSION["GOTMLS_debug"][$threat_name],1):"").$threat_name;
758	+ $scan_opts .= "\n$lt/div$gt";


759	}
760	} else
761	+ $scan_opts .= $lt.'a title="'.__("Download Definition Updates to Use this feature",'gotmls').'"'.$gt.$lt.'img src="'.GOTMLS_images_path.'blocked.gif" height=16 width=16 alt="X"'.$gt.$lt.'b'.$gt.'  '.$threat_level_name.$lt.'/b'.$gt.$lt.'br /'.$gt.$lt.'div style="padding: 14px;" id="check_'.$threat_level.'_div_NA"'.$gt.$lt.'span style="color: #F00"'.$gt.__("Download the new definitions (Right sidebar) to activate this feature.",'gotmls')."$lt/span$gt$lt/div$gt";
762	+ $scan_opts .= "\n$lt/div$gt";

763	}
764	+ $scan_opts .= $lt.'/div'.$gt.$lt.'/div'.$gt.'
765	+ '.$lt.'div style="float: left;"'.$gt.$lt.'p'.$gt.$lt.'b'.$gt.__("What to scan:",'gotmls').$lt.'/b'.$gt.$lt.'/p'.$gt.$scan_whatopts.$scan_optjs.$lt.'/div'.$gt.'
766	+ '.$lt.'div style="float: left;" id="scanwhatfolder"'.$gt.$lt.'/div'.$gt.'
767	+ '.$lt.'div style="float: left;"'.$gt.$lt.'p'.$gt.$lt.'b'.$gt.__("Scan Depth:",'gotmls').$lt.'/b'.$gt.$lt.'/p'.$gt.'
768	+ '.$lt.'div style="padding: 0 30px;"'.$gt.$lt.'input type="text" value="'.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_depth"].'" name="scan_depth" size="5"'.$gt.$lt.'br /'.$gt.__("how far to drill down",'gotmls').$lt.'br /'.$gt.'('.__("-1 is infinite depth",'gotmls').')'.$lt.'/div'.$gt.$lt.'/div'.$gt.$lt.'br style="clear: left;"'.$gt;

769	if (isset($_GET["SESSION"]) && isset($_SESSION["GOTMLS_debug"]['total'])) {$scan_opts .= print_r($_SESSION["GOTMLS_debug"]['total'],1); unset($_SESSION["GOTMLS_debug"]);}
770	if (isset($_GET["eli"])) {//still testing this option
771	+ $scan_opts .= "\n$lt".'div style="padding: 10px;"'.$gt.$lt.'p'.$gt.$lt.'b'.$gt.__("Custom RegExp:",'gotmls').$lt.'/b'.$gt.' ('.__("For very advanced users only. Do not use this without talking to Eli first. If used incorrectly you could easily break your site.",'gotmls').')'.$lt.'/p'.$gt.$lt.'input type="text" name="check_custom" style="width: 100%;" value="'.htmlspecialchars($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check_custom"]).'" /'.$gt.$lt.'/div'.$gt;

772	}
773	+ $scan_opts .= "\n$lt".'p'.$gt.$lt.'b'.$gt.__("Skip files with the following extentions:",'gotmls')."$lt/b$gt".(($default_exclude_ext!=implode(",", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"]))?" {$lt}a href=\"javascript:void(0);\" onclick=\"document.getElementById('exclude_ext').value = '$default_exclude_ext';\"{$gt}[Restore Defaults]$gt/a$gt":"").$lt.'/p'.$gt.'
774	+ '.$lt.'div style="padding: 0 30px;"'.$gt.$lt.'input type="text" placeholder="'.__("a comma separated list of file extentions to skip",'gotmls').'" name="exclude_ext" id="exclude_ext" value="'.implode(",", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"]).'" style="width: 100%;" /'.$gt.$lt.'/div'.$gt.'
775	+ '.$lt.'p'.$gt.$lt.'b'.$gt.__("Skip directories with the following names:",'gotmls').$lt.'/b'.$gt.$lt.'/p'.$gt.'
776	+ '.$lt.'div style="padding: 0 30px;"'.$gt.$lt.'input type="text" placeholder="'.__("a folder name or comma separated list of folder names to skip",'gotmls').'" name="exclude_dir" value="'.implode(",", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_dir"]).'" style="width: 100%;" /'.$gt.$lt.'/div'.$gt.'
777	+ '.$lt.'table style="width: 100%" cellspacing="10"'.$gt.$lt.'tr'.$gt.$lt.'td nowrap valign="top" style="white-space: nowrap; width: 1px; border-bottom: #F00 solid 2px;"'.$gt.$lt.'b'.$gt.__("Automatically Update Definitions:",'gotmls').$lt.'/b'.$gt.$lt.'/td'.$gt.$lt.'td colspan=2 style="border-bottom: #F00 solid 2px;"'.$gt.$lt.'div id="UPDATE_definitions_div"'.$gt.$lt.'span style="color: #C00;"'.$gt.__("This new BETA feature is only available to registered users who have donated at a certain level.",'gotmls')."$lt/span$gt$lt/div$gt$lt/td$gt$lt/tr$gt{$lt}tr$gt{$lt}td nowrap$gt\n{$lt}b$gt".GOTMLS_Skip_Quarantine_LANGUAGE.$lt.'/b'.$gt.$lt.'/td'.$gt.$lt.'td'.$gt.$lt.'input type="checkbox" name="skip_quarantine" value="1"'.((isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["skip_quarantine"]) && $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["skip_quarantine"])?" checked":"").''.$gt.$lt.'/td'.$gt.$lt.'td align="right" valign="bottom"'.$gt.$lt.'input type="submit" id="complete_scan" value="'.__("Run Complete Scan",'gotmls').'" class="button-primary" /'."$gt$lt/td$gt$lt/tr$gt$lt/table$gt$lt/form$gt";


778	@ob_start();
779	$OB_default_handlers = array("default output handler", "zlib output compression");
780	$OB_handlers = @ob_list_handlers();
781	if (is_array($OB_handlers) && count($OB_handlers))
782	foreach ($OB_handlers as $OB_last_handler)
783	if (!in_array($OB_last_handler, $OB_default_handlers))
784	+ echo $lt.'div class="error"'.$gt.sprintf(__("Another Plugin or Theme is using '%s' to handle output buffers. <br />This prevents actively outputing the buffer on-the-fly and will severely degrade the performance of this (and many other) Plugins. <br />Consider disabling caching and compression plugins (at least during the scanning process).",'gotmls'), $OB_last_handler)."$lt/div$gt";
785	GOTMLS_display_header();
786	$scan_groups = array_merge(array(__("Scanned Files",'gotmls')=>"scanned",__("Selected Folders",'gotmls')=>"dirs",__("Scanned Folders",'gotmls')=>"dir",__("Skipped Folders",'gotmls')=>"skipdirs",__("Skipped Files",'gotmls')=>"skipped",__("Read/Write Errors",'gotmls')=>"errors",__("Quarantined Files",'gotmls')=>"bad"), $GLOBALS["GOTMLS"]["tmp"]["threat_levels"]);
787	+ echo $lt.'script type="text/javascript">
788	var percent = 0;
789	function changeFavicon(percent) {
790	var oldLink = document.getElementById("wait_gif");

827	if (percent == 100) {
828	showhide("pause_button", true);
829	showhide("pause_button");
830	+ title = "'.$lt.'b'.$gt.__("Scan Complete!",'gotmls').$lt.'/b'.$gt.'";
831	} else
832	scan_state = "99F";
833	changeFavicon(percent);

851	timeElapsed += " Second";
852	if (timeElapsed.substr(0, 2) != "1 ")
853	timeElapsed += "s";
854	+ divHTML = \''.$lt.'div align="center" style="vertical-align: middle; background-color: #ccc; z-index: 3; height: 18px; width: 100%; border: solid #000 1px; position: relative; padding: 10px 0;"'.$gt.$lt.'div style="height: 18px; padding: 10px 0; position: absolute; top: 0px; left: 0px; background-color: #\'+scan_state+\'; width: \'+percent+\'%"'.$gt.$lt.'/div'.$gt.$lt.'div style="height: 32px; position: absolute; top: 3px; left: 10px; z-index: 5; line-height: 16px;" align="left"'.$gt.'\'+sdir+" Folder"+(sdir==1?"":"s")+" Checked'.$lt.'br /'.$gt.'"+timeElapsed+\' Elapsed'.$lt.'/div'.$gt.$lt.'div style="height: 38px; position: absolute; top: 0px; left: 0px; width: 100%; z-index: 5; line-height: 38px; font-size: 30px; text-align: center;"'.$gt.'\'+percent+\'%'.$lt.'/div'.$gt.$lt.'div style="height: 32px; position: absolute; top: 3px; right: 10px; z-index: 5; line-height: 16px;" align="right"'.$gt.'\'+(dirs-sdir)+" Folder"+((dirs-sdir)==1?"":"s")+" Remaining'.$lt.'br /'.$gt.'"+timeRemaining+" Remaining'.$lt.'/div'.$gt.$lt.'/div'.$gt.'";
855	document.getElementById("status_bar").innerHTML = divHTML;
856	document.getElementById("status_text").innerHTML = title;
857	dis="none";
858	+ divHTML = \''.$lt.'ul style="float: right; margin: 0 20px; text-align: right;"'.$gt.'\';
859	+ /'.$lt.'!--'.'/';
860	$MAX = 0;
861	$vars = "var i, intrvl, direrrors=0";
862	$fix_button_js = "";

865	foreach ($scan_groups as $scan_name => $scan_group) {
866	$vars .= ", $scan_group=0";
867	if ($MAX++ == 6) {
868	+ echo "/--{$gt}"."/\n\tif ($scan_group > 0)\n\t\tscan_state = ' potential'; \n\telse\n\t\tscan_state = '';\n\tdivHTML += '</ul><ul style=\"text-align: left;\"><li class=\"GOTMLS_li\"><a href=\"admin.php?page=GOTMLS-View-Quarantine\" class=\"GOTMLS_plugin".((isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["skip_quarantine"]) && $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["skip_quarantine"])?" potential\" title=\"".GOTMLS_Skip_Quarantine_LANGUAGE:"'+scan_state+'\" title=\"".GOTMLS_View_Quarantine_LANGUAGE)."\">'+$scan_group+' '+($scan_group==1?('$scan_name').slice(0,-1):'$scan_name')+'</a></li>';\n/{$lt}!--"."/";
869	$found = "Found ";
870	$fix_button_js = "\n\t\tdis='block';";
871	} else {

873	$potential_threat = ' potential" title="'.__("You are not currently scanning for this type of threat!",'gotmls');
874	else
875	$potential_threat = "";
876	+ echo "/--{$gt}"."/\n\tif ($scan_group > 0) {\n\t\tscan_state = ' href=\"#found_$scan_group\" onclick=\"$li_js showhide(\\'found_$scan_group\\', true);\" class=\"GOTMLS_plugin $scan_group\"';$fix_button_js".($MAX>6?"\n\tshowhide('found_$scan_group', true);":"")."\n\t} else\n\t\tscan_state = ' class=\"GOTMLS_plugin$potential_threat\"';\n\tdivHTML += '<li class=\"GOTMLS_li\"><a'+scan_state+'>$found'+$scan_group+' '+($scan_group==1?('$scan_name').slice(0,-1):'$scan_name')+'</a></li>';\n/{$lt}!--"."/";
877	}
878	$li_js = "";
879	if ($MAX > 11)
880	$fix_button_js = "";
881	}
882	+ echo "/--{$gt}".'/
883	+ document.getElementById("status_counts").innerHTML = divHTML+"'.$lt.'/ul'.$gt.'";
884	document.getElementById("fix_button").style.display = dis;
885	}
886	'.$vars.';

888	document.getElementById("only_what").innerHTML = document.getElementById("only"+what).innerHTML;
889	}
890	var startTime = 0;
891	+ '.$lt.'/script'.$gt.GOTMLS_box(GOTMLS_Scan_Settings_LANGUAGE, $scan_opts);
892	if (isset($_REQUEST["scan_what"]) && is_numeric($_REQUEST["scan_what"]) && ($_REQUEST["scan_what"] > -1)) {
893	if (!isset($_REQUEST["scan_type"]))
894	$_REQUEST["scan_type"] = "Complete Scan";

897	if (substr($name, 0, 10) != 'GOTMLS_fix') {
898	if (is_array($value)) {
899	foreach ($value as $val)
900	+ echo $lt.'input type="hidden" name="'.$name.'[]" value="'.htmlspecialchars($val).'"'.$gt;
901	} else
902	+ echo $lt.'input type="hidden" name="'.$name.'" value="'.htmlspecialchars($value).'"'.$gt;
903	}
904	}
905	+ echo "\n$lt".'form method="POST" target="GOTMLS_iFrame" name="GOTMLS_Form_clean"'.$gt.$lt.'input type="hidden" id="GOTMLS_fixing" name="GOTMLS_fixing" value="1"'.$gt.'
906	+ '.$lt.'script type="text/javascript"'.$gt.'

907	showhide("inside_'.md5(GOTMLS_Scan_Settings_LANGUAGE).'");
908	+ '.$lt.'/script'.$gt.GOTMLS_box(htmlentities($_REQUEST["scan_type"]).' Status', $lt.'div id="status_text"'.$gt.$lt.'img src="'.GOTMLS_images_path.'wait.gif" height=16 width=16 alt="..."'.$gt.' '.GOTMLS_Loading_LANGUAGE.$lt.'/div'.$gt.$lt.'div id="status_bar"'.$gt.$lt.'/div'.$gt.$lt.'p id="pause_button" style="display: none; position: absolute; left: 0; text-align: center; margin-left: -30px; padding-left: 50%;"'.$gt.$lt.'input type="button" value="Pause" class="button-primary" onclick="pauseresume(this);" id="resume_button" /'.$gt.$lt.'/p'.$gt.$lt.'div id="status_counts"'.$gt.$lt.'/div'.$gt.$lt.'p id="fix_button" style="display: none; text-align: center;"'.$gt.$lt.'input id="repair_button" type="submit" value="'.GOTMLS_Automatically_Fix_LANGUAGE.'" class="button-primary" onclick="loadIframe(\'Examine Results\');" /'.$gt.$lt.'/p'.$gt);
909	$scan_groups_UL = "";
910	foreach ($scan_groups as $scan_name => $scan_group)
911	+ $scan_groups_UL .= "\n{$lt}ul name=\"found_$scan_group\" id=\"found_$scan_group\" class=\"GOTMLS_plugin $scan_group\" style=\"background-color: #ccc; display: none; padding: 0;\"$gt{$lt}a class=\"rounded-corners\" name=\"link_$scan_group\" style=\"float: right; padding: 0 4px; margin: 5px 5px 0 30px; line-height: 16px; text-decoration: none; color: #C00; background-color: #FCC; border: solid #F00 1px;\" href=\"#found_top\" onclick=\"showhide('found_$scan_group');\"{$gt}X$lt/a$gt{$lt}h3$gt$scan_name$lt/h3$gt\n".($scan_group=='potential'?$lt.'p'.$gt.'   * '.__("NOTE: These are probably not malicious scripts (but it's a good place to start looking <u>IF</u> your site is infected and no Known Threats were found).",'gotmls').$lt.'/p'.$gt:($scan_group=='wp_core'?$lt.'p'.$gt.'   * '.sprintf(__("NOTE: We have detected changes to the WordPress Core files on your site. This could be an intentional modification or the malicious work of a hacker. We can restore these files to their original state to preserve the integrity of your original WordPress %s installation.",'gotmls'), $wp_version).' (for more info '.$lt.'a target="_blank" href="http://gotmls.net/tag/wp-core-files/"'.$gt.__("read my blog",'gotmls').$lt.'/a'.$gt.').'.$lt.'/p'.$gt:$lt.'br /'.$gt)).$lt.'/ul'.$gt;
912	if (!($dir = implode(GOTMLS_slash(), array_slice($dirs, 0, -1 * (2 + $_REQUEST["scan_what"]))))) $dir = "/";
913	GOTMLS_update_scan_log(array("scan" => array("dir" => $dir, "start" => time(), "type" => htmlentities($_REQUEST["scan_type"]))));
914	+ echo GOTMLS_box($lt.'div style="float: right;"'.$gt.' ('.$GLOBALS["GOTMLS"]["log"]["scan"]["dir"].") $lt/div$gt".__("Scan Details:",'gotmls'), $scan_groups_UL);
915	$no_flush_LANGUAGE = __("Not flushing OB Handlers: %s",'gotmls');
916	if (isset($_REQUEST["no_ob_end_flush"]))
917	+ echo $lt.'div class="error"'.$gt.sprintf($no_flush_LANGUAGE, print_r(ob_list_handlers(), 1))."$lt/div$gt\n";
918	elseif (is_array($OB_handlers) && count($OB_handlers)) {
919	// $GOTMLS_OB_handlers = get_option("GOTMLS_OB_handlers", array());
920	foreach (array_reverse($OB_handlers) as $OB_handler) {
921	if (isset($GOTMLS_OB_handlers[$OB_handler]) && $GOTMLS_OB_handlers[$OB_handler] == "no_end_flush")
922	+ echo $lt.'div class="error"'.$gt.sprintf($no_flush_LANGUAGE, $OB_handler)."$lt/div$gt\n";
923	elseif (in_array($OB_handler, $OB_default_handlers)) {
924	// $GOTMLS_OB_handlers[$OB_handler] = "no_end_flush";
925	// update_option("GOTMLS_OB_handlers", $GOTMLS_OB_handlers);

931	}
932	@ob_start();
933	if ($_REQUEST["scan_type"] == "Quick Scan")
934	+ $li_js = "\nfunction testComplete() {\n\tif (percent != 100)\n\t\talert('".__("The Quick Scan was unable to finish because of a shortage of memory or a problem accessing a file. Please try using the Complete Scan, it is slower but it will handle these errors better and continue scanning the rest of the files.",'gotmls')."');\n}\nwindow.onload=testComplete;\n$lt/script$gt\n$lt".'script type="text/javascript"'.$gt;
935	+ echo "\n{$lt}script type=\"text/javascript\"$gt$li_js\n/{$lt}!--"."/";
936	if (is_dir($dir)) {
937	$GOTMLS_dirs_at_depth[0] = 1;
938	$GOTMLS_dir_at_depth[0] = 0;

952	if ($_REQUEST["scan_type"] == "Quick Scan")
953	echo GOTMLS_update_status(__("Completed!",'gotmls'), 100);
954	else {
955	+ echo GOTMLS_update_status(__("Starting Scan ...",'gotmls'))."/--{$gt}"."/";
956	echo "\nvar scriptSRC = '".GOTMLS_script_URI."&no_error_reporting&GOTMLS_scan=';\nvar scanfilesArKeys = new Array('".implode("','", array_keys($GOTMLS_scanfiles))."');\nvar scanfilesArNames = new Array('Scanning ".implode("','Scanning ", $GOTMLS_scanfiles)."');".'
957	var scanfilesI = 0;
958	var stopScanning;

995	else
996	butt.value = "Resume";
997	}
998	+ showhide("pause_button", true);'."\n/{$lt}!--"."/";
999	}
1000	if (@ob_get_level()) {
1001	GOTMLS_flush('script');
1002	@ob_end_flush();
1003	}
1004	+ echo "/--{$gt}"."/\n$lt/script$gt";
1005	} else {
1006	$patch_attr = array(
1007	array(

1032	if (($config = @file_get_contents(ABSPATH.'wp-config.php')) && strlen($config)) {
1033	if ($patch_found = preg_match($find, $config)) {
1034	if (strpos($config, substr($head, strpos($head, "file_exists")))) {
1035	+ if (isset($_POST["GOTMLS_patching"]) && GOTMLS_file_put_contents(ABSPATH.'wp-config.php', preg_replace('#'.$lt.'\?[ph\s]+(//.\s)*\?'.$gt.'#i', "", preg_replace($find, "", $config))))
1036	+ $patch_action .= $lt.'div class="error"'.$gt.__("Removed Brute-Force Protection",'gotmls').$lt.'/div'.$gt;
1037	else
1038	$patch_status = 1;
1039	} else {
1040	if (isset($_POST["GOTMLS_patching"]) && GOTMLS_file_put_contents(ABSPATH.'wp-config.php', preg_replace($find, "$head", $config))) {
1041	+ $patch_action .= $lt.'div class="updated"'.$gt.__("Upgraded Brute-Force Protection",'gotmls').$lt.'/div'.$gt;
1042	$patch_status = 1;
1043	} else
1044	$patch_status = 2;
1045	}
1046	+ } elseif (isset($_POST["GOTMLS_patching"]) && strlen($config) && ($patch_found == 0) && GOTMLS_file_put_contents(ABSPATH.'wp-config.php', "$lt?php$head// Load Brute-Force Protection by GOTMLS.NET before the WordPress bootstrap. ?$gt$config")) {
1047	+ $patch_action .= $lt.'div class="updated"'.$gt.__("Installed Brute-Force Protection",'gotmls').$lt.'/div'.$gt;
1048	$patch_status = 1;
1049	} elseif (isset($_POST["GOTMLS_patching"]))
1050	+ $patch_action .= $lt.'div class="updated"'.$gt.sprintf(__("Failed to install Brute-Force Protection (wp-config.php %s)",'gotmls'),(is_readable(ABSPATH.'wp-config.php')?'read-'.(is_writable(ABSPATH.'wp-config.php')?'write':'only'):"unreadable").": ".strlen($config).GOTMLS_fileperms(ABSPATH.'wp-config.php')).$lt.'/div'.$gt;
1051	} else
1052	+ $patch_action .= $lt.'div class="error"'.$gt.__("wp-config.php Not Readable!",'gotmls').$lt.'/div'.$gt;
1053	} else
1054	+ $patch_action .= $lt.'div class="error"'.$gt.__("wp-config.php Not Found!",'gotmls').$lt.'/div'.$gt;
1055	if (file_exists(ABSPATH.'wp-login.php') && ($login = @file_get_contents(ABSPATH.'wp-login.php')) && strlen($login) && (preg_match($find, $login))) {
1056	if (isset($_POST["GOTMLS_patching"]) && ($source = GOTMLS_get_URL("http://core.svn.wordpress.org/tags/".$wp_version.'/wp-login.php')) && (strlen($source) > 500) && GOTMLS_file_put_contents(ABSPATH.'wp-login.php', $source))
1057	+ $patch_action .= $lt.'div class="updated"'.$gt.__("Removed Old Brute-Force Login Patch",'gotmls').$lt.'/div'.$gt;
1058	else
1059	$patch_status = 2;
1060	}
1061	$sec_opts = '
1062	+ '.$lt.'p'.$gt.$lt.'img src="'.GOTMLS_images_path.'checked.gif"'.$gt.$lt.'b'.$gt.'Revolution Slider Exploit Protection (Automatically Enabled)'.$lt.'/b'.$gt.$lt.'/p'.$gt.$lt.'div style="padding: 0 30px;"'.$gt.__("This protection is automatically activated with this plugin because of the widespread attack on WordPress that are affecting so many site right now. It is still recommended that you make sure to upgrade and older versions of the Revolution Slider plugin, especially those included in some themes that will not update automatically. Even if you do not have Revolution Slider on your site it still can't hurt to have this protection installed.",'gotmls').$lt.'/div'.$gt.$lt.'hr /'.$gt.'
1063	'.$patch_action.'
1064	+ '.$lt.'form method="POST" name="GOTMLS_Form_patch"'.$gt.$lt.'p style="float: right;"'.$gt.$lt.'input type="submit" value="'.$patch_attr[$patch_status]["action"].'" style="'.($patch_status?'"'.$gt:' display: none;" id="GOTMLS_patch_button"'.$gt.$lt.'div id="GOTMLS_patch_searching" style="float: right;"'.$gt.__("Checking for session compatibility ...",'gotmls').' '.$lt.'img src="'.GOTMLS_images_path.'wait.gif" height=16 width=16 alt="Wait..." /'.$gt.$lt.'/div'.$gt).$lt.'input type="hidden" name="GOTMLS_patching" value="1"'.$gt.$lt.'/p'.$gt.$lt.'p'.$gt.$lt.'img src="'.GOTMLS_images_path.$patch_attr[$patch_status]["icon"].'.gif"'.$gt.$lt.'b'.$gt.'Brute-force Protection '.$patch_attr[$patch_status]["status"].$lt.'/b'.$gt.$lt.'/p'.$gt.$lt.'div style="padding: 0 30px;"'.$gt.'   * '.$patch_attr[$patch_status]["language"].__(" For more information on Brute-Force attack prevention and the WordPress wp-login-php file ",'gotmls').' '.$lt.'a target="_blank" href="http://gotmls.net/tag/wp-login-php/"'.$gt.__("read my blog",'gotmls').$lt.'/a'.$gt.'.'.$lt.'/div'.$gt.$lt.'/form'.$gt.'
1065	+ '.$lt.'script type="text/javascript"'.$gt.'
1066	stopCheckingSession = checkupdateserver("'.GOTMLS_images_path.'gotmls.js?SESSION=0", "GOTMLS_patch_searching");
1067	+ '.$lt.'/script'.$gt;
1068	$admin_notice = "";
1069	if ($current_user->user_login == "admin") {
1070	+ $admin_notice .= $lt.'hr /'.$gt.'
1071	+ '.$lt.'form method="POST" name="GOTMLS_Form_admin"'.$gt.$lt.'p'.$gt.$lt.'img src="'.GOTMLS_images_path.'threat.gif"'.$gt.$lt.'b'.$gt.'Admin Notice'.$lt.'/b'.$gt.$lt.'/p'.$gt.$lt.'div style="padding: 0 30px;"'.$gt.'Your username is "admin", this is the most commonly guessed username by hackers and brute-force scripts. It is highly recommended that you change your username immediately.'.$lt.'/div'.$gt.$lt.'/form'.$gt;
1072	}
1073	echo GOTMLS_box("Firewall Options", $sec_opts.$admin_notice);
1074	}
1075	+ echo "\n$lt/div$gt$lt/div$gt$lt/div$gt";
1076	}
1077
1078	function GOTMLS_set_plugin_action_links($links_array, $plugin_file) {

1107	$scan_level = intval($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"]);
1108	else
1109	$scan_level = count(explode('/', trailingslashit(get_option("siteurl")))) - 1;


1110	if (isset($_REQUEST["dont_check"]) && is_array($_REQUEST["dont_check"]) && count($_REQUEST["dont_check"]))
1111	$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"] = $_REQUEST["dont_check"];
1112	+ elseif (isset($_POST["scan_type"]) \|\| !(isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"])))
1113	+ $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"] = array();
1114	if ($array = get_option('GOTMLS_definitions_array')) {
1115	if (is_array($array))
1116	$GLOBALS["GOTMLS"]["tmp"]["definitions_array"] = $array;

readme.txt CHANGED Viewed

	@@ -5,8 +5,8 @@ Author URI: http://wordpress.ieonly.com/category/my-plugins/anti-malware/
5	Contributors: scheeeli, gotmls
6	Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
7	Tags: anti-malware, security, scanner, automatic, repair, remove, malware, virus, threat, hacked, malicious, infection, timthumb, exploit, block, brute-force, wp-login, patch, antimalware, revslider, Revolution Slider
8	- Version: 4.15.23
9	- Stable tag: 4.15.23
10	Requires at least: 3.3
11	Tested up to: 4.2.2
12
	@@ -24,7 +24,12 @@ This Anti-Malware scanner searches for Malware, Viruses, and other security thre
24	* Run a Complete Scan from the Settings Page.
25	* Download Definition Updates to protect against new threats.
26
27	- ~~Updated~~ ~~May 18th~~





28
29	Register this plugin at [GOTMLS.NET](http://gotmls.net/) and get access to new definitions of "Known Threats" and added features like Automatic Removal, plus patches for specific security vulnerabilities like old versions of timthumb. Updated definition files can be downloaded automatically within the admin once your Key is registered. Otherwise, this plugin just scans for "Potential Threats" and leaves it up to you to identify and remove the malicious ones.
30
	@@ -89,6 +94,10 @@ sucuri.net caches their scan results and will not refresh the scan until you cli
89
90	== Changelog ==
91




92	= 4.15.23 =
93	* Hardened admin_init with current_user_can and realpath on the quarantine file deletion (thanks to J.D. Grimes).
94	* Fixed another XSS vulnerabilities in the admin (thanks to James H.)
	@@ -329,6 +338,9 @@ sucuri.net caches their scan results and will not refresh the scan until you cli
329
330	== Upgrade Notice ==
331



332	= 4.15.23 =
333	Fixed another XSS vulnerabilities in the admin (thanks to James H.), and hardened admin_init with current_user_can and realpath on the quarantine file deletion (thanks to J.D. Grimes).
334


5	Contributors: scheeeli, gotmls
6	Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
7	Tags: anti-malware, security, scanner, automatic, repair, remove, malware, virus, threat, hacked, malicious, infection, timthumb, exploit, block, brute-force, wp-login, patch, antimalware, revslider, Revolution Slider
8	+ Version: 4.15.24
9	+ Stable tag: 4.15.24
10	Requires at least: 3.3
11	Tested up to: 4.2.2
12

24	* Run a Complete Scan from the Settings Page.
25	* Download Definition Updates to protect against new threats.
26
27	+ Premium Features:
28	+
29	+ * Automatically Download Definition Updates When running a Complete Scan.
30	+ * Check the integrity of your WordPress Core files.
31	+
32	+ Updated May 23th
33
34	Register this plugin at [GOTMLS.NET](http://gotmls.net/) and get access to new definitions of "Known Threats" and added features like Automatic Removal, plus patches for specific security vulnerabilities like old versions of timthumb. Updated definition files can be downloaded automatically within the admin once your Key is registered. Otherwise, this plugin just scans for "Potential Threats" and leaves it up to you to identify and remove the malicious ones.
35

94
95	== Changelog ==
96
97	+ = 4.15.24 =
98	+ * Hardened against injected HTML content by encoding the tags with variables.
99	+ * Fixed debug option to exclude individual definitions.
100	+
101	= 4.15.23 =
102	* Hardened admin_init with current_user_can and realpath on the quarantine file deletion (thanks to J.D. Grimes).
103	* Fixed another XSS vulnerabilities in the admin (thanks to James H.)

338
339	== Upgrade Notice ==
340
341	+ = 4.15.24 =
342	+ Hardened against injected HTML content and fixed debug option to exclude individual definitions.
343	+
344	= 4.15.23 =
345	Fixed another XSS vulnerabilities in the admin (thanks to James H.), and hardened admin_init with current_user_can and realpath on the quarantine file deletion (thanks to J.D. Grimes).
346

safe-load/index.php CHANGED Viewed

	@@ -12,5 +12,5 @@ foreach (array("REMOTE_ADDR", "HTTP_HOST", "REQUEST_URI", "HTTP_REFERER", "HTTP_
12	$_SESSION["GOTMLS_detected_attacks"] .= (isset($_SERVER[$var])?"&SERVER_$var=".urlencode($_SERVER[$var]):"");
13	foreach (array("log") as $var)
14	$_SESSION["GOTMLS_detected_attacks"] .= (isset($_POST[$var])?"&POST_$var=".urlencode($_POST[$var]):"");
15	- header("location: http://safe-load.gotmls.net/report.php?ver=4.15.23".$_SESSION["GOTMLS_detected_attacks"]);
16	die();


12	$_SESSION["GOTMLS_detected_attacks"] .= (isset($_SERVER[$var])?"&SERVER_$var=".urlencode($_SERVER[$var]):"");
13	foreach (array("log") as $var)
14	$_SESSION["GOTMLS_detected_attacks"] .= (isset($_POST[$var])?"&POST_$var=".urlencode($_POST[$var]):"");
15	+ header("location: http://safe-load.gotmls.net/report.php?ver=4.15.24".$_SESSION["GOTMLS_detected_attacks"]);
16	die();

Anti-Malware Security and Brute-Force Firewall - Version 4.15.24

Version Description

Release Info

Code changes from version 4.15.23 to 4.15.24