Version Description
- Moved the quarantine files into the database and deleted the old directory in uploads.
- Fixed some minor formatting issues in the HTML output on the settings page.
- Added a warning message if base64_decode has been disabled.
Download this release
Release Info
Developer | scheeeli |
Plugin | Anti-Malware Security and Brute-Force Firewall |
Version | 4.15.25 |
Comparing to | |
See all releases |
Code changes from version 4.15.24 to 4.15.25
- images/index.php +66 -64
- index.php +191 -104
- languages/gotmls.pot +153 -56
- readme.txt +15 -24
- safe-load/index.php +6 -1
images/index.php
CHANGED
@@ -10,7 +10,7 @@ function GOTMLS_define($DEF, $val) {
|
|
10 |
define($DEF, $val);
|
11 |
}}
|
12 |
|
13 |
-
GOTMLS_define("GOTMLS_Version", "4.15.
|
14 |
GOTMLS_define("GOTMLS_require_version", "3.3");
|
15 |
GOTMLS_define("GOTMLS_plugin_dir", "gotmls");
|
16 |
GOTMLS_define("GOTMLS_local_images_path", dirname(__FILE__)."/");
|
@@ -22,7 +22,7 @@ function __($text, $domain) {
|
|
22 |
}}
|
23 |
|
24 |
$GLOBALS["GOTMLS"] = array(
|
25 |
-
"tmp"=>array(
|
26 |
"mt"=>((isset($_GET["mt"])&&is_numeric($_GET["mt"]))?$_GET["mt"]:microtime(true)),
|
27 |
"threat_levels" => array(__("htaccess Threats",'gotmls')=>"htaccess",__("TimThumb Exploits",'gotmls')=>"timthumb",__("Backdoor Scripts",'gotmls')=>"backdoor",__("Known Threats",'gotmls')=>"known",__("Core File Changes",'gotmls')=>"wp_core",__("Potential Threats",'gotmls')=>"potential"),
|
28 |
"default_ext"=>"ieonly.", "skip_ext"=>array("png", "jpg", "jpeg", "gif", "bmp", "tif", "tiff", "psd", "fla", "flv", "mov", "mp3", "exe", "zip", "pdf", "css", "pot", "po", "mo", "so", "doc", "docx", "svg", "ttf"),
|
@@ -80,7 +80,7 @@ if (isset($_GET["SESSION"]) && is_numeric($_GET["SESSION"]) && preg_match('|(.*?
|
|
80 |
} elseif (isset($_GET["no_error_reporting"]))
|
81 |
@error_reporting(0);
|
82 |
|
83 |
-
GOTMLS_define("GOTMLS_Skip_Quarantine_LANGUAGE", __("Skip scanning the Quarantine:",'gotmls'));
|
84 |
GOTMLS_define("GOTMLS_Failed_to_list_LANGUAGE", __("Failed to list files in directory!",'gotmls'));
|
85 |
GOTMLS_define("GOTMLS_Run_Quick_Scan_LANGUAGE", __("Run Quick Scan",'gotmls'));
|
86 |
GOTMLS_define("GOTMLS_View_Quarantine_LANGUAGE", __("View Quarantine",'gotmls'));
|
@@ -154,13 +154,11 @@ if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check_custom"]))
|
|
154 |
if (!(isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]['exclude_dir']) && is_array($GLOBALS["GOTMLS"]["tmp"]["settings_array"]['exclude_dir'])))
|
155 |
$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_dir"] = array();
|
156 |
$GOTMLS_total_percent = 0;
|
157 |
-
$GOTMLS_HeadersError = "";
|
158 |
function GOTMLS_admin_notices() {
|
159 |
-
global $GOTMLS_HeadersError;
|
160 |
if (!is_admin())
|
161 |
return;
|
162 |
-
elseif ($
|
163 |
-
echo $
|
164 |
}
|
165 |
|
166 |
function GOTMLS_array_recurse($array1, $array2) {
|
@@ -196,13 +194,12 @@ function GOTMLS_update_scan_log($scan_log) {
|
|
196 |
}
|
197 |
|
198 |
function GOTMLS_loaded() {
|
199 |
-
global $GOTMLS_HeadersError;
|
200 |
if (headers_sent($filename, $linenum)) {
|
201 |
if (!$filename)
|
202 |
$filename = __("an unknown file",'gotmls');
|
203 |
if (!is_numeric($linenum))
|
204 |
$linenum = __("unknown",'gotmls');
|
205 |
-
$
|
206 |
} elseif (!session_id() && isset($_GET["SESSION"]))
|
207 |
@session_start();
|
208 |
if (session_id() && isset($_GET["SESSION"]) && $_GET["SESSION"] == "GOTMLS_debug" && !isset($_SESSION["GOTMLS_debug"]))
|
@@ -418,14 +415,14 @@ function GOTMLS_scanfile($file) {
|
|
418 |
else
|
419 |
$GOTMLS_file_contents = "";
|
420 |
} else
|
421 |
-
$GOTMLS_new_contents = trim(preg_replace('/'.$lt.'\?(php)?\s*(\?'.$gt.'|$)/
|
422 |
if (strlen($GOTMLS_file_contents) > 0 && (GOTMLS_write_quarantine($file, $className) !== false) && ((strlen($GOTMLS_new_contents)==0 && isset($_GET["eli"]) && @unlink($file)) || (GOTMLS_file_put_contents($file, $GOTMLS_new_contents) !== false))) {
|
423 |
echo __("Success!",'gotmls');
|
424 |
return "/*--{$gt}*"."/\nfixedFile('$clean_file');\n/*{$lt}!--*"."/";
|
425 |
} else {
|
426 |
-
echo __("Failed:",'gotmls').' '.(strlen($GOTMLS_file_contents)?(
|
427 |
if (isset($_GET["eli"]))
|
428 |
-
echo 'uid='.getmyuid().'('.get_current_user().'),gid='.getmygid().(
|
429 |
return "/*--{$gt}*"."/\nfailedFile('$clean_file');\n/*{$lt}!--*"."/";
|
430 |
}
|
431 |
}
|
@@ -438,18 +435,8 @@ function GOTMLS_scanfile($file) {
|
|
438 |
$imageFile = "question";
|
439 |
return GOTMLS_return_threat($className, $imageFile, $file, str_replace("GOTMLS_plugin", "GOTMLS_plugin $className", $threat_link));
|
440 |
} elseif (isset($_POST["GOTMLS_fix"]) && is_array($_POST["GOTMLS_fix"]) && in_array($clean_file, $_POST["GOTMLS_fix"])) {
|
441 |
-
|
442 |
-
|
443 |
-
echo __("Restored!",'gotmls');
|
444 |
-
return "/*--{$gt}*"."/\nfixedFile('$clean_file');\n/*{$lt}!--*"."/";
|
445 |
-
} else {
|
446 |
-
echo __("Restore Failed!",'gotmls');
|
447 |
-
return "";
|
448 |
-
}
|
449 |
-
} else {
|
450 |
-
echo __("Already Fixed!",'gotmls');
|
451 |
-
return "/*--{$gt}*"."/\nfixedFile('$clean_file');\n/*{$lt}!--*"."/";
|
452 |
-
}
|
453 |
} else
|
454 |
return GOTMLS_return_threat($className, ($className=="scanned"?"checked":"blocked").".gif?$className", $file, $threat_link);
|
455 |
}
|
@@ -545,7 +532,7 @@ function GOTMLS_html_tags($tags, $inner = array()) {
|
|
545 |
|
546 |
function GOTMLS_write_quarantine($file, $className) {
|
547 |
global $wpdb, $current_user, $GOTMLS_file_contents, $GOTMLS_new_contents, $GOTMLS_threats_found;
|
548 |
-
$insert = array("post_author"=>GOTMLS_get_current_user_id(), "post_content"=>GOTMLS_encode($GOTMLS_file_contents), "post_mime_type"=>md5($GOTMLS_file_contents), "post_title"=>$file, "ping_status"=>$className, "post_status"=>"
|
549 |
$insert["post_date"] = date("Y-m-d H:i:s");
|
550 |
$insert["post_date_gmt"] = $insert["post_date"];
|
551 |
if (is_file($file)) {
|
@@ -561,7 +548,7 @@ function GOTMLS_write_quarantine($file, $className) {
|
|
561 |
$insert["comment_count"] = strlen($GOTMLS_file_contents);
|
562 |
}
|
563 |
if (isset($GOTMLS_threats_found) && is_array($GOTMLS_threats_found)) {
|
564 |
-
$insert["post_excerpt"] = GOTMLS_encode(@serialize(
|
565 |
$pinged = array();
|
566 |
foreach ($GOTMLS_threats_found as $threat_name) {
|
567 |
if (isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["$className"]["$threat_name"][0]) && isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["$className"]["$threat_name"][1]) && strlen($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["$className"]["$threat_name"][0]) == 5 && strlen($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["$className"]["$threat_name"][1]))
|
@@ -575,8 +562,7 @@ function GOTMLS_write_quarantine($file, $className) {
|
|
575 |
}
|
576 |
$insert["pinged"] = GOTMLS_encode(@serialize($pinged));
|
577 |
}
|
578 |
-
$wpdb->insert($wpdb->posts, $insert);//! comment_status post_password post_name to_ping post_parent guid menu_order";
|
579 |
-
return GOTMLS_file_put_contents(GOTMLS_quarantine($file), $GOTMLS_file_contents);
|
580 |
}
|
581 |
|
582 |
function GOTMLS_get_current_user_id() {
|
@@ -587,30 +573,48 @@ function GOTMLS_get_current_user_id() {
|
|
587 |
return 1;
|
588 |
}
|
589 |
|
590 |
-
function GOTMLS_quarantine($
|
591 |
-
|
592 |
-
|
593 |
-
|
594 |
-
|
595 |
-
|
596 |
-
$
|
597 |
-
if ((isset($_SERVER["SCRIPT_FILENAME"]) && strlen($_SERVER["SCRIPT_FILENAME"]) > strlen(basename(__FILE__)) && substr(__FILE__, -1 * strlen($_SERVER["SCRIPT_FILENAME"])) == substr($_SERVER["SCRIPT_FILENAME"], -1 * strlen(__FILE__))) || !defined("GOTMLS_plugin_path"))
|
598 |
-
die("'.str_replace('>', '{$gt}', str_replace('<', '{$lt}', $err403)).'")); // Display the Forbidden Error to anyone trying to browse the quarantine without permission!
|
599 |
-
?'.'>';
|
600 |
-
$GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"] = str_replace("/", GOTMLS_slash(), GOTMLS_trailingslashit($upload['basedir'])).'quarantine';
|
601 |
-
if (!is_dir($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]) && !@mkdir($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]))
|
602 |
-
$GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"] = str_replace("/", GOTMLS_slash(), $upload['basedir']);
|
603 |
-
if (is_file(GOTMLS_trailingslashit($upload['basedir']).'.htaccess') && file_get_contents(GOTMLS_trailingslashit($upload['basedir']).'.htaccess') == 'Options -Indexes')
|
604 |
-
if (!@unlink(GOTMLS_trailingslashit($upload['basedir']).'.htaccess'))
|
605 |
-
GOTMLS_file_put_contents(GOTMLS_trailingslashit($upload['basedir']).'.htaccess', '');
|
606 |
-
if (!is_file(GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]).'.htaccess'))
|
607 |
-
GOTMLS_file_put_contents(GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]).'.htaccess', 'Options -Indexes');
|
608 |
-
if (!is_file(GOTMLS_trailingslashit($upload['basedir']).'index.php'))
|
609 |
-
GOTMLS_file_put_contents(GOTMLS_trailingslashit($upload['basedir']).'index.php', $err403);
|
610 |
-
if (!is_file(GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]).'index.php') || (@file_get_contents(GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]).'index.php') != $recoveryPHP))
|
611 |
-
GOTMLS_file_put_contents(GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]).'index.php', $recoveryPHP);
|
612 |
}
|
613 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
614 |
}
|
615 |
|
616 |
function GOTMLS_update_status($status, $percent = -1) {
|
@@ -638,7 +642,7 @@ function GOTMLS_flush($tag = "") {
|
|
638 |
|
639 |
function GOTMLS_readdir($dir, $current_depth = 1) {
|
640 |
global $GOTMLS_scanfiles, $GOTMLS_skip_dirs, $GOTMLS_dirs_at_depth, $GOTMLS_dir_at_depth, $GOTMLS_total_percent;
|
641 |
-
if ($
|
642 |
@set_time_limit($GLOBALS["GOTMLS"]["tmp"]['execution_time']);
|
643 |
$entries = GOTMLS_getfiles($dir);
|
644 |
if (is_array($entries)) {
|
@@ -730,7 +734,10 @@ function GOTMLS_strip4java($item) {
|
|
730 |
}
|
731 |
|
732 |
function GOTMLS_error_link($errorTXT, $file = "", $class = "errors") {
|
733 |
-
|
|
|
|
|
|
|
734 |
$onclick = 'loadIframe(\''.str_replace("\"", """, '<div style="float: left; white-space: nowrap;">'.__("Examine File",'gotmls').' ... </div><div style="overflow: hidden; position: relative; height: 20px;"><div style="position: absolute; right: 0px; text-align: right; width: 9000px;">'.GOTMLS_strip4java($file)).'</div></div>\');" href="'.GOTMLS_script_URI.'&GOTMLS_scan='.GOTMLS_encode($file);
|
735 |
else
|
736 |
$onclick = 'return false;';
|
@@ -740,16 +747,12 @@ function GOTMLS_error_link($errorTXT, $file = "", $class = "errors") {
|
|
740 |
function GOTMLS_check_file($file) {
|
741 |
$filesize = @filesize($file);
|
742 |
echo "/*-->*"."/\ndocument.getElementById('status_text').innerHTML='Checking ".GOTMLS_strip4java($file)." ($filesize bytes)';\n/*<!--*"."/";
|
743 |
-
if (
|
744 |
-
echo GOTMLS_return_threat("bad", (@rename($file, GOTMLS_quarantine(substr($file, 0, -4)))?"checked":"blocked"), $file);
|
745 |
-
elseif (GOTMLS_get_ext($file) == "gotmls" && !(isset($_GET["eli"]) && $_GET["eli"] == "quarantine"))
|
746 |
-
echo GOTMLS_return_threat("bad", "checked", GOTMLS_decode(substr(array_pop(GOTMLS_explode_dir($file)), 0, -7)));
|
747 |
-
elseif (in_array(GOTMLS_get_ext($file), $GLOBALS["GOTMLS"]["tmp"]["skip_ext"]) && !(preg_match('/social[0-9]*\.png$/i', $file)))
|
748 |
-
echo GOTMLS_return_threat("skipped", "blocked", $file, GOTMLS_error_link(__("Skipped because of file extention!",'gotmls'), $file, "potential"));
|
749 |
-
elseif ($filesize===false)
|
750 |
echo GOTMLS_return_threat("errors", "blocked", $file, GOTMLS_error_link(__("Failed to determine file size!",'gotmls'), $file));
|
751 |
elseif (($filesize==0) || ($filesize>((isset($_GET["eli"])&&is_numeric($_GET["eli"]))?$_GET["eli"]:1234567)))
|
752 |
echo GOTMLS_return_threat("skipped", "blocked", $file, GOTMLS_error_link(__("Skipped because of file size!",'gotmls')." ($filesize bytes)", $file, "potential"));
|
|
|
|
|
753 |
else {
|
754 |
try {
|
755 |
echo @GOTMLS_scanfile($file);
|
@@ -834,14 +837,13 @@ function GOTMLS_reset_settings($item, $key) {
|
|
834 |
unset($GLOBALS["GOTMLS"]["tmp"]["settings_array"][$key]);
|
835 |
}
|
836 |
|
837 |
-
$GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"] = dirname(GOTMLS_quarantine(__FILE__));
|
838 |
$GLOBALS["GOTMLS"]["tmp"]["default_ext"] .= "com";
|
839 |
GOTMLS_define("GOTMLS_plugin_home", $GLOBALS["GOTMLS"]["tmp"]["protocol"].'//gotmls.net/');
|
840 |
GOTMLS_define("GOTMLS_update_home", "http://updates.gotmls.net/".GOTMLS_installation_key.'/');
|
841 |
GOTMLS_define("GOTMLS_blog_home", $GLOBALS["GOTMLS"]["tmp"]["protocol"].'//wordpress.'.$GLOBALS["GOTMLS"]["tmp"]["default_ext"]);
|
842 |
-
$GLOBALS["GOTMLS"]["tmp"]["Definition"]["Default"] = "
|
843 |
-
$GLOBALS["GOTMLS"]["tmp"]["definitions_array"] = maybe_unserialize(GOTMLS_decode('
|
844 |
-
|
845 |
function GOTMLS_file_put_contents($file, $content) {
|
846 |
global $GOTMLS_chmod_file, $GOTMLS_chmod_dir;
|
847 |
if ((is_dir(dirname($file)) || @mkdir(dirname($file), $GOTMLS_chmod_dir, true)) && !is_writable(dirname($file)) && ($GOTMLS_chmod_dir = @fileperms(dirname($file))))
|
10 |
define($DEF, $val);
|
11 |
}}
|
12 |
|
13 |
+
GOTMLS_define("GOTMLS_Version", "4.15.25");
|
14 |
GOTMLS_define("GOTMLS_require_version", "3.3");
|
15 |
GOTMLS_define("GOTMLS_plugin_dir", "gotmls");
|
16 |
GOTMLS_define("GOTMLS_local_images_path", dirname(__FILE__)."/");
|
22 |
}}
|
23 |
|
24 |
$GLOBALS["GOTMLS"] = array(
|
25 |
+
"tmp"=>array("HeadersError"=>"",
|
26 |
"mt"=>((isset($_GET["mt"])&&is_numeric($_GET["mt"]))?$_GET["mt"]:microtime(true)),
|
27 |
"threat_levels" => array(__("htaccess Threats",'gotmls')=>"htaccess",__("TimThumb Exploits",'gotmls')=>"timthumb",__("Backdoor Scripts",'gotmls')=>"backdoor",__("Known Threats",'gotmls')=>"known",__("Core File Changes",'gotmls')=>"wp_core",__("Potential Threats",'gotmls')=>"potential"),
|
28 |
"default_ext"=>"ieonly.", "skip_ext"=>array("png", "jpg", "jpeg", "gif", "bmp", "tif", "tiff", "psd", "fla", "flv", "mov", "mp3", "exe", "zip", "pdf", "css", "pot", "po", "mo", "so", "doc", "docx", "svg", "ttf"),
|
80 |
} elseif (isset($_GET["no_error_reporting"]))
|
81 |
@error_reporting(0);
|
82 |
|
83 |
+
//GOTMLS_define("GOTMLS_Skip_Quarantine_LANGUAGE", __("Skip scanning the Quarantine:",'gotmls'));
|
84 |
GOTMLS_define("GOTMLS_Failed_to_list_LANGUAGE", __("Failed to list files in directory!",'gotmls'));
|
85 |
GOTMLS_define("GOTMLS_Run_Quick_Scan_LANGUAGE", __("Run Quick Scan",'gotmls'));
|
86 |
GOTMLS_define("GOTMLS_View_Quarantine_LANGUAGE", __("View Quarantine",'gotmls'));
|
154 |
if (!(isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]['exclude_dir']) && is_array($GLOBALS["GOTMLS"]["tmp"]["settings_array"]['exclude_dir'])))
|
155 |
$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_dir"] = array();
|
156 |
$GOTMLS_total_percent = 0;
|
|
|
157 |
function GOTMLS_admin_notices() {
|
|
|
158 |
if (!is_admin())
|
159 |
return;
|
160 |
+
elseif ($GLOBALS["GOTMLS"]["tmp"]["HeadersError"])
|
161 |
+
echo $GLOBALS["GOTMLS"]["tmp"]["HeadersError"];
|
162 |
}
|
163 |
|
164 |
function GOTMLS_array_recurse($array1, $array2) {
|
194 |
}
|
195 |
|
196 |
function GOTMLS_loaded() {
|
|
|
197 |
if (headers_sent($filename, $linenum)) {
|
198 |
if (!$filename)
|
199 |
$filename = __("an unknown file",'gotmls');
|
200 |
if (!is_numeric($linenum))
|
201 |
$linenum = __("unknown",'gotmls');
|
202 |
+
$GLOBALS["GOTMLS"]["tmp"]["HeadersError"] = '<div class="error">'.sprintf(__('<b>Headers already sent</b> in %1$s on line %2$s.<br />This is not a good sign, it may just be a poorly written plugin but Headers should not have been sent at this point.<br />Check the code in the above mentioned file to fix this problem.','gotmls'), $filename, $linenum).'</div>';
|
203 |
} elseif (!session_id() && isset($_GET["SESSION"]))
|
204 |
@session_start();
|
205 |
if (session_id() && isset($_GET["SESSION"]) && $_GET["SESSION"] == "GOTMLS_debug" && !isset($_SESSION["GOTMLS_debug"]))
|
415 |
else
|
416 |
$GOTMLS_file_contents = "";
|
417 |
} else
|
418 |
+
$GOTMLS_new_contents = trim(preg_replace('/'.$lt.'\?(php)?\s*(\/\*.*?\*\/\s*)*(\?'.$gt.'|$)/is', "", $GOTMLS_new_contents));
|
419 |
if (strlen($GOTMLS_file_contents) > 0 && (GOTMLS_write_quarantine($file, $className) !== false) && ((strlen($GOTMLS_new_contents)==0 && isset($_GET["eli"]) && @unlink($file)) || (GOTMLS_file_put_contents($file, $GOTMLS_new_contents) !== false))) {
|
420 |
echo __("Success!",'gotmls');
|
421 |
return "/*--{$gt}*"."/\nfixedFile('$clean_file');\n/*{$lt}!--*"."/";
|
422 |
} else {
|
423 |
+
echo __("Failed:",'gotmls').' '.(strlen($GOTMLS_file_contents)?((is_writable(dirname($file)) && is_writable($file))?__("reason unknown!",'gotmls'):__("file not writable!",'gotmls')):__("no file contents!",'gotmls'));
|
424 |
if (isset($_GET["eli"]))
|
425 |
+
echo 'uid='.getmyuid().'('.get_current_user().'),gid='.getmygid().($lt.'br'.$gt.$lt.'pre'.$gt.'file_stat'.print_r(stat($file), true));
|
426 |
return "/*--{$gt}*"."/\nfailedFile('$clean_file');\n/*{$lt}!--*"."/";
|
427 |
}
|
428 |
}
|
435 |
$imageFile = "question";
|
436 |
return GOTMLS_return_threat($className, $imageFile, $file, str_replace("GOTMLS_plugin", "GOTMLS_plugin $className", $threat_link));
|
437 |
} elseif (isset($_POST["GOTMLS_fix"]) && is_array($_POST["GOTMLS_fix"]) && in_array($clean_file, $_POST["GOTMLS_fix"])) {
|
438 |
+
echo __("Already Fixed!",'gotmls');
|
439 |
+
return "/*--{$gt}*"."/\nfixedFile('$clean_file');\n/*{$lt}!--*"."/";
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
440 |
} else
|
441 |
return GOTMLS_return_threat($className, ($className=="scanned"?"checked":"blocked").".gif?$className", $file, $threat_link);
|
442 |
}
|
532 |
|
533 |
function GOTMLS_write_quarantine($file, $className) {
|
534 |
global $wpdb, $current_user, $GOTMLS_file_contents, $GOTMLS_new_contents, $GOTMLS_threats_found;
|
535 |
+
$insert = array("post_author"=>GOTMLS_get_current_user_id(), "post_content"=>GOTMLS_encode($GOTMLS_file_contents), "post_mime_type"=>md5($GOTMLS_file_contents), "post_title"=>$file, "ping_status"=>$className, "post_status"=>"private", "post_type"=>"GOTMLS_quarantine", "post_content_filtered"=>GOTMLS_encode($GOTMLS_new_contents));
|
536 |
$insert["post_date"] = date("Y-m-d H:i:s");
|
537 |
$insert["post_date_gmt"] = $insert["post_date"];
|
538 |
if (is_file($file)) {
|
548 |
$insert["comment_count"] = strlen($GOTMLS_file_contents);
|
549 |
}
|
550 |
if (isset($GOTMLS_threats_found) && is_array($GOTMLS_threats_found)) {
|
551 |
+
$insert["post_excerpt"] = GOTMLS_encode(@serialize($GOTMLS_threats_found));
|
552 |
$pinged = array();
|
553 |
foreach ($GOTMLS_threats_found as $threat_name) {
|
554 |
if (isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["$className"]["$threat_name"][0]) && isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["$className"]["$threat_name"][1]) && strlen($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["$className"]["$threat_name"][0]) == 5 && strlen($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["$className"]["$threat_name"][1]))
|
562 |
}
|
563 |
$insert["pinged"] = GOTMLS_encode(@serialize($pinged));
|
564 |
}
|
565 |
+
return $wpdb->insert($wpdb->posts, $insert);//! comment_status post_password post_name to_ping post_parent guid menu_order";
|
|
|
566 |
}
|
567 |
|
568 |
function GOTMLS_get_current_user_id() {
|
573 |
return 1;
|
574 |
}
|
575 |
|
576 |
+
function GOTMLS_quarantine($path = "") {
|
577 |
+
global $wpdb;//, $GOTMLS_new_contents, $GOTMLS_file_contents, $GOTMLS_threats_found;
|
578 |
+
if (!isset($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"])) {
|
579 |
+
if (($upload = wp_upload_dir()) && isset($upload['basedir']))
|
580 |
+
$GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"] = str_replace("/", GOTMLS_slash(), GOTMLS_trailingslashit($upload['basedir'])).'quarantine';
|
581 |
+
else
|
582 |
+
$GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"] = false;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
583 |
}
|
584 |
+
if ($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"] && is_dir($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"])) {
|
585 |
+
$entries = GOTMLS_getfiles($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]);
|
586 |
+
if (is_array($entries) && count($entries)) {
|
587 |
+
foreach ($entries as $entry) {
|
588 |
+
if (is_file($file = GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]).$entry)) {
|
589 |
+
if (GOTMLS_get_ext($entry) == "gotmls" && ($GOTMLS_file_contents = file_get_contents($file))) {
|
590 |
+
$insert = array("post_author"=>GOTMLS_get_current_user_id(), "ping_status"=>"imported", "post_status"=>"private", "post_type"=>"GOTMLS_quarantine", "post_content"=>GOTMLS_encode($GOTMLS_file_contents), "post_mime_type"=>md5($GOTMLS_file_contents));//! comment_status post_password post_name to_ping post_parent guid menu_order";
|
591 |
+
if (!($insert["comment_count"] = @filesize($file)))
|
592 |
+
$insert["comment_count"] = strlen($GOTMLS_file_contents);
|
593 |
+
$file_date = explode(".", $entry);
|
594 |
+
$insert["post_date"] = date("Y-m-d H:i:s", filemtime($file));
|
595 |
+
$insert["post_date_gmt"] = $insert["post_date"];
|
596 |
+
$insert["post_modified"] = $insert["post_date"];
|
597 |
+
$match = '/^(20)?([0-5][0-9])[\-: \/]*(0*[1-9]|1[0-2])[\-: \/]*(0*[1-9]|[12][0-9]|3[01])[\-: \/]*([0-5][0-9])[\-: \/]*([0-5][0-9])$/';
|
598 |
+
if (count($file_date) > 2 && strlen($file_date[0]) == 5 && preg_match($match, GOTMLS_sexagesimal($file_date[0])))
|
599 |
+
$insert["post_modified"] = GOTMLS_sexagesimal($file_date[0]).":00";
|
600 |
+
elseif (count($file_date) > 3 && strlen($file_date[1]) == 5 && preg_match($match, GOTMLS_sexagesimal($file_date[1])))
|
601 |
+
$insert["post_modified"] = GOTMLS_sexagesimal($file_date[1]).":00";
|
602 |
+
$insert["post_modified_gmt"] = $insert["post_modified"];
|
603 |
+
$insert["post_title"] = GOTMLS_decode($file_date[count($file_date)-2]);
|
604 |
+
if (is_file($insert["post_title"]) && ($GOTMLS_new_contents = file_get_contents($insert["post_title"])))
|
605 |
+
$insert["post_content_filtered"] = GOTMLS_encode($GOTMLS_new_contents);
|
606 |
+
//! pinged post_excerpt
|
607 |
+
if ($wpdb->insert($wpdb->posts, $insert))
|
608 |
+
unlink(trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]).$entry);
|
609 |
+
} elseif (basename($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]) == "quarantine")
|
610 |
+
unlink(trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]).$entry);
|
611 |
+
}
|
612 |
+
}
|
613 |
+
} elseif (basename($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]) == "quarantine")
|
614 |
+
rmdir($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]);
|
615 |
+
}
|
616 |
+
if ($path)
|
617 |
+
return GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]).(is_file($file)?GOTMLS_sexagesimal(date("y-m-d-H-i", filectime($file))).'.'.GOTMLS_sexagesimal(date("y-m-d-H-i", filemtime($file))):GOTMLS_sexagesimal(date("y-m-d-H-i", time()))).'.'.GOTMLS_encode($file?$file:__FILE__).'.GOTMLS';
|
618 |
}
|
619 |
|
620 |
function GOTMLS_update_status($status, $percent = -1) {
|
642 |
|
643 |
function GOTMLS_readdir($dir, $current_depth = 1) {
|
644 |
global $GOTMLS_scanfiles, $GOTMLS_skip_dirs, $GOTMLS_dirs_at_depth, $GOTMLS_dir_at_depth, $GOTMLS_total_percent;
|
645 |
+
if ($current_depth) {
|
646 |
@set_time_limit($GLOBALS["GOTMLS"]["tmp"]['execution_time']);
|
647 |
$entries = GOTMLS_getfiles($dir);
|
648 |
if (is_array($entries)) {
|
734 |
}
|
735 |
|
736 |
function GOTMLS_error_link($errorTXT, $file = "", $class = "errors") {
|
737 |
+
global $post;
|
738 |
+
if (is_numeric($file) && isset($post->post_title))
|
739 |
+
$onclick = 'loadIframe(\''.str_replace("\"", """, '<div style="float: left; white-space: nowrap;">'.__("Examine Quarantined File",'gotmls').' ... </div><div style="overflow: hidden; position: relative; height: 20px;"><div style="position: absolute; right: 0px; text-align: right; width: 9000px;">'.GOTMLS_strip4java($post->post_title)).'</div></div>\');" href="'.GOTMLS_script_URI.'&GOTMLS_scan='.$file;
|
740 |
+
elseif ($file)
|
741 |
$onclick = 'loadIframe(\''.str_replace("\"", """, '<div style="float: left; white-space: nowrap;">'.__("Examine File",'gotmls').' ... </div><div style="overflow: hidden; position: relative; height: 20px;"><div style="position: absolute; right: 0px; text-align: right; width: 9000px;">'.GOTMLS_strip4java($file)).'</div></div>\');" href="'.GOTMLS_script_URI.'&GOTMLS_scan='.GOTMLS_encode($file);
|
742 |
else
|
743 |
$onclick = 'return false;';
|
747 |
function GOTMLS_check_file($file) {
|
748 |
$filesize = @filesize($file);
|
749 |
echo "/*-->*"."/\ndocument.getElementById('status_text').innerHTML='Checking ".GOTMLS_strip4java($file)." ($filesize bytes)';\n/*<!--*"."/";
|
750 |
+
if ($filesize===false)
|
|
|
|
|
|
|
|
|
|
|
|
|
751 |
echo GOTMLS_return_threat("errors", "blocked", $file, GOTMLS_error_link(__("Failed to determine file size!",'gotmls'), $file));
|
752 |
elseif (($filesize==0) || ($filesize>((isset($_GET["eli"])&&is_numeric($_GET["eli"]))?$_GET["eli"]:1234567)))
|
753 |
echo GOTMLS_return_threat("skipped", "blocked", $file, GOTMLS_error_link(__("Skipped because of file size!",'gotmls')." ($filesize bytes)", $file, "potential"));
|
754 |
+
elseif (in_array(GOTMLS_get_ext($file), $GLOBALS["GOTMLS"]["tmp"]["skip_ext"]) && !(preg_match('/(shim|social[0-9]*)\.png$/i', $file)))
|
755 |
+
echo GOTMLS_return_threat("skipped", "blocked", $file, GOTMLS_error_link(__("Skipped because of file extention!",'gotmls'), $file, "potential"));
|
756 |
else {
|
757 |
try {
|
758 |
echo @GOTMLS_scanfile($file);
|
837 |
unset($GLOBALS["GOTMLS"]["tmp"]["settings_array"][$key]);
|
838 |
}
|
839 |
|
|
|
840 |
$GLOBALS["GOTMLS"]["tmp"]["default_ext"] .= "com";
|
841 |
GOTMLS_define("GOTMLS_plugin_home", $GLOBALS["GOTMLS"]["tmp"]["protocol"].'//gotmls.net/');
|
842 |
GOTMLS_define("GOTMLS_update_home", "http://updates.gotmls.net/".GOTMLS_installation_key.'/');
|
843 |
GOTMLS_define("GOTMLS_blog_home", $GLOBALS["GOTMLS"]["tmp"]["protocol"].'//wordpress.'.$GLOBALS["GOTMLS"]["tmp"]["default_ext"]);
|
844 |
+
$GLOBALS["GOTMLS"]["tmp"]["Definition"]["Default"] = "F277h";
|
845 |
+
if (!is_array($GLOBALS["GOTMLS"]["tmp"]["definitions_array"] = maybe_unserialize(GOTMLS_decode('YToxOntzOjk6InBvdGVudGlhbCI7YToxNDp7czo0OiJldmFsIjthOjI6e2k6MDtzOjU6IkVBUExxIjtpOjE7czozNToiL1teYS16XC8nIl1ldmFsXChbXlwpXStbJyJcc1wpO10rL2kiO31zOjk6ImF1dGhfcGFzcyI7YToyOntpOjA7czo1OiJDQ0lHRyI7aToxO3M6MjQ6Ii9cJGF1dGhfcGFzc1sgPVx0XSsuKzsvaSI7fXM6MjE6ImRvY3VtZW50LndyaXRlIGlmcmFtZSI7YToyOntpOjA7czo1OiJDQ0lHRyI7aToxO3M6NTI6Ii9kb2N1bWVudFwud3JpdGVcKFsnIl08aWZyYW1lIC4rPFwvaWZyYW1lPlsnIl1cKTsqL2kiO31zOjE1OiJwcmVnX3JlcGxhY2UgL2UiO2E6Mjp7aTowO3M6NToiQ0NJR0ciO2k6MTtzOjUwOiIvcHJlZ19yZXBsYWNlWyBcdF0qXCguK1tcL1wjXHxdW2ldKmVbaV0qWyciXS4rXCkvaSI7fXM6MjA6ImV4ZWMgc3lzdGVtIHBhc3N0aHJ1IjthOjI6e2k6MDtzOjU6IkVBUExnIjtpOjE7czo1MToiLzxcPy4rP2V4ZWNcKC4rP3N5c3RlbVwoLis_cGFzc3RocnVcKC4rZndyaXRlXCguKy9zIjt9czoyOToiRXh0ZXJuYWwgUmVkaXJlY3QgUmV3cml0ZVJ1bGUiO2E6Mjp7aTowO3M6NToiRjFVSVoiO2k6MTtzOjQyOiIvUmV3cml0ZVJ1bGUgW14gXSsgaHR0cFw6XC9cLyg_ITEyN1wuKS4qL2kiO31zOjM1OiJubyBlcnJvcl9yZXBvcnRpbmcgbG9uZyBsaW5lcyBhbG9uZSI7YToyOntpOjA7czo1OiJEMzVCYSI7aToxO3M6Nzk6Ii88XD8ocGhwKSpbXHJcblx0IFxAXSplcnJvcl9yZXBvcnRpbmdcKDBcKTsuKz9bYS16MC05XC9cLVw9JyJcLlxdezIwMDB9Lio_XD8-L2kiO31zOjIyOiJwcm90ZWN0ZWQgYnkgY29weXJpZ2h0IjthOjI6e2k6MDtzOjU6IkQ4TUN3IjtpOjE7czoxMzY6Ii9cL1wqIFRoaXMgZmlsZSBpcyBwcm90ZWN0ZWQgYnkgY29weXJpZ2h0IGxhdyBhbmQgcHJvdmlkZWQgdW5kZXIgbGljZW5zZS4gUmV2ZXJzZSBlbmdpbmVlcmluZyBvZiB0aGlzIGZpbGUgaXMgc3RyaWN0bHkgcHJvaGliaXRlZC4gXCpcLy8iO31zOjE5OiJhIHNwYW4gY29sb3IgRjFFRkU0IjthOjI6e2k6MDtzOjU6IkQ4UkFQIjtpOjE7czoxMTg6Ii9cPGEgW15cPl0rXD5cPHNwYW4gc3R5bGU9ImNvbG9yXDpcI0YxRUZFNDsiXD4oLis_KVw8XC9zcGFuXD5cPFwvYVw-XDxzcGFuIHN0eWxlPSJjb2xvclw6XCNGMUVGRTQ7Ilw-KC4rPylcPFwvc3Bhblw-L2kiO31zOjE3OiJWYXJpYWJsZSBGdW5jdGlvbiI7YToyOntpOjA7czo1OiJFODU2TCI7aToxO3M6Njc6Ii8oPCFcZClcJFtcJFx7XSpbYS16XC1cXzAtOV0rW1x9IFx0XSooXFtbXlxdXStcXVsgXHRdKikqXCguKj9cKVw7L2kiO31zOjExOiJUYWdnZWQgQ29kZSI7YToyOntpOjA7czo1OiJFNExNRyI7aToxO3M6MjQ6Ii9cIyhcdyspXCMuKz9cI1wvXDFcIy9pcyI7fXM6MTU6ImNyZWF0ZV9mdW5jdGlvbiI7YToyOntpOjA7czo1OiJFQVBMbSI7aToxO3M6NzU6Ii8oXCRbYS16XzAtOV0rWz1cc1xAXSspP2NyZWF0ZV9mdW5jdGlvblwoW14sXStbLFxzXStcJFthLXpfMC05XStbXHNcKV0rOyovaSI7fXM6NDM6ImZ1bmN0aW9uIGFkZF9hY3Rpb24gd3BfZW5xdWV1ZV9zY3JpcHQganNvbjIiO2E6Mjp7aTowO3M6NToiRjExNHYiO2k6MTtzOjE3OiIvanNvbjJcLm1pblwuanMvaSI7fXM6NDc6IlJld3JpdGVDb25kIEhUVFBfVVNFUl9BR0VOVCBSZXdyaXRlUnVsZSBodHRwIElQIjthOjI6e2k6MDtzOjU6IkYyNzdoIjtpOjE7czo4NDoiLyhSZXdyaXRlQ29uZCBcJVx7SFRUUF9VU0VSX0FHRU5UXH0gLitccyspK1Jld3JpdGVSdWxlIFxeLipcJCBodHRwOlwvXC8oPyExMjdcLikuKi9pIjt9fX02'))))
|
846 |
+
$GLOBALS["GOTMLS"]["tmp"]["HeadersError"] = '<div class="error">'.__('The <b>base64_decode</b> function is currently disabled by the disable_functions Directive in your server\'s php.ini file.<br />This function is required for this Anti-Malware plugin to work properly.<br />Check the disable_functions Directive in your php.ini and take out base64_decode to fix this problem.','gotmls').'</div>';
|
847 |
function GOTMLS_file_put_contents($file, $content) {
|
848 |
global $GOTMLS_chmod_file, $GOTMLS_chmod_dir;
|
849 |
if ((is_dir(dirname($file)) || @mkdir(dirname($file), $GOTMLS_chmod_dir, true)) && !is_writable(dirname($file)) && ($GOTMLS_chmod_dir = @fileperms(dirname($file))))
|
index.php
CHANGED
@@ -8,7 +8,7 @@ Author URI: http://wordpress.ieonly.com/category/my-plugins/anti-malware/
|
|
8 |
Contributors: scheeeli, gotmls
|
9 |
Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
|
10 |
Description: This Anti-Virus/Anti-Malware plugin searches for Malware and other Virus like threats and vulnerabilities on your server and helps you remove them. It's always growing and changing to adapt to new threats so let me know if it's not working for you.
|
11 |
-
Version: 4.15.
|
12 |
*/
|
13 |
if (isset($_SERVER["DOCUMENT_ROOT"]) && ($SCRIPT_FILE = str_replace($_SERVER["DOCUMENT_ROOT"], "", isset($_SERVER["SCRIPT_FILENAME"])?$_SERVER["SCRIPT_FILENAME"]:isset($_SERVER["SCRIPT_NAME"])?$_SERVER["SCRIPT_NAME"]:"")) && strlen($SCRIPT_FILE) > strlen("/".basename(__FILE__)) && substr(__FILE__, -1 * strlen($SCRIPT_FILE)) == substr($SCRIPT_FILE, -1 * strlen(__FILE__)))
|
14 |
include(dirname(__FILE__)."/safe-load/index.php");
|
@@ -57,15 +57,8 @@ function GOTMLS_user_can() {
|
|
57 |
}
|
58 |
|
59 |
function GOTMLS_menu() {
|
60 |
-
GOTMLS_user_can()
|
61 |
-
if (isset($_POST["GOTMLS_menu_group"]) && is_numeric($_POST["GOTMLS_menu_group"])) {
|
62 |
$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["menu_group"] = $_POST["GOTMLS_menu_group"];
|
63 |
-
/* $capabilities = array();
|
64 |
-
if (current_user_can($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"]))
|
65 |
-
foreach (get_editable_roles() as $role)
|
66 |
-
$capabilities = array_merge($capabilities, $role["capabilities"]);
|
67 |
-
if (isset($_POST["GOTMLS_user_can"]) && in_array($_POST["GOTMLS_user_can"], $capabilities))
|
68 |
-
$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"] = $_POST["GOTMLS_user_can"];*/
|
69 |
update_option('GOTMLS_settings_array', $GLOBALS["GOTMLS"]["tmp"]["settings_array"]);
|
70 |
}
|
71 |
$GOTMLS_Full_plugin_logo_URL = GOTMLS_images_path.'GOTMLS-16x16.gif';
|
@@ -122,7 +115,7 @@ function GOTMLS_display_header($optional_box = "") {
|
|
122 |
global $GOTMLS_onLoad, $wp_version, $current_user;
|
123 |
get_currentuserinfo();
|
124 |
$GOTMLS_url_parts = explode('/', GOTMLS_siteurl);
|
125 |
-
if (isset($_GET["check_site"]) && $_GET["check_site"]
|
126 |
echo '<div id="check_site" style="z-index: 1234567;"><img src="'.GOTMLS_images_path.'checked.gif" height=16 width=16 alt="✔"> '.__("Tested your site. It appears we didn't break anything",'gotmls').' ;-)</div><script type="text/javascript">window.parent.document.getElementById("check_site_warning").style.backgroundColor=\'#0C0\';</script><li>Please <a target="_blank" href="https://wordpress.org/plugins/gotmls/stats/?compatibility%5Bversion%5D='.$wp_version.'&compatibility%5Btopic_version%5D='.GOTMLS_Version.'&compatibility%5Bcompatible%5D=1#compatibility-works">Vote "Works"</a> or <a target="_blank" href="https://wordpress.org/support/view/plugin-reviews/gotmls#postform">write a "Five-Star" Reviews</a> on WordPress.org if you like this plugin.</li><style>#footer, #GOTMLS-metabox-container, #GOTMLS-right-sidebar, #admin-page-container, #wpadminbar, #adminmenuback, #adminmenuwrap, #adminmenu, .error, .updated, .update-nag {display: none !important;} #wpbody-content {padding-bottom: 0;} #wpbody, html.wp-toolbar {padding-top: 0 !important;} #wpcontent, #footer {margin-left: 5px !important;}';
|
127 |
else
|
128 |
echo '<style>#GOTMLS-right-sidebar {float: right; margin-right: 0px;}';
|
@@ -139,6 +132,7 @@ function GOTMLS_display_header($optional_box = "") {
|
|
139 |
$Update_Div ='<div id="findUpdates" style="display: none;"><center>'.__("Searching for updates ...",'gotmls').'<br /><img src="'.GOTMLS_images_path.'wait.gif" height=16 width=16 alt="Wait..." /><br /><input type="button" value="Cancel" onclick="cancelserver(\'findUpdates\');" /></center></div>';
|
140 |
echo '
|
141 |
span.GOTMLS_date {float: right; width: 120px; white-space: nowrap;}
|
|
|
142 |
.rounded-corners {margin: 10px; border-radius: 10px; -moz-border-radius: 10px; -webkit-border-radius: 10px; border: 1px solid #000;}
|
143 |
.shadowed-box {box-shadow: -3px 3px 3px #666; -moz-box-shadow: -3px 3px 3px #666; -webkit-box-shadow: -3px 3px 3px #666;}
|
144 |
.sidebar-box {background-color: #CCC;}
|
@@ -623,39 +617,28 @@ function GOTMLS_get_whitelists() {
|
|
623 |
return "$Q_Page\n";
|
624 |
}
|
625 |
|
626 |
-
function GOTMLS_get_quarantine() {
|
627 |
-
$
|
628 |
$Q_Page = '
|
629 |
<form method="POST" target="GOTMLS_iFrame" name="GOTMLS_Form_clean"><input type="hidden" id="GOTMLS_fixing" name="GOTMLS_fixing" value="1">';
|
630 |
-
|
631 |
-
|
632 |
-
|
633 |
-
|
634 |
-
if (
|
635 |
-
|
636 |
-
|
637 |
-
|
|
|
638 |
$root_path = implode(GOTMLS_slash(), array_slice(GOTMLS_explode_dir(__file__), 0, (2 + intval($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"])) * -1));
|
639 |
-
|
640 |
-
$
|
641 |
-
$
|
642 |
$Q_Page .= '
|
643 |
-
<li
|
644 |
-
$infectime = 'Unknown';
|
645 |
-
if (is_file($file) && GOTMLS_get_ext($entry) == "gotmls") {
|
646 |
-
$file_date = explode(".", $entry);
|
647 |
-
if (count($file_date) > 2 && strlen($file_date[0]) == 5 && ($filetime != GOTMLS_sexagesimal($file_date[0])))
|
648 |
-
$infectime = GOTMLS_sexagesimal($file_date[0]);
|
649 |
-
elseif (count($file_date) > 3 && strlen($file_date[1]) == 5 && ($filetime != GOTMLS_sexagesimal($file_date[1])))
|
650 |
-
$infectime = GOTMLS_sexagesimal($file_date[1]);
|
651 |
-
elseif (@rename($file, GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]).GOTMLS_sexagesimal($filetime).".$entry"))
|
652 |
-
$file = GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]).GOTMLS_sexagesimal($filetime).".$entry";
|
653 |
-
$Q_Page .= '<span class="GOTMLS_date">'.$infectime.'</span><input type="checkbox" name="GOTMLS_fix[]" value="'.GOTMLS_encode($file).'" id="check_'.GOTMLS_encode($file).'" onchange="document.getElementById(\'quarantine_buttons\').style.display = \'block\';" /><img src="'.GOTMLS_images_path.'blocked.gif" height=16 width=16 alt="Q">'.preg_replace('/9000px;\">(.+?)<\/div>/', '9000px;">\1'.GOTMLS_strip4java(GOTMLS_decode($file_date[count($file_date)-2])).' (Quarantined)</div>', GOTMLS_error_link(__("View Quarantined File",'gotmls'), $file)).str_replace($root_path, "...", GOTMLS_decode($file_date[count($file_date)-2]));
|
654 |
-
} else
|
655 |
-
$Q_Page .= '<img src="'.GOTMLS_images_path.'threat.gif" height=16 width=16 alt="?">'.GOTMLS_error_link(__("Foreign File in Quarantine",'gotmls'), $file).$entry;
|
656 |
-
$Q_Page .= "</a></li>\n";
|
657 |
}
|
658 |
$Q_Page .= "\n</ul>";
|
|
|
659 |
} else
|
660 |
$Q_Page .= '<h3>'.__("No Items in Quarantine",'gotmls').'</h3>';
|
661 |
return "$Q_Page\n</form>\n";
|
@@ -751,10 +734,10 @@ function GOTMLS_settings() {
|
|
751 |
$scan_opts .= $lt.'input type="checkbox" name="check[]" id="check_'.$threat_level.'_Yes" value="'.$threat_level.'"'.(in_array($threat_level,$GLOBALS["GOTMLS"]["log"]["settings"]["check"])?' checked':'').' /'.$gt.' '.$lt.'a style="text-decoration: none;" href="#check_'.$threat_level.'_div_0" onclick="document.getElementById(\'check_'.$threat_level.'_Yes\').checked=true;showhide(\'dont_check_'.$threat_level.'\');"'."$gt{$lt}b$gt$threat_level_name$lt/b$gt$lt/a$gt\n";
|
752 |
if (isset($_GET["SESSION"])) {
|
753 |
if (isset($_SESSION["GOTMLS_debug"][$threat_level]))
|
754 |
-
print_r($_SESSION["GOTMLS_debug"][$threat_level],1);
|
755 |
$scan_opts .= "\n$lt".'div style="padding: 0 20px; position: relative; top: -18px; display: none;" id="dont_check_'.$threat_level.'"'.$gt.$lt.'a class="rounded-corners" style="position: absolute; left: 0; margin: 0; padding: 0 4px; text-decoration: none; color: #C00; background-color: #FCC; border: solid #F00 1px;" href="#check_'.$threat_level.'_div_0" onclick="showhide(\'dont_check_'.$threat_level.'\');"'.$gt.'X'.$lt.'/a'.$gt;
|
756 |
foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"][$threat_level] as $threat_name => $threat_regex)
|
757 |
-
$scan_opts .= $lt."br /$gt\n$lt".'input type="checkbox" name="dont_check[]" value="'.htmlspecialchars($threat_name).'"'.(in_array($threat_name, $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"])?' checked /'.$gt.$lt.'script'.$gt.'showhide("dont_check_'.$threat_level.'", true);'.$lt.'/script'.$gt:' /'.$gt).(isset($_SESSION["GOTMLS_debug"][$threat_name])
|
758 |
$scan_opts .= "\n$lt/div$gt";
|
759 |
}
|
760 |
} else
|
@@ -766,15 +749,15 @@ function GOTMLS_settings() {
|
|
766 |
'.$lt.'div style="float: left;" id="scanwhatfolder"'.$gt.$lt.'/div'.$gt.'
|
767 |
'.$lt.'div style="float: left;"'.$gt.$lt.'p'.$gt.$lt.'b'.$gt.__("Scan Depth:",'gotmls').$lt.'/b'.$gt.$lt.'/p'.$gt.'
|
768 |
'.$lt.'div style="padding: 0 30px;"'.$gt.$lt.'input type="text" value="'.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_depth"].'" name="scan_depth" size="5"'.$gt.$lt.'br /'.$gt.__("how far to drill down",'gotmls').$lt.'br /'.$gt.'('.__("-1 is infinite depth",'gotmls').')'.$lt.'/div'.$gt.$lt.'/div'.$gt.$lt.'br style="clear: left;"'.$gt;
|
769 |
-
if (isset($_GET["SESSION"]) && isset($_SESSION["GOTMLS_debug"]['total'])) {$scan_opts .= print_r($_SESSION["GOTMLS_debug"]['total'],1); unset($_SESSION["GOTMLS_debug"]);}
|
770 |
if (isset($_GET["eli"])) {//still testing this option
|
771 |
$scan_opts .= "\n$lt".'div style="padding: 10px;"'.$gt.$lt.'p'.$gt.$lt.'b'.$gt.__("Custom RegExp:",'gotmls').$lt.'/b'.$gt.' ('.__("For very advanced users only. Do not use this without talking to Eli first. If used incorrectly you could easily break your site.",'gotmls').')'.$lt.'/p'.$gt.$lt.'input type="text" name="check_custom" style="width: 100%;" value="'.htmlspecialchars($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check_custom"]).'" /'.$gt.$lt.'/div'.$gt;
|
772 |
}
|
773 |
-
$scan_opts .= "\n$lt".'p'.$gt.$lt.'b'.$gt.__("Skip files with the following extentions:",'gotmls')."$lt/b$gt".(($default_exclude_ext!=implode(",", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"]))?" {$lt}a href=\"javascript:void(0);\" onclick=\"document.getElementById('exclude_ext').value = '$default_exclude_ext';\"{$gt}[Restore Defaults]$
|
774 |
'.$lt.'div style="padding: 0 30px;"'.$gt.$lt.'input type="text" placeholder="'.__("a comma separated list of file extentions to skip",'gotmls').'" name="exclude_ext" id="exclude_ext" value="'.implode(",", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"]).'" style="width: 100%;" /'.$gt.$lt.'/div'.$gt.'
|
775 |
'.$lt.'p'.$gt.$lt.'b'.$gt.__("Skip directories with the following names:",'gotmls').$lt.'/b'.$gt.$lt.'/p'.$gt.'
|
776 |
'.$lt.'div style="padding: 0 30px;"'.$gt.$lt.'input type="text" placeholder="'.__("a folder name or comma separated list of folder names to skip",'gotmls').'" name="exclude_dir" value="'.implode(",", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_dir"]).'" style="width: 100%;" /'.$gt.$lt.'/div'.$gt.'
|
777 |
-
'.$lt.'table style="width: 100%" cellspacing="10"'.$gt.$lt.'tr'.$gt.$lt.'td nowrap valign="top" style="white-space: nowrap; width: 1px; border-bottom: #F00 solid 2px;"'.$gt.$lt.'b'.$gt.__("Automatically Update Definitions:",'gotmls').$lt.'/b'.$gt.$lt.'/td'.$gt.$lt.'td colspan=2 style="border-bottom: #F00 solid 2px;"'.$gt.$lt.'div id="UPDATE_definitions_div"'.$gt.$lt.'span style="color: #C00;"'.$gt.__("This new BETA feature is only available to registered users who have donated at a certain level.",'gotmls')."$lt/span$gt$lt/div$gt$lt/td$gt$lt/tr$gt{$lt}tr$gt{$lt}td nowrap$gt\n{$lt}b$gt"
|
778 |
@ob_start();
|
779 |
$OB_default_handlers = array("default output handler", "zlib output compression");
|
780 |
$OB_handlers = @ob_list_handlers();
|
@@ -863,12 +846,14 @@ function update_status(title, time) {
|
|
863 |
$found = "";
|
864 |
$li_js = "return false;";
|
865 |
foreach ($scan_groups as $scan_name => $scan_group) {
|
866 |
-
$vars .= ", $scan_group=0";
|
867 |
if ($MAX++ == 6) {
|
868 |
-
|
|
|
|
|
869 |
$found = "Found ";
|
870 |
$fix_button_js = "\n\t\tdis='block';";
|
871 |
} else {
|
|
|
872 |
if ($found && !in_array($scan_group, $GLOBALS["GOTMLS"]["log"]["settings"]["check"]))
|
873 |
$potential_threat = ' potential" title="'.__("You are not currently scanning for this type of threat!",'gotmls');
|
874 |
else
|
@@ -936,11 +921,11 @@ var startTime = 0;
|
|
936 |
if (is_dir($dir)) {
|
937 |
$GOTMLS_dirs_at_depth[0] = 1;
|
938 |
$GOTMLS_dir_at_depth[0] = 0;
|
939 |
-
if (!(isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]['skip_quarantine']) && $GLOBALS["GOTMLS"]["tmp"]["settings_array"]['skip_quarantine'])) {
|
940 |
$GOTMLS_dirs_at_depth[0]++;
|
941 |
GOTMLS_readdir($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]);
|
942 |
}
|
943 |
-
if (isset($_POST['scan_only']) && is_array($_POST['scan_only'])) {
|
944 |
$GOTMLS_dirs_at_depth[0] += (count($_POST['scan_only']) - 1);
|
945 |
foreach ($_POST['scan_only'] as $only_dir)
|
946 |
if (is_dir(GOTMLS_trailingslashit($dir).$only_dir))
|
@@ -1086,6 +1071,29 @@ function GOTMLS_set_plugin_row_meta($links_array, $plugin_file) {
|
|
1086 |
$links_array = array_merge($links_array, array('<a target="_blank" href="http://gotmls.net/faqs/">FAQ</a>','<a target="_blank" href="http://gotmls.net/support/">Support</a>','<a target="_blank" href="https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE">Donate</a>'));
|
1087 |
return $links_array;
|
1088 |
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1089 |
|
1090 |
function GOTMLS_init() {
|
1091 |
global $GOTMLS_onLoad, $wp_version, $wpdb, $GOTMLS_threats_found, $GOTMLS_file_contents;
|
@@ -1154,8 +1162,9 @@ function GOTMLS_init() {
|
|
1154 |
if (!isset($GOTMLS_definitions_versions[$threat_level]) || $definition_version[0] > $GOTMLS_definitions_versions[$threat_level])
|
1155 |
$GOTMLS_definitions_versions[$threat_level] = $definition_version[0];
|
1156 |
}
|
1157 |
-
|
1158 |
$GLOBALS["GOTMLS"]["tmp"]["Definition"]["Updates"] = '?div=Definition_Updates';
|
|
|
1159 |
foreach ($GOTMLS_definitions_versions as $definition_name=>$GLOBALS["GOTMLS"]["tmp"]["Definition"]["Latest"])
|
1160 |
$GLOBALS["GOTMLS"]["tmp"]["Definition"]["Updates"] .= "&ver[$definition_name]=".$GLOBALS["GOTMLS"]["tmp"]["Definition"]["Latest"];
|
1161 |
if (isset($_REQUEST["check"]) && is_array($_REQUEST["check"]))
|
@@ -1193,30 +1202,61 @@ function GOTMLS_init() {
|
|
1193 |
update_option("GOTMLS_definitions_array", $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]);
|
1194 |
die(GOTMLS_html_tags(array("html" => array("body" => "Added $file to Whitelist!<br />\n<iframe style='width: 90%; height: 350px;' src='".GOTMLS_plugin_home."whitelist.html?whitelist=".$_POST['GOTMLS_whitelist']."&hash=$chksum[0]&size=$filesize&key=$chksum[1]'></iframe>"))));
|
1195 |
} else echo "<li>Invalid Data!</li>";
|
1196 |
-
} elseif (isset($
|
1197 |
-
$
|
1198 |
-
|
1199 |
-
|
1200 |
-
|
1201 |
-
|
1202 |
-
|
1203 |
-
|
1204 |
-
|
1205 |
-
|
1206 |
-
|
1207 |
-
|
1208 |
-
|
1209 |
-
|
1210 |
-
|
1211 |
-
|
1212 |
-
|
1213 |
-
|
1214 |
-
|
1215 |
-
|
1216 |
-
|
1217 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1218 |
}
|
1219 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1220 |
$fa = "";
|
1221 |
$function = 'GOTMLS_decode';
|
1222 |
$decode_list = array("Base64" => '/base64_decode\([\'"]([0-9\+\/\=a-z]+)[\'"]\)/', "Hex" => '/(\\\\x[0-9a-f]{2})/');
|
@@ -1228,9 +1268,13 @@ function GOTMLS_init() {
|
|
1228 |
} else
|
1229 |
$fa .= " NO-$decode";
|
1230 |
}
|
1231 |
-
} elseif (isset($
|
1232 |
$f = 1;
|
1233 |
foreach ($GOTMLS_threats_found as $threats_found=>$threats_name) {
|
|
|
|
|
|
|
|
|
1234 |
$fpos = 0;
|
1235 |
$flen = 0;
|
1236 |
$potential_threat = str_replace("\r", "", $threats_found);
|
@@ -1241,8 +1285,7 @@ function GOTMLS_init() {
|
|
1241 |
if (0 == $flen)
|
1242 |
$fa = 'ERROR['.($f++).']: Threat_size{'.strlen($potential_threat).'} } Content_size{'.strlen(str_replace("\r", "", $GOTMLS_file_contents)).'}';
|
1243 |
}
|
1244 |
-
}
|
1245 |
-
$fa = " No Threats Found";
|
1246 |
foreach ($decode_list as $decode => $regex)
|
1247 |
if (preg_match($regex.substr($GLOBALS["GOTMLS"]["tmp"]["default_ext"], 0, 1), $GOTMLS_file_contents))
|
1248 |
$fa .= ' <a href="'.GOTMLS_script_URI.'&'.$function.'[]='.$decode.'">decode['.$decode.']</a>';
|
@@ -1261,40 +1304,83 @@ function GOTMLS_init() {
|
|
1261 |
}
|
1262 |
}
|
1263 |
window.parent.showhide("GOTMLS_iFrame", true);
|
1264 |
-
</script><table style="top: 0px; left: 0px; width: 100%; height: 100%; position: absolute;"><tr><td style="width: 100%"><form style="margin: 0;" method="post"
|
1265 |
-
}
|
1266 |
-
|
1267 |
-
|
1268 |
-
|
1269 |
-
|
1270 |
-
|
1271 |
-
|
1272 |
-
|
1273 |
-
|
1274 |
-
|
1275 |
-
|
1276 |
-
|
1277 |
-
|
1278 |
-
|
1279 |
-
|
1280 |
-
|
1281 |
-
|
1282 |
-
|
1283 |
-
|
1284 |
-
|
|
|
|
|
|
|
|
|
1285 |
}
|
1286 |
-
|
1287 |
-
|
1288 |
-
$
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1289 |
}
|
1290 |
-
|
1291 |
-
$li_js = "<script type=\"text/javascript\">\n/*<!--*"."/";
|
1292 |
-
} else
|
1293 |
-
echo "<li>".__("File ".htmlentities($path)." not found!",'gotmls')."</li>";
|
1294 |
}
|
1295 |
-
die('<div id="check_site_warning" style="background-color: #F00;">'.sprintf(__("Because some threats were automatically fixed we need to check to make sure the removal did not break your site. If this stays Red and the frame below does not load please <a %s>revert the changes</a> made during the automated fix process.",'gotmls'), 'target="test_frame" href="admin.php?page=GOTMLS-View-Quarantine"').' <span style="color: #F00;">'.__("Never mind, it worked!",'gotmls').'</span></div><br /><iframe id="test_frame" name="test_frame" src="'.GOTMLS_script_URI.'&check_site=1" style="width: 100%; height: 200px"></iframe>'.$li_js."/*-->*"."/\nalert_repaired(0);\n</script>\n");
|
1296 |
} elseif (isset($_REQUEST["GOTMLS_fixing"]))
|
1297 |
-
die("<script type=\"text/javascript\">\nwindow.parent.showhide('GOTMLS_iFrame', true);\nalert('".__("Nothing Selected to be Changed!",'gotmls')."');\n</script>".__("Done!",'gotmls'));
|
1298 |
if (isset($_POST["scan_level"]) && is_numeric($_POST["scan_level"]))
|
1299 |
$scan_level = intval($_POST["scan_level"]);
|
1300 |
if (isset($scan_level) && is_numeric($scan_level))
|
@@ -1336,8 +1422,9 @@ if (function_exists("is_admin") && is_admin() && ((isset($_POST['GOTMLS_whitelis
|
|
1336 |
require_once(ABSPATH.WPINC.'/pluggable.php');
|
1337 |
GOTMLS_loaded();
|
1338 |
GOTMLS_init();
|
1339 |
-
die("\n//
|
1340 |
} else {
|
|
|
1341 |
add_filter("plugin_row_meta", "GOTMLS_set_plugin_row_meta", 1, 2);
|
1342 |
add_filter("plugin_action_links", "GOTMLS_set_plugin_action_links", 1, 2);
|
1343 |
add_action("plugins_loaded", "GOTMLS_loaded");
|
8 |
Contributors: scheeeli, gotmls
|
9 |
Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
|
10 |
Description: This Anti-Virus/Anti-Malware plugin searches for Malware and other Virus like threats and vulnerabilities on your server and helps you remove them. It's always growing and changing to adapt to new threats so let me know if it's not working for you.
|
11 |
+
Version: 4.15.25
|
12 |
*/
|
13 |
if (isset($_SERVER["DOCUMENT_ROOT"]) && ($SCRIPT_FILE = str_replace($_SERVER["DOCUMENT_ROOT"], "", isset($_SERVER["SCRIPT_FILENAME"])?$_SERVER["SCRIPT_FILENAME"]:isset($_SERVER["SCRIPT_NAME"])?$_SERVER["SCRIPT_NAME"]:"")) && strlen($SCRIPT_FILE) > strlen("/".basename(__FILE__)) && substr(__FILE__, -1 * strlen($SCRIPT_FILE)) == substr($SCRIPT_FILE, -1 * strlen(__FILE__)))
|
14 |
include(dirname(__FILE__)."/safe-load/index.php");
|
57 |
}
|
58 |
|
59 |
function GOTMLS_menu() {
|
60 |
+
if (GOTMLS_user_can() && isset($_POST["GOTMLS_menu_group"]) && is_numeric($_POST["GOTMLS_menu_group"])) {
|
|
|
61 |
$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["menu_group"] = $_POST["GOTMLS_menu_group"];
|
|
|
|
|
|
|
|
|
|
|
|
|
62 |
update_option('GOTMLS_settings_array', $GLOBALS["GOTMLS"]["tmp"]["settings_array"]);
|
63 |
}
|
64 |
$GOTMLS_Full_plugin_logo_URL = GOTMLS_images_path.'GOTMLS-16x16.gif';
|
115 |
global $GOTMLS_onLoad, $wp_version, $current_user;
|
116 |
get_currentuserinfo();
|
117 |
$GOTMLS_url_parts = explode('/', GOTMLS_siteurl);
|
118 |
+
if (isset($_GET["check_site"]) && $_GET["check_site"])
|
119 |
echo '<div id="check_site" style="z-index: 1234567;"><img src="'.GOTMLS_images_path.'checked.gif" height=16 width=16 alt="✔"> '.__("Tested your site. It appears we didn't break anything",'gotmls').' ;-)</div><script type="text/javascript">window.parent.document.getElementById("check_site_warning").style.backgroundColor=\'#0C0\';</script><li>Please <a target="_blank" href="https://wordpress.org/plugins/gotmls/stats/?compatibility%5Bversion%5D='.$wp_version.'&compatibility%5Btopic_version%5D='.GOTMLS_Version.'&compatibility%5Bcompatible%5D=1#compatibility-works">Vote "Works"</a> or <a target="_blank" href="https://wordpress.org/support/view/plugin-reviews/gotmls#postform">write a "Five-Star" Reviews</a> on WordPress.org if you like this plugin.</li><style>#footer, #GOTMLS-metabox-container, #GOTMLS-right-sidebar, #admin-page-container, #wpadminbar, #adminmenuback, #adminmenuwrap, #adminmenu, .error, .updated, .update-nag {display: none !important;} #wpbody-content {padding-bottom: 0;} #wpbody, html.wp-toolbar {padding-top: 0 !important;} #wpcontent, #footer {margin-left: 5px !important;}';
|
120 |
else
|
121 |
echo '<style>#GOTMLS-right-sidebar {float: right; margin-right: 0px;}';
|
132 |
$Update_Div ='<div id="findUpdates" style="display: none;"><center>'.__("Searching for updates ...",'gotmls').'<br /><img src="'.GOTMLS_images_path.'wait.gif" height=16 width=16 alt="Wait..." /><br /><input type="button" value="Cancel" onclick="cancelserver(\'findUpdates\');" /></center></div>';
|
133 |
echo '
|
134 |
span.GOTMLS_date {float: right; width: 120px; white-space: nowrap;}
|
135 |
+
.GOTMLS_quarantine_item {margin: 4px 12px;}
|
136 |
.rounded-corners {margin: 10px; border-radius: 10px; -moz-border-radius: 10px; -webkit-border-radius: 10px; border: 1px solid #000;}
|
137 |
.shadowed-box {box-shadow: -3px 3px 3px #666; -moz-box-shadow: -3px 3px 3px #666; -webkit-box-shadow: -3px 3px 3px #666;}
|
138 |
.sidebar-box {background-color: #CCC;}
|
617 |
return "$Q_Page\n";
|
618 |
}
|
619 |
|
620 |
+
function GOTMLS_get_quarantine($only = false) {
|
621 |
+
global $wpdb, $current_user, $post;//, $GOTMLS_new_contents, $GOTMLS_file_contents, $GOTMLS_threats_found;
|
622 |
$Q_Page = '
|
623 |
<form method="POST" target="GOTMLS_iFrame" name="GOTMLS_Form_clean"><input type="hidden" id="GOTMLS_fixing" name="GOTMLS_fixing" value="1">';
|
624 |
+
$args = array('posts_per_page' => -1, 'orderby' => 'date', 'post_type' => 'GOTMLS_quarantine', "post_status" => "private");
|
625 |
+
if (is_numeric($only))
|
626 |
+
return get_post($only, ARRAY_A);
|
627 |
+
$my_query = new WP_Query($args);
|
628 |
+
if ($only)
|
629 |
+
return $my_query->post_count;
|
630 |
+
if ($my_query->have_posts()) {
|
631 |
+
$Q_Page .= '<p id="quarantine_buttons" style="display: none;"><input id="repair_button" type="submit" value="'.__("Restore selected files",'gotmls').'" class="button-primary" onclick="if (confirm(\''.__("Are you sure you want to overwrite the previously cleaned files with the selected files in the Quarantine?",'gotmls').'\')) { setvalAllFiles(1); loadIframe(\'File Restoration Results\'); } else return false;" /><input id="delete_button" type="submit" class="button-primary" value="'.__("Delete selected files",'gotmls').'" onclick="if (confirm(\''.__("Are you sure you want to permanently delete the selected files in the Quarantine?",'gotmls').'\')) { setvalAllFiles(2); loadIframe(\'File Deletion Results\'); } else return false;" /></p><p><b>'.__("The following items have been found to contain malicious code, they have been cleaned, and the original infected file contents have been saved here in the Quarantine. The code is safe here and you do not need to do anything further with these files.",'gotmls').'</b></p>
|
632 |
+
<ul name="found_Quarantine" id="found_Quarantine" class="GOTMLS_plugin known" style="background-color: #ccc; padding: 0;"><h3>'.($my_query->post_count>1?'<input type="checkbox" onchange="checkAllFiles(this.checked); document.getElementById(\'quarantine_buttons\').style.display = \'block\';"> '.sprintf(__("Check all %d",'gotmls'),$my_query->post_count):"").__(" Items in Quarantine",'gotmls').'<span class="GOTMLS_date">Date Quarantined</span><span class="GOTMLS_date">Date Infected</span></h3>';
|
633 |
$root_path = implode(GOTMLS_slash(), array_slice(GOTMLS_explode_dir(__file__), 0, (2 + intval($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"])) * -1));
|
634 |
+
while ($my_query->have_posts()) {
|
635 |
+
$my_query->the_post();
|
636 |
+
$clean_file = GOTMLS_encode($post->post_title);
|
637 |
$Q_Page .= '
|
638 |
+
<li id="GOTMLS_quarantine_'.$post->ID.'" class="GOTMLS_quarantine_item"><span class="GOTMLS_date">'.$post->post_date_gmt.'</span><span class="GOTMLS_date">'.$post->post_modified_gmt.'</span><input type="checkbox" name="GOTMLS_fix[]" value="'.$post->ID.'" id="check_'.$post->ID.'" onchange="document.getElementById(\'quarantine_buttons\').style.display = \'block\';" /><img src="'.GOTMLS_images_path.'blocked.gif" height=16 width=16 alt="Q">'.GOTMLS_error_link(__("View Quarantined File",'gotmls'), $post->ID).str_replace($root_path, "...", $post->post_title)."</a></li>\n";
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
639 |
}
|
640 |
$Q_Page .= "\n</ul>";
|
641 |
+
wp_reset_query();
|
642 |
} else
|
643 |
$Q_Page .= '<h3>'.__("No Items in Quarantine",'gotmls').'</h3>';
|
644 |
return "$Q_Page\n</form>\n";
|
734 |
$scan_opts .= $lt.'input type="checkbox" name="check[]" id="check_'.$threat_level.'_Yes" value="'.$threat_level.'"'.(in_array($threat_level,$GLOBALS["GOTMLS"]["log"]["settings"]["check"])?' checked':'').' /'.$gt.' '.$lt.'a style="text-decoration: none;" href="#check_'.$threat_level.'_div_0" onclick="document.getElementById(\'check_'.$threat_level.'_Yes\').checked=true;showhide(\'dont_check_'.$threat_level.'\');"'."$gt{$lt}b$gt$threat_level_name$lt/b$gt$lt/a$gt\n";
|
735 |
if (isset($_GET["SESSION"])) {
|
736 |
if (isset($_SESSION["GOTMLS_debug"][$threat_level]))
|
737 |
+
$lt.'div style="float: right;"'.$gt.print_r($_SESSION["GOTMLS_debug"][$threat_level],1)."$lt/div$gt";
|
738 |
$scan_opts .= "\n$lt".'div style="padding: 0 20px; position: relative; top: -18px; display: none;" id="dont_check_'.$threat_level.'"'.$gt.$lt.'a class="rounded-corners" style="position: absolute; left: 0; margin: 0; padding: 0 4px; text-decoration: none; color: #C00; background-color: #FCC; border: solid #F00 1px;" href="#check_'.$threat_level.'_div_0" onclick="showhide(\'dont_check_'.$threat_level.'\');"'.$gt.'X'.$lt.'/a'.$gt;
|
739 |
foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"][$threat_level] as $threat_name => $threat_regex)
|
740 |
+
$scan_opts .= $lt."br /$gt\n$lt".'input type="checkbox" name="dont_check[]" value="'.htmlspecialchars($threat_name).'"'.(in_array($threat_name, $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"])?' checked /'.$gt.$lt.'script'.$gt.'showhide("dont_check_'.$threat_level.'", true);'.$lt.'/script'.$gt:' /'.$gt).(isset($_SESSION["GOTMLS_debug"][$threat_name])?$lt.'div style="float: right;"'.$gt.print_r($_SESSION["GOTMLS_debug"][$threat_name],1)."$lt/div$gt":"").$threat_name;
|
741 |
$scan_opts .= "\n$lt/div$gt";
|
742 |
}
|
743 |
} else
|
749 |
'.$lt.'div style="float: left;" id="scanwhatfolder"'.$gt.$lt.'/div'.$gt.'
|
750 |
'.$lt.'div style="float: left;"'.$gt.$lt.'p'.$gt.$lt.'b'.$gt.__("Scan Depth:",'gotmls').$lt.'/b'.$gt.$lt.'/p'.$gt.'
|
751 |
'.$lt.'div style="padding: 0 30px;"'.$gt.$lt.'input type="text" value="'.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_depth"].'" name="scan_depth" size="5"'.$gt.$lt.'br /'.$gt.__("how far to drill down",'gotmls').$lt.'br /'.$gt.'('.__("-1 is infinite depth",'gotmls').')'.$lt.'/div'.$gt.$lt.'/div'.$gt.$lt.'br style="clear: left;"'.$gt;
|
752 |
+
if (isset($_GET["SESSION"]) && isset($_SESSION["GOTMLS_debug"]['total'])) {$scan_opts .= $lt.'div style="float: right;"'.$gt.print_r($_SESSION["GOTMLS_debug"]['total'],1)."$lt/div$gt"; unset($_SESSION["GOTMLS_debug"]);}
|
753 |
if (isset($_GET["eli"])) {//still testing this option
|
754 |
$scan_opts .= "\n$lt".'div style="padding: 10px;"'.$gt.$lt.'p'.$gt.$lt.'b'.$gt.__("Custom RegExp:",'gotmls').$lt.'/b'.$gt.' ('.__("For very advanced users only. Do not use this without talking to Eli first. If used incorrectly you could easily break your site.",'gotmls').')'.$lt.'/p'.$gt.$lt.'input type="text" name="check_custom" style="width: 100%;" value="'.htmlspecialchars($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check_custom"]).'" /'.$gt.$lt.'/div'.$gt;
|
755 |
}
|
756 |
+
$scan_opts .= "\n$lt".'p'.$gt.$lt.'b'.$gt.__("Skip files with the following extentions:",'gotmls')."$lt/b$gt".(($default_exclude_ext!=implode(",", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"]))?" {$lt}a href=\"javascript:void(0);\" onclick=\"document.getElementById('exclude_ext').value = '$default_exclude_ext';\"{$gt}[Restore Defaults]$lt/a$gt":"").$lt.'/p'.$gt.'
|
757 |
'.$lt.'div style="padding: 0 30px;"'.$gt.$lt.'input type="text" placeholder="'.__("a comma separated list of file extentions to skip",'gotmls').'" name="exclude_ext" id="exclude_ext" value="'.implode(",", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"]).'" style="width: 100%;" /'.$gt.$lt.'/div'.$gt.'
|
758 |
'.$lt.'p'.$gt.$lt.'b'.$gt.__("Skip directories with the following names:",'gotmls').$lt.'/b'.$gt.$lt.'/p'.$gt.'
|
759 |
'.$lt.'div style="padding: 0 30px;"'.$gt.$lt.'input type="text" placeholder="'.__("a folder name or comma separated list of folder names to skip",'gotmls').'" name="exclude_dir" value="'.implode(",", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_dir"]).'" style="width: 100%;" /'.$gt.$lt.'/div'.$gt.'
|
760 |
+
'.$lt.'table style="width: 100%" cellspacing="10"'.$gt.$lt.'tr'.$gt.$lt.'td nowrap valign="top" style="white-space: nowrap; width: 1px; border-bottom: #F00 solid 2px;"'.$gt.$lt.'b'.$gt.__("Automatically Update Definitions:",'gotmls').$lt.'/b'.$gt.$lt.'/td'.$gt.$lt.'td colspan=2 style="border-bottom: #F00 solid 2px;"'.$gt.$lt.'div id="UPDATE_definitions_div"'.$gt.$lt.'span style="color: #C00;"'.$gt.__("This new BETA feature is only available to registered users who have donated at a certain level.",'gotmls')."$lt/span$gt$lt/div$gt$lt/td$gt$lt/tr$gt{$lt}tr$gt{$lt}td nowrap$gt\n{$lt}b$gt"/*.GOTMLS_Skip_Quarantine_LANGUAGE.$lt.'/b'.$gt*/.$lt.'/td'.$gt.$lt.'td'.$gt/*.$lt.'input type="checkbox" name="skip_quarantine" value="1"'.((isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["skip_quarantine"]) && $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["skip_quarantine"])?" checked":"").''.$gt*/.$lt.'/td'.$gt.$lt.'td align="right" valign="bottom"'.$gt.$lt.'input type="submit" id="complete_scan" value="'.__("Run Complete Scan",'gotmls').'" class="button-primary" /'."$gt$lt/td$gt$lt/tr$gt$lt/table$gt$lt/form$gt";
|
761 |
@ob_start();
|
762 |
$OB_default_handlers = array("default output handler", "zlib output compression");
|
763 |
$OB_handlers = @ob_list_handlers();
|
846 |
$found = "";
|
847 |
$li_js = "return false;";
|
848 |
foreach ($scan_groups as $scan_name => $scan_group) {
|
|
|
849 |
if ($MAX++ == 6) {
|
850 |
+
$quarantineCountOnly = GOTMLS_get_quarantine(true);
|
851 |
+
$vars .= ", $scan_group=$quarantineCountOnly";
|
852 |
+
echo "/*--{$gt}*"."/\n\tif ($scan_group > 0)\n\t\tscan_state = ' potential'; \n\telse\n\t\tscan_state = '';\n\tdivHTML += '</ul><ul style=\"text-align: left;\"><li class=\"GOTMLS_li\"><a href=\"admin.php?page=GOTMLS-View-Quarantine\" class=\"GOTMLS_plugin".(/*(isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["skip_quarantine"]) && $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["skip_quarantine"])?" potential\" title=\"".GOTMLS_Skip_Quarantine_LANGUAGE:*/"'+scan_state+'\" title=\"".GOTMLS_View_Quarantine_LANGUAGE)."\">'+$scan_group+' '+($scan_group==1?('$scan_name').slice(0,-1):'$scan_name')+'</a></li>';\n/*{$lt}!--*"."/";
|
853 |
$found = "Found ";
|
854 |
$fix_button_js = "\n\t\tdis='block';";
|
855 |
} else {
|
856 |
+
$vars .= ", $scan_group=0";
|
857 |
if ($found && !in_array($scan_group, $GLOBALS["GOTMLS"]["log"]["settings"]["check"]))
|
858 |
$potential_threat = ' potential" title="'.__("You are not currently scanning for this type of threat!",'gotmls');
|
859 |
else
|
921 |
if (is_dir($dir)) {
|
922 |
$GOTMLS_dirs_at_depth[0] = 1;
|
923 |
$GOTMLS_dir_at_depth[0] = 0;
|
924 |
+
/* if (!(isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]['skip_quarantine']) && $GLOBALS["GOTMLS"]["tmp"]["settings_array"]['skip_quarantine'])) {
|
925 |
$GOTMLS_dirs_at_depth[0]++;
|
926 |
GOTMLS_readdir($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]);
|
927 |
}
|
928 |
+
*/ if (isset($_POST['scan_only']) && is_array($_POST['scan_only'])) {
|
929 |
$GOTMLS_dirs_at_depth[0] += (count($_POST['scan_only']) - 1);
|
930 |
foreach ($_POST['scan_only'] as $only_dir)
|
931 |
if (is_dir(GOTMLS_trailingslashit($dir).$only_dir))
|
1071 |
$links_array = array_merge($links_array, array('<a target="_blank" href="http://gotmls.net/faqs/">FAQ</a>','<a target="_blank" href="http://gotmls.net/support/">Support</a>','<a target="_blank" href="https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE">Donate</a>'));
|
1072 |
return $links_array;
|
1073 |
}
|
1074 |
+
function GOTMLS_in_plugin_update_message($args) {
|
1075 |
+
$transient_name = "GOTMLS_upgrade_notice_".$args["Version"];
|
1076 |
+
if ((false === ($upgrade_notice = get_transient($transient_name))) && ($response = wp_remote_get("https://plugins.svn.wordpress.org/gotmls/trunk/readme.txt")) && (200 == ($ret = wp_remote_retrieve_response_code($response))) && ($ret = wp_remote_retrieve_body($response))) {
|
1077 |
+
$upgrade_notice = '';
|
1078 |
+
if (preg_match('/==\s*Upgrade Notice\s*==\s*=\s*(.*)\s*=(.*)(=\s*' . str_replace(".", "\\.", GOTMLS_Version) . '\s*=|$)/is', $ret, $matches)) {
|
1079 |
+
$version = trim( $matches[1] );
|
1080 |
+
$notices = (array) preg_split('~[\r\n]+~', trim( $matches[2] ) );
|
1081 |
+
|
1082 |
+
if ( version_compare( GOTMLS_Version, $version, '<' ) ) {
|
1083 |
+
|
1084 |
+
$upgrade_notice .= '<div class="GOTMLS_upgrade_notice">';
|
1085 |
+
|
1086 |
+
foreach ( $notices as $index => $line ) {
|
1087 |
+
$upgrade_notice .= wp_kses_post( preg_replace( '~\[([^\]]*)\]\(([^\)]*)\)~', '<a href="${2}">${1}</a>', $line ) );
|
1088 |
+
}
|
1089 |
+
|
1090 |
+
$upgrade_notice .= '</div> ';
|
1091 |
+
}
|
1092 |
+
}
|
1093 |
+
set_transient($transient_name, $upgrade_notice, DAY_IN_SECONDS);
|
1094 |
+
}
|
1095 |
+
echo wp_kses_post($upgrade_notice);
|
1096 |
+
}
|
1097 |
|
1098 |
function GOTMLS_init() {
|
1099 |
global $GOTMLS_onLoad, $wp_version, $wpdb, $GOTMLS_threats_found, $GOTMLS_file_contents;
|
1162 |
if (!isset($GOTMLS_definitions_versions[$threat_level]) || $definition_version[0] > $GOTMLS_definitions_versions[$threat_level])
|
1163 |
$GOTMLS_definitions_versions[$threat_level] = $definition_version[0];
|
1164 |
}
|
1165 |
+
if (isset($_GET["debug"])) die(print_r(array("<pre>GOTMLS_definitions_versions"=>$GOTMLS_definitions_versions,"tmp__definitions_array"=>$GLOBALS["GOTMLS"]["tmp"]["definitions_array"], "</pre>"=>"END"),1));
|
1166 |
$GLOBALS["GOTMLS"]["tmp"]["Definition"]["Updates"] = '?div=Definition_Updates';
|
1167 |
+
asort($GOTMLS_definitions_versions);
|
1168 |
foreach ($GOTMLS_definitions_versions as $definition_name=>$GLOBALS["GOTMLS"]["tmp"]["Definition"]["Latest"])
|
1169 |
$GLOBALS["GOTMLS"]["tmp"]["Definition"]["Updates"] .= "&ver[$definition_name]=".$GLOBALS["GOTMLS"]["tmp"]["Definition"]["Latest"];
|
1170 |
if (isset($_REQUEST["check"]) && is_array($_REQUEST["check"]))
|
1202 |
update_option("GOTMLS_definitions_array", $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]);
|
1203 |
die(GOTMLS_html_tags(array("html" => array("body" => "Added $file to Whitelist!<br />\n<iframe style='width: 90%; height: 350px;' src='".GOTMLS_plugin_home."whitelist.html?whitelist=".$_POST['GOTMLS_whitelist']."&hash=$chksum[0]&size=$filesize&key=$chksum[1]'></iframe>"))));
|
1204 |
} else echo "<li>Invalid Data!</li>";
|
1205 |
+
} elseif (isset($_REQUEST["GOTMLS_fix"]) && is_array($_REQUEST["GOTMLS_fix"]) && isset($_REQUEST["GOTMLS_fixing"]) && $_REQUEST["GOTMLS_fixing"]) {
|
1206 |
+
$callAlert = "clearTimeout(callAlert);\ncallAlert=setTimeout('alert_repaired(1)', 30000);";
|
1207 |
+
$li_js = "\n<script type=\"text/javascript\">\nvar callAlert;\nfunction alert_repaired(failed) {\nclearTimeout(callAlert);\nif (failed)\nfilesFailed='the rest, try again to change more.';\nwindow.parent.check_for_donation('Changed '+filesFixed+' files, failed to change '+filesFailed);\n}\n$callAlert\nwindow.parent.showhide('GOTMLS_iFrame', true);\nfilesFixed=0;\nfilesFailed=0;\nfunction fixedFile(file) {\n filesFixed++;\nif (li_file = window.parent.document.getElementById('list_'+file))\nli_file.className='GOTMLS_plugin';\nif (li_file = window.parent.document.getElementById('GOTMLS_quarantine_'+file))\nli_file.style.display='none';\nwindow.parent.document.getElementById('check_'+file).checked=false;\n}\nfunction DeletedFile(file) {\n filesFixed++;\nwindow.parent.document.getElementById('GOTMLS_quarantine_'+file).style.display='none';\nwindow.parent.document.getElementById('check_'+file).checked=false;\n }\nfunction failedFile(file) {\n filesFailed++;\nwindow.parent.document.getElementById('check_'+file).checked=false; \n}\n</script>\n<script type=\"text/javascript\">\n/*<!--*"."/";
|
1208 |
+
@set_time_limit($GLOBALS["GOTMLS"]["tmp"]['execution_time'] * 2);
|
1209 |
+
$HTML = explode("split-here-for-content", GOTMLS_html_tags(array("html" => array("body" => "split-here-for-content"))));
|
1210 |
+
echo $HTML[0];
|
1211 |
+
GOTMLS_update_scan_log(array("scan" => array("dir" => count($_REQUEST["GOTMLS_fix"])." Files", "start" => time())));
|
1212 |
+
foreach ($_REQUEST["GOTMLS_fix"] as $clean_file) {
|
1213 |
+
if (is_numeric($clean_file)) {
|
1214 |
+
if (($Q_post = GOTMLS_get_quarantine($clean_file)) && isset($Q_post["post_type"]) && $Q_post["post_type"] == "GOTMLS_quarantine" && isset($Q_post["post_status"]) && $Q_post["post_status"] == "private") {
|
1215 |
+
$path = $Q_post["post_title"];
|
1216 |
+
if ($_REQUEST["GOTMLS_fixing"] > 1) {
|
1217 |
+
echo "<li>Removing $path ... ";
|
1218 |
+
$Q_post["post_status"] = "trash";
|
1219 |
+
if (wp_update_post($Q_post)) {
|
1220 |
+
echo __("Done!",'gotmls');
|
1221 |
+
$li_js .= "/*-->*"."/\nDeletedFile('$clean_file');\n/*<!--*"."/";
|
1222 |
+
} else {
|
1223 |
+
echo __("Failed to delete!",'gotmls');
|
1224 |
+
$li_js .= "/*-->*"."/\nfailedFile('$clean_file');\n/*<!--*"."/";
|
1225 |
+
}
|
1226 |
+
GOTMLS_update_scan_log(array("scan" => array("finish" => time(), "type" => "Removal from Quarantine")));
|
1227 |
+
} else {
|
1228 |
+
echo "<li>Restoring $path ... ";
|
1229 |
+
$Q_post["post_status"] = "pending";
|
1230 |
+
if (GOTMLS_file_put_contents($path, GOTMLS_decode($Q_post["post_content"])) && wp_update_post($Q_post)) {
|
1231 |
+
echo __("Complete!",'gotmls');
|
1232 |
+
$li_js .= "/*-->*"."/\nfixedFile('$clean_file');\n/*<!--*"."/";
|
1233 |
+
} else {
|
1234 |
+
echo __("Restore Failed!",'gotmls');
|
1235 |
+
$li_js .= "/*-->*"."/\nfailedFile('$clean_file');\n/*<!--*"."/";
|
1236 |
+
}
|
1237 |
+
GOTMLS_update_scan_log(array("scan" => array("finish" => time(), "type" => "Restoration from Quarantine")));
|
1238 |
+
}
|
1239 |
+
echo "</li>\n$li_js/*-->*"."/\n$callAlert\n</script>\n";
|
1240 |
+
$li_js = "<script type=\"text/javascript\">\n/*<!--*"."/";
|
1241 |
}
|
1242 |
+
} else {
|
1243 |
+
$path = realpath(GOTMLS_decode($clean_file));
|
1244 |
+
if (is_file($path)) {
|
1245 |
+
echo "<li>Fixing $path ... ";
|
1246 |
+
$li_js .= GOTMLS_scanfile($path);
|
1247 |
+
echo "</li>\n$li_js/*-->*"."/\n$callAlert\n</script>\n";
|
1248 |
+
$li_js = "<script type=\"text/javascript\">\n/*<!--*"."/";
|
1249 |
+
} else
|
1250 |
+
echo "<li>".__("File ".htmlentities($path)." not found!",'gotmls')."</li>";
|
1251 |
+
GOTMLS_update_scan_log(array("scan" => array("finish" => time(), "type" => "Automatic Fix")));
|
1252 |
+
}
|
1253 |
+
}
|
1254 |
+
die('<div id="check_site_warning" style="background-color: #F00;">'.sprintf(__("Because some changes were made we need to check to make sure it did not break your site. If this stays Red and the frame below does not load please <a %s>revert the changes</a> made during this automated fix process.",'gotmls'), 'target="_top" href="admin.php?page=GOTMLS-View-Quarantine"').' <span style="color: #F00;">'.__("Never mind, it worked!",'gotmls').'</span></div><br /><iframe id="test_frame" name="test_frame" src="'.str_replace('GOTMLS_', '', GOTMLS_script_URI).'&check_site=1" style="width: 100%; height: 200px"></iframe>'.$li_js."/*-->*"."/\nalert_repaired(0);\n</script>\n$HTML[1]");
|
1255 |
+
} elseif (isset($_GET["GOTMLS_scan"]) && $_GET["GOTMLS_scan"]) {
|
1256 |
+
if (is_numeric($_GET["GOTMLS_scan"])) {
|
1257 |
+
if (($Q_post = GOTMLS_get_quarantine($_GET["GOTMLS_scan"])) && isset($Q_post["post_type"]) && $Q_post["post_type"] == "GOTMLS_quarantine" && isset($Q_post["post_status"]) && $Q_post["post_status"] == "private") {
|
1258 |
+
$clean_file = $Q_post["post_title"];
|
1259 |
+
$GOTMLS_file_contents = GOTMLS_decode($Q_post["post_content"]);
|
1260 |
$fa = "";
|
1261 |
$function = 'GOTMLS_decode';
|
1262 |
$decode_list = array("Base64" => '/base64_decode\([\'"]([0-9\+\/\=a-z]+)[\'"]\)/', "Hex" => '/(\\\\x[0-9a-f]{2})/');
|
1268 |
} else
|
1269 |
$fa .= " NO-$decode";
|
1270 |
}
|
1271 |
+
} elseif (isset($Q_post["post_excerpt"]) && strlen($Q_post["post_excerpt"]) && is_array($GOTMLS_threats_found = @maybe_unserialize(GOTMLS_decode($Q_post["post_excerpt"])))) {
|
1272 |
$f = 1;
|
1273 |
foreach ($GOTMLS_threats_found as $threats_found=>$threats_name) {
|
1274 |
+
if (is_numeric($threats_found)) {
|
1275 |
+
$threats_found = $threats_name;
|
1276 |
+
$threats_name = $f;
|
1277 |
+
}
|
1278 |
$fpos = 0;
|
1279 |
$flen = 0;
|
1280 |
$potential_threat = str_replace("\r", "", $threats_found);
|
1285 |
if (0 == $flen)
|
1286 |
$fa = 'ERROR['.($f++).']: Threat_size{'.strlen($potential_threat).'} } Content_size{'.strlen(str_replace("\r", "", $GOTMLS_file_contents)).'}';
|
1287 |
}
|
1288 |
+
}
|
|
|
1289 |
foreach ($decode_list as $decode => $regex)
|
1290 |
if (preg_match($regex.substr($GLOBALS["GOTMLS"]["tmp"]["default_ext"], 0, 1), $GOTMLS_file_contents))
|
1291 |
$fa .= ' <a href="'.GOTMLS_script_URI.'&'.$function.'[]='.$decode.'">decode['.$decode.']</a>';
|
1304 |
}
|
1305 |
}
|
1306 |
window.parent.showhide("GOTMLS_iFrame", true);
|
1307 |
+
</script><table style="top: 0px; left: 0px; width: 100%; height: 100%; position: absolute;"><tr><td style="width: 100%"><form style="margin: 0;" method="post" onsubmit="return confirm(\''.__("Are you sure you want to delete this file from the quarantine?",'gotmls').'\');"><input type="hidden" name="GOTMLS_fix[]" value="'.$Q_post["ID"].'"><input type="hidden" name="GOTMLS_fixing" value="2"><input type="submit" value="DELETE from Quarantine" style="background-color: #C00; float: right;"></form><div id="fileperms" class="shadowed-box rounded-corners" style="display: none; position: absolute; left: 8px; top: 29px; background-color: #ccc; border: medium solid #C00; box-shadow: -3px 3px 3px #666; border-radius: 10px; padding: 10px;"><b>File Details</b><br />encoding: '.mb_detect_encoding($GOTMLS_file_contents).'<br />size: '.strlen($GOTMLS_file_contents).' bytes<br />infected:'.$Q_post["post_modified_gmt"].'<br />quarantined:'.$Q_post["post_date_gmt"].'</div><div style="overflow: auto;"><span onmouseover="document.getElementById(\'fileperms\').style.display=\'block\';" onmouseout="document.getElementById(\'fileperms\').style.display=\'none\';">'.__("File Details:",'gotmls').'</span> ('.$fa.' )</div></td></tr><tr><td style="height: 100%"><textarea id="ta_file" style="width: 100%; height: 100%">'.htmlentities(str_replace("\r", "", $GOTMLS_file_contents)).'</textarea></td></tr></table>');
|
1308 |
+
} else
|
1309 |
+
die(GOTMLS_html_tags(array("html" => array("body" => __("This file no longer exists in the quarantine.",'gotmls')."<br />\n<script type=\"text/javascript\">\nwindow.parent.showhide('GOTMLS_iFrame', true);\n</script>"))));
|
1310 |
+
} else {
|
1311 |
+
$file = GOTMLS_decode($_GET["GOTMLS_scan"]);
|
1312 |
+
if (is_dir($file)) {
|
1313 |
+
@error_reporting(0);
|
1314 |
+
@header("Content-type: text/javascript");
|
1315 |
+
if (isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"]))
|
1316 |
+
$GLOBALS["GOTMLS"]["tmp"]["skip_ext"] = $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"];
|
1317 |
+
@ob_start();
|
1318 |
+
echo GOTMLS_scandir($file);
|
1319 |
+
if (@ob_get_level()) {
|
1320 |
+
GOTMLS_flush();
|
1321 |
+
@ob_end_flush();
|
1322 |
+
}
|
1323 |
+
die('//END OF JavaScript');
|
1324 |
+
} else {
|
1325 |
+
if (!file_exists($file))
|
1326 |
+
die(GOTMLS_html_tags(array("html" => array("body" => sprintf(__("The file %s does not exist, it must have already been deleted.",'gotmls'), $file)."<script type=\"text/javascript\">\nwindow.parent.showhide('GOTMLS_iFrame', true);\n</script>"))));
|
1327 |
+
else {
|
1328 |
+
$clean_file = $file;
|
1329 |
+
if (is_numeric($file) && $file == GOTMLS_quarantine($file)) {
|
1330 |
+
$clean_file = 'Quarantined: '.GOTMLS_decode(array_pop(explode(".", '.'.substr($file, strlen(dirname($file))+1, -7))));
|
1331 |
+
$_GET["eli"] = "quarantine";
|
1332 |
}
|
1333 |
+
GOTMLS_scanfile($file);
|
1334 |
+
$fa = "";
|
1335 |
+
$function = 'GOTMLS_decode';
|
1336 |
+
$decode_list = array("Base64" => '/base64_decode\([\'"]([0-9\+\/\=a-z]+)[\'"]\)/', "Hex" => '/(\\\\x[0-9a-f]{2})/');
|
1337 |
+
if (isset($_GET[$function]) && is_array($_GET[$function])) {
|
1338 |
+
foreach ($_GET[$function] as $decode) {
|
1339 |
+
if (isset($decode_list[$decode])) {
|
1340 |
+
$GOTMLS_file_contents = preg_replace($decode_list[$decode].substr($GLOBALS["GOTMLS"]["tmp"]["default_ext"], 0, 2), $function.$decode.'("\1")', $GOTMLS_file_contents);
|
1341 |
+
$fa .= " $decode decoded";
|
1342 |
+
} else
|
1343 |
+
$fa .= " NO-$decode";
|
1344 |
+
}
|
1345 |
+
} elseif (isset($GOTMLS_threats_found) && is_array($GOTMLS_threats_found) && count($GOTMLS_threats_found)) {
|
1346 |
+
$f = 1;
|
1347 |
+
foreach ($GOTMLS_threats_found as $threats_found=>$threats_name) {
|
1348 |
+
$fpos = 0;
|
1349 |
+
$flen = 0;
|
1350 |
+
$potential_threat = str_replace("\r", "", $threats_found);
|
1351 |
+
while (($fpos = strpos(str_replace("\r", "", $GOTMLS_file_contents), ($potential_threat), $flen + $fpos)) !== false) {
|
1352 |
+
$flen = strlen($potential_threat);
|
1353 |
+
$fa .= ' <a title="'.htmlspecialchars($threats_name).'" href="javascript:select_text_range(\'ta_file\', '.($fpos).', '.($fpos + $flen).');">['.$f++.']</a>';
|
1354 |
+
}
|
1355 |
+
if (0 == $flen)
|
1356 |
+
$fa = 'ERROR['.($f++).']: Threat_size{'.strlen($potential_threat).'} } Content_size{'.strlen(str_replace("\r", "", $GOTMLS_file_contents)).'}';
|
1357 |
+
}
|
1358 |
+
} else
|
1359 |
+
$fa = " No Threats Found";
|
1360 |
+
foreach ($decode_list as $decode => $regex)
|
1361 |
+
if (preg_match($regex.substr($GLOBALS["GOTMLS"]["tmp"]["default_ext"], 0, 1), $GOTMLS_file_contents))
|
1362 |
+
$fa .= ' <a href="'.GOTMLS_script_URI.'&'.$function.'[]='.$decode.'">decode['.$decode.']</a>';
|
1363 |
+
die("\n".'<script type="text/javascript">
|
1364 |
+
function select_text_range(ta_id, start, end) {
|
1365 |
+
ta_element = document.getElementById(ta_id);
|
1366 |
+
ta_element.focus();
|
1367 |
+
if(ta_element.setSelectionRange)
|
1368 |
+
ta_element.setSelectionRange(start, end);
|
1369 |
+
else {
|
1370 |
+
var r = ta_element.createTextRange();
|
1371 |
+
r.collapse(true);
|
1372 |
+
r.moveEnd(\'character\', end);
|
1373 |
+
r.moveStart(\'character\', start);
|
1374 |
+
r.select();
|
1375 |
+
}
|
1376 |
+
}
|
1377 |
+
window.parent.showhide("GOTMLS_iFrame", true);
|
1378 |
+
</script><table style="top: 0px; left: 0px; width: 100%; height: 100%; position: absolute;"><tr><td style="width: 100%"><form style="margin: 0;" method="post"'.(is_file($clean_file)?' onsubmit="return confirm(\''.__("Are you sure this file is not infected and you want to ignore it in future scans?",'gotmls').'\');"><input type="hidden" name="GOTMLS_whitelist" value="'.GOTMLS_encode($clean_file).'"><input type="hidden" name="GOTMLS_chksum" value="'.md5($GOTMLS_file_contents).'O'.GOTMLS_installation_key.'"><input type="submit" value="Whitelist this file" style="float: right;">':'>').'</form><div id="fileperms" class="shadowed-box rounded-corners" style="display: none; position: absolute; left: 8px; top: 29px; background-color: #ccc; border: medium solid #C00; box-shadow: -3px 3px 3px #666; border-radius: 10px; padding: 10px;"><b>File Details</b><br />encoding: '.mb_detect_encoding($GOTMLS_file_contents).'<br />size: '.strlen($GOTMLS_file_contents).' ('.filesize($file).'bytes)<br />permissions: '.GOTMLS_fileperms($file).'<br />modified:'.date(" Y-m-d H:i:s ", filemtime($file)).'<br />changed:'.date(" Y-m-d H:i:s ", filectime($file)).'</div><div style="overflow: auto;"><span onmouseover="document.getElementById(\'fileperms\').style.display=\'block\';" onmouseout="document.getElementById(\'fileperms\').style.display=\'none\';">'.__("Potential threats in file:",'gotmls').'</span> ('.$fa.' )</div></td></tr><tr><td style="height: 100%"><textarea id="ta_file" style="width: 100%; height: 100%">'.htmlentities(str_replace("\r", "", $GOTMLS_file_contents)).'</textarea></td></tr></table>');
|
1379 |
}
|
1380 |
+
}
|
|
|
|
|
|
|
1381 |
}
|
|
|
1382 |
} elseif (isset($_REQUEST["GOTMLS_fixing"]))
|
1383 |
+
die(GOTMLS_html_tags(array("html" => array("body" => "<script type=\"text/javascript\">\nwindow.parent.showhide('GOTMLS_iFrame', true);\nalert('".__("Nothing Selected to be Changed!",'gotmls')."');\n</script>".__("Done!",'gotmls')))));
|
1384 |
if (isset($_POST["scan_level"]) && is_numeric($_POST["scan_level"]))
|
1385 |
$scan_level = intval($_POST["scan_level"]);
|
1386 |
if (isset($scan_level) && is_numeric($scan_level))
|
1422 |
require_once(ABSPATH.WPINC.'/pluggable.php');
|
1423 |
GOTMLS_loaded();
|
1424 |
GOTMLS_init();
|
1425 |
+
die("\n//Permission Error: User not authenticated!\n");
|
1426 |
} else {
|
1427 |
+
add_action("in_plugin_update_message-gotmls/index.php", "GOTMLS_in_plugin_update_message");
|
1428 |
add_filter("plugin_row_meta", "GOTMLS_set_plugin_row_meta", 1, 2);
|
1429 |
add_filter("plugin_action_links", "GOTMLS_set_plugin_action_links", 1, 2);
|
1430 |
add_action("plugins_loaded", "GOTMLS_loaded");
|
languages/gotmls.pot
CHANGED
@@ -1,14 +1,14 @@
|
|
1 |
# SOME DESCRIPTIVE TITLE.
|
2 |
# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
|
3 |
# This file is distributed under the same license as the PACKAGE package.
|
4 |
-
# Eli Scheetz <eli@gotmls.net>,
|
5 |
#
|
6 |
#, fuzzy
|
7 |
msgid ""
|
8 |
msgstr ""
|
9 |
"Project-Id-Version: GOTMLS\n"
|
10 |
"Report-Msgid-Bugs-To: eli@gotmls.net\n"
|
11 |
-
"POT-Creation-Date:
|
12 |
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
|
13 |
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
|
14 |
"Language-Team: LANGUAGE <LL@li.org>\n"
|
@@ -17,32 +17,35 @@ msgstr ""
|
|
17 |
"Content-Type: text/plain; charset=UTF-8\n"
|
18 |
"Content-Transfer-Encoding: 8bit\n"
|
19 |
|
20 |
-
msgid "
|
21 |
msgstr ""
|
22 |
|
23 |
-
msgid "
|
24 |
msgstr ""
|
25 |
|
26 |
-
|
|
|
27 |
msgstr ""
|
28 |
|
29 |
-
msgid "
|
30 |
msgstr ""
|
31 |
|
32 |
-
msgid "
|
33 |
msgstr ""
|
34 |
|
35 |
-
msgid "
|
36 |
msgstr ""
|
37 |
|
38 |
-
|
39 |
-
msgid "If Known Threats are found and displayed in red then there will be a button to '%s'. If only Potentional Threats are found then there is no automatic fix because those are probably not malicious."
|
40 |
msgstr ""
|
41 |
|
42 |
-
msgid "
|
43 |
msgstr ""
|
44 |
|
45 |
-
msgid "
|
|
|
|
|
|
|
46 |
msgstr ""
|
47 |
|
48 |
msgid "Menu Placement"
|
@@ -70,13 +73,13 @@ msgstr ""
|
|
70 |
msgid "Download new definitions!"
|
71 |
msgstr ""
|
72 |
|
73 |
-
msgid "<p>
|
74 |
msgstr ""
|
75 |
|
76 |
msgid "Check for Definition Updates Now!"
|
77 |
msgstr ""
|
78 |
|
79 |
-
msgid "
|
80 |
msgstr ""
|
81 |
|
82 |
msgid "Your Full Name:"
|
@@ -121,13 +124,35 @@ msgstr ""
|
|
121 |
msgid "Last Scan Status"
|
122 |
msgstr ""
|
123 |
|
124 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
125 |
msgstr ""
|
126 |
|
127 |
msgid "Are you sure you want to overwrite the previously cleaned files with the selected files in the Quarantine?"
|
128 |
msgstr ""
|
129 |
|
130 |
-
msgid "Delete
|
131 |
msgstr ""
|
132 |
|
133 |
msgid "Are you sure you want to permanently delete the selected files in the Quarantine?"
|
@@ -136,10 +161,6 @@ msgstr ""
|
|
136 |
msgid "The following items have been found to contain malicious code, they have been cleaned, and the original infected file contents have been saved here in the Quarantine. The code is safe here and you do not need to do anything further with these files."
|
137 |
msgstr ""
|
138 |
|
139 |
-
#, php-format
|
140 |
-
msgid "FYI - these files are found in: %s"
|
141 |
-
msgstr ""
|
142 |
-
|
143 |
#, php-format
|
144 |
msgid "Check all %d"
|
145 |
msgstr ""
|
@@ -150,49 +171,64 @@ msgstr ""
|
|
150 |
msgid "View Quarantined File"
|
151 |
msgstr ""
|
152 |
|
153 |
-
msgid "
|
154 |
msgstr ""
|
155 |
|
156 |
-
msgid "
|
157 |
msgstr ""
|
158 |
|
159 |
msgid "Quarantine"
|
160 |
msgstr ""
|
161 |
|
|
|
|
|
|
|
162 |
msgid "Only Scan These Folders:"
|
163 |
msgstr ""
|
164 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
165 |
msgid "What to scan:"
|
166 |
msgstr ""
|
167 |
|
168 |
msgid "Scan Depth:"
|
169 |
msgstr ""
|
170 |
|
171 |
-
msgid "how far
|
172 |
msgstr ""
|
173 |
|
174 |
msgid "-1 is infinite depth"
|
175 |
msgstr ""
|
176 |
|
177 |
-
msgid "
|
178 |
msgstr ""
|
179 |
|
180 |
-
msgid "
|
181 |
msgstr ""
|
182 |
|
183 |
-
msgid "
|
184 |
msgstr ""
|
185 |
|
186 |
-
msgid "
|
187 |
msgstr ""
|
188 |
|
189 |
-
msgid "
|
|
|
|
|
|
|
190 |
msgstr ""
|
191 |
|
192 |
-
msgid "
|
193 |
msgstr ""
|
194 |
|
195 |
-
msgid "
|
196 |
msgstr ""
|
197 |
|
198 |
msgid "Run Complete Scan"
|
@@ -238,7 +274,8 @@ msgstr ""
|
|
238 |
msgid "NOTE: These are probably not malicious scripts (but it's a good place to start looking <u>IF</u> your site is infected and no Known Threats were found)."
|
239 |
msgstr ""
|
240 |
|
241 |
-
|
|
|
242 |
msgstr ""
|
243 |
|
244 |
msgid "read my blog"
|
@@ -278,71 +315,79 @@ msgstr ""
|
|
278 |
msgid "Installed Brute-Force Protection"
|
279 |
msgstr ""
|
280 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
281 |
msgid "Removed Old Brute-Force Login Patch"
|
282 |
msgstr ""
|
283 |
|
284 |
msgid "This protection is automatically activated with this plugin because of the widespread attack on WordPress that are affecting so many site right now. It is still recommended that you make sure to upgrade and older versions of the Revolution Slider plugin, especially those included in some themes that will not update automatically. Even if you do not have Revolution Slider on your site it still can't hurt to have this protection installed."
|
285 |
msgstr ""
|
286 |
|
287 |
-
msgid "Checking for session
|
288 |
msgstr ""
|
289 |
|
290 |
msgid " For more information on Brute-Force attack prevention and the WordPress wp-login-php file "
|
291 |
msgstr ""
|
292 |
|
293 |
-
|
294 |
-
msgid "The file %s does not exist."
|
295 |
msgstr ""
|
296 |
|
297 |
-
|
298 |
-
msgid "You could <a %s>try viewing the quarantined backup file</a>."
|
299 |
msgstr ""
|
300 |
|
301 |
-
msgid "
|
302 |
msgstr ""
|
303 |
|
304 |
-
msgid "
|
305 |
msgstr ""
|
306 |
|
307 |
-
msgid "
|
308 |
msgstr ""
|
309 |
|
310 |
#, php-format
|
311 |
-
msgid "Because some
|
312 |
msgstr ""
|
313 |
|
314 |
msgid "Never mind, it worked!"
|
315 |
msgstr ""
|
316 |
|
317 |
-
msgid "
|
318 |
msgstr ""
|
319 |
|
320 |
-
msgid "
|
321 |
msgstr ""
|
322 |
|
323 |
-
msgid "
|
324 |
msgstr ""
|
325 |
|
326 |
-
|
|
|
327 |
msgstr ""
|
328 |
|
329 |
-
msgid "
|
330 |
msgstr ""
|
331 |
|
332 |
-
msgid "
|
333 |
msgstr ""
|
334 |
|
335 |
-
|
336 |
-
msgid "This Plugin requires WordPress version %s or higher"
|
337 |
msgstr ""
|
338 |
|
339 |
-
msgid "
|
340 |
msgstr ""
|
341 |
|
342 |
-
msgid "
|
343 |
msgstr ""
|
344 |
|
345 |
-
msgid "
|
346 |
msgstr ""
|
347 |
|
348 |
msgid "htaccess Threats"
|
@@ -357,6 +402,31 @@ msgstr ""
|
|
357 |
msgid "Known Threats"
|
358 |
msgstr ""
|
359 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
360 |
msgid "an unknown file"
|
361 |
msgstr ""
|
362 |
|
@@ -373,13 +443,31 @@ msgstr ""
|
|
373 |
msgid "Empty file!"
|
374 |
msgstr ""
|
375 |
|
376 |
-
msgid "
|
377 |
msgstr ""
|
378 |
|
379 |
-
msgid "
|
380 |
msgstr ""
|
381 |
|
382 |
-
msgid "
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
383 |
msgstr ""
|
384 |
|
385 |
msgid "Already Fixed!"
|
@@ -397,10 +485,10 @@ msgstr ""
|
|
397 |
msgid "Scanned %s"
|
398 |
msgstr ""
|
399 |
|
400 |
-
msgid "Examine File"
|
401 |
msgstr ""
|
402 |
|
403 |
-
msgid "
|
404 |
msgstr ""
|
405 |
|
406 |
msgid "Failed to determine file size!"
|
@@ -409,6 +497,9 @@ msgstr ""
|
|
409 |
msgid "Skipped because of file size!"
|
410 |
msgstr ""
|
411 |
|
|
|
|
|
|
|
412 |
msgid "Failed to read directory!"
|
413 |
msgstr ""
|
414 |
|
@@ -418,3 +509,9 @@ msgstr ""
|
|
418 |
|
419 |
msgid "Failed to read file!"
|
420 |
msgstr ""
|
|
|
|
|
|
|
|
|
|
|
|
1 |
# SOME DESCRIPTIVE TITLE.
|
2 |
# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
|
3 |
# This file is distributed under the same license as the PACKAGE package.
|
4 |
+
# Eli Scheetz <eli@gotmls.net>, 2015.
|
5 |
#
|
6 |
#, fuzzy
|
7 |
msgid ""
|
8 |
msgstr ""
|
9 |
"Project-Id-Version: GOTMLS\n"
|
10 |
"Report-Msgid-Bugs-To: eli@gotmls.net\n"
|
11 |
+
"POT-Creation-Date: 2015-06-06 08:41-1000\n"
|
12 |
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
|
13 |
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
|
14 |
"Language-Team: LANGUAGE <LL@li.org>\n"
|
17 |
"Content-Type: text/plain; charset=UTF-8\n"
|
18 |
"Content-Transfer-Encoding: 8bit\n"
|
19 |
|
20 |
+
msgid "Getting Started"
|
21 |
msgstr ""
|
22 |
|
23 |
+
msgid "Make sure the Definition Updates are current and Run a Complete Scan."
|
24 |
msgstr ""
|
25 |
|
26 |
+
#, php-format
|
27 |
+
msgid "If Known Threats are found and displayed in red then there will be a button to '%s'. If only Potentional Threats are found then there is no automatic fix because those are probably not malicious."
|
28 |
msgstr ""
|
29 |
|
30 |
+
msgid "A backup of the original infected files are placed in the Quarantine in case you need to restore them or just want to look at them later. You can delete these files if you don't want to save more."
|
31 |
msgstr ""
|
32 |
|
33 |
+
msgid "FAQs"
|
34 |
msgstr ""
|
35 |
|
36 |
+
msgid "Main Menu Item placed at the <b>Top</b>"
|
37 |
msgstr ""
|
38 |
|
39 |
+
msgid "Main Menu Item placed at the <b>Bottom</b>"
|
|
|
40 |
msgstr ""
|
41 |
|
42 |
+
msgid "Main Menu Item placed below <b>Comments</b> and above <b>Appearance</b>"
|
43 |
msgstr ""
|
44 |
|
45 |
+
msgid "Main Menu Item placed below <b>Settings</b>"
|
46 |
+
msgstr ""
|
47 |
+
|
48 |
+
msgid "Menu Item Placement Options"
|
49 |
msgstr ""
|
50 |
|
51 |
msgid "Menu Placement"
|
73 |
msgid "Download new definitions!"
|
74 |
msgstr ""
|
75 |
|
76 |
+
msgid "<p>Get instant access to definition updates.</p>"
|
77 |
msgstr ""
|
78 |
|
79 |
msgid "Check for Definition Updates Now!"
|
80 |
msgstr ""
|
81 |
|
82 |
+
msgid "If you have not already registered your Key then register now using the form below.<br />* All registration fields are required<br />** I will NOT share your information."
|
83 |
msgstr ""
|
84 |
|
85 |
msgid "Your Full Name:"
|
124 |
msgid "Last Scan Status"
|
125 |
msgstr ""
|
126 |
|
127 |
+
#, php-format
|
128 |
+
msgid "Cleared %s records from this log."
|
129 |
+
msgstr ""
|
130 |
+
|
131 |
+
msgid "No Scans have been logged"
|
132 |
+
msgstr ""
|
133 |
+
|
134 |
+
msgid "Globally White-listed files"
|
135 |
+
msgstr ""
|
136 |
+
|
137 |
+
msgid "# of patterns"
|
138 |
+
msgstr ""
|
139 |
+
|
140 |
+
msgid "Date Updated"
|
141 |
+
msgstr ""
|
142 |
+
|
143 |
+
msgid "WordPress Core files"
|
144 |
+
msgstr ""
|
145 |
+
|
146 |
+
msgid "# of files"
|
147 |
+
msgstr ""
|
148 |
+
|
149 |
+
msgid "Restore selected files"
|
150 |
msgstr ""
|
151 |
|
152 |
msgid "Are you sure you want to overwrite the previously cleaned files with the selected files in the Quarantine?"
|
153 |
msgstr ""
|
154 |
|
155 |
+
msgid "Delete selected files"
|
156 |
msgstr ""
|
157 |
|
158 |
msgid "Are you sure you want to permanently delete the selected files in the Quarantine?"
|
161 |
msgid "The following items have been found to contain malicious code, they have been cleaned, and the original infected file contents have been saved here in the Quarantine. The code is safe here and you do not need to do anything further with these files."
|
162 |
msgstr ""
|
163 |
|
|
|
|
|
|
|
|
|
164 |
#, php-format
|
165 |
msgid "Check all %d"
|
166 |
msgstr ""
|
171 |
msgid "View Quarantined File"
|
172 |
msgstr ""
|
173 |
|
174 |
+
msgid "No Items in Quarantine"
|
175 |
msgstr ""
|
176 |
|
177 |
+
msgid "White-lists"
|
178 |
msgstr ""
|
179 |
|
180 |
msgid "Quarantine"
|
181 |
msgstr ""
|
182 |
|
183 |
+
msgid "Scan Logs"
|
184 |
+
msgstr ""
|
185 |
+
|
186 |
msgid "Only Scan These Folders:"
|
187 |
msgstr ""
|
188 |
|
189 |
+
msgid "What to look for:"
|
190 |
+
msgstr ""
|
191 |
+
|
192 |
+
msgid "Download Definition Updates to Use this feature"
|
193 |
+
msgstr ""
|
194 |
+
|
195 |
+
msgid "Download the new definitions (Right sidebar) to activate this feature."
|
196 |
+
msgstr ""
|
197 |
+
|
198 |
msgid "What to scan:"
|
199 |
msgstr ""
|
200 |
|
201 |
msgid "Scan Depth:"
|
202 |
msgstr ""
|
203 |
|
204 |
+
msgid "how far to drill down"
|
205 |
msgstr ""
|
206 |
|
207 |
msgid "-1 is infinite depth"
|
208 |
msgstr ""
|
209 |
|
210 |
+
msgid "Custom RegExp:"
|
211 |
msgstr ""
|
212 |
|
213 |
+
msgid "For very advanced users only. Do not use this without talking to Eli first. If used incorrectly you could easily break your site."
|
214 |
msgstr ""
|
215 |
|
216 |
+
msgid "Skip files with the following extentions:"
|
217 |
msgstr ""
|
218 |
|
219 |
+
msgid "a comma separated list of file extentions to skip"
|
220 |
msgstr ""
|
221 |
|
222 |
+
msgid "Skip directories with the following names:"
|
223 |
+
msgstr ""
|
224 |
+
|
225 |
+
msgid "a folder name or comma separated list of folder names to skip"
|
226 |
msgstr ""
|
227 |
|
228 |
+
msgid "Automatically Update Definitions:"
|
229 |
msgstr ""
|
230 |
|
231 |
+
msgid "This new BETA feature is only available to registered users who have donated at a certain level."
|
232 |
msgstr ""
|
233 |
|
234 |
msgid "Run Complete Scan"
|
274 |
msgid "NOTE: These are probably not malicious scripts (but it's a good place to start looking <u>IF</u> your site is infected and no Known Threats were found)."
|
275 |
msgstr ""
|
276 |
|
277 |
+
#, php-format
|
278 |
+
msgid "NOTE: We have detected changes to the WordPress Core files on your site. This could be an intentional modification or the malicious work of a hacker. We can restore these files to their original state to preserve the integrity of your original WordPress %s installation."
|
279 |
msgstr ""
|
280 |
|
281 |
msgid "read my blog"
|
315 |
msgid "Installed Brute-Force Protection"
|
316 |
msgstr ""
|
317 |
|
318 |
+
#, php-format
|
319 |
+
msgid "Failed to install Brute-Force Protection (wp-config.php %s)"
|
320 |
+
msgstr ""
|
321 |
+
|
322 |
+
msgid "wp-config.php Not Readable!"
|
323 |
+
msgstr ""
|
324 |
+
|
325 |
+
msgid "wp-config.php Not Found!"
|
326 |
+
msgstr ""
|
327 |
+
|
328 |
msgid "Removed Old Brute-Force Login Patch"
|
329 |
msgstr ""
|
330 |
|
331 |
msgid "This protection is automatically activated with this plugin because of the widespread attack on WordPress that are affecting so many site right now. It is still recommended that you make sure to upgrade and older versions of the Revolution Slider plugin, especially those included in some themes that will not update automatically. Even if you do not have Revolution Slider on your site it still can't hurt to have this protection installed."
|
332 |
msgstr ""
|
333 |
|
334 |
+
msgid "Checking for session compatibility ..."
|
335 |
msgstr ""
|
336 |
|
337 |
msgid " For more information on Brute-Force attack prevention and the WordPress wp-login-php file "
|
338 |
msgstr ""
|
339 |
|
340 |
+
msgid "Done!"
|
|
|
341 |
msgstr ""
|
342 |
|
343 |
+
msgid "Failed to delete!"
|
|
|
344 |
msgstr ""
|
345 |
|
346 |
+
msgid "Complete!"
|
347 |
msgstr ""
|
348 |
|
349 |
+
msgid "Restore Failed!"
|
350 |
msgstr ""
|
351 |
|
352 |
+
msgid "File "
|
353 |
msgstr ""
|
354 |
|
355 |
#, php-format
|
356 |
+
msgid "Because some changes were made we need to check to make sure it did not break your site. If this stays Red and the frame below does not load please <a %s>revert the changes</a> made during this automated fix process."
|
357 |
msgstr ""
|
358 |
|
359 |
msgid "Never mind, it worked!"
|
360 |
msgstr ""
|
361 |
|
362 |
+
msgid "Are you sure you want to delete this file from the quarantine?"
|
363 |
msgstr ""
|
364 |
|
365 |
+
msgid "File Details:"
|
366 |
msgstr ""
|
367 |
|
368 |
+
msgid "This file no longer exists in the quarantine."
|
369 |
msgstr ""
|
370 |
|
371 |
+
#, php-format
|
372 |
+
msgid "The file %s does not exist, it must have already been deleted."
|
373 |
msgstr ""
|
374 |
|
375 |
+
msgid "Are you sure this file is not infected and you want to ignore it in future scans?"
|
376 |
msgstr ""
|
377 |
|
378 |
+
msgid "Potential threats in file:"
|
379 |
msgstr ""
|
380 |
|
381 |
+
msgid "Nothing Selected to be Changed!"
|
|
|
382 |
msgstr ""
|
383 |
|
384 |
+
msgid "Default position"
|
385 |
msgstr ""
|
386 |
|
387 |
+
msgid "New position"
|
388 |
msgstr ""
|
389 |
|
390 |
+
msgid "saved."
|
391 |
msgstr ""
|
392 |
|
393 |
msgid "htaccess Threats"
|
402 |
msgid "Known Threats"
|
403 |
msgstr ""
|
404 |
|
405 |
+
msgid "Core File Changes"
|
406 |
+
msgstr ""
|
407 |
+
|
408 |
+
msgid "Failed to list files in directory!"
|
409 |
+
msgstr ""
|
410 |
+
|
411 |
+
msgid "Run Quick Scan"
|
412 |
+
msgstr ""
|
413 |
+
|
414 |
+
msgid "View Quarantine"
|
415 |
+
msgstr ""
|
416 |
+
|
417 |
+
#, php-format
|
418 |
+
msgid "This Plugin requires WordPress version %s or higher"
|
419 |
+
msgstr ""
|
420 |
+
|
421 |
+
msgid "Scan Settings"
|
422 |
+
msgstr ""
|
423 |
+
|
424 |
+
msgid "Loading, Please Wait ..."
|
425 |
+
msgstr ""
|
426 |
+
|
427 |
+
msgid "Automatically Fix SELECTED Files Now"
|
428 |
+
msgstr ""
|
429 |
+
|
430 |
msgid "an unknown file"
|
431 |
msgstr ""
|
432 |
|
443 |
msgid "Empty file!"
|
444 |
msgstr ""
|
445 |
|
446 |
+
msgid "Fixed file permissions! (try again)"
|
447 |
msgstr ""
|
448 |
|
449 |
+
msgid "File permissions read-only!"
|
450 |
msgstr ""
|
451 |
|
452 |
+
msgid "File not readable!"
|
453 |
+
msgstr ""
|
454 |
+
|
455 |
+
msgid "File does not exist!"
|
456 |
+
msgstr ""
|
457 |
+
|
458 |
+
msgid "Success!"
|
459 |
+
msgstr ""
|
460 |
+
|
461 |
+
msgid "Failed:"
|
462 |
+
msgstr ""
|
463 |
+
|
464 |
+
msgid "reason unknown!"
|
465 |
+
msgstr ""
|
466 |
+
|
467 |
+
msgid "file not writable!"
|
468 |
+
msgstr ""
|
469 |
+
|
470 |
+
msgid "no file contents!"
|
471 |
msgstr ""
|
472 |
|
473 |
msgid "Already Fixed!"
|
485 |
msgid "Scanned %s"
|
486 |
msgstr ""
|
487 |
|
488 |
+
msgid "Examine Quarantined File"
|
489 |
msgstr ""
|
490 |
|
491 |
+
msgid "Examine File"
|
492 |
msgstr ""
|
493 |
|
494 |
msgid "Failed to determine file size!"
|
497 |
msgid "Skipped because of file size!"
|
498 |
msgstr ""
|
499 |
|
500 |
+
msgid "Skipped because of file extention!"
|
501 |
+
msgstr ""
|
502 |
+
|
503 |
msgid "Failed to read directory!"
|
504 |
msgstr ""
|
505 |
|
509 |
|
510 |
msgid "Failed to read file!"
|
511 |
msgstr ""
|
512 |
+
|
513 |
+
msgid "The <b>base64_decode</b> function is currently disabled by the disable_functions Directive in your server's php.ini file.<br />This function is required for this Anti-Malware plugin to work properly.<br />Check the disable_functions Directive in your php.ini and take out base64_decode to fix this problem."
|
514 |
+
msgstr ""
|
515 |
+
|
516 |
+
msgid "View Scan Log"
|
517 |
+
msgstr ""
|
readme.txt
CHANGED
@@ -5,8 +5,8 @@ Author URI: http://wordpress.ieonly.com/category/my-plugins/anti-malware/
|
|
5 |
Contributors: scheeeli, gotmls
|
6 |
Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
|
7 |
Tags: anti-malware, security, scanner, automatic, repair, remove, malware, virus, threat, hacked, malicious, infection, timthumb, exploit, block, brute-force, wp-login, patch, antimalware, revslider, Revolution Slider
|
8 |
-
Version: 4.15.
|
9 |
-
Stable tag: 4.15.
|
10 |
Requires at least: 3.3
|
11 |
Tested up to: 4.2.2
|
12 |
|
@@ -29,7 +29,7 @@ This Anti-Malware scanner searches for Malware, Viruses, and other security thre
|
|
29 |
* Automatically Download Definition Updates When running a Complete Scan.
|
30 |
* Check the integrity of your WordPress Core files.
|
31 |
|
32 |
-
Updated
|
33 |
|
34 |
Register this plugin at [GOTMLS.NET](http://gotmls.net/) and get access to new definitions of "Known Threats" and added features like Automatic Removal, plus patches for specific security vulnerabilities like old versions of timthumb. Updated definition files can be downloaded automatically within the admin once your Key is registered. Otherwise, this plugin just scans for "Potential Threats" and leaves it up to you to identify and remove the malicious ones.
|
35 |
|
@@ -94,6 +94,11 @@ sucuri.net caches their scan results and will not refresh the scan until you cli
|
|
94 |
|
95 |
== Changelog ==
|
96 |
|
|
|
|
|
|
|
|
|
|
|
97 |
= 4.15.24 =
|
98 |
* Hardened against injected HTML content by encoding the tags with variables.
|
99 |
* Fixed debug option to exclude individual definitions.
|
@@ -185,8 +190,6 @@ sucuri.net caches their scan results and will not refresh the scan until you cli
|
|
185 |
|
186 |
= 3.13.11 =
|
187 |
* Fixed a session bug to display the last directory scanned.
|
188 |
-
|
189 |
-
= 3.13.10 =
|
190 |
* Fixed a few small cosmetic bugs for WP 3.8.
|
191 |
|
192 |
= 3.12.27 =
|
@@ -320,24 +323,21 @@ sucuri.net caches their scan results and will not refresh the scan until you cli
|
|
320 |
= 1.2.04.08 =
|
321 |
* Fixed option to exclude directories so that the scan would not get stuck if omitted.
|
322 |
* Added support for winblows servers using BACKSLASH directory structures.
|
323 |
-
|
324 |
-
= 1.2.04.04 =
|
325 |
* Added option to exclude directories.
|
326 |
* Changed definition updates to write to the DB instead of a file.
|
327 |
* Added better messages about available updates.
|
328 |
-
* Added more FAQs to the readme.
|
329 |
|
330 |
= 1.2.03.28 =
|
331 |
-
* Fixed registration form.
|
332 |
-
|
333 |
-
= 1.2.03.27 =
|
334 |
-
* Fixed some of the links on the settings page.
|
335 |
|
336 |
= 1.2.03.23 =
|
337 |
* First BETA versions available for WordPress.
|
338 |
|
339 |
== Upgrade Notice ==
|
340 |
|
|
|
|
|
|
|
341 |
= 4.15.24 =
|
342 |
Hardened against injected HTML content and fixed debug option to exclude individual definitions.
|
343 |
|
@@ -399,10 +399,7 @@ Made the Examine File window sizable, fixed a few small bugs, removed some old c
|
|
399 |
Re-purposed Quick Scan to just scan the most affected areas and fixed a few small bugs.
|
400 |
|
401 |
= 3.13.11 =
|
402 |
-
Fixed a session bug to display the last directory scanned.
|
403 |
-
|
404 |
-
= 3.13.10 =
|
405 |
-
Fixed a few small cosmetic bugs for WP 3.8.
|
406 |
|
407 |
= 3.12.27 =
|
408 |
Added Spanish translation, thanks to Jelena Kovacevic and Andrew Kurtis.
|
@@ -507,16 +504,10 @@ Fixed auto-update script to update scan level even if there is no new definition
|
|
507 |
Added more info about registration to the readme file, Updated timthumb replacement patch to version 2.8.10, and fixed menu option placement.
|
508 |
|
509 |
= 1.2.04.08 =
|
510 |
-
Fixed option to exclude directories
|
511 |
-
|
512 |
-
= 1.2.04.04 =
|
513 |
-
Changed definition updates to write to the DB instead of a file and added better messages about available updates.
|
514 |
|
515 |
= 1.2.03.28 =
|
516 |
-
Fixed registration form.
|
517 |
-
|
518 |
-
= 1.2.03.27 =
|
519 |
-
Fixed some of the links on the settings page.
|
520 |
|
521 |
= 1.2.03.23 =
|
522 |
First BETA versions available for WordPress.
|
5 |
Contributors: scheeeli, gotmls
|
6 |
Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
|
7 |
Tags: anti-malware, security, scanner, automatic, repair, remove, malware, virus, threat, hacked, malicious, infection, timthumb, exploit, block, brute-force, wp-login, patch, antimalware, revslider, Revolution Slider
|
8 |
+
Version: 4.15.25
|
9 |
+
Stable tag: 4.15.25
|
10 |
Requires at least: 3.3
|
11 |
Tested up to: 4.2.2
|
12 |
|
29 |
* Automatically Download Definition Updates When running a Complete Scan.
|
30 |
* Check the integrity of your WordPress Core files.
|
31 |
|
32 |
+
Updated June 6th
|
33 |
|
34 |
Register this plugin at [GOTMLS.NET](http://gotmls.net/) and get access to new definitions of "Known Threats" and added features like Automatic Removal, plus patches for specific security vulnerabilities like old versions of timthumb. Updated definition files can be downloaded automatically within the admin once your Key is registered. Otherwise, this plugin just scans for "Potential Threats" and leaves it up to you to identify and remove the malicious ones.
|
35 |
|
94 |
|
95 |
== Changelog ==
|
96 |
|
97 |
+
= 4.15.25 =
|
98 |
+
* Moved the quarantine files into the database and deleted the old directory in uploads.
|
99 |
+
* Fixed some minor formatting issues in the HTML output on the settings page.
|
100 |
+
* Added a warning message if base64_decode has been disabled.
|
101 |
+
|
102 |
= 4.15.24 =
|
103 |
* Hardened against injected HTML content by encoding the tags with variables.
|
104 |
* Fixed debug option to exclude individual definitions.
|
190 |
|
191 |
= 3.13.11 =
|
192 |
* Fixed a session bug to display the last directory scanned.
|
|
|
|
|
193 |
* Fixed a few small cosmetic bugs for WP 3.8.
|
194 |
|
195 |
= 3.12.27 =
|
323 |
= 1.2.04.08 =
|
324 |
* Fixed option to exclude directories so that the scan would not get stuck if omitted.
|
325 |
* Added support for winblows servers using BACKSLASH directory structures.
|
|
|
|
|
326 |
* Added option to exclude directories.
|
327 |
* Changed definition updates to write to the DB instead of a file.
|
328 |
* Added better messages about available updates.
|
|
|
329 |
|
330 |
= 1.2.03.28 =
|
331 |
+
* Fixed registration form and some of the links on the settings page.
|
|
|
|
|
|
|
332 |
|
333 |
= 1.2.03.23 =
|
334 |
* First BETA versions available for WordPress.
|
335 |
|
336 |
== Upgrade Notice ==
|
337 |
|
338 |
+
= 4.15.25 =
|
339 |
+
Moved the quarantine files into the database and deleted the old directory in uploads, fixed some minor HTML formatting issues, and added a warning if base64_decode is disabled.
|
340 |
+
|
341 |
= 4.15.24 =
|
342 |
Hardened against injected HTML content and fixed debug option to exclude individual definitions.
|
343 |
|
399 |
Re-purposed Quick Scan to just scan the most affected areas and fixed a few small bugs.
|
400 |
|
401 |
= 3.13.11 =
|
402 |
+
Fixed a session bug to display the last directory scanned and a few other small cosmetic bugs for WP 3.8.
|
|
|
|
|
|
|
403 |
|
404 |
= 3.12.27 =
|
405 |
Added Spanish translation, thanks to Jelena Kovacevic and Andrew Kurtis.
|
504 |
Added more info about registration to the readme file, Updated timthumb replacement patch to version 2.8.10, and fixed menu option placement.
|
505 |
|
506 |
= 1.2.04.08 =
|
507 |
+
Fixed option to exclude directories, added support for winblows servers using BACKSLASHES, changed definition updates to write to the DB instead of a file, and added better messages about available updates.
|
|
|
|
|
|
|
508 |
|
509 |
= 1.2.03.28 =
|
510 |
+
Fixed registration form and some of the links on the settings page.
|
|
|
|
|
|
|
511 |
|
512 |
= 1.2.03.23 =
|
513 |
First BETA versions available for WordPress.
|
safe-load/index.php
CHANGED
@@ -12,5 +12,10 @@ foreach (array("REMOTE_ADDR", "HTTP_HOST", "REQUEST_URI", "HTTP_REFERER", "HTTP_
|
|
12 |
$_SESSION["GOTMLS_detected_attacks"] .= (isset($_SERVER[$var])?"&SERVER_$var=".urlencode($_SERVER[$var]):"");
|
13 |
foreach (array("log") as $var)
|
14 |
$_SESSION["GOTMLS_detected_attacks"] .= (isset($_POST[$var])?"&POST_$var=".urlencode($_POST[$var]):"");
|
15 |
-
|
|
|
|
|
|
|
|
|
|
|
16 |
die();
|
12 |
$_SESSION["GOTMLS_detected_attacks"] .= (isset($_SERVER[$var])?"&SERVER_$var=".urlencode($_SERVER[$var]):"");
|
13 |
foreach (array("log") as $var)
|
14 |
$_SESSION["GOTMLS_detected_attacks"] .= (isset($_POST[$var])?"&POST_$var=".urlencode($_POST[$var]):"");
|
15 |
+
$ver = "Unknown";
|
16 |
+
if ($file = str_replace(basename(dirname(__FILE__)), basename(__FILE__), dirname(__FILE__)))
|
17 |
+
if (is_file($file) && $contents = @file_get_contents($file))
|
18 |
+
if (preg_match('/\nversion:\s*([0-9\.]+)/i', $contents, $match))
|
19 |
+
$ver = $match[1];
|
20 |
+
header("location: http://safe-load.gotmls.net/report.php?ver=$ver".$_SESSION["GOTMLS_detected_attacks"]);
|
21 |
die();
|