Anti-Malware Security and Brute-Force Firewall - Version 4.15.27

Version Description

  • Fixed a major bug that made multisite scan extremely slow and sometimes error out.
  • Moved all ajax call out of the init function and into their own functions for better handling time.
Download this release

Release Info

Developer scheeeli
Plugin Icon 128x128 Anti-Malware Security and Brute-Force Firewall
Version 4.15.27
Comparing to
See all releases

Code changes from version 4.15.26 to 4.15.27

Files changed (4) hide show
  1. images/index.php +75 -65
  2. index.php +352 -330
  3. languages/gotmls.pot +17 -17
  4. readme.txt +10 -9
images/index.php CHANGED
@@ -25,8 +25,10 @@ function __($text, $domain) {
25
  }}
26
 
27
  $GLOBALS["GOTMLS"] = array(
28
- "tmp"=>array("HeadersError"=>"",
29
- "mt"=>((isset($_GET["mt"])&&is_numeric($_GET["mt"]))?$_GET["mt"]:microtime(true)),
 
 
30
  "threat_levels" => array(__("htaccess Threats",'gotmls')=>"htaccess",__("TimThumb Exploits",'gotmls')=>"timthumb",__("Backdoor Scripts",'gotmls')=>"backdoor",__("Known Threats",'gotmls')=>"known",__("Core File Changes",'gotmls')=>"wp_core",__("Potential Threats",'gotmls')=>"potential"),
31
  "default_ext"=>"ieonly.", "skip_ext"=>array("png", "jpg", "jpeg", "gif", "bmp", "tif", "tiff", "psd", "fla", "flv", "mov", "mp3", "exe", "zip", "pdf", "css", "pot", "po", "mo", "so", "doc", "docx", "svg", "ttf"),
32
  "execution_time" => 60,
@@ -85,8 +87,9 @@ if (isset($_GET["SESSION"]) && is_numeric($_GET["SESSION"]) && preg_match('|(.*?
85
 
86
  //GOTMLS_define("GOTMLS_Skip_Quarantine_LANGUAGE", __("Skip scanning the Quarantine:",'gotmls'));
87
  GOTMLS_define("GOTMLS_Failed_to_list_LANGUAGE", __("Failed to list files in directory!",'gotmls'));
88
- GOTMLS_define("GOTMLS_Run_Quick_Scan_LANGUAGE", __("Run Quick Scan",'gotmls'));
89
  GOTMLS_define("GOTMLS_View_Quarantine_LANGUAGE", __("View Quarantine",'gotmls'));
 
90
  GOTMLS_define("GOTMLS_require_version_LANGUAGE", sprintf(__("This Plugin requires WordPress version %s or higher",'gotmls'), GOTMLS_require_version));
91
  GOTMLS_define("GOTMLS_Scan_Settings_LANGUAGE", __("Scan Settings",'gotmls'));
92
  GOTMLS_define("GOTMLS_Loading_LANGUAGE", __("Loading, Please Wait ...",'gotmls'));
@@ -109,12 +112,16 @@ else
109
  $GLOBALS["GOTMLS"]["tmp"]["protocol"] = "http:";
110
  if (function_exists("get_option")) {
111
  $GLOBALS["GOTMLS"]["tmp"]["settings_array"] = get_option('GOTMLS_settings_array', array());
 
112
  GOTMLS_define("GOTMLS_siteurl", get_option("siteurl"));
113
  $GLOBALS["GOTMLS"]["log"] = get_option('GOTMLS_scan_log/'.(isset($_SERVER["REMOTE_ADDR"])?$_SERVER["REMOTE_ADDR"]:"0.0.0.0").'/'.$GLOBALS["GOTMLS"]["tmp"]["mt"], array());
 
 
114
  } else {
115
  GOTMLS_define("GOTMLS_siteurl", $GLOBALS["GOTMLS"]["tmp"]["protocol"].$SERVER_parts[1].((count($SERVER_parts) > 2 && ($SERVER_parts[2] == '80' || $SERVER_parts[2] == '443'))?"":":".$SERVER_parts[2])."/");
116
  $GLOBALS["GOTMLS"]["log"] = array();
117
  $GLOBALS["GOTMLS"]["tmp"]["settings_array"] = array();
 
118
  }
119
  GOTMLS_define("GOTMLS_installation_key", md5(GOTMLS_siteurl));
120
  if (function_exists("plugins_url"))
@@ -130,16 +137,9 @@ else
130
 
131
  $GOTMLS_chmod_file = (0644);
132
  $GOTMLS_chmod_dir = (0755);
133
- $GOTMLS_file_contents = "";
134
- $GOTMLS_new_contents = "";
135
- $GOTMLS_onLoad = "";
136
- $GOTMLS_threat_files = array("htaccess"=>".htaccess","timthumb"=>"thumb.php");
137
  $GOTMLS_image_alt = array("wait"=>"...", "checked"=>"✔", "blocked"=>"X", "question"=>"?", "threat"=>"!");
138
- $GOTMLS_threats_found = array();
139
  $GOTMLS_dir_at_depth = array();
140
  $GOTMLS_dirs_at_depth = array();
141
- $GOTMLS_scanfiles = array();
142
- $GOTMLS_skip_dirs = array(".", "..");
143
 
144
  if (isset($_REQEUST['img']) && substr(strtolower($_SERVER["SCRIPT_FILENAME"]), -15) == "/admin-ajax.php" && !in_array(GOTMLS_get_ext($_REQEUST['img']), $GLOBALS["GOTMLS"]["tmp"]["skip_ext"]))
145
  include(dirname(__FILE__)."/../safe-load/index.php");
@@ -256,22 +256,22 @@ function GOTMLS_get_ext($filename) {
256
  }
257
 
258
  function GOTMLS_check_threat($check_threats, $file='UNKNOWN') {
259
- global $wp_version, $GOTMLS_threats_found, $GOTMLS_new_contents, $GOTMLS_file_contents;
260
- $GOTMLS_threats_found = array();
261
  if (is_array($check_threats)) {
262
  $path = str_replace("//", "/", "/".str_replace("\\", "/", substr($file, strlen(ABSPATH))));
263
  if (substr($file, 0, strlen(ABSPATH)) == ABSPATH && isset($check_threats["$wp_version"]["$path"])) {
264
- if (($check_threats["$wp_version"]["$path"] != md5($GOTMLS_file_contents)."O".strlen($GOTMLS_file_contents)) && ($source = GOTMLS_get_URL("http://core.svn.wordpress.org/tags/$wp_version$path")) && ($check_threats["$wp_version"]["$path"] == md5($source)."O".strlen($source))) {
265
  for ($start = 0, $end = 0, $len = strlen($source); ($start == 0 || $end == 0) && $len > 0; $len--){
266
- if ($start == 0 && substr($source, 0, $len) == substr($GOTMLS_file_contents, 0, $len))
267
  $start = $len;
268
- if ($end == 0 && substr($source, -1 * $len) == substr($GOTMLS_file_contents, -1 * $len))
269
  $end = $len;
270
  }
271
- if (!(($start + $end < strlen($GOTMLS_file_contents)) && ($find = ($end?substr($GOTMLS_file_contents, $start, -1 * $end):substr($GOTMLS_file_contents, $start)))))
272
- $find = $GOTMLS_file_contents;
273
- $GOTMLS_threats_found["$find"] = "Core File Modified";
274
- $GOTMLS_new_contents = $source;
275
  }
276
  } else {
277
  foreach ($check_threats as $threat_name=>$threat_definitions) {
@@ -279,10 +279,10 @@ function GOTMLS_check_threat($check_threats, $file='UNKNOWN') {
279
  $_SESSION["GOTMLS_debug"]["threat_name"] = $threat_name;
280
  $_SESSION["GOTMLS_debug"]["last"]["threat_name"] = microtime(true);
281
  while ($threat_definition = array_shift($threat_definitions)) {
282
- if ($found = @preg_match_all($threat_definition, $GOTMLS_file_contents, $threats_found)) {
283
  foreach ($threats_found[0] as $find) {
284
- $GOTMLS_threats_found[$find] = $threat_name;
285
- $GOTMLS_new_contents = str_replace($find, "", $GOTMLS_new_contents);
286
  }
287
  }
288
  }
@@ -303,20 +303,20 @@ function GOTMLS_check_threat($check_threats, $file='UNKNOWN') {
303
  $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["most"] = $file_time;
304
  } elseif (is_array($threat_definitions) && count($threat_definitions) > 1 && strlen(array_shift($threat_definitions)) == 5) {
305
  while ($threat_definition = array_shift($threat_definitions)) {
306
- if ($found = @preg_match_all($threat_definition, $GOTMLS_file_contents, $threats_found)) {
307
  foreach ($threats_found[0] as $find) {
308
- $GOTMLS_threats_found[$find] = $threat_name;
309
- $GOTMLS_new_contents = str_replace($find, "", $GOTMLS_new_contents);
310
  }
311
  }
312
  }
313
  }
314
  }
315
  }
316
- } elseif (strlen($check_threats) && isset($_GET['eli']) && substr($check_threats, 0, 1) == '/' && ($found = preg_match_all($check_threats, $GOTMLS_file_contents, $threats_found))) {
317
  foreach ($threats_found[0] as $find) {
318
- $GOTMLS_threats_found[$find] = $check_threats;
319
- $GOTMLS_new_contents = str_replace($find, "", $GOTMLS_new_contents);
320
  }
321
  }
322
  if (isset($_SESSION["GOTMLS_debug"])) {
@@ -334,12 +334,12 @@ function GOTMLS_check_threat($check_threats, $file='UNKNOWN') {
334
  if (!isset($_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_level"]]["most"]) || $file_time > $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_level"]]["most"])
335
  $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_level"]]["most"] = $file_time;
336
  }
337
- return count($GOTMLS_threats_found);
338
  }
339
 
340
  function GOTMLS_scanfile($file) {
341
- global $wp_version, $GOTMLS_threat_files, $GOTMLS_threats_found, $GOTMLS_chmod_file, $GOTMLS_chmod_dir, $GOTMLS_file_contents, $GOTMLS_new_contents;
342
- $GOTMLS_threats_found = array();
343
  $gt = ">";
344
  $lt = "<";
345
  $found = false;
@@ -348,7 +348,7 @@ function GOTMLS_scanfile($file) {
348
  $clean_file = GOTMLS_encode($file);
349
  $file_name = GOTMLS_explode_dir($file);
350
  $file_parts = explode(".", ".".array_pop($file_name));
351
- if (is_file($file) && ($filesize = filesize($file)) && ($GOTMLS_file_contents = @file_get_contents($file))) {
352
  if (isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]["$wp_version"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]["$wp_version"]))
353
  $whitelist = array_flip($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]["$wp_version"]);
354
  else
@@ -360,9 +360,9 @@ function GOTMLS_scanfile($file) {
360
  $whitelist = array_merge($whitelist, $non_threats);
361
  }
362
  }
363
- if (isset($whitelist[md5($GOTMLS_file_contents).'O'.$filesize]))
364
  return GOTMLS_return_threat($className, "checked.gif?$className", $file, $threat_link);
365
- $GOTMLS_new_contents = $GOTMLS_file_contents;
366
  if (isset($GLOBALS["GOTMLS"]["log"]["settings"]["check_custom"]) && strlen($GLOBALS["GOTMLS"]["log"]["settings"]["check_custom"]) && isset($_GET['eli']) && substr($GLOBALS["GOTMLS"]["log"]["settings"]["check_custom"], 0, 1) == '/' && ($found = GOTMLS_check_threat($GLOBALS["GOTMLS"]["log"]["settings"]["check_custom"])))
367
  $className = "known";
368
  else {
@@ -376,7 +376,7 @@ function GOTMLS_scanfile($file) {
376
  $_SESSION["GOTMLS_debug"]["threat_level"] = $threat_level;
377
  $_SESSION["GOTMLS_debug"]["last"]["threat_level"] = microtime(true);
378
  }
379
- if (in_array($threat_level, $GLOBALS["GOTMLS"]["log"]["settings"]["check"]) && !$found && isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"][$threat_level]) && ($threat_level != "wp_core" || (substr($file, 0, strlen(ABSPATH)) == ABSPATH && isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]["$wp_version"]["$path"]))) && (!array_key_exists($threat_level, $GOTMLS_threat_files) || (substr($file."e", (-1 * strlen($GOTMLS_threat_files[$threat_level]."e"))) == $GOTMLS_threat_files[$threat_level]."e")) && ($found = GOTMLS_check_threat($GLOBALS["GOTMLS"]["tmp"]["definitions_array"][$threat_level],$file)))
380
  $className = $threat_level;
381
  }
382
  if (isset($_SESSION["GOTMLS_debug"])) {
@@ -396,35 +396,42 @@ function GOTMLS_scanfile($file) {
396
  }
397
  }
398
  } else {
399
- $GOTMLS_file_contents = (is_file($file)?(is_readable($file)?(filesize($file)?__("Failed to read file contents!",'gotmls'):__("Empty file!",'gotmls')):(isset($_GET["eli"])?(@chmod($file, $GOTMLS_chmod_file)?__("Fixed file permissions! (try again)",'gotmls'):__("File permissions read-only!",'gotmls')):__("File not readable!",'gotmls'))):__("File does not exist!",'gotmls'));
400
- // $threat_link = GOTMLS_error_link($GOTMLS_file_contents, $file);
401
  $className = "errors";
402
  }
403
- if (count($GOTMLS_threats_found)) {
404
- $threat_link = $lt.'a target="GOTMLS_iFrame" href="'.GOTMLS_script_URI.'&GOTMLS_scan='.$clean_file.'" id="list_'.$clean_file.'" onclick="loadIframe(\''.str_replace("\"", "&quot;", $lt.'div style="float: left;"'.$gt.'Examine&nbsp;File&nbsp;...&nbsp;'.$lt.'/div'.$gt.$lt.'div style="overflow: hidden; position: relative; height: 20px;"'.$gt.$lt.'div style="position: absolute; right: 0px; text-align: right; width: 9000px;"'.$gt.GOTMLS_strip4java($file)).$lt.'/div'.$gt.$lt.'/div'.$gt.'\');" class="GOTMLS_plugin"'.$gt;
405
  if ($className == "errors") {
406
- $threat_link = GOTMLS_error_link($GOTMLS_file_contents, $file);
407
  $imageFile = "/blocked";
408
  } elseif ($className != "potential") {
409
  if (isset($_POST["GOTMLS_fix"]) && is_array($_POST["GOTMLS_fix"]) && in_array($clean_file, $_POST["GOTMLS_fix"])) {
410
  if ($className == "timthumb") {
411
  if (($source = GOTMLS_get_URL("http://$className.googlecode.com/svn/trunk/$className.php")) && strlen($source) > 500)
412
- $GOTMLS_new_contents = $source;
413
  else
414
- $GOTMLS_file_contents = "";
415
  } elseif ($className == 'wp_core') {
416
  $path = str_replace("//", "/", "/".str_replace("\\", "/", substr($file, strlen(ABSPATH))));
417
- if (substr($file, 0, strlen(ABSPATH)) == ABSPATH && isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]["$wp_version"]["$path"]) && ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]["$wp_version"]["$path"] != md5($GOTMLS_file_contents)."O".strlen($GOTMLS_file_contents)) && ($source = GOTMLS_get_URL("http://core.svn.wordpress.org/tags/$wp_version$path")) && ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]["$wp_version"]["$path"] == md5($source)."O".strlen($source)))
418
- $GOTMLS_new_contents = $source;
419
  else
420
- $GOTMLS_file_contents = "";
421
- } else
422
- $GOTMLS_new_contents = trim(preg_replace('/'.$lt.'\?(php)?\s*(\/\*.*?\*\/\s*)*(\?'.$gt.'|$)/is', "", $GOTMLS_new_contents));
423
- if (strlen($GOTMLS_file_contents) > 0 && (GOTMLS_write_quarantine($file, $className) !== false) && ((strlen($GOTMLS_new_contents)==0 && isset($_GET["eli"]) && @unlink($file)) || (GOTMLS_file_put_contents($file, $GOTMLS_new_contents) !== false))) {
 
 
 
 
 
 
 
424
  echo __("Success!",'gotmls');
425
  return "/*--{$gt}*"."/\nfixedFile('$clean_file');\n/*{$lt}!--*"."/";
426
  } else {
427
- echo __("Failed:",'gotmls').' '.(strlen($GOTMLS_file_contents)?((is_writable(dirname($file)) && is_writable($file))?__("reason unknown!",'gotmls'):__("file not writable!",'gotmls')):__("no file contents!",'gotmls'));
428
  if (isset($_GET["eli"]))
429
  echo 'uid='.getmyuid().'('.get_current_user().'),gid='.getmygid().($lt.'br'.$gt.$lt.'pre'.$gt.'file_stat'.print_r(stat($file), true));
430
  return "/*--{$gt}*"."/\nfailedFile('$clean_file');\n/*{$lt}!--*"."/";
@@ -535,8 +542,8 @@ function GOTMLS_html_tags($tags, $inner = array()) {
535
  }
536
 
537
  function GOTMLS_write_quarantine($file, $className) {
538
- global $wpdb, $current_user, $GOTMLS_file_contents, $GOTMLS_new_contents, $GOTMLS_threats_found;
539
- $insert = array("post_author"=>GOTMLS_get_current_user_id(), "post_content"=>GOTMLS_encode($GOTMLS_file_contents), "post_mime_type"=>md5($GOTMLS_file_contents), "post_title"=>$file, "ping_status"=>$className, "post_status"=>"private", "post_type"=>"GOTMLS_quarantine", "post_content_filtered"=>GOTMLS_encode($GOTMLS_new_contents));
540
  $insert["post_date"] = date("Y-m-d H:i:s");
541
  $insert["post_date_gmt"] = $insert["post_date"];
542
  if (is_file($file)) {
@@ -549,12 +556,12 @@ function GOTMLS_write_quarantine($file, $className) {
549
  else
550
  $insert["post_modified_gmt"] = $insert["post_date"];
551
  if (!($insert["comment_count"] = @filesize($file)))
552
- $insert["comment_count"] = strlen($GOTMLS_file_contents);
553
  }
554
- if (isset($GOTMLS_threats_found) && is_array($GOTMLS_threats_found)) {
555
- $insert["post_excerpt"] = GOTMLS_encode(@serialize($GOTMLS_threats_found));
556
  $pinged = array();
557
- foreach ($GOTMLS_threats_found as $threat_name) {
558
  if (isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["$className"]["$threat_name"][0]) && isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["$className"]["$threat_name"][1]) && strlen($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["$className"]["$threat_name"][0]) == 5 && strlen($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["$className"]["$threat_name"][1]))
559
  $ping = $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["$className"]["$threat_name"][1];
560
  else
@@ -570,7 +577,7 @@ function GOTMLS_write_quarantine($file, $className) {
570
  }
571
 
572
  function GOTMLS_get_current_user_id() {
573
- global $current_user;//, $GOTMLS_new_contents, $GOTMLS_file_contents, $GOTMLS_threats_found;
574
  if ($current_user = @get_current_user())
575
  return $current_user->ID;
576
  else
@@ -601,7 +608,7 @@ function GOTMLS_flush($tag = "") {
601
  }
602
 
603
  function GOTMLS_readdir($dir, $current_depth = 1) {
604
- global $GOTMLS_scanfiles, $GOTMLS_skip_dirs, $GOTMLS_dirs_at_depth, $GOTMLS_dir_at_depth, $GOTMLS_total_percent;
605
  if ($current_depth) {
606
  @set_time_limit($GLOBALS["GOTMLS"]["tmp"]['execution_time']);
607
  $entries = GOTMLS_getfiles($dir);
@@ -625,10 +632,10 @@ function GOTMLS_readdir($dir, $current_depth = 1) {
625
  $GOTMLS_dirs_at_depth[$current_depth] = count($directories);
626
  $GOTMLS_dir_at_depth[$current_depth] = 0;
627
  } else
628
- $GOTMLS_scanfiles[GOTMLS_encode($dir)] = GOTMLS_strip4java(str_replace(dirname($GLOBALS["GOTMLS"]["log"]["scan"]["dir"]), "...", $dir));
629
  foreach ($directories as $directory) {
630
  $path = GOTMLS_trailingslashit($dir).$directory;
631
- if (isset($_REQUEST["scan_depth"]) && is_numeric($_REQUEST["scan_depth"]) && ($_REQUEST["scan_depth"] != $current_depth) && !in_array($directory, $GOTMLS_skip_dirs)) {
632
  $current_depth++;
633
  $current_depth = GOTMLS_readdir($path, $current_depth);
634
  } else {
@@ -696,9 +703,9 @@ function GOTMLS_strip4java($item) {
696
  function GOTMLS_error_link($errorTXT, $file = "", $class = "errors") {
697
  global $post;
698
  if (is_numeric($file) && isset($post->post_title))
699
- $onclick = 'loadIframe(\''.str_replace("\"", "&quot;", '<div style="float: left; white-space: nowrap;">'.__("Examine Quarantined File",'gotmls').' ... </div><div style="overflow: hidden; position: relative; height: 20px;"><div style="position: absolute; right: 0px; text-align: right; width: 9000px;">'.GOTMLS_strip4java($post->post_title)).'</div></div>\');" href="'.GOTMLS_script_URI.'&GOTMLS_scan='.$file;
700
  elseif ($file)
701
- $onclick = 'loadIframe(\''.str_replace("\"", "&quot;", '<div style="float: left; white-space: nowrap;">'.__("Examine File",'gotmls').' ... </div><div style="overflow: hidden; position: relative; height: 20px;"><div style="position: absolute; right: 0px; text-align: right; width: 9000px;">'.GOTMLS_strip4java($file)).'</div></div>\');" href="'.GOTMLS_script_URI.'&GOTMLS_scan='.GOTMLS_encode($file);
702
  else
703
  $onclick = 'return false;';
704
  return "<a title=\"$errorTXT\" target=\"GOTMLS_iFrame\" onclick=\"$onclick\" class=\"GOTMLS_plugin $class\">";
@@ -802,7 +809,7 @@ GOTMLS_define("GOTMLS_plugin_home", $GLOBALS["GOTMLS"]["tmp"]["protocol"].'//got
802
  GOTMLS_define("GOTMLS_update_home", "http://updates.gotmls.net/".GOTMLS_installation_key.'/');
803
  GOTMLS_define("GOTMLS_blog_home", $GLOBALS["GOTMLS"]["tmp"]["protocol"].'//wordpress.'.$GLOBALS["GOTMLS"]["tmp"]["default_ext"]);
804
  $GLOBALS["GOTMLS"]["tmp"]["Definition"]["Default"] = "F277h";
805
- if (!is_array($GLOBALS["GOTMLS"]["tmp"]["definitions_array"] = maybe_unserialize(GOTMLS_decode('YToxOntzOjk6InBvdGVudGlhbCI7YToxNDp7czo0OiJldmFsIjthOjI6e2k6MDtzOjU6IkVBUExxIjtpOjE7czozNToiL1teYS16XC8nIl1ldmFsXChbXlwpXStbJyJcc1wpO10rL2kiO31zOjk6ImF1dGhfcGFzcyI7YToyOntpOjA7czo1OiJDQ0lHRyI7aToxO3M6MjQ6Ii9cJGF1dGhfcGFzc1sgPVx0XSsuKzsvaSI7fXM6MjE6ImRvY3VtZW50LndyaXRlIGlmcmFtZSI7YToyOntpOjA7czo1OiJDQ0lHRyI7aToxO3M6NTI6Ii9kb2N1bWVudFwud3JpdGVcKFsnIl08aWZyYW1lIC4rPFwvaWZyYW1lPlsnIl1cKTsqL2kiO31zOjE1OiJwcmVnX3JlcGxhY2UgL2UiO2E6Mjp7aTowO3M6NToiQ0NJR0ciO2k6MTtzOjUwOiIvcHJlZ19yZXBsYWNlWyBcdF0qXCguK1tcL1wjXHxdW2ldKmVbaV0qWyciXS4rXCkvaSI7fXM6MjA6ImV4ZWMgc3lzdGVtIHBhc3N0aHJ1IjthOjI6e2k6MDtzOjU6IkVBUExnIjtpOjE7czo1MToiLzxcPy4rP2V4ZWNcKC4rP3N5c3RlbVwoLis_cGFzc3RocnVcKC4rZndyaXRlXCguKy9zIjt9czoyOToiRXh0ZXJuYWwgUmVkaXJlY3QgUmV3cml0ZVJ1bGUiO2E6Mjp7aTowO3M6NToiRjFVSVoiO2k6MTtzOjQyOiIvUmV3cml0ZVJ1bGUgW14gXSsgaHR0cFw6XC9cLyg_ITEyN1wuKS4qL2kiO31zOjM1OiJubyBlcnJvcl9yZXBvcnRpbmcgbG9uZyBsaW5lcyBhbG9uZSI7YToyOntpOjA7czo1OiJEMzVCYSI7aToxO3M6Nzk6Ii88XD8ocGhwKSpbXHJcblx0IFxAXSplcnJvcl9yZXBvcnRpbmdcKDBcKTsuKz9bYS16MC05XC9cLVw9JyJcLlxdezIwMDB9Lio_XD8-L2kiO31zOjIyOiJwcm90ZWN0ZWQgYnkgY29weXJpZ2h0IjthOjI6e2k6MDtzOjU6IkQ4TUN3IjtpOjE7czoxMzY6Ii9cL1wqIFRoaXMgZmlsZSBpcyBwcm90ZWN0ZWQgYnkgY29weXJpZ2h0IGxhdyBhbmQgcHJvdmlkZWQgdW5kZXIgbGljZW5zZS4gUmV2ZXJzZSBlbmdpbmVlcmluZyBvZiB0aGlzIGZpbGUgaXMgc3RyaWN0bHkgcHJvaGliaXRlZC4gXCpcLy8iO31zOjE5OiJhIHNwYW4gY29sb3IgRjFFRkU0IjthOjI6e2k6MDtzOjU6IkQ4UkFQIjtpOjE7czoxMTg6Ii9cPGEgW15cPl0rXD5cPHNwYW4gc3R5bGU9ImNvbG9yXDpcI0YxRUZFNDsiXD4oLis_KVw8XC9zcGFuXD5cPFwvYVw-XDxzcGFuIHN0eWxlPSJjb2xvclw6XCNGMUVGRTQ7Ilw-KC4rPylcPFwvc3Bhblw-L2kiO31zOjE3OiJWYXJpYWJsZSBGdW5jdGlvbiI7YToyOntpOjA7czo1OiJFODU2TCI7aToxO3M6Njc6Ii8oPCFcZClcJFtcJFx7XSpbYS16XC1cXzAtOV0rW1x9IFx0XSooXFtbXlxdXStcXVsgXHRdKikqXCguKj9cKVw7L2kiO31zOjExOiJUYWdnZWQgQ29kZSI7YToyOntpOjA7czo1OiJFNExNRyI7aToxO3M6MjQ6Ii9cIyhcdyspXCMuKz9cI1wvXDFcIy9pcyI7fXM6MTU6ImNyZWF0ZV9mdW5jdGlvbiI7YToyOntpOjA7czo1OiJFQVBMbSI7aToxO3M6NzU6Ii8oXCRbYS16XzAtOV0rWz1cc1xAXSspP2NyZWF0ZV9mdW5jdGlvblwoW14sXStbLFxzXStcJFthLXpfMC05XStbXHNcKV0rOyovaSI7fXM6NDM6ImZ1bmN0aW9uIGFkZF9hY3Rpb24gd3BfZW5xdWV1ZV9zY3JpcHQganNvbjIiO2E6Mjp7aTowO3M6NToiRjExNHYiO2k6MTtzOjE3OiIvanNvbjJcLm1pblwuanMvaSI7fXM6NDc6IlJld3JpdGVDb25kIEhUVFBfVVNFUl9BR0VOVCBSZXdyaXRlUnVsZSBodHRwIElQIjthOjI6e2k6MDtzOjU6IkYyNzdoIjtpOjE7czo4NDoiLyhSZXdyaXRlQ29uZCBcJVx7SFRUUF9VU0VSX0FHRU5UXH0gLitccyspK1Jld3JpdGVSdWxlIFxeLipcJCBodHRwOlwvXC8oPyExMjdcLikuKi9pIjt9fX02'))))
806
  $GLOBALS["GOTMLS"]["tmp"]["HeadersError"] = '<div class="error">'.__('The <b>base64_decode</b> function is currently disabled by the disable_functions Directive in your server\'s php.ini file.<br />This function is required for this Anti-Malware plugin to work properly.<br />Check the disable_functions Directive in your php.ini and take out base64_decode to fix this problem.','gotmls').'</div>';
807
  function GOTMLS_file_put_contents($file, $content) {
808
  global $GOTMLS_chmod_file, $GOTMLS_chmod_dir;
@@ -844,11 +851,14 @@ function GOTMLS_scan_log() {
844
  $time = floor($time/$units[$ukeys[$key]]);
845
  if (1 == $time)
846
  $unit = substr($unit, 0, -1);
847
- $LastScan .= " and ran for $time $unit";
 
 
 
848
  } else
849
  $LastScan .= " and has not finish";
850
  if (!isset($_GET['Scanlog']))
851
- $LastScan .= '<a style="float: right;" href="admin.php?page=GOTMLS-View-Quarantine&Scanlog">'.__("View Scan Log",'gotmls').'</a>';
852
  } else
853
  $LastScan = "never started ";
854
  return "Last ".(isset($GOTMLS_scan_log["scan"]["type"])?$GOTMLS_scan_log["scan"]["type"]:"Scan")." $LastScan";
@@ -856,7 +866,7 @@ function GOTMLS_scan_log() {
856
 
857
  function GOTMLS_get_URL($URL) {
858
  $response = "";
859
- $request = wp_remote_get($URL);
860
  if (200 == wp_remote_retrieve_response_code($request))
861
  $response = wp_remote_retrieve_body($request);
862
  return $response;
25
  }}
26
 
27
  $GLOBALS["GOTMLS"] = array(
28
+ "tmp"=>array("HeadersError"=>"", "onLoad"=>"", "file_contents"=>"", "new_contents"=>"", "threats_found"=>array(),
29
+ "skip_dirs" => array(".", ".."), "scanfiles" => array(),
30
+ "mt" => ((isset($_GET["mt"])&&is_numeric($_GET["mt"]))?$_GET["mt"]:microtime(true)),
31
+ "threat_files" => array("htaccess"=>".htaccess","timthumb"=>"thumb.php"),
32
  "threat_levels" => array(__("htaccess Threats",'gotmls')=>"htaccess",__("TimThumb Exploits",'gotmls')=>"timthumb",__("Backdoor Scripts",'gotmls')=>"backdoor",__("Known Threats",'gotmls')=>"known",__("Core File Changes",'gotmls')=>"wp_core",__("Potential Threats",'gotmls')=>"potential"),
33
  "default_ext"=>"ieonly.", "skip_ext"=>array("png", "jpg", "jpeg", "gif", "bmp", "tif", "tiff", "psd", "fla", "flv", "mov", "mp3", "exe", "zip", "pdf", "css", "pot", "po", "mo", "so", "doc", "docx", "svg", "ttf"),
34
  "execution_time" => 60,
87
 
88
  //GOTMLS_define("GOTMLS_Skip_Quarantine_LANGUAGE", __("Skip scanning the Quarantine:",'gotmls'));
89
  GOTMLS_define("GOTMLS_Failed_to_list_LANGUAGE", __("Failed to list files in directory!",'gotmls'));
90
+ GOTMLS_define("GOTMLS_Run_Quick_Scan_LANGUAGE", __("Quick Scan",'gotmls'));
91
  GOTMLS_define("GOTMLS_View_Quarantine_LANGUAGE", __("View Quarantine",'gotmls'));
92
+ GOTMLS_define("GOTMLS_View_Scan_Log_LANGUAGE", __("View Scan Log",'gotmls'));
93
  GOTMLS_define("GOTMLS_require_version_LANGUAGE", sprintf(__("This Plugin requires WordPress version %s or higher",'gotmls'), GOTMLS_require_version));
94
  GOTMLS_define("GOTMLS_Scan_Settings_LANGUAGE", __("Scan Settings",'gotmls'));
95
  GOTMLS_define("GOTMLS_Loading_LANGUAGE", __("Loading, Please Wait ...",'gotmls'));
112
  $GLOBALS["GOTMLS"]["tmp"]["protocol"] = "http:";
113
  if (function_exists("get_option")) {
114
  $GLOBALS["GOTMLS"]["tmp"]["settings_array"] = get_option('GOTMLS_settings_array', array());
115
+ $GLOBALS["GOTMLS"]["tmp"]["definitions_array"] = get_option('GOTMLS_definitions_array', array());
116
  GOTMLS_define("GOTMLS_siteurl", get_option("siteurl"));
117
  $GLOBALS["GOTMLS"]["log"] = get_option('GOTMLS_scan_log/'.(isset($_SERVER["REMOTE_ADDR"])?$_SERVER["REMOTE_ADDR"]:"0.0.0.0").'/'.$GLOBALS["GOTMLS"]["tmp"]["mt"], array());
118
+ if (!(isset($GLOBALS["GOTMLS"]["log"]["settings"]) && is_array($GLOBALS["GOTMLS"]["log"]["settings"])))
119
+ $GLOBALS["GOTMLS"]["log"]["settings"] = $GLOBALS["GOTMLS"]["tmp"]["settings_array"];
120
  } else {
121
  GOTMLS_define("GOTMLS_siteurl", $GLOBALS["GOTMLS"]["tmp"]["protocol"].$SERVER_parts[1].((count($SERVER_parts) > 2 && ($SERVER_parts[2] == '80' || $SERVER_parts[2] == '443'))?"":":".$SERVER_parts[2])."/");
122
  $GLOBALS["GOTMLS"]["log"] = array();
123
  $GLOBALS["GOTMLS"]["tmp"]["settings_array"] = array();
124
+ $GLOBALS["GOTMLS"]["tmp"]["definitions_array"] = array();
125
  }
126
  GOTMLS_define("GOTMLS_installation_key", md5(GOTMLS_siteurl));
127
  if (function_exists("plugins_url"))
137
 
138
  $GOTMLS_chmod_file = (0644);
139
  $GOTMLS_chmod_dir = (0755);
 
 
 
 
140
  $GOTMLS_image_alt = array("wait"=>"...", "checked"=>"&#x2714;", "blocked"=>"X", "question"=>"?", "threat"=>"!");
 
141
  $GOTMLS_dir_at_depth = array();
142
  $GOTMLS_dirs_at_depth = array();
 
 
143
 
144
  if (isset($_REQEUST['img']) && substr(strtolower($_SERVER["SCRIPT_FILENAME"]), -15) == "/admin-ajax.php" && !in_array(GOTMLS_get_ext($_REQEUST['img']), $GLOBALS["GOTMLS"]["tmp"]["skip_ext"]))
145
  include(dirname(__FILE__)."/../safe-load/index.php");
256
  }
257
 
258
  function GOTMLS_check_threat($check_threats, $file='UNKNOWN') {
259
+ global $wp_version;
260
+ $GLOBALS["GOTMLS"]["tmp"]["threats_found"] = array();
261
  if (is_array($check_threats)) {
262
  $path = str_replace("//", "/", "/".str_replace("\\", "/", substr($file, strlen(ABSPATH))));
263
  if (substr($file, 0, strlen(ABSPATH)) == ABSPATH && isset($check_threats["$wp_version"]["$path"])) {
264
+ if (($check_threats["$wp_version"]["$path"] != md5($GLOBALS["GOTMLS"]["tmp"]["file_contents"])."O".strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"])) && ($source = GOTMLS_get_URL("http://core.svn.wordpress.org/tags/$wp_version$path")) && ($check_threats["$wp_version"]["$path"] == md5($source)."O".strlen($source))) {
265
  for ($start = 0, $end = 0, $len = strlen($source); ($start == 0 || $end == 0) && $len > 0; $len--){
266
+ if ($start == 0 && substr($source, 0, $len) == substr($GLOBALS["GOTMLS"]["tmp"]["file_contents"], 0, $len))
267
  $start = $len;
268
+ if ($end == 0 && substr($source, -1 * $len) == substr($GLOBALS["GOTMLS"]["tmp"]["file_contents"], -1 * $len))
269
  $end = $len;
270
  }
271
+ if (!(($start + $end < strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"])) && ($find = ($end?substr($GLOBALS["GOTMLS"]["tmp"]["file_contents"], $start, -1 * $end):substr($GLOBALS["GOTMLS"]["tmp"]["file_contents"], $start)))))
272
+ $find = $GLOBALS["GOTMLS"]["tmp"]["file_contents"];
273
+ $GLOBALS["GOTMLS"]["tmp"]["threats_found"]["$find"] = "Core File Modified";
274
+ $GLOBALS["GOTMLS"]["tmp"]["new_contents"] = $source;
275
  }
276
  } else {
277
  foreach ($check_threats as $threat_name=>$threat_definitions) {
279
  $_SESSION["GOTMLS_debug"]["threat_name"] = $threat_name;
280
  $_SESSION["GOTMLS_debug"]["last"]["threat_name"] = microtime(true);
281
  while ($threat_definition = array_shift($threat_definitions)) {
282
+ if ($found = @preg_match_all($threat_definition, $GLOBALS["GOTMLS"]["tmp"]["file_contents"], $threats_found)) {
283
  foreach ($threats_found[0] as $find) {
284
+ $GLOBALS["GOTMLS"]["tmp"]["threats_found"][$find] = $threat_name;
285
+ $GLOBALS["GOTMLS"]["tmp"]["new_contents"] = str_replace($find, "", $GLOBALS["GOTMLS"]["tmp"]["new_contents"]);
286
  }
287
  }
288
  }
303
  $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["most"] = $file_time;
304
  } elseif (is_array($threat_definitions) && count($threat_definitions) > 1 && strlen(array_shift($threat_definitions)) == 5) {
305
  while ($threat_definition = array_shift($threat_definitions)) {
306
+ if ($found = @preg_match_all($threat_definition, $GLOBALS["GOTMLS"]["tmp"]["file_contents"], $threats_found)) {
307
  foreach ($threats_found[0] as $find) {
308
+ $GLOBALS["GOTMLS"]["tmp"]["threats_found"][$find] = $threat_name;
309
+ $GLOBALS["GOTMLS"]["tmp"]["new_contents"] = str_replace($find, "", $GLOBALS["GOTMLS"]["tmp"]["new_contents"]);
310
  }
311
  }
312
  }
313
  }
314
  }
315
  }
316
+ } elseif (strlen($check_threats) && isset($_GET['eli']) && substr($check_threats, 0, 1) == '/' && ($found = preg_match_all($check_threats, $GLOBALS["GOTMLS"]["tmp"]["file_contents"], $threats_found))) {
317
  foreach ($threats_found[0] as $find) {
318
+ $GLOBALS["GOTMLS"]["tmp"]["threats_found"][$find] = $check_threats;
319
+ $GLOBALS["GOTMLS"]["tmp"]["new_contents"] = str_replace($find, "", $GLOBALS["GOTMLS"]["tmp"]["new_contents"]);
320
  }
321
  }
322
  if (isset($_SESSION["GOTMLS_debug"])) {
334
  if (!isset($_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_level"]]["most"]) || $file_time > $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_level"]]["most"])
335
  $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_level"]]["most"] = $file_time;
336
  }
337
+ return count($GLOBALS["GOTMLS"]["tmp"]["threats_found"]);
338
  }
339
 
340
  function GOTMLS_scanfile($file) {
341
+ global $wp_version, $GOTMLS_chmod_file, $GOTMLS_chmod_dir;
342
+ $GLOBALS["GOTMLS"]["tmp"]["threats_found"] = array();
343
  $gt = ">";
344
  $lt = "<";
345
  $found = false;
348
  $clean_file = GOTMLS_encode($file);
349
  $file_name = GOTMLS_explode_dir($file);
350
  $file_parts = explode(".", ".".array_pop($file_name));
351
+ if (is_file($file) && ($filesize = filesize($file)) && ($GLOBALS["GOTMLS"]["tmp"]["file_contents"] = @file_get_contents($file))) {
352
  if (isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]["$wp_version"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]["$wp_version"]))
353
  $whitelist = array_flip($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]["$wp_version"]);
354
  else
360
  $whitelist = array_merge($whitelist, $non_threats);
361
  }
362
  }
363
+ if (isset($whitelist[md5($GLOBALS["GOTMLS"]["tmp"]["file_contents"]).'O'.$filesize]))
364
  return GOTMLS_return_threat($className, "checked.gif?$className", $file, $threat_link);
365
+ $GLOBALS["GOTMLS"]["tmp"]["new_contents"] = $GLOBALS["GOTMLS"]["tmp"]["file_contents"];
366
  if (isset($GLOBALS["GOTMLS"]["log"]["settings"]["check_custom"]) && strlen($GLOBALS["GOTMLS"]["log"]["settings"]["check_custom"]) && isset($_GET['eli']) && substr($GLOBALS["GOTMLS"]["log"]["settings"]["check_custom"], 0, 1) == '/' && ($found = GOTMLS_check_threat($GLOBALS["GOTMLS"]["log"]["settings"]["check_custom"])))
367
  $className = "known";
368
  else {
376
  $_SESSION["GOTMLS_debug"]["threat_level"] = $threat_level;
377
  $_SESSION["GOTMLS_debug"]["last"]["threat_level"] = microtime(true);
378
  }
379
+ if (in_array($threat_level, $GLOBALS["GOTMLS"]["log"]["settings"]["check"]) && !$found && isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"][$threat_level]) && ($threat_level != "wp_core" || (substr($file, 0, strlen(ABSPATH)) == ABSPATH && isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]["$wp_version"]["$path"]))) && (!array_key_exists($threat_level, $GLOBALS["GOTMLS"]["tmp"]["threat_files"]) || (substr($file."e", (-1 * strlen($GLOBALS["GOTMLS"]["tmp"]["threat_files"][$threat_level]."e"))) == $GLOBALS["GOTMLS"]["tmp"]["threat_files"][$threat_level]."e")) && ($found = GOTMLS_check_threat($GLOBALS["GOTMLS"]["tmp"]["definitions_array"][$threat_level],$file)))
380
  $className = $threat_level;
381
  }
382
  if (isset($_SESSION["GOTMLS_debug"])) {
396
  }
397
  }
398
  } else {
399
+ $GLOBALS["GOTMLS"]["tmp"]["file_contents"] = (is_file($file)?(is_readable($file)?(filesize($file)?__("Failed to read file contents!",'gotmls'):__("Empty file!",'gotmls')):(isset($_GET["eli"])?(@chmod($file, $GOTMLS_chmod_file)?__("Fixed file permissions! (try again)",'gotmls'):__("File permissions read-only!",'gotmls')):__("File not readable!",'gotmls'))):__("File does not exist!",'gotmls'));
400
+ // $threat_link = GOTMLS_error_link($GLOBALS["GOTMLS"]["tmp"]["file_contents"], $file);
401
  $className = "errors";
402
  }
403
+ if (count($GLOBALS["GOTMLS"]["tmp"]["threats_found"])) {
404
+ $threat_link = $lt.'a target="GOTMLS_iFrame" href="'.admin_url('admin-ajax.php?action=GOTMLS_scan&mt='.$GLOBALS["GOTMLS"]["tmp"]["mt"].'&GOTMLS_scan='.$clean_file).'" id="list_'.$clean_file.'" onclick="loadIframe(\''.str_replace("\"", "&quot;", $lt.'div style="float: left;"'.$gt.'Examine&nbsp;File&nbsp;...&nbsp;'.$lt.'/div'.$gt.$lt.'div style="overflow: hidden; position: relative; height: 20px;"'.$gt.$lt.'div style="position: absolute; right: 0px; text-align: right; width: 9000px;"'.$gt.GOTMLS_strip4java($file)).$lt.'/div'.$gt.$lt.'/div'.$gt.'\');" class="GOTMLS_plugin"'.$gt;
405
  if ($className == "errors") {
406
+ $threat_link = GOTMLS_error_link($GLOBALS["GOTMLS"]["tmp"]["file_contents"], $file);
407
  $imageFile = "/blocked";
408
  } elseif ($className != "potential") {
409
  if (isset($_POST["GOTMLS_fix"]) && is_array($_POST["GOTMLS_fix"]) && in_array($clean_file, $_POST["GOTMLS_fix"])) {
410
  if ($className == "timthumb") {
411
  if (($source = GOTMLS_get_URL("http://$className.googlecode.com/svn/trunk/$className.php")) && strlen($source) > 500)
412
+ $GLOBALS["GOTMLS"]["tmp"]["new_contents"] = $source;
413
  else
414
+ $GLOBALS["GOTMLS"]["tmp"]["file_contents"] = "";
415
  } elseif ($className == 'wp_core') {
416
  $path = str_replace("//", "/", "/".str_replace("\\", "/", substr($file, strlen(ABSPATH))));
417
+ if (substr($file, 0, strlen(ABSPATH)) == ABSPATH && isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]["$wp_version"]["$path"]) && ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]["$wp_version"]["$path"] != md5($GLOBALS["GOTMLS"]["tmp"]["file_contents"])."O".strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"])) && ($source = GOTMLS_get_URL("http://core.svn.wordpress.org/tags/$wp_version$path")) && ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]["$wp_version"]["$path"] == md5($source)."O".strlen($source)))
418
+ $GLOBALS["GOTMLS"]["tmp"]["new_contents"] = $source;
419
  else
420
+ $GLOBALS["GOTMLS"]["tmp"]["file_contents"] = "";
421
+ } else {
422
+ $GOTMLS_no_contents = trim(preg_replace('/\/\*.*?\*\/\s*/s', "", $GLOBALS["GOTMLS"]["tmp"]["new_contents"]));
423
+ $GOTMLS_no_contents = trim(preg_replace('/\n\s*\/\/.*/', "", $GOTMLS_no_contents));
424
+ $GOTMLS_no_contents = trim(preg_replace('/'.$lt.'\?(php)?\s*(\?'.$gt.'|$)/is', "", $GOTMLS_no_contents));
425
+ if (strlen($GOTMLS_no_contents))
426
+ $GLOBALS["GOTMLS"]["tmp"]["new_contents"] = trim(preg_replace('/'.$lt.'\?(php)?\s*(\?'.$gt.'|$)/is', "", $GLOBALS["GOTMLS"]["tmp"]["new_contents"]));
427
+ else
428
+ $GLOBALS["GOTMLS"]["tmp"]["new_contents"] = "";
429
+ }
430
+ if (strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]) > 0 && (GOTMLS_write_quarantine($file, $className) !== false) && ((strlen($GLOBALS["GOTMLS"]["tmp"]["new_contents"])==0 && isset($_GET["eli"]) && @unlink($file)) || (GOTMLS_file_put_contents($file, $GLOBALS["GOTMLS"]["tmp"]["new_contents"]) !== false))) {
431
  echo __("Success!",'gotmls');
432
  return "/*--{$gt}*"."/\nfixedFile('$clean_file');\n/*{$lt}!--*"."/";
433
  } else {
434
+ echo __("Failed:",'gotmls').' '.(strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"])?((is_writable(dirname($file)) && is_writable($file))?__("reason unknown!",'gotmls'):__("file not writable!",'gotmls')):__("no file contents!",'gotmls'));
435
  if (isset($_GET["eli"]))
436
  echo 'uid='.getmyuid().'('.get_current_user().'),gid='.getmygid().($lt.'br'.$gt.$lt.'pre'.$gt.'file_stat'.print_r(stat($file), true));
437
  return "/*--{$gt}*"."/\nfailedFile('$clean_file');\n/*{$lt}!--*"."/";
542
  }
543
 
544
  function GOTMLS_write_quarantine($file, $className) {
545
+ global $wpdb, $current_user;
546
+ $insert = array("post_author"=>GOTMLS_get_current_user_id(), "post_content"=>GOTMLS_encode($GLOBALS["GOTMLS"]["tmp"]["file_contents"]), "post_mime_type"=>md5($GLOBALS["GOTMLS"]["tmp"]["file_contents"]), "post_title"=>$file, "ping_status"=>$className, "post_status"=>"private", "post_type"=>"GOTMLS_quarantine", "post_content_filtered"=>GOTMLS_encode($GLOBALS["GOTMLS"]["tmp"]["new_contents"]));
547
  $insert["post_date"] = date("Y-m-d H:i:s");
548
  $insert["post_date_gmt"] = $insert["post_date"];
549
  if (is_file($file)) {
556
  else
557
  $insert["post_modified_gmt"] = $insert["post_date"];
558
  if (!($insert["comment_count"] = @filesize($file)))
559
+ $insert["comment_count"] = strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]);
560
  }
561
+ if (isset($GLOBALS["GOTMLS"]["tmp"]["threats_found"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["threats_found"])) {
562
+ $insert["post_excerpt"] = GOTMLS_encode(@serialize($GLOBALS["GOTMLS"]["tmp"]["threats_found"]));
563
  $pinged = array();
564
+ foreach ($GLOBALS["GOTMLS"]["tmp"]["threats_found"] as $threat_name) {
565
  if (isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["$className"]["$threat_name"][0]) && isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["$className"]["$threat_name"][1]) && strlen($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["$className"]["$threat_name"][0]) == 5 && strlen($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["$className"]["$threat_name"][1]))
566
  $ping = $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["$className"]["$threat_name"][1];
567
  else
577
  }
578
 
579
  function GOTMLS_get_current_user_id() {
580
+ global $current_user;
581
  if ($current_user = @get_current_user())
582
  return $current_user->ID;
583
  else
608
  }
609
 
610
  function GOTMLS_readdir($dir, $current_depth = 1) {
611
+ global $GOTMLS_dirs_at_depth, $GOTMLS_dir_at_depth, $GOTMLS_total_percent;
612
  if ($current_depth) {
613
  @set_time_limit($GLOBALS["GOTMLS"]["tmp"]['execution_time']);
614
  $entries = GOTMLS_getfiles($dir);
632
  $GOTMLS_dirs_at_depth[$current_depth] = count($directories);
633
  $GOTMLS_dir_at_depth[$current_depth] = 0;
634
  } else
635
+ $GLOBALS["GOTMLS"]["tmp"]["scanfiles"][GOTMLS_encode($dir)] = GOTMLS_strip4java(str_replace(dirname($GLOBALS["GOTMLS"]["log"]["scan"]["dir"]), "...", $dir));
636
  foreach ($directories as $directory) {
637
  $path = GOTMLS_trailingslashit($dir).$directory;
638
+ if (isset($_REQUEST["scan_depth"]) && is_numeric($_REQUEST["scan_depth"]) && ($_REQUEST["scan_depth"] != $current_depth) && !in_array($directory, $GLOBALS["GOTMLS"]["tmp"]["skip_dirs"])) {
639
  $current_depth++;
640
  $current_depth = GOTMLS_readdir($path, $current_depth);
641
  } else {
703
  function GOTMLS_error_link($errorTXT, $file = "", $class = "errors") {
704
  global $post;
705
  if (is_numeric($file) && isset($post->post_title))
706
+ $onclick = 'loadIframe(\''.str_replace("\"", "&quot;", '<div style="float: left; white-space: nowrap;">'.__("Examine Quarantined File",'gotmls').' ... </div><div style="overflow: hidden; position: relative; height: 20px;"><div style="position: absolute; right: 0px; text-align: right; width: 9000px;">'.GOTMLS_strip4java($post->post_title)).'</div></div>\');" href="'.admin_url('admin-ajax.php?action=GOTMLS_scan&mt='.$GLOBALS["GOTMLS"]["tmp"]["mt"].'&GOTMLS_scan='.$file);
707
  elseif ($file)
708
+ $onclick = 'loadIframe(\''.str_replace("\"", "&quot;", '<div style="float: left; white-space: nowrap;">'.__("Examine File",'gotmls').' ... </div><div style="overflow: hidden; position: relative; height: 20px;"><div style="position: absolute; right: 0px; text-align: right; width: 9000px;">'.GOTMLS_strip4java($file)).'</div></div>\');" href="'.admin_url('admin-ajax.php?action=GOTMLS_scan&mt='.$GLOBALS["GOTMLS"]["tmp"]["mt"].'&GOTMLS_scan='.GOTMLS_encode($file));
709
  else
710
  $onclick = 'return false;';
711
  return "<a title=\"$errorTXT\" target=\"GOTMLS_iFrame\" onclick=\"$onclick\" class=\"GOTMLS_plugin $class\">";
809
  GOTMLS_define("GOTMLS_update_home", "http://updates.gotmls.net/".GOTMLS_installation_key.'/');
810
  GOTMLS_define("GOTMLS_blog_home", $GLOBALS["GOTMLS"]["tmp"]["protocol"].'//wordpress.'.$GLOBALS["GOTMLS"]["tmp"]["default_ext"]);
811
  $GLOBALS["GOTMLS"]["tmp"]["Definition"]["Default"] = "F277h";
812
+ if (!$GLOBALS["GOTMLS"]["tmp"]["definitions_array"] && (!is_array($GLOBALS["GOTMLS"]["tmp"]["definitions_array"] = maybe_unserialize(GOTMLS_decode('YToxOntzOjk6InBvdGVudGlhbCI7YToxNDp7czo0OiJldmFsIjthOjI6e2k6MDtzOjU6IkVBUExxIjtpOjE7czozNToiL1teYS16XC8nIl1ldmFsXChbXlwpXStbJyJcc1wpO10rL2kiO31zOjk6ImF1dGhfcGFzcyI7YToyOntpOjA7czo1OiJDQ0lHRyI7aToxO3M6MjQ6Ii9cJGF1dGhfcGFzc1sgPVx0XSsuKzsvaSI7fXM6MjE6ImRvY3VtZW50LndyaXRlIGlmcmFtZSI7YToyOntpOjA7czo1OiJDQ0lHRyI7aToxO3M6NTI6Ii9kb2N1bWVudFwud3JpdGVcKFsnIl08aWZyYW1lIC4rPFwvaWZyYW1lPlsnIl1cKTsqL2kiO31zOjE1OiJwcmVnX3JlcGxhY2UgL2UiO2E6Mjp7aTowO3M6NToiQ0NJR0ciO2k6MTtzOjUwOiIvcHJlZ19yZXBsYWNlWyBcdF0qXCguK1tcL1wjXHxdW2ldKmVbaV0qWyciXS4rXCkvaSI7fXM6MjA6ImV4ZWMgc3lzdGVtIHBhc3N0aHJ1IjthOjI6e2k6MDtzOjU6IkVBUExnIjtpOjE7czo1MToiLzxcPy4rP2V4ZWNcKC4rP3N5c3RlbVwoLis_cGFzc3RocnVcKC4rZndyaXRlXCguKy9zIjt9czoyOToiRXh0ZXJuYWwgUmVkaXJlY3QgUmV3cml0ZVJ1bGUiO2E6Mjp7aTowO3M6NToiRjFVSVoiO2k6MTtzOjQyOiIvUmV3cml0ZVJ1bGUgW14gXSsgaHR0cFw6XC9cLyg_ITEyN1wuKS4qL2kiO31zOjM1OiJubyBlcnJvcl9yZXBvcnRpbmcgbG9uZyBsaW5lcyBhbG9uZSI7YToyOntpOjA7czo1OiJEMzVCYSI7aToxO3M6Nzk6Ii88XD8ocGhwKSpbXHJcblx0IFxAXSplcnJvcl9yZXBvcnRpbmdcKDBcKTsuKz9bYS16MC05XC9cLVw9JyJcLlxdezIwMDB9Lio_XD8-L2kiO31zOjIyOiJwcm90ZWN0ZWQgYnkgY29weXJpZ2h0IjthOjI6e2k6MDtzOjU6IkQ4TUN3IjtpOjE7czoxMzY6Ii9cL1wqIFRoaXMgZmlsZSBpcyBwcm90ZWN0ZWQgYnkgY29weXJpZ2h0IGxhdyBhbmQgcHJvdmlkZWQgdW5kZXIgbGljZW5zZS4gUmV2ZXJzZSBlbmdpbmVlcmluZyBvZiB0aGlzIGZpbGUgaXMgc3RyaWN0bHkgcHJvaGliaXRlZC4gXCpcLy8iO31zOjE5OiJhIHNwYW4gY29sb3IgRjFFRkU0IjthOjI6e2k6MDtzOjU6IkQ4UkFQIjtpOjE7czoxMTg6Ii9cPGEgW15cPl0rXD5cPHNwYW4gc3R5bGU9ImNvbG9yXDpcI0YxRUZFNDsiXD4oLis_KVw8XC9zcGFuXD5cPFwvYVw-XDxzcGFuIHN0eWxlPSJjb2xvclw6XCNGMUVGRTQ7Ilw-KC4rPylcPFwvc3Bhblw-L2kiO31zOjE3OiJWYXJpYWJsZSBGdW5jdGlvbiI7YToyOntpOjA7czo1OiJFODU2TCI7aToxO3M6Njc6Ii8oPCFcZClcJFtcJFx7XSpbYS16XC1cXzAtOV0rW1x9IFx0XSooXFtbXlxdXStcXVsgXHRdKikqXCguKj9cKVw7L2kiO31zOjExOiJUYWdnZWQgQ29kZSI7YToyOntpOjA7czo1OiJFNExNRyI7aToxO3M6MjQ6Ii9cIyhcdyspXCMuKz9cI1wvXDFcIy9pcyI7fXM6MTU6ImNyZWF0ZV9mdW5jdGlvbiI7YToyOntpOjA7czo1OiJFQVBMbSI7aToxO3M6NzU6Ii8oXCRbYS16XzAtOV0rWz1cc1xAXSspP2NyZWF0ZV9mdW5jdGlvblwoW14sXStbLFxzXStcJFthLXpfMC05XStbXHNcKV0rOyovaSI7fXM6NDM6ImZ1bmN0aW9uIGFkZF9hY3Rpb24gd3BfZW5xdWV1ZV9zY3JpcHQganNvbjIiO2E6Mjp7aTowO3M6NToiRjExNHYiO2k6MTtzOjE3OiIvanNvbjJcLm1pblwuanMvaSI7fXM6NDc6IlJld3JpdGVDb25kIEhUVFBfVVNFUl9BR0VOVCBSZXdyaXRlUnVsZSBodHRwIElQIjthOjI6e2k6MDtzOjU6IkYyNzdoIjtpOjE7czo4NDoiLyhSZXdyaXRlQ29uZCBcJVx7SFRUUF9VU0VSX0FHRU5UXH0gLitccyspK1Jld3JpdGVSdWxlIFxeLipcJCBodHRwOlwvXC8oPyExMjdcLikuKi9pIjt9fX02')))))
813
  $GLOBALS["GOTMLS"]["tmp"]["HeadersError"] = '<div class="error">'.__('The <b>base64_decode</b> function is currently disabled by the disable_functions Directive in your server\'s php.ini file.<br />This function is required for this Anti-Malware plugin to work properly.<br />Check the disable_functions Directive in your php.ini and take out base64_decode to fix this problem.','gotmls').'</div>';
814
  function GOTMLS_file_put_contents($file, $content) {
815
  global $GOTMLS_chmod_file, $GOTMLS_chmod_dir;
851
  $time = floor($time/$units[$ukeys[$key]]);
852
  if (1 == $time)
853
  $unit = substr($unit, 0, -1);
854
+ if ($time)
855
+ $LastScan .= " and ran for $time $unit";
856
+ else
857
+ $LastScan = str_replace("started", "ran", $LastScan);
858
  } else
859
  $LastScan .= " and has not finish";
860
  if (!isset($_GET['Scanlog']))
861
+ $LastScan .= '<a style="float: right;" href="'.admin_url('admin.php?page=GOTMLS-View-Quarantine&Scanlog').'">'.GOTMLS_View_Scan_Log_LANGUAGE.'</a><br style="clear: right;">';
862
  } else
863
  $LastScan = "never started ";
864
  return "Last ".(isset($GOTMLS_scan_log["scan"]["type"])?$GOTMLS_scan_log["scan"]["type"]:"Scan")." $LastScan";
866
 
867
  function GOTMLS_get_URL($URL) {
868
  $response = "";
869
+ $request = wp_remote_get($URL, array("sslverify" => false));
870
  if (200 == wp_remote_retrieve_response_code($request))
871
  $response = wp_remote_retrieve_body($request);
872
  return $response;
index.php CHANGED
@@ -8,7 +8,7 @@ Author URI: http://wordpress.ieonly.com/category/my-plugins/anti-malware/
8
  Contributors: scheeeli, gotmls
9
  Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
10
  Description: This Anti-Virus/Anti-Malware plugin searches for Malware and other Virus like threats and vulnerabilities on your server and helps you remove them. It's always growing and changing to adapt to new threats so let me know if it's not working for you.
11
- Version: 4.15.26
12
  */
13
  if (isset($_SERVER["DOCUMENT_ROOT"]) && ($SCRIPT_FILE = str_replace($_SERVER["DOCUMENT_ROOT"], "", isset($_SERVER["SCRIPT_FILENAME"])?$_SERVER["SCRIPT_FILENAME"]:isset($_SERVER["SCRIPT_NAME"])?$_SERVER["SCRIPT_NAME"]:"")) && strlen($SCRIPT_FILE) > strlen("/".basename(__FILE__)) && substr(__FILE__, -1 * strlen($SCRIPT_FILE)) == substr($SCRIPT_FILE, -1 * strlen(__FILE__)))
14
  include(dirname(__FILE__)."/safe-load/index.php");
@@ -72,8 +72,11 @@ function GOTMLS_menu() {
72
  $my_admin_page = add_object_page($pageTitle, $pluginTitle, $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"], $base_page, $base_function, $GOTMLS_Full_plugin_logo_URL);
73
  add_action('load-'.$my_admin_page, 'GOTMLS_admin_add_help_tab');
74
  add_submenu_page($base_page, "$pluginTitle ".GOTMLS_Scan_Settings_LANGUAGE, GOTMLS_Scan_Settings_LANGUAGE, $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"], $base_page, $base_function);
75
- add_submenu_page($base_page, "$pluginTitle ".GOTMLS_Run_Quick_Scan_LANGUAGE, GOTMLS_Run_Quick_Scan_LANGUAGE, $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"], "$base_page&scan_type=Quick+Scan", $base_function);
76
- add_submenu_page($base_page, "$pluginTitle ".GOTMLS_View_Quarantine_LANGUAGE, GOTMLS_View_Quarantine_LANGUAGE, $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"], "GOTMLS-View-Quarantine", "GOTMLS_View_Quarantine");
 
 
 
77
  }
78
 
79
  function GOTMLS_admin_add_help_tab() {
@@ -112,7 +115,7 @@ function GOTMLS_enqueue_scripts() {
112
  }
113
  add_action('admin_enqueue_scripts', 'GOTMLS_enqueue_scripts');
114
  function GOTMLS_display_header($optional_box = "") {
115
- global $GOTMLS_onLoad, $wp_version, $current_user;
116
  get_currentuserinfo();
117
  $GOTMLS_url_parts = explode('/', GOTMLS_siteurl);
118
  if (isset($_GET["check_site"]) && $_GET["check_site"])
@@ -329,7 +332,7 @@ function releaseDiv() {
329
  corner.style.width="90%";
330
  corner.style.height="20px";
331
  }
332
- document.getElementById("GOTMLS_statusFrame").src = "'.GOTMLS_script_URI.'&GOTMLS_x="+curDiv.style.left+"&GOTMLS_y="+curDiv.style.top;
333
  offsetX=0;
334
  offsetY=0;
335
  }
@@ -348,7 +351,7 @@ function releaseCorner() {
348
  corner.style.width="20px";
349
  corner.style.height="20px";
350
  }
351
- document.getElementById("GOTMLS_statusFrame").src = "'.GOTMLS_script_URI.'&GOTMLS_w="+curDiv.style.width+"&GOTMLS_h="+curDiv.style.height;
352
  offsetW=0;
353
  offsetH=0;
354
  }
@@ -440,7 +443,7 @@ setDiv("div_file");
440
  function loadGOTMLS() {
441
  clearTimeout(divNAtext);
442
  setDivNAtext();
443
- '.$GOTMLS_onLoad.'
444
  }
445
  if (check_for_registration())
446
  check_for_updates("Definition_Updates");
@@ -579,7 +582,10 @@ function GOTMLS_get_scanlog() {
579
  $time = floor($time/$units[$ukeys[$key]]);
580
  if (1 == $time)
581
  $unit = substr($unit, 0, -1);
582
- $LastScan .= " and ran for $time $unit";
 
 
 
583
  } else
584
  $LastScan .= " and has not finish";
585
  } else
@@ -618,7 +624,7 @@ function GOTMLS_get_whitelists() {
618
  }
619
 
620
  function GOTMLS_get_quarantine($only = false) {
621
- global $wpdb, $current_user, $post;//, $GOTMLS_new_contents, $GOTMLS_file_contents, $GOTMLS_threats_found;
622
  if (!isset($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"])) {
623
  if (($upload = wp_upload_dir()) && isset($upload['basedir']))
624
  $GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"] = str_replace("/", GOTMLS_slash(), GOTMLS_trailingslashit($upload['basedir'])).'quarantine';
@@ -630,10 +636,10 @@ function GOTMLS_get_quarantine($only = false) {
630
  if (is_array($entries) && count($entries)) {
631
  foreach ($entries as $entry) {
632
  if (is_file($file = GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]).$entry)) {
633
- if (GOTMLS_get_ext($entry) == "gotmls" && ($GOTMLS_file_contents = @file_get_contents($file))) {
634
- $insert = array("post_author"=>GOTMLS_get_current_user_id(), "ping_status"=>"imported", "post_status"=>"private", "post_type"=>"GOTMLS_quarantine", "post_content"=>GOTMLS_encode($GOTMLS_file_contents), "post_mime_type"=>md5($GOTMLS_file_contents));//! comment_status post_password post_name to_ping post_parent guid menu_order";
635
  if (!($insert["comment_count"] = @filesize($file)))
636
- $insert["comment_count"] = strlen($GOTMLS_file_contents);
637
  $file_date = explode(".", $entry);
638
  $insert["post_date"] = date("Y-m-d H:i:s", filemtime($file));
639
  $insert["post_date_gmt"] = $insert["post_date"];
@@ -645,8 +651,8 @@ function GOTMLS_get_quarantine($only = false) {
645
  $insert["post_modified"] = GOTMLS_sexagesimal($file_date[1]).":00";
646
  $insert["post_modified_gmt"] = $insert["post_modified"];
647
  $insert["post_title"] = GOTMLS_decode($file_date[count($file_date)-2]);
648
- if (is_file($insert["post_title"]) && ($GOTMLS_new_contents = file_get_contents($insert["post_title"])))
649
- $insert["post_content_filtered"] = GOTMLS_encode($GOTMLS_new_contents);
650
  //! pinged post_excerpt
651
  if ($wpdb->insert($wpdb->posts, $insert))
652
  unlink(trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]).$entry);
@@ -659,7 +665,7 @@ function GOTMLS_get_quarantine($only = false) {
659
  rmdir($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]);
660
  }
661
  $Q_Page = '
662
- <form method="POST" target="GOTMLS_iFrame" name="GOTMLS_Form_clean"><input type="hidden" id="GOTMLS_fixing" name="GOTMLS_fixing" value="1">';
663
  $args = array('posts_per_page' => -1, 'orderby' => 'date', 'post_type' => 'GOTMLS_quarantine', "post_status" => "private");
664
  if (is_numeric($only))
665
  return get_post($only, ARRAY_A);
@@ -683,6 +689,7 @@ function GOTMLS_get_quarantine($only = false) {
683
  }
684
 
685
  function GOTMLS_View_Quarantine() {
 
686
  GOTMLS_display_header();
687
  echo GOTMLS_box($Q_Page = __("White-lists",'gotmls'), GOTMLS_get_whitelists());
688
  if (!isset($_GET['Whitelists']))
@@ -694,11 +701,74 @@ function GOTMLS_View_Quarantine() {
694
  echo "\n</div></div></div>";
695
  }
696
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
697
  function GOTMLS_settings() {
698
- global $current_user, $wp_version, $GOTMLS_scanfiles, $GOTMLS_skip_dirs, $GOTMLS_dirs_at_depth, $GOTMLS_dir_at_depth;
699
  $GOTMLS_scan_groups = array();
700
  $gt = ">";
701
  $lt = "<";
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
702
  $dirs = GOTMLS_explode_dir(__file__);
703
  for ($SL=0;$SL<intval($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"]);$SL++)
704
  $GOTMLS_scan_groups[] = $lt.'b'.$gt.implode(GOTMLS_slash(), array_slice($dirs, -1 * (3 + $SL), 1)).$lt.'/b'.$gt;
@@ -727,7 +797,7 @@ function GOTMLS_settings() {
727
  if (dirname($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_dir"][$d]) != ".")
728
  $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_dir"][$d] = str_replace("\\", "", str_replace("/", "", str_replace(dirname($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_dir"][$d]), "", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_dir"][$d])));
729
  }
730
- $GOTMLS_skip_dirs = array_merge($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_dir"], $GOTMLS_skip_dirs);
731
  if (isset($_POST["scan_what"]) && is_numeric($_POST["scan_what"]) && $_POST["scan_what"] != $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_what"])
732
  $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_what"] = $_POST["scan_what"];
733
  if (isset($_POST["check_custom"]) && $_POST["check_custom"] != $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check_custom"])
@@ -763,7 +833,7 @@ function GOTMLS_settings() {
763
  $scan_whatopts = "\n$lt".'div style="padding: 4px 30px;" id="scan_group_div_'.$mg.'"'.$gt.$lt.'input type="radio" name="scan_what" id="not-only'.$mg.'" value="'.$mg.'"'.($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_what"]==$mg?' checked':'').' /'.$gt.$lt.'a style="text-decoration: none;" href="#scan_what" onclick="showOnly(\''.$mg.'\');document.getElementById(\'not-only'.$mg.'\').checked=true;"'."$gt$GOTMLS_scan_group$lt/a$gt{$lt}br /$gt\n$lt".'div class="rounded-corners" style="position: absolute; display: none; background-color: #CCF; margin: 0; padding: 10px; z-index: 10;" id="only'.$mg.'"'.$gt.$lt.'div style="padding-bottom: 6px;"'.$gt.GOTMLS_close_button('only'.$mg, 0).$lt.'b'.$gt.str_replace(" ", "&nbsp;", __("Only Scan These Folders:",'gotmls')).$lt.'/b'.$gt.$lt.'/div'.$gt.$scan_whatopts;
764
  }
765
  $scan_optjs .= "document.getElementById('only'+what).style.display = 'block';\n}".((isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["auto_UPDATE_definitions"]) && $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["auto_UPDATE_definitions"])?"\nfunction auto_UPDATE_check() {\n\tif (auto_UPdef_check = document.getElementById('auto_UPDATE_definitions_check'))\n\t\tauto_UPdef_check.checked = true;\n}\nif (window.addEventListener)\n\twindow.addEventListener('load', auto_UPDATE_check)\nelse\n\tdocument.attachEvent('onload', auto_UPDATE_check);\n":"")."$lt/script$gt";
766
- $scan_opts = "\n$lt".'form method="POST" name="GOTMLS_Form" action="'.str_replace('&mt=', '&last_mt=', str_replace('&scan_type=', '&last_type=', GOTMLS_script_URI)).'"'.$gt.$lt.'input type="hidden" name="scan_type" id="scan_type" value="Complete Scan" /'.$gt.'
767
  '.$lt.'div style="float: left;"'.$gt.$lt.'p'.$gt.$lt.'b'.$gt.__("What to look for:",'gotmls').$lt.'/b'.$gt.$lt.'/p'.$gt.'
768
  '.$lt.'div style="padding: 0 30px;"'.$gt;
769
  foreach ($GLOBALS["GOTMLS"]["tmp"]["threat_levels"] as $threat_level_name=>$threat_level) {
@@ -795,7 +865,7 @@ function GOTMLS_settings() {
795
  '.$lt.'div style="padding: 0 30px;"'.$gt.$lt.'input type="text" placeholder="'.__("a comma separated list of file extentions to skip",'gotmls').'" name="exclude_ext" id="exclude_ext" value="'.implode(",", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"]).'" style="width: 100%;" /'.$gt.$lt.'/div'.$gt.'
796
  '.$lt.'p'.$gt.$lt.'b'.$gt.__("Skip directories with the following names:",'gotmls').$lt.'/b'.$gt.$lt.'/p'.$gt.'
797
  '.$lt.'div style="padding: 0 30px;"'.$gt.$lt.'input type="text" placeholder="'.__("a folder name or comma separated list of folder names to skip",'gotmls').'" name="exclude_dir" value="'.implode(",", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_dir"]).'" style="width: 100%;" /'.$gt.$lt.'/div'.$gt.'
798
- '.$lt.'table style="width: 100%" cellspacing="10"'.$gt.$lt.'tr'.$gt.$lt.'td nowrap valign="top" style="white-space: nowrap; width: 1px; border-bottom: #F00 solid 2px;"'.$gt.$lt.'b'.$gt.__("Automatically Update Definitions:",'gotmls').$lt.'/b'.$gt.$lt.'/td'.$gt.$lt.'td colspan=2 style="border-bottom: #F00 solid 2px;"'.$gt.$lt.'div id="UPDATE_definitions_div"'.$gt.$lt.'span style="color: #C00;"'.$gt.__("This new BETA feature is only available to registered users who have donated at a certain level.",'gotmls')."$lt/span$gt$lt/div$gt$lt/td$gt$lt/tr$gt{$lt}tr$gt{$lt}td nowrap$gt\n{$lt}b$gt"/*.GOTMLS_Skip_Quarantine_LANGUAGE.$lt.'/b'.$gt*/.$lt.'/td'.$gt.$lt.'td'.$gt/*.$lt.'input type="checkbox" name="skip_quarantine" value="1"'.((isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["skip_quarantine"]) && $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["skip_quarantine"])?" checked":"").''.$gt*/.$lt.'/td'.$gt.$lt.'td align="right" valign="bottom"'.$gt.$lt.'input type="submit" id="complete_scan" value="'.__("Run Complete Scan",'gotmls').'" class="button-primary" /'."$gt$lt/td$gt$lt/tr$gt$lt/table$gt$lt/form$gt";
799
  @ob_start();
800
  $OB_default_handlers = array("default output handler", "zlib output compression");
801
  $OB_handlers = @ob_list_handlers();
@@ -916,6 +986,7 @@ var startTime = 0;
916
  if (!isset($_REQUEST["scan_type"]))
917
  $_REQUEST["scan_type"] = "Complete Scan";
918
  update_option('GOTMLS_settings_array', $GLOBALS["GOTMLS"]["tmp"]["settings_array"]);
 
919
  foreach ($_POST as $name => $value) {
920
  if (substr($name, 0, 10) != 'GOTMLS_fix') {
921
  if (is_array($value)) {
@@ -925,8 +996,7 @@ var startTime = 0;
925
  echo $lt.'input type="hidden" name="'.$name.'" value="'.htmlspecialchars($value).'"'.$gt;
926
  }
927
  }
928
- echo "\n$lt".'form method="POST" target="GOTMLS_iFrame" name="GOTMLS_Form_clean"'.$gt.$lt.'input type="hidden" id="GOTMLS_fixing" name="GOTMLS_fixing" value="1"'.$gt.'
929
- '.$lt.'script type="text/javascript"'.$gt.'
930
  showhide("inside_'.md5(GOTMLS_Scan_Settings_LANGUAGE).'");
931
  '.$lt.'/script'.$gt.GOTMLS_box(htmlentities($_REQUEST["scan_type"]).' Status', $lt.'div id="status_text"'.$gt.$lt.'img src="'.GOTMLS_images_path.'wait.gif" height=16 width=16 alt="..."'.$gt.' '.GOTMLS_Loading_LANGUAGE.$lt.'/div'.$gt.$lt.'div id="status_bar"'.$gt.$lt.'/div'.$gt.$lt.'p id="pause_button" style="display: none; position: absolute; left: 0; text-align: center; margin-left: -30px; padding-left: 50%;"'.$gt.$lt.'input type="button" value="Pause" class="button-primary" onclick="pauseresume(this);" id="resume_button" /'.$gt.$lt.'/p'.$gt.$lt.'div id="status_counts"'.$gt.$lt.'/div'.$gt.$lt.'p id="fix_button" style="display: none; text-align: center;"'.$gt.$lt.'input id="repair_button" type="submit" value="'.GOTMLS_Automatically_Fix_LANGUAGE.'" class="button-primary" onclick="loadIframe(\'Examine Results\');" /'.$gt.$lt.'/p'.$gt);
932
  $scan_groups_UL = "";
@@ -953,15 +1023,18 @@ var startTime = 0;
953
  }
954
  }
955
  @ob_start();
956
- if ($_REQUEST["scan_type"] == "Quick Scan")
957
  $li_js = "\nfunction testComplete() {\n\tif (percent != 100)\n\t\talert('".__("The Quick Scan was unable to finish because of a shortage of memory or a problem accessing a file. Please try using the Complete Scan, it is slower but it will handle these errors better and continue scanning the rest of the files.",'gotmls')."');\n}\nwindow.onload=testComplete;\n$lt/script$gt\n$lt".'script type="text/javascript"'.$gt;
 
 
 
958
  echo "\n{$lt}script type=\"text/javascript\"$gt$li_js\n/*{$lt}!--*"."/";
959
  if (is_dir($dir)) {
960
  $GOTMLS_dirs_at_depth[0] = 1;
961
  $GOTMLS_dir_at_depth[0] = 0;
962
- if (isset($_POST['scan_only']) && is_array($_POST['scan_only'])) {
963
- $GOTMLS_dirs_at_depth[0] += (count($_POST['scan_only']) - 1);
964
- foreach ($_POST['scan_only'] as $only_dir)
965
  if (is_dir(GOTMLS_trailingslashit($dir).$only_dir))
966
  GOTMLS_readdir(GOTMLS_trailingslashit($dir).$only_dir);
967
  } else
@@ -972,7 +1045,7 @@ var startTime = 0;
972
  echo GOTMLS_update_status(__("Completed!",'gotmls'), 100);
973
  else {
974
  echo GOTMLS_update_status(__("Starting Scan ...",'gotmls'))."/*--{$gt}*"."/";
975
- echo "\nvar scriptSRC = '".GOTMLS_script_URI."&no_error_reporting&GOTMLS_scan=';\nvar scanfilesArKeys = new Array('".implode("','", array_keys($GOTMLS_scanfiles))."');\nvar scanfilesArNames = new Array('Scanning ".implode("','Scanning ", $GOTMLS_scanfiles)."');".'
976
  var scanfilesI = 0;
977
  var stopScanning;
978
  var gotStuckOn = "";
@@ -1096,232 +1169,280 @@ showhide("pause_button", true);'."\n/*{$lt}!--*"."/";
1096
 
1097
  function GOTMLS_set_plugin_action_links($links_array, $plugin_file) {
1098
  if ($plugin_file == substr(__file__, (-1 * strlen($plugin_file))) && strlen($plugin_file) > 10)
1099
- $links_array = array_merge(array('<a href="admin.php?page=GOTMLS-settings&scan_type=Quick+Scan">'.GOTMLS_Run_Quick_Scan_LANGUAGE.'</a>', '<a href="admin.php?page=GOTMLS-settings">'.GOTMLS_Scan_Settings_LANGUAGE.'</a>'), $links_array);
1100
  return $links_array;
1101
  }
1102
 
1103
  function GOTMLS_set_plugin_row_meta($links_array, $plugin_file) {
1104
  if ($plugin_file == substr(__file__, (-1 * strlen($plugin_file))) && strlen($plugin_file) > 10)
1105
- $links_array = array_merge($links_array, array('<a target="_blank" href="http://gotmls.net/faqs/">FAQ</a>','<a target="_blank" href="http://gotmls.net/support/">Support</a>','<a target="_blank" href="https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE">Donate</a>'));
1106
  return $links_array;
1107
  }
1108
  function GOTMLS_in_plugin_update_message($args) {
1109
- $transient_name = "GOTMLS_upgrade_notice_".$args["Version"];
1110
- if ((false === ($upgrade_notice = get_transient($transient_name))) && ($response = wp_remote_get("https://plugins.svn.wordpress.org/gotmls/trunk/readme.txt")) && (200 == ($ret = wp_remote_retrieve_response_code($response))) && ($ret = wp_remote_retrieve_body($response))) {
1111
  $upgrade_notice = '';
1112
- if (preg_match('/==\s*Upgrade Notice\s*==\s*=\s*(.*)\s*=(.*)(=\s*' . str_replace(".", "\\.", GOTMLS_Version) . '\s*=|$)/is', $ret, $matches)) {
1113
- $version = trim( $matches[1] );
1114
- $notices = (array) preg_split('~[\r\n]+~', trim( $matches[2] ) );
1115
-
1116
- if ( version_compare( GOTMLS_Version, $version, '<' ) ) {
1117
-
1118
- $upgrade_notice .= '<div class="GOTMLS_upgrade_notice">';
1119
-
1120
- foreach ( $notices as $index => $line ) {
1121
- $upgrade_notice .= wp_kses_post( preg_replace( '~\[([^\]]*)\]\(([^\)]*)\)~', '<a href="${2}">${1}</a>', $line ) );
1122
- }
1123
-
1124
- $upgrade_notice .= '</div> ';
1125
- }
1126
  }
1127
- set_transient($transient_name, $upgrade_notice, DAY_IN_SECONDS);
1128
  }
1129
- echo wp_kses_post($upgrade_notice);
1130
  }
1131
 
1132
  function GOTMLS_init() {
1133
- global $GOTMLS_onLoad, $wp_version, $wpdb, $GOTMLS_threats_found, $GOTMLS_file_contents;
1134
- if (GOTMLS_user_can()) {
1135
- if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_what"]))
1136
- $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_what"] = 2;
1137
- if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_depth"]))
1138
- $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_depth"] = -1;
1139
- if (isset($_REQUEST["scan_type"]) && $_REQUEST["scan_type"] == "Quick Scan") {
1140
- if (!isset($_REQUEST["scan_what"])) $_REQUEST["scan_what"] = 2;
1141
- if (!isset($_REQUEST["scan_depth"]))
1142
- $_REQUEST["scan_depth"] = 2;
1143
- if (!(isset($_POST["scan_only"]) && is_array($_POST["scan_only"])))
1144
- $_POST["scan_only"] = array("","wp-content/plugins","wp-content/themes");
1145
- }//$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check_custom"] = stripslashes($_POST["check_custom"]);
1146
- if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check_custom"]))
1147
- $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check_custom"] = "";
1148
- if (isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"]) && is_numeric($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"]))
1149
- $scan_level = intval($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"]);
1150
- else
1151
- $scan_level = count(explode('/', trailingslashit(get_option("siteurl")))) - 1;
1152
- if (isset($_REQUEST["dont_check"]) && is_array($_REQUEST["dont_check"]) && count($_REQUEST["dont_check"]))
1153
- $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"] = $_REQUEST["dont_check"];
1154
- elseif (isset($_POST["scan_type"]) || !(isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"])))
1155
- $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"] = array();
1156
- if ($array = get_option('GOTMLS_definitions_array')) {
1157
- if (is_array($array))
1158
- $GLOBALS["GOTMLS"]["tmp"]["definitions_array"] = $array;
1159
- } else {
1160
- $wpdb->query("DELETE FROM $wpdb->options WHERE `option_name` LIKE 'GOTMLS_known_%' OR `option_name` LIKE 'GOTMLS_definitions_array_%'");
1161
- array_walk($GLOBALS["GOTMLS"]["tmp"]["settings_array"], "GOTMLS_reset_settings");
1162
- }
1163
- $GOTMLS_definitions_versions = array();
1164
- foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"] as $threat_level=>$definition_names)
1165
- foreach ($definition_names as $definition_name=>$definition_version)
1166
- if (is_array($definition_version) && isset($definition_version[0]) && strlen($definition_version[0]) == 5)
1167
- if (!isset($GOTMLS_definitions_versions[$threat_level]) || $definition_version[0] > $GOTMLS_definitions_versions[$threat_level])
1168
- $GOTMLS_definitions_versions[$threat_level] = $definition_version[0];
1169
- if (isset($_POST["UPDATE_definitions_array"]) && strlen($_POST["UPDATE_definitions_array"])) {
1170
- if (strlen($_POST["UPDATE_definitions_array"]) > 1) {
1171
- $GOTnew_definitions = maybe_unserialize(GOTMLS_decode($_POST["UPDATE_definitions_array"]));
1172
- if (is_array($GOTnew_definitions))
1173
- $GOTMLS_onLoad .= "updates_complete('Downloaded Definitions');";
1174
- } elseif (($DEF = GOTMLS_get_URL(GOTMLS_update_home.'definitions.php?ver='.GOTMLS_Version.'&wp='.$wp_version.'&ts='.date("YmdHis").'&d='.ur1encode(GOTMLS_siteurl))) && (($GOT_definitions = GOTMLS_decode($DEF)) != serialize($GLOBALS["GOTMLS"]["tmp"]["definitions_array"])) && is_array($GOTnew_definitions = maybe_unserialize($GOT_definitions)) && count($GOTnew_definitions)) {
1175
- if (!(isset($_REQUEST["check"]) && is_array($_REQUEST["check"])))
1176
- $_REQUEST["check"] = array();
1177
- foreach ($GOTnew_definitions as $threat_level=>$definition_names)
1178
- if (!isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["$threat_level"]) && !(is_array($GLOBALS["GOTMLS"]["tmp"]["settings"]["check"]) && in_array("$threat_level", $GLOBALS["GOTMLS"]["tmp"]["settings"]["check"])) && !in_array("$threat_level", $_REQUEST["check"]))
1179
- $_REQUEST["check"][] = "$threat_level";
1180
- $GLOBALS["GOTMLS"]["tmp"]["definitions_array"] = $GOTnew_definitions;
1181
- $GOTnew_definitions = array();
1182
- $GOTMLS_onLoad .= "updates_complete('New Definitions Automatically Installed :-)');";
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1183
  } else
1184
- $GOTnew_definitions = "";
1185
- } //elseif (file_exists(GOTMLS_plugin_path.'definitions_update.txt')) $GOTnew_definitions = maybe_unserialize(GOTMLS_decode(file_get_contents(GOTMLS_plugin_path.'definitions_update.txt')));
1186
- if (isset($GOTnew_definitions) && is_array($GOTnew_definitions)) {
1187
- $GLOBALS["GOTMLS"]["tmp"]["definitions_array"] = GOTMLS_array_replace_recursive($GLOBALS["GOTMLS"]["tmp"]["definitions_array"], $GOTnew_definitions);
1188
- if (file_exists(GOTMLS_plugin_path.'definitions_update.txt'))
1189
- @unlink(GOTMLS_plugin_path.'definitions_update.txt');
1190
- if (isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"]))
1191
- unset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"]);
1192
- update_option('GOTMLS_definitions_array', $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]);
1193
- foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"] as $threat_level=>$definition_names)
1194
- foreach ($definition_names as $definition_name=>$definition_version)
1195
- if (is_array($definition_version) && isset($definition_version[0]) && strlen($definition_version[0]) == 5)
1196
- if (!isset($GOTMLS_definitions_versions[$threat_level]) || $definition_version[0] > $GOTMLS_definitions_versions[$threat_level])
1197
- $GOTMLS_definitions_versions[$threat_level] = $definition_version[0];
1198
- }
1199
- if (isset($_GET["debug"])) die(print_r(array("<pre>GOTMLS_definitions_versions"=>$GOTMLS_definitions_versions,"tmp__definitions_array"=>$GLOBALS["GOTMLS"]["tmp"]["definitions_array"], "</pre>"=>"END"),1));
1200
- $GLOBALS["GOTMLS"]["tmp"]["Definition"]["Updates"] = '?div=Definition_Updates';
1201
- asort($GOTMLS_definitions_versions);
1202
- foreach ($GOTMLS_definitions_versions as $definition_name=>$GLOBALS["GOTMLS"]["tmp"]["Definition"]["Latest"])
1203
- $GLOBALS["GOTMLS"]["tmp"]["Definition"]["Updates"] .= "&ver[$definition_name]=".$GLOBALS["GOTMLS"]["tmp"]["Definition"]["Latest"];
1204
- if (isset($_REQUEST["check"]) && is_array($_REQUEST["check"]))
1205
- $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"] = $_REQUEST["check"];
1206
- /* $threat_names = array_keys($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"]);
1207
- foreach ($threat_names as $threat_name) {
1208
- if (isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"][$threat_name]) && is_array($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"][$threat_name]) && count($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"][$threat_name]) > 1) {
1209
- if ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"][$threat_name][0] > $GOTMLS_definitions_version)
1210
- $GOTMLS_definitions_version = $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"][$threat_name][0];
1211
- if (!(count($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"]) && in_array($threat_name, $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"]))) {
1212
- $GLOBALS["GOTMLS"]["tmp"]["threat_levels"][$threat_name] = count($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"][$threat_name]);
1213
- if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"]) && $GLOBALS["GOTMLS"]["tmp"]["threat_levels"][$threat_name] > 2)
1214
- $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"] = "known";
1215
- }
1216
- }
1217
- }*/
1218
- if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"])) {
1219
- $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"] = $GLOBALS["GOTMLS"]["tmp"]["threat_levels"];
1220
- update_option("GOTMLS_settings_array", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]);
1221
- }
1222
- if (isset($_POST["GOTMLS_fix"]) && !is_array($_POST["GOTMLS_fix"]))
1223
- $_POST["GOTMLS_fix"] = array($_POST["GOTMLS_fix"]);
1224
  GOTMLS_update_scan_log(array("settings" => $GLOBALS["GOTMLS"]["tmp"]["settings_array"]));
1225
- if (isset($_POST['GOTMLS_whitelist']) && isset($_POST['GOTMLS_chksum'])) {
1226
- $file = GOTMLS_decode($_POST['GOTMLS_whitelist']);
1227
- $chksum = explode("O", $_POST['GOTMLS_chksum']."O");
1228
- if (strlen($chksum[0]) == 32 && strlen($chksum[1]) == 32 && is_file($file) && md5(@file_get_contents($file)) == $chksum[0]) {
1229
- $filesize = @filesize($file);
1230
- if (true) {
1231
- if (!isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"][$file][0]))
1232
- $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"][$file][0] = "A0002";
1233
- $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"][$file][$chksum[0].'O'.$filesize] = "A0002";
1234
- } else
1235
- unset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"][$file]);
1236
- update_option("GOTMLS_definitions_array", $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]);
1237
- die(GOTMLS_html_tags(array("html" => array("body" => "Added $file to Whitelist!<br />\n<iframe style='width: 90%; height: 350px;' src='".GOTMLS_plugin_home."whitelist.html?whitelist=".$_POST['GOTMLS_whitelist']."&hash=$chksum[0]&size=$filesize&key=$chksum[1]'></iframe>"))));
1238
- } else echo "<li>Invalid Data!</li>";
1239
- } elseif (isset($_REQUEST["GOTMLS_fix"]) && is_array($_REQUEST["GOTMLS_fix"]) && isset($_REQUEST["GOTMLS_fixing"]) && $_REQUEST["GOTMLS_fixing"]) {
1240
- $callAlert = "clearTimeout(callAlert);\ncallAlert=setTimeout('alert_repaired(1)', 30000);";
1241
- $li_js = "\n<script type=\"text/javascript\">\nvar callAlert;\nfunction alert_repaired(failed) {\nclearTimeout(callAlert);\nif (failed)\nfilesFailed='the rest, try again to change more.';\nwindow.parent.check_for_donation('Changed '+filesFixed+' files, failed to change '+filesFailed);\n}\n$callAlert\nwindow.parent.showhide('GOTMLS_iFrame', true);\nfilesFixed=0;\nfilesFailed=0;\nfunction fixedFile(file) {\n filesFixed++;\nif (li_file = window.parent.document.getElementById('list_'+file))\nli_file.className='GOTMLS_plugin';\nif (li_file = window.parent.document.getElementById('GOTMLS_quarantine_'+file))\nli_file.style.display='none';\nwindow.parent.document.getElementById('check_'+file).checked=false;\n}\nfunction DeletedFile(file) {\n filesFixed++;\nwindow.parent.document.getElementById('GOTMLS_quarantine_'+file).style.display='none';\nwindow.parent.document.getElementById('check_'+file).checked=false;\n }\nfunction failedFile(file) {\n filesFailed++;\nwindow.parent.document.getElementById('check_'+file).checked=false; \n}\n</script>\n<script type=\"text/javascript\">\n/*<!--*"."/";
1242
- @set_time_limit($GLOBALS["GOTMLS"]["tmp"]['execution_time'] * 2);
1243
- $HTML = explode("split-here-for-content", GOTMLS_html_tags(array("html" => array("body" => "split-here-for-content"))));
1244
- echo $HTML[0];
1245
- GOTMLS_update_scan_log(array("scan" => array("dir" => count($_REQUEST["GOTMLS_fix"])." Files", "start" => time())));
1246
- foreach ($_REQUEST["GOTMLS_fix"] as $clean_file) {
1247
- if (is_numeric($clean_file)) {
1248
- if (($Q_post = GOTMLS_get_quarantine($clean_file)) && isset($Q_post["post_type"]) && $Q_post["post_type"] == "GOTMLS_quarantine" && isset($Q_post["post_status"]) && $Q_post["post_status"] == "private") {
1249
- $path = $Q_post["post_title"];
1250
- if ($_REQUEST["GOTMLS_fixing"] > 1) {
1251
- echo "<li>Removing $path ... ";
1252
- $Q_post["post_status"] = "trash";
1253
- if (wp_update_post($Q_post)) {
1254
- echo __("Done!",'gotmls');
1255
- $li_js .= "/*-->*"."/\nDeletedFile('$clean_file');\n/*<!--*"."/";
1256
- } else {
1257
- echo __("Failed to delete!",'gotmls');
1258
- $li_js .= "/*-->*"."/\nfailedFile('$clean_file');\n/*<!--*"."/";
1259
- }
1260
- GOTMLS_update_scan_log(array("scan" => array("finish" => time(), "type" => "Removal from Quarantine")));
1261
  } else {
1262
- echo "<li>Restoring $path ... ";
1263
- $Q_post["post_status"] = "pending";
1264
- if (GOTMLS_file_put_contents($path, GOTMLS_decode($Q_post["post_content"])) && wp_update_post($Q_post)) {
1265
- echo __("Complete!",'gotmls');
1266
- $li_js .= "/*-->*"."/\nfixedFile('$clean_file');\n/*<!--*"."/";
1267
- } else {
1268
- echo __("Restore Failed!",'gotmls');
1269
- $li_js .= "/*-->*"."/\nfailedFile('$clean_file');\n/*<!--*"."/";
1270
- }
1271
- GOTMLS_update_scan_log(array("scan" => array("finish" => time(), "type" => "Restoration from Quarantine")));
 
 
 
1272
  }
1273
- echo "</li>\n$li_js/*-->*"."/\n$callAlert\n</script>\n";
1274
- $li_js = "<script type=\"text/javascript\">\n/*<!--*"."/";
1275
  }
1276
- } else {
1277
- $path = realpath(GOTMLS_decode($clean_file));
1278
- if (is_file($path)) {
1279
- echo "<li>Fixing $path ... ";
1280
- $li_js .= GOTMLS_scanfile($path);
1281
- echo "</li>\n$li_js/*-->*"."/\n$callAlert\n</script>\n";
1282
- $li_js = "<script type=\"text/javascript\">\n/*<!--*"."/";
1283
- } else
1284
- echo "<li>".__("File ".htmlentities($path)." not found!",'gotmls')."</li>";
1285
- GOTMLS_update_scan_log(array("scan" => array("finish" => time(), "type" => "Automatic Fix")));
1286
  }
 
 
 
 
 
 
 
 
 
 
1287
  }
1288
- die('<div id="check_site_warning" style="background-color: #F00;">'.sprintf(__("Because some changes were made we need to check to make sure it did not break your site. If this stays Red and the frame below does not load please <a %s>revert the changes</a> made during this automated fix process.",'gotmls'), 'target="_top" href="admin.php?page=GOTMLS-View-Quarantine"').' <span style="color: #F00;">'.__("Never mind, it worked!",'gotmls').'</span></div><br /><iframe id="test_frame" name="test_frame" src="'.str_replace('GOTMLS_', '', GOTMLS_script_URI).'&check_site=1" style="width: 100%; height: 200px"></iframe>'.$li_js."/*-->*"."/\nalert_repaired(0);\n</script>\n$HTML[1]");
1289
- } elseif (isset($_GET["GOTMLS_scan"]) && $_GET["GOTMLS_scan"]) {
1290
- if (is_numeric($_GET["GOTMLS_scan"])) {
1291
- if (($Q_post = GOTMLS_get_quarantine($_GET["GOTMLS_scan"])) && isset($Q_post["post_type"]) && $Q_post["post_type"] == "GOTMLS_quarantine" && isset($Q_post["post_status"]) && $Q_post["post_status"] == "private") {
1292
- $clean_file = $Q_post["post_title"];
1293
- $GOTMLS_file_contents = GOTMLS_decode($Q_post["post_content"]);
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1294
  $fa = "";
1295
  $function = 'GOTMLS_decode';
1296
  $decode_list = array("Base64" => '/base64_decode\([\'"]([0-9\+\/\=a-z]+)[\'"]\)/', "Hex" => '/(\\\\x[0-9a-f]{2})/');
1297
  if (isset($_GET[$function]) && is_array($_GET[$function])) {
1298
  foreach ($_GET[$function] as $decode) {
1299
  if (isset($decode_list[$decode])) {
1300
- $GOTMLS_file_contents = preg_replace($decode_list[$decode].substr($GLOBALS["GOTMLS"]["tmp"]["default_ext"], 0, 2), $function.$decode.'("\1")', $GOTMLS_file_contents);
1301
  $fa .= " $decode decoded";
1302
  } else
1303
  $fa .= " NO-$decode";
1304
  }
1305
- } elseif (isset($Q_post["post_excerpt"]) && strlen($Q_post["post_excerpt"]) && is_array($GOTMLS_threats_found = @maybe_unserialize(GOTMLS_decode($Q_post["post_excerpt"])))) {
1306
  $f = 1;
1307
- foreach ($GOTMLS_threats_found as $threats_found=>$threats_name) {
1308
- if (is_numeric($threats_found)) {
1309
- $threats_found = $threats_name;
1310
- $threats_name = $f;
1311
- }
1312
  $fpos = 0;
1313
  $flen = 0;
1314
  $potential_threat = str_replace("\r", "", $threats_found);
1315
- while (($fpos = strpos(str_replace("\r", "", $GOTMLS_file_contents), ($potential_threat), $flen + $fpos)) !== false) {
1316
  $flen = strlen($potential_threat);
1317
  $fa .= ' <a title="'.htmlspecialchars($threats_name).'" href="javascript:select_text_range(\'ta_file\', '.($fpos).', '.($fpos + $flen).');">['.$f++.']</a>';
1318
  }
1319
  if (0 == $flen)
1320
- $fa = 'ERROR['.($f++).']: Threat_size{'.strlen($potential_threat).'} } Content_size{'.strlen(str_replace("\r", "", $GOTMLS_file_contents)).'}';
1321
  }
1322
- }
 
1323
  foreach ($decode_list as $decode => $regex)
1324
- if (preg_match($regex.substr($GLOBALS["GOTMLS"]["tmp"]["default_ext"], 0, 1), $GOTMLS_file_contents))
1325
  $fa .= ' <a href="'.GOTMLS_script_URI.'&'.$function.'[]='.$decode.'">decode['.$decode.']</a>';
1326
  die("\n".'<script type="text/javascript">
1327
  function select_text_range(ta_id, start, end) {
@@ -1338,127 +1459,28 @@ function GOTMLS_init() {
1338
  }
1339
  }
1340
  window.parent.showhide("GOTMLS_iFrame", true);
1341
- </script><table style="top: 0px; left: 0px; width: 100%; height: 100%; position: absolute;"><tr><td style="width: 100%"><form style="margin: 0;" method="post" onsubmit="return confirm(\''.__("Are you sure you want to delete this file from the quarantine?",'gotmls').'\');"><input type="hidden" name="GOTMLS_fix[]" value="'.$Q_post["ID"].'"><input type="hidden" name="GOTMLS_fixing" value="2"><input type="submit" value="DELETE from Quarantine" style="background-color: #C00; float: right;"></form><div id="fileperms" class="shadowed-box rounded-corners" style="display: none; position: absolute; left: 8px; top: 29px; background-color: #ccc; border: medium solid #C00; box-shadow: -3px 3px 3px #666; border-radius: 10px; padding: 10px;"><b>File Details</b><br />encoding: '.mb_detect_encoding($GOTMLS_file_contents).'<br />size: '.strlen($GOTMLS_file_contents).' bytes<br />infected:'.$Q_post["post_modified_gmt"].'<br />quarantined:'.$Q_post["post_date_gmt"].'</div><div style="overflow: auto;"><span onmouseover="document.getElementById(\'fileperms\').style.display=\'block\';" onmouseout="document.getElementById(\'fileperms\').style.display=\'none\';">'.__("File Details:",'gotmls').'</span> ('.$fa.' )</div></td></tr><tr><td style="height: 100%"><textarea id="ta_file" style="width: 100%; height: 100%">'.htmlentities(str_replace("\r", "", $GOTMLS_file_contents)).'</textarea></td></tr></table>');
1342
- } else
1343
- die(GOTMLS_html_tags(array("html" => array("body" => __("This file no longer exists in the quarantine.",'gotmls')."<br />\n<script type=\"text/javascript\">\nwindow.parent.showhide('GOTMLS_iFrame', true);\n</script>"))));
1344
- } else {
1345
- $file = GOTMLS_decode($_GET["GOTMLS_scan"]);
1346
- if (is_dir($file)) {
1347
- @error_reporting(0);
1348
- @header("Content-type: text/javascript");
1349
- if (isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"]))
1350
- $GLOBALS["GOTMLS"]["tmp"]["skip_ext"] = $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"];
1351
- @ob_start();
1352
- echo GOTMLS_scandir($file);
1353
- if (@ob_get_level()) {
1354
- GOTMLS_flush();
1355
- @ob_end_flush();
1356
- }
1357
- die('//END OF JavaScript');
1358
- } else {
1359
- if (!file_exists($file))
1360
- die(GOTMLS_html_tags(array("html" => array("body" => sprintf(__("The file %s does not exist, it must have already been deleted.",'gotmls'), $file)."<script type=\"text/javascript\">\nwindow.parent.showhide('GOTMLS_iFrame', true);\n</script>"))));
1361
- else {
1362
- GOTMLS_scanfile($file);
1363
- $fa = "";
1364
- $function = 'GOTMLS_decode';
1365
- $decode_list = array("Base64" => '/base64_decode\([\'"]([0-9\+\/\=a-z]+)[\'"]\)/', "Hex" => '/(\\\\x[0-9a-f]{2})/');
1366
- if (isset($_GET[$function]) && is_array($_GET[$function])) {
1367
- foreach ($_GET[$function] as $decode) {
1368
- if (isset($decode_list[$decode])) {
1369
- $GOTMLS_file_contents = preg_replace($decode_list[$decode].substr($GLOBALS["GOTMLS"]["tmp"]["default_ext"], 0, 2), $function.$decode.'("\1")', $GOTMLS_file_contents);
1370
- $fa .= " $decode decoded";
1371
- } else
1372
- $fa .= " NO-$decode";
1373
- }
1374
- } elseif (isset($GOTMLS_threats_found) && is_array($GOTMLS_threats_found) && count($GOTMLS_threats_found)) {
1375
- $f = 1;
1376
- foreach ($GOTMLS_threats_found as $threats_found=>$threats_name) {
1377
- $fpos = 0;
1378
- $flen = 0;
1379
- $potential_threat = str_replace("\r", "", $threats_found);
1380
- while (($fpos = strpos(str_replace("\r", "", $GOTMLS_file_contents), ($potential_threat), $flen + $fpos)) !== false) {
1381
- $flen = strlen($potential_threat);
1382
- $fa .= ' <a title="'.htmlspecialchars($threats_name).'" href="javascript:select_text_range(\'ta_file\', '.($fpos).', '.($fpos + $flen).');">['.$f++.']</a>';
1383
- }
1384
- if (0 == $flen)
1385
- $fa = 'ERROR['.($f++).']: Threat_size{'.strlen($potential_threat).'} } Content_size{'.strlen(str_replace("\r", "", $GOTMLS_file_contents)).'}';
1386
- }
1387
- } else
1388
- $fa = " No Threats Found";
1389
- foreach ($decode_list as $decode => $regex)
1390
- if (preg_match($regex.substr($GLOBALS["GOTMLS"]["tmp"]["default_ext"], 0, 1), $GOTMLS_file_contents))
1391
- $fa .= ' <a href="'.GOTMLS_script_URI.'&'.$function.'[]='.$decode.'">decode['.$decode.']</a>';
1392
- die("\n".'<script type="text/javascript">
1393
- function select_text_range(ta_id, start, end) {
1394
- ta_element = document.getElementById(ta_id);
1395
- ta_element.focus();
1396
- if(ta_element.setSelectionRange)
1397
- ta_element.setSelectionRange(start, end);
1398
- else {
1399
- var r = ta_element.createTextRange();
1400
- r.collapse(true);
1401
- r.moveEnd(\'character\', end);
1402
- r.moveStart(\'character\', start);
1403
- r.select();
1404
- }
1405
- }
1406
- window.parent.showhide("GOTMLS_iFrame", true);
1407
- </script><table style="top: 0px; left: 0px; width: 100%; height: 100%; position: absolute;"><tr><td style="width: 100%"><form style="margin: 0;" method="post" onsubmit="return confirm(\''.__("Are you sure this file is not infected and you want to ignore it in future scans?",'gotmls').'\');"><input type="hidden" name="GOTMLS_whitelist" value="'.GOTMLS_encode($file).'"><input type="hidden" name="GOTMLS_chksum" value="'.md5($GOTMLS_file_contents).'O'.GOTMLS_installation_key.'"><input type="submit" value="Whitelist this file" style="float: right;"></form><div id="fileperms" class="shadowed-box rounded-corners" style="display: none; position: absolute; left: 8px; top: 29px; background-color: #ccc; border: medium solid #C00; box-shadow: -3px 3px 3px #666; border-radius: 10px; padding: 10px;"><b>File Details</b><br />encoding: '.mb_detect_encoding($GOTMLS_file_contents).'<br />size: '.strlen($GOTMLS_file_contents).' ('.filesize($file).'bytes)<br />permissions: '.GOTMLS_fileperms($file).'<br />modified:'.date(" Y-m-d H:i:s ", filemtime($file)).'<br />changed:'.date(" Y-m-d H:i:s ", filectime($file)).'</div><div style="overflow: auto;"><span onmouseover="document.getElementById(\'fileperms\').style.display=\'block\';" onmouseout="document.getElementById(\'fileperms\').style.display=\'none\';">'.__("Potential threats in file:",'gotmls').'</span> ('.$fa.' )</div></td></tr><tr><td style="height: 100%"><textarea id="ta_file" style="width: 100%; height: 100%">'.htmlentities(str_replace("\r", "", $GOTMLS_file_contents)).'</textarea></td></tr></table>');
1408
- }
1409
  }
1410
  }
1411
- } elseif (isset($_REQUEST["GOTMLS_fixing"]))
1412
- die(GOTMLS_html_tags(array("html" => array("body" => "<script type=\"text/javascript\">\nwindow.parent.showhide('GOTMLS_iFrame', true);\nalert('".__("Nothing Selected to be Changed!",'gotmls')."');\n</script>".__("Done!",'gotmls')))));
1413
- if (isset($_POST["scan_level"]) && is_numeric($_POST["scan_level"]))
1414
- $scan_level = intval($_POST["scan_level"]);
1415
- if (isset($scan_level) && is_numeric($scan_level))
1416
- $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"] = intval($scan_level);
1417
- else
1418
- $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"] = count(explode('/', trailingslashit(get_option("siteurl")))) - 1;
1419
- $GLOBALS["GOTMLS_msg"] = __("Default position",'gotmls');
1420
- $properties = array("body" => 'style="margin: 0; padding: 0;"');
1421
- if (isset($_GET["GOTMLS_msg"]) && $_GET["GOTMLS_msg"] == $GLOBALS["GOTMLS_msg"]) {
1422
- $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"] = $GLOBALS["GOTMLS"]["tmp"]["default"]["msg_position"];
1423
- $gl = '><';
1424
- $properties["html"] = $gl.'head'.$gl.'script type="text/javascript">
1425
- if (curDiv = window.parent.document.getElementById("div_file")) {
1426
- curDiv.style.left = "'.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][0].'";
1427
- curDiv.style.top = "'.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][1].'";
1428
- curDiv.style.height = "'.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][2].'";
1429
- curDiv.style.width = "'.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][3].'";
1430
- }
1431
- </script'.$gl.'/head';
1432
- } elseif (isset($_GET["GOTMLS_x"]) || isset($_GET["GOTMLS_y"]) || isset($_GET["GOTMLS_h"]) || isset($_GET["GOTMLS_w"])) {
1433
- if (isset($_GET["GOTMLS_x"]))
1434
- $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][0] = $_GET["GOTMLS_x"];
1435
- if (isset($_GET["GOTMLS_y"]))
1436
- $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][1] = $_GET["GOTMLS_y"];
1437
- if (isset($_GET["GOTMLS_h"]))
1438
- $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][2] = $_GET["GOTMLS_h"];
1439
- if (isset($_GET["GOTMLS_w"]))
1440
- $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][3] = $_GET["GOTMLS_w"];
1441
- $_GET["GOTMLS_msg"] = __("New position",'gotmls');
1442
- }
1443
- update_option("GOTMLS_settings_array", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]);
1444
- if (isset($_GET["GOTMLS_msg"]))
1445
- die(GOTMLS_html_tags(array("html" => array("body" => htmlentities($_GET["GOTMLS_msg"]).' '.__("saved.",'gotmls').(implode($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"]) == implode($GLOBALS["GOTMLS"]["tmp"]["default"]["msg_position"])?"":' <a href="'.GOTMLS_script_URI.'&GOTMLS_msg='.urlencode($GLOBALS["GOTMLS_msg"]).'">['.$GLOBALS["GOTMLS_msg"].']</a>'))), $properties));
1446
- }
1447
  }
 
1448
 
1449
- if (function_exists("is_admin") && is_admin() && ((isset($_POST['GOTMLS_whitelist']) && isset($_POST['GOTMLS_chksum'])) || (isset($_GET["GOTMLS_scan"]) && is_dir(GOTMLS_decode($_GET["GOTMLS_scan"]))))) {
1450
- @set_time_limit($GLOBALS["GOTMLS"]["tmp"]['execution_time'] - 5);
1451
- require_once(ABSPATH.WPINC.'/pluggable.php');
1452
- GOTMLS_loaded();
1453
- GOTMLS_init();
1454
  die("\n//Permission Error: User not authenticated!\n");
1455
- } else {
1456
- add_action("in_plugin_update_message-gotmls/index.php", "GOTMLS_in_plugin_update_message");
1457
- add_filter("plugin_row_meta", "GOTMLS_set_plugin_row_meta", 1, 2);
1458
- add_filter("plugin_action_links", "GOTMLS_set_plugin_action_links", 1, 2);
1459
- add_action("plugins_loaded", "GOTMLS_loaded");
1460
- add_action("admin_notices", "GOTMLS_admin_notices");
1461
- add_action("admin_menu", "GOTMLS_menu");
1462
- add_action("network_admin_menu", "GOTMLS_menu");
1463
- $init = add_action("admin_init", "GOTMLS_init");
1464
- }
 
 
 
 
8
  Contributors: scheeeli, gotmls
9
  Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
10
  Description: This Anti-Virus/Anti-Malware plugin searches for Malware and other Virus like threats and vulnerabilities on your server and helps you remove them. It's always growing and changing to adapt to new threats so let me know if it's not working for you.
11
+ Version: 4.15.27
12
  */
13
  if (isset($_SERVER["DOCUMENT_ROOT"]) && ($SCRIPT_FILE = str_replace($_SERVER["DOCUMENT_ROOT"], "", isset($_SERVER["SCRIPT_FILENAME"])?$_SERVER["SCRIPT_FILENAME"]:isset($_SERVER["SCRIPT_NAME"])?$_SERVER["SCRIPT_NAME"]:"")) && strlen($SCRIPT_FILE) > strlen("/".basename(__FILE__)) && substr(__FILE__, -1 * strlen($SCRIPT_FILE)) == substr($SCRIPT_FILE, -1 * strlen(__FILE__)))
14
  include(dirname(__FILE__)."/safe-load/index.php");
72
  $my_admin_page = add_object_page($pageTitle, $pluginTitle, $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"], $base_page, $base_function, $GOTMLS_Full_plugin_logo_URL);
73
  add_action('load-'.$my_admin_page, 'GOTMLS_admin_add_help_tab');
74
  add_submenu_page($base_page, "$pluginTitle ".GOTMLS_Scan_Settings_LANGUAGE, GOTMLS_Scan_Settings_LANGUAGE, $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"], $base_page, $base_function);
75
+ if (is_dir(dirname(__FILE__)."/../../../wp-content/plugins"))
76
+ add_submenu_page($base_page, "$pluginTitle ".GOTMLS_Run_Quick_Scan_LANGUAGE, GOTMLS_Run_Quick_Scan_LANGUAGE." (plugins)", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"], "$base_page&scan_type=Quick+Scan&scan_only[]=wp-content/plugins", $base_function);
77
+ if (is_dir(dirname(__FILE__)."/../../../wp-content/themes"))
78
+ add_submenu_page($base_page, "$pluginTitle ".GOTMLS_Run_Quick_Scan_LANGUAGE, GOTMLS_Run_Quick_Scan_LANGUAGE." (themes)", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"], "$base_page&scan_type=Quick+Scan&scan_only[]=wp-content/themes", $base_function);
79
+ add_submenu_page($base_page, "$pluginTitle ".GOTMLS_View_Quarantine_LANGUAGE, GOTMLS_View_Quarantine_LANGUAGE.(($Qs = GOTMLS_get_quarantine(true))?' <span class="awaiting-mod count-'.$Qs.'"><span class="awaiting-mod">'.$Qs.'</span></span>':""), $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"], "GOTMLS-View-Quarantine", "GOTMLS_View_Quarantine");
80
  }
81
 
82
  function GOTMLS_admin_add_help_tab() {
115
  }
116
  add_action('admin_enqueue_scripts', 'GOTMLS_enqueue_scripts');
117
  function GOTMLS_display_header($optional_box = "") {
118
+ global $wp_version, $current_user;
119
  get_currentuserinfo();
120
  $GOTMLS_url_parts = explode('/', GOTMLS_siteurl);
121
  if (isset($_GET["check_site"]) && $_GET["check_site"])
332
  corner.style.width="90%";
333
  corner.style.height="20px";
334
  }
335
+ document.getElementById("GOTMLS_statusFrame").src = "'.admin_url('admin-ajax.php?action=GOTMLS_position&GOTMLS_x=').'"+curDiv.style.left+"&GOTMLS_y="+curDiv.style.top;
336
  offsetX=0;
337
  offsetY=0;
338
  }
351
  corner.style.width="20px";
352
  corner.style.height="20px";
353
  }
354
+ document.getElementById("GOTMLS_statusFrame").src = "'.admin_url('admin-ajax.php?action=GOTMLS_position&GOTMLS_w=').'"+curDiv.style.width+"&GOTMLS_h="+curDiv.style.height;
355
  offsetW=0;
356
  offsetH=0;
357
  }
443
  function loadGOTMLS() {
444
  clearTimeout(divNAtext);
445
  setDivNAtext();
446
+ '.$GLOBALS["GOTMLS"]["tmp"]["onLoad"].'
447
  }
448
  if (check_for_registration())
449
  check_for_updates("Definition_Updates");
582
  $time = floor($time/$units[$ukeys[$key]]);
583
  if (1 == $time)
584
  $unit = substr($unit, 0, -1);
585
+ if ($time)
586
+ $LastScan .= " and ran for $time $unit";
587
+ else
588
+ $LastScan = str_replace("started", "ran", $LastScan);
589
  } else
590
  $LastScan .= " and has not finish";
591
  } else
624
  }
625
 
626
  function GOTMLS_get_quarantine($only = false) {
627
+ global $wpdb, $current_user, $post;
628
  if (!isset($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"])) {
629
  if (($upload = wp_upload_dir()) && isset($upload['basedir']))
630
  $GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"] = str_replace("/", GOTMLS_slash(), GOTMLS_trailingslashit($upload['basedir'])).'quarantine';
636
  if (is_array($entries) && count($entries)) {
637
  foreach ($entries as $entry) {
638
  if (is_file($file = GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]).$entry)) {
639
+ if (GOTMLS_get_ext($entry) == "gotmls" && ($GLOBALS["GOTMLS"]["tmp"]["file_contents"] = @file_get_contents($file))) {
640
+ $insert = array("post_author"=>GOTMLS_get_current_user_id(), "ping_status"=>"imported", "post_status"=>"private", "post_type"=>"GOTMLS_quarantine", "post_content"=>GOTMLS_encode($GLOBALS["GOTMLS"]["tmp"]["file_contents"]), "post_mime_type"=>md5($GLOBALS["GOTMLS"]["tmp"]["file_contents"]));//! comment_status post_password post_name to_ping post_parent guid menu_order";
641
  if (!($insert["comment_count"] = @filesize($file)))
642
+ $insert["comment_count"] = strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]);
643
  $file_date = explode(".", $entry);
644
  $insert["post_date"] = date("Y-m-d H:i:s", filemtime($file));
645
  $insert["post_date_gmt"] = $insert["post_date"];
651
  $insert["post_modified"] = GOTMLS_sexagesimal($file_date[1]).":00";
652
  $insert["post_modified_gmt"] = $insert["post_modified"];
653
  $insert["post_title"] = GOTMLS_decode($file_date[count($file_date)-2]);
654
+ if (is_file($insert["post_title"]) && ($GLOBALS["GOTMLS"]["tmp"]["new_contents"] = file_get_contents($insert["post_title"])))
655
+ $insert["post_content_filtered"] = GOTMLS_encode($GLOBALS["GOTMLS"]["tmp"]["new_contents"]);
656
  //! pinged post_excerpt
657
  if ($wpdb->insert($wpdb->posts, $insert))
658
  unlink(trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]).$entry);
665
  rmdir($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]);
666
  }
667
  $Q_Page = '
668
+ <form method="POST" action="'.admin_url('admin-ajax.php').'" target="GOTMLS_iFrame" name="GOTMLS_Form_clean"><input type="hidden" id="GOTMLS_fixing" name="GOTMLS_fixing" value="1"><input type="hidden" name="action" value="GOTMLS_fix">';
669
  $args = array('posts_per_page' => -1, 'orderby' => 'date', 'post_type' => 'GOTMLS_quarantine', "post_status" => "private");
670
  if (is_numeric($only))
671
  return get_post($only, ARRAY_A);
689
  }
690
 
691
  function GOTMLS_View_Quarantine() {
692
+ GOTMLS_update_definitions();
693
  GOTMLS_display_header();
694
  echo GOTMLS_box($Q_Page = __("White-lists",'gotmls'), GOTMLS_get_whitelists());
695
  if (!isset($_GET['Whitelists']))
701
  echo "\n</div></div></div>";
702
  }
703
 
704
+ function GOTMLS_update_definitions() {
705
+ global $wp_version;
706
+ $GOTMLS_definitions_versions = array();
707
+ foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"] as $threat_level=>$definition_names)
708
+ foreach ($definition_names as $definition_name=>$definition_version)
709
+ if (is_array($definition_version) && isset($definition_version[0]) && strlen($definition_version[0]) == 5)
710
+ if (!isset($GOTMLS_definitions_versions[$threat_level]) || $definition_version[0] > $GOTMLS_definitions_versions[$threat_level])
711
+ $GOTMLS_definitions_versions[$threat_level] = $definition_version[0];
712
+ if (isset($_POST["UPDATE_definitions_array"]) && strlen($_POST["UPDATE_definitions_array"])) {
713
+ if (strlen($_POST["UPDATE_definitions_array"]) > 1) {
714
+ $GOTnew_definitions = maybe_unserialize(GOTMLS_decode($_POST["UPDATE_definitions_array"]));
715
+ if (is_array($GOTnew_definitions))
716
+ $GLOBALS["GOTMLS"]["tmp"]["onLoad"] .= "updates_complete('Downloaded Definitions');";
717
+ } elseif (($DEF = GOTMLS_get_URL(GOTMLS_update_home.'definitions.php?ver='.GOTMLS_Version.'&wp='.$wp_version.'&ts='.date("YmdHis").'&d='.ur1encode(GOTMLS_siteurl))) && (($GOT_definitions = GOTMLS_decode($DEF)) != serialize($GLOBALS["GOTMLS"]["tmp"]["definitions_array"])) && is_array($GOTnew_definitions = maybe_unserialize($GOT_definitions)) && count($GOTnew_definitions)) {
718
+ if (!(isset($_REQUEST["check"]) && is_array($_REQUEST["check"])))
719
+ $_REQUEST["check"] = array();
720
+ foreach ($GOTnew_definitions as $threat_level=>$definition_names)
721
+ if (!isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["$threat_level"]) && !(is_array($GLOBALS["GOTMLS"]["tmp"]["settings"]["check"]) && in_array("$threat_level", $GLOBALS["GOTMLS"]["tmp"]["settings"]["check"])) && !in_array("$threat_level", $_REQUEST["check"]))
722
+ $_REQUEST["check"][] = "$threat_level";
723
+ $GLOBALS["GOTMLS"]["tmp"]["definitions_array"] = $GOTnew_definitions;
724
+ $GOTnew_definitions = array();
725
+ $GLOBALS["GOTMLS"]["tmp"]["onLoad"] .= "updates_complete('New Definitions Automatically Installed :-)');";
726
+ } else
727
+ $GOTnew_definitions = "";
728
+ } //elseif (file_exists(GOTMLS_plugin_path.'definitions_update.txt')) $GOTnew_definitions = maybe_unserialize(GOTMLS_decode(file_get_contents(GOTMLS_plugin_path.'definitions_update.txt')));
729
+ if (isset($GOTnew_definitions) && is_array($GOTnew_definitions)) {
730
+ $GLOBALS["GOTMLS"]["tmp"]["definitions_array"] = GOTMLS_array_replace_recursive($GLOBALS["GOTMLS"]["tmp"]["definitions_array"], $GOTnew_definitions);
731
+ if (file_exists(GOTMLS_plugin_path.'definitions_update.txt'))
732
+ @unlink(GOTMLS_plugin_path.'definitions_update.txt');
733
+ if (isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"]))
734
+ unset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"]);
735
+ update_option('GOTMLS_definitions_array', $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]);
736
+ foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"] as $threat_level=>$definition_names)
737
+ foreach ($definition_names as $definition_name=>$definition_version)
738
+ if (is_array($definition_version) && isset($definition_version[0]) && strlen($definition_version[0]) == 5)
739
+ if (!isset($GOTMLS_definitions_versions[$threat_level]) || $definition_version[0] > $GOTMLS_definitions_versions[$threat_level])
740
+ $GOTMLS_definitions_versions[$threat_level] = $definition_version[0];
741
+ }
742
+ $GLOBALS["GOTMLS"]["tmp"]["Definition"]["Updates"] = '?div=Definition_Updates';
743
+ asort($GOTMLS_definitions_versions);
744
+ foreach ($GOTMLS_definitions_versions as $definition_name=>$GLOBALS["GOTMLS"]["tmp"]["Definition"]["Latest"])
745
+ $GLOBALS["GOTMLS"]["tmp"]["Definition"]["Updates"] .= "&ver[$definition_name]=".$GLOBALS["GOTMLS"]["tmp"]["Definition"]["Latest"];
746
+ }
747
+
748
  function GOTMLS_settings() {
749
+ global $current_user, $wpdb, $wp_version, $GOTMLS_dirs_at_depth, $GOTMLS_dir_at_depth;
750
  $GOTMLS_scan_groups = array();
751
  $gt = ">";
752
  $lt = "<";
753
+ GOTMLS_update_definitions();
754
+ if (isset($_REQUEST["check"]) && is_array($_REQUEST["check"]))
755
+ $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"] = $_REQUEST["check"];
756
+ /* $threat_names = array_keys($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"]);
757
+ foreach ($threat_names as $threat_name) {
758
+ if (isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"][$threat_name]) && is_array($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"][$threat_name]) && count($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"][$threat_name]) > 1) {
759
+ if ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"][$threat_name][0] > $GOTMLS_definitions_version)
760
+ $GOTMLS_definitions_version = $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"][$threat_name][0];
761
+ if (!(count($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"]) && in_array($threat_name, $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"]))) {
762
+ $GLOBALS["GOTMLS"]["tmp"]["threat_levels"][$threat_name] = count($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"][$threat_name]);
763
+ if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"]) && $GLOBALS["GOTMLS"]["tmp"]["threat_levels"][$threat_name] > 2)
764
+ $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"] = "known";
765
+ }
766
+ }
767
+ }*/
768
+ if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"])) {
769
+ $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"] = $GLOBALS["GOTMLS"]["tmp"]["threat_levels"];
770
+ update_option("GOTMLS_settings_array", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]);
771
+ }
772
  $dirs = GOTMLS_explode_dir(__file__);
773
  for ($SL=0;$SL<intval($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"]);$SL++)
774
  $GOTMLS_scan_groups[] = $lt.'b'.$gt.implode(GOTMLS_slash(), array_slice($dirs, -1 * (3 + $SL), 1)).$lt.'/b'.$gt;
797
  if (dirname($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_dir"][$d]) != ".")
798
  $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_dir"][$d] = str_replace("\\", "", str_replace("/", "", str_replace(dirname($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_dir"][$d]), "", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_dir"][$d])));
799
  }
800
+ $GLOBALS["GOTMLS"]["tmp"]["skip_dirs"] = array_merge($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_dir"], $GLOBALS["GOTMLS"]["tmp"]["skip_dirs"]);
801
  if (isset($_POST["scan_what"]) && is_numeric($_POST["scan_what"]) && $_POST["scan_what"] != $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_what"])
802
  $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_what"] = $_POST["scan_what"];
803
  if (isset($_POST["check_custom"]) && $_POST["check_custom"] != $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check_custom"])
833
  $scan_whatopts = "\n$lt".'div style="padding: 4px 30px;" id="scan_group_div_'.$mg.'"'.$gt.$lt.'input type="radio" name="scan_what" id="not-only'.$mg.'" value="'.$mg.'"'.($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_what"]==$mg?' checked':'').' /'.$gt.$lt.'a style="text-decoration: none;" href="#scan_what" onclick="showOnly(\''.$mg.'\');document.getElementById(\'not-only'.$mg.'\').checked=true;"'."$gt$GOTMLS_scan_group$lt/a$gt{$lt}br /$gt\n$lt".'div class="rounded-corners" style="position: absolute; display: none; background-color: #CCF; margin: 0; padding: 10px; z-index: 10;" id="only'.$mg.'"'.$gt.$lt.'div style="padding-bottom: 6px;"'.$gt.GOTMLS_close_button('only'.$mg, 0).$lt.'b'.$gt.str_replace(" ", "&nbsp;", __("Only Scan These Folders:",'gotmls')).$lt.'/b'.$gt.$lt.'/div'.$gt.$scan_whatopts;
834
  }
835
  $scan_optjs .= "document.getElementById('only'+what).style.display = 'block';\n}".((isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["auto_UPDATE_definitions"]) && $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["auto_UPDATE_definitions"])?"\nfunction auto_UPDATE_check() {\n\tif (auto_UPdef_check = document.getElementById('auto_UPDATE_definitions_check'))\n\t\tauto_UPdef_check.checked = true;\n}\nif (window.addEventListener)\n\twindow.addEventListener('load', auto_UPDATE_check)\nelse\n\tdocument.attachEvent('onload', auto_UPDATE_check);\n":"")."$lt/script$gt";
836
+ $scan_opts = "\n$lt".'form method="POST" name="GOTMLS_Form" action="'.admin_url('admin.php?page=GOTMLS-settings').'"'.$gt.$lt.'input type="hidden" name="scan_type" id="scan_type" value="Complete Scan" /'.$gt.'
837
  '.$lt.'div style="float: left;"'.$gt.$lt.'p'.$gt.$lt.'b'.$gt.__("What to look for:",'gotmls').$lt.'/b'.$gt.$lt.'/p'.$gt.'
838
  '.$lt.'div style="padding: 0 30px;"'.$gt;
839
  foreach ($GLOBALS["GOTMLS"]["tmp"]["threat_levels"] as $threat_level_name=>$threat_level) {
865
  '.$lt.'div style="padding: 0 30px;"'.$gt.$lt.'input type="text" placeholder="'.__("a comma separated list of file extentions to skip",'gotmls').'" name="exclude_ext" id="exclude_ext" value="'.implode(",", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"]).'" style="width: 100%;" /'.$gt.$lt.'/div'.$gt.'
866
  '.$lt.'p'.$gt.$lt.'b'.$gt.__("Skip directories with the following names:",'gotmls').$lt.'/b'.$gt.$lt.'/p'.$gt.'
867
  '.$lt.'div style="padding: 0 30px;"'.$gt.$lt.'input type="text" placeholder="'.__("a folder name or comma separated list of folder names to skip",'gotmls').'" name="exclude_dir" value="'.implode(",", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_dir"]).'" style="width: 100%;" /'.$gt.$lt.'/div'.$gt.'
868
+ '.$lt.'table style="width: 100%" cellspacing="10"'.$gt.$lt.'tr'.$gt.$lt.'td nowrap valign="top" style="white-space: nowrap; width: 1px; border-bottom: #F00 solid 2px;"'.$gt.$lt.'b'.$gt.__("Automatically Update Definitions:",'gotmls').$lt.'/b'.$gt.$lt.'/td'.$gt.$lt.'td colspan=2 style="border-bottom: #F00 solid 2px;"'.$gt.$lt.'div id="UPDATE_definitions_div"'.$gt.$lt.'span style="color: #C00;"'.$gt.__("This new BETA feature is only available to registered users who have donated at a certain level.",'gotmls')."$lt/span$gt$lt/div$gt$lt/td$gt$lt/tr$gt{$lt}tr$gt{$lt}td nowrap$gt\n$lt/td$gt$lt".'td'.$gt.$lt.'/td'.$gt.$lt.'td align="right" valign="bottom"'.$gt.$lt.'input type="submit" id="complete_scan" value="'.__("Run Complete Scan",'gotmls').'" class="button-primary" /'."$gt$lt/td$gt$lt/tr$gt$lt/table$gt$lt/form$gt";
869
  @ob_start();
870
  $OB_default_handlers = array("default output handler", "zlib output compression");
871
  $OB_handlers = @ob_list_handlers();
986
  if (!isset($_REQUEST["scan_type"]))
987
  $_REQUEST["scan_type"] = "Complete Scan";
988
  update_option('GOTMLS_settings_array', $GLOBALS["GOTMLS"]["tmp"]["settings_array"]);
989
+ echo "\n$lt".'form method="POST" action="'.admin_url('admin-ajax.php').'" target="GOTMLS_iFrame" name="GOTMLS_Form_clean"'.$gt.$lt.'input type="hidden" name="action" value="GOTMLS_fix"'.$gt.$lt.'input type="hidden" id="GOTMLS_fixing" name="GOTMLS_fixing" value="1"'.$gt;
990
  foreach ($_POST as $name => $value) {
991
  if (substr($name, 0, 10) != 'GOTMLS_fix') {
992
  if (is_array($value)) {
996
  echo $lt.'input type="hidden" name="'.$name.'" value="'.htmlspecialchars($value).'"'.$gt;
997
  }
998
  }
999
+ echo "\n$lt".'script type="text/javascript"'.$gt.'
 
1000
  showhide("inside_'.md5(GOTMLS_Scan_Settings_LANGUAGE).'");
1001
  '.$lt.'/script'.$gt.GOTMLS_box(htmlentities($_REQUEST["scan_type"]).' Status', $lt.'div id="status_text"'.$gt.$lt.'img src="'.GOTMLS_images_path.'wait.gif" height=16 width=16 alt="..."'.$gt.' '.GOTMLS_Loading_LANGUAGE.$lt.'/div'.$gt.$lt.'div id="status_bar"'.$gt.$lt.'/div'.$gt.$lt.'p id="pause_button" style="display: none; position: absolute; left: 0; text-align: center; margin-left: -30px; padding-left: 50%;"'.$gt.$lt.'input type="button" value="Pause" class="button-primary" onclick="pauseresume(this);" id="resume_button" /'.$gt.$lt.'/p'.$gt.$lt.'div id="status_counts"'.$gt.$lt.'/div'.$gt.$lt.'p id="fix_button" style="display: none; text-align: center;"'.$gt.$lt.'input id="repair_button" type="submit" value="'.GOTMLS_Automatically_Fix_LANGUAGE.'" class="button-primary" onclick="loadIframe(\'Examine Results\');" /'.$gt.$lt.'/p'.$gt);
1002
  $scan_groups_UL = "";
1023
  }
1024
  }
1025
  @ob_start();
1026
+ if ($_REQUEST["scan_type"] == "Quick Scan") {
1027
  $li_js = "\nfunction testComplete() {\n\tif (percent != 100)\n\t\talert('".__("The Quick Scan was unable to finish because of a shortage of memory or a problem accessing a file. Please try using the Complete Scan, it is slower but it will handle these errors better and continue scanning the rest of the files.",'gotmls')."');\n}\nwindow.onload=testComplete;\n$lt/script$gt\n$lt".'script type="text/javascript"'.$gt;
1028
+ if (is_numeric($check = array_search("potential", $GLOBALS["GOTMLS"]["log"]["settings"]["check"])))
1029
+ unset($GLOBALS["GOTMLS"]["log"]["settings"]["check"][$check]);
1030
+ }
1031
  echo "\n{$lt}script type=\"text/javascript\"$gt$li_js\n/*{$lt}!--*"."/";
1032
  if (is_dir($dir)) {
1033
  $GOTMLS_dirs_at_depth[0] = 1;
1034
  $GOTMLS_dir_at_depth[0] = 0;
1035
+ if (isset($_REQUEST['scan_only']) && is_array($_REQUEST['scan_only'])) {
1036
+ $GOTMLS_dirs_at_depth[0] += (count($_REQUEST['scan_only']) - 1);
1037
+ foreach ($_REQUEST['scan_only'] as $only_dir)
1038
  if (is_dir(GOTMLS_trailingslashit($dir).$only_dir))
1039
  GOTMLS_readdir(GOTMLS_trailingslashit($dir).$only_dir);
1040
  } else
1045
  echo GOTMLS_update_status(__("Completed!",'gotmls'), 100);
1046
  else {
1047
  echo GOTMLS_update_status(__("Starting Scan ...",'gotmls'))."/*--{$gt}*"."/";
1048
+ echo "\nvar scriptSRC = '".admin_url('admin-ajax.php?action=GOTMLS_scan&mt='.$GLOBALS["GOTMLS"]["tmp"]["mt"].'&GOTMLS_scan=')."';\nvar scanfilesArKeys = new Array('".implode("','", array_keys($GLOBALS["GOTMLS"]["tmp"]["scanfiles"]))."');\nvar scanfilesArNames = new Array('Scanning ".implode("','Scanning ", $GLOBALS["GOTMLS"]["tmp"]["scanfiles"])."');".'
1049
  var scanfilesI = 0;
1050
  var stopScanning;
1051
  var gotStuckOn = "";
1169
 
1170
  function GOTMLS_set_plugin_action_links($links_array, $plugin_file) {
1171
  if ($plugin_file == substr(__file__, (-1 * strlen($plugin_file))) && strlen($plugin_file) > 10)
1172
+ $links_array = array_merge(array('<a href="'.admin_url('admin.php?page=GOTMLS-settings').'"><span class="dashicons dashicons-admin-settings"></span>'.GOTMLS_Scan_Settings_LANGUAGE.'</a>'), $links_array);
1173
  return $links_array;
1174
  }
1175
 
1176
  function GOTMLS_set_plugin_row_meta($links_array, $plugin_file) {
1177
  if ($plugin_file == substr(__file__, (-1 * strlen($plugin_file))) && strlen($plugin_file) > 10)
1178
+ $links_array = array_merge($links_array, array('<a target="_blank" href="http://gotmls.net/faqs/">FAQ</a>','<a target="_blank" href="http://gotmls.net/support/">Support</a>','<a target="_blank" href="https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE"><span class="dashicons dashicons-heart"></span>Donate</a>'));
1179
  return $links_array;
1180
  }
1181
  function GOTMLS_in_plugin_update_message($args) {
1182
+ $transient_name = "GOTMLS_upgrade_notice_".$args["Version"];//(false === ($upgrade_notice = get_transient($transient_name))) &&
1183
+ if (($ret = GOTMLS_get_URL("https://plugins.svn.wordpress.org/gotmls/trunk/readme.txt"))) {
1184
  $upgrade_notice = '';
1185
+ if ($match = preg_split('/==\s*Upgrade Notice\s*==\s+/i', $ret)) {
1186
+ if (preg_match('/\n+=\s*'.str_replace(".", "\\.", GOTMLS_Version).'\s*=\s+/is', $match[1]))
1187
+ $notice = (array) preg_split('/\n+=\s*'.str_replace(".", "\\.", GOTMLS_Version).'\s*=\s+/is', $match[1]);
1188
+ else
1189
+ $notice = (array) preg_split('/\n+=/is', $match[1]."\n=");
1190
+ $upgrade_notice .= '<div class="GOTMLS_upgrade_notice">'.preg_replace('/=\s*([\.0-9]+)\s*=\s*([^=]+)/i', '<li><b>${1}:</b> ${2}</li>', preg_replace('~\[([^\]]*)\]\(([^\)]*)\)~', '<a href="${2}">${1}</a>', $notice[0])).'</div>';
1191
+ set_transient($transient_name, $upgrade_notice, DAY_IN_SECONDS);
 
 
 
 
 
 
 
1192
  }
 
1193
  }
1194
+ echo $upgrade_notice;
1195
  }
1196
 
1197
  function GOTMLS_init() {
1198
+ if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_what"]))
1199
+ $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_what"] = 2;
1200
+ if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_depth"]))
1201
+ $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_depth"] = -1;
1202
+ if (isset($_REQUEST["scan_type"]) && $_REQUEST["scan_type"] == "Quick Scan") {
1203
+ if (!isset($_REQUEST["scan_what"])) $_REQUEST["scan_what"] = 2;
1204
+ if (!isset($_REQUEST["scan_depth"]))
1205
+ $_REQUEST["scan_depth"] = 2;
1206
+ if (!isset($_REQUEST["scan_only"]))
1207
+ $_REQUEST["scan_only"] = array("","wp-content/plugins","wp-content/themes");
1208
+ if ($_REQUEST["scan_only"] && !is_array($_REQUEST["scan_only"]))
1209
+ $_REQUEST["scan_only"] = array($_REQUEST["scan_only"]);
1210
+ }//$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check_custom"] = stripslashes($_POST["check_custom"]);
1211
+ if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check_custom"]))
1212
+ $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check_custom"] = "";
1213
+ if (isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"]) && is_numeric($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"]))
1214
+ $scan_level = intval($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"]);
1215
+ else
1216
+ $scan_level = count(explode('/', trailingslashit(get_option("siteurl")))) - 1;
1217
+ if (isset($_REQUEST["dont_check"]) && is_array($_REQUEST["dont_check"]) && count($_REQUEST["dont_check"]))
1218
+ $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"] = $_REQUEST["dont_check"];
1219
+ elseif (isset($_POST["scan_type"]) || !(isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"])))
1220
+ $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"] = array();
1221
+ if (isset($_POST["scan_level"]) && is_numeric($_POST["scan_level"]))
1222
+ $scan_level = intval($_POST["scan_level"]);
1223
+ if (isset($scan_level) && is_numeric($scan_level))
1224
+ $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"] = intval($scan_level);
1225
+ else
1226
+ $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"] = count(explode('/', trailingslashit(get_option("siteurl")))) - 1;
1227
+ }
1228
+
1229
+ function GOTMLS_ajax_position() {
1230
+ $GLOBALS["GOTMLS_msg"] = __("Default position",'gotmls');
1231
+ $properties = array("body" => 'style="margin: 0; padding: 0;"');
1232
+ if (isset($_GET["GOTMLS_msg"]) && $_GET["GOTMLS_msg"] == $GLOBALS["GOTMLS_msg"]) {
1233
+ $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"] = $GLOBALS["GOTMLS"]["tmp"]["default"]["msg_position"];
1234
+ $gl = '><';
1235
+ $properties["html"] = $gl.'head'.$gl.'script type="text/javascript">
1236
+ if (curDiv = window.parent.document.getElementById("div_file")) {
1237
+ curDiv.style.left = "'.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][0].'";
1238
+ curDiv.style.top = "'.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][1].'";
1239
+ curDiv.style.height = "'.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][2].'";
1240
+ curDiv.style.width = "'.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][3].'";
1241
+ }
1242
+ </script'.$gl.'/head';
1243
+ } elseif (isset($_GET["GOTMLS_x"]) || isset($_GET["GOTMLS_y"]) || isset($_GET["GOTMLS_h"]) || isset($_GET["GOTMLS_w"])) {
1244
+ if (isset($_GET["GOTMLS_x"]))
1245
+ $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][0] = $_GET["GOTMLS_x"];
1246
+ if (isset($_GET["GOTMLS_y"]))
1247
+ $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][1] = $_GET["GOTMLS_y"];
1248
+ if (isset($_GET["GOTMLS_h"]))
1249
+ $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][2] = $_GET["GOTMLS_h"];
1250
+ if (isset($_GET["GOTMLS_w"]))
1251
+ $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][3] = $_GET["GOTMLS_w"];
1252
+ $_GET["GOTMLS_msg"] = __("New position",'gotmls');
1253
+ } else
1254
+ die("\n//Position Error: No new position to save!\n");
1255
+ update_option("GOTMLS_settings_array", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]);
1256
+ die(GOTMLS_html_tags(array("html" => array("body" => htmlentities($_GET["GOTMLS_msg"]).' '.__("saved.",'gotmls').(implode($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"]) == implode($GLOBALS["GOTMLS"]["tmp"]["default"]["msg_position"])?"":' <a href="'.admin_url('admin-ajax.php?action=GOTMLS_position&GOTMLS_msg='.urlencode($GLOBALS["GOTMLS_msg"])).'">['.$GLOBALS["GOTMLS_msg"].']</a>'))), $properties));
1257
+ }
1258
+ add_action('wp_ajax_GOTMLS_position', 'GOTMLS_ajax_position');
1259
+
1260
+ function GOTMLS_ajax_whitelist() {
1261
+ if (isset($_POST['GOTMLS_whitelist']) && isset($_POST['GOTMLS_chksum'])) {
1262
+ $file = GOTMLS_decode($_POST['GOTMLS_whitelist']);
1263
+ $chksum = explode("O", $_POST['GOTMLS_chksum']."O");
1264
+ if (strlen($chksum[0]) == 32 && strlen($chksum[1]) == 32 && is_file($file) && md5(@file_get_contents($file)) == $chksum[0]) {
1265
+ $filesize = @filesize($file);
1266
+ if (true) {
1267
+ if (!isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"][$file][0]))
1268
+ $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"][$file][0] = "A0002";
1269
+ $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"][$file][$chksum[0].'O'.$filesize] = "A0002";
1270
  } else
1271
+ unset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"][$file]);
1272
+ update_option("GOTMLS_definitions_array", $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]);
1273
+ $body = "Added $file to Whitelist!<br />\n<iframe style='width: 90%; height: 250px; border: none;' src='".GOTMLS_plugin_home."whitelist.html?whitelist=".$_POST['GOTMLS_whitelist']."&hash=$chksum[0]&size=$filesize&key=$chksum[1]'></iframe>";
1274
+ } else
1275
+ $body = "<li>Invalid Data!</li>";
1276
+ die(GOTMLS_html_tags(array("html" => array("body" => $body))));
1277
+ } else
1278
+ die("\n//Whitelist Error: Invalid checksum!\n");
1279
+ }
1280
+ add_action('wp_ajax_GOTMLS_whitelist', 'GOTMLS_ajax_whitelist');
1281
+
1282
+ function GOTMLS_ajax_fix() {
1283
+ if (isset($_POST["GOTMLS_fix"]) && !is_array($_POST["GOTMLS_fix"]))
1284
+ $_POST["GOTMLS_fix"] = array($_POST["GOTMLS_fix"]);
1285
+ if (isset($_REQUEST["GOTMLS_fix"]) && is_array($_REQUEST["GOTMLS_fix"]) && isset($_REQUEST["GOTMLS_fixing"]) && $_REQUEST["GOTMLS_fixing"]) {
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1286
  GOTMLS_update_scan_log(array("settings" => $GLOBALS["GOTMLS"]["tmp"]["settings_array"]));
1287
+ $callAlert = "clearTimeout(callAlert);\ncallAlert=setTimeout('alert_repaired(1)', 30000);";
1288
+ $li_js = "\n<script type=\"text/javascript\">\nvar callAlert;\nfunction alert_repaired(failed) {\nclearTimeout(callAlert);\nif (failed)\nfilesFailed='the rest, try again to change more.';\nwindow.parent.check_for_donation('Changed '+filesFixed+' files, failed to change '+filesFailed);\n}\n$callAlert\nwindow.parent.showhide('GOTMLS_iFrame', true);\nfilesFixed=0;\nfilesFailed=0;\nfunction fixedFile(file) {\n filesFixed++;\nif (li_file = window.parent.document.getElementById('check_'+file))\n\tli_file.checked=false;\nif (li_file = window.parent.document.getElementById('list_'+file))\n\tli_file.className='GOTMLS_plugin';\nif (li_file = window.parent.document.getElementById('GOTMLS_quarantine_'+file)) {\n\tli_file.style.display='none';\n\tli_file.innerHTML='';\n\t}\n}\nfunction DeletedFile(file) {\n filesFixed++;\nnif (li_file = window.parent.document.getElementById('check_'+file))\n\tli_file.checked=false;\nif (li_file = window.parent.document.getElementById('GOTMLS_quarantine_'+file)) {\n\tli_file.style.display='none';\n\tli_file.innerHTML='';\n\t}}\nfunction failedFile(file) {\n filesFailed++;\nwindow.parent.document.getElementById('check_'+file).checked=false; \n}\n</script>\n<script type=\"text/javascript\">\n/*<!--*"."/";
1289
+ @set_time_limit($GLOBALS["GOTMLS"]["tmp"]['execution_time'] * 2);
1290
+ $HTML = explode("split-here-for-content", GOTMLS_html_tags(array("html" => array("body" => "split-here-for-content"))));
1291
+ echo $HTML[0];
1292
+ GOTMLS_update_scan_log(array("scan" => array("dir" => count($_REQUEST["GOTMLS_fix"])." Files", "start" => time())));
1293
+ foreach ($_REQUEST["GOTMLS_fix"] as $clean_file) {
1294
+ if (is_numeric($clean_file)) {
1295
+ if (($Q_post = GOTMLS_get_quarantine($clean_file)) && isset($Q_post["post_type"]) && $Q_post["post_type"] == "GOTMLS_quarantine" && isset($Q_post["post_status"]) && $Q_post["post_status"] == "private") {
1296
+ $path = $Q_post["post_title"];
1297
+ if ($_REQUEST["GOTMLS_fixing"] > 1) {
1298
+ echo "<li>Removing $path ... ";
1299
+ $Q_post["post_status"] = "trash";
1300
+ if (wp_update_post($Q_post)) {
1301
+ echo __("Done!",'gotmls');
1302
+ $li_js .= "/*-->*"."/\nDeletedFile('$clean_file');\n/*<!--*"."/";
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1303
  } else {
1304
+ echo __("Failed to delete!",'gotmls');
1305
+ $li_js .= "/*-->*"."/\nfailedFile('$clean_file');\n/*<!--*"."/";
1306
+ }
1307
+ GOTMLS_update_scan_log(array("scan" => array("finish" => time(), "type" => "Removal from Quarantine")));
1308
+ } else {
1309
+ echo "<li>Restoring $path ... ";
1310
+ $Q_post["post_status"] = "pending";
1311
+ if (GOTMLS_file_put_contents($path, GOTMLS_decode($Q_post["post_content"])) && wp_update_post($Q_post)) {
1312
+ echo __("Complete!",'gotmls');
1313
+ $li_js .= "/*-->*"."/\nfixedFile('$clean_file');\n/*<!--*"."/";
1314
+ } else {
1315
+ echo __("Restore Failed!",'gotmls');
1316
+ $li_js .= "/*-->*"."/\nfailedFile('$clean_file');\n/*<!--*"."/";
1317
  }
1318
+ GOTMLS_update_scan_log(array("scan" => array("finish" => time(), "type" => "Restoration from Quarantine")));
 
1319
  }
1320
+ echo "</li>\n$li_js/*-->*"."/\n$callAlert\n</script>\n";
1321
+ $li_js = "<script type=\"text/javascript\">\n/*<!--*"."/";
 
 
 
 
 
 
 
 
1322
  }
1323
+ } else {
1324
+ $path = realpath(GOTMLS_decode($clean_file));
1325
+ if (is_file($path)) {
1326
+ echo "<li>Fixing $path ... ";
1327
+ $li_js .= GOTMLS_scanfile($path);
1328
+ echo "</li>\n$li_js/*-->*"."/\n$callAlert\n</script>\n";
1329
+ $li_js = "<script type=\"text/javascript\">\n/*<!--*"."/";
1330
+ } else
1331
+ echo "<li>".__("File ".htmlentities($path)." not found!",'gotmls')."</li>";
1332
+ GOTMLS_update_scan_log(array("scan" => array("finish" => time(), "type" => "Automatic Fix")));
1333
  }
1334
+ }
1335
+ die('<div id="check_site_warning" style="background-color: #F00;">'.sprintf(__("Because some changes were made we need to check to make sure it did not break your site. If this stays Red and the frame below does not load please <a %s>revert the changes</a> made during this automated fix process.",'gotmls'), 'target="_top" href="admin.php?page=GOTMLS-View-Quarantine"').' <span style="color: #F00;">'.__("Never mind, it worked!",'gotmls').'</span></div><br /><iframe id="test_frame" name="test_frame" src="'.admin_url('admin.php?page=GOTMLS-settings&check_site=1').'" style="width: 100%; height: 200px"></iframe>'.$li_js."/*-->*"."/\nalert_repaired(0);\n</script>\n$HTML[1]");
1336
+ } else
1337
+ die(GOTMLS_html_tags(array("html" => array("body" => "<script type=\"text/javascript\">\nwindow.parent.showhide('GOTMLS_iFrame', true);\nalert('".__("Nothing Selected to be Changed!",'gotmls')."');\n</script>".__("Done!",'gotmls')))));
1338
+ }
1339
+ add_action('wp_ajax_GOTMLS_fix', 'GOTMLS_ajax_fix');
1340
+
1341
+ function GOTMLS_ajax_scan() {
1342
+ @error_reporting(0);
1343
+ if (isset($_GET["GOTMLS_scan"])) {
1344
+ @set_time_limit($GLOBALS["GOTMLS"]["tmp"]['execution_time'] - 5);
1345
+ if (is_numeric($_GET["GOTMLS_scan"])) {
1346
+ if (($Q_post = GOTMLS_get_quarantine($_GET["GOTMLS_scan"])) && isset($Q_post["post_type"]) && $Q_post["post_type"] == "GOTMLS_quarantine" && isset($Q_post["post_status"]) && $Q_post["post_status"] == "private") {
1347
+ $clean_file = $Q_post["post_title"];
1348
+ $GLOBALS["GOTMLS"]["tmp"]["file_contents"] = GOTMLS_decode($Q_post["post_content"]);
1349
+ $fa = "";
1350
+ $function = 'GOTMLS_decode';
1351
+ $decode_list = array("Base64" => '/base64_decode\([\'"]([0-9\+\/\=a-z]+)[\'"]\)/', "Hex" => '/(\\\\x[0-9a-f]{2})/');
1352
+ if (isset($_GET[$function]) && is_array($_GET[$function])) {
1353
+ foreach ($_GET[$function] as $decode) {
1354
+ if (isset($decode_list[$decode])) {
1355
+ $GLOBALS["GOTMLS"]["tmp"]["file_contents"] = preg_replace($decode_list[$decode].substr($GLOBALS["GOTMLS"]["tmp"]["default_ext"], 0, 2), $function.$decode.'("\1")', $GLOBALS["GOTMLS"]["tmp"]["file_contents"]);
1356
+ $fa .= " $decode decoded";
1357
+ } else
1358
+ $fa .= " NO-$decode";
1359
+ }
1360
+ } elseif (isset($Q_post["post_excerpt"]) && strlen($Q_post["post_excerpt"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["threats_found"] = @maybe_unserialize(GOTMLS_decode($Q_post["post_excerpt"])))) {
1361
+ $f = 1;
1362
+ foreach ($GLOBALS["GOTMLS"]["tmp"]["threats_found"] as $threats_found=>$threats_name) {
1363
+ if (is_numeric($threats_found)) {
1364
+ $threats_found = $threats_name;
1365
+ $threats_name = $f;
1366
+ }
1367
+ $fpos = 0;
1368
+ $flen = 0;
1369
+ $potential_threat = str_replace("\r", "", $threats_found);
1370
+ while (($fpos = strpos(str_replace("\r", "", $GLOBALS["GOTMLS"]["tmp"]["file_contents"]), ($potential_threat), $flen + $fpos)) !== false) {
1371
+ $flen = strlen($potential_threat);
1372
+ $fa .= ' <a title="'.htmlspecialchars($threats_name).'" href="javascript:select_text_range(\'ta_file\', '.($fpos).', '.($fpos + $flen).');">['.$f++.']</a>';
1373
+ }
1374
+ if (0 == $flen)
1375
+ $fa = 'ERROR['.($f++).']: Threat_size{'.strlen($potential_threat).'} } Content_size{'.strlen(str_replace("\r", "", $GLOBALS["GOTMLS"]["tmp"]["file_contents"])).'}';
1376
+ }
1377
+ }
1378
+ foreach ($decode_list as $decode => $regex)
1379
+ if (preg_match($regex.substr($GLOBALS["GOTMLS"]["tmp"]["default_ext"], 0, 1), $GLOBALS["GOTMLS"]["tmp"]["file_contents"]))
1380
+ $fa .= ' <a href="'.GOTMLS_script_URI.'&'.$function.'[]='.$decode.'">decode['.$decode.']</a>';
1381
+ die("\n".'<script type="text/javascript">
1382
+ function select_text_range(ta_id, start, end) {
1383
+ ta_element = document.getElementById(ta_id);
1384
+ ta_element.focus();
1385
+ if(ta_element.setSelectionRange)
1386
+ ta_element.setSelectionRange(start, end);
1387
+ else {
1388
+ var r = ta_element.createTextRange();
1389
+ r.collapse(true);
1390
+ r.moveEnd(\'character\', end);
1391
+ r.moveStart(\'character\', start);
1392
+ r.select();
1393
+ }
1394
+ }
1395
+ window.parent.showhide("GOTMLS_iFrame", true);
1396
+ </script><table style="top: 0px; left: 0px; width: 100%; height: 100%; position: absolute;"><tr><td style="width: 100%"><form style="margin: 0;" method="post" action="'.admin_url('admin-ajax.php').'" onsubmit="return confirm(\''.__("Are you sure you want to delete this file from the quarantine?",'gotmls').'\');"><input type="hidden" name="GOTMLS_fix[]" value="'.$Q_post["ID"].'"><input type="hidden" name="GOTMLS_fixing" value="2"><input type="hidden" name="action" value="GOTMLS_fix"><input type="submit" value="DELETE from Quarantine" style="background-color: #C00; float: right;"></form><div id="fileperms" class="shadowed-box rounded-corners" style="display: none; position: absolute; left: 8px; top: 29px; background-color: #ccc; border: medium solid #C00; box-shadow: -3px 3px 3px #666; border-radius: 10px; padding: 10px;"><b>File Details</b><br />encoding: '.mb_detect_encoding($GLOBALS["GOTMLS"]["tmp"]["file_contents"]).'<br />size: '.strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]).' bytes<br />infected:'.$Q_post["post_modified_gmt"].'<br />quarantined:'.$Q_post["post_date_gmt"].'</div><div style="overflow: auto;"><span onmouseover="document.getElementById(\'fileperms\').style.display=\'block\';" onmouseout="document.getElementById(\'fileperms\').style.display=\'none\';">'.__("File Details:",'gotmls').'</span> ('.$fa.' )</div></td></tr><tr><td style="height: 100%"><textarea id="ta_file" style="width: 100%; height: 100%">'.htmlentities(str_replace("\r", "", $GLOBALS["GOTMLS"]["tmp"]["file_contents"])).'</textarea></td></tr></table>');
1397
+ } else
1398
+ die(GOTMLS_html_tags(array("html" => array("body" => __("This file no longer exists in the quarantine.",'gotmls')."<br />\n<script type=\"text/javascript\">\nwindow.parent.showhide('GOTMLS_iFrame', true);\n</script>"))));
1399
+ } else {
1400
+ $file = GOTMLS_decode($_GET["GOTMLS_scan"]);
1401
+ if (is_dir($file)) {
1402
+ @error_reporting(0);
1403
+ @header("Content-type: text/javascript");
1404
+ if (isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"]))
1405
+ $GLOBALS["GOTMLS"]["tmp"]["skip_ext"] = $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"];
1406
+ @ob_start();
1407
+ echo GOTMLS_scandir($file);
1408
+ if (@ob_get_level()) {
1409
+ GOTMLS_flush();
1410
+ @ob_end_flush();
1411
+ }
1412
+ die('//END OF JavaScript');
1413
+ } else {
1414
+ if (!file_exists($file))
1415
+ die(GOTMLS_html_tags(array("html" => array("body" => sprintf(__("The file %s does not exist, it must have already been deleted.",'gotmls'), $file)."<script type=\"text/javascript\">\nwindow.parent.showhide('GOTMLS_iFrame', true);\n</script>"))));
1416
+ else {
1417
+ GOTMLS_scanfile($file);
1418
  $fa = "";
1419
  $function = 'GOTMLS_decode';
1420
  $decode_list = array("Base64" => '/base64_decode\([\'"]([0-9\+\/\=a-z]+)[\'"]\)/', "Hex" => '/(\\\\x[0-9a-f]{2})/');
1421
  if (isset($_GET[$function]) && is_array($_GET[$function])) {
1422
  foreach ($_GET[$function] as $decode) {
1423
  if (isset($decode_list[$decode])) {
1424
+ $GLOBALS["GOTMLS"]["tmp"]["file_contents"] = preg_replace($decode_list[$decode].substr($GLOBALS["GOTMLS"]["tmp"]["default_ext"], 0, 2), $function.$decode.'("\1")', $GLOBALS["GOTMLS"]["tmp"]["file_contents"]);
1425
  $fa .= " $decode decoded";
1426
  } else
1427
  $fa .= " NO-$decode";
1428
  }
1429
+ } elseif (isset($GLOBALS["GOTMLS"]["tmp"]["threats_found"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["threats_found"]) && count($GLOBALS["GOTMLS"]["tmp"]["threats_found"])) {
1430
  $f = 1;
1431
+ foreach ($GLOBALS["GOTMLS"]["tmp"]["threats_found"] as $threats_found=>$threats_name) {
 
 
 
 
1432
  $fpos = 0;
1433
  $flen = 0;
1434
  $potential_threat = str_replace("\r", "", $threats_found);
1435
+ while (($fpos = strpos(str_replace("\r", "", $GLOBALS["GOTMLS"]["tmp"]["file_contents"]), ($potential_threat), $flen + $fpos)) !== false) {
1436
  $flen = strlen($potential_threat);
1437
  $fa .= ' <a title="'.htmlspecialchars($threats_name).'" href="javascript:select_text_range(\'ta_file\', '.($fpos).', '.($fpos + $flen).');">['.$f++.']</a>';
1438
  }
1439
  if (0 == $flen)
1440
+ $fa = 'ERROR['.($f++).']: Threat_size{'.strlen($potential_threat).'} } Content_size{'.strlen(str_replace("\r", "", $GLOBALS["GOTMLS"]["tmp"]["file_contents"])).'}';
1441
  }
1442
+ } else
1443
+ $fa = " No Threats Found";
1444
  foreach ($decode_list as $decode => $regex)
1445
+ if (preg_match($regex.substr($GLOBALS["GOTMLS"]["tmp"]["default_ext"], 0, 1), $GLOBALS["GOTMLS"]["tmp"]["file_contents"]))
1446
  $fa .= ' <a href="'.GOTMLS_script_URI.'&'.$function.'[]='.$decode.'">decode['.$decode.']</a>';
1447
  die("\n".'<script type="text/javascript">
1448
  function select_text_range(ta_id, start, end) {
1459
  }
1460
  }
1461
  window.parent.showhide("GOTMLS_iFrame", true);
1462
+ </script><table style="top: 0px; left: 0px; width: 100%; height: 100%; position: absolute;"><tr><td style="width: 100%"><form style="margin: 0;" method="post" action="'.admin_url('admin-ajax.php').'" onsubmit="return confirm(\''.__("Are you sure this file is not infected and you want to ignore it in future scans?",'gotmls').'\');"><input type="hidden" name="GOTMLS_whitelist" value="'.GOTMLS_encode($file).'"><input type="hidden" name="action" value="GOTMLS_whitelist"><input type="hidden" name="GOTMLS_chksum" value="'.md5($GLOBALS["GOTMLS"]["tmp"]["file_contents"]).'O'.GOTMLS_installation_key.'"><input type="submit" value="Whitelist this file" style="float: right;"></form><div id="fileperms" class="shadowed-box rounded-corners" style="display: none; position: absolute; left: 8px; top: 29px; background-color: #ccc; border: medium solid #C00; box-shadow: -3px 3px 3px #666; border-radius: 10px; padding: 10px;"><b>File Details</b><br />encoding: '.mb_detect_encoding($GLOBALS["GOTMLS"]["tmp"]["file_contents"]).'<br />size: '.strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]).' ('.filesize($file).'bytes)<br />permissions: '.GOTMLS_fileperms($file).'<br />modified:'.date(" Y-m-d H:i:s ", filemtime($file)).'<br />changed:'.date(" Y-m-d H:i:s ", filectime($file)).'</div><div style="overflow: auto;"><span onmouseover="document.getElementById(\'fileperms\').style.display=\'block\';" onmouseout="document.getElementById(\'fileperms\').style.display=\'none\';">'.__("Potential threats in file:",'gotmls').'</span> ('.$fa.' )</div></td></tr><tr><td style="height: 100%"><textarea id="ta_file" style="width: 100%; height: 100%">'.htmlentities(str_replace("\r", "", $GLOBALS["GOTMLS"]["tmp"]["file_contents"])).'</textarea></td></tr></table>');
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1463
  }
1464
  }
1465
+ }
1466
+ } else
1467
+ die("\n//Directory Error: Nothing to scan!\n");
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1468
  }
1469
+ add_action('wp_ajax_GOTMLS_scan', 'GOTMLS_ajax_scan');
1470
 
1471
+ function GOTMLS_ajax_nopriv() {
 
 
 
 
1472
  die("\n//Permission Error: User not authenticated!\n");
1473
+ }
1474
+ add_action('wp_ajax_nopriv_GOTMLS_scan', 'GOTMLS_ajax_nopriv');
1475
+ add_action('wp_ajax_nopriv_GOTMLS_position', 'GOTMLS_ajax_nopriv');
1476
+ add_action('wp_ajax_nopriv_GOTMLS_fix', 'GOTMLS_ajax_nopriv');
1477
+ add_action('wp_ajax_nopriv_GOTMLS_whitelist', 'GOTMLS_ajax_nopriv');
1478
+
1479
+ add_action("in_plugin_update_message-gotmls/index.php", "GOTMLS_in_plugin_update_message");
1480
+ add_filter("plugin_row_meta", "GOTMLS_set_plugin_row_meta", 1, 2);
1481
+ add_filter("plugin_action_links", "GOTMLS_set_plugin_action_links", 1, 2);
1482
+ add_action("plugins_loaded", "GOTMLS_loaded");
1483
+ add_action("admin_notices", "GOTMLS_admin_notices");
1484
+ add_action("admin_menu", "GOTMLS_menu");
1485
+ add_action("network_admin_menu", "GOTMLS_menu");
1486
+ $init = add_action("admin_init", "GOTMLS_init");
languages/gotmls.pot CHANGED
@@ -8,7 +8,7 @@ msgid ""
8
  msgstr ""
9
  "Project-Id-Version: GOTMLS\n"
10
  "Report-Msgid-Bugs-To: eli@gotmls.net\n"
11
- "POT-Creation-Date: 2015-06-06 17:29-1000\n"
12
  "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
13
  "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
14
  "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -337,6 +337,15 @@ msgstr ""
337
  msgid " For more information on Brute-Force attack prevention and the WordPress wp-login-php file "
338
  msgstr ""
339
 
 
 
 
 
 
 
 
 
 
340
  msgid "Done!"
341
  msgstr ""
342
 
@@ -359,6 +368,9 @@ msgstr ""
359
  msgid "Never mind, it worked!"
360
  msgstr ""
361
 
 
 
 
362
  msgid "Are you sure you want to delete this file from the quarantine?"
363
  msgstr ""
364
 
@@ -378,18 +390,6 @@ msgstr ""
378
  msgid "Potential threats in file:"
379
  msgstr ""
380
 
381
- msgid "Nothing Selected to be Changed!"
382
- msgstr ""
383
-
384
- msgid "Default position"
385
- msgstr ""
386
-
387
- msgid "New position"
388
- msgstr ""
389
-
390
- msgid "saved."
391
- msgstr ""
392
-
393
  msgid "htaccess Threats"
394
  msgstr ""
395
 
@@ -408,12 +408,15 @@ msgstr ""
408
  msgid "Failed to list files in directory!"
409
  msgstr ""
410
 
411
- msgid "Run Quick Scan"
412
  msgstr ""
413
 
414
  msgid "View Quarantine"
415
  msgstr ""
416
 
 
 
 
417
  #, php-format
418
  msgid "This Plugin requires WordPress version %s or higher"
419
  msgstr ""
@@ -512,6 +515,3 @@ msgstr ""
512
 
513
  msgid "The <b>base64_decode</b> function is currently disabled by the disable_functions Directive in your server's php.ini file.<br />This function is required for this Anti-Malware plugin to work properly.<br />Check the disable_functions Directive in your php.ini and take out base64_decode to fix this problem."
514
  msgstr ""
515
-
516
- msgid "View Scan Log"
517
- msgstr ""
8
  msgstr ""
9
  "Project-Id-Version: GOTMLS\n"
10
  "Report-Msgid-Bugs-To: eli@gotmls.net\n"
11
+ "POT-Creation-Date: 2015-06-18 12:35-1000\n"
12
  "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
13
  "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
14
  "Language-Team: LANGUAGE <LL@li.org>\n"
337
  msgid " For more information on Brute-Force attack prevention and the WordPress wp-login-php file "
338
  msgstr ""
339
 
340
+ msgid "Default position"
341
+ msgstr ""
342
+
343
+ msgid "New position"
344
+ msgstr ""
345
+
346
+ msgid "saved."
347
+ msgstr ""
348
+
349
  msgid "Done!"
350
  msgstr ""
351
 
368
  msgid "Never mind, it worked!"
369
  msgstr ""
370
 
371
+ msgid "Nothing Selected to be Changed!"
372
+ msgstr ""
373
+
374
  msgid "Are you sure you want to delete this file from the quarantine?"
375
  msgstr ""
376
 
390
  msgid "Potential threats in file:"
391
  msgstr ""
392
 
 
 
 
 
 
 
 
 
 
 
 
 
393
  msgid "htaccess Threats"
394
  msgstr ""
395
 
408
  msgid "Failed to list files in directory!"
409
  msgstr ""
410
 
411
+ msgid "Quick Scan"
412
  msgstr ""
413
 
414
  msgid "View Quarantine"
415
  msgstr ""
416
 
417
+ msgid "View Scan Log"
418
+ msgstr ""
419
+
420
  #, php-format
421
  msgid "This Plugin requires WordPress version %s or higher"
422
  msgstr ""
515
 
516
  msgid "The <b>base64_decode</b> function is currently disabled by the disable_functions Directive in your server's php.ini file.<br />This function is required for this Anti-Malware plugin to work properly.<br />Check the disable_functions Directive in your php.ini and take out base64_decode to fix this problem."
517
  msgstr ""
 
 
 
readme.txt CHANGED
@@ -5,8 +5,8 @@ Author URI: http://wordpress.ieonly.com/category/my-plugins/anti-malware/
5
  Contributors: scheeeli, gotmls
6
  Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
7
  Tags: anti-malware, security, scanner, automatic, repair, remove, malware, virus, threat, hacked, malicious, infection, timthumb, exploit, block, brute-force, wp-login, patch, antimalware, revslider, Revolution Slider
8
- Version: 4.15.26
9
- Stable tag: 4.15.26
10
  Requires at least: 3.3
11
  Tested up to: 4.2.2
12
 
@@ -29,7 +29,7 @@ This Anti-Malware scanner searches for Malware, Viruses, and other security thre
29
  * Automatically Download Definition Updates When running a Complete Scan.
30
  * Check the integrity of your WordPress Core files.
31
 
32
- Updated June 6th
33
 
34
  Register this plugin at [GOTMLS.NET](http://gotmls.net/) and get access to new definitions of "Known Threats" and added features like Automatic Removal, plus patches for specific security vulnerabilities like old versions of timthumb. Updated definition files can be downloaded automatically within the admin once your Key is registered. Otherwise, this plugin just scans for "Potential Threats" and leaves it up to you to identify and remove the malicious ones.
35
 
@@ -94,6 +94,10 @@ sucuri.net caches their scan results and will not refresh the scan until you cli
94
 
95
  == Changelog ==
96
 
 
 
 
 
97
  = 4.15.26 =
98
  * Moved the quarantine files into the database and deleted the old directory in uploads.
99
  * Fixed some minor formatting issues in the HTML output on the settings page.
@@ -226,9 +230,6 @@ sucuri.net caches their scan results and will not refresh the scan until you cli
226
  * Fixed a bug in the Add to Whitelist feature so the you do not need to update the definitions after whitelisting a file.
227
 
228
  = 1.3.05.13 =
229
- * Fixed two bugs in the last release.
230
-
231
- = 1.3.05.11 =
232
  * Added ability to whitelist files.
233
 
234
  = 1.3.04.19 =
@@ -335,6 +336,9 @@ sucuri.net caches their scan results and will not refresh the scan until you cli
335
 
336
  == Upgrade Notice ==
337
 
 
 
 
338
  = 4.15.26 =
339
  Moved the quarantine files into the database and deleted the old directory in uploads, fixed some minor HTML formatting issues, and added a warning if base64_decode is disabled.
340
 
@@ -432,9 +436,6 @@ Downgraded the WP-Login threat and changed it to an opt-in fix.
432
  Fixed a bug in the Add to Whitelist feature so the you do not need to update the definitions after whitelisting a file.
433
 
434
  = 1.3.05.13 =
435
- Fixed two bugs in the last release.
436
-
437
- = 1.3.05.11 =
438
  Added ability to whitelist files.
439
 
440
  = 1.3.04.19 =
5
  Contributors: scheeeli, gotmls
6
  Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
7
  Tags: anti-malware, security, scanner, automatic, repair, remove, malware, virus, threat, hacked, malicious, infection, timthumb, exploit, block, brute-force, wp-login, patch, antimalware, revslider, Revolution Slider
8
+ Version: 4.15.27
9
+ Stable tag: 4.15.27
10
  Requires at least: 3.3
11
  Tested up to: 4.2.2
12
 
29
  * Automatically Download Definition Updates When running a Complete Scan.
30
  * Check the integrity of your WordPress Core files.
31
 
32
+ Updated June 18th
33
 
34
  Register this plugin at [GOTMLS.NET](http://gotmls.net/) and get access to new definitions of "Known Threats" and added features like Automatic Removal, plus patches for specific security vulnerabilities like old versions of timthumb. Updated definition files can be downloaded automatically within the admin once your Key is registered. Otherwise, this plugin just scans for "Potential Threats" and leaves it up to you to identify and remove the malicious ones.
35
 
94
 
95
  == Changelog ==
96
 
97
+ = 4.15.27 =
98
+ * Fixed a major bug that made multisite scan extremely slow and sometimes error out.
99
+ * Moved all ajax call out of the init function and into their own functions for better handling time.
100
+
101
  = 4.15.26 =
102
  * Moved the quarantine files into the database and deleted the old directory in uploads.
103
  * Fixed some minor formatting issues in the HTML output on the settings page.
230
  * Fixed a bug in the Add to Whitelist feature so the you do not need to update the definitions after whitelisting a file.
231
 
232
  = 1.3.05.13 =
 
 
 
233
  * Added ability to whitelist files.
234
 
235
  = 1.3.04.19 =
336
 
337
  == Upgrade Notice ==
338
 
339
+ = 4.15.27 =
340
+ Fixed a major bug that made multisite scan extremely slow and moved all ajax call out of the init function and into their own functions.
341
+
342
  = 4.15.26 =
343
  Moved the quarantine files into the database and deleted the old directory in uploads, fixed some minor HTML formatting issues, and added a warning if base64_decode is disabled.
344
 
436
  Fixed a bug in the Add to Whitelist feature so the you do not need to update the definitions after whitelisting a file.
437
 
438
  = 1.3.05.13 =
 
 
 
439
  Added ability to whitelist files.
440
 
441
  = 1.3.04.19 =