Anti-Malware Security and Brute-Force Firewall - Version 4.15.43

Version Description

  • Added Core Files to the Quick Scan list on the admin menu.
  • Added a nonce token to prevent Cross-Site Request Forgery by admins who are logged-in from another site.
  • Hardened against XSS vulnerability triggered by the file names being scanned (thanks to Mahadev Subedi).
  • Improved brute-force patch compatibility with alternate wp-config.php location.
Download this release

Release Info

Developer scheeeli
Plugin Icon 128x128 Anti-Malware Security and Brute-Force Firewall
Version 4.15.43
Comparing to
See all releases

Code changes from version 4.15.42 to 4.15.43

Files changed (6) hide show
  1. images/index.php +95 -42
  2. index.php +436 -395
  3. languages/gotmls-pt_BR.mo +0 -0
  4. languages/gotmls-pt_BR.po +743 -0
  5. languages/gotmls.pot +34 -7
  6. readme.txt +12 -3
images/index.php CHANGED
@@ -27,7 +27,7 @@ function __($text, $domain) {
27
  $GLOBALS["GOTMLS"] = array(
28
  "tmp"=>array("HeadersError"=>"", "onLoad"=>"", "file_contents"=>"", "new_contents"=>"", "threats_found"=>array(),
29
  "skip_dirs" => array(".", ".."), "scanfiles" => array(),
30
- "mt" => ((isset($_GET["mt"])&&is_numeric($_GET["mt"]))?$_GET["mt"]:microtime(true)),
31
  "threat_files" => array("htaccess"=>".htaccess","timthumb"=>"thumb.php"),
32
  "threat_levels" => array(__("htaccess Threats",'gotmls')=>"htaccess",__("TimThumb Exploits",'gotmls')=>"timthumb",__("Backdoor Scripts",'gotmls')=>"backdoor",__("Known Threats",'gotmls')=>"known",__("Core File Changes",'gotmls')=>"wp_core",__("Potential Threats",'gotmls')=>"potential"),
33
  "default_ext"=>"ieonly.", "skip_ext"=>array("png", "jpg", "jpeg", "gif", "bmp", "tif", "tiff", "psd", "fla", "flv", "mov", "mp3", "exe", "zip", "pdf", "css", "pot", "po", "mo", "so", "doc", "docx", "svg", "ttf"),
@@ -35,6 +35,21 @@ $GLOBALS["GOTMLS"] = array(
35
  "default" => array("msg_position" => array('80px', '40px', '400px', '600px'))));
36
  GOTMLS_define("GOTMLS_script_URI", preg_replace('/\&(last_)?mt=[0-9\.]+/', '', str_replace('&', '&', htmlspecialchars($_SERVER["REQUEST_URI"], ENT_QUOTES))).'&mt='.$GLOBALS["GOTMLS"]["tmp"]["mt"]);
37
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
38
  if (!function_exists("GOTMLS_encode")) {
39
  function GOTMLS_encode($unencoded_string) {
40
  if (function_exists("base64_encode"))
@@ -85,6 +100,7 @@ if (isset($_GET["SESSION"]) && is_numeric($_GET["SESSION"]) && preg_match('|(.*?
85
  } elseif (isset($_GET["no_error_reporting"]))
86
  @error_reporting(0);
87
 
 
88
  GOTMLS_define("GOTMLS_Failed_to_list_LANGUAGE", __("Failed to list files in directory!",'gotmls'));
89
  GOTMLS_define("GOTMLS_Run_Quick_Scan_LANGUAGE", __("Quick Scan",'gotmls'));
90
  GOTMLS_define("GOTMLS_View_Quarantine_LANGUAGE", __("View Quarantine",'gotmls'));
@@ -399,39 +415,44 @@ function GOTMLS_scanfile($file) {
399
  $className = "errors";
400
  }
401
  if (count($GLOBALS["GOTMLS"]["tmp"]["threats_found"])) {
402
- $threat_link = $lt.'a target="GOTMLS_iFrame" href="'.admin_url('admin-ajax.php?action=GOTMLS_scan&mt='.$GLOBALS["GOTMLS"]["tmp"]["mt"].'&GOTMLS_scan='.$clean_file.preg_replace('/\&(GOTMLS_scan|mt|action)=/', '&last_\1=', isset($_SERVER["QUERY_STRING"])&&strlen($_SERVER["QUERY_STRING"])?"&".$_SERVER["QUERY_STRING"]:"")).'" id="list_'.$clean_file.'" onclick="loadIframe(\''.str_replace("\"", """, $lt.'div style="float: left;"'.$gt.'Examine File ... '.$lt.'/div'.$gt.$lt.'div style="overflow: hidden; position: relative; height: 20px;"'.$gt.$lt.'div style="position: absolute; right: 0px; text-align: right; width: 9000px;"'.$gt.GOTMLS_strip4java($file)).$lt.'/div'.$gt.$lt.'/div'.$gt.'\');" class="GOTMLS_plugin"'.$gt;
403
  if ($className == "errors") {
404
  $threat_link = GOTMLS_error_link($GLOBALS["GOTMLS"]["tmp"]["file_contents"], $file);
405
  $imageFile = "/blocked";
406
  } elseif ($className != "potential") {
407
  if (isset($_POST["GOTMLS_fix"]) && is_array($_POST["GOTMLS_fix"]) && in_array($clean_file, $_POST["GOTMLS_fix"])) {
408
- if ($className == "timthumb") {
409
- if (($source = GOTMLS_get_URL("http://$className.googlecode.com/svn/trunk/$className.php")) && strlen($source) > 500)
410
- $GLOBALS["GOTMLS"]["tmp"]["new_contents"] = $source;
411
- else
412
- $GLOBALS["GOTMLS"]["tmp"]["file_contents"] = "";
413
- } elseif ($className == 'wp_core') {
414
- $path = str_replace("//", "/", "/".str_replace("\\", "/", substr($file, strlen(ABSPATH))));
415
- if (substr($file, 0, strlen(ABSPATH)) == ABSPATH && isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]["$wp_version"]["$path"]) && ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]["$wp_version"]["$path"] != md5($GLOBALS["GOTMLS"]["tmp"]["file_contents"])."O".strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"])) && ($source = GOTMLS_get_URL("http://core.svn.wordpress.org/tags/$wp_version$path")) && ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]["$wp_version"]["$path"] == md5($source)."O".strlen($source)))
416
- $GLOBALS["GOTMLS"]["tmp"]["new_contents"] = $source;
417
- else
418
- $GLOBALS["GOTMLS"]["tmp"]["file_contents"] = "";
419
- } else {
420
- $GOTMLS_no_contents = trim(preg_replace('/\/\*.*?\*\/\s*/s', "", $GLOBALS["GOTMLS"]["tmp"]["new_contents"]));
421
- $GOTMLS_no_contents = trim(preg_replace('/\n\s*\/\/.*/', "", $GOTMLS_no_contents));
422
- $GOTMLS_no_contents = trim(preg_replace('/'.$lt.'\?(php)?\s*(\?'.$gt.'|$)/is', "", $GOTMLS_no_contents));
423
- if (strlen($GOTMLS_no_contents))
424
- $GLOBALS["GOTMLS"]["tmp"]["new_contents"] = trim(preg_replace('/'.$lt.'\?(php)?\s*(\?'.$gt.'|$)/is', "", $GLOBALS["GOTMLS"]["tmp"]["new_contents"]));
425
- else
426
- $GLOBALS["GOTMLS"]["tmp"]["new_contents"] = "";
427
- }
428
- if (strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]) > 0 && (($Q_post = GOTMLS_write_quarantine($file, $className)) !== false) && ((strlen($GLOBALS["GOTMLS"]["tmp"]["new_contents"])==0 && isset($_GET["eli"]) && @unlink($file)) || (($Write_File = GOTMLS_file_put_contents($file, $GLOBALS["GOTMLS"]["tmp"]["new_contents"])) !== false))) {
429
- echo __("Success!",'gotmls');
430
- return "/*--{$gt}*"."/\nfixedFile('$clean_file');\n/*{$lt}!--*"."/";
 
 
 
 
 
 
 
431
  } else {
432
- echo __("Failed:",'gotmls').' '.(strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"])?((is_writable(dirname($file)) && is_writable($file))?(($Q_post===false)?__("failed to quarantine!",'gotmls')." (".$wpdb->last_error.")":((isset($Write_File)&&$Write_File)?"Q=$Q_post: ".__("reason unknown!",'gotmls'):"Q=$Q_post: ".__("failed to write!",'gotmls'))):__("file not writable!",'gotmls')):__("no file contents!",'gotmls'));
433
- if (isset($_GET["eli"]))
434
- echo 'uid='.getmyuid().'('.get_current_user().'),gid='.getmygid().($lt.'br'.$gt.$lt.'pre'.$gt.'file_stat'.print_r(stat($file), true));
435
  return "/*--{$gt}*"."/\nfailedFile('$clean_file');\n/*{$lt}!--*"."/";
436
  }
437
  }
@@ -485,7 +506,11 @@ function GOTMLS_decodeBase64($encoded_string) {
485
  }
486
 
487
  function GOTMLS_decodeHex($encoded_string) {
488
- return chr(hexdec($encoded_string));
 
 
 
 
489
  }
490
 
491
  function GOTMLS_return_threat($className, $imageFile, $fileName, $link = "") {
@@ -494,7 +519,7 @@ function GOTMLS_return_threat($className, $imageFile, $fileName, $link = "") {
494
  $fileName64 = GOTMLS_encode($fileName);
495
  $li_js = "/*-->*"."/";
496
  if ($className != "scanned")
497
- $li_js .= "\n$className++;\ndivx=document.getElementById('found_$className');\nif (divx) {\n\tvar newli = document.createElement('li');\n\tnewli.innerHTML='<img src=\"".GOTMLS_strip4java(GOTMLS_images_path.$imageFile).".gif\" height=16 width=16 alt=\"".$GOTMLS_image_alt[$imageFile]."\" style=\"float: left;\" id=\"$imageFile"."_$fileName64\">".GOTMLS_strip4java($link).$fileNameJS.($link?"</a>';\n\tdivx.display='block":"")."';\n\tdivx.appendChild(newli);\n}";
498
  if ($className == "errors")
499
  $li_js .= "\ndivx=document.getElementById('wait_$fileName64');\nif (divx) {\n\tdivx.src='".GOTMLS_images_path."blocked.gif';\n\tdirerrors++;\n}";
500
  elseif (is_file($fileName))
@@ -696,16 +721,16 @@ if (!function_exists('ur1encode')) { function ur1encode($url) {
696
  return $return;
697
  }}
698
 
699
- function GOTMLS_strip4java($item) {
700
- return preg_replace("/\\\\/", "\\\\\\\\", str_replace("'", "'+\"'\"+'", preg_replace('/\\+n|\\+r|\n|\r|\0/', "", $item)));
701
  }
702
 
703
  function GOTMLS_error_link($errorTXT, $file = "", $class = "errors") {
704
  global $post;
705
  if (is_numeric($file) && isset($post->post_title))
706
- $onclick = 'loadIframe(\''.str_replace("\"", "&quot;", '<div style="float: left; white-space: nowrap;">'.__("Examine Quarantined File",'gotmls').' ... </div><div style="overflow: hidden; position: relative; height: 20px;"><div style="position: absolute; right: 0px; text-align: right; width: 9000px;">'.GOTMLS_strip4java($post->post_title)).'</div></div>\');" href="'.admin_url('admin-ajax.php?action=GOTMLS_scan&mt='.$GLOBALS["GOTMLS"]["tmp"]["mt"].'&GOTMLS_scan='.$file);
707
  elseif ($file)
708
- $onclick = 'loadIframe(\''.str_replace("\"", "&quot;", '<div style="float: left; white-space: nowrap;">'.__("Examine File",'gotmls').' ... </div><div style="overflow: hidden; position: relative; height: 20px;"><div style="position: absolute; right: 0px; text-align: right; width: 9000px;">'.GOTMLS_strip4java($file)).'</div></div>\');" href="'.admin_url('admin-ajax.php?action=GOTMLS_scan&mt='.$GLOBALS["GOTMLS"]["tmp"]["mt"].'&GOTMLS_scan='.GOTMLS_encode($file).preg_replace('/\&(GOTMLS_scan|mt|action)=/', '&last_\1=', isset($_SERVER["QUERY_STRING"])&&strlen($_SERVER["QUERY_STRING"])?"&".$_SERVER["QUERY_STRING"]:""));
709
  else
710
  $onclick = 'return false;';
711
  return "<a title=\"$errorTXT\" target=\"GOTMLS_iFrame\" onclick=\"$onclick\" class=\"GOTMLS_plugin $class\">";
@@ -811,11 +836,11 @@ GOTMLS_define("GOTMLS_blog_home", $GLOBALS["GOTMLS"]["tmp"]["protocol"].'//wordp
811
  $GLOBALS["GOTMLS"]["tmp"]["Definition"]["Default"] = "CCIGG";
812
  if (!(isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]) && count($GLOBALS["GOTMLS"]["tmp"]["definitions_array"])))
813
  $GLOBALS["GOTMLS"]["tmp"]["definitions_array"] = array("potential"=>array(
814
- "eval"=>array("CCIGG", "/[^a-z_\\/'\"]eval\\(.+\\)+\\s*;/i"),
815
  "preg_replace /e"=>array("CCIGG", "/preg_replace[\\s*\\(]+(['\"])([\\!\\/\\#\\|\\@\\%\\^\\*\\~]).+?\\2[imsx]*e[imsx]*\\1\\s*,[^,]+,[^\\)]+[\\);\\s]+(\\?>|\$)/i"),
816
- "auth_pass"=>array("CCIGG", "/\\\$auth_pass\\s*=.+;/i"),
817
- "function add_action wp_enqueue_script json2"=>array("CCIGG", "/json2\\.min\\.js/i"),
818
- "Tagged Code"=>array("CCIGG", "/\\#(\\w+)\\#.+?\\#\\/\\1\\#/is"),
819
  "protected by copyright"=>array("CCIGG", "/\\/\\* This file is protected by copyright law and provided under license. Reverse engineering of this file is strictly prohibited. \\*\\//i")));
820
 
821
  function GOTMLS_file_put_contents($file, $content) {
@@ -873,8 +898,36 @@ function GOTMLS_scan_log() {
873
 
874
  function GOTMLS_get_URL($URL) {
875
  $response = "";
876
- $request = wp_remote_get($URL, array("sslverify" => false));
877
- if (200 == wp_remote_retrieve_response_code($request))
878
- $response = wp_remote_retrieve_body($request);
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
879
  return $response;
880
- }
27
  $GLOBALS["GOTMLS"] = array(
28
  "tmp"=>array("HeadersError"=>"", "onLoad"=>"", "file_contents"=>"", "new_contents"=>"", "threats_found"=>array(),
29
  "skip_dirs" => array(".", ".."), "scanfiles" => array(),
30
+ "mt" => ((isset($_REQUEST["mt"])&&is_numeric($_REQUEST["mt"]))?$_REQUEST["mt"]:microtime(true)),
31
  "threat_files" => array("htaccess"=>".htaccess","timthumb"=>"thumb.php"),
32
  "threat_levels" => array(__("htaccess Threats",'gotmls')=>"htaccess",__("TimThumb Exploits",'gotmls')=>"timthumb",__("Backdoor Scripts",'gotmls')=>"backdoor",__("Known Threats",'gotmls')=>"known",__("Core File Changes",'gotmls')=>"wp_core",__("Potential Threats",'gotmls')=>"potential"),
33
  "default_ext"=>"ieonly.", "skip_ext"=>array("png", "jpg", "jpeg", "gif", "bmp", "tif", "tiff", "psd", "fla", "flv", "mov", "mp3", "exe", "zip", "pdf", "css", "pot", "po", "mo", "so", "doc", "docx", "svg", "ttf"),
35
  "default" => array("msg_position" => array('80px', '40px', '400px', '600px'))));
36
  GOTMLS_define("GOTMLS_script_URI", preg_replace('/\&(last_)?mt=[0-9\.]+/', '', str_replace('&amp;', '&', htmlspecialchars($_SERVER["REQUEST_URI"], ENT_QUOTES))).'&mt='.$GLOBALS["GOTMLS"]["tmp"]["mt"]);
37
 
38
+ if (!function_exists("GOTMLS_set_nonce")) {
39
+ function GOTMLS_set_nonce() {
40
+ set_transient($transient_name = 'GOTMLS_mt='.md5(GOTMLS_plugin_path.$GLOBALS["GOTMLS"]["tmp"]["mt"]), $GLOBALS["GOTMLS"]["tmp"]["mt"], DAY_IN_SECONDS);
41
+ return $transient_name;
42
+ }}
43
+
44
+ if (!function_exists("GOTMLS_get_nonce")) {
45
+ function GOTMLS_get_nonce() {
46
+ if (isset($_REQUEST["GOTMLS_mt"])) {
47
+ $transient_name = 'GOTMLS_mt='.$_REQUEST["GOTMLS_mt"];
48
+ return get_transient($transient_name);
49
+ } else
50
+ return false;
51
+ }}
52
+
53
  if (!function_exists("GOTMLS_encode")) {
54
  function GOTMLS_encode($unencoded_string) {
55
  if (function_exists("base64_encode"))
100
  } elseif (isset($_GET["no_error_reporting"]))
101
  @error_reporting(0);
102
 
103
+ GOTMLS_define("GOTMLS_Invalid_Nonce_LANGUAGE", __("Invalid or expired Nonce Token!",'gotmls'));
104
  GOTMLS_define("GOTMLS_Failed_to_list_LANGUAGE", __("Failed to list files in directory!",'gotmls'));
105
  GOTMLS_define("GOTMLS_Run_Quick_Scan_LANGUAGE", __("Quick Scan",'gotmls'));
106
  GOTMLS_define("GOTMLS_View_Quarantine_LANGUAGE", __("View Quarantine",'gotmls'));
415
  $className = "errors";
416
  }
417
  if (count($GLOBALS["GOTMLS"]["tmp"]["threats_found"])) {
418
+ $threat_link = $lt.'a target="GOTMLS_iFrame" href="'.admin_url('admin-ajax.php?action=GOTMLS_scan&'.GOTMLS_set_nonce().'&mt='.$GLOBALS["GOTMLS"]["tmp"]["mt"].'&GOTMLS_scan='.$clean_file.preg_replace('/\&(GOTMLS_scan|mt|GOTMLS_mt|action)=/', '&last_\1=', isset($_SERVER["QUERY_STRING"])&&strlen($_SERVER["QUERY_STRING"])?"&".$_SERVER["QUERY_STRING"]:"")).'" id="list_'.$clean_file.'" onclick="loadIframe(\''.str_replace("\"", "&quot;", $lt.'div style="float: left; white-space: nowrap;"'.$gt.__("Examine File",'gotmls').' ... '.$lt.'/div'.$gt.$lt.'div style="overflow: hidden; position: relative; height: 20px;"'.$gt.$lt.'div style="position: absolute; right: 0px; text-align: right; width: 9000px;"'.$gt.htmlspecialchars(GOTMLS_strip4java($file), ENT_NOQUOTES)).$lt.'/div'.$gt.$lt.'/div'.$gt.'\');" class="GOTMLS_plugin"'.$gt;
419
  if ($className == "errors") {
420
  $threat_link = GOTMLS_error_link($GLOBALS["GOTMLS"]["tmp"]["file_contents"], $file);
421
  $imageFile = "/blocked";
422
  } elseif ($className != "potential") {
423
  if (isset($_POST["GOTMLS_fix"]) && is_array($_POST["GOTMLS_fix"]) && in_array($clean_file, $_POST["GOTMLS_fix"])) {
424
+ if (GOTMLS_get_nonce()) {
425
+ if ($className == "timthumb") {
426
+ if (($source = GOTMLS_get_URL("http://$className.googlecode.com/svn/trunk/$className.php")) && strlen($source) > 500)
427
+ $GLOBALS["GOTMLS"]["tmp"]["new_contents"] = $source;
428
+ else
429
+ $GLOBALS["GOTMLS"]["tmp"]["file_contents"] = "";
430
+ } elseif ($className == 'wp_core') {
431
+ $path = str_replace("//", "/", "/".str_replace("\\", "/", substr($file, strlen(ABSPATH))));
432
+ if (substr($file, 0, strlen(ABSPATH)) == ABSPATH && isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]["$wp_version"]["$path"]) && ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]["$wp_version"]["$path"] != md5($GLOBALS["GOTMLS"]["tmp"]["file_contents"])."O".strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"])) && ($source = GOTMLS_get_URL("http://core.svn.wordpress.org/tags/$wp_version$path")) && ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]["$wp_version"]["$path"] == md5($source)."O".strlen($source)))
433
+ $GLOBALS["GOTMLS"]["tmp"]["new_contents"] = $source;
434
+ else
435
+ $GLOBALS["GOTMLS"]["tmp"]["file_contents"] = "";
436
+ } else {
437
+ $GOTMLS_no_contents = trim(preg_replace('/\/\*.*?\*\/\s*/s', "", $GLOBALS["GOTMLS"]["tmp"]["new_contents"]));
438
+ $GOTMLS_no_contents = trim(preg_replace('/\n\s*\/\/.*/', "", $GOTMLS_no_contents));
439
+ $GOTMLS_no_contents = trim(preg_replace('/'.$lt.'\?(php)?\s*(\?'.$gt.'|$)/is', "", $GOTMLS_no_contents));
440
+ if (strlen($GOTMLS_no_contents))
441
+ $GLOBALS["GOTMLS"]["tmp"]["new_contents"] = trim(preg_replace('/'.$lt.'\?(php)?\s*(\?'.$gt.'|$)/is', "", $GLOBALS["GOTMLS"]["tmp"]["new_contents"]));
442
+ else
443
+ $GLOBALS["GOTMLS"]["tmp"]["new_contents"] = "";
444
+ }
445
+ if (strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]) > 0 && (($Q_post = GOTMLS_write_quarantine($file, $className)) !== false) && ((strlen($GLOBALS["GOTMLS"]["tmp"]["new_contents"])==0 && isset($_GET["eli"]) && @unlink($file)) || (($Write_File = GOTMLS_file_put_contents($file, $GLOBALS["GOTMLS"]["tmp"]["new_contents"])) !== false))) {
446
+ echo __("Success!",'gotmls');
447
+ return "/*--{$gt}*"."/\nfixedFile('$clean_file');\n/*{$lt}!--*"."/";
448
+ } else {
449
+ echo __("Failed:",'gotmls').' '.(strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"])?((is_writable(dirname($file)) && is_writable($file))?(($Q_post===false)?__("failed to quarantine!",'gotmls')." (".$wpdb->last_error.")":((isset($Write_File)&&$Write_File)?"Q=$Q_post: ".__("reason unknown!",'gotmls'):"Q=$Q_post: ".__("failed to write!",'gotmls'))):__("file not writable!",'gotmls')):__("no file contents!",'gotmls'));
450
+ if (isset($_GET["eli"]))
451
+ echo 'uid='.getmyuid().'('.get_current_user().'),gid='.getmygid().($lt.'br'.$gt.$lt.'pre'.$gt.'file_stat'.print_r(stat($file), true));
452
+ return "/*--{$gt}*"."/\nfailedFile('$clean_file');\n/*{$lt}!--*"."/";
453
+ }
454
  } else {
455
+ echo __("Failed: ",'gotmls').GOTMLS_Invalid_Nonce_LANGUAGE;
 
 
456
  return "/*--{$gt}*"."/\nfailedFile('$clean_file');\n/*{$lt}!--*"."/";
457
  }
458
  }
506
  }
507
 
508
  function GOTMLS_decodeHex($encoded_string) {
509
+ if (strtolower(substr($encoded_string, 0, 2)) == "\\x")
510
+ $dec_string = hexdec($encoded_string);
511
+ else
512
+ $dec_string = octdec($encoded_string);
513
+ return chr($dec_string);
514
  }
515
 
516
  function GOTMLS_return_threat($className, $imageFile, $fileName, $link = "") {
519
  $fileName64 = GOTMLS_encode($fileName);
520
  $li_js = "/*-->*"."/";
521
  if ($className != "scanned")
522
+ $li_js .= "\n$className++;\ndivx=document.getElementById('found_$className');\nif (divx) {\n\tvar newli = document.createElement('li');\n\tnewli.innerHTML='<img src=\"".GOTMLS_strip4java(GOTMLS_images_path.$imageFile).".gif\" height=16 width=16 alt=\"".$GOTMLS_image_alt[$imageFile]."\" style=\"float: left;\" id=\"$imageFile"."_$fileName64\">".GOTMLS_strip4java($link, true).$fileNameJS.($link?"</a>';\n\tdivx.display='block":"")."';\n\tdivx.appendChild(newli);\n}";
523
  if ($className == "errors")
524
  $li_js .= "\ndivx=document.getElementById('wait_$fileName64');\nif (divx) {\n\tdivx.src='".GOTMLS_images_path."blocked.gif';\n\tdirerrors++;\n}";
525
  elseif (is_file($fileName))
721
  return $return;
722
  }}
723
 
724
+ function GOTMLS_strip4java($item, $htmlentities = false) {
725
+ return preg_replace("/\\\\/", "\\\\\\\\", str_replace("'", "'+\"'\"+'", preg_replace('/\\+n|\\+r|\n|\r|\0/', "", ($htmlentities?$item:htmlentities($item)))));
726
  }
727
 
728
  function GOTMLS_error_link($errorTXT, $file = "", $class = "errors") {
729
  global $post;
730
  if (is_numeric($file) && isset($post->post_title))
731
+ $onclick = 'loadIframe(\''.str_replace("\"", "&quot;", '<div style="float: left; white-space: nowrap;">'.__("Examine Quarantined File",'gotmls').' ... </div><div style="overflow: hidden; position: relative; height: 20px;"><div style="position: absolute; right: 0px; text-align: right; width: 9000px;">'.GOTMLS_strip4java($post->post_title)).'</div></div>\');" href="'.admin_url('admin-ajax.php?action=GOTMLS_scan&'.GOTMLS_set_nonce().'&mt='.$GLOBALS["GOTMLS"]["tmp"]["mt"].'&GOTMLS_scan='.$file);
732
  elseif ($file)
733
+ $onclick = 'loadIframe(\''.str_replace("\"", "&quot;", '<div style="float: left; white-space: nowrap;">'.__("Examine File",'gotmls').' ... </div><div style="overflow: hidden; position: relative; height: 20px;"><div style="position: absolute; right: 0px; text-align: right; width: 9000px;">'.htmlspecialchars(GOTMLS_strip4java($file), ENT_NOQUOTES)).'</div></div>\');" href="'.admin_url('admin-ajax.php?action=GOTMLS_scan&'.GOTMLS_set_nonce().'&mt='.$GLOBALS["GOTMLS"]["tmp"]["mt"].'&GOTMLS_scan='.GOTMLS_encode($file).preg_replace('/\&(GOTMLS_scan|mt|GOTMLS_mt|action)=/', '&last_\1=', isset($_SERVER["QUERY_STRING"])&&strlen($_SERVER["QUERY_STRING"])?"&".$_SERVER["QUERY_STRING"]:""));
734
  else
735
  $onclick = 'return false;';
736
  return "<a title=\"$errorTXT\" target=\"GOTMLS_iFrame\" onclick=\"$onclick\" class=\"GOTMLS_plugin $class\">";
836
  $GLOBALS["GOTMLS"]["tmp"]["Definition"]["Default"] = "CCIGG";
837
  if (!(isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]) && count($GLOBALS["GOTMLS"]["tmp"]["definitions_array"])))
838
  $GLOBALS["GOTMLS"]["tmp"]["definitions_array"] = array("potential"=>array(
839
+ "eval"=>array("CCIGG", "/[^a-z_\\/'\"]eval\\(.+\\)+\\s*;/i"),
840
  "preg_replace /e"=>array("CCIGG", "/preg_replace[\\s*\\(]+(['\"])([\\!\\/\\#\\|\\@\\%\\^\\*\\~]).+?\\2[imsx]*e[imsx]*\\1\\s*,[^,]+,[^\\)]+[\\);\\s]+(\\?>|\$)/i"),
841
+ "auth_pass"=>array("CCIGG", "/\\\$auth_pass\\s*=.+;/i"),
842
+ "function add_action wp_enqueue_script json2"=>array("CCIGG", "/json2\\.min\\.js/i"),
843
+ "Tagged Code"=>array("CCIGG", "/\\#(\\w+)\\#.+?\\#\\/\\1\\#/is"),
844
  "protected by copyright"=>array("CCIGG", "/\\/\\* This file is protected by copyright law and provided under license. Reverse engineering of this file is strictly prohibited. \\*\\//i")));
845
 
846
  function GOTMLS_file_put_contents($file, $content) {
898
 
899
  function GOTMLS_get_URL($URL) {
900
  $response = "";
901
+ if (function_exists($method = "wp_remote_get")) {
902
+ $request = wp_remote_get($URL, array("sslverify" => false));
903
+ if (200 == wp_remote_retrieve_response_code($request))
904
+ $response = wp_remote_retrieve_body($request);
905
+ }
906
+ if (strlen($response) == 0 && function_exists($method = "curl_exec")) {
907
+ $curl_hndl = curl_init();
908
+ curl_setopt($curl_hndl, CURLOPT_URL, $URL);
909
+ curl_setopt($curl_hndl, CURLOPT_TIMEOUT, 30);
910
+ if (isset($_SERVER['HTTP_REFERER']))
911
+ $SERVER_HTTP_REFERER = $_SERVER['HTTP_REFERER'];
912
+ elseif (isset($_SERVER['HTTP_HOST']))
913
+ $SERVER_HTTP_REFERER = 'HOST://'.$_SERVER['HTTP_HOST'];
914
+ elseif (isset($_SERVER['SERVER_NAME']))
915
+ $SERVER_HTTP_REFERER = 'NAME://'.$_SERVER['SERVER_NAME'];
916
+ elseif (isset($_SERVER['SERVER_ADDR']))
917
+ $SERVER_HTTP_REFERER = 'ADDR://'.$_SERVER['SERVER_ADDR'];
918
+ else
919
+ $SERVER_HTTP_REFERER = 'NULL://not.anything.com';
920
+ curl_setopt($curl_hndl, CURLOPT_REFERER, $SERVER_HTTP_REFERER);
921
+ if (isset($_SERVER['HTTP_USER_AGENT']))
922
+ curl_setopt($curl_hndl, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT']);
923
+ curl_setopt($curl_hndl, CURLOPT_HEADER, 0);
924
+ curl_setopt($curl_hndl, CURLOPT_RETURNTRANSFER, TRUE);
925
+ $response = curl_exec($curl_hndl);
926
+ curl_close($curl_hndl);
927
+ }
928
+ if (strlen($response) == 0 && function_exists($method = "file_get_contents"))
929
+ $response = @file_get_contents($URL).'';
930
+ if (isset($_GET["GOTMLS_debug"]) && (strlen($response) == 0 || $_GET["GOTMLS_debug"] == "GOTMLS_get_URL"))
931
+ print_r(array("$method"=>$request, "$URL"=>$response));
932
  return $response;
933
+ }
index.php CHANGED
@@ -8,7 +8,7 @@ Author URI: http://wordpress.ieonly.com/category/my-plugins/anti-malware/
8
  Contributors: scheeeli, gotmls
9
  Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
10
  Description: This Anti-Virus/Anti-Malware plugin searches for Malware and other Virus like threats and vulnerabilities on your server and helps you remove them. It's always growing and changing to adapt to new threats so let me know if it's not working for you.
11
- Version: 4.15.42
12
  */
13
  if (isset($_SERVER["DOCUMENT_ROOT"]) && ($SCRIPT_FILE = str_replace($_SERVER["DOCUMENT_ROOT"], "", isset($_SERVER["SCRIPT_FILENAME"])?$_SERVER["SCRIPT_FILENAME"]:isset($_SERVER["SCRIPT_NAME"])?$_SERVER["SCRIPT_NAME"]:"")) && strlen($SCRIPT_FILE) > strlen("/".basename(__FILE__)) && substr(__FILE__, -1 * strlen($SCRIPT_FILE)) == substr($SCRIPT_FILE, -1 * strlen(__FILE__)))
14
  include(dirname(__FILE__)."/safe-load/index.php");
@@ -57,7 +57,7 @@ function GOTMLS_user_can() {
57
  }
58
 
59
  function GOTMLS_menu() {
60
- if (GOTMLS_user_can() && isset($_POST["GOTMLS_menu_group"]) && is_numeric($_POST["GOTMLS_menu_group"])) {
61
  $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["menu_group"] = $_POST["GOTMLS_menu_group"];
62
  update_option('GOTMLS_settings_array', $GLOBALS["GOTMLS"]["tmp"]["settings_array"]);
63
  }
@@ -72,10 +72,12 @@ function GOTMLS_menu() {
72
  $my_admin_page = add_object_page($pageTitle, $pluginTitle, $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"], $base_page, $base_function, $GOTMLS_Full_plugin_logo_URL);
73
  add_action('load-'.$my_admin_page, 'GOTMLS_admin_add_help_tab');
74
  add_submenu_page($base_page, "$pluginTitle ".GOTMLS_Scan_Settings_LANGUAGE, GOTMLS_Scan_Settings_LANGUAGE, $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"], $base_page, $base_function);
 
 
75
  if (is_dir(dirname(__FILE__)."/../../../wp-content/plugins"))
76
- add_submenu_page($base_page, "$pluginTitle ".GOTMLS_Run_Quick_Scan_LANGUAGE, GOTMLS_Run_Quick_Scan_LANGUAGE." (plugins)", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"], "$base_page&scan_type=Quick+Scan&scan_only[]=wp-content/plugins", $base_function);
77
  if (is_dir(dirname(__FILE__)."/../../../wp-content/themes"))
78
- add_submenu_page($base_page, "$pluginTitle ".GOTMLS_Run_Quick_Scan_LANGUAGE, GOTMLS_Run_Quick_Scan_LANGUAGE." (themes)", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"], "$base_page&scan_type=Quick+Scan&scan_only[]=wp-content/themes", $base_function);
79
  add_submenu_page($base_page, "$pluginTitle ".GOTMLS_View_Quarantine_LANGUAGE, GOTMLS_View_Quarantine_LANGUAGE.(($Qs = GOTMLS_get_quarantine(true))?' <span class="awaiting-mod count-'.$Qs.'"><span class="awaiting-mod">'.$Qs.'</span></span>':""), $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"], "GOTMLS-View-Quarantine", "GOTMLS_View_Quarantine");
80
  }
81
 
@@ -104,16 +106,19 @@ function GOTMLS_admin_add_help_tab() {
104
  $screen->add_help_tab(array(
105
  'id' => 'GOTMLS_Menu_Placement',
106
  'title' => __("Menu Placement", 'gotmls'),
107
- 'content' => '<form method="POST" name="GOTMLS_menu_Form">'.$menu_opts.'</form>'
108
  ));
109
  }
 
110
  function GOTMLS_close_button($box_id, $margin = '6px') {
111
  return '<a href="javascript:void(0);" style="float: right; color: #F00; overflow: hidden; width: 20px; height: 20px; text-decoration: none; margin: '.$margin.'" onclick="showhide(\''.$box_id.'\');"><span class="dashicons dashicons-dismiss"></span>X</a>';
112
  }
 
113
  function GOTMLS_enqueue_scripts() {
114
  wp_enqueue_style('dashicons');
115
  }
116
  add_action('admin_enqueue_scripts', 'GOTMLS_enqueue_scripts');
 
117
  function GOTMLS_display_header($optional_box = "") {
118
  global $wp_version, $current_user;
119
  get_currentuserinfo();
@@ -127,7 +132,7 @@ function GOTMLS_display_header($optional_box = "") {
127
  $new_version = "";
128
  $file = basename(GOTMLS_plugin_path).'/index.php';
129
  $current = get_site_transient("update_plugins");
130
- if (isset($current->response[$file]->new_version)) {
131
  $new_version = sprintf(__("Upgrade to %s now!",'gotmls'), $current->response[$file]->new_version).'<br /><br />';
132
  $Update_Link .= wp_nonce_url(self_admin_url('update.php?action=upgrade-plugin&plugin=').$file, 'upgrade-plugin_'.$file);
133
  }
@@ -333,7 +338,7 @@ function releaseDiv() {
333
  corner.style.width="90%";
334
  corner.style.height="20px";
335
  }
336
- document.getElementById("GOTMLS_statusFrame").src = "'.admin_url('admin-ajax.php?action=GOTMLS_position&GOTMLS_x=').'"+curDiv.style.left+"&GOTMLS_y="+curDiv.style.top;
337
  offsetX=0;
338
  offsetY=0;
339
  }
@@ -352,7 +357,7 @@ function releaseCorner() {
352
  corner.style.width="20px";
353
  corner.style.height="20px";
354
  }
355
- document.getElementById("GOTMLS_statusFrame").src = "'.admin_url('admin-ajax.php?action=GOTMLS_position&GOTMLS_w=').'"+curDiv.style.width+"&GOTMLS_h="+curDiv.style.height;
356
  offsetW=0;
357
  offsetH=0;
358
  }
@@ -365,7 +370,7 @@ setDiv("div_file");
365
  <li>Plugin: <span class="GOTMLS_date">'.GOTMLS_Version.'</span></li>
366
  <li>Definitions: <span class="GOTMLS_date">'.$GLOBALS["GOTMLS"]["tmp"]["Definition"]["Latest"].'</span></li>
367
  <li>Key: <span style="float: right;">'.GOTMLS_installation_key.'</span></li></ul>
368
- <form id="updateform" method="post" name="updateform" action="'.GOTMLS_script_URI.'">
369
  <img style="display: none; float: right; margin-right: 14px;" src="'.GOTMLS_images_path.'checked.gif" height=16 width=16 alt="definitions file updated" id="autoUpdateDownload" onclick="showhide(\'autoUpdateForm\', true);">
370
  '.str_replace('findUpdates', 'Definition_Updates', $Update_Div).'
371
  <div id="autoUpdateForm" style="display: none;">
@@ -510,7 +515,7 @@ function stuffbox_showhide(id) {
510
  if (divx = document.getElementById("GOTMLS-main-section"))
511
  divx.style.marginRight = "30px";';
512
  foreach ($GLOBALS["GOTMLS"]["tmp"]["stuffbox"] as $md5 => $bTitle) {
513
- echo "\nif (divx = document.getElementById('inside_$md5'))\n\tdivx.style.display = 'block';\nif (divx = document.getElementById('title_$md5'))\n\tdivx.innerHTML = '".GOTMLS_strip4java($bTitle)."';";
514
  $else .= "\nif (divx = document.getElementById('inside_$md5'))\n\tdivx.style.display = 'none';\nif (divx = document.getElementById('title_$md5'))\n\tdivx.innerHTML = '".substr($bTitle, 0, 1)."';";
515
  }
516
  echo '
@@ -550,7 +555,7 @@ function GOTMLS_box($bTitle, $bContents, $bType = "postbox") {
550
  function GOTMLS_get_scanlog() {
551
  global $wpdb;
552
  $LastScan = '';
553
- if (isset($_GET["GOTMLS_cl"])) {
554
  $SQL = $wpdb->prepare("DELETE FROM `$wpdb->options` WHERE option_name LIKE %s AND substring_index(option_name, '/', -1) < %s", 'GOTMLS_scan_log/%', $_GET["GOTMLS_cl"]);
555
  if ($cleared = $wpdb->query($SQL))
556
  $LastScan .= sprintf(__("Cleared %s records from this log.",'gotmls'), $cleared);
@@ -567,6 +572,7 @@ function GOTMLS_get_scanlog() {
567
  $LastScan .= htmlentities($GOTMLS_scan_log["scan"]["type"]);
568
  else
569
  $LastScan .= "Unknown scan type";
 
570
  if (isset($GOTMLS_scan_log["scan"]["dir"]) && is_dir($GOTMLS_scan_log["scan"]["dir"]))
571
  $LastScan .= " of ".basename($GOTMLS_scan_log["scan"]["dir"]);
572
  if (isset($GOTMLS_scan_log["scan"]["start"]) && is_numeric($GOTMLS_scan_log["scan"]["start"])) {
@@ -591,7 +597,7 @@ function GOTMLS_get_scanlog() {
591
  $LastScan .= " and has not finish";
592
  } else
593
  $LastScan .= " failed to started";
594
- $LastScan .= '<a href="'.GOTMLS_script_URI.'&GOTMLS_cl='.$row["mt"].'">[clear log below this entry]</a></li>';
595
  }
596
  $LastScan .= '</ul>';
597
  } else
@@ -624,6 +630,7 @@ function GOTMLS_get_whitelists() {
624
 
625
  function GOTMLS_get_quarantine($only = false) {
626
  global $wpdb, $post;
 
627
  if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["quarantine_dir"]) || $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["quarantine_dir"]) {
628
  if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["quarantine_dir"])) {
629
  if (($upload = wp_upload_dir()) && isset($upload['basedir']))
@@ -636,34 +643,38 @@ function GOTMLS_get_quarantine($only = false) {
636
  if (is_array($entries) && count($entries)) {
637
  foreach ($entries as $entry) {
638
  if (is_file($file = GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["quarantine_dir"]).$entry)) {
639
- if (GOTMLS_get_ext($entry) == "gotmls" && ($GLOBALS["GOTMLS"]["tmp"]["file_contents"] = @file_get_contents($file))) {
640
- $insert = array("post_author"=>GOTMLS_get_current_user_id(), "ping_status"=>"imported", "post_status"=>"private", "post_type"=>"GOTMLS_quarantine", "post_content"=>GOTMLS_encode($GLOBALS["GOTMLS"]["tmp"]["file_contents"]), "post_mime_type"=>md5($GLOBALS["GOTMLS"]["tmp"]["file_contents"]), "guid"=>"Unknown");//! comment_status post_password post_name to_ping post_parent menu_order";
641
- if (!($insert["comment_count"] = @filesize($file)))
642
- $insert["comment_count"] = strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]);
643
- $file_date = explode(".", $entry);
644
- $insert["post_date"] = date("Y-m-d H:i:s", filemtime($file));
645
- $insert["post_date_gmt"] = $insert["post_date"];
646
- $insert["post_modified"] = $insert["post_date"];
647
- $match = '/^(20)?([0-5][0-9])[\-: \/]*(0*[1-9]|1[0-2])[\-: \/]*(0*[1-9]|[12][0-9]|3[01])[\-: \/]*([0-5][0-9])[\-: \/]*([0-5][0-9])$/';
648
- if (count($file_date) > 2 && strlen($file_date[0]) == 5 && preg_match($match, GOTMLS_sexagesimal($file_date[0])))
649
- $insert["post_modified"] = GOTMLS_sexagesimal($file_date[0]).":00";
650
- elseif (count($file_date) > 3 && strlen($file_date[1]) == 5 && preg_match($match, GOTMLS_sexagesimal($file_date[1])))
651
- $insert["post_modified"] = GOTMLS_sexagesimal($file_date[1]).":00";
652
- $insert["post_modified_gmt"] = $insert["post_modified"];
653
- $insert["post_title"] = GOTMLS_decode($file_date[count($file_date)-2]);
654
- if (is_file($insert["post_title"]) && ($GLOBALS["GOTMLS"]["tmp"]["new_contents"] = file_get_contents($insert["post_title"])))
655
- $insert["post_content_filtered"] = GOTMLS_encode($GLOBALS["GOTMLS"]["tmp"]["new_contents"]);
656
- //! pinged post_excerpt
657
- if ($wpdb->insert($wpdb->posts, $insert))
658
- unlink(trailingslashit($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["quarantine_dir"]).$entry);
659
- else
660
- print_r(array($entry=>$insert, "last_error"=>$wpdb->last_error));
 
 
 
 
661
  } elseif (basename($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["quarantine_dir"]) == "quarantine")
662
  unlink(trailingslashit($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["quarantine_dir"]).$entry);
663
  }
664
  }
665
  }
666
- if (basename($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["quarantine_dir"]) == "quarantine")
667
  rmdir($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["quarantine_dir"]);
668
  }
669
  if (!($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["quarantine_dir"] && is_dir($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["quarantine_dir"]))) {
@@ -674,34 +685,39 @@ function GOTMLS_get_quarantine($only = false) {
674
  if (is_numeric($only))
675
  return get_post($only, ARRAY_A);
676
  elseif ($only)
677
- return $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->posts WHERE `post_type` = 'GOTMLS_quarantine' AND `post_status` = 'private'");
678
  else
679
  $args = array('posts_per_page' => (isset($_GET['posts_per_page'])&&is_numeric($_GET['posts_per_page'])&&$_GET['posts_per_page']>0?$_GET['posts_per_page']:200), 'orderby' => 'date', 'post_type' => 'GOTMLS_quarantine', "post_status" => "private");
680
  if (isset($_POST["paged"]))
681
  $args["paged"] = $_POST["paged"];
682
- $my_query = new WP_Query($args);
683
- $Q_Paged = '<form method="POST" name="GOTMLS_Form_page"><input type="hidden" id="GOTMLS_paged" name="paged" value="1"><div style="float: left;">Page:</div>';
684
- $Q_Page = '
685
- <form method="POST" action="'.admin_url('admin-ajax.php').(isset($_SERVER["QUERY_STRING"])&&strlen($_SERVER["QUERY_STRING"])?"?".$_SERVER["QUERY_STRING"]:"").'" target="GOTMLS_iFrame" name="GOTMLS_Form_clean"><input type="hidden" id="GOTMLS_fixing" name="GOTMLS_fixing" value="1"><input type="hidden" name="action" value="GOTMLS_fix">';
686
- if ($my_query->have_posts()) {
687
- $Q_Page .= '<p id="quarantine_buttons" style="display: none;"><input id="repair_button" type="submit" value="'.__("Restore selected files",'gotmls').'" class="button-primary" onclick="if (confirm(\''.__("Are you sure you want to overwrite the previously cleaned files with the selected files in the Quarantine?",'gotmls').'\')) { setvalAllFiles(1); loadIframe(\'File Restoration Results\'); } else return false;" /><input id="delete_button" type="submit" class="button-primary" value="'.__("Delete selected files",'gotmls').'" onclick="if (confirm(\''.__("Are you sure you want to permanently delete the selected files in the Quarantine?",'gotmls').'\')) { setvalAllFiles(2); loadIframe(\'File Deletion Results\'); } else return false;" /></p><p><b>'.__("The following items have been found to contain malicious code, they have been cleaned, and the original infected file contents have been saved here in the Quarantine. The code is safe here and you do not need to do anything further with these files.",'gotmls').'</b></p>
688
- <ul name="found_Quarantine" id="found_Quarantine" class="GOTMLS_plugin known" style="background-color: #ccc; padding: 0;"><h3>'.($my_query->post_count>1?'<input type="checkbox" onchange="checkAllFiles(this.checked); document.getElementById(\'quarantine_buttons\').style.display = \'block\';"> '.sprintf(__("Check all %d",'gotmls'),$my_query->post_count):"").__(" Items in Quarantine",'gotmls').'<span class="GOTMLS_date">Date Quarantined</span><span class="GOTMLS_date">Date Infected</span></h3>';
689
- $root_path = implode(GOTMLS_slash(), array_slice(GOTMLS_explode_dir(__file__), 0, (2 + intval($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"])) * -1));
690
- while ($my_query->have_posts()) {
691
- $my_query->the_post();
692
- $Q_Page .= '
693
- <li id="GOTMLS_quarantine_'.$post->ID.'" class="GOTMLS_quarantine_item"><span class="GOTMLS_date">'.$post->post_date_gmt.'</span><span class="GOTMLS_date">'.$post->post_modified_gmt.'</span><input type="checkbox" name="GOTMLS_fix[]" value="'.$post->ID.'" id="check_'.$post->ID.'" onchange="document.getElementById(\'quarantine_buttons\').style.display = \'block\';" /><img src="'.GOTMLS_images_path.'blocked.gif" height=16 width=16 alt="Q">'.GOTMLS_error_link(__("View Quarantined File",'gotmls'), $post->ID).str_replace($root_path, "...", $post->post_title)."</a></li>\n";
694
- }
695
- $Q_Page .= "\n</ul>";
696
- for ($p = 1; $p <= $my_query->max_num_pages; $p++) {
697
- $Q_Paged .= '<input class="GOTMLS_page" type="submit" value="'.$p.'"'.((isset($_POST["paged"]) && $_POST["paged"] == $p) || (!isset($_POST["paged"]) && 1 == $p)?" DISABLED":"").' onclick="document.getElementById(\'GOTMLS_paged\').value = \''.$p.'\';">';
698
- }
699
- } else
700
- $Q_Page .= '<h3>'.__("No Items in Quarantine",'gotmls').'</h3>';
701
- wp_reset_query();
 
 
 
 
 
702
  $return = "$Q_Paged\n</form><br style=\"clear: left;\" />\n$Q_Page\n</form>\n$Q_Paged\n</form><br style=\"clear: left;\" />\n";
703
  if (($trashed = $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->posts WHERE `post_type` = 'GOTMLS_quarantine' AND `post_status` != 'private'")) > 1)
704
- $return = "<a href='".admin_url('admin-ajax.php?action=GOTMLS_empty_trash')."' id='empty_trash_link' style='float: right;' target='GOTMLS_statusFrame'>[Clear $trashed Deleted Files from the Trash]</a>".$return;
705
  return $return;
706
  }
707
 
@@ -725,7 +741,7 @@ function GOTMLS_update_definitions() {
725
  if (is_array($definition_version) && isset($definition_version[0]) && strlen($definition_version[0]) == 5)
726
  if (!isset($GOTMLS_definitions_versions[$threat_level]) || $definition_version[0] > $GOTMLS_definitions_versions[$threat_level])
727
  $GOTMLS_definitions_versions[$threat_level] = $definition_version[0];
728
- if (isset($_POST["UPDATE_definitions_array"]) && strlen($_POST["UPDATE_definitions_array"])) {
729
  if (strlen($_POST["UPDATE_definitions_array"]) > 1) {
730
  $GOTnew_definitions = maybe_unserialize(GOTMLS_decode($_POST["UPDATE_definitions_array"]));
731
  if (is_array($GOTnew_definitions))
@@ -767,23 +783,25 @@ function GOTMLS_settings() {
767
  $gt = ">";
768
  $lt = "<";
769
  GOTMLS_update_definitions();
770
- if (isset($_REQUEST["check"]) && is_array($_REQUEST["check"]))
771
- $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"] = $_REQUEST["check"];
772
- /* $threat_names = array_keys($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"]);
773
- foreach ($threat_names as $threat_name) {
774
- if (isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"][$threat_name]) && is_array($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"][$threat_name]) && count($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"][$threat_name]) > 1) {
775
- if ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"][$threat_name][0] > $GOTMLS_definitions_version)
776
- $GOTMLS_definitions_version = $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"][$threat_name][0];
777
- if (!(count($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"]) && in_array($threat_name, $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"]))) {
778
- $GLOBALS["GOTMLS"]["tmp"]["threat_levels"][$threat_name] = count($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"][$threat_name]);
779
- if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"]) && $GLOBALS["GOTMLS"]["tmp"]["threat_levels"][$threat_name] > 2)
780
- $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"] = "known";
 
 
781
  }
 
 
 
 
782
  }
783
- }*/
784
- if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"])) {
785
- $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"] = $GLOBALS["GOTMLS"]["tmp"]["threat_levels"];
786
- update_option("GOTMLS_settings_array", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]);
787
  }
788
  $dirs = GOTMLS_explode_dir(__file__);
789
  for ($SL=0;$SL<intval($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"]);$SL++)
@@ -845,11 +863,11 @@ function GOTMLS_settings() {
845
  if (is_array($files))
846
  foreach ($files as $file)
847
  if (is_dir(GOTMLS_trailingslashit($dir).$file))
848
- $scan_whatopts = $lt.'input type="checkbox" name="scan_only[]" value="'.$file.'" /'.$gt.$file.$lt.'br /'.$gt.$scan_whatopts;
849
  $scan_whatopts = "\n$lt".'div style="padding: 4px 30px;" id="scan_group_div_'.$mg.'"'.$gt.$lt.'input type="radio" name="scan_what" id="not-only'.$mg.'" value="'.$mg.'"'.($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_what"]==$mg?' checked':'').' /'.$gt.$lt.'a style="text-decoration: none;" href="#scan_what" onclick="showOnly(\''.$mg.'\');document.getElementById(\'not-only'.$mg.'\').checked=true;"'."$gt$GOTMLS_scan_group$lt/a$gt{$lt}br /$gt\n$lt".'div class="rounded-corners" style="position: absolute; display: none; background-color: #CCF; margin: 0; padding: 10px; z-index: 10;" id="only'.$mg.'"'.$gt.$lt.'div style="padding-bottom: 6px;"'.$gt.GOTMLS_close_button('only'.$mg, 0).$lt.'b'.$gt.str_replace(" ", "&nbsp;", __("Only Scan These Folders:",'gotmls')).$lt.'/b'.$gt.$lt.'/div'.$gt.$scan_whatopts;
850
  }
851
  $scan_optjs .= "document.getElementById('only'+what).style.display = 'block';\n}".((isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["auto_UPDATE_definitions"]) && $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["auto_UPDATE_definitions"])?"\nfunction auto_UPDATE_check() {\n\tif (auto_UPdef_check = document.getElementById('auto_UPDATE_definitions_check'))\n\t\tauto_UPdef_check.checked = true;\n}\nif (window.addEventListener)\n\twindow.addEventListener('load', auto_UPDATE_check)\nelse\n\tdocument.attachEvent('onload', auto_UPDATE_check);\n":"")."$lt/script$gt";
852
- $scan_opts = "\n$lt".'form method="POST" name="GOTMLS_Form"'.$gt.$lt.'input type="hidden" name="scan_type" id="scan_type" value="Complete Scan" /'.$gt.'
853
  '.$lt.'div style="float: left;"'.$gt.$lt.'p'.$gt.$lt.'b'.$gt.__("What to look for:",'gotmls').$lt.'/b'.$gt.$lt.'/p'.$gt.'
854
  '.$lt.'div style="padding: 0 30px;"'.$gt;
855
  foreach ($GLOBALS["GOTMLS"]["tmp"]["threat_levels"] as $threat_level_name=>$threat_level) {
@@ -998,120 +1016,125 @@ function showOnly(what) {
998
  }
999
  var startTime = 0;
1000
  '.$lt.'/script'.$gt.GOTMLS_box(GOTMLS_Scan_Settings_LANGUAGE, $scan_opts);
1001
- update_option('GOTMLS_settings_array', $GLOBALS["GOTMLS"]["tmp"]["settings_array"]);
1002
- if (isset($_REQUEST["scan_type"]) && $_REQUEST["scan_type"] == "Save")
1003
- echo "\n{$lt}script type='text/javascript'$gt\nalert('Settings Saved!');\n$lt/script$gt\n";
1004
- elseif (isset($_REQUEST["scan_what"]) && is_numeric($_REQUEST["scan_what"]) && ($_REQUEST["scan_what"] > -1)) {
1005
- if (!isset($_REQUEST["scan_type"]))
1006
- $_REQUEST["scan_type"] = "Complete Scan";
1007
- echo "\n$lt".'form method="POST" action="'.admin_url('admin-ajax.php').(isset($_SERVER["QUERY_STRING"])&&strlen($_SERVER["QUERY_STRING"])?"?".$_SERVER["QUERY_STRING"]:"").'" target="GOTMLS_iFrame" name="GOTMLS_Form_clean"'.$gt.$lt.'input type="hidden" name="action" value="GOTMLS_fix"'.$gt.$lt.'input type="hidden" id="GOTMLS_fixing" name="GOTMLS_fixing" value="1"'.$gt;
1008
- foreach ($_POST as $name => $value) {
1009
- if (substr($name, 0, 10) != 'GOTMLS_fix') {
1010
- if (is_array($value)) {
1011
- foreach ($value as $val)
1012
- echo $lt.'input type="hidden" name="'.$name.'[]" value="'.htmlspecialchars($val).'"'.$gt;
1013
- } else
1014
- echo $lt.'input type="hidden" name="'.$name.'" value="'.htmlspecialchars($value).'"'.$gt;
 
 
 
 
 
 
1015
  }
1016
- }
1017
- echo "\n$lt".'script type="text/javascript"'.$gt.'
1018
- showhide("inside_'.md5(GOTMLS_Scan_Settings_LANGUAGE).'");
1019
- '.$lt.'/script'.$gt.GOTMLS_box(htmlentities($_REQUEST["scan_type"]).' Status', $lt.'div id="status_text"'.$gt.$lt.'img src="'.GOTMLS_images_path.'wait.gif" height=16 width=16 alt="..."'.$gt.' '.GOTMLS_Loading_LANGUAGE.$lt.'/div'.$gt.$lt.'div id="status_bar"'.$gt.$lt.'/div'.$gt.$lt.'p id="pause_button" style="display: none; position: absolute; left: 0; text-align: center; margin-left: -30px; padding-left: 50%;"'.$gt.$lt.'input type="button" value="Pause" class="button-primary" onclick="pauseresume(this);" id="resume_button" /'.$gt.$lt.'/p'.$gt.$lt.'div id="status_counts"'.$gt.$lt.'/div'.$gt.$lt.'p id="fix_button" style="display: none; text-align: center;"'.$gt.$lt.'input id="repair_button" type="submit" value="'.GOTMLS_Automatically_Fix_LANGUAGE.'" class="button-primary" onclick="loadIframe(\'Examine Results\');" /'.$gt.$lt.'/p'.$gt);
1020
- $scan_groups_UL = "";
1021
- foreach ($scan_groups as $scan_name => $scan_group)
1022
- $scan_groups_UL .= "\n{$lt}ul name=\"found_$scan_group\" id=\"found_$scan_group\" class=\"GOTMLS_plugin $scan_group\" style=\"background-color: #ccc; display: none; padding: 0;\"$gt{$lt}a class=\"rounded-corners\" name=\"link_$scan_group\" style=\"float: right; padding: 0 4px; margin: 5px 5px 0 30px; line-height: 16px; text-decoration: none; color: #C00; background-color: #FCC; border: solid #F00 1px;\" href=\"#found_top\" onclick=\"showhide('found_$scan_group');\"{$gt}X$lt/a$gt{$lt}h3$gt$scan_name$lt/h3$gt\n".($scan_group=='potential'?$lt.'p'.$gt.' &nbsp; * '.__("NOTE: These are probably not malicious scripts (but it's a good place to start looking <u>IF</u> your site is infected and no Known Threats were found).",'gotmls').$lt.'/p'.$gt:($scan_group=='wp_core'?$lt.'p'.$gt.' &nbsp; * '.sprintf(__("NOTE: We have detected changes to the WordPress Core files on your site. This could be an intentional modification or the malicious work of a hacker. We can restore these files to their original state to preserve the integrity of your original WordPress %s installation.",'gotmls'), $wp_version).' (for more info '.$lt.'a target="_blank" href="http://gotmls.net/tag/wp-core-files/"'.$gt.__("read my blog",'gotmls').$lt.'/a'.$gt.').'.$lt.'/p'.$gt:$lt.'br /'.$gt)).$lt.'/ul'.$gt;
1023
- if (!($dir = implode(GOTMLS_slash(), array_slice($dirs, 0, -1 * (2 + $_REQUEST["scan_what"]))))) $dir = "/";
1024
- GOTMLS_update_scan_log(array("scan" => array("dir" => $dir, "start" => time(), "type" => htmlentities($_REQUEST["scan_type"]))));
1025
- echo GOTMLS_box($lt.'div style="float: right;"'.$gt.'&nbsp;('.$GLOBALS["GOTMLS"]["log"]["scan"]["dir"].")&nbsp;$lt/div$gt".__("Scan Details:",'gotmls'), $scan_groups_UL);
1026
- $no_flush_LANGUAGE = __("Not flushing OB Handlers: %s",'gotmls');
1027
- if (isset($_REQUEST["no_ob_end_flush"]))
1028
- echo $lt.'div class="error"'.$gt.sprintf($no_flush_LANGUAGE, print_r(ob_list_handlers(), 1))."$lt/div$gt\n";
1029
- elseif (is_array($OB_handlers) && count($OB_handlers)) {
1030
- // $GOTMLS_OB_handlers = get_option("GOTMLS_OB_handlers", array());
1031
- foreach (array_reverse($OB_handlers) as $OB_handler) {
1032
- if (isset($GOTMLS_OB_handlers[$OB_handler]) && $GOTMLS_OB_handlers[$OB_handler] == "no_end_flush")
1033
- echo $lt.'div class="error"'.$gt.sprintf($no_flush_LANGUAGE, $OB_handler)."$lt/div$gt\n";
1034
- elseif (in_array($OB_handler, $OB_default_handlers)) {
1035
- // $GOTMLS_OB_handlers[$OB_handler] = "no_end_flush";
1036
- // update_option("GOTMLS_OB_handlers", $GOTMLS_OB_handlers);
1037
- @ob_end_flush();
1038
- // $GOTMLS_OB_handlers[$OB_handler] = "ob_end_flush";
1039
- // update_option("GOTMLS_OB_handlers", $GOTMLS_OB_handlers);
1040
  }
1041
  }
1042
- }
1043
- @ob_start();
1044
- if ($_REQUEST["scan_type"] == "Quick Scan") {
1045
- $li_js = "\nfunction testComplete() {\n\tif (percent != 100)\n\t\talert('".__("The Quick Scan was unable to finish because of a shortage of memory or a problem accessing a file. Please try using the Complete Scan, it is slower but it will handle these errors better and continue scanning the rest of the files.",'gotmls')."');\n}\nwindow.onload=testComplete;\n$lt/script$gt\n$lt".'script type="text/javascript"'.$gt;
1046
- if (is_numeric($check = array_search("potential", $GLOBALS["GOTMLS"]["log"]["settings"]["check"])))
1047
- unset($GLOBALS["GOTMLS"]["log"]["settings"]["check"][$check]);
1048
- }
1049
- echo "\n{$lt}script type=\"text/javascript\"$gt$li_js\n/*{$lt}!--*"."/";
1050
- if (is_dir($dir)) {
1051
- $GOTMLS_dirs_at_depth[0] = 1;
1052
- $GOTMLS_dir_at_depth[0] = 0;
1053
- if (isset($_REQUEST['scan_only']) && is_array($_REQUEST['scan_only'])) {
1054
- $GOTMLS_dirs_at_depth[0] += (count($_REQUEST['scan_only']) - 1);
1055
- foreach ($_REQUEST['scan_only'] as $only_dir)
1056
- if (is_dir(GOTMLS_trailingslashit($dir).$only_dir))
1057
- GOTMLS_readdir(GOTMLS_trailingslashit($dir).$only_dir);
 
1058
  } else
1059
- GOTMLS_readdir($dir);
1060
- } else
1061
- echo GOTMLS_return_threat("errors", "blocked", $dir, GOTMLS_error_link("Not a valid directory!"));
1062
- if ($_REQUEST["scan_type"] == "Quick Scan")
1063
- echo GOTMLS_update_status(__("Completed!",'gotmls'), 100);
1064
- else {
1065
- echo GOTMLS_update_status(__("Starting Scan ...",'gotmls'))."/*--{$gt}*"."/";
1066
- echo "\nvar scriptSRC = '".admin_url('admin-ajax.php?action=GOTMLS_scan&mt='.$GLOBALS["GOTMLS"]["tmp"]["mt"].preg_replace('/\&(GOTMLS_scan|mt|action)=/', '&last_\1=', isset($_SERVER["QUERY_STRING"])&&strlen($_SERVER["QUERY_STRING"])?"&".$_SERVER["QUERY_STRING"]:"").'&GOTMLS_scan=')."';\nvar scanfilesArKeys = new Array('".implode("','", array_keys($GLOBALS["GOTMLS"]["tmp"]["scanfiles"]))."');\nvar scanfilesArNames = new Array('Scanning ".implode("','Scanning ", $GLOBALS["GOTMLS"]["tmp"]["scanfiles"])."');".'
1067
- var scanfilesI = 0;
1068
- var stopScanning;
1069
- var gotStuckOn = "";
1070
- function scanNextDir(gotStuck) {
1071
- clearTimeout(stopScanning);
1072
- if (gotStuck > -1) {
1073
- if (scanfilesArNames[gotStuck].substr(0, 3) != "Re-") {
1074
- if (scanfilesArNames[gotStuck].substr(0, 9) == "Checking ") {
1075
- scanfilesArNames.push(scanfilesArNames[gotStuck]);
1076
- scanfilesArKeys.push(scanfilesArKeys[gotStuck]+"&GOTMLS_skip_file[]="+encodeURIComponent(scanfilesArNames[gotStuck].substr(9)));
 
 
1077
  } else {
1078
- scanfilesArNames.push("Re-"+scanfilesArNames[gotStuck]);
1079
- scanfilesArKeys.push(scanfilesArKeys[gotStuck]+"&GOTMLS_only_file=");
1080
  }
1081
- } else {
1082
- scanfilesArNames.push("Got Stuck "+scanfilesArNames[gotStuck]);
1083
- scanfilesArKeys.push(scanfilesArKeys[gotStuck]+"&GOTMLS_skip_dir="+scanfilesArKeys[gotStuck]);
1084
  }
1085
- }
1086
- if (document.getElementById("resume_button").value != "Pause") {
1087
- stopScanning=setTimeout("scanNextDir(-1)", 1000);
1088
- startTime++;
1089
- }
1090
- else if (scanfilesI < scanfilesArKeys.length) {
1091
- document.getElementById("status_text").innerHTML = scanfilesArNames[scanfilesI];
1092
- var newscript = document.createElement("script");
1093
- newscript.setAttribute("src", scriptSRC+scanfilesArKeys[scanfilesI]);
1094
- divx = document.getElementById("found_scanned");
1095
- if (divx)
1096
- divx.appendChild(newscript);
1097
- stopScanning=setTimeout("scanNextDir("+(scanfilesI++)+")",'.$GLOBALS["GOTMLS"]["tmp"]['execution_time'].'000);
1098
- }
1099
- }
1100
- startTime = ('.ceil(time()-$GLOBALS["GOTMLS"]["log"]["scan"]["start"]).'+3);
1101
- stopScanning=setTimeout("scanNextDir(-1)",3000);
1102
- function pauseresume(butt) {
1103
- if (butt.value == "Resume")
1104
- butt.value = "Pause";
1105
- else
1106
- butt.value = "Resume";
1107
- }
1108
- showhide("pause_button", true);'."\n/*{$lt}!--*"."/";
1109
- }
1110
- if (@ob_get_level()) {
1111
- GOTMLS_flush('script');
1112
- @ob_end_flush();
1113
- }
1114
- echo "/*--{$gt}*"."/\n$lt/script$gt";
 
1115
  } else {
1116
  $patch_attr = array(
1117
  array(
@@ -1133,7 +1156,7 @@ showhide("pause_button", true);'."\n/*{$lt}!--*"."/";
1133
  "icon" => "threat"
1134
  )
1135
  );
1136
- $patch_action = $lt.'form method="POST" name="GOTMLS_Form_XMLRPC_patch"'.$gt.$lt.'div style="float: right;"'.$gt.$lt.'input type="hidden" name="GOTMLS_XMLRPC_patching" value="1"'.$gt.$lt.'input type="submit" value="Block XMLRPC Access" style="display: none;" id="GOTMLS_XMLRPC_patch_button"'.$gt.$lt.'div id="GOTMLS_XMLRPC_patch_searching"'.$gt.__("Checking .htaccess file ...",'gotmls').' '.$lt.'img src="'.GOTMLS_images_path.'wait.gif" height=16 width=16 alt="Wait..." /'.$gt.$lt.'/div'.$gt.$lt.'/div'.$gt.$lt.'script'.$gt."\nfunction testComplete() {\nif (autoUpdateDownloadGIF = document.getElementById('autoUpdateDownload'))\n\tdonationAmount = autoUpdateDownloadGIF.src.replace(/^.+\?/,'');\nif ((autoUpdateDownloadGIF.src == donationAmount) || donationAmount=='0') {\n\tif (patch_searching_div = document.getElementById('GOTMLS_XMLRPC_patch_searching')) {\n\t\tif (autoUpdateDownloadGIF.src == donationAmount)\n\t\t\tpatch_searching_div.innerHTML = '<span style=\"color: #F00;\">".__("You must register and donate to use this feature!",'gotmls')."</span>';\n\t\telse\n\t\t\tpatch_searching_div.innerHTML = '<span style=\"color: #F00;\">".__("This feature is available to those who have donated!",'gotmls')."</span>';\n\t}\n} else {\n\tshowhide('GOTMLS_XMLRPC_patch_searching');\n\tshowhide('GOTMLS_XMLRPC_patch_button', true);\n}\n}\nwindow.onload=testComplete;\n$lt/script$gt$lt".'div style="padding: 0 30px;"'.$gt.$lt.'p'.$gt.$lt.'b'.$gt.$lt.'img src="'.GOTMLS_images_path.'question.gif"'.$gt.'Allow/Block XMLRPC Access (';
1137
  $patch_found = false;
1138
  $find = '|<Files[^>]+xmlrpc.php>(.+?)</Files>\s*(# END GOTMLS Patch to Block XMLRPC Access\s*)*|is';
1139
  $head = str_replace(array('|<Files[^>]+', '(.+?)', '\\s*(', '\\s*)*|is'), array("<Files ", "\norder deny,allow\ndeny from all".(isset($_SERVER["REMOTE_ADDR"])?"\nallow from ".$_SERVER["REMOTE_ADDR"]:"").(isset($_SERVER["SERVER_ADDR"])?"\nallow from ".$_SERVER["SERVER_ADDR"]:"")."\n", "\n", "\n"), $find);
@@ -1142,16 +1165,16 @@ showhide("pause_button", true);'."\n/*{$lt}!--*"."/";
1142
  if (($htaccess = @file_get_contents(ABSPATH.'.htaccess')) && strlen($htaccess))
1143
  $patch_found = preg_match($find, $htaccess);
1144
  if ($patch_found) {
1145
- if (isset($_POST["GOTMLS_XMLRPC_patching"]) && ($_POST["GOTMLS_XMLRPC_patching"] < 0) && GOTMLS_file_put_contents(ABSPATH.'.htaccess', preg_replace($find, "", $htaccess)))
1146
  $patch_action .= $lt.'img src="'.GOTMLS_images_path.'checked.gif"'.$gt.' Now Allowing';
1147
- elseif (isset($_POST["GOTMLS_XMLRPC_patching"]) && ($_POST["GOTMLS_XMLRPC_patching"] < 0))
1148
  $patch_action = str_replace('1"'.$gt.$lt.'input type="submit" value="Block', '-1"'.$gt.$lt.'input type="submit" value="Unblock', $patch_action).$lt.'img src="'.GOTMLS_images_path.'threat.gif"'.$gt.' Still Blocked: '.sprintf(__("Failed to remove XMLRPC Protection (.htaccess %s)",'gotmls'),(is_readable(ABSPATH.'.htaccess')?'read-'.(is_writable(ABSPATH.'.htaccess')?'write':'only'):"unreadable").": ".strlen($htaccess).GOTMLS_fileperms(ABSPATH.'.htaccess'));
1149
  else
1150
  $patch_action = str_replace('1"'.$gt.$lt.'input type="submit" value="Block', '-1"'.$gt.$lt.'input type="submit" value="Unblock', $patch_action).'Currently Blocked';
1151
  } else {
1152
- if (isset($_POST["GOTMLS_XMLRPC_patching"]) && ($_POST["GOTMLS_XMLRPC_patching"] > 0) && GOTMLS_file_put_contents(ABSPATH.'.htaccess', "$head$htaccess"))
1153
  $patch_action = str_replace('1"'.$gt.$lt.'input type="submit" value="Block', '-1"'.$gt.$lt.'input type="submit" value="Unblock', $patch_action).$lt.'img src="'.GOTMLS_images_path.'checked.gif"'.$gt.' Now Blocking';
1154
- elseif (isset($_POST["GOTMLS_XMLRPC_patching"]) && ($_POST["GOTMLS_XMLRPC_patching"] > 0))
1155
  $patch_action .= $lt.'img src="'.GOTMLS_images_path.'threat.gif"'.$gt.' Still Allowed: '.sprintf(__("Failed to install XMLRPC Protection (.htaccess %s)",'gotmls'),(is_readable(ABSPATH.'.htaccess')?'read-'.(is_writable(ABSPATH.'.htaccess')?'write':'only'):"unreadable").": ".strlen($htaccess).GOTMLS_fileperms(ABSPATH.'.htaccess'));
1156
  else
1157
  $patch_action .= 'Currently Allowed';
@@ -1161,31 +1184,35 @@ showhide("pause_button", true);'."\n/*{$lt}!--*"."/";
1161
  $patch_found = -1;
1162
  $find = "#if\s*\(([^\&]+\&\&)?\s*file_exists\((.+?)(safe-load|wp-login)\.php'\)\)\s*require(_once)?\((.+?)(safe-load|wp-login)\.php'\);#";
1163
  $head = str_replace(array('#', '\\(', '\\)', '(_once)?', ')\\.', '\\s*', '(.+?)(', '|', '([^\\&]+\\&\\&)?'), array(' ', '(', ')', '_once', '.', ' ', '\''.dirname(__FILE__).'/', '/', '!in_array($_SERVER["REMOTE_ADDR"], array("'.$_SERVER["REMOTE_ADDR"].'")) &&'), $find);
1164
- if (is_file(ABSPATH.'wp-config.php')) {
1165
- if (($config = @file_get_contents(ABSPATH.'wp-config.php')) && strlen($config)) {
 
 
 
 
1166
  if ($patch_found = preg_match($find, $config)) {
1167
  if (strpos($config, substr($head, strpos($head, "file_exists")))) {
1168
- if (isset($_POST["GOTMLS_patching"]) && GOTMLS_file_put_contents(ABSPATH.'wp-config.php', preg_replace('#'.$lt.'\?[ph\s]+(//.*\s*)*\?'.$gt.'#i', "", preg_replace($find, "", $config))))
1169
  $patch_action .= $lt.'div class="error"'.$gt.__("Removed Brute-Force Protection",'gotmls').$lt.'/div'.$gt;
1170
  else
1171
  $patch_status = 1;
1172
  } else {
1173
- if (isset($_POST["GOTMLS_patching"]) && GOTMLS_file_put_contents(ABSPATH.'wp-config.php', preg_replace($find, "$head", $config))) {
1174
  $patch_action .= $lt.'div class="updated"'.$gt.__("Upgraded Brute-Force Protection",'gotmls').$lt.'/div'.$gt;
1175
  $patch_status = 1;
1176
  } else
1177
  $patch_status = 2;
1178
  }
1179
- } elseif (isset($_POST["GOTMLS_patching"]) && strlen($config) && ($patch_found == 0) && GOTMLS_file_put_contents(ABSPATH.'wp-config.php', "$lt?php$head// Load Brute-Force Protection by GOTMLS.NET before the WordPress bootstrap. ?$gt$config")) {
1180
  $patch_action .= $lt.'div class="updated"'.$gt.__("Installed Brute-Force Protection",'gotmls').$lt.'/div'.$gt;
1181
  $patch_status = 1;
1182
- } elseif (isset($_POST["GOTMLS_patching"]))
1183
- $patch_action .= $lt.'div class="updated"'.$gt.sprintf(__("Failed to install Brute-Force Protection (wp-config.php %s)",'gotmls'),(is_readable(ABSPATH.'wp-config.php')?'read-'.(is_writable(ABSPATH.'wp-config.php')?'write':'only'):"unreadable").": ".strlen($config).GOTMLS_fileperms(ABSPATH.'wp-config.php')).$lt.'/div'.$gt;
1184
  } else
1185
  $patch_action .= $lt.'div class="error"'.$gt.__("wp-config.php Not Readable!",'gotmls').$lt.'/div'.$gt;
1186
  } else
1187
  $patch_action .= $lt.'div class="error"'.$gt.__("wp-config.php Not Found!",'gotmls').$lt.'/div'.$gt;
1188
- if (file_exists(ABSPATH.'wp-login.php') && ($login = @file_get_contents(ABSPATH.'wp-login.php')) && strlen($login) && (preg_match($find, $login))) {
1189
  if (isset($_POST["GOTMLS_patching"]) && ($source = GOTMLS_get_URL("http://core.svn.wordpress.org/tags/".$wp_version.'/wp-login.php')) && (strlen($source) > 500) && GOTMLS_file_put_contents(ABSPATH.'wp-login.php', $source))
1190
  $patch_action .= $lt.'div class="updated"'.$gt.__("Removed Old Brute-Force Login Patch",'gotmls').$lt.'/div'.$gt;
1191
  else
@@ -1193,10 +1220,10 @@ showhide("pause_button", true);'."\n/*{$lt}!--*"."/";
1193
  }
1194
  $sec_opts = $lt.'div style="padding: 0 30px;"'.$gt.$lt.'p'.$gt.$lt.'img src="'.GOTMLS_images_path.'checked.gif"'.$gt.$lt.'b'.$gt.'Revolution Slider Exploit Protection (Automatically Enabled)'.$lt.'/b'.$gt.$lt.'/p'.$gt.__("This protection is automatically activated with this plugin because of the widespread attack on WordPress that are affecting so many site right now. It is still recommended that you make sure to upgrade and older versions of the Revolution Slider plugin, especially those included in some themes that will not update automatically. Even if you do not have Revolution Slider on your site it still can't hurt to have this protection installed.",'gotmls').$lt.'/div'.$gt.$lt.'hr /'.$gt.'
1195
  '.$patch_action.'
1196
- '.$lt.'form method="POST" name="GOTMLS_Form_patch"'.$gt.$lt.'div style="float: right;"'.$gt.$lt.'input type="submit" value="'.$patch_attr[$patch_status]["action"].'" style="'.($patch_status?'"'.$gt:' display: none;" id="GOTMLS_patch_button"'.$gt.$lt.'div id="GOTMLS_patch_searching" style="float: right;"'.$gt.__("Checking for session compatibility ...",'gotmls').' '.$lt.'img src="'.GOTMLS_images_path.'wait.gif" height=16 width=16 alt="Wait..." /'.$gt.$lt.'/div'.$gt).$lt.'input type="hidden" name="GOTMLS_patching" value="1"'.$gt.$lt.'/div'.$gt.$lt.'div style="padding: 0 30px;"'.$gt.$lt.'p'.$gt.$lt.'img src="'.GOTMLS_images_path.$patch_attr[$patch_status]["icon"].'.gif"'.$gt.$lt.'b'.$gt.'Brute-force Protection '.$patch_attr[$patch_status]["status"].$lt.'/b'.$gt.$lt.'/p'.$gt.$patch_attr[$patch_status]["language"].__(" For more information on Brute-Force attack prevention and the WordPress wp-login-php file ",'gotmls').' '.$lt.'a target="_blank" href="http://gotmls.net/tag/wp-login-php/"'.$gt.__("read my blog",'gotmls')."$lt/a$gt.$lt/div$gt$lt/form$gt\n{$lt}script type='text/javascript'$gt\nfunction search_patch_onload() {\n\tstopCheckingSession = checkupdateserver('".GOTMLS_images_path."gotmls.js?SESSION=0', 'GOTMLS_patch_searching');\n}\nif (window.addEventListener)\n\twindow.addEventListener('load', search_patch_onload)\nelse\n\tdocument.attachEvent('onload', search_patch_onload);\n$lt/script$gt";
1197
  $admin_notice = "";
1198
  if ($current_user->user_login == "admin") {
1199
- if (isset($_POST["GOTMLS_admin_username"]) && ("admin" != trim($_POST["GOTMLS_admin_username"])) && strlen(trim($_POST["GOTMLS_admin_username"])) && preg_match('/^\s*[a-z_0-9\@\.\-]{3,}\s*$/i', $_POST["GOTMLS_admin_username"])) {
1200
  if ($wpdb->update($wpdb->users, array("user_login" => trim($_POST["GOTMLS_admin_username"])), array("user_login" => "admin")))
1201
  $admin_notice .= $lt.'div class="updated"'.$gt.sprintf(__("You username has been change to %s. Don't forget to use your new username when you login again.",'gotmls'), $_POST["GOTMLS_admin_username"]).$lt.'/div'.$gt;
1202
  else
@@ -1205,10 +1232,10 @@ showhide("pause_button", true);'."\n/*{$lt}!--*"."/";
1205
  $admin_notice .= $lt.'hr /'.$gt;
1206
  if (isset($_POST["GOTMLS_admin_username"]))
1207
  $admin_notice .= $lt.'div class="updated"'.$gt.sprintf(__("Your new username must be at least 3 characters and can only contain &quot;%s&quot;. Please try again.",'gotmls'), "a-z0-9_.-@").$lt.'/div'.$gt;
1208
- $admin_notice .= $lt.'form method="POST" name="GOTMLS_Form_admin"'.$gt.$lt.'div style="float: right;"'.$gt.$lt.'div style="float: left;"'.$gt.__("Change your username:",'gotmls').$lt.'/div'.$gt.$lt.'input style="float: left;" type="text" id="GOTMLS_admin_username" name="GOTMLS_admin_username" size="6" value="admin"'.$gt.$lt.'input style="float: left;" type="submit" value="Change"'.$gt.$lt.'/div'.$gt.$lt.'div style="padding: 0 30px;"'.$gt.$lt.'p'.$gt.$lt.'img src="'.GOTMLS_images_path.'threat.gif"'.$gt.$lt.'b'.$gt.'Admin Notice'.$lt.'/b'.$gt.$lt.'/p'.$gt.'Your username is "admin", this is the most commonly guessed username by hackers and brute-force scripts. It is highly recommended that you change your username immediately.'.$lt.'/div'.$gt.$lt.'/form'.$gt;
1209
  }
1210
  }
1211
- echo GOTMLS_box("Firewall Options", $sec_opts.$admin_notice);
1212
  }
1213
  echo "\n$lt/div$gt$lt/div$gt$lt/div$gt";
1214
  }
@@ -1243,8 +1270,8 @@ function GOTMLS_set_plugin_row_meta($links_array, $plugin_file) {
1243
  add_filter("plugin_row_meta", "GOTMLS_set_plugin_row_meta", 1, 2);
1244
 
1245
  function GOTMLS_in_plugin_update_message($args) {
1246
- $transient_name = "GOTMLS_upgrade_notice_".$args["Version"];//(false === ($upgrade_notice = get_transient($transient_name))) &&
1247
- if (($ret = GOTMLS_get_URL("https://plugins.svn.wordpress.org/gotmls/trunk/readme.txt"))) {
1248
  $upgrade_notice = '';
1249
  if ($match = preg_split('/==\s*Upgrade Notice\s*==\s+/i', $ret)) {
1250
  if (preg_match('/\n+=\s*'.str_replace(".", "\\.", GOTMLS_Version).'\s*=\s+/is', $match[1]))
@@ -1269,7 +1296,7 @@ function GOTMLS_init() {
1269
  if (!isset($_REQUEST["scan_depth"]))
1270
  $_REQUEST["scan_depth"] = 2;
1271
  if (!isset($_REQUEST["scan_only"]))
1272
- $_REQUEST["scan_only"] = array("","wp-content/plugins","wp-content/themes");
1273
  if ($_REQUEST["scan_only"] && !is_array($_REQUEST["scan_only"]))
1274
  $_REQUEST["scan_only"] = array($_REQUEST["scan_only"]);
1275
  }//$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check_custom"] = stripslashes($_POST["check_custom"]);
@@ -1293,217 +1320,154 @@ function GOTMLS_init() {
1293
  add_action("admin_init", "GOTMLS_init");
1294
 
1295
  function GOTMLS_ajax_position() {
1296
- $GLOBALS["GOTMLS_msg"] = __("Default position",'gotmls');
1297
- $properties = array("body" => 'style="margin: 0; padding: 0;"');
1298
- if (isset($_GET["GOTMLS_msg"]) && $_GET["GOTMLS_msg"] == $GLOBALS["GOTMLS_msg"]) {
1299
- $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"] = $GLOBALS["GOTMLS"]["tmp"]["default"]["msg_position"];
1300
- $gl = '><';
1301
- $properties["html"] = $gl.'head'.$gl.'script type="text/javascript">
1302
- if (curDiv = window.parent.document.getElementById("div_file")) {
1303
- curDiv.style.left = "'.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][0].'";
1304
- curDiv.style.top = "'.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][1].'";
1305
- curDiv.style.height = "'.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][2].'";
1306
- curDiv.style.width = "'.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][3].'";
1307
- }
1308
- </script'.$gl.'/head';
1309
- } elseif (isset($_GET["GOTMLS_x"]) || isset($_GET["GOTMLS_y"]) || isset($_GET["GOTMLS_h"]) || isset($_GET["GOTMLS_w"])) {
1310
- if (isset($_GET["GOTMLS_x"]))
1311
- $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][0] = $_GET["GOTMLS_x"];
1312
- if (isset($_GET["GOTMLS_y"]))
1313
- $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][1] = $_GET["GOTMLS_y"];
1314
- if (isset($_GET["GOTMLS_h"]))
1315
- $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][2] = $_GET["GOTMLS_h"];
1316
- if (isset($_GET["GOTMLS_w"]))
1317
- $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][3] = $_GET["GOTMLS_w"];
1318
- $_GET["GOTMLS_msg"] = __("New position",'gotmls');
 
 
 
 
 
1319
  } else
1320
- die("\n//Position Error: No new position to save!\n");
1321
- update_option("GOTMLS_settings_array", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]);
1322
- die(GOTMLS_html_tags(array("html" => array("body" => htmlentities($_GET["GOTMLS_msg"]).' '.__("saved.",'gotmls').(implode($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"]) == implode($GLOBALS["GOTMLS"]["tmp"]["default"]["msg_position"])?"":' <a href="'.admin_url('admin-ajax.php?action=GOTMLS_position&GOTMLS_msg='.urlencode($GLOBALS["GOTMLS_msg"])).'">['.$GLOBALS["GOTMLS_msg"].']</a>'))), $properties));
1323
  }
1324
  add_action('wp_ajax_GOTMLS_position', 'GOTMLS_ajax_position');
1325
 
1326
  function GOTMLS_ajax_empty_trash() {
1327
  global $wpdb;
1328
  $gl = '><';
1329
- if ($trashed = $wpdb->query("DELETE FROM $wpdb->posts WHERE `post_type` = 'GOTMLS_quarantine' AND `post_status` != 'private'")) {
1330
- $wpdb->query("REPAIR TABLE $wpdb->posts");
1331
- $trashmsg = __("Emptied $trashed item from the quarantine trash.",'gotmls');
 
 
 
1332
  } else
1333
- $trashmsg = __("Failed to empty the trash.",'gotmls');
1334
  $properties = array("html" => $gl.'head'.$gl."script type='text/javascript'>\nif (curDiv = window.parent.document.getElementById('empty_trash_link'))\n\tcurDiv.style.display = 'none';\nalert('$trashmsg');\n</script$gl/head", "body" => 'style="margin: 0; padding: 0;"');
1335
  die(GOTMLS_html_tags(array("html" => array("body" => $trashmsg)), $properties));
1336
  }
1337
  add_action('wp_ajax_GOTMLS_empty_trash', 'GOTMLS_ajax_empty_trash');
1338
 
1339
  function GOTMLS_ajax_whitelist() {
1340
- if (isset($_POST['GOTMLS_whitelist']) && isset($_POST['GOTMLS_chksum'])) {
1341
- $file = GOTMLS_decode($_POST['GOTMLS_whitelist']);
1342
- $chksum = explode("O", $_POST['GOTMLS_chksum']."O");
1343
- if (strlen($chksum[0]) == 32 && strlen($chksum[1]) == 32 && is_file($file) && md5(@file_get_contents($file)) == $chksum[0]) {
1344
- $filesize = @filesize($file);
1345
- if (true) {
1346
- if (!isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"][$file][0]))
1347
- $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"][$file][0] = "A0002";
1348
- $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"][$file][$chksum[0].'O'.$filesize] = "A0002";
 
 
 
 
 
1349
  } else
1350
- unset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"][$file]);
1351
- update_option("GOTMLS_definitions_array", $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]);
1352
- $body = "Added $file to Whitelist!<br />\n<iframe style='width: 90%; height: 250px; border: none;' src='".GOTMLS_plugin_home."whitelist.html?whitelist=".$_POST['GOTMLS_whitelist']."&hash=$chksum[0]&size=$filesize&key=$chksum[1]'></iframe>";
1353
  } else
1354
- $body = "<li>Invalid Data!</li>";
1355
- die(GOTMLS_html_tags(array("html" => array("body" => $body))));
1356
  } else
1357
- die("\n//Whitelist Error: Invalid checksum!\n");
1358
  }
1359
  add_action('wp_ajax_GOTMLS_whitelist', 'GOTMLS_ajax_whitelist');
1360
 
1361
  function GOTMLS_ajax_fix() {
1362
- if (isset($_POST["GOTMLS_fix"]) && !is_array($_POST["GOTMLS_fix"]))
1363
- $_POST["GOTMLS_fix"] = array($_POST["GOTMLS_fix"]);
1364
- if (isset($_REQUEST["GOTMLS_fix"]) && is_array($_REQUEST["GOTMLS_fix"]) && isset($_REQUEST["GOTMLS_fixing"]) && $_REQUEST["GOTMLS_fixing"]) {
1365
- GOTMLS_update_scan_log(array("settings" => $GLOBALS["GOTMLS"]["tmp"]["settings_array"]));
1366
- $callAlert = "clearTimeout(callAlert);\ncallAlert=setTimeout('alert_repaired(1)', 30000);";
1367
- $li_js = "\n<script type=\"text/javascript\">\nvar callAlert;\nfunction alert_repaired(failed) {\nclearTimeout(callAlert);\nif (failed)\nfilesFailed='the rest, try again to change more.';\nwindow.parent.check_for_donation('Changed '+filesFixed+' files, failed to change '+filesFailed);\n}\n$callAlert\nwindow.parent.showhide('GOTMLS_iFrame', true);\nfilesFixed=0;\nfilesFailed=0;\nfunction fixedFile(file) {\n filesFixed++;\nif (li_file = window.parent.document.getElementById('check_'+file))\n\tli_file.checked=false;\nif (li_file = window.parent.document.getElementById('list_'+file))\n\tli_file.className='GOTMLS_plugin';\nif (li_file = window.parent.document.getElementById('GOTMLS_quarantine_'+file)) {\n\tli_file.style.display='none';\n\tli_file.innerHTML='';\n\t}\n}\nfunction DeletedFile(file) {\n filesFixed++;\nif (li_file = window.parent.document.getElementById('check_'+file))\n\tli_file.checked=false;\nif (li_file = window.parent.document.getElementById('GOTMLS_quarantine_'+file)) {\n\tli_file.style.display='none';\n\tli_file.innerHTML='';\n\t}}\nfunction failedFile(file) {\n filesFailed++;\nwindow.parent.document.getElementById('check_'+file).checked=false; \n}\n</script>\n<script type=\"text/javascript\">\n/*<!--*"."/";
1368
- @set_time_limit($GLOBALS["GOTMLS"]["tmp"]['execution_time'] * 2);
1369
- $HTML = explode("split-here-for-content", GOTMLS_html_tags(array("html" => array("body" => "split-here-for-content"))));
1370
- echo $HTML[0];
1371
- GOTMLS_update_scan_log(array("scan" => array("dir" => count($_REQUEST["GOTMLS_fix"])." Files", "start" => time())));
1372
- foreach ($_REQUEST["GOTMLS_fix"] as $clean_file) {
1373
- if (is_numeric($clean_file)) {
1374
- if (($Q_post = GOTMLS_get_quarantine($clean_file)) && isset($Q_post["post_type"]) && $Q_post["post_type"] == "GOTMLS_quarantine" && isset($Q_post["post_status"]) && $Q_post["post_status"] == "private") {
1375
- $path = $Q_post["post_title"];
1376
- if ($_REQUEST["GOTMLS_fixing"] > 1) {
1377
- echo "<li>Removing $path ... ";
1378
- $Q_post["post_status"] = "trash";
1379
- if (wp_update_post($Q_post)) {
1380
- echo __("Done!",'gotmls');
1381
- $li_js .= "/*-->*"."/\nDeletedFile('$clean_file');\n/*<!--*"."/";
1382
- } else {
1383
- echo __("Failed to delete!",'gotmls');
1384
- $li_js .= "/*-->*"."/\nfailedFile('$clean_file');\n/*<!--*"."/";
1385
- }
1386
- GOTMLS_update_scan_log(array("scan" => array("finish" => time(), "type" => "Removal from Quarantine")));
1387
- } else {
1388
- echo "<li>Restoring $path ... ";
1389
- $Q_post["post_status"] = "pending";
1390
- if (GOTMLS_file_put_contents($path, GOTMLS_decode($Q_post["post_content"])) && wp_update_post($Q_post)) {
1391
- echo __("Complete!",'gotmls');
1392
- $li_js .= "/*-->*"."/\nfixedFile('$clean_file');\n/*<!--*"."/";
1393
  } else {
1394
- echo __("Restore Failed!",'gotmls');
1395
- $li_js .= "/*-->*"."/\nfailedFile('$clean_file');\n/*<!--*"."/";
 
 
 
 
 
 
 
 
1396
  }
1397
- GOTMLS_update_scan_log(array("scan" => array("finish" => time(), "type" => "Restoration from Quarantine")));
 
1398
  }
1399
- echo "</li>\n$li_js/*-->*"."/\n$callAlert\n</script>\n";
1400
- $li_js = "<script type=\"text/javascript\">\n/*<!--*"."/";
 
 
 
 
 
 
 
 
1401
  }
1402
- } else {
1403
- $path = realpath(GOTMLS_decode($clean_file));
1404
- if (is_file($path)) {
1405
- echo "<li>Fixing $path ... ";
1406
- $li_js .= GOTMLS_scanfile($path);
1407
- echo "</li>\n$li_js/*-->*"."/\n$callAlert\n</script>\n";
1408
- $li_js = "<script type=\"text/javascript\">\n/*<!--*"."/";
1409
- } else
1410
- echo "<li>".__("File ".htmlentities($path)." not found!",'gotmls')."</li>";
1411
- GOTMLS_update_scan_log(array("scan" => array("finish" => time(), "type" => "Automatic Fix")));
1412
  }
1413
- }
1414
- die('<div id="check_site_warning" style="background-color: #F00;">'.sprintf(__("Because some changes were made we need to check to make sure it did not break your site. If this stays Red and the frame below does not load please <a %s>revert the changes</a> made during this automated fix process.",'gotmls'), 'target="_top" href="admin.php?page=GOTMLS-View-Quarantine"').' <span style="color: #F00;">'.__("Never mind, it worked!",'gotmls').'</span></div><br /><iframe id="test_frame" name="test_frame" src="'.admin_url('admin.php?page=GOTMLS-settings&check_site=1').'" style="width: 100%; height: 200px"></iframe>'.$li_js."/*-->*"."/\nalert_repaired(0);\n</script>\n$HTML[1]");
 
1415
  } else
1416
- die(GOTMLS_html_tags(array("html" => array("body" => "<script type=\"text/javascript\">\nwindow.parent.showhide('GOTMLS_iFrame', true);\nalert('".__("Nothing Selected to be Changed!",'gotmls')."');\n</script>".__("Done!",'gotmls')))));
1417
  }
1418
  add_action('wp_ajax_GOTMLS_fix', 'GOTMLS_ajax_fix');
1419
 
1420
  function GOTMLS_ajax_scan() {
1421
- @error_reporting(0);
1422
- if (isset($_GET["GOTMLS_scan"])) {
1423
- @set_time_limit($GLOBALS["GOTMLS"]["tmp"]['execution_time'] - 5);
1424
- if (is_numeric($_GET["GOTMLS_scan"])) {
1425
- if (($Q_post = GOTMLS_get_quarantine($_GET["GOTMLS_scan"])) && isset($Q_post["post_type"]) && $Q_post["post_type"] == "GOTMLS_quarantine" && isset($Q_post["post_status"]) && $Q_post["post_status"] == "private") {
1426
- $clean_file = $Q_post["post_title"];
1427
- $GLOBALS["GOTMLS"]["tmp"]["file_contents"] = GOTMLS_decode($Q_post["post_content"]);
1428
- $fa = "";
1429
- $function = 'GOTMLS_decode';
1430
- $decode_list = array("Base64" => '/base64_decode\([\'"]([0-9\+\/\=a-z]+)[\'"]\)/', "Hex" => '/(\\\\x[0-9a-f]{2})/');
1431
- if (isset($_GET[$function]) && is_array($_GET[$function])) {
1432
- foreach ($_GET[$function] as $decode) {
1433
- if (isset($decode_list[$decode])) {
1434
- $GLOBALS["GOTMLS"]["tmp"]["file_contents"] = preg_replace($decode_list[$decode].substr($GLOBALS["GOTMLS"]["tmp"]["default_ext"], 0, 2), $function.$decode.'("\1")', $GLOBALS["GOTMLS"]["tmp"]["file_contents"]);
1435
- $fa .= " $decode decoded";
1436
- } else
1437
- $fa .= " NO-$decode";
1438
- }
1439
- } elseif (isset($Q_post["post_excerpt"]) && strlen($Q_post["post_excerpt"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["threats_found"] = @maybe_unserialize(GOTMLS_decode($Q_post["post_excerpt"])))) {
1440
- $f = 1;
1441
- //print_r(array("excerpt:"=>$GLOBALS["GOTMLS"]["tmp"]["threats_found"]));
1442
- foreach ($GLOBALS["GOTMLS"]["tmp"]["threats_found"] as $threats_found => $threats_name) {
1443
- list($start, $end, $junk) = explode("-", "$threats_found--", 3);
1444
- if (strlen($end) > 0 && is_numeric($start) && is_numeric($end)) {
1445
- if ($start < $end)
1446
- $fa .= ' <a title="'.htmlspecialchars($threats_name).'" href="javascript:select_text_range(\'ta_file\', '.$start.', '.$end.');">['.$f++.']</a>';
1447
- else
1448
- $fa .= ' <a title="'.htmlspecialchars($threats_name).'" href="javascript:select_text_range(\'ta_file\', '.$end.', '.$start.');">['.$f++.']</a>';
1449
- } else {
1450
- if (is_numeric($threats_found)) {
1451
- $threats_found = $threats_name;
1452
- $threats_name = $f;
1453
- }
1454
- $fpos = 0;
1455
- $flen = 0;
1456
- $potential_threat = str_replace("\r", "", $threats_found);
1457
- while (($fpos = strpos(str_replace("\r", "", $GLOBALS["GOTMLS"]["tmp"]["file_contents"]), ($potential_threat), $flen + $fpos)) !== false) {
1458
- $flen = strlen($potential_threat);
1459
- $fa .= ' <a title="'.htmlspecialchars($threats_name).'" href="javascript:select_text_range(\'ta_file\', '.($fpos).', '.($fpos + $flen).');">['.$f++.']</a>';
1460
- }
1461
- }
1462
- }
1463
- } //else echo "excerpt:".$Q_post["post_excerpt"];
1464
- foreach ($decode_list as $decode => $regex)
1465
- if (preg_match($regex.substr($GLOBALS["GOTMLS"]["tmp"]["default_ext"], 0, 1), $GLOBALS["GOTMLS"]["tmp"]["file_contents"]))
1466
- $fa .= ' <a href="'.GOTMLS_script_URI.'&'.$function.'[]='.$decode.'">decode['.$decode.']</a>';
1467
- die("\n".'<script type="text/javascript">
1468
- function select_text_range(ta_id, start, end) {
1469
- ta_element = document.getElementById(ta_id);
1470
- ta_element.focus();
1471
- if(ta_element.setSelectionRange)
1472
- ta_element.setSelectionRange(start, end);
1473
- else {
1474
- var r = ta_element.createTextRange();
1475
- r.collapse(true);
1476
- r.moveEnd(\'character\', end);
1477
- r.moveStart(\'character\', start);
1478
- r.select();
1479
- }
1480
- }
1481
- window.parent.showhide("GOTMLS_iFrame", true);
1482
- </script><table style="top: 0px; left: 0px; width: 100%; height: 100%; position: absolute;"><tr><td style="width: 100%"><form style="margin: 0;" method="post" action="'.admin_url('admin-ajax.php').'" onsubmit="return confirm(\''.__("Are you sure you want to delete this file from the quarantine?",'gotmls').'\');"><input type="hidden" name="GOTMLS_fix[]" value="'.$Q_post["ID"].'"><input type="hidden" name="GOTMLS_fixing" value="2"><input type="hidden" name="action" value="GOTMLS_fix"><input type="submit" value="DELETE from Quarantine" style="background-color: #C00; float: right;"></form><div id="fileperms" class="shadowed-box rounded-corners" style="display: none; position: absolute; left: 8px; top: 29px; background-color: #ccc; border: medium solid #C00; box-shadow: -3px 3px 3px #666; border-radius: 10px; padding: 10px;"><b>File Details</b><br />encoding: '.(function_exists("mb_detect_encoding")?mb_detect_encoding($GLOBALS["GOTMLS"]["tmp"]["file_contents"]):"Unknown").'<br />size: '.strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]).' bytes<br />infected:'.$Q_post["post_modified_gmt"].'<br />quarantined:'.$Q_post["post_date_gmt"].'</div><div style="overflow: auto;"><span onmouseover="document.getElementById(\'fileperms\').style.display=\'block\';" onmouseout="document.getElementById(\'fileperms\').style.display=\'none\';">'.__("File Details:",'gotmls').'</span> ('.$fa.' )</div></td></tr><tr><td style="height: 100%"><textarea id="ta_file" style="width: 100%; height: 100%">'.htmlentities(str_replace("\r", "", $GLOBALS["GOTMLS"]["tmp"]["file_contents"])).'</textarea></td></tr></table>');
1483
- } else
1484
- die(GOTMLS_html_tags(array("html" => array("body" => __("This file no longer exists in the quarantine.",'gotmls')."<br />\n<script type=\"text/javascript\">\nwindow.parent.showhide('GOTMLS_iFrame', true);\n</script>"))));
1485
- } else {
1486
- $file = GOTMLS_decode($_GET["GOTMLS_scan"]);
1487
- if (is_dir($file)) {
1488
- @error_reporting(0);
1489
- @header("Content-type: text/javascript");
1490
- if (isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"]))
1491
- $GLOBALS["GOTMLS"]["tmp"]["skip_ext"] = $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"];
1492
- @ob_start();
1493
- echo GOTMLS_scandir($file);
1494
- if (@ob_get_level()) {
1495
- GOTMLS_flush();
1496
- @ob_end_flush();
1497
- }
1498
- die('//END OF JavaScript');
1499
- } else {
1500
- if (!file_exists($file))
1501
- die(GOTMLS_html_tags(array("html" => array("body" => sprintf(__("The file %s does not exist, it must have already been deleted.",'gotmls'), $file)."<script type=\"text/javascript\">\nwindow.parent.showhide('GOTMLS_iFrame', true);\n</script>"))));
1502
- else {
1503
- GOTMLS_scanfile($file);
1504
  $fa = "";
1505
  $function = 'GOTMLS_decode';
1506
- $decode_list = array("Base64" => '/base64_decode\([\'"]([0-9\+\/\=a-z]+)[\'"]\)/', "Hex" => '/(\\\\x[0-9a-f]{2})/');
1507
  if (isset($_GET[$function]) && is_array($_GET[$function])) {
1508
  foreach ($_GET[$function] as $decode) {
1509
  if (isset($decode_list[$decode])) {
@@ -1512,22 +1476,36 @@ function GOTMLS_ajax_scan() {
1512
  } else
1513
  $fa .= " NO-$decode";
1514
  }
1515
- } elseif (isset($GLOBALS["GOTMLS"]["tmp"]["threats_found"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["threats_found"]) && count($GLOBALS["GOTMLS"]["tmp"]["threats_found"])) {
1516
  $f = 1;
1517
- foreach ($GLOBALS["GOTMLS"]["tmp"]["threats_found"] as $threats_found=>$threats_name) {
 
1518
  list($start, $end, $junk) = explode("-", "$threats_found--", 3);
1519
- if ($start > $end)
1520
- $fa .= 'ERROR['.($f++).']: Threat_size{'.$threats_found.'} Content_size{'.strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]).'}';
1521
- else
1522
- $fa .= ' <a title="'.htmlspecialchars($threats_name).'" href="javascript:select_text_range(\'ta_file\', '.$start.', '.$end.');">['.$f++.']</a>';
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1523
  }
1524
- } else
1525
- $fa = " No Threats Found";
1526
  foreach ($decode_list as $decode => $regex)
1527
  if (preg_match($regex.substr($GLOBALS["GOTMLS"]["tmp"]["default_ext"], 0, 1), $GLOBALS["GOTMLS"]["tmp"]["file_contents"]))
1528
  $fa .= ' <a href="'.GOTMLS_script_URI.'&'.$function.'[]='.$decode.'">decode['.$decode.']</a>';
1529
  die("\n".'<script type="text/javascript">
1530
- function select_text_range(ta_id, start, end) {
1531
  ta_element = document.getElementById(ta_id);
1532
  ta_element.focus();
1533
  if(ta_element.setSelectionRange)
@@ -1539,14 +1517,77 @@ function GOTMLS_ajax_scan() {
1539
  r.moveStart(\'character\', start);
1540
  r.select();
1541
  }
1542
- }
1543
- window.parent.showhide("GOTMLS_iFrame", true);
1544
- </script><table style="top: 0px; left: 0px; width: 100%; height: 100%; position: absolute;"><tr><td style="width: 100%"><form style="margin: 0;" method="post" action="'.admin_url('admin-ajax.php').'" onsubmit="return confirm(\''.__("Are you sure this file is not infected and you want to ignore it in future scans?",'gotmls').'\');"><input type="hidden" name="GOTMLS_whitelist" value="'.GOTMLS_encode($file).'"><input type="hidden" name="action" value="GOTMLS_whitelist"><input type="hidden" name="GOTMLS_chksum" value="'.md5($GLOBALS["GOTMLS"]["tmp"]["file_contents"]).'O'.GOTMLS_installation_key.'"><input type="submit" value="Whitelist this file" style="float: right;"></form><div id="fileperms" class="shadowed-box rounded-corners" style="display: none; position: absolute; left: 8px; top: 29px; background-color: #ccc; border: medium solid #C00; box-shadow: -3px 3px 3px #666; border-radius: 10px; padding: 10px;"><b>File Details</b><br />encoding: '.(function_exists("mb_detect_encoding")?mb_detect_encoding($GLOBALS["GOTMLS"]["tmp"]["file_contents"]):"Unknown").'<br />size: '.strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]).' ('.filesize($file).'bytes)<br />permissions: '.GOTMLS_fileperms($file).'<br />modified:'.date(" Y-m-d H:i:s ", filemtime($file)).'<br />changed:'.date(" Y-m-d H:i:s ", filectime($file)).'</div><div style="overflow: auto;"><span onmouseover="document.getElementById(\'fileperms\').style.display=\'block\';" onmouseout="document.getElementById(\'fileperms\').style.display=\'none\';">'.__("Potential threats in file:",'gotmls').'</span> ('.$fa.' )</div></td></tr><tr><td style="height: 100%"><textarea id="ta_file" style="width: 100%; height: 100%">'.htmlentities(str_replace("\r", "", $GLOBALS["GOTMLS"]["tmp"]["file_contents"])).'</textarea></td></tr></table>');
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1545
  }
1546
  }
1547
- }
 
1548
  } else
1549
- die("\n//Directory Error: Nothing to scan!\n");
1550
  }
1551
  add_action('wp_ajax_GOTMLS_scan', 'GOTMLS_ajax_scan');
1552
 
@@ -1562,4 +1603,4 @@ add_action('wp_ajax_nopriv_GOTMLS_empty_trash', 'GOTMLS_ajax_nopriv');
1562
  add_action("plugins_loaded", "GOTMLS_loaded");
1563
  add_action("admin_notices", "GOTMLS_admin_notices");
1564
  add_action("admin_menu", "GOTMLS_menu");
1565
- add_action("network_admin_menu", "GOTMLS_menu");
8
  Contributors: scheeeli, gotmls
9
  Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
10
  Description: This Anti-Virus/Anti-Malware plugin searches for Malware and other Virus like threats and vulnerabilities on your server and helps you remove them. It's always growing and changing to adapt to new threats so let me know if it's not working for you.
11
+ Version: 4.15.43
12
  */
13
  if (isset($_SERVER["DOCUMENT_ROOT"]) && ($SCRIPT_FILE = str_replace($_SERVER["DOCUMENT_ROOT"], "", isset($_SERVER["SCRIPT_FILENAME"])?$_SERVER["SCRIPT_FILENAME"]:isset($_SERVER["SCRIPT_NAME"])?$_SERVER["SCRIPT_NAME"]:"")) && strlen($SCRIPT_FILE) > strlen("/".basename(__FILE__)) && substr(__FILE__, -1 * strlen($SCRIPT_FILE)) == substr($SCRIPT_FILE, -1 * strlen(__FILE__)))
14
  include(dirname(__FILE__)."/safe-load/index.php");
57
  }
58
 
59
  function GOTMLS_menu() {
60
+ if (GOTMLS_get_nonce() && GOTMLS_user_can() && isset($_POST["GOTMLS_menu_group"]) && is_numeric($_POST["GOTMLS_menu_group"])) {
61
  $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["menu_group"] = $_POST["GOTMLS_menu_group"];
62
  update_option('GOTMLS_settings_array', $GLOBALS["GOTMLS"]["tmp"]["settings_array"]);
63
  }
72
  $my_admin_page = add_object_page($pageTitle, $pluginTitle, $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"], $base_page, $base_function, $GOTMLS_Full_plugin_logo_URL);
73
  add_action('load-'.$my_admin_page, 'GOTMLS_admin_add_help_tab');
74
  add_submenu_page($base_page, "$pluginTitle ".GOTMLS_Scan_Settings_LANGUAGE, GOTMLS_Scan_Settings_LANGUAGE, $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"], $base_page, $base_function);
75
+ if (is_dir(dirname(__FILE__)."/../../../wp-includes") && is_dir(dirname(__FILE__)."/../../../wp-admin"))
76
+ add_submenu_page($base_page, "$pluginTitle ".GOTMLS_Run_Quick_Scan_LANGUAGE, GOTMLS_Run_Quick_Scan_LANGUAGE." (WP Core)", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"], "$base_page&scan_type=Quick+Scan&".GOTMLS_set_nonce(), $base_function);
77
  if (is_dir(dirname(__FILE__)."/../../../wp-content/plugins"))
78
+ add_submenu_page($base_page, "$pluginTitle ".GOTMLS_Run_Quick_Scan_LANGUAGE, GOTMLS_Run_Quick_Scan_LANGUAGE." (plugins)", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"], "$base_page&scan_type=Quick+Scan&scan_only[]=wp-content/plugins&".GOTMLS_set_nonce(), $base_function);
79
  if (is_dir(dirname(__FILE__)."/../../../wp-content/themes"))
80
+ add_submenu_page($base_page, "$pluginTitle ".GOTMLS_Run_Quick_Scan_LANGUAGE, GOTMLS_Run_Quick_Scan_LANGUAGE." (themes)", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"], "$base_page&scan_type=Quick+Scan&scan_only[]=wp-content/themes&".GOTMLS_set_nonce(), $base_function);
81
  add_submenu_page($base_page, "$pluginTitle ".GOTMLS_View_Quarantine_LANGUAGE, GOTMLS_View_Quarantine_LANGUAGE.(($Qs = GOTMLS_get_quarantine(true))?' <span class="awaiting-mod count-'.$Qs.'"><span class="awaiting-mod">'.$Qs.'</span></span>':""), $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"], "GOTMLS-View-Quarantine", "GOTMLS_View_Quarantine");
82
  }
83
 
106
  $screen->add_help_tab(array(
107
  'id' => 'GOTMLS_Menu_Placement',
108
  'title' => __("Menu Placement", 'gotmls'),
109
+ 'content' => '<form method="POST" name="GOTMLS_menu_Form" action="'.admin_url('admin.php?page=GOTMLS-settings&'.GOTMLS_set_nonce()).'">'.$menu_opts.'</form>'
110
  ));
111
  }
112
+
113
  function GOTMLS_close_button($box_id, $margin = '6px') {
114
  return '<a href="javascript:void(0);" style="float: right; color: #F00; overflow: hidden; width: 20px; height: 20px; text-decoration: none; margin: '.$margin.'" onclick="showhide(\''.$box_id.'\');"><span class="dashicons dashicons-dismiss"></span>X</a>';
115
  }
116
+
117
  function GOTMLS_enqueue_scripts() {
118
  wp_enqueue_style('dashicons');
119
  }
120
  add_action('admin_enqueue_scripts', 'GOTMLS_enqueue_scripts');
121
+
122
  function GOTMLS_display_header($optional_box = "") {
123
  global $wp_version, $current_user;
124
  get_currentuserinfo();
132
  $new_version = "";
133
  $file = basename(GOTMLS_plugin_path).'/index.php';
134
  $current = get_site_transient("update_plugins");
135
+ if (isset($current->response[$file]->new_version) && version_compare(GOTMLS_Version, $current->response[$file]->new_version, "<")) {
136
  $new_version = sprintf(__("Upgrade to %s now!",'gotmls'), $current->response[$file]->new_version).'<br /><br />';
137
  $Update_Link .= wp_nonce_url(self_admin_url('update.php?action=upgrade-plugin&plugin=').$file, 'upgrade-plugin_'.$file);
138
  }
338
  corner.style.width="90%";
339
  corner.style.height="20px";
340
  }
341
+ document.getElementById("GOTMLS_statusFrame").src = "'.admin_url('admin-ajax.php?action=GOTMLS_position&'.GOTMLS_set_nonce().'&GOTMLS_x=').'"+curDiv.style.left+"&GOTMLS_y="+curDiv.style.top;
342
  offsetX=0;
343
  offsetY=0;
344
  }
357
  corner.style.width="20px";
358
  corner.style.height="20px";
359
  }
360
+ document.getElementById("GOTMLS_statusFrame").src = "'.admin_url('admin-ajax.php?action=GOTMLS_position&'.GOTMLS_set_nonce().'&GOTMLS_w=').'"+curDiv.style.width+"&GOTMLS_h="+curDiv.style.height;
361
  offsetW=0;
362
  offsetH=0;
363
  }
370
  <li>Plugin: <span class="GOTMLS_date">'.GOTMLS_Version.'</span></li>
371
  <li>Definitions: <span class="GOTMLS_date">'.$GLOBALS["GOTMLS"]["tmp"]["Definition"]["Latest"].'</span></li>
372
  <li>Key: <span style="float: right;">'.GOTMLS_installation_key.'</span></li></ul>
373
+ <form id="updateform" method="post" name="updateform" action="'.str_replace("GOTMLS_mt=", "GOTMLS_last_mt=", GOTMLS_script_URI).'&'.GOTMLS_set_nonce().'">
374
  <img style="display: none; float: right; margin-right: 14px;" src="'.GOTMLS_images_path.'checked.gif" height=16 width=16 alt="definitions file updated" id="autoUpdateDownload" onclick="showhide(\'autoUpdateForm\', true);">
375
  '.str_replace('findUpdates', 'Definition_Updates', $Update_Div).'
376
  <div id="autoUpdateForm" style="display: none;">
515
  if (divx = document.getElementById("GOTMLS-main-section"))
516
  divx.style.marginRight = "30px";';
517
  foreach ($GLOBALS["GOTMLS"]["tmp"]["stuffbox"] as $md5 => $bTitle) {
518
+ echo "\nif (divx = document.getElementById('inside_$md5'))\n\tdivx.style.display = 'block';\nif (divx = document.getElementById('title_$md5'))\n\tdivx.innerHTML = '".GOTMLS_strip4java($bTitle, true)."';";
519
  $else .= "\nif (divx = document.getElementById('inside_$md5'))\n\tdivx.style.display = 'none';\nif (divx = document.getElementById('title_$md5'))\n\tdivx.innerHTML = '".substr($bTitle, 0, 1)."';";
520
  }
521
  echo '
555
  function GOTMLS_get_scanlog() {
556
  global $wpdb;
557
  $LastScan = '';
558
+ if (isset($_GET["GOTMLS_cl"]) && GOTMLS_get_nonce()) {
559
  $SQL = $wpdb->prepare("DELETE FROM `$wpdb->options` WHERE option_name LIKE %s AND substring_index(option_name, '/', -1) < %s", 'GOTMLS_scan_log/%', $_GET["GOTMLS_cl"]);
560
  if ($cleared = $wpdb->query($SQL))
561
  $LastScan .= sprintf(__("Cleared %s records from this log.",'gotmls'), $cleared);
572
  $LastScan .= htmlentities($GOTMLS_scan_log["scan"]["type"]);
573
  else
574
  $LastScan .= "Unknown scan type";
575
+ //eli fix $GOTMLS_scan_log["scan"]["dir"] not init'd
576
  if (isset($GOTMLS_scan_log["scan"]["dir"]) && is_dir($GOTMLS_scan_log["scan"]["dir"]))
577
  $LastScan .= " of ".basename($GOTMLS_scan_log["scan"]["dir"]);
578
  if (isset($GOTMLS_scan_log["scan"]["start"]) && is_numeric($GOTMLS_scan_log["scan"]["start"])) {
597
  $LastScan .= " and has not finish";
598
  } else
599
  $LastScan .= " failed to started";
600
+ $LastScan .= '<a href="'.GOTMLS_script_URI.'&GOTMLS_cl='.$row["mt"].'&'.GOTMLS_set_nonce().'">[clear log below this entry]</a></li>';
601
  }
602
  $LastScan .= '</ul>';
603
  } else
630
 
631
  function GOTMLS_get_quarantine($only = false) {
632
  global $wpdb, $post;
633
+ $old_files = 0;
634
  if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["quarantine_dir"]) || $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["quarantine_dir"]) {
635
  if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["quarantine_dir"])) {
636
  if (($upload = wp_upload_dir()) && isset($upload['basedir']))
643
  if (is_array($entries) && count($entries)) {
644
  foreach ($entries as $entry) {
645
  if (is_file($file = GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["quarantine_dir"]).$entry)) {
646
+ if (GOTMLS_get_ext($entry) == "gotmls") {
647
+ $old_files++;
648
+ if (GOTMLS_get_nonce() && ($GLOBALS["GOTMLS"]["tmp"]["file_contents"] = @file_get_contents($file))) {
649
+ $insert = array("post_author"=>GOTMLS_get_current_user_id(), "ping_status"=>"imported", "post_status"=>"private", "post_type"=>"GOTMLS_quarantine", "post_content"=>GOTMLS_encode($GLOBALS["GOTMLS"]["tmp"]["file_contents"]), "post_mime_type"=>md5($GLOBALS["GOTMLS"]["tmp"]["file_contents"]), "guid"=>"Unknown");//! comment_status post_password post_name to_ping post_parent menu_order";
650
+ if (!($insert["comment_count"] = @filesize($file)))
651
+ $insert["comment_count"] = strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]);
652
+ $file_date = explode(".", $entry);
653
+ $insert["post_date"] = date("Y-m-d H:i:s", filemtime($file));
654
+ $insert["post_date_gmt"] = $insert["post_date"];
655
+ $insert["post_modified"] = $insert["post_date"];
656
+ $match = '/^(20)?([0-5][0-9])[\-: \/]*(0*[1-9]|1[0-2])[\-: \/]*(0*[1-9]|[12][0-9]|3[01])[\-: \/]*([0-5][0-9])[\-: \/]*([0-5][0-9])$/';
657
+ if (count($file_date) > 2 && strlen($file_date[0]) == 5 && preg_match($match, GOTMLS_sexagesimal($file_date[0])))
658
+ $insert["post_modified"] = GOTMLS_sexagesimal($file_date[0]).":00";
659
+ elseif (count($file_date) > 3 && strlen($file_date[1]) == 5 && preg_match($match, GOTMLS_sexagesimal($file_date[1])))
660
+ $insert["post_modified"] = GOTMLS_sexagesimal($file_date[1]).":00";
661
+ $insert["post_modified_gmt"] = $insert["post_modified"];
662
+ $insert["post_title"] = GOTMLS_decode($file_date[count($file_date)-2]);
663
+ if (is_file($insert["post_title"]) && ($GLOBALS["GOTMLS"]["tmp"]["new_contents"] = file_get_contents($insert["post_title"])))
664
+ $insert["post_content_filtered"] = GOTMLS_encode($GLOBALS["GOTMLS"]["tmp"]["new_contents"]);
665
+ //! pinged post_excerpt
666
+ if ($wpdb->insert($wpdb->posts, $insert)) {
667
+ unlink(trailingslashit($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["quarantine_dir"]).$entry);
668
+ $old_files--;
669
+ } else
670
+ print_r(array($entry=>$insert, "last_error"=>$wpdb->last_error));
671
+ }
672
  } elseif (basename($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["quarantine_dir"]) == "quarantine")
673
  unlink(trailingslashit($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["quarantine_dir"]).$entry);
674
  }
675
  }
676
  }
677
+ if ($old_files == 0 && basename($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["quarantine_dir"]) == "quarantine")
678
  rmdir($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["quarantine_dir"]);
679
  }
680
  if (!($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["quarantine_dir"] && is_dir($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["quarantine_dir"]))) {
685
  if (is_numeric($only))
686
  return get_post($only, ARRAY_A);
687
  elseif ($only)
688
+ return $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->posts WHERE `post_type` = 'GOTMLS_quarantine' AND `post_status` = 'private'") + $old_files;
689
  else
690
  $args = array('posts_per_page' => (isset($_GET['posts_per_page'])&&is_numeric($_GET['posts_per_page'])&&$_GET['posts_per_page']>0?$_GET['posts_per_page']:200), 'orderby' => 'date', 'post_type' => 'GOTMLS_quarantine', "post_status" => "private");
691
  if (isset($_POST["paged"]))
692
  $args["paged"] = $_POST["paged"];
693
+ if ($old_files) {
694
+ $Q_Paged = '<form method="POST" name="GOTMLS_Form_page">';
695
+ $Q_Page = '<form method="POST" name="GOTMLS_Form_clean"><input type="hidden" name="'.str_replace('=', '" value="', GOTMLS_set_nonce()).'">'.__("You have old Quarantined files in the uploads directory on your server. The new quarantine is in your WordPress Database. You need to import these files into your database where they will be safer or just delete the quarantine folder inside /wp-content/uploads/ if you would rather just delete them.",'gotmls').'<br /><input type="submit" value="Import Quarantined Files Now">';
696
+ } else {
697
+ $my_query = new WP_Query($args);
698
+ $Q_Paged = '<form method="POST" name="GOTMLS_Form_page"><input type="hidden" id="GOTMLS_paged" name="paged" value="1"><div style="float: left;">Page:</div>';
699
+ $Q_Page = '
700
+ <form method="POST" action="'.admin_url('admin-ajax.php?'.GOTMLS_set_nonce()).(isset($_SERVER["QUERY_STRING"])&&strlen($_SERVER["QUERY_STRING"])?"?".$_SERVER["QUERY_STRING"]:"").'" target="GOTMLS_iFrame" name="GOTMLS_Form_clean"><input type="hidden" id="GOTMLS_fixing" name="GOTMLS_fixing" value="1"><input type="hidden" name="action" value="GOTMLS_fix">';
701
+ if ($my_query->have_posts()) {
702
+ $Q_Page .= '<p id="quarantine_buttons" style="display: none;"><input id="repair_button" type="submit" value="'.__("Restore selected files",'gotmls').'" class="button-primary" onclick="if (confirm(\''.__("Are you sure you want to overwrite the previously cleaned files with the selected files in the Quarantine?",'gotmls').'\')) { setvalAllFiles(1); loadIframe(\'File Restoration Results\'); } else return false;" /><input id="delete_button" type="submit" class="button-primary" value="'.__("Delete selected files",'gotmls').'" onclick="if (confirm(\''.__("Are you sure you want to permanently delete the selected files in the Quarantine?",'gotmls').'\')) { setvalAllFiles(2); loadIframe(\'File Deletion Results\'); } else return false;" /></p><p><b>'.__("The following items have been found to contain malicious code, they have been cleaned, and the original infected file contents have been saved here in the Quarantine. The code is safe here and you do not need to do anything further with these files.",'gotmls').'</b></p>
703
+ <ul name="found_Quarantine" id="found_Quarantine" class="GOTMLS_plugin known" style="background-color: #ccc; padding: 0;"><h3>'.($my_query->post_count>1?'<input type="checkbox" onchange="checkAllFiles(this.checked); document.getElementById(\'quarantine_buttons\').style.display = \'block\';"> '.sprintf(__("Check all %d",'gotmls'),$my_query->post_count):"").__(" Items in Quarantine",'gotmls').'<span class="GOTMLS_date">Date Quarantined</span><span class="GOTMLS_date">Date Infected</span></h3>';
704
+ $root_path = implode(GOTMLS_slash(), array_slice(GOTMLS_explode_dir(__file__), 0, (2 + intval($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"])) * -1));
705
+ while ($my_query->have_posts()) {
706
+ $my_query->the_post();
707
+ $Q_Page .= '
708
+ <li id="GOTMLS_quarantine_'.$post->ID.'" class="GOTMLS_quarantine_item"><span class="GOTMLS_date">'.$post->post_date_gmt.'</span><span class="GOTMLS_date">'.$post->post_modified_gmt.'</span><input type="checkbox" name="GOTMLS_fix[]" value="'.$post->ID.'" id="check_'.$post->ID.'" onchange="document.getElementById(\'quarantine_buttons\').style.display = \'block\';" /><img src="'.GOTMLS_images_path.'blocked.gif" height=16 width=16 alt="Q">'.GOTMLS_error_link(__("View Quarantined File",'gotmls'), $post->ID).str_replace($root_path, "...", $post->post_title)."</a></li>\n";
709
+ }
710
+ $Q_Page .= "\n</ul>";
711
+ for ($p = 1; $p <= $my_query->max_num_pages; $p++) {
712
+ $Q_Paged .= '<input class="GOTMLS_page" type="submit" value="'.$p.'"'.((isset($_POST["paged"]) && $_POST["paged"] == $p) || (!isset($_POST["paged"]) && 1 == $p)?" DISABLED":"").' onclick="document.getElementById(\'GOTMLS_paged\').value = \''.$p.'\';">';
713
+ }
714
+ } else
715
+ $Q_Page .= '<h3>'.__("No Items in Quarantine",'gotmls').'</h3>';
716
+ wp_reset_query();
717
+ }
718
  $return = "$Q_Paged\n</form><br style=\"clear: left;\" />\n$Q_Page\n</form>\n$Q_Paged\n</form><br style=\"clear: left;\" />\n";
719
  if (($trashed = $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->posts WHERE `post_type` = 'GOTMLS_quarantine' AND `post_status` != 'private'")) > 1)
720
+ $return = "<a href='".admin_url('admin-ajax.php?action=GOTMLS_empty_trash&'.GOTMLS_set_nonce())."' id='empty_trash_link' style='float: right;' target='GOTMLS_statusFrame'>[Clear $trashed Deleted Files from the Trash]</a>".$return;
721
  return $return;
722
  }
723
 
741
  if (is_array($definition_version) && isset($definition_version[0]) && strlen($definition_version[0]) == 5)
742
  if (!isset($GOTMLS_definitions_versions[$threat_level]) || $definition_version[0] > $GOTMLS_definitions_versions[$threat_level])
743
  $GOTMLS_definitions_versions[$threat_level] = $definition_version[0];
744
+ if (isset($_POST["UPDATE_definitions_array"]) && strlen($_POST["UPDATE_definitions_array"]) && GOTMLS_get_nonce()) {
745
  if (strlen($_POST["UPDATE_definitions_array"]) > 1) {
746
  $GOTnew_definitions = maybe_unserialize(GOTMLS_decode($_POST["UPDATE_definitions_array"]));
747
  if (is_array($GOTnew_definitions))
783
  $gt = ">";
784
  $lt = "<";
785
  GOTMLS_update_definitions();
786
+ if ($GOTMLS_nonce = GOTMLS_get_nonce()) {
787
+ if (isset($_REQUEST["check"]) && is_array($_REQUEST["check"]))
788
+ $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"] = $_REQUEST["check"];
789
+ /* $threat_names = array_keys($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"]);
790
+ foreach ($threat_names as $threat_name) {
791
+ if (isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"][$threat_name]) && is_array($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"][$threat_name]) && count($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"][$threat_name]) > 1) {
792
+ if ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"][$threat_name][0] > $GOTMLS_definitions_version)
793
+ $GOTMLS_definitions_version = $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"][$threat_name][0];
794
+ if (!(count($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"]) && in_array($threat_name, $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"]))) {
795
+ $GLOBALS["GOTMLS"]["tmp"]["threat_levels"][$threat_name] = count($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"][$threat_name]);
796
+ if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"]) && $GLOBALS["GOTMLS"]["tmp"]["threat_levels"][$threat_name] > 2)
797
+ $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"] = "known";
798
+ }
799
  }
800
+ }*/
801
+ if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"])) {
802
+ $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"] = $GLOBALS["GOTMLS"]["tmp"]["threat_levels"];
803
+ update_option("GOTMLS_settings_array", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]);
804
  }
 
 
 
 
805
  }
806
  $dirs = GOTMLS_explode_dir(__file__);
807
  for ($SL=0;$SL<intval($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"]);$SL++)
863
  if (is_array($files))
864
  foreach ($files as $file)
865
  if (is_dir(GOTMLS_trailingslashit($dir).$file))
866
+ $scan_whatopts = $lt.'input type="checkbox" name="scan_only[]" value="'.htmlentities($file).'" /'.$gt.htmlentities($file).$lt.'br /'.$gt.$scan_whatopts;
867
  $scan_whatopts = "\n$lt".'div style="padding: 4px 30px;" id="scan_group_div_'.$mg.'"'.$gt.$lt.'input type="radio" name="scan_what" id="not-only'.$mg.'" value="'.$mg.'"'.($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_what"]==$mg?' checked':'').' /'.$gt.$lt.'a style="text-decoration: none;" href="#scan_what" onclick="showOnly(\''.$mg.'\');document.getElementById(\'not-only'.$mg.'\').checked=true;"'."$gt$GOTMLS_scan_group$lt/a$gt{$lt}br /$gt\n$lt".'div class="rounded-corners" style="position: absolute; display: none; background-color: #CCF; margin: 0; padding: 10px; z-index: 10;" id="only'.$mg.'"'.$gt.$lt.'div style="padding-bottom: 6px;"'.$gt.GOTMLS_close_button('only'.$mg, 0).$lt.'b'.$gt.str_replace(" ", "&nbsp;", __("Only Scan These Folders:",'gotmls')).$lt.'/b'.$gt.$lt.'/div'.$gt.$scan_whatopts;
868
  }
869
  $scan_optjs .= "document.getElementById('only'+what).style.display = 'block';\n}".((isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["auto_UPDATE_definitions"]) && $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["auto_UPDATE_definitions"])?"\nfunction auto_UPDATE_check() {\n\tif (auto_UPdef_check = document.getElementById('auto_UPDATE_definitions_check'))\n\t\tauto_UPdef_check.checked = true;\n}\nif (window.addEventListener)\n\twindow.addEventListener('load', auto_UPDATE_check)\nelse\n\tdocument.attachEvent('onload', auto_UPDATE_check);\n":"")."$lt/script$gt";
870
+ $scan_opts = "\n$lt".'form method="POST" name="GOTMLS_Form"'.$gt.$lt.'input type="hidden" name="'.str_replace('=', '" value="', GOTMLS_set_nonce()).'"'.$gt.$lt.'input type="hidden" name="scan_type" id="scan_type" value="Complete Scan" /'.$gt.'
871
  '.$lt.'div style="float: left;"'.$gt.$lt.'p'.$gt.$lt.'b'.$gt.__("What to look for:",'gotmls').$lt.'/b'.$gt.$lt.'/p'.$gt.'
872
  '.$lt.'div style="padding: 0 30px;"'.$gt;
873
  foreach ($GLOBALS["GOTMLS"]["tmp"]["threat_levels"] as $threat_level_name=>$threat_level) {
1016
  }
1017
  var startTime = 0;
1018
  '.$lt.'/script'.$gt.GOTMLS_box(GOTMLS_Scan_Settings_LANGUAGE, $scan_opts);
1019
+ if (isset($_REQUEST["scan_type"]) && $_REQUEST["scan_type"] == "Save") {
1020
+ if ($GOTMLS_nonce) {
1021
+ update_option('GOTMLS_settings_array', $GLOBALS["GOTMLS"]["tmp"]["settings_array"]);
1022
+ echo "\n{$lt}script type='text/javascript'$gt\nalert('Settings Saved!');\n$lt/script$gt\n";
1023
+ } else
1024
+ echo GOTMLS_box(GOTMLS_Invalid_Nonce_LANGUAGE, __("Saving these settings requires a valid Nonce Token. No valid Nonce Token was found at this time, either because the token have expired or because the data was invalid. Please try re-submitting the form above.",'gotmls')."\n{$lt}script type='text/javascript'$gt\nalert('".GOTMLS_Invalid_Nonce_LANGUAGE."');\n$lt/script$gt\n");
1025
+ } elseif (isset($_REQUEST["scan_what"]) && is_numeric($_REQUEST["scan_what"]) && ($_REQUEST["scan_what"] > -1)) {
1026
+ if ($GOTMLS_nonce) {
1027
+ update_option('GOTMLS_settings_array', $GLOBALS["GOTMLS"]["tmp"]["settings_array"]);
1028
+ if (!isset($_REQUEST["scan_type"]))
1029
+ $_REQUEST["scan_type"] = "Complete Scan";
1030
+ echo "\n$lt".'form method="POST" action="'.admin_url('admin-ajax.php?'.GOTMLS_set_nonce()).(isset($_SERVER["QUERY_STRING"])&&strlen($_SERVER["QUERY_STRING"])?"&".$_SERVER["QUERY_STRING"]:"").'" target="GOTMLS_iFrame" name="GOTMLS_Form_clean"'.$gt.$lt.'input type="hidden" name="action" value="GOTMLS_fix"'.$gt.$lt.'input type="hidden" id="GOTMLS_fixing" name="GOTMLS_fixing" value="1"'.$gt;
1031
+ foreach ($_POST as $name => $value) {
1032
+ if (substr($name, 0, 10) != 'GOTMLS_fix') {
1033
+ if (is_array($value)) {
1034
+ foreach ($value as $val)
1035
+ echo $lt.'input type="hidden" name="'.$name.'[]" value="'.htmlspecialchars($val).'"'.$gt;
1036
+ } else
1037
+ echo $lt.'input type="hidden" name="'.$name.'" value="'.htmlspecialchars($value).'"'.$gt;
1038
+ }
1039
  }
1040
+ echo "\n$lt".'script type="text/javascript"'.$gt.'showhide("inside_'.md5(GOTMLS_Scan_Settings_LANGUAGE).'");'.$lt.'/script'.$gt.GOTMLS_box(htmlentities($_REQUEST["scan_type"]).' Status', $lt.'div id="status_text"'.$gt.$lt.'img src="'.GOTMLS_images_path.'wait.gif" height=16 width=16 alt="..."'.$gt.' '.GOTMLS_Loading_LANGUAGE.$lt.'/div'.$gt.$lt.'div id="status_bar"'.$gt.$lt.'/div'.$gt.$lt.'p id="pause_button" style="display: none; position: absolute; left: 0; text-align: center; margin-left: -30px; padding-left: 50%;"'.$gt.$lt.'input type="button" value="Pause" class="button-primary" onclick="pauseresume(this);" id="resume_button" /'.$gt.$lt.'/p'.$gt.$lt.'div id="status_counts"'.$gt.$lt.'/div'.$gt.$lt.'p id="fix_button" style="display: none; text-align: center;"'.$gt.$lt.'input id="repair_button" type="submit" value="'.GOTMLS_Automatically_Fix_LANGUAGE.'" class="button-primary" onclick="loadIframe(\'Examine Results\');" /'.$gt.$lt.'/p'.$gt);
1041
+ $scan_groups_UL = "";
1042
+ foreach ($scan_groups as $scan_name => $scan_group)
1043
+ $scan_groups_UL .= "\n{$lt}ul name=\"found_$scan_group\" id=\"found_$scan_group\" class=\"GOTMLS_plugin $scan_group\" style=\"background-color: #ccc; display: none; padding: 0;\"$gt{$lt}a class=\"rounded-corners\" name=\"link_$scan_group\" style=\"float: right; padding: 0 4px; margin: 5px 5px 0 30px; line-height: 16px; text-decoration: none; color: #C00; background-color: #FCC; border: solid #F00 1px;\" href=\"#found_top\" onclick=\"showhide('found_$scan_group');\"{$gt}X$lt/a$gt{$lt}h3$gt$scan_name$lt/h3$gt\n".($scan_group=='potential'?$lt.'p'.$gt.' &nbsp; * '.__("NOTE: These are probably not malicious scripts (but it's a good place to start looking <u>IF</u> your site is infected and no Known Threats were found).",'gotmls').$lt.'/p'.$gt:($scan_group=='wp_core'?$lt.'p'.$gt.' &nbsp; * '.sprintf(__("NOTE: We have detected changes to the WordPress Core files on your site. This could be an intentional modification or the malicious work of a hacker. We can restore these files to their original state to preserve the integrity of your original WordPress %s installation.",'gotmls'), $wp_version).' (for more info '.$lt.'a target="_blank" href="http://gotmls.net/tag/wp-core-files/"'.$gt.__("read my blog",'gotmls').$lt.'/a'.$gt.').'.$lt.'/p'.$gt:$lt.'br /'.$gt)).$lt.'/ul'.$gt;
1044
+ if (!($dir = implode(GOTMLS_slash(), array_slice($dirs, 0, -1 * (2 + $_REQUEST["scan_what"]))))) $dir = "/";
1045
+ GOTMLS_update_scan_log(array("scan" => array("dir" => $dir, "start" => time(), "type" => htmlentities($_REQUEST["scan_type"]))));
1046
+ echo GOTMLS_box($lt.'div style="float: right;"'.$gt.'&nbsp;('.$GLOBALS["GOTMLS"]["log"]["scan"]["dir"].")&nbsp;$lt/div$gt".__("Scan Details:",'gotmls'), $scan_groups_UL);
1047
+ $no_flush_LANGUAGE = __("Not flushing OB Handlers: %s",'gotmls');
1048
+ if (isset($_REQUEST["no_ob_end_flush"]))
1049
+ echo $lt.'div class="error"'.$gt.sprintf($no_flush_LANGUAGE, print_r(ob_list_handlers(), 1))."$lt/div$gt\n";
1050
+ elseif (is_array($OB_handlers) && count($OB_handlers)) {
1051
+ // $GOTMLS_OB_handlers = get_option("GOTMLS_OB_handlers", array());
1052
+ foreach (array_reverse($OB_handlers) as $OB_handler) {
1053
+ if (isset($GOTMLS_OB_handlers[$OB_handler]) && $GOTMLS_OB_handlers[$OB_handler] == "no_end_flush")
1054
+ echo $lt.'div class="error"'.$gt.sprintf($no_flush_LANGUAGE, $OB_handler)."$lt/div$gt\n";
1055
+ elseif (in_array($OB_handler, $OB_default_handlers)) {
1056
+ // $GOTMLS_OB_handlers[$OB_handler] = "no_end_flush";
1057
+ // update_option("GOTMLS_OB_handlers", $GOTMLS_OB_handlers);
1058
+ @ob_end_flush();
1059
+ // $GOTMLS_OB_handlers[$OB_handler] = "ob_end_flush";
1060
+ // update_option("GOTMLS_OB_handlers", $GOTMLS_OB_handlers);
1061
+ }
 
 
1062
  }
1063
  }
1064
+ @ob_start();
1065
+ if ($_REQUEST["scan_type"] == "Quick Scan") {
1066
+ $li_js = "\nfunction testComplete() {\n\tif (percent != 100)\n\t\talert('".__("The Quick Scan was unable to finish because of a shortage of memory or a problem accessing a file. Please try using the Complete Scan, it is slower but it will handle these errors better and continue scanning the rest of the files.",'gotmls')."');\n}\nwindow.onload=testComplete;\n$lt/script$gt\n$lt".'script type="text/javascript"'.$gt;
1067
+ if (is_numeric($check = array_search("potential", $GLOBALS["GOTMLS"]["log"]["settings"]["check"])))
1068
+ unset($GLOBALS["GOTMLS"]["log"]["settings"]["check"][$check]);
1069
+ }
1070
+ echo "\n{$lt}script type=\"text/javascript\"$gt$li_js\n/*{$lt}!--*"."/";
1071
+ if (is_dir($dir)) {
1072
+ $GOTMLS_dirs_at_depth[0] = 1;
1073
+ $GOTMLS_dir_at_depth[0] = 0;
1074
+ if (isset($_REQUEST['scan_only']) && is_array($_REQUEST['scan_only'])) {
1075
+ $GOTMLS_dirs_at_depth[0] += (count($_REQUEST['scan_only']) - 1);
1076
+ foreach ($_REQUEST['scan_only'] as $only_dir)
1077
+ if (is_dir(GOTMLS_trailingslashit($dir).$only_dir))
1078
+ GOTMLS_readdir(GOTMLS_trailingslashit($dir).$only_dir);
1079
+ } else
1080
+ GOTMLS_readdir($dir);
1081
  } else
1082
+ echo GOTMLS_return_threat("errors", "blocked", $dir, GOTMLS_error_link("Not a valid directory!"));
1083
+ if ($_REQUEST["scan_type"] == "Quick Scan")
1084
+ echo GOTMLS_update_status(__("Completed!",'gotmls'), 100);
1085
+ else {
1086
+ echo GOTMLS_update_status(__("Starting Scan ...",'gotmls'))."/*--{$gt}*"."/";
1087
+ echo "\nvar scriptSRC = '".admin_url('admin-ajax.php?action=GOTMLS_scan&'.GOTMLS_set_nonce().'&mt='.$GLOBALS["GOTMLS"]["tmp"]["mt"].preg_replace('/\&(GOTMLS_scan|mt|GOTMLS_mt|action)=/', '&last_\1=', isset($_SERVER["QUERY_STRING"])&&strlen($_SERVER["QUERY_STRING"])?"&".$_SERVER["QUERY_STRING"]:"").'&GOTMLS_scan=')."';\nvar scanfilesArKeys = new Array('".implode("','", array_keys($GLOBALS["GOTMLS"]["tmp"]["scanfiles"]))."');\nvar scanfilesArNames = new Array('Scanning ".implode("','Scanning ", $GLOBALS["GOTMLS"]["tmp"]["scanfiles"])."');".'
1088
+ var scanfilesI = 0;
1089
+ var stopScanning;
1090
+ var gotStuckOn = "";
1091
+ function scanNextDir(gotStuck) {
1092
+ clearTimeout(stopScanning);
1093
+ if (gotStuck > -1) {
1094
+ if (scanfilesArNames[gotStuck].substr(0, 3) != "Re-") {
1095
+ if (scanfilesArNames[gotStuck].substr(0, 9) == "Checking ") {
1096
+ scanfilesArNames.push(scanfilesArNames[gotStuck]);
1097
+ scanfilesArKeys.push(scanfilesArKeys[gotStuck]+"&GOTMLS_skip_file[]="+encodeURIComponent(scanfilesArNames[gotStuck].substr(9)));
1098
+ } else {
1099
+ scanfilesArNames.push("Re-"+scanfilesArNames[gotStuck]);
1100
+ scanfilesArKeys.push(scanfilesArKeys[gotStuck]+"&GOTMLS_only_file=");
1101
+ }
1102
  } else {
1103
+ scanfilesArNames.push("Got Stuck "+scanfilesArNames[gotStuck]);
1104
+ scanfilesArKeys.push(scanfilesArKeys[gotStuck]+"&GOTMLS_skip_dir="+scanfilesArKeys[gotStuck]);
1105
  }
 
 
 
1106
  }
1107
+ if (document.getElementById("resume_button").value != "Pause") {
1108
+ stopScanning=setTimeout("scanNextDir(-1)", 1000);
1109
+ startTime++;
1110
+ }
1111
+ else if (scanfilesI < scanfilesArKeys.length) {
1112
+ document.getElementById("status_text").innerHTML = scanfilesArNames[scanfilesI];
1113
+ var newscript = document.createElement("script");
1114
+ newscript.setAttribute("src", scriptSRC+scanfilesArKeys[scanfilesI]);
1115
+ divx = document.getElementById("found_scanned");
1116
+ if (divx)
1117
+ divx.appendChild(newscript);
1118
+ stopScanning=setTimeout("scanNextDir("+(scanfilesI++)+")",'.$GLOBALS["GOTMLS"]["tmp"]['execution_time'].'000);
1119
+ }
1120
+ }
1121
+ startTime = ('.ceil(time()-$GLOBALS["GOTMLS"]["log"]["scan"]["start"]).'+3);
1122
+ stopScanning=setTimeout("scanNextDir(-1)",3000);
1123
+ function pauseresume(butt) {
1124
+ if (butt.value == "Resume")
1125
+ butt.value = "Pause";
1126
+ else
1127
+ butt.value = "Resume";
1128
+ }
1129
+ showhide("pause_button", true);'."\n/*{$lt}!--*"."/";
1130
+ }
1131
+ if (@ob_get_level()) {
1132
+ GOTMLS_flush('script');
1133
+ @ob_end_flush();
1134
+ }
1135
+ echo "/*--{$gt}*"."/\n$lt/script$gt";
1136
+ } else
1137
+ echo GOTMLS_box(GOTMLS_Invalid_Nonce_LANGUAGE, __("Starting a Complete Scan requires a valid Nonce Token. No valid Nonce Token was found at this time, either because the token have expired or because the data was invalid. Please try re-submitting the form above.",'gotmls')."\n{$lt}script type='text/javascript'$gt\nalert('".GOTMLS_Invalid_Nonce_LANGUAGE."');\n$lt/script$gt\n");
1138
  } else {
1139
  $patch_attr = array(
1140
  array(
1156
  "icon" => "threat"
1157
  )
1158
  );
1159
+ $patch_action = $lt.'form method="POST" name="GOTMLS_Form_XMLRPC_patch"'.$gt.$lt.'input type="hidden" name="'.str_replace('=', '" value="', GOTMLS_set_nonce()).'"'.$gt.$lt.'div style="float: right;"'.$gt.$lt.'input type="hidden" name="GOTMLS_XMLRPC_patching" value="1"'.$gt.$lt.'input type="submit" value="Block XMLRPC Access" style="display: none;" id="GOTMLS_XMLRPC_patch_button"'.$gt.$lt.'div id="GOTMLS_XMLRPC_patch_searching"'.$gt.__("Checking .htaccess file ...",'gotmls').' '.$lt.'img src="'.GOTMLS_images_path.'wait.gif" height=16 width=16 alt="Wait..." /'.$gt.$lt.'/div'.$gt.$lt.'/div'.$gt.$lt.'script'.$gt."\nfunction testComplete() {\nif (autoUpdateDownloadGIF = document.getElementById('autoUpdateDownload'))\n\tdonationAmount = autoUpdateDownloadGIF.src.replace(/^.+\?/,'');\nif ((autoUpdateDownloadGIF.src == donationAmount) || donationAmount=='0') {\n\tif (patch_searching_div = document.getElementById('GOTMLS_XMLRPC_patch_searching')) {\n\t\tif (autoUpdateDownloadGIF.src == donationAmount)\n\t\t\tpatch_searching_div.innerHTML = '<span style=\"color: #F00;\">".__("You must register and donate to use this feature!",'gotmls')."</span>';\n\t\telse\n\t\t\tpatch_searching_div.innerHTML = '<span style=\"color: #F00;\">".__("This feature is available to those who have donated!",'gotmls')."</span>';\n\t}\n} else {\n\tshowhide('GOTMLS_XMLRPC_patch_searching');\n\tshowhide('GOTMLS_XMLRPC_patch_button', true);\n}\n}\nwindow.onload=testComplete;\n$lt/script$gt$lt".'div style="padding: 0 30px;"'.$gt.$lt.'p'.$gt.$lt.'b'.$gt.$lt.'img src="'.GOTMLS_images_path.'question.gif"'.$gt.'Allow/Block XMLRPC Access (';
1160
  $patch_found = false;
1161
  $find = '|<Files[^>]+xmlrpc.php>(.+?)</Files>\s*(# END GOTMLS Patch to Block XMLRPC Access\s*)*|is';
1162
  $head = str_replace(array('|<Files[^>]+', '(.+?)', '\\s*(', '\\s*)*|is'), array("<Files ", "\norder deny,allow\ndeny from all".(isset($_SERVER["REMOTE_ADDR"])?"\nallow from ".$_SERVER["REMOTE_ADDR"]:"").(isset($_SERVER["SERVER_ADDR"])?"\nallow from ".$_SERVER["SERVER_ADDR"]:"")."\n", "\n", "\n"), $find);
1165
  if (($htaccess = @file_get_contents(ABSPATH.'.htaccess')) && strlen($htaccess))
1166
  $patch_found = preg_match($find, $htaccess);
1167
  if ($patch_found) {
1168
+ if ($GOTMLS_nonce && isset($_POST["GOTMLS_XMLRPC_patching"]) && ($_POST["GOTMLS_XMLRPC_patching"] < 0) && GOTMLS_file_put_contents(ABSPATH.'.htaccess', preg_replace($find, "", $htaccess)))
1169
  $patch_action .= $lt.'img src="'.GOTMLS_images_path.'checked.gif"'.$gt.' Now Allowing';
1170
+ elseif ($GOTMLS_nonce && isset($_POST["GOTMLS_XMLRPC_patching"]) && ($_POST["GOTMLS_XMLRPC_patching"] < 0))
1171
  $patch_action = str_replace('1"'.$gt.$lt.'input type="submit" value="Block', '-1"'.$gt.$lt.'input type="submit" value="Unblock', $patch_action).$lt.'img src="'.GOTMLS_images_path.'threat.gif"'.$gt.' Still Blocked: '.sprintf(__("Failed to remove XMLRPC Protection (.htaccess %s)",'gotmls'),(is_readable(ABSPATH.'.htaccess')?'read-'.(is_writable(ABSPATH.'.htaccess')?'write':'only'):"unreadable").": ".strlen($htaccess).GOTMLS_fileperms(ABSPATH.'.htaccess'));
1172
  else
1173
  $patch_action = str_replace('1"'.$gt.$lt.'input type="submit" value="Block', '-1"'.$gt.$lt.'input type="submit" value="Unblock', $patch_action).'Currently Blocked';
1174
  } else {
1175
+ if ($GOTMLS_nonce && isset($_POST["GOTMLS_XMLRPC_patching"]) && ($_POST["GOTMLS_XMLRPC_patching"] > 0) && GOTMLS_file_put_contents(ABSPATH.'.htaccess', "$head$htaccess"))
1176
  $patch_action = str_replace('1"'.$gt.$lt.'input type="submit" value="Block', '-1"'.$gt.$lt.'input type="submit" value="Unblock', $patch_action).$lt.'img src="'.GOTMLS_images_path.'checked.gif"'.$gt.' Now Blocking';
1177
+ elseif ($GOTMLS_nonce && isset($_POST["GOTMLS_XMLRPC_patching"]) && ($_POST["GOTMLS_XMLRPC_patching"] > 0))
1178
  $patch_action .= $lt.'img src="'.GOTMLS_images_path.'threat.gif"'.$gt.' Still Allowed: '.sprintf(__("Failed to install XMLRPC Protection (.htaccess %s)",'gotmls'),(is_readable(ABSPATH.'.htaccess')?'read-'.(is_writable(ABSPATH.'.htaccess')?'write':'only'):"unreadable").": ".strlen($htaccess).GOTMLS_fileperms(ABSPATH.'.htaccess'));
1179
  else
1180
  $patch_action .= 'Currently Allowed';
1184
  $patch_found = -1;
1185
  $find = "#if\s*\(([^\&]+\&\&)?\s*file_exists\((.+?)(safe-load|wp-login)\.php'\)\)\s*require(_once)?\((.+?)(safe-load|wp-login)\.php'\);#";
1186
  $head = str_replace(array('#', '\\(', '\\)', '(_once)?', ')\\.', '\\s*', '(.+?)(', '|', '([^\\&]+\\&\\&)?'), array(' ', '(', ')', '_once', '.', ' ', '\''.dirname(__FILE__).'/', '/', '!in_array($_SERVER["REMOTE_ADDR"], array("'.$_SERVER["REMOTE_ADDR"].'")) &&'), $find);
1187
+ if (is_file(ABSPATH.'../wp-config.php') && !is_file(ABSPATH.'wp-config.php'))
1188
+ $wp_config = '../wp-config.php';
1189
+ else
1190
+ $wp_config = 'wp-config.php';
1191
+ if (is_file(ABSPATH.$wp_config)) {
1192
+ if (($config = @file_get_contents(ABSPATH.$wp_config)) && strlen($config)) {
1193
  if ($patch_found = preg_match($find, $config)) {
1194
  if (strpos($config, substr($head, strpos($head, "file_exists")))) {
1195
+ if ($GOTMLS_nonce && isset($_POST["GOTMLS_patching"]) && GOTMLS_file_put_contents(ABSPATH.$wp_config, preg_replace('#'.$lt.'\?[ph\s]+(//.*\s*)*\?'.$gt.'#i', "", preg_replace($find, "", $config))))
1196
  $patch_action .= $lt.'div class="error"'.$gt.__("Removed Brute-Force Protection",'gotmls').$lt.'/div'.$gt;
1197
  else
1198
  $patch_status = 1;
1199
  } else {
1200
+ if ($GOTMLS_nonce && isset($_POST["GOTMLS_patching"]) && GOTMLS_file_put_contents(ABSPATH.$wp_config, preg_replace($find, "$head", $config))) {
1201
  $patch_action .= $lt.'div class="updated"'.$gt.__("Upgraded Brute-Force Protection",'gotmls').$lt.'/div'.$gt;
1202
  $patch_status = 1;
1203
  } else
1204
  $patch_status = 2;
1205
  }
1206
+ } elseif ($GOTMLS_nonce && isset($_POST["GOTMLS_patching"]) && strlen($config) && ($patch_found == 0) && GOTMLS_file_put_contents(ABSPATH.$wp_config, "$lt?php$head// Load Brute-Force Protection by GOTMLS.NET before the WordPress bootstrap. ?$gt$config")) {
1207
  $patch_action .= $lt.'div class="updated"'.$gt.__("Installed Brute-Force Protection",'gotmls').$lt.'/div'.$gt;
1208
  $patch_status = 1;
1209
+ } elseif ($GOTMLS_nonce && isset($_POST["GOTMLS_patching"]))
1210
+ $patch_action .= $lt.'div class="updated"'.$gt.sprintf(__("Failed to install Brute-Force Protection (wp-config.php %s)",'gotmls'),(is_readable(ABSPATH.$wp_config)?'read-'.(is_writable(ABSPATH.$wp_config)?'write':'only'):"unreadable").": ".strlen($config).GOTMLS_fileperms(ABSPATH.$wp_config)).$lt.'/div'.$gt;
1211
  } else
1212
  $patch_action .= $lt.'div class="error"'.$gt.__("wp-config.php Not Readable!",'gotmls').$lt.'/div'.$gt;
1213
  } else
1214
  $patch_action .= $lt.'div class="error"'.$gt.__("wp-config.php Not Found!",'gotmls').$lt.'/div'.$gt;
1215
+ if ($GOTMLS_nonce && file_exists(ABSPATH.'wp-login.php') && ($login = @file_get_contents(ABSPATH.'wp-login.php')) && strlen($login) && (preg_match($find, $login))) {
1216
  if (isset($_POST["GOTMLS_patching"]) && ($source = GOTMLS_get_URL("http://core.svn.wordpress.org/tags/".$wp_version.'/wp-login.php')) && (strlen($source) > 500) && GOTMLS_file_put_contents(ABSPATH.'wp-login.php', $source))
1217
  $patch_action .= $lt.'div class="updated"'.$gt.__("Removed Old Brute-Force Login Patch",'gotmls').$lt.'/div'.$gt;
1218
  else
1220
  }
1221
  $sec_opts = $lt.'div style="padding: 0 30px;"'.$gt.$lt.'p'.$gt.$lt.'img src="'.GOTMLS_images_path.'checked.gif"'.$gt.$lt.'b'.$gt.'Revolution Slider Exploit Protection (Automatically Enabled)'.$lt.'/b'.$gt.$lt.'/p'.$gt.__("This protection is automatically activated with this plugin because of the widespread attack on WordPress that are affecting so many site right now. It is still recommended that you make sure to upgrade and older versions of the Revolution Slider plugin, especially those included in some themes that will not update automatically. Even if you do not have Revolution Slider on your site it still can't hurt to have this protection installed.",'gotmls').$lt.'/div'.$gt.$lt.'hr /'.$gt.'
1222
  '.$patch_action.'
1223
+ '.$lt.'form method="POST" name="GOTMLS_Form_patch"'.$gt.$lt.'div style="float: right;"'.$gt.$lt.'input type="hidden" name="'.str_replace('=', '" value="', GOTMLS_set_nonce()).'"'.$gt.$lt.'input type="submit" value="'.$patch_attr[$patch_status]["action"].'" style="'.($patch_status?'"'.$gt:' display: none;" id="GOTMLS_patch_button"'.$gt.$lt.'div id="GOTMLS_patch_searching" style="float: right;"'.$gt.__("Checking for session compatibility ...",'gotmls').' '.$lt.'img src="'.GOTMLS_images_path.'wait.gif" height=16 width=16 alt="Wait..." /'.$gt.$lt.'/div'.$gt).$lt.'input type="hidden" name="GOTMLS_patching" value="1"'.$gt.$lt.'/div'.$gt.$lt.'div style="padding: 0 30px;"'.$gt.$lt.'p'.$gt.$lt.'img src="'.GOTMLS_images_path.$patch_attr[$patch_status]["icon"].'.gif"'.$gt.$lt.'b'.$gt.'Brute-force Protection '.$patch_attr[$patch_status]["status"].$lt.'/b'.$gt.$lt.'/p'.$gt.$patch_attr[$patch_status]["language"].__(" For more information on Brute-Force attack prevention and the WordPress wp-login-php file ",'gotmls').' '.$lt.'a target="_blank" href="http://gotmls.net/tag/wp-login-php/"'.$gt.__("read my blog",'gotmls')."$lt/a$gt.$lt/div$gt$lt/form$gt\n{$lt}script type='text/javascript'$gt\nfunction search_patch_onload() {\n\tstopCheckingSession = checkupdateserver('".GOTMLS_images_path."gotmls.js?SESSION=0', 'GOTMLS_patch_searching');\n}\nif (window.addEventListener)\n\twindow.addEventListener('load', search_patch_onload)\nelse\n\tdocument.attachEvent('onload', search_patch_onload);\n$lt/script$gt";
1224
  $admin_notice = "";
1225
  if ($current_user->user_login == "admin") {
1226
+ if ($GOTMLS_nonce && isset($_POST["GOTMLS_admin_username"]) && ("admin" != trim($_POST["GOTMLS_admin_username"])) && strlen(trim($_POST["GOTMLS_admin_username"])) && preg_match('/^\s*[a-z_0-9\@\.\-]{3,}\s*$/i', $_POST["GOTMLS_admin_username"])) {
1227
  if ($wpdb->update($wpdb->users, array("user_login" => trim($_POST["GOTMLS_admin_username"])), array("user_login" => "admin")))
1228
  $admin_notice .= $lt.'div class="updated"'.$gt.sprintf(__("You username has been change to %s. Don't forget to use your new username when you login again.",'gotmls'), $_POST["GOTMLS_admin_username"]).$lt.'/div'.$gt;
1229
  else
1232
  $admin_notice .= $lt.'hr /'.$gt;
1233
  if (isset($_POST["GOTMLS_admin_username"]))
1234
  $admin_notice .= $lt.'div class="updated"'.$gt.sprintf(__("Your new username must be at least 3 characters and can only contain &quot;%s&quot;. Please try again.",'gotmls'), "a-z0-9_.-@").$lt.'/div'.$gt;
1235
+ $admin_notice .= $lt.'form method="POST" name="GOTMLS_Form_admin"'.$gt.$lt.'div style="float: right;"'.$gt.$lt.'div style="float: left;"'.$gt.__("Change your username:",'gotmls').$lt.'/div'.$gt.$lt.'input type="hidden" name="'.str_replace('=', '" value="', GOTMLS_set_nonce()).'"'.$gt.$lt.'input style="float: left;" type="text" id="GOTMLS_admin_username" name="GOTMLS_admin_username" size="6" value="admin"'.$gt.$lt.'input style="float: left;" type="submit" value="Change"'.$gt.$lt.'/div'.$gt.$lt.'div style="padding: 0 30px;"'.$gt.$lt.'p'.$gt.$lt.'img src="'.GOTMLS_images_path.'threat.gif"'.$gt.$lt.'b'.$gt.'Admin Notice'.$lt.'/b'.$gt.$lt.'/p'.$gt.__("Your username is \"admin\", this is the most commonly guessed username by hackers and brute-force scripts. It is highly recommended that you change your username immediately.",'gotmls').$lt.'/div'.$gt.$lt.'/form'.$gt;
1236
  }
1237
  }
1238
+ echo GOTMLS_box(__("Firewall Options",'gotmls'), $sec_opts.$admin_notice);
1239
  }
1240
  echo "\n$lt/div$gt$lt/div$gt$lt/div$gt";
1241
  }
1270
  add_filter("plugin_row_meta", "GOTMLS_set_plugin_row_meta", 1, 2);
1271
 
1272
  function GOTMLS_in_plugin_update_message($args) {
1273
+ $transient_name = 'GOTMLS_upgrade_notice_'.$args["Version"].'_'.$args["new_version"];
1274
+ if ((false === ($upgrade_notice = get_transient($transient_name))) && ($ret = GOTMLS_get_URL("https://plugins.svn.wordpress.org/gotmls/trunk/readme.txt"))) {
1275
  $upgrade_notice = '';
1276
  if ($match = preg_split('/==\s*Upgrade Notice\s*==\s+/i', $ret)) {
1277
  if (preg_match('/\n+=\s*'.str_replace(".", "\\.", GOTMLS_Version).'\s*=\s+/is', $match[1]))
1296
  if (!isset($_REQUEST["scan_depth"]))
1297
  $_REQUEST["scan_depth"] = 2;
1298
  if (!isset($_REQUEST["scan_only"]))
1299
+ $_REQUEST["scan_only"] = array("","wp-includes","wp-admin");
1300
  if ($_REQUEST["scan_only"] && !is_array($_REQUEST["scan_only"]))
1301
  $_REQUEST["scan_only"] = array($_REQUEST["scan_only"]);
1302
  }//$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check_custom"] = stripslashes($_POST["check_custom"]);
1320
  add_action("admin_init", "GOTMLS_init");
1321
 
1322
  function GOTMLS_ajax_position() {
1323
+ if (GOTMLS_get_nonce()) {
1324
+ $GLOBALS["GOTMLS_msg"] = __("Default position",'gotmls');
1325
+ $properties = array("body" => 'style="margin: 0; padding: 0;"');
1326
+ if (isset($_GET["GOTMLS_msg"]) && $_GET["GOTMLS_msg"] == $GLOBALS["GOTMLS_msg"]) {
1327
+ $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"] = $GLOBALS["GOTMLS"]["tmp"]["default"]["msg_position"];
1328
+ $gl = '><';
1329
+ $properties["html"] = $gl.'head'.$gl.'script type="text/javascript">
1330
+ if (curDiv = window.parent.document.getElementById("div_file")) {
1331
+ curDiv.style.left = "'.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][0].'";
1332
+ curDiv.style.top = "'.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][1].'";
1333
+ curDiv.style.height = "'.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][2].'";
1334
+ curDiv.style.width = "'.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][3].'";
1335
+ }
1336
+ </script'.$gl.'/head';
1337
+ } elseif (isset($_GET["GOTMLS_x"]) || isset($_GET["GOTMLS_y"]) || isset($_GET["GOTMLS_h"]) || isset($_GET["GOTMLS_w"])) {
1338
+ if (isset($_GET["GOTMLS_x"]))
1339
+ $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][0] = $_GET["GOTMLS_x"];
1340
+ if (isset($_GET["GOTMLS_y"]))
1341
+ $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][1] = $_GET["GOTMLS_y"];
1342
+ if (isset($_GET["GOTMLS_h"]))
1343
+ $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][2] = $_GET["GOTMLS_h"];
1344
+ if (isset($_GET["GOTMLS_w"]))
1345
+ $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][3] = $_GET["GOTMLS_w"];
1346
+ $_GET["GOTMLS_msg"] = __("New position",'gotmls');
1347
+ } else
1348
+ die("\n//Position Error: No new position to save!\n");
1349
+ update_option("GOTMLS_settings_array", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]);
1350
+ die(GOTMLS_html_tags(array("html" => array("body" => htmlentities($_GET["GOTMLS_msg"]).' '.__("saved.",'gotmls').(implode($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"]) == implode($GLOBALS["GOTMLS"]["tmp"]["default"]["msg_position"])?"":' <a href="'.admin_url('admin-ajax.php?action=GOTMLS_position&'.GOTMLS_set_nonce().'&GOTMLS_msg='.urlencode($GLOBALS["GOTMLS_msg"])).'">['.$GLOBALS["GOTMLS_msg"].']</a>'))), $properties));
1351
  } else
1352
+ die("\n//Position Error: ".GOTMLS_Invalid_Nonce_LANGUAGE."\n");
 
 
1353
  }
1354
  add_action('wp_ajax_GOTMLS_position', 'GOTMLS_ajax_position');
1355
 
1356
  function GOTMLS_ajax_empty_trash() {
1357
  global $wpdb;
1358
  $gl = '><';
1359
+ if (GOTMLS_get_nonce()) {
1360
+ if ($trashed = $wpdb->query("DELETE FROM $wpdb->posts WHERE `post_type` = 'GOTMLS_quarantine' AND `post_status` != 'private'")) {
1361
+ $wpdb->query("REPAIR TABLE $wpdb->posts");
1362
+ $trashmsg = __("Emptied $trashed item from the quarantine trash.",'gotmls');
1363
+ } else
1364
+ $trashmsg = __("Failed to empty the trash.",'gotmls');
1365
  } else
1366
+ $trashmsg = GOTMLS_Invalid_Nonce_LANGUAGE;
1367
  $properties = array("html" => $gl.'head'.$gl."script type='text/javascript'>\nif (curDiv = window.parent.document.getElementById('empty_trash_link'))\n\tcurDiv.style.display = 'none';\nalert('$trashmsg');\n</script$gl/head", "body" => 'style="margin: 0; padding: 0;"');
1368
  die(GOTMLS_html_tags(array("html" => array("body" => $trashmsg)), $properties));
1369
  }
1370
  add_action('wp_ajax_GOTMLS_empty_trash', 'GOTMLS_ajax_empty_trash');
1371
 
1372
  function GOTMLS_ajax_whitelist() {
1373
+ if (GOTMLS_get_nonce()) {
1374
+ if (isset($_POST['GOTMLS_whitelist']) && isset($_POST['GOTMLS_chksum'])) {
1375
+ $file = GOTMLS_decode($_POST['GOTMLS_whitelist']);
1376
+ $chksum = explode("O", $_POST['GOTMLS_chksum']."O");
1377
+ if (strlen($chksum[0]) == 32 && strlen($chksum[1]) == 32 && is_file($file) && md5(@file_get_contents($file)) == $chksum[0]) {
1378
+ $filesize = @filesize($file);
1379
+ if (true) {
1380
+ if (!isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"][$file][0]))
1381
+ $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"][$file][0] = "A0002";
1382
+ $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"][$file][$chksum[0].'O'.$filesize] = "A0002";
1383
+ } else
1384
+ unset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"][$file]);
1385
+ update_option("GOTMLS_definitions_array", $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]);
1386
+ $body = "Added $file to Whitelist!<br />\n<iframe style='width: 90%; height: 250px; border: none;' src='".GOTMLS_plugin_home."whitelist.html?whitelist=".$_POST['GOTMLS_whitelist']."&hash=$chksum[0]&size=$filesize&key=$chksum[1]'></iframe>";
1387
  } else
1388
+ $body = "<li>Invalid Data!</li>";
1389
+ die(GOTMLS_html_tags(array("html" => array("body" => $body))));
 
1390
  } else
1391
+ die("\n//Whitelist Error: Invalid checksum!\n");
 
1392
  } else
1393
+ die("\n//Whitelist Error: ".GOTMLS_Invalid_Nonce_LANGUAGE."\n");
1394
  }
1395
  add_action('wp_ajax_GOTMLS_whitelist', 'GOTMLS_ajax_whitelist');
1396
 
1397
  function GOTMLS_ajax_fix() {
1398
+ if (GOTMLS_get_nonce()) {
1399
+ if (isset($_POST["GOTMLS_fix"]) && !is_array($_POST["GOTMLS_fix"]))
1400
+ $_POST["GOTMLS_fix"] = array($_POST["GOTMLS_fix"]);
1401
+ if (isset($_REQUEST["GOTMLS_fix"]) && is_array($_REQUEST["GOTMLS_fix"]) && isset($_REQUEST["GOTMLS_fixing"]) && $_REQUEST["GOTMLS_fixing"]) {
1402
+ GOTMLS_update_scan_log(array("settings" => $GLOBALS["GOTMLS"]["tmp"]["settings_array"]));
1403
+ $callAlert = "clearTimeout(callAlert);\ncallAlert=setTimeout('alert_repaired(1)', 30000);";
1404
+ $li_js = "\n<script type=\"text/javascript\">\nvar callAlert;\nfunction alert_repaired(failed) {\nclearTimeout(callAlert);\nif (failed)\nfilesFailed='the rest, try again to change more.';\nwindow.parent.check_for_donation('Changed '+filesFixed+' files, failed to change '+filesFailed);\n}\n$callAlert\nwindow.parent.showhide('GOTMLS_iFrame', true);\nfilesFixed=0;\nfilesFailed=0;\nfunction fixedFile(file) {\n filesFixed++;\nif (li_file = window.parent.document.getElementById('check_'+file))\n\tli_file.checked=false;\nif (li_file = window.parent.document.getElementById('list_'+file))\n\tli_file.className='GOTMLS_plugin';\nif (li_file = window.parent.document.getElementById('GOTMLS_quarantine_'+file)) {\n\tli_file.style.display='none';\n\tli_file.innerHTML='';\n\t}\n}\nfunction DeletedFile(file) {\n filesFixed++;\nif (li_file = window.parent.document.getElementById('check_'+file))\n\tli_file.checked=false;\nif (li_file = window.parent.document.getElementById('GOTMLS_quarantine_'+file)) {\n\tli_file.style.display='none';\n\tli_file.innerHTML='';\n\t}}\nfunction failedFile(file) {\n filesFailed++;\nwindow.parent.document.getElementById('check_'+file).checked=false; \n}\n</script>\n<script type=\"text/javascript\">\n/*<!--*"."/";
1405
+ @set_time_limit($GLOBALS["GOTMLS"]["tmp"]['execution_time'] * 2);
1406
+ $HTML = explode("split-here-for-content", GOTMLS_html_tags(array("html" => array("body" => "split-here-for-content"))));
1407
+ echo $HTML[0];
1408
+ GOTMLS_update_scan_log(array("scan" => array("dir" => count($_REQUEST["GOTMLS_fix"])." Files", "start" => time())));
1409
+ foreach ($_REQUEST["GOTMLS_fix"] as $clean_file) {
1410
+ if (is_numeric($clean_file)) {
1411
+ if (($Q_post = GOTMLS_get_quarantine($clean_file)) && isset($Q_post["post_type"]) && $Q_post["post_type"] == "GOTMLS_quarantine" && isset($Q_post["post_status"]) && $Q_post["post_status"] == "private") {
1412
+ $path = $Q_post["post_title"];
1413
+ if ($_REQUEST["GOTMLS_fixing"] > 1) {
1414
+ echo "<li>Removing $path ... ";
1415
+ $Q_post["post_status"] = "trash";
1416
+ if (wp_update_post($Q_post)) {
1417
+ echo __("Done!",'gotmls');
1418
+ $li_js .= "/*-->*"."/\nDeletedFile('$clean_file');\n/*<!--*"."/";
1419
+ } else {
1420
+ echo __("Failed to delete!",'gotmls');
1421
+ $li_js .= "/*-->*"."/\nfailedFile('$clean_file');\n/*<!--*"."/";
1422
+ }
1423
+ GOTMLS_update_scan_log(array("scan" => array("finish" => time(), "type" => "Removal from Quarantine")));
 
 
 
 
 
1424
  } else {
1425
+ echo "<li>Restoring $path ... ";
1426
+ $Q_post["post_status"] = "pending";
1427
+ if (GOTMLS_file_put_contents($path, GOTMLS_decode($Q_post["post_content"])) && wp_update_post($Q_post)) {
1428
+ echo __("Complete!",'gotmls');
1429
+ $li_js .= "/*-->*"."/\nfixedFile('$clean_file');\n/*<!--*"."/";
1430
+ } else {
1431
+ echo __("Restore Failed!",'gotmls');
1432
+ $li_js .= "/*-->*"."/\nfailedFile('$clean_file');\n/*<!--*"."/";
1433
+ }
1434
+ GOTMLS_update_scan_log(array("scan" => array("finish" => time(), "type" => "Restoration from Quarantine")));
1435
  }
1436
+ echo "</li>\n$li_js/*-->*"."/\n$callAlert\n</script>\n";
1437
+ $li_js = "<script type=\"text/javascript\">\n/*<!--*"."/";
1438
  }
1439
+ } else {
1440
+ $path = realpath(GOTMLS_decode($clean_file));
1441
+ if (is_file($path)) {
1442
+ echo "<li>Fixing $path ... ";
1443
+ $li_js .= GOTMLS_scanfile($path);
1444
+ echo "</li>\n$li_js/*-->*"."/\n$callAlert\n</script>\n";
1445
+ $li_js = "<script type=\"text/javascript\">\n/*<!--*"."/";
1446
+ } else
1447
+ echo "<li>".__("File ".htmlentities($path)." not found!",'gotmls')."</li>";
1448
+ GOTMLS_update_scan_log(array("scan" => array("finish" => time(), "type" => "Automatic Fix")));
1449
  }
 
 
 
 
 
 
 
 
 
 
1450
  }
1451
+ die('<div id="check_site_warning" style="background-color: #F00;">'.sprintf(__("Because some changes were made we need to check to make sure it did not break your site. If this stays Red and the frame below does not load please <a %s>revert the changes</a> made during this automated fix process.",'gotmls'), 'target="_top" href="admin.php?page=GOTMLS-View-Quarantine"').' <span style="color: #F00;">'.__("Never mind, it worked!",'gotmls').'</span></div><br /><iframe id="test_frame" name="test_frame" src="'.admin_url('admin.php?page=GOTMLS-settings&check_site=1&'.GOTMLS_set_nonce()).'" style="width: 100%; height: 200px"></iframe>'.$li_js."/*-->*"."/\nalert_repaired(0);\n</script>\n$HTML[1]");
1452
+ } else
1453
+ die(GOTMLS_html_tags(array("html" => array("body" => "<script type=\"text/javascript\">\nwindow.parent.showhide('GOTMLS_iFrame', true);\nalert('".__("Nothing Selected to be Changed!",'gotmls')."');\n</script>".__("Done!",'gotmls')))));
1454
  } else
1455
+ die(GOTMLS_html_tags(array("html" => array("body" => "<script type=\"text/javascript\">\nwindow.parent.showhide('GOTMLS_iFrame', true);\nalert('".GOTMLS_Invalid_Nonce_LANGUAGE."');\n</script>".__("Done!",'gotmls')))));
1456
  }
1457
  add_action('wp_ajax_GOTMLS_fix', 'GOTMLS_ajax_fix');
1458
 
1459
  function GOTMLS_ajax_scan() {
1460
+ if (GOTMLS_get_nonce()) {
1461
+ @error_reporting(0);
1462
+ if (isset($_GET["GOTMLS_scan"])) {
1463
+ @set_time_limit($GLOBALS["GOTMLS"]["tmp"]['execution_time'] - 5);
1464
+ $decode_list = array("Base64" => '/base64_decode\([\'"]([0-9\+\/\=a-z]+)[\'"]\)/', "Hex" => '/(\\\\(x[0-9a-f]{2}|[0-9]{1,3}))/');
1465
+ if (is_numeric($_GET["GOTMLS_scan"])) {
1466
+ if (($Q_post = GOTMLS_get_quarantine($_GET["GOTMLS_scan"])) && isset($Q_post["post_type"]) && $Q_post["post_type"] == "GOTMLS_quarantine" && isset($Q_post["post_status"]) && $Q_post["post_status"] == "private") {
1467
+ $clean_file = $Q_post["post_title"];
1468
+ $GLOBALS["GOTMLS"]["tmp"]["file_contents"] = GOTMLS_decode($Q_post["post_content"]);
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1469
  $fa = "";
1470
  $function = 'GOTMLS_decode';
 
1471
  if (isset($_GET[$function]) && is_array($_GET[$function])) {
1472
  foreach ($_GET[$function] as $decode) {
1473
  if (isset($decode_list[$decode])) {
1476
  } else
1477
  $fa .= " NO-$decode";
1478
  }
1479
+ } elseif (isset($Q_post["post_excerpt"]) && strlen($Q_post["post_excerpt"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["threats_found"] = @maybe_unserialize(GOTMLS_decode($Q_post["post_excerpt"])))) {
1480
  $f = 1;
1481
+ //print_r(array("excerpt:"=>$GLOBALS["GOTMLS"]["tmp"]["threats_found"]));
1482
+ foreach ($GLOBALS["GOTMLS"]["tmp"]["threats_found"] as $threats_found => $threats_name) {
1483
  list($start, $end, $junk) = explode("-", "$threats_found--", 3);
1484
+ if (strlen($end) > 0 && is_numeric($start) && is_numeric($end)) {
1485
+ if ($start < $end)
1486
+ $fa .= ' <a title="'.htmlspecialchars($threats_name).'" href="javascript:select_text_range(\'ta_file\', '.$start.', '.$end.');">['.$f++.']</a>';
1487
+ else
1488
+ $fa .= ' <a title="'.htmlspecialchars($threats_name).'" href="javascript:select_text_range(\'ta_file\', '.$end.', '.$start.');">['.$f++.']</a>';
1489
+ } else {
1490
+ if (is_numeric($threats_found)) {
1491
+ $threats_found = $threats_name;
1492
+ $threats_name = $f;
1493
+ }
1494
+ $fpos = 0;
1495
+ $flen = 0;
1496
+ $potential_threat = str_replace("\r", "", $threats_found);
1497
+ while (($fpos = strpos(str_replace("\r", "", $GLOBALS["GOTMLS"]["tmp"]["file_contents"]), ($potential_threat), $flen + $fpos)) !== false) {
1498
+ $flen = strlen($potential_threat);
1499
+ $fa .= ' <a title="'.htmlspecialchars($threats_name).'" href="javascript:select_text_range(\'ta_file\', '.($fpos).', '.($fpos + $flen).');">['.$f++.']</a>';
1500
+ }
1501
+ }
1502
  }
1503
+ } //else echo "excerpt:".$Q_post["post_excerpt"];
 
1504
  foreach ($decode_list as $decode => $regex)
1505
  if (preg_match($regex.substr($GLOBALS["GOTMLS"]["tmp"]["default_ext"], 0, 1), $GLOBALS["GOTMLS"]["tmp"]["file_contents"]))
1506
  $fa .= ' <a href="'.GOTMLS_script_URI.'&'.$function.'[]='.$decode.'">decode['.$decode.']</a>';
1507
  die("\n".'<script type="text/javascript">
1508
+ function select_text_range(ta_id, start, end) {
1509
  ta_element = document.getElementById(ta_id);
1510
  ta_element.focus();
1511
  if(ta_element.setSelectionRange)
1517
  r.moveStart(\'character\', start);
1518
  r.select();
1519
  }
1520
+ }
1521
+ window.parent.showhide("GOTMLS_iFrame", true);
1522
+ </script><table style="top: 0px; left: 0px; width: 100%; height: 100%; position: absolute;"><tr><td style="width: 100%"><form style="margin: 0;" method="post" action="'.admin_url('admin-ajax.php?'.GOTMLS_set_nonce()).'" onsubmit="return confirm(\''.__("Are you sure you want to delete this file from the quarantine?",'gotmls').'\');"><input type="hidden" name="GOTMLS_fix[]" value="'.$Q_post["ID"].'"><input type="hidden" name="GOTMLS_fixing" value="2"><input type="hidden" name="action" value="GOTMLS_fix"><input type="submit" value="DELETE from Quarantine" style="background-color: #C00; float: right;"></form><div id="fileperms" class="shadowed-box rounded-corners" style="display: none; position: absolute; left: 8px; top: 29px; background-color: #ccc; border: medium solid #C00; box-shadow: -3px 3px 3px #666; border-radius: 10px; padding: 10px;"><b>File Details</b><br />encoding: '.(function_exists("mb_detect_encoding")?mb_detect_encoding($GLOBALS["GOTMLS"]["tmp"]["file_contents"]):"Unknown").'<br />size: '.strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]).' bytes<br />infected:'.$Q_post["post_modified_gmt"].'<br />quarantined:'.$Q_post["post_date_gmt"].'</div><div style="overflow: auto;"><span onmouseover="document.getElementById(\'fileperms\').style.display=\'block\';" onmouseout="document.getElementById(\'fileperms\').style.display=\'none\';">'.__("File Details:",'gotmls').'</span> ('.$fa.' )</div></td></tr><tr><td style="height: 100%"><textarea id="ta_file" style="width: 100%; height: 100%">'.htmlentities(str_replace("\r", "", $GLOBALS["GOTMLS"]["tmp"]["file_contents"])).'</textarea></td></tr></table>');
1523
+ } else
1524
+ die(GOTMLS_html_tags(array("html" => array("body" => __("This file no longer exists in the quarantine.",'gotmls')."<br />\n<script type=\"text/javascript\">\nwindow.parent.showhide('GOTMLS_iFrame', true);\n</script>"))));
1525
+ } else {
1526
+ $file = GOTMLS_decode($_GET["GOTMLS_scan"]);
1527
+ if (is_dir($file)) {
1528
+ @error_reporting(0);
1529
+ @header("Content-type: text/javascript");
1530
+ if (isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"]))
1531
+ $GLOBALS["GOTMLS"]["tmp"]["skip_ext"] = $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"];
1532
+ @ob_start();
1533
+ echo GOTMLS_scandir($file);
1534
+ if (@ob_get_level()) {
1535
+ GOTMLS_flush();
1536
+ @ob_end_flush();
1537
+ }
1538
+ die('//END OF JavaScript');
1539
+ } else {
1540
+ if (!file_exists($file))
1541
+ die(GOTMLS_html_tags(array("html" => array("body" => sprintf(__("The file %s does not exist, it must have already been deleted.",'gotmls'), $file)."<script type=\"text/javascript\">\nwindow.parent.showhide('GOTMLS_iFrame', true);\n</script>"))));
1542
+ else {
1543
+ GOTMLS_scanfile($file);
1544
+ $fa = "";
1545
+ $function = 'GOTMLS_decode';
1546
+ if (isset($_GET[$function]) && is_array($_GET[$function])) {
1547
+ foreach ($_GET[$function] as $decode) {
1548
+ if (isset($decode_list[$decode])) {
1549
+ $GLOBALS["GOTMLS"]["tmp"]["file_contents"] = preg_replace($decode_list[$decode].substr($GLOBALS["GOTMLS"]["tmp"]["default_ext"], 0, 2), $function.$decode.'("\1")', $GLOBALS["GOTMLS"]["tmp"]["file_contents"]);
1550
+ $fa .= " $decode decoded";
1551
+ } else
1552
+ $fa .= " NO-$decode";
1553
+ }
1554
+ } elseif (isset($GLOBALS["GOTMLS"]["tmp"]["threats_found"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["threats_found"]) && count($GLOBALS["GOTMLS"]["tmp"]["threats_found"])) {
1555
+ $f = 1;
1556
+ foreach ($GLOBALS["GOTMLS"]["tmp"]["threats_found"] as $threats_found=>$threats_name) {
1557
+ list($start, $end, $junk) = explode("-", "$threats_found--", 3);
1558
+ if ($start > $end)
1559
+ $fa .= 'ERROR['.($f++).']: Threat_size{'.$threats_found.'} Content_size{'.strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]).'}';
1560
+ else
1561
+ $fa .= ' <a title="'.htmlspecialchars($threats_name).'" href="javascript:select_text_range(\'ta_file\', '.$start.', '.$end.');">['.$f++.']</a>';
1562
+ }
1563
+ } else
1564
+ $fa = " No Threats Found";
1565
+ foreach ($decode_list as $decode => $regex)
1566
+ if (preg_match($regex.substr($GLOBALS["GOTMLS"]["tmp"]["default_ext"], 0, 1), $GLOBALS["GOTMLS"]["tmp"]["file_contents"]))
1567
+ $fa .= ' <a href="'.GOTMLS_script_URI.'&'.$function.'[]='.$decode.'">decode['.$decode.']</a>';
1568
+ die("\n".'<script type="text/javascript">
1569
+ function select_text_range(ta_id, start, end) {
1570
+ ta_element = document.getElementById(ta_id);
1571
+ ta_element.focus();
1572
+ if(ta_element.setSelectionRange)
1573
+ ta_element.setSelectionRange(start, end);
1574
+ else {
1575
+ var r = ta_element.createTextRange();
1576
+ r.collapse(true);
1577
+ r.moveEnd(\'character\', end);
1578
+ r.moveStart(\'character\', start);
1579
+ r.select();
1580
+ }
1581
+ }
1582
+ window.parent.showhide("GOTMLS_iFrame", true);
1583
+ </script><table style="top: 0px; left: 0px; width: 100%; height: 100%; position: absolute;"><tr><td style="width: 100%"><form style="margin: 0;" method="post" action="'.admin_url('admin-ajax.php?'.GOTMLS_set_nonce()).'" onsubmit="return confirm(\''.__("Are you sure this file is not infected and you want to ignore it in future scans?",'gotmls').'\');"><input type="hidden" name="GOTMLS_whitelist" value="'.GOTMLS_encode($file).'"><input type="hidden" name="action" value="GOTMLS_whitelist"><input type="hidden" name="GOTMLS_chksum" value="'.md5($GLOBALS["GOTMLS"]["tmp"]["file_contents"]).'O'.GOTMLS_installation_key.'"><input type="submit" value="Whitelist this file" style="float: right;"></form><div id="fileperms" class="shadowed-box rounded-corners" style="display: none; position: absolute; left: 8px; top: 29px; background-color: #ccc; border: medium solid #C00; box-shadow: -3px 3px 3px #666; border-radius: 10px; padding: 10px;"><b>File Details</b><br />encoding: '.(function_exists("mb_detect_encoding")?mb_detect_encoding($GLOBALS["GOTMLS"]["tmp"]["file_contents"]):"Unknown").'<br />size: '.strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]).' ('.filesize($file).'bytes)<br />permissions: '.GOTMLS_fileperms($file).'<br />modified:'.date(" Y-m-d H:i:s ", filemtime($file)).'<br />changed:'.date(" Y-m-d H:i:s ", filectime($file)).'</div><div style="overflow: auto;"><span onmouseover="document.getElementById(\'fileperms\').style.display=\'block\';" onmouseout="document.getElementById(\'fileperms\').style.display=\'none\';">'.__("Potential threats in file:",'gotmls').'</span> ('.$fa.' )</div></td></tr><tr><td style="height: 100%"><textarea id="ta_file" style="width: 100%; height: 100%">'.htmlentities(str_replace("\r", "", $GLOBALS["GOTMLS"]["tmp"]["file_contents"])).'</textarea></td></tr></table>');
1584
+ }
1585
  }
1586
  }
1587
+ } else
1588
+ die("\n//Directory Error: Nothing to scan!\n");
1589
  } else
1590
+ die("\n//".GOTMLS_Invalid_Nonce_LANGUAGE."\n");
1591
  }
1592
  add_action('wp_ajax_GOTMLS_scan', 'GOTMLS_ajax_scan');
1593
 
1603
  add_action("plugins_loaded", "GOTMLS_loaded");
1604
  add_action("admin_notices", "GOTMLS_admin_notices");
1605
  add_action("admin_menu", "GOTMLS_menu");
1606
+ add_action("network_admin_menu", "GOTMLS_menu");
languages/gotmls-pt_BR.mo ADDED
Binary file
languages/gotmls-pt_BR.po ADDED
@@ -0,0 +1,743 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ # Translation of Development (trunk) in Portuguese (Brazil)
2
+ # This file is distributed under the same license as the Development (trunk) package.
3
+ msgid ""
4
+ msgstr ""
5
+ "PO-Revision-Date: +0000\n"
6
+ "MIME-Version: 1.0\n"
7
+ "Content-Type: text/plain; charset=UTF-8\n"
8
+ "Content-Transfer-Encoding: 8bit\n"
9
+ "Plural-Forms: nplurals=2; plural=(n > 1);\n"
10
+ "X-Generator: GlotPress/1.0-alpha-1100\n"
11
+ "Project-Id-Version: Development (trunk)\n"
12
+
13
+ #: index.php:878
14
+ msgid "Custom Code to be Checked:"
15
+ msgstr "Código personalizado a ser verificado:"
16
+
17
+ #: index.php:884
18
+ msgid "Save Settings"
19
+ msgstr "Salvar Configurações"
20
+
21
+ #: index.php:878
22
+ msgid "For very advanced users only. If you enter anything in this box then no other files will be scanned on your site."
23
+ msgstr "Apenas para usuários muito avançados. Se você colocar algo nesta caixa, nenhum outro arquivo será escaneado em seu site."
24
+
25
+ #: index.php:1313
26
+ msgid "saved."
27
+ msgstr "salvo."
28
+
29
+ #: index.php:1324
30
+ msgid "Failed to empty the trash."
31
+ msgstr "Falha ao esvaziar a lixeira."
32
+
33
+ #: index.php:1371 index.php:1407
34
+ msgid "Done!"
35
+ msgstr "Pronto!"
36
+
37
+ #: index.php:1374
38
+ msgid "Failed to delete!"
39
+ msgstr "Falha ao excluir!"
40
+
41
+ #: index.php:1309
42
+ msgid "New position"
43
+ msgstr "Nova posição"
44
+
45
+ #: index.php:1382
46
+ msgid "Complete!"
47
+ msgstr "Completo!"
48
+
49
+ #: index.php:1385
50
+ msgid "Restore Failed!"
51
+ msgstr "Restauração Falhou!"
52
+
53
+ #: index.php:1405
54
+ msgid "Because some changes were made we need to check to make sure it did not break your site. If this stays Red and the frame below does not load please <a %s>revert the changes</a> made during this automated fix process."
55
+ msgstr "Por haver algumas mudanças feitas, precisamos checar para ter certeza que isso não quebrou o seu site. Se isso ficar em Vermelho e o quadro abaixo não carregar, <a %s> reverta as alterações</a> feitas durante esse processo automatizado de correção."
56
+
57
+ #: index.php:1405
58
+ msgid "Never mind, it worked!"
59
+ msgstr "Não importa, funcionou!"
60
+
61
+ #: index.php:1407
62
+ msgid "Nothing Selected to be Changed!"
63
+ msgstr "Nada selecionado para ter alterado!"
64
+
65
+ #: index.php:1473
66
+ msgid "Are you sure you want to delete this file from the quarantine?"
67
+ msgstr "Você tem certeza que quer excluir esse arquivo da quarentena?"
68
+
69
+ #: index.php:1473
70
+ msgid "File Details:"
71
+ msgstr "Detalhes do arquivo:"
72
+
73
+ #: index.php:1535
74
+ msgid "Potential threats in file:"
75
+ msgstr "Ameaças potenciais no arquivo:"
76
+
77
+ #: safe-load/trace.php:18
78
+ msgid ": Headers sent by %1$s on line %2$s."
79
+ msgstr ": Cabeçalhos enviados por %1$s na linha %2$s."
80
+
81
+ #. Plugin Name of the plugin/theme
82
+ msgid "Anti-Malware and Brute-Force Security by ELI"
83
+ msgstr "Anti-Malware e Brute-Force Security by ELI"
84
+
85
+ #. Plugin URI of the plugin/theme
86
+ msgid "http://gotmls.net/"
87
+ msgstr "http://gotmls.net/"
88
+
89
+ #. Description of the plugin/theme
90
+ msgid "This Anti-Virus/Anti-Malware plugin searches for Malware and other Virus like threats and vulnerabilities on your server and helps you remove them. It's always growing and changing to adapt to new threats so let me know if it's not working for you."
91
+ msgstr "Este plugin Anti-Virus/Anti-Malware procura por Malware e outros Virus como ameaças e vulnerabilidades em seu servidor, e lhe auxilia a resolvê-los. Isto está sempre mudando e precisa de atualizações e adaptação frequentemente. Para novas ameaças, ou se isso não funcionou bem para você, entre em contato comigo."
92
+
93
+ #. Author of the plugin/theme
94
+ msgid "Eli Scheetz"
95
+ msgstr "Eli Scheetz"
96
+
97
+ #. Author URI of the plugin/theme
98
+ msgid "http://wordpress.ieonly.com/category/my-plugins/anti-malware/"
99
+ msgstr "http://wordpress.ieonly.com/category/my-plugins/anti-malware/"
100
+
101
+ #: index.php:1535
102
+ msgid "Are you sure this file is not infected and you want to ignore it in future scans?"
103
+ msgstr "Tem certeza que esse arquivo não está infectado e deseja ignorá-lo nós escaneamentos futuros?"
104
+
105
+ #: index.php:1492
106
+ msgid "The file %s does not exist, it must have already been deleted."
107
+ msgstr "O arquivo %s não existe, ele já foi excluído."
108
+
109
+ #: index.php:1475
110
+ msgid "This file no longer exists in the quarantine."
111
+ msgstr "Este arquivo não existe mais na quarentena."
112
+
113
+ #: index.php:872
114
+ msgid "What to scan:"
115
+ msgstr "O que verificar:"
116
+
117
+ #: index.php:868
118
+ msgid "Download the new definitions (Right sidebar) to activate this feature."
119
+ msgstr "Faça download das novas definições (barra lateral direita) para ativar este recurso."
120
+
121
+ #: index.php:868
122
+ msgid "Download Definition Updates to Use this feature"
123
+ msgstr "Usar este recurso"
124
+
125
+ #: index.php:853
126
+ msgid "What to look for:"
127
+ msgstr "Procurar por:"
128
+
129
+ #: index.php:849
130
+ msgid "Only Scan These Folders:"
131
+ msgstr "Escanear Somente Essas Pastas"
132
+
133
+ #: index.php:717
134
+ msgid "Scan Logs"
135
+ msgstr "Escanear Logs"
136
+
137
+ #: index.php:713
138
+ msgid "Quarantine"
139
+ msgstr "Quarentena "
140
+
141
+ #: index.php:710
142
+ msgid "White-lists"
143
+ msgstr "White-lists (lista branca)"
144
+
145
+ #: index.php:700
146
+ msgid "No Items in Quarantine"
147
+ msgstr "Não há itens na Quarentena "
148
+
149
+ #: index.php:693
150
+ msgid "View Quarantined File"
151
+ msgstr "Visualizar Arquivo na Quarentena "
152
+
153
+ #: images/index.php:32 index.php:905
154
+ msgid "Potential Threats"
155
+ msgstr "Ameaças potenciais"
156
+
157
+ #: images/index.php:71 index.php:1136
158
+ msgid "You must register and donate to use this feature!"
159
+ msgstr "Você precisa se registrar e fazer uma doação para usar essa funcionalidade!"
160
+
161
+ #: images/index.php:71 index.php:1136
162
+ msgid "This feature is available to those who have donated!"
163
+ msgstr "Este recurso está disponível àqueles que fizeram uma doação!"
164
+
165
+ #: images/index.php:75
166
+ msgid "Your Server could not start a Session!"
167
+ msgstr "Seu servidor não pôde iniciar uma sessão!"
168
+
169
+ #: images/index.php:88
170
+ msgid "Failed to list files in directory!"
171
+ msgstr "Falha ao listar arquivos no diretório!"
172
+
173
+ #: images/index.php:89
174
+ msgid "Quick Scan"
175
+ msgstr "Escaneamento Rápido"
176
+
177
+ #: images/index.php:90
178
+ msgid "View Quarantine"
179
+ msgstr "Ver Quarentena"
180
+
181
+ #: images/index.php:91
182
+ msgid "View Scan Log"
183
+ msgstr "Ver Log de Escaneamento"
184
+
185
+ #: images/index.php:92
186
+ msgid "This Plugin requires WordPress version %s or higher"
187
+ msgstr "Este Plugin requer a versão %s do WordPress, ou superior"
188
+
189
+ #: images/index.php:93
190
+ msgid "Scan Settings"
191
+ msgstr "Configurações de Escaneamento"
192
+
193
+ #: images/index.php:94
194
+ msgid "Loading, Please Wait ..."
195
+ msgstr "Carregando, Aguarde Por Favor..."
196
+
197
+ #: images/index.php:95
198
+ msgid "Automatically Fix SELECTED Files Now"
199
+ msgstr "Corrigir automaticamente os arquivos SELECIONADOS abaixo"
200
+
201
+ #: images/index.php:202 safe-load/trace.php:15
202
+ msgid "an unknown file"
203
+ msgstr "um arquivo desconhecido"
204
+
205
+ #: images/index.php:204 safe-load/trace.php:17
206
+ msgid "unknown"
207
+ msgstr "desconhecido"
208
+
209
+ #: images/index.php:205
210
+ msgid "<b>Headers already sent</b> in %1$s on line %2$s.<br />This is not a good sign, it may just be a poorly written plugin but Headers should not have been sent at this point.<br />Check the code in the above mentioned file to fix this problem."
211
+ msgstr "<b>Cabeçalhos já enviados</b> em %1$s na linha %2$s.<br />Isso não é um bom sinal, pode ser apenas um plugin mal escrito, mas os cabeçalhos não deveriam ter sido enviado neste momento.<br />Verifique o código mencionado abaixo para resolver este problema."
212
+
213
+ #: index.php:1207
214
+ msgid "Your new username must be at least 3 characters and can only contain &quot;%s&quot;. Please try again."
215
+ msgstr "Seu novo nome de usuário precisa conter ao menos 3 caracteres e pode conter apenas &quot;%s&quot;. Tente novamente por favor."
216
+
217
+ #: index.php:1208
218
+ msgid "Change your username:"
219
+ msgstr "Troque seu nome de usuário:"
220
+
221
+ #: index.php:1287
222
+ msgid "Default position"
223
+ msgstr "Posição padrão"
224
+
225
+ #: index.php:1148
226
+ msgid "Failed to remove XMLRPC Protection (.htaccess %s)"
227
+ msgstr "Falha ao remover a proteção XMLRPC (.htaccess %s)"
228
+
229
+ #: index.php:1155
230
+ msgid "Failed to install XMLRPC Protection (.htaccess %s)"
231
+ msgstr "Falha ao instalar a proteção XMLRPC (.htaccess %s)"
232
+
233
+ #: index.php:1159
234
+ msgid "Most WordPress site do not use the XMLRPC features and hack attempt on the xmlrpc.php file are more common then ever before. Even if there are no vulnerabilities for hackers to exploit these attempts can cause slowness or downtime similar to a DDoS attack. This patch automatically blocks all external access to the xmlrpc.php file."
235
+ msgstr "A maioria dos sites em WordPress não usam os recursos XMLRPC e restringir o uso do arquivo xmlrpc.php é mais comuns do que nunca. Mesmo que não haja vulnerabilidades para hackers explorarem essas tentativas podem causar lentidão ou paralisação semelhante a um ataque DDoS. Este patch bloqueia automaticamente todos os acessos externos ao arquivo xmlrpc.php."
236
+
237
+ #: index.php:1169
238
+ msgid "Removed Brute-Force Protection"
239
+ msgstr "Proteção Brute-Force Removida"
240
+
241
+ #: index.php:1174
242
+ msgid "Upgraded Brute-Force Protection"
243
+ msgstr "Proteção Brute-Force Atualizada"
244
+
245
+ #: index.php:1180
246
+ msgid "Installed Brute-Force Protection"
247
+ msgstr "Proteção Brute-Force Instalada"
248
+
249
+ #: index.php:1183
250
+ msgid "Failed to install Brute-Force Protection (wp-config.php %s)"
251
+ msgstr "Falha ao instalar a Proteção Brute-Force (wp-config.php %s)"
252
+
253
+ #: index.php:1185
254
+ msgid "wp-config.php Not Readable!"
255
+ msgstr "wp-config.php Não pode ser lido!"
256
+
257
+ #: index.php:1187
258
+ msgid "wp-config.php Not Found!"
259
+ msgstr "wp-config.php Não Encontrado!"
260
+
261
+ #: index.php:1190
262
+ msgid "Removed Old Brute-Force Login Patch"
263
+ msgstr "Patch antigo de Brute-Force Login Removido"
264
+
265
+ #: index.php:1194
266
+ msgid "This protection is automatically activated with this plugin because of the widespread attack on WordPress that are affecting so many site right now. It is still recommended that you make sure to upgrade and older versions of the Revolution Slider plugin, especially those included in some themes that will not update automatically. Even if you do not have Revolution Slider on your site it still can't hurt to have this protection installed."
267
+ msgstr "Essa proteção é ativada automaticamente com este plugin por causa do ataque generalizado no WordPress que afetam tantos site atualmente. É recomendado que você tenha certeza de atualizar as versões mais antigas do plugin Revolution Slider, especialmente aqueles incluídos em alguns temas que não irão atualizá-lo automaticamente. Mesmo se você não tem Revolution Slider em seu site ainda, é melhor ter essa proteção instalada."
268
+
269
+ #: index.php:1196
270
+ msgid "Checking for session compatibility ..."
271
+ msgstr "Verificando por compatibilidade de sessão..."
272
+
273
+ #: index.php:1196
274
+ msgid " For more information on Brute-Force attack prevention and the WordPress wp-login-php file "
275
+ msgstr "Para mais informação sobre prevenção de ataques Brute-Force e o arquivo wp-login-php do WordPress"
276
+
277
+ #: index.php:1201
278
+ msgid "You username has been change to %s. Don't forget to use your new username when you login again."
279
+ msgstr "Seu nome de usuário foi alterado para %s. Não se esqueça de usar o novo nome de usuário quando fizer login novamente."
280
+
281
+ #: index.php:1203
282
+ msgid "SQL Error changing username: %s. Please try again later."
283
+ msgstr "Erro SQL ao alterar o nome de usuário: %s. Tente novamente por favor. "
284
+
285
+ #: index.php:905
286
+ msgid "WP-Login Updates"
287
+ msgstr "Atualizações no WP-Login"
288
+
289
+ #: index.php:937
290
+ msgid "Scan Complete!"
291
+ msgstr "Escaneamento Completo!"
292
+
293
+ #: index.php:982
294
+ msgid "You are not currently scanning for this type of threat!"
295
+ msgstr "Você não está escaneando para este tipo de ameaça atualmente!"
296
+
297
+ #: index.php:1022
298
+ msgid "NOTE: These are probably not malicious scripts (but it's a good place to start looking <u>IF</u> your site is infected and no Known Threats were found)."
299
+ msgstr "NOTA: Estes provavelmente não são scripts maliciosos (mas é um bom lugar para começar a olhar <u>SE</u> seu site está infectado e não há ameaças conhecidas encontradas)."
300
+
301
+ #: index.php:1022
302
+ msgid "NOTE: We have detected changes to the WordPress Core files on your site. This could be an intentional modification or the malicious work of a hacker. We can restore these files to their original state to preserve the integrity of your original WordPress %s installation."
303
+ msgstr "NOTA: Detectamos alterações nos arquivos do núcleo do WordPress em seu site. Esta poderia ser uma modificação intencional ou o trabalho de um hacker mal-intencionado. Podemos restaurar esses arquivos para seu estado original para preservar a integridade da instalação do seu WordPress %s original."
304
+
305
+ #: index.php:1022 index.php:1196
306
+ msgid "read my blog"
307
+ msgstr "leia meu blog"
308
+
309
+ #: index.php:1025
310
+ msgid "Scan Details:"
311
+ msgstr "Detalhes de Escaneamento:"
312
+
313
+ #: index.php:1045
314
+ msgid "The Quick Scan was unable to finish because of a shortage of memory or a problem accessing a file. Please try using the Complete Scan, it is slower but it will handle these errors better and continue scanning the rest of the files."
315
+ msgstr "O Escaneamento Rápido foi incapaz de terminar devido a uma falta de memória ou um problema ao acessar um arquivo. Por favor, tente usar o escaneamento completo, é mais lento, mas ele vai lidar com esses erros melhor e continuar o escaneamento do restante dos arquivos."
316
+
317
+ #: index.php:1063
318
+ msgid "Completed!"
319
+ msgstr "Completado!"
320
+
321
+ #: index.php:1065
322
+ msgid "Starting Scan ..."
323
+ msgstr "Iniciando Escaneamento..."
324
+
325
+ #: index.php:1119
326
+ msgid "Your WordPress Login page is susceptible to a brute-force attack (just like any other login page). These types of attacks are becoming more prevalent these days and can sometimes cause your server to become slow or unresponsive, even if the attacks do not succeed in gaining access to your site. Applying this patch will block access to the WordPress Login page whenever this type of attack is detected."
327
+ msgstr "Sua página de login do WordPress é suscetível a um ataque de força bruta (assim como qualquer outra página de login). Estes tipos de ataques estão se tornando mais frequentes atualmente, e às vezes pode fazer com que o servidor fique lento ou sem resposta, mesmo se os ataques não conseguem ter acesso ao seu site. Aplicando este patch você irá bloquear o acesso à página de login do WordPress sempre que este tipo de ataque é detectado."
328
+
329
+ #: index.php:1124
330
+ msgid "Your WordPress site has the current version of my brute-force Login protection installed."
331
+ msgstr "Seu site WordPress tem a versão atual da minha proteção de brute-force instalada."
332
+
333
+ #: index.php:1130
334
+ msgid "Your WordPress Login page has the old version of my brute-force protection installed. Upgrade this patch to improve the protection on the WordPress Login page and preserve the integrity of your WordPress core files."
335
+ msgstr "Sua página WordPress tem a versão antiga da minha proteção brute-force instalada. Atualize este patch para melhorar a proteção na página de Login do WordPress e preservar a integridade de seus arquivos de núcleo do WordPress."
336
+
337
+ #: index.php:1136
338
+ msgid "Checking .htaccess file ..."
339
+ msgstr "Verificando arquivo .htaccess..."
340
+
341
+ #: index.php:880
342
+ msgid "Skip files with the following extentions:"
343
+ msgstr "Ignorar arquivos com as seguintes extensões:"
344
+
345
+ #: index.php:881
346
+ msgid "a comma separated list of file extentions to skip"
347
+ msgstr "uma lista de extensões de arquivo separadas por vírgula para ignorar"
348
+
349
+ #: index.php:882
350
+ msgid "Skip directories with the following names:"
351
+ msgstr "Ignorar diretórios com os seguintes nomes:"
352
+
353
+ #: index.php:883
354
+ msgid "a folder name or comma separated list of folder names to skip"
355
+ msgstr "um nome ou uma lista de nomes de pastas, separada por vírgulas para ignorar"
356
+
357
+ #: index.php:884
358
+ msgid "Automatically Update Definitions:"
359
+ msgstr "Definições de Atualização Automática"
360
+
361
+ #: index.php:884
362
+ msgid "This new BETA feature is only available to registered users who have donated at a certain level."
363
+ msgstr "Este novo recurso beta está disponível apenas para usuários registrados que doaram a um determinado nível."
364
+
365
+ #: index.php:884
366
+ msgid "Run Complete Scan"
367
+ msgstr "Rodar o Escaneamento Completo"
368
+
369
+ #: index.php:893
370
+ msgid "Scanned Files"
371
+ msgstr "Arquivos Escaneados"
372
+
373
+ #: index.php:893
374
+ msgid "Selected Folders"
375
+ msgstr "Pastas Selecionadas"
376
+
377
+ #: index.php:893
378
+ msgid "Scanned Folders"
379
+ msgstr "Pastas Escaneadas"
380
+
381
+ #: index.php:893
382
+ msgid "Skipped Folders"
383
+ msgstr "Pastas Ignoradas"
384
+
385
+ #: index.php:893
386
+ msgid "Skipped Files"
387
+ msgstr "Arquivos Ignorados"
388
+
389
+ #: index.php:893
390
+ msgid "Read/Write Errors"
391
+ msgstr "Erros de Leitura/Gravação"
392
+
393
+ #: index.php:893
394
+ msgid "Quarantined Files"
395
+ msgstr "Arquivos em Quarentena"
396
+
397
+ #: index.php:891
398
+ msgid "Another Plugin or Theme is using '%s' to handle output buffers. <br />This prevents actively outputing the buffer on-the-fly and will severely degrade the performance of this (and many other) Plugins. <br />Consider disabling caching and compression plugins (at least during the scanning process)."
399
+ msgstr "Outro Plugin ou Tema está usando '%s' para lidar com buffers de saída. <br /> Isso impede ativamente a saída do buffer em tempo real e irá degradar severamente o desempenho deste (e muitos outros) Plugins. <br /> Considere desabilitar os plugins de compressão ou de cache (pelo menos durante o processo de escaneamento)."
400
+
401
+ #: index.php:874
402
+ msgid "Scan Depth:"
403
+ msgstr "Profundidade do escaneamento:"
404
+
405
+ #: index.php:875
406
+ msgid "how far to drill down"
407
+ msgstr "o quão longe detalhar"
408
+
409
+ #: index.php:875
410
+ msgid "-1 is infinite depth"
411
+ msgstr "-1 é profundidade infinita"
412
+
413
+ #: index.php:878
414
+ msgid "Custom RegExp:"
415
+ msgstr "RegExp Personalizado:"
416
+
417
+ #: index.php:878
418
+ msgid "For very advanced users only. Do not use this without talking to Eli first. If used incorrectly you could easily break your site."
419
+ msgstr "Apenas para usuários muito avançados. Não use isso sem falar com o Eli primeiro. Se você usar incorretamente, você poderá facilmente quebrar seu site."
420
+
421
+ #: index.php:497
422
+ msgid "Last Scan Status"
423
+ msgstr "Último Status de Escaneamento"
424
+
425
+ #: index.php:556
426
+ msgid "Cleared %s records from this log."
427
+ msgstr "%s registros removidos deste log."
428
+
429
+ #: index.php:598
430
+ msgid "No Scans have been logged"
431
+ msgstr "Não há escaneamentos registrados em log."
432
+
433
+ #: index.php:605
434
+ msgid "Globally White-listed files"
435
+ msgstr "Arquivos globalmente marcados como white-list "
436
+
437
+ #: index.php:605
438
+ msgid "# of patterns"
439
+ msgstr "# de padrões "
440
+
441
+ #: index.php:605
442
+ msgid "Date Updated"
443
+ msgstr "Data de Atualização "
444
+
445
+ #: index.php:615
446
+ msgid "WordPress Core files"
447
+ msgstr "Arquivos de núcleo do WordPress"
448
+
449
+ #: index.php:615
450
+ msgid "# of files"
451
+ msgstr "# de arquivos"
452
+
453
+ #: index.php:687
454
+ msgid "Restore selected files"
455
+ msgstr "Restaurar arquivos selecionados"
456
+
457
+ #: index.php:687
458
+ msgid "Are you sure you want to overwrite the previously cleaned files with the selected files in the Quarantine?"
459
+ msgstr "Tem certeza que você quer sobrescrever os arquivos previamente limpos com esses arquivos selecionados na Quarentena?"
460
+
461
+ #: index.php:687
462
+ msgid "Delete selected files"
463
+ msgstr "Excluir arquivos selecionados"
464
+
465
+ #: index.php:687
466
+ msgid "Are you sure you want to permanently delete the selected files in the Quarantine?"
467
+ msgstr "Tem certeza que deseja excluir permanentemente os arquivos selecionados na Quarentena?"
468
+
469
+ #: index.php:687
470
+ msgid "The following items have been found to contain malicious code, they have been cleaned, and the original infected file contents have been saved here in the Quarantine. The code is safe here and you do not need to do anything further with these files."
471
+ msgstr "Os itens a seguir foram encontrados por conter código malicioso, eles foram limpos, e os arquivos com conteúdo original infectado, foram salvos na Quarentena. O código está seguro aqui e você não precisa de mais nada com esses arquivos."
472
+
473
+ #: index.php:688
474
+ msgid "Check all %d"
475
+ msgstr "Verificar todos %d"
476
+
477
+ #: index.php:688
478
+ msgid " Items in Quarantine"
479
+ msgstr "Itens na Quarentena "
480
+
481
+ #: index.php:375
482
+ msgid "Check for Definition Updates Now!"
483
+ msgstr "Verificar Atualização de Definições Agora!"
484
+
485
+ #: index.php:376
486
+ msgid "If you have not already registered your Key then register now using the form below.<br />* All registration fields are required<br />** I will NOT share your information."
487
+ msgstr "Se você ainda não registrou sua Chave, registre-se agora usando o formulário abaixo.<br />* Todos os campos de registro são requeridos<br />**Eu NÃO irei compartilhar suas informações."
488
+
489
+ #: index.php:378
490
+ msgid "Your Full Name:"
491
+ msgstr "Seu Nome Completo:"
492
+
493
+ #: index.php:382
494
+ msgid "A password will be e-mailed to this address:"
495
+ msgstr "Uma senha será enviada a este endereço de e-mail:"
496
+
497
+ #: index.php:385
498
+ msgid "Your WordPress Site URL:"
499
+ msgstr "A URL de seu site em WordPress:"
500
+
501
+ #: index.php:388
502
+ msgid "Plugin Installation Key:"
503
+ msgstr "Chave de instalação do Plugin:"
504
+
505
+ #: index.php:411
506
+ msgid "Please make a donation for the use of this wonderful feature!"
507
+ msgstr "Por favor faça uma doação para usar esse recurso maravilhoso!"
508
+
509
+ #: index.php:417
510
+ msgid "First Name is a required field!"
511
+ msgstr "Primeiro Nome é um campo obrigatório!"
512
+
513
+ #: index.php:419
514
+ msgid "Last Name is a required field!"
515
+ msgstr "Último Nome é um campo obrigatório!"
516
+
517
+ #: index.php:421
518
+ msgid "Email Address is a required field!"
519
+ msgstr "E-mail é um campo obrigatório!"
520
+
521
+ #: index.php:429
522
+ msgid "Your WordPress Site URL is a required field!"
523
+ msgstr "A URL de seu site WordPress é um campo obrigatório!"
524
+
525
+ #: index.php:431
526
+ msgid "Plugin Installation Key is a required field!"
527
+ msgstr "A Chave de Instalação do Plugin é um campo obrigatório!"
528
+
529
+ #: index.php:436
530
+ msgid "Submitting Registration ..."
531
+ msgstr "Enviando o registro..."
532
+
533
+ #: index.php:458
534
+ msgid "Resources & Links"
535
+ msgstr "Links e Recursos"
536
+
537
+ #: index.php:481
538
+ msgid "Make a Donation with PayPal"
539
+ msgstr "Faça uma doação com PayPal"
540
+
541
+ #: index.php:93
542
+ msgid "FAQs"
543
+ msgstr "FAQs"
544
+
545
+ #: index.php:98
546
+ msgid "Main Menu Item placed at the <b>Top</b>"
547
+ msgstr "Item do Menu Principal colocado no <b>Topo</b>"
548
+
549
+ #: index.php:98
550
+ msgid "Main Menu Item placed at the <b>Bottom</b>"
551
+ msgstr "Item do Menu Principal colocado no <b>Rodapé</b>"
552
+
553
+ #: index.php:100
554
+ msgid "Main Menu Item placed below <b>Comments</b> and above <b>Appearance</b>"
555
+ msgstr "Item do Menu Principal colocado abaixo <b>Comentários</b> e acima <b>Aparência</b>"
556
+
557
+ #: index.php:100
558
+ msgid "Main Menu Item placed below <b>Settings</b>"
559
+ msgstr "Item do Menu Principal colocado abaixo <b>Configurações</b>"
560
+
561
+ #: index.php:101
562
+ msgid "Menu Item Placement Options"
563
+ msgstr "Opções de posicionamento de item de menu"
564
+
565
+ #: index.php:106
566
+ msgid "Menu Placement"
567
+ msgstr "Posicionamento de Menu"
568
+
569
+ #: index.php:122
570
+ msgid "Tested your site. It appears we didn't break anything"
571
+ msgstr "Site testado. Parece que nós não quebramos nada"
572
+
573
+ #: index.php:131
574
+ msgid "Upgrade to %s now!"
575
+ msgstr "Upgrade para %s agora!"
576
+
577
+ #: index.php:135
578
+ msgid "Searching for updates ..."
579
+ msgstr "Buscando por atualizações..."
580
+
581
+ #: index.php:190
582
+ msgid "If this is taking too long, click here."
583
+ msgstr "Se isso estiver demorando muito, clique aqui."
584
+
585
+ #: index.php:268
586
+ msgid "No response from server!"
587
+ msgstr "Nenhuma resposta do servidor!"
588
+
589
+ #: index.php:364
590
+ msgid "Updates & Registration"
591
+ msgstr "Registro e Atualizações "
592
+
593
+ #: index.php:372
594
+ msgid "Download new definitions!"
595
+ msgstr "Download de novas definições!"
596
+
597
+ #: index.php:375
598
+ msgid "<p>Get instant access to definition updates.</p>"
599
+ msgstr "<p>Tenha acesso instantâneo à atualizações de definição.</p>"
600
+
601
+ #: images/index.php:648 images/index.php:746
602
+ msgid "Scanning %s"
603
+ msgstr "Escaneando %s"
604
+
605
+ #: images/index.php:665 images/index.php:796
606
+ msgid "Scanned %s"
607
+ msgstr "Escaneado %s"
608
+
609
+ #: images/index.php:706
610
+ msgid "Examine Quarantined File"
611
+ msgstr "Examinar Arquivo na Quarentena "
612
+
613
+ #: images/index.php:708
614
+ msgid "Examine File"
615
+ msgstr "Examinar Arquivo"
616
+
617
+ #: images/index.php:718
618
+ msgid "Failed to determine file size!"
619
+ msgstr "Falha ao determinar tamanho de arquivo!"
620
+
621
+ #: images/index.php:720
622
+ msgid "Skipped because of file size!"
623
+ msgstr "Ignorado por causa do tamanho do arquivo!"
624
+
625
+ #: images/index.php:722
626
+ msgid "Skipped because of file extention!"
627
+ msgstr "Ignorado por causa da extensão do arquivo."
628
+
629
+ #: images/index.php:753
630
+ msgid "Failed to read directory!"
631
+ msgstr "Falha ao ler diretório!"
632
+
633
+ #: images/index.php:771
634
+ msgid "Skipped because of file size (%1$s bytes) or file extention (%2$s)!"
635
+ msgstr "Ignorado por tamanho do arquivo (%1$s bytes) ou extensão (%2$s)!"
636
+
637
+ #: images/index.php:785
638
+ msgid "Failed to read file!"
639
+ msgstr "Falha ao ler arquivo!"
640
+
641
+ #: index.php:87
642
+ msgid "Make sure the Definition Updates are current and Run a Complete Scan."
643
+ msgstr "Tenha ceerteza que a atualização das definições é a mais atual e rode o Escaneamento Completo."
644
+
645
+ #: index.php:87
646
+ msgid "If Known Threats are found and displayed in red then there will be a button to '%s'. If only Potentional Threats are found then there is no automatic fix because those are probably not malicious."
647
+ msgstr "Se ameaças conhecidas forem encontradas e exibidas em vermelho, em seguida, haverá um botão para '%s'. Se apenas ameaças potenciais forem encontradas, então não há nenhuma correção automática porque esses provavelmente não são arquivos maliciosos."
648
+
649
+ #: index.php:87
650
+ msgid "A backup of the original infected files are placed in the Quarantine in case you need to restore them or just want to look at them later. You can delete these files if you don't want to save more."
651
+ msgstr "Um backup dos arquivos originais infectados é colocado na Quarentena em caso de necessidade de restaurá-los ou se você quiser apenas verificá-los depois. Você pode excluir esses arquivos se não quiser utilizá-los mais."
652
+
653
+ #: index.php:86
654
+ msgid "Getting Started"
655
+ msgstr "Iniciando"
656
+
657
+ #: images/index.php:397
658
+ msgid "Failed to read file contents!"
659
+ msgstr "Falha ao ler conteúdo dos arquivos!"
660
+
661
+ #: images/index.php:397
662
+ msgid "Empty file!"
663
+ msgstr "Arquivo vazio!"
664
+
665
+ #: images/index.php:397
666
+ msgid "Fixed file permissions! (try again)"
667
+ msgstr "Permissões de arquivos corrigidas! (tente novamente)"
668
+
669
+ #: images/index.php:397
670
+ msgid "File permissions read-only!"
671
+ msgstr "Permissões de arquivos apenas-leitura!"
672
+
673
+ #: images/index.php:397
674
+ msgid "File not readable!"
675
+ msgstr "Arquivo não pode ser lido!"
676
+
677
+ #: images/index.php:397
678
+ msgid "File does not exist!"
679
+ msgstr "Arquivo não existe!"
680
+
681
+ #: images/index.php:429
682
+ msgid "Success!"
683
+ msgstr "Sucesso!"
684
+
685
+ #: images/index.php:432
686
+ msgid "Failed:"
687
+ msgstr "Falha:"
688
+
689
+ #: images/index.php:432
690
+ msgid "failed to quarantine!"
691
+ msgstr "falha da ação de quarentena!"
692
+
693
+ #: images/index.php:432
694
+ msgid "reason unknown!"
695
+ msgstr "razão desconhecida!"
696
+
697
+ #: images/index.php:432
698
+ msgid "failed to write!"
699
+ msgstr "Falha na escrita!"
700
+
701
+ #: images/index.php:432
702
+ msgid "file not writable!"
703
+ msgstr "arquivo bloqueado para escrita!"
704
+
705
+ #: images/index.php:432
706
+ msgid "no file contents!"
707
+ msgstr "sem conteúdo no arquivo!"
708
+
709
+ #: images/index.php:441 images/index.php:447
710
+ msgid "Already Fixed!"
711
+ msgstr "Já Corrigido!"
712
+
713
+ #: images/index.php:616
714
+ msgid "Preparing %s"
715
+ msgstr "Preparando %s"
716
+
717
+ #: images/index.php:32
718
+ msgid "htaccess Threats"
719
+ msgstr "Ameaças htaccess"
720
+
721
+ #: images/index.php:32
722
+ msgid "TimThumb Exploits"
723
+ msgstr "TimThumb Exploits"
724
+
725
+ #: images/index.php:32
726
+ msgid "Backdoor Scripts"
727
+ msgstr "Backdoor Scripts"
728
+
729
+ #: images/index.php:32
730
+ msgid "Known Threats"
731
+ msgstr "Ameaças Conhecidas"
732
+
733
+ #: images/index.php:32
734
+ msgid "Core File Changes"
735
+ msgstr "Alterações em Arquivos do Núcleo "
736
+
737
+ #: images/index.php:813
738
+ msgid "The <b>base64_decode</b> function is currently disabled by the disable_functions Directive in your server's php.ini file.<br />This function is required for this Anti-Malware plugin to work properly.<br />Check the disable_functions Directive in your php.ini and take out base64_decode to fix this problem."
739
+ msgstr "A função <b>base64_decode</b> está desabilitada atualmente pelas diretivas \"disable_functions\" Do seu servidor, no arquivo php.ini.<br />Esta função é requerida para que esse plugin Anti-Malware funcione corretamente<br />Verifique a diretiva disable_functions em seu arquivo php.ini e remova o base64_decode para resolver esse problema."
740
+
741
+ #: index.php:1026
742
+ msgid "Not flushing OB Handlers: %s"
743
+ msgstr "Não há manipuladores de flush OB: %s"
languages/gotmls.pot CHANGED
@@ -8,7 +8,7 @@ msgid ""
8
  msgstr ""
9
  "Project-Id-Version: GOTMLS\n"
10
  "Report-Msgid-Bugs-To: eli@gotmls.net\n"
11
- "POT-Creation-Date: 2015-07-17 22:47-1000\n"
12
  "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
13
  "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
14
  "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -146,6 +146,9 @@ msgstr ""
146
  msgid "# of files"
147
  msgstr ""
148
 
 
 
 
149
  msgid "Restore selected files"
150
  msgstr ""
151
 
@@ -213,6 +216,12 @@ msgstr ""
213
  msgid "For very advanced users only. Do not use this without talking to Eli first. If used incorrectly you could easily break your site."
214
  msgstr ""
215
 
 
 
 
 
 
 
216
  msgid "Skip files with the following extentions:"
217
  msgstr ""
218
 
@@ -231,6 +240,9 @@ msgstr ""
231
  msgid "This new BETA feature is only available to registered users who have donated at a certain level."
232
  msgstr ""
233
 
 
 
 
234
  msgid "Run Complete Scan"
235
  msgstr ""
236
 
@@ -271,6 +283,9 @@ msgstr ""
271
  msgid "You are not currently scanning for this type of threat!"
272
  msgstr ""
273
 
 
 
 
274
  msgid "NOTE: These are probably not malicious scripts (but it's a good place to start looking <u>IF</u> your site is infected and no Known Threats were found)."
275
  msgstr ""
276
 
@@ -297,6 +312,9 @@ msgstr ""
297
  msgid "Starting Scan ..."
298
  msgstr ""
299
 
 
 
 
300
  msgid "Your WordPress Login page is susceptible to a brute-force attack (just like any other login page). These types of attacks are becoming more prevalent these days and can sometimes cause your server to become slow or unresponsive, even if the attacks do not succeed in gaining access to your site. Applying this patch will block access to the WordPress Login page whenever this type of attack is detected."
301
  msgstr ""
302
 
@@ -372,6 +390,12 @@ msgstr ""
372
  msgid "Change your username:"
373
  msgstr ""
374
 
 
 
 
 
 
 
375
  msgid "Default position"
376
  msgstr ""
377
 
@@ -446,6 +470,9 @@ msgstr ""
446
  msgid "Your Server could not start a Session!"
447
  msgstr ""
448
 
 
 
 
449
  msgid "Failed to list files in directory!"
450
  msgstr ""
451
 
@@ -499,6 +526,9 @@ msgstr ""
499
  msgid "File does not exist!"
500
  msgstr ""
501
 
 
 
 
502
  msgid "Success!"
503
  msgstr ""
504
 
@@ -520,6 +550,9 @@ msgstr ""
520
  msgid "no file contents!"
521
  msgstr ""
522
 
 
 
 
523
  msgid "Already Fixed!"
524
  msgstr ""
525
 
@@ -538,9 +571,6 @@ msgstr ""
538
  msgid "Examine Quarantined File"
539
  msgstr ""
540
 
541
- msgid "Examine File"
542
- msgstr ""
543
-
544
  msgid "Failed to determine file size!"
545
  msgstr ""
546
 
@@ -559,6 +589,3 @@ msgstr ""
559
 
560
  msgid "Failed to read file!"
561
  msgstr ""
562
-
563
- msgid "The <b>base64_decode</b> function is currently disabled by the disable_functions Directive in your server's php.ini file.<br />This function is required for this Anti-Malware plugin to work properly.<br />Check the disable_functions Directive in your php.ini and take out base64_decode to fix this problem."
564
- msgstr ""
8
  msgstr ""
9
  "Project-Id-Version: GOTMLS\n"
10
  "Report-Msgid-Bugs-To: eli@gotmls.net\n"
11
+ "POT-Creation-Date: 2015-11-10 09:38-1000\n"
12
  "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
13
  "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
14
  "Language-Team: LANGUAGE <LL@li.org>\n"
146
  msgid "# of files"
147
  msgstr ""
148
 
149
+ msgid "You have old Quarantined files in the uploads directory on your server. The new quarantine is in your WordPress Database. You need to import these files into your database where they will be safer or just delete the quarantine folder inside /wp-content/uploads/ if you would rather just delete them."
150
+ msgstr ""
151
+
152
  msgid "Restore selected files"
153
  msgstr ""
154
 
216
  msgid "For very advanced users only. Do not use this without talking to Eli first. If used incorrectly you could easily break your site."
217
  msgstr ""
218
 
219
+ msgid "Custom Code to be Checked:"
220
+ msgstr ""
221
+
222
+ msgid "For very advanced users only. If you enter anything in this box then no other files will be scanned on your site."
223
+ msgstr ""
224
+
225
  msgid "Skip files with the following extentions:"
226
  msgstr ""
227
 
240
  msgid "This new BETA feature is only available to registered users who have donated at a certain level."
241
  msgstr ""
242
 
243
+ msgid "Save Settings"
244
+ msgstr ""
245
+
246
  msgid "Run Complete Scan"
247
  msgstr ""
248
 
283
  msgid "You are not currently scanning for this type of threat!"
284
  msgstr ""
285
 
286
+ msgid "Saving these settings requires a valid Nonce Token. No valid Nonce Token was found at this time, either because the token have expired or because the data was invalid. Please try re-submitting the form above."
287
+ msgstr ""
288
+
289
  msgid "NOTE: These are probably not malicious scripts (but it's a good place to start looking <u>IF</u> your site is infected and no Known Threats were found)."
290
  msgstr ""
291
 
312
  msgid "Starting Scan ..."
313
  msgstr ""
314
 
315
+ msgid "Starting a Complete Scan requires a valid Nonce Token. No valid Nonce Token was found at this time, either because the token have expired or because the data was invalid. Please try re-submitting the form above."
316
+ msgstr ""
317
+
318
  msgid "Your WordPress Login page is susceptible to a brute-force attack (just like any other login page). These types of attacks are becoming more prevalent these days and can sometimes cause your server to become slow or unresponsive, even if the attacks do not succeed in gaining access to your site. Applying this patch will block access to the WordPress Login page whenever this type of attack is detected."
319
  msgstr ""
320
 
390
  msgid "Change your username:"
391
  msgstr ""
392
 
393
+ msgid "Your username is \"admin\", this is the most commonly guessed username by hackers and brute-force scripts. It is highly recommended that you change your username immediately."
394
+ msgstr ""
395
+
396
+ msgid "Firewall Options"
397
+ msgstr ""
398
+
399
  msgid "Default position"
400
  msgstr ""
401
 
470
  msgid "Your Server could not start a Session!"
471
  msgstr ""
472
 
473
+ msgid "Invalid or expired Nonce Token!"
474
+ msgstr ""
475
+
476
  msgid "Failed to list files in directory!"
477
  msgstr ""
478
 
526
  msgid "File does not exist!"
527
  msgstr ""
528
 
529
+ msgid "Examine File"
530
+ msgstr ""
531
+
532
  msgid "Success!"
533
  msgstr ""
534
 
550
  msgid "no file contents!"
551
  msgstr ""
552
 
553
+ msgid "Failed: "
554
+ msgstr ""
555
+
556
  msgid "Already Fixed!"
557
  msgstr ""
558
 
571
  msgid "Examine Quarantined File"
572
  msgstr ""
573
 
 
 
 
574
  msgid "Failed to determine file size!"
575
  msgstr ""
576
 
589
 
590
  msgid "Failed to read file!"
591
  msgstr ""
 
 
 
readme.txt CHANGED
@@ -5,8 +5,8 @@ Author URI: http://wordpress.ieonly.com/category/my-plugins/anti-malware/
5
  Contributors: scheeeli, gotmls
6
  Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
7
  Tags: anti-malware, security, scanner, automatic, repair, remove, malware, virus, threat, hacked, malicious, infection, timthumb, exploit, block, brute-force, wp-login, patch, antimalware, revslider, Revolution Slider
8
- Version: 4.15.42
9
- Stable tag: 4.15.42
10
  Requires at least: 3.3
11
  Tested up to: 4.3.1
12
 
@@ -29,7 +29,7 @@ This Anti-Malware scanner searches for Malware, Viruses, and other security thre
29
  * Check the integrity of your WordPress Core files.
30
  * Automatically Download Definition Updates When running a Complete Scan.
31
 
32
- Updated October 28th
33
 
34
  Register this plugin at [GOTMLS.NET](http://gotmls.net/) and get access to new definitions of "Known Threats" and added features like Automatic Removal, plus patches for specific security vulnerabilities like old versions of timthumb. Updated definition files can be downloaded automatically within the admin once your Key is registered. Otherwise, this plugin just scans for "Potential Threats" and leaves it up to you to identify and remove the malicious ones.
35
 
@@ -94,6 +94,12 @@ sucuri.net caches their scan results and will not refresh the scan until you cli
94
 
95
  == Changelog ==
96
 
 
 
 
 
 
 
97
  = 4.15.42 =
98
  * Had to remove the encoding of the Default Definitions to meet the WordPress Plugin Guidelines.
99
 
@@ -361,6 +367,9 @@ sucuri.net caches their scan results and will not refresh the scan until you cli
361
 
362
  == Upgrade Notice ==
363
 
 
 
 
364
  = 4.15.42 =
365
  Had to remove the encoding of the Default Definitions to meet the WordPress Plugin Guidelines.
366
 
5
  Contributors: scheeeli, gotmls
6
  Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
7
  Tags: anti-malware, security, scanner, automatic, repair, remove, malware, virus, threat, hacked, malicious, infection, timthumb, exploit, block, brute-force, wp-login, patch, antimalware, revslider, Revolution Slider
8
+ Version: 4.15.43
9
+ Stable tag: 4.15.43
10
  Requires at least: 3.3
11
  Tested up to: 4.3.1
12
 
29
  * Check the integrity of your WordPress Core files.
30
  * Automatically Download Definition Updates When running a Complete Scan.
31
 
32
+ Updated November 10th
33
 
34
  Register this plugin at [GOTMLS.NET](http://gotmls.net/) and get access to new definitions of "Known Threats" and added features like Automatic Removal, plus patches for specific security vulnerabilities like old versions of timthumb. Updated definition files can be downloaded automatically within the admin once your Key is registered. Otherwise, this plugin just scans for "Potential Threats" and leaves it up to you to identify and remove the malicious ones.
35
 
94
 
95
  == Changelog ==
96
 
97
+ = 4.15.43 =
98
+ * Added Core Files to the Quick Scan list on the admin menu.
99
+ * Added a nonce token to prevent Cross-Site Request Forgery by admins who are logged-in from another site.
100
+ * Hardened against XSS vulnerability triggered by the file names being scanned (thanks to Mahadev Subedi).
101
+ * Improved brute-force patch compatibility with alternate wp-config.php location.
102
+
103
  = 4.15.42 =
104
  * Had to remove the encoding of the Default Definitions to meet the WordPress Plugin Guidelines.
105
 
367
 
368
  == Upgrade Notice ==
369
 
370
+ = 4.15.43 =
371
+ Improved brute-force patch compatibility, added Core Files to the Quick Scan list, added a nonce token to prevent Cross-Site Request Forgery by admins who are logged-in, and hardened against XSS vulnerability triggered by bad file names.
372
+
373
  = 4.15.42 =
374
  Had to remove the encoding of the Default Definitions to meet the WordPress Plugin Guidelines.
375