Version Description
Fixed PHP Notice about an array to string conversion with some rare global variable conditions.
Download this release
Release Info
Developer | scheeeli |
Plugin | Anti-Malware Security and Brute-Force Firewall |
Version | 4.16.39 |
Comparing to | |
See all releases |
Code changes from version 4.16.38 to 4.16.39
- images/index.php +3 -3
- index.php +1 -1
- readme.txt +9 -127
images/index.php
CHANGED
@@ -186,15 +186,15 @@ $GOTMLS_dirs_at_depth = array();
|
|
186 |
$GLOBAL_STRING = array("REQUEST" => "&","SERVER" => "&","FILES" => "&");
|
187 |
if (isset($_REQUEST) && is_array($_REQUEST))
|
188 |
foreach ($_REQUEST as $req => $val)
|
189 |
-
$GLOBAL_STRING["REQUEST"] .= "$req
|
190 |
if (isset($_SERVER) && is_array($_SERVER))
|
191 |
foreach ($_SERVER as $req => $val)
|
192 |
-
$GLOBAL_STRING["SERVER"] .= "$req
|
193 |
if (isset($_FILES) && is_array($_FILES))
|
194 |
foreach ($_FILES as $req => $fila)
|
195 |
foreach (array("tmp_name","name") as $val)
|
196 |
if (isset($fila["$val"]))
|
197 |
-
$GLOBAL_STRING["FILES"] .= "$req.$val="
|
198 |
if (!(isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["firewall"]) && array($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["firewall"])))
|
199 |
$GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["firewall"] = array(
|
200 |
"RevSlider"=>array("CCIGG", __("Revolution Slider Exploit Protection",'gotmls'), __("This protection is automatically activated because of the widespread attacks on WordPress that have affected so many sites. It is still recommended that you make sure to upgrade any older versions of the Revolution Slider plugin, especially those included in themes that will not update automatically. Even if you don't think you have Revolution Slider on your site it doen't hurt to have this protection enabled.",'gotmls'), array('/\/admin-ajax\.php/i' => "SERVER", '/\&img=[^\&]*(?<!\.'.implode(')(?<!\.', array_slice($GLOBALS["GOTMLS"]["tmp"]["skip_ext"], 0, 10)).')\&/i' => "REQUEST")),
|
186 |
$GLOBAL_STRING = array("REQUEST" => "&","SERVER" => "&","FILES" => "&");
|
187 |
if (isset($_REQUEST) && is_array($_REQUEST))
|
188 |
foreach ($_REQUEST as $req => $val)
|
189 |
+
$GLOBAL_STRING["REQUEST"] .= "$req=".(is_array($val)?print_r($val,1):$val)."&";
|
190 |
if (isset($_SERVER) && is_array($_SERVER))
|
191 |
foreach ($_SERVER as $req => $val)
|
192 |
+
$GLOBAL_STRING["SERVER"] .= "$req=".(is_array($val)?print_r($val,1):$val)."&";
|
193 |
if (isset($_FILES) && is_array($_FILES))
|
194 |
foreach ($_FILES as $req => $fila)
|
195 |
foreach (array("tmp_name","name") as $val)
|
196 |
if (isset($fila["$val"]))
|
197 |
+
$GLOBAL_STRING["FILES"] .= "$req.$val=".(is_array($fila["$val"])?print_r($fila["$val"],1):$fila["$val"])."&";
|
198 |
if (!(isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["firewall"]) && array($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["firewall"])))
|
199 |
$GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["firewall"] = array(
|
200 |
"RevSlider"=>array("CCIGG", __("Revolution Slider Exploit Protection",'gotmls'), __("This protection is automatically activated because of the widespread attacks on WordPress that have affected so many sites. It is still recommended that you make sure to upgrade any older versions of the Revolution Slider plugin, especially those included in themes that will not update automatically. Even if you don't think you have Revolution Slider on your site it doen't hurt to have this protection enabled.",'gotmls'), array('/\/admin-ajax\.php/i' => "SERVER", '/\&img=[^\&]*(?<!\.'.implode(')(?<!\.', array_slice($GLOBALS["GOTMLS"]["tmp"]["skip_ext"], 0, 10)).')\&/i' => "REQUEST")),
|
index.php
CHANGED
@@ -8,7 +8,7 @@ Author URI: http://wordpress.ieonly.com/category/my-plugins/anti-malware/
|
|
8 |
Contributors: scheeeli, gotmls
|
9 |
Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
|
10 |
Description: This Anti-Virus/Anti-Malware plugin searches for Malware and other Virus like threats and vulnerabilities on your server and helps you remove them. It's always growing and changing to adapt to new threats so let me know if it's not working for you.
|
11 |
-
Version: 4.16.
|
12 |
*/
|
13 |
if (isset($_SERVER["DOCUMENT_ROOT"]) && ($SCRIPT_FILE = str_replace($_SERVER["DOCUMENT_ROOT"], "", isset($_SERVER["SCRIPT_FILENAME"])?$_SERVER["SCRIPT_FILENAME"]:isset($_SERVER["SCRIPT_NAME"])?$_SERVER["SCRIPT_NAME"]:"")) && strlen($SCRIPT_FILE) > strlen("/".basename(__FILE__)) && substr(__FILE__, -1 * strlen($SCRIPT_FILE)) == substr($SCRIPT_FILE, -1 * strlen(__FILE__)))
|
14 |
include(dirname(__FILE__)."/safe-load/index.php");
|
8 |
Contributors: scheeeli, gotmls
|
9 |
Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
|
10 |
Description: This Anti-Virus/Anti-Malware plugin searches for Malware and other Virus like threats and vulnerabilities on your server and helps you remove them. It's always growing and changing to adapt to new threats so let me know if it's not working for you.
|
11 |
+
Version: 4.16.39
|
12 |
*/
|
13 |
if (isset($_SERVER["DOCUMENT_ROOT"]) && ($SCRIPT_FILE = str_replace($_SERVER["DOCUMENT_ROOT"], "", isset($_SERVER["SCRIPT_FILENAME"])?$_SERVER["SCRIPT_FILENAME"]:isset($_SERVER["SCRIPT_NAME"])?$_SERVER["SCRIPT_NAME"]:"")) && strlen($SCRIPT_FILE) > strlen("/".basename(__FILE__)) && substr(__FILE__, -1 * strlen($SCRIPT_FILE)) == substr($SCRIPT_FILE, -1 * strlen(__FILE__)))
|
14 |
include(dirname(__FILE__)."/safe-load/index.php");
|
readme.txt
CHANGED
@@ -5,8 +5,8 @@ Author URI: http://wordpress.ieonly.com/category/my-plugins/anti-malware/
|
|
5 |
Contributors: scheeeli, gotmls
|
6 |
Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
|
7 |
Tags: security, firewall, anti-malware, scanner, automatic, repair, remove, malware, virus, threat, hacked, malicious, infection, timthumb, exploit, block, brute-force, wp-login, patch, antimalware, revslider, Revolution Slider
|
8 |
-
Version: 4.16.
|
9 |
-
Stable tag: 4.16.
|
10 |
Requires at least: 3.3
|
11 |
Tested up to: 4.6.1
|
12 |
|
@@ -27,7 +27,7 @@ This Anti-Malware scanner searches for Malware, Viruses, and other security thre
|
|
27 |
* Check the integrity of your WordPress Core files.
|
28 |
* Automatically download new Definition Updates when running a Complete Scan.
|
29 |
|
30 |
-
Updated September
|
31 |
|
32 |
Register this plugin at [GOTMLS.NET](http://gotmls.net/) and get access to new definitions of "Known Threats" and added features like Automatic Removal, plus patches for specific security vulnerabilities like old versions of timthumb. Updated definition files can be downloaded automatically within the admin once your Key is registered. Otherwise, this plugin just scans for "Potential Threats" and leaves it up to you to identify and remove the malicious ones.
|
33 |
|
@@ -301,100 +301,45 @@ sucuri.net caches their scan results and will not refresh the scan until you cli
|
|
301 |
|
302 |
= 1.3.02.15 =
|
303 |
* Improved security on the Quarantine directory to fix the 500 error on some servers.
|
304 |
-
|
305 |
-
= 1.2.12.31 =
|
306 |
* Fixed count of Quarantined items.
|
307 |
* Added htaccess security to the Uploads directory.
|
308 |
-
|
309 |
-
= 1.2.12.30 =
|
310 |
-
* Fixed progress bar bug in the last release.
|
311 |
* Linked the Quarantined items to the File Examiner.
|
312 |
-
|
313 |
-
= 1.2.12.29 =
|
314 |
-
* Brought back the TimThumb and htaccess scan categories.
|
315 |
* Added a scan category for Backdoor Scripts.
|
316 |
-
|
317 |
-
= 1.2.12.14 =
|
318 |
-
* Fixed bugs in the last release.
|
319 |
-
|
320 |
-
= 1.2.12.12 =
|
321 |
* Consolidated the Definition Types and added a Whitelist category.
|
322 |
* Completely redesigned the Definition Updates to handle incremental updates.
|
323 |
* Added "View Quarantine" to the menu.
|
324 |
-
|
325 |
-
= 1.2.11.15 =
|
326 |
* Enhanced Output Buffer to work with compression enabled (like ob_gzhandler).
|
327 |
* Moved the quarantine to the uploads directory to protect against blanket inclusion.
|
328 |
-
|
329 |
-
= 1.2.10.31 =
|
330 |
* Fixed Output Buffer issue for when ob_start has already been called.
|
331 |
-
|
332 |
-
= 1.2.10.27 =
|
333 |
* Enhanced the Automatic Fix process to handle bad directory permissions.
|
334 |
* Added more detailed error messages for different types of file errors.
|
335 |
-
* Fixed calculation for Time Remaining on the Progress Bar.
|
336 |
-
|
337 |
-
= 1.2.10.16 =
|
338 |
-
* Re-calibrated the Progress Bar on the Quick Scan.
|
339 |
* Improved overall error handling.
|
340 |
* Minor UI enhancements and a few bug fixes.
|
341 |
-
|
342 |
-
= 1.2.10.05 =
|
343 |
* Completely revamped the scan engine to handle large file systems with better error handling.
|
344 |
* Enhanced the results for the Automatic Fix process.
|
345 |
* Fixed a few other small bugs.
|
346 |
-
|
347 |
-
= 1.2.09.22 =
|
348 |
* Enhanced the iFrame for the File Viewer and Automatic Fix process.
|
349 |
* Improved error handling during the scan.
|
350 |
-
* Fixed update checker script.
|
351 |
-
|
352 |
-
= 1.2.09.15 =
|
353 |
-
* Fixed major bug in unregistered scan definition interpretation that causes many false positives.
|
354 |
* Moved the File Viewer and Automatic Fix process into an iFrame to decrease scan time and memory usage.
|
355 |
* Enhanced the Automatic Fix process for better success with read-only files.
|
356 |
* Improved code cleanup process and general efficiency of the scan.
|
357 |
-
|
358 |
-
= 1.2.08.31 =
|
359 |
* Encoded definition update for better compatibility with some servers that have post limitation.
|
360 |
-
* Improved the code cleanup expression that is applied after removal of known threats.
|
361 |
-
|
362 |
-
= 1.2.07.29 =
|
363 |
-
* Fixed return URL on Donate form.
|
364 |
-
|
365 |
-
= 1.2.07.20 =
|
366 |
* Fixed XSS vulnerability.
|
367 |
-
|
368 |
-
= 1.2.05.20 =
|
369 |
* Changed registration to allow for multiple sites/keys to be registered under one user/email.
|
370 |
-
|
371 |
-
= 1.2.05.04 =
|
372 |
-
* Fixed "Invalid Threat level" Error on default values for pre-registration scans.
|
373 |
* Changed auto-update path to update threat level array for all new definition updates.
|
374 |
-
|
375 |
-
= 1.2.04.24 =
|
376 |
-
* Fixed auto-update script to update scan level even if there is no new definitions.
|
377 |
-
|
378 |
-
= 1.2.04.09 =
|
379 |
-
* Added more info about registration to the readme file.
|
380 |
* Updated timthumb replacement patch to version 2.8.10 per WordPress.org plugins requirement.
|
381 |
-
* Fixed menu option placement to work just as well as a sub-menu under tools.
|
382 |
-
|
383 |
-
= 1.2.04.08 =
|
384 |
* Fixed option to exclude directories so that the scan would not get stuck if omitted.
|
385 |
* Added support for winblows servers using BACKSLASH directory structures.
|
386 |
-
* Added option to exclude directories.
|
387 |
* Changed definition updates to write to the DB instead of a file.
|
388 |
-
* Added better messages about available updates.
|
389 |
-
|
390 |
-
= 1.2.03.28 =
|
391 |
-
* Fixed registration form and some of the links on the settings page.
|
392 |
|
393 |
= 1.2.03.23 =
|
394 |
-
* First
|
395 |
|
396 |
== Upgrade Notice ==
|
397 |
|
|
|
|
|
|
|
398 |
= 4.16.38 =
|
399 |
Added more firewall options, moved Scan Log from to the main Setings page, and fixed PHP Warning about an invalid argument and some other bugs too.
|
400 |
|
@@ -546,70 +491,7 @@ Fixed a major bug in yesterdays release broke the login page on some sites.
|
|
546 |
Added a patch for the wp-login.php brute force attack and fixed a few other small bugs.
|
547 |
|
548 |
= 1.3.02.15 =
|
549 |
-
Improved security on the Quarantine directory to fix the 500 error on some servers.
|
550 |
-
|
551 |
-
= 1.2.12.31 =
|
552 |
-
Fixed count of Quarantined items and added htaccess security to the Uploads directory.
|
553 |
-
|
554 |
-
= 1.2.12.30 =
|
555 |
-
Fixed progress bar bug and linked the Quarantined items to the File Examiner.
|
556 |
-
|
557 |
-
= 1.2.12.29 =
|
558 |
-
Brought back the TimThumb and htaccess scan categories and added a category for Backdoor Scripts.
|
559 |
-
|
560 |
-
= 1.2.12.14 =
|
561 |
-
Fixed bugs in the last release.
|
562 |
-
|
563 |
-
= 1.2.12.12 =
|
564 |
-
BETA Release: Consolidated Definition Types and completely redesigned the Definition Updates.
|
565 |
-
|
566 |
-
= 1.2.11.15 =
|
567 |
-
Enhanced Output Buffer to work with compression enabled and moved the quarantine.
|
568 |
-
|
569 |
-
= 1.2.10.31 =
|
570 |
-
Fixed Output Buffer issue for when ob_start has already been called.
|
571 |
-
|
572 |
-
= 1.2.10.27 =
|
573 |
-
Enhanced the Automatic Fix to handle bad directory permissions, added more detailed error messages, and fixed calculation for Time Remaining.
|
574 |
-
|
575 |
-
= 1.2.10.16 =
|
576 |
-
Re-calibrated the Progress Bar, improved error handling, and fixed a few minor bugs.
|
577 |
-
|
578 |
-
= 1.2.10.05 =
|
579 |
-
Completely revamped the scan engine, enhanced the Automatic Fix results, and fixed a few other small bugs.
|
580 |
-
|
581 |
-
= 1.2.09.22 =
|
582 |
-
Enhanced the iFrame for the File Viewer and Automatic Fix process and improved error handling.
|
583 |
-
|
584 |
-
= 1.2.09.15 =
|
585 |
-
Fixed major bug in unregistered scan definition interpretation and moved the File Viewer and Automatic Fix into an iFrame for efficiency and enhanced for better success with read-only files.
|
586 |
-
|
587 |
-
= 1.2.08.31 =
|
588 |
-
Encoded definition update to broaden server compatibility and improved the code cleanup expression after threat removal.
|
589 |
-
|
590 |
-
= 1.2.07.29 =
|
591 |
-
Fixed return URL on Donate form.
|
592 |
-
|
593 |
-
= 1.2.07.20 =
|
594 |
-
Fixed XSS vulnerability.
|
595 |
-
|
596 |
-
= 1.2.05.20 =
|
597 |
-
Changed registration to allow for multiple sites/keys to be registered under one user/email.
|
598 |
-
|
599 |
-
= 1.2.05.04 =
|
600 |
-
Fixed Threat Level error and changed auto-update path to update threat level array for all new definition updates.
|
601 |
-
|
602 |
-
= 1.2.04.24 =
|
603 |
-
Fixed auto-update script to update scan level even if there is no new definitions.
|
604 |
-
|
605 |
-
= 1.2.04.09 =
|
606 |
-
Added more info about registration to the readme file, Updated timthumb replacement patch to version 2.8.10, and fixed menu option placement.
|
607 |
-
|
608 |
-
= 1.2.04.08 =
|
609 |
-
Fixed option to exclude directories, added support for winblows servers using BACKSLASHES, changed definition updates to write to the DB instead of a file, and added better messages about available updates.
|
610 |
-
|
611 |
-
= 1.2.03.28 =
|
612 |
-
Fixed registration form and some of the links on the settings page.
|
613 |
|
614 |
= 1.2.03.23 =
|
615 |
-
First
|
5 |
Contributors: scheeeli, gotmls
|
6 |
Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
|
7 |
Tags: security, firewall, anti-malware, scanner, automatic, repair, remove, malware, virus, threat, hacked, malicious, infection, timthumb, exploit, block, brute-force, wp-login, patch, antimalware, revslider, Revolution Slider
|
8 |
+
Version: 4.16.39
|
9 |
+
Stable tag: 4.16.39
|
10 |
Requires at least: 3.3
|
11 |
Tested up to: 4.6.1
|
12 |
|
27 |
* Check the integrity of your WordPress Core files.
|
28 |
* Automatically download new Definition Updates when running a Complete Scan.
|
29 |
|
30 |
+
Updated September 16th
|
31 |
|
32 |
Register this plugin at [GOTMLS.NET](http://gotmls.net/) and get access to new definitions of "Known Threats" and added features like Automatic Removal, plus patches for specific security vulnerabilities like old versions of timthumb. Updated definition files can be downloaded automatically within the admin once your Key is registered. Otherwise, this plugin just scans for "Potential Threats" and leaves it up to you to identify and remove the malicious ones.
|
33 |
|
301 |
|
302 |
= 1.3.02.15 =
|
303 |
* Improved security on the Quarantine directory to fix the 500 error on some servers.
|
|
|
|
|
304 |
* Fixed count of Quarantined items.
|
305 |
* Added htaccess security to the Uploads directory.
|
|
|
|
|
|
|
306 |
* Linked the Quarantined items to the File Examiner.
|
|
|
|
|
|
|
307 |
* Added a scan category for Backdoor Scripts.
|
|
|
|
|
|
|
|
|
|
|
308 |
* Consolidated the Definition Types and added a Whitelist category.
|
309 |
* Completely redesigned the Definition Updates to handle incremental updates.
|
310 |
* Added "View Quarantine" to the menu.
|
|
|
|
|
311 |
* Enhanced Output Buffer to work with compression enabled (like ob_gzhandler).
|
312 |
* Moved the quarantine to the uploads directory to protect against blanket inclusion.
|
|
|
|
|
313 |
* Fixed Output Buffer issue for when ob_start has already been called.
|
|
|
|
|
314 |
* Enhanced the Automatic Fix process to handle bad directory permissions.
|
315 |
* Added more detailed error messages for different types of file errors.
|
|
|
|
|
|
|
|
|
316 |
* Improved overall error handling.
|
317 |
* Minor UI enhancements and a few bug fixes.
|
|
|
|
|
318 |
* Completely revamped the scan engine to handle large file systems with better error handling.
|
319 |
* Enhanced the results for the Automatic Fix process.
|
320 |
* Fixed a few other small bugs.
|
|
|
|
|
321 |
* Enhanced the iFrame for the File Viewer and Automatic Fix process.
|
322 |
* Improved error handling during the scan.
|
|
|
|
|
|
|
|
|
323 |
* Moved the File Viewer and Automatic Fix process into an iFrame to decrease scan time and memory usage.
|
324 |
* Enhanced the Automatic Fix process for better success with read-only files.
|
325 |
* Improved code cleanup process and general efficiency of the scan.
|
|
|
|
|
326 |
* Encoded definition update for better compatibility with some servers that have post limitation.
|
|
|
|
|
|
|
|
|
|
|
|
|
327 |
* Fixed XSS vulnerability.
|
|
|
|
|
328 |
* Changed registration to allow for multiple sites/keys to be registered under one user/email.
|
|
|
|
|
|
|
329 |
* Changed auto-update path to update threat level array for all new definition updates.
|
|
|
|
|
|
|
|
|
|
|
|
|
330 |
* Updated timthumb replacement patch to version 2.8.10 per WordPress.org plugins requirement.
|
|
|
|
|
|
|
331 |
* Fixed option to exclude directories so that the scan would not get stuck if omitted.
|
332 |
* Added support for winblows servers using BACKSLASH directory structures.
|
|
|
333 |
* Changed definition updates to write to the DB instead of a file.
|
|
|
|
|
|
|
|
|
334 |
|
335 |
= 1.2.03.23 =
|
336 |
+
* First versions available for WordPress (code removed, no longer compatible).
|
337 |
|
338 |
== Upgrade Notice ==
|
339 |
|
340 |
+
= 4.16.39 =
|
341 |
+
Fixed PHP Notice about an array to string conversion with some rare global variable conditions.
|
342 |
+
|
343 |
= 4.16.38 =
|
344 |
Added more firewall options, moved Scan Log from to the main Setings page, and fixed PHP Warning about an invalid argument and some other bugs too.
|
345 |
|
491 |
Added a patch for the wp-login.php brute force attack and fixed a few other small bugs.
|
492 |
|
493 |
= 1.3.02.15 =
|
494 |
+
Improved security on the Quarantine directory to fix the 500 error on some servers (Plus many other improvement from v1.2: see Changelog for details)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
495 |
|
496 |
= 1.2.03.23 =
|
497 |
+
First versions available for WordPress (code removed, no longer compatible).
|