Anti-Malware Security and Brute-Force Firewall - Version 4.17.57

Version Description

  • Updated code for compatibility with WP 4.9.3 (latest release).
  • Fixed registration form and alternate domain for definition updates to work on HTTPS.
  • Fixed the wording on the Title check error message.
Download this release

Release Info

Developer scheeeli
Plugin Icon 128x128 Anti-Malware Security and Brute-Force Firewall
Version 4.17.57
Comparing to
See all releases

Code changes from version 1.3.02.15 to 4.17.57

images/.htaccess ADDED
@@ -0,0 +1,8 @@
 
 
 
 
 
 
 
 
1
+ # BEGIN GOTMLS Directory Protection
2
+ <IfModule mod_rewrite.c>
3
+ RewriteEngine On
4
+ RewriteCond %{REQUEST_FILENAME} !-f
5
+ RewriteCond %{REQUEST_FILENAME} !-d
6
+ RewriteRule . index.php [L]
7
+ </IfModule>
8
+ # END GOTMLS Directory Protection
images/GOTMLS-16x16.gif CHANGED
Binary file
images/index.php CHANGED
@@ -1,2 +1,1193 @@
1
  <?php
2
- //code removed, no longer compatible
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
  <?php
2
+ /**
3
+ * GOTMLS Plugin Global Variables and Functions
4
+ * @package GOTMLS
5
+ */
6
+
7
+ if (!function_exists("GOTMLS_define")) {
8
+ function GOTMLS_define($DEF, $val) {
9
+ if (!defined($DEF))
10
+ define($DEF, $val);
11
+ }}
12
+
13
+ $file = basename(__FILE__);
14
+ GOTMLS_define("GOTMLS_local_images_path", substr(__FILE__, 0, strlen(__FILE__) - strlen($file)));
15
+ GOTMLS_define("GOTMLS_plugin_path", substr(dirname(__FILE__), 0, strlen(dirname(__FILE__)) - strlen(basename(dirname(__FILE__)))));
16
+ if (is_file(GOTMLS_plugin_path.$file) && ($contents = @file_get_contents(GOTMLS_plugin_path.$file)) && preg_match('/\nversion:\s*([0-9\.]+)/i', $contents, $match))
17
+ GOTMLS_define("GOTMLS_Version", $match[1]);
18
+ else
19
+ GOTMLS_define("GOTMLS_Version", "Unknown");
20
+ GOTMLS_define("GOTMLS_require_version", "3.3");
21
+
22
+ if (!function_exists("__")) {
23
+ function __($text, $domain = "gotmls") {
24
+ return $text;
25
+ }}
26
+
27
+ $bad = array("eval", "preg_replace", "auth_pass");
28
+ $GLOBALS["GOTMLS"] = array(
29
+ "tmp"=>array("HeadersError"=>"", "onLoad"=>"", "file_contents"=>"", "new_contents"=>"", "threats_found"=>array(),
30
+ "skip_dirs" => array(".", ".."), "scanfiles" => array(), "nonce"=>array(),
31
+ "mt" => ((isset($_REQUEST["mt"])&&is_numeric($_REQUEST["mt"]))?$_REQUEST["mt"]:microtime(true)),
32
+ "threat_files" => array("htaccess"=>".htaccess","timthumb"=>"thumb.php"),
33
+ "threat_levels" => array(__("htaccess Threats",'gotmls')=>"htaccess",__("TimThumb Exploits",'gotmls')=>"timthumb",__("Backdoor Scripts",'gotmls')=>"backdoor",__("Known Threats",'gotmls')=>"known",__("Core File Changes",'gotmls')=>"wp_core",__("Potential Threats",'gotmls')=>"potential"),
34
+ "apache" => array(),
35
+ "skip_ext"=>array("png", "jpg", "jpeg", "gif", "bmp", "tif", "tiff", "psd", "svg", "ico", "doc", "docx", "ttf", "fla", "flv", "mov", "mp3", "pdf", "css", "pot", "po", "mo", "so", "exe", "zip", "7z", "gz", "rar"),
36
+ "execution_time" => 60,
37
+ "default" => array("msg_position" => array("80px", "40px", "400px", "600px")),
38
+ "Definition" => array("Default" => "CCIGG"),
39
+ "definitions_array" => array(
40
+ "potential"=>array(
41
+ $bad[0]=>array("CCIGG", "/[^a-z_\\/'\"]".$bad[0]."\\(.+\\)+\\s*;/i"),
42
+ $bad[1]." /e"=>array("CCIGG", "/".$bad[1]."[\\s*\\(]+(['\"])([\\!\\/\\#\\|\\@\\%\\^\\*\\~]).+?\\2[imsx]*e[imsx]*\\1\\s*,[^,]+,[^\\)]+[\\);\\s]+(\\?>|\$)/i"),
43
+ $bad[2]=>array("CCIGG", "/\\\$".$bad[2]."\\s*=.+;/i"),
44
+ "function add_action wp_enqueue_script json2"=>array("CCIGG", "/json2\\.min\\.js/i"),
45
+ "Tagged Code"=>array("CCIGG", "/\\#(\\w+)\\#.+?\\#\\/\\1\\#/is"),
46
+ "protected by copyright"=>array("CCIGG", "/\\/\\* This file is protected by copyright law and provided under license. Reverse engineering of this file is strictly prohibited. \\*\\//i")),
47
+ )
48
+ )
49
+ );
50
+ if (isset($_SERVER["HTTP_HOST"]))
51
+ $SERVER_HTTP = 'HOST://'.$_SERVER["HTTP_HOST"];
52
+ elseif (isset($_SERVER["SERVER_NAME"]))
53
+ $SERVER_HTTP = 'NAME://'.$_SERVER["SERVER_NAME"];
54
+ elseif (isset($_SERVER["SERVER_ADDR"]))
55
+ $SERVER_HTTP = 'ADDR://'.$_SERVER["SERVER_ADDR"];
56
+ else
57
+ $SERVER_HTTP = "NULL://not.anything.com";
58
+ if (isset($_SERVER["SERVER_PORT"]) && $_SERVER["SERVER_PORT"])
59
+ $SERVER_HTTP .= ":".$_SERVER["SERVER_PORT"];
60
+ $SERVER_parts = explode(":", $SERVER_HTTP);
61
+ if ((isset($_SERVER["HTTPS"]) && ($_SERVER["HTTPS"] == "on" || $_SERVER["HTTPS"] == 1)) || (count($SERVER_parts) > 2 && $SERVER_parts[2] == "443"))
62
+ $GLOBALS["GOTMLS"]["tmp"]["protocol"] = "https:";
63
+ else
64
+ $GLOBALS["GOTMLS"]["tmp"]["protocol"] = "http:";
65
+ GOTMLS_define("GOTMLS_script_URI", preg_replace('/\&(last_)?mt=[0-9\.]+/i', '', str_replace('&amp;', '&', htmlspecialchars($_SERVER["REQUEST_URI"], ENT_QUOTES))).'&mt='.$GLOBALS["GOTMLS"]["tmp"]["mt"]);
66
+ GOTMLS_define("GOTMLS_plugin_home", $GLOBALS["GOTMLS"]["tmp"]["protocol"]."//gotmls.net/");
67
+
68
+ if (!function_exists("GOTMLS_encode")) {
69
+ function GOTMLS_encode($unencoded_string) {
70
+ if (function_exists("base64_encode"))
71
+ $encoded_string = base64_encode($unencoded_string);
72
+ elseif (function_exists("mb_convert_encoding"))
73
+ $encoded_string = mb_convert_encoding($unencoded_string, "BASE64", "UTF-8");
74
+ else
75
+ $encoded_string = "Cannot encode: $unencoded_string function_exists: ";
76
+ $encoded_array = explode("=", $encoded_string."=");
77
+ return strtr($encoded_array[0], "+/0", "-_=").(count($encoded_array)-1);
78
+ }}
79
+
80
+ if (!function_exists("GOTMLS_decode")) {
81
+ function GOTMLS_decode($encoded_string) {
82
+ $tail = 0;
83
+ if (strlen($encoded_string) > 1 && is_numeric(substr($encoded_string, -1)) && substr($encoded_string, -1) > 0)
84
+ $tail = substr($encoded_string, -1) - 1;
85
+ else
86
+ $encoded_string .= "$tail";
87
+ $encoded_string = strtr(substr($encoded_string, 0, -1), "-_=", "+/0").str_repeat("=", $tail);
88
+ if (function_exists("base64_decode"))
89
+ return base64_decode($encoded_string);
90
+ elseif (function_exists("mb_convert_encoding"))
91
+ return mb_convert_encoding($encoded_string, "UTF-8", "BASE64");
92
+ else
93
+ return "Cannot decode: $encoded_string";
94
+ }}
95
+
96
+ GOTMLS_define("GOTMLS_Failed_to_list_LANGUAGE", __("Failed to list files in directory!",'gotmls'));
97
+ GOTMLS_define("GOTMLS_Run_Quick_Scan_LANGUAGE", __("Quick Scan",'gotmls'));
98
+ GOTMLS_define("GOTMLS_View_Quarantine_LANGUAGE", __("View Quarantine",'gotmls'));
99
+ GOTMLS_define("GOTMLS_View_Scan_Log_LANGUAGE", __("View Scan Log",'gotmls'));
100
+ GOTMLS_define("GOTMLS_require_version_LANGUAGE", sprintf(__("This Plugin requires WordPress version %s or higher",'gotmls'), GOTMLS_require_version));
101
+ GOTMLS_define("GOTMLS_Scan_Settings_LANGUAGE", __("Scan Settings",'gotmls'));
102
+ GOTMLS_define("GOTMLS_Loading_LANGUAGE", __("Loading, Please Wait ...",'gotmls'));
103
+ GOTMLS_define("GOTMLS_Automatically_Fix_LANGUAGE", __("Automatically Fix SELECTED Files Now",'gotmls'));
104
+
105
+ if (!defined("ABSPATH")) {
106
+ define("ABSPATH", dirname(dirname(__FILE__)).'/safe-load/');
107
+ $root_path = dirname(ABSPATH);
108
+ while (strlen($root_path) > 1 && !is_file($root_path."/wp-config.php"))
109
+ $root_path = dirname($root_path);
110
+ if (is_file($root_path."/wp-config.php"))
111
+ include_once($root_path."/wp-config.php");
112
+ else
113
+ die("No wp-config!");
114
+ }
115
+
116
+ function GOTMLS_update_option($index, $value = array()) {
117
+ return update_option('GOTMLS_'.$index.'_blob', GOTMLS_encode(serialize($value)));
118
+ }
119
+ function GOTMLS_get_option($index, $value = array()) {
120
+ if (count($tmp = get_option('GOTMLS_'.$index.'_array', array()))) {
121
+ GOTMLS_update_option($index, $tmp);
122
+ delete_option('GOTMLS_'.$index.'_array');
123
+ } else
124
+ $tmp = $value;
125
+ return unserialize(GOTMLS_decode(get_option('GOTMLS_'.$index.'_blob', GOTMLS_encode(serialize($tmp)))));
126
+ }
127
+ $GOTMLS_chmod_file = (0644);
128
+ $GOTMLS_chmod_dir = (0755);
129
+ $GLOBALS["GOTMLS"]["tmp"]["nonce"] = get_option('GOTMLS_nonce_array', array());
130
+ $GLOBALS["GOTMLS"]["tmp"]["settings_array"] = get_option('GOTMLS_settings_array', array());
131
+ $GLOBALS["GOTMLS"]["tmp"]["definitions_array"] = GOTMLS_get_option('definitions', $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]);
132
+ GOTMLS_define("GOTMLS_siteurl", get_option("siteurl", $GLOBALS["GOTMLS"]["tmp"]["protocol"].$SERVER_parts[1].((count($SERVER_parts) > 2 && ($SERVER_parts[2] == '80' || $SERVER_parts[2] == '443'))?"":":".$SERVER_parts[2])."/"));
133
+ $GLOBALS["GOTMLS"]["log"] = get_option('GOTMLS_scan_log/'.(isset($_SERVER["REMOTE_ADDR"])?$_SERVER["REMOTE_ADDR"]:"0.0.0.0").'/'.$GLOBALS["GOTMLS"]["tmp"]["mt"], array());
134
+ if (!(isset($GLOBALS["GOTMLS"]["log"]["settings"]) && is_array($GLOBALS["GOTMLS"]["log"]["settings"])))
135
+ $GLOBALS["GOTMLS"]["log"]["settings"] = $GLOBALS["GOTMLS"]["tmp"]["settings_array"];
136
+
137
+ GOTMLS_define("GOTMLS_installation_key", md5(GOTMLS_siteurl));
138
+ GOTMLS_define("GOTMLS_update_home", "//updates.gotmls.net/".GOTMLS_installation_key."/");
139
+
140
+ if (!function_exists("GOTMLS_Invalid_Nonce")) {
141
+ function GOTMLS_Invalid_Nonce($pre = "//Error: ") {
142
+ return $pre.__("Invalid or expired Nonce Token!",'gotmls').(isset($_REQUEST["GOTMLS_mt"])?(htmlspecialchars($_REQUEST["GOTMLS_mt"]).((strlen($_REQUEST["GOTMLS_mt"]) == 32)?(isset($GLOBALS["GOTMLS"]["tmp"]["nonce"][$_REQUEST["GOTMLS_mt"]])?$GLOBALS["GOTMLS"]["tmp"]["nonce"][$_REQUEST["GOTMLS_mt"]]:" !found"):" !len(".strlen($_REQUEST["GOTMLS_mt"]).")")):" GOTMLS_mt !set");
143
+ }}
144
+
145
+ if (!function_exists("GOTMLS_set_nonce")) {
146
+ function GOTMLS_set_nonce($context = "NULL") {
147
+ $hour = round(($GLOBALS["GOTMLS"]["tmp"]["mt"]/60)/60);
148
+ $transient_name = md5(GOTMLS_installation_key.GOTMLS_plugin_path.$hour);
149
+ foreach ($GLOBALS["GOTMLS"]["tmp"]["nonce"] as $nonce_key => $nonce_value)
150
+ if (($nonce_value + 24) < $hour)
151
+ unset($GLOBALS["GOTMLS"]["tmp"]["nonce"][$nonce_key]);
152
+ if (!isset($GLOBALS["GOTMLS"]["tmp"]["nonce"][$transient_name])) {
153
+ $GLOBALS["GOTMLS"]["tmp"]["nonce"][$transient_name] = $hour;
154
+ if (!update_option('GOTMLS_nonce_array', $GLOBALS["GOTMLS"]["tmp"]["nonce"]))
155
+ return ("$context=DB-err:".preg_replace('/[\r\n]+/', " ", htmlspecialchars(print_r($GLOBALS["GOTMLS"]["tmp"]["nonce"],1).$wpdb->last_error)));
156
+ }
157
+ return 'GOTMLS_mt='.$transient_name;
158
+ }}
159
+
160
+ if (!function_exists("GOTMLS_get_nonce")) {
161
+ function GOTMLS_get_nonce() {
162
+ if (isset($_REQUEST["GOTMLS_mt"])) {
163
+ if (is_array($_REQUEST["GOTMLS_mt"])) {
164
+ foreach ($_REQUEST["GOTMLS_mt"] as $_REQUEST_GOTMLS_mt)
165
+ if (strlen($_REQUEST_GOTMLS_mt) == 32 && isset($GLOBALS["GOTMLS"]["tmp"]["nonce"][$_REQUEST_GOTMLS_mt]))
166
+ return $GLOBALS["GOTMLS"]["tmp"]["nonce"][$_REQUEST_GOTMLS_mt];
167
+ return 0;
168
+ } elseif (strlen($_REQUEST["GOTMLS_mt"]) == 32 && isset($GLOBALS["GOTMLS"]["tmp"]["nonce"][$_REQUEST["GOTMLS_mt"]]))
169
+ return $GLOBALS["GOTMLS"]["tmp"]["nonce"][$_REQUEST["GOTMLS_mt"]];
170
+ else
171
+ return "";
172
+ } else
173
+ return false;
174
+ }}
175
+ if (isset($_GET["SESSION"]) && is_numeric($_GET["SESSION"]) && preg_match('|(.*?/gotmls\.js\?SESSION=)|', GOTMLS_script_URI, $match)) {
176
+ header("Content-type: text/javascript");
177
+ if (is_file(GOTMLS_plugin_path."safe-load/session.php"))
178
+ require_once(GOTMLS_plugin_path."safe-load/session.php");
179
+ if (isset($_SESSION["GOTMLS_SESSION_TEST"]))
180
+ die("/* GOTMLS SESSION PASS */\nif('undefined' != typeof stopCheckingSession && stopCheckingSession)\n\tclearTimeout(stopCheckingSession);\nshowhide('GOTMLS_patch_searching', true);\nif (autoUpdateDownloadGIF = document.getElementById('autoUpdateDownload'))\n\tdonationAmount = autoUpdateDownloadGIF.src.replace(/^.+\?/,'');\nif ((autoUpdateDownloadGIF.src == donationAmount) || donationAmount=='0') {\n\tif (patch_searching_div = document.getElementById('GOTMLS_patch_searching')) {\n\t\tif (autoUpdateDownloadGIF.src == donationAmount)\n\t\t\tpatch_searching_div.innerHTML = '<span style=\"color: #F00;\">".__("You must register and donate to use this feature!",'gotmls')."</span>';\n\t\telse\n\t\t\tpatch_searching_div.innerHTML = '<span style=\"color: #F00;\">".__("This feature is available to those who have donated!",'gotmls')."</span>';\n\t}\n} else {\n\tshowhide('GOTMLS_patch_searching');\n\tshowhide('GOTMLS_patch_button', true);\n}\n");
181
+ else {
182
+ $_SESSION["GOTMLS_SESSION_TEST"] = $_GET["SESSION"] + 1;
183
+ if ($_GET["SESSION"] > 0)
184
+ die("/* GOTMLS SESSION FAIL */\nif('undefined' != typeof stopCheckingSession && stopCheckingSession)\n\tclearTimeout(stopCheckingSession);\ndocument.getElementById('GOTMLS_patch_searching').innerHTML = '<div class=\"error\">".__("Your Server could not start a Session!",'gotmls')."</div>';");
185
+ else
186
+ die("/* GOTMLS SESSION TEST */\nif('undefined' != typeof stopCheckingSession && stopCheckingSession)\n\tclearTimeout(stopCheckingSession);\nstopCheckingSession = checkupdateserver('".$match[0].$_SESSION["GOTMLS_SESSION_TEST"]."', 'GOTMLS_patch_searching');");
187
+ }
188
+ } elseif ((isset($_SERVER["DOCUMENT_ROOT"]) && ($SCRIPT_FILE = str_replace($_SERVER["DOCUMENT_ROOT"], "", isset($_SERVER["SCRIPT_FILENAME"])?$_SERVER["SCRIPT_FILENAME"]:isset($_SERVER["SCRIPT_NAME"])?$_SERVER["SCRIPT_NAME"]:"")) && strlen($SCRIPT_FILE) > strlen("/".basename(__FILE__)) && substr(__FILE__, -1 * strlen($SCRIPT_FILE)) == substr($SCRIPT_FILE, -1 * strlen(__FILE__)))) {
189
+ if (isset($_GET["page"]) && $_GET["page"] == "GOTMLS-View-Quarantine" && isset($_REQUEST["GOTMLS_mt"]) && strlen($_REQUEST["GOTMLS_mt"]) == 32 && isset($GLOBALS["GOTMLS"]["tmp"]["nonce"][$_REQUEST["GOTMLS_mt"]])) {
190
+ $return = (print_r( array("nonce"=>$GLOBALS["GOTMLS"]["tmp"]["nonce"][$_REQUEST["GOTMLS_mt"]],"mt"=>($_REQUEST["GOTMLS_mt"])),1));
191
+ try {
192
+ $Q_Paged = '<form method="POST" name="GOTMLS_Form_page"><input type="hidden" id="GOTMLS_paged" name="paged" value="1">';//<div style="float: left;">Page:</div>';
193
+ $Q_Page = '
194
+ <style>
195
+ #found_Quarantine {
196
+ line-height: 1.4em;
197
+ font-size: 13px;
198
+ }
199
+ #GOTMLS-right-sidebar {float: right; margin-right: 0px;}
200
+ span.GOTMLS_date {float: right; width: 135px; white-space: nowrap; font-size: 11px;}
201
+ .GOTMLS_page {float: left; border-radius: 10px; padding: 0 5px;}
202
+ .GOTMLS_quarantine_item {margin: 4px 12px;}
203
+ .rounded-corners {margin: 10px; border-radius: 10px; -moz-border-radius: 10px; -webkit-border-radius: 10px; border: 1px solid #000;}
204
+ .shadowed-box {box-shadow: -3px 3px 3px #666; -moz-box-shadow: -3px 3px 3px #666; -webkit-box-shadow: -3px 3px 3px #666;}
205
+ .sidebar-box {background-color: #CCC;}
206
+ .GOTMLS-scanlog li a {display: none;}
207
+ .GOTMLS-scanlog li:hover a {display: block;}
208
+ .GOTMLS-sidebar-links {list-style: none;}
209
+ .GOTMLS-sidebar-links li img {margin: 3px; height: 16px; vertical-align: middle;}
210
+ .GOTMLS-sidebar-links li {margin-bottom: 0 !important;}
211
+ .popup-box {background-color: #FFC; display: none; position: absolute; left: 0px; z-index: 10;}
212
+ .shadowed-text {text-shadow: #00F -1px 1px 1px;}
213
+ .sub-option {float: left; margin: 3px 5px;}
214
+ .inside p {margin: 10px;}
215
+ .GOTMLS_li, .GOTMLS_plugin li {list-style: none;}
216
+ .GOTMLS_plugin {margin: 5px; background: #cfc; border: 1px solid #0C0; padding: 0 5px; border-radius: 3px;}
217
+ .GOTMLS_plugin.disabled, .GOTMLS_plugin.read-only {background: #9f9; border: 1px solid #0f0;}
218
+ .GOTMLS_plugin.known, .GOTMLS_plugin.backdoor, .GOTMLS_plugin.htaccess, .GOTMLS_plugin.timthumb, .GOTMLS_plugin.errors {background: #f99; border: 1px solid #f00;}
219
+ .GOTMLS_plugin.potential, .GOTMLS_plugin.wp_core, .GOTMLS_plugin.skipdirs, .GOTMLS_plugin.skipped {background: #ffc; border: 1px solid #fc6;}
220
+ .GOTMLS ul li {margin-left: 12px;}
221
+ .GOTMLS h2 {margin: 0 0 10px;}
222
+ .postbox {margin-right: 10px;}
223
+ #pastDonations li {list-style: none;}
224
+ #quarantine_buttons {float: right;}//position: absolute; right: 0px; top: -54px; margin: 0px; padding: 0px;}
225
+ #quarantine_buttons input.button-primary {margin-right: 20px;}
226
+ #main-page-title {
227
+ background: url("//gravatar.com/avatar/5feb789dd3a292d563fea3b885f786d6?s=64") no-repeat scroll 0 0 transparent;
228
+ height: 64px;
229
+ line-height: 58px;
230
+ margin: 10px 0 0 0;
231
+ max-width: 600px;
232
+ padding: 0 110px 0 84px;
233
+ }
234
+ #main-page-title h1 {
235
+ background: url("//gravatar.com/avatar/8151cac22b3fc543d099241fd573d176?s=64") no-repeat scroll top right transparent;
236
+ height: 64px;
237
+ line-height: 32px;
238
+ margin: 0;
239
+ padding: 0 84px 0 0;
240
+ display: table-cell;
241
+ text-align: center;
242
+ vertical-align: middle;
243
+ }
244
+ </style>
245
+ <script type="text/javascript">
246
+ function showhide(id) {
247
+ divx = document.getElementById(id);
248
+ if (divx) {
249
+ if (divx.style.display == "none" || arguments[1]) {
250
+ divx.style.display = "block";
251
+ divx.parentNode.className = (divx.parentNode.className+"close").replace(/close/gi,"");
252
+ return true;
253
+ } else {
254
+ divx.style.display = "none";
255
+ return false;
256
+ }
257
+ }
258
+ }
259
+ function checkAllFiles(check) {
260
+ var checkboxes = new Array();
261
+ checkboxes = document["GOTMLS_Form_clean"].getElementsByTagName("input");
262
+ for (var i=0; i<checkboxes.length; i++)
263
+ if (checkboxes[i].type == "checkbox")
264
+ checkboxes[i].checked = check;
265
+ }
266
+ </script>
267
+ <form method="POST" action="?'.(isset($_SERVER["QUERY_STRING"])&&strlen($_SERVER["QUERY_STRING"])?$_SERVER["QUERY_STRING"]:"page=GOTMLS-View-Quarantine&".GOTMLS_set_nonce(__FUNCTION__."256")).'" target="GOTMLS_iFrame" name="GOTMLS_Form_clean">';
268
+ if (isset($_REQUEST["id"]) && is_numeric($_REQUEST["id"])) {
269
+ $my_query = $wpdb->get_results("SELECT * FROM `{$table_prefix}posts` WHERE `post_type` = 'GOTMLS_quarantine' AND `post_status` = 'private' AND `ID` = ".$_REQUEST["id"], ARRAY_A);
270
+ if (is_array($my_query) && count($my_query) && ($Q_post = $my_query[0]) && isset($Q_post["post_type"]) && $Q_post["post_type"] == "GOTMLS_quarantine" && isset($Q_post["post_status"]) && $Q_post["post_status"] == "private") {
271
+ $clean_file = $Q_post["post_title"];
272
+ $GLOBALS["GOTMLS"]["tmp"]["file_contents"] = GOTMLS_decode($Q_post["post_content"]);
273
+ $fa = "";
274
+ if (isset($Q_post["post_excerpt"]) && strlen($Q_post["post_excerpt"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["threats_found"] = @unserialize(GOTMLS_decode($Q_post["post_excerpt"])))) {
275
+ $f = 1;
276
+ foreach ($GLOBALS["GOTMLS"]["tmp"]["threats_found"] as $threats_found => $threats_name) {
277
+ list($start, $end, $junk) = explode("-", "$threats_found--", 3);
278
+ if (strlen($end) > 0 && is_numeric($start) && is_numeric($end)) {
279
+ if ($start < $end)
280
+ $fa .= ' <a title="'.htmlspecialchars($threats_name).'" href="javascript:select_text_range(\'ta_file\', '.$start.', '.$end.');">['.$f++.']</a>';
281
+ else
282
+ $fa .= ' <a title="'.htmlspecialchars($threats_name).'" href="javascript:select_text_range(\'ta_file\', '.$end.', '.$start.');">['.$f++.']</a>';
283
+ } else {
284
+ if (is_numeric($threats_found)) {
285
+ $threats_found = $threats_name;
286
+ $threats_name = $f;
287
+ }
288
+ $fpos = 0;
289
+ $flen = 0;
290
+ $potential_threat = str_replace("\r", "", $threats_found);
291
+ while (($fpos = strpos(str_replace("\r", "", $GLOBALS["GOTMLS"]["tmp"]["file_contents"]), ($potential_threat), $flen + $fpos)) !== false) {
292
+ $flen = strlen($potential_threat);
293
+ $fa .= ' <a title="'.htmlspecialchars($threats_name).'" href="javascript:select_text_range(\'ta_file\', '.($fpos).', '.($fpos + $flen).');">['.$f++.']</a>';
294
+ }
295
+ }
296
+ }
297
+ }
298
+ die("\n".'<script type="text/javascript">
299
+ function select_text_range(ta_id, start, end) {
300
+ var textBox = document.getElementById(ta_id);
301
+ var scrolledText = "";
302
+ scrolledText = textBox.value.substring(0, end);
303
+ textBox.focus();
304
+ if (textBox.setSelectionRange) {
305
+ scrolledText = textBox.value.substring(end);
306
+ textBox.value = textBox.value.substring(0, end);
307
+ textBox.scrollTop = textBox.scrollHeight;
308
+ textBox.value = textBox.value + scrolledText;
309
+ textBox.setSelectionRange(start, end);
310
+ } else if (textBox.createTextRange) {
311
+ var range = textBox.createTextRange();
312
+ range.collapse(true);
313
+ range.moveStart("character", start);
314
+ range.moveEnd("character", end);
315
+ range.select();
316
+ } else
317
+ alert("The highlighting function does not work in your browser");
318
+ }
319
+ </script><table style="top: 0px; left: 0px; width: 100%; height: 100%; position: absolute;"><tr><td style="width: 100%"><form style="margin: 0;" method="post" action="?'.GOTMLS_set_nonce(__FUNCTION__."1522").'&page=GOTMLS-View-Quarantine" onsubmit="return confirm(\''.__("Are you sure you want to restore this file from the quarantine?",'gotmls').'\');"><input type="hidden" name="id[]" value="'.$Q_post["ID"].'"><input type="submit" value="RESTORE from Quarantine" style="display: none; background-color: #0C0; float: right;"></form><div id="fileperms" class="shadowed-box rounded-corners" style="display: none; position: absolute; left: 8px; top: 29px; background-color: #ccc; border: medium solid #C00; box-shadow: -3px 3px 3px #666; border-radius: 10px; padding: 10px;"><b>File Details</b><br />encoding: '.(function_exists("mb_detect_encoding")?mb_detect_encoding($GLOBALS["GOTMLS"]["tmp"]["file_contents"]):"Unknown").'<br />size: '.strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]).' bytes<br />infected:'.$Q_post["post_modified_gmt"].'<br />quarantined:'.$Q_post["post_date_gmt"].'</div><div style="overflow: auto;"><span onmouseover="document.getElementById(\'fileperms\').style.display=\'block\';" onmouseout="document.getElementById(\'fileperms\').style.display=\'none\';">'.__("File Details:",'gotmls').'</span> ('.$fa.' )</div></td></tr><tr><td style="height: 100%"><textarea id="ta_file" style="width: 100%; height: 100%">'.htmlentities(str_replace("\r", "", $GLOBALS["GOTMLS"]["tmp"]["file_contents"])).'</textarea></td></tr></table>');
320
+ } else
321
+ die('<h3>Item NOT Found in Quarantine</h3>');
322
+ } else {
323
+ $my_query = $wpdb->get_results("SELECT * FROM `{$table_prefix}posts` WHERE `post_type` = 'GOTMLS_quarantine' AND `post_status` = 'private' ORDER BY `post_date_gmt` DESC", ARRAY_A);
324
+ if (is_array($my_query) && count($my_query)) {
325
+ $Q_Page .= '<p id="quarantine_buttons" style="display: none;"><input id="repair_button" type="submit" value="Restore selected files" class="button-primary" style="background-color: #0C0;" onclick="return confirm(\'Are you sure you want to overwrite the previously cleaned files with the selected files in the Quarantine?\'));" /></p><p><b>The following items have been found to contain malicious code, they have been cleaned, and the original infected file contents have been saved here in the Quarantine. The code is safe here and you do not need to do anything further with these files.</b></p>
326
+ <ul name="found_Quarantine" id="found_Quarantine" class="GOTMLS_plugin known" style="background-color: #ccc; padding: 0;"><h3 style="margin: 8px 12px;">'.(count($my_query)>1?'<input type="checkbox" onchange="checkAllFiles(this.checked); document.getElementById(\'quarantine_buttons\').style.display = \'block\';"> '.sprintf(__("Check all %d",'gotmls'),count($my_query)):"").__(" Items in Quarantine",'gotmls').'<span class="GOTMLS_date">'.__("Quarantined",'gotmls').'</span><span class="GOTMLS_date">'.__("Date Infected",'gotmls').'</span></h3>';
327
+ $root_path = implode(GOTMLS_slash(), array_slice(GOTMLS_explode_dir(__FILE__), 0, (2 + intval($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"])) * -1));
328
+ foreach ($my_query as $post_a) {
329
+ $restored = "";
330
+ $image = "blocked";
331
+ if (isset($_REQUEST["id"]) && is_array($_REQUEST["id"]) && in_array($post_a["ID"], $_REQUEST["id"])) {
332
+ $restored = " read-only disabled";
333
+ if (GOTMLS_file_put_contents($post_a["post_title"], GOTMLS_decode($post_a["post_content"]))) {
334
+ $post_a["post_modified_gmt"] = date("Y-m-d H:i:s");
335
+ $image = "checked";
336
+ $wpdb->query("UPDATE `{$table_prefix}posts` SET `post_status` = 'pending' WHERE `post_type` = 'GOTMLS_quarantine' AND `post_status` = 'private' AND `ID` = ".$post_a["ID"]);
337
+ }
338
+ }
339
+ $Q_Page .= '
340
+ <li id="GOTMLS_quarantine_'.$post_a["ID"].'" class="GOTMLS_quarantine_item"><span class="GOTMLS_date">'.$post_a["post_date_gmt"].'</span><span class="GOTMLS_date">'.$post_a["post_modified_gmt"].'</span><input'.$restored.' type="checkbox" name="id[]" value="'.$post_a["ID"].'" id="check_'.$post_a["ID"].'" onchange="document.getElementById(\'quarantine_buttons\').style.display = \'block\';" /><img src="'.$image.'.gif" height=16 width=16 alt="Q"><a class="GOTMLS_plugin '.$restored.$post_a["ping_status"].'" target="_blank" href="?page=GOTMLS-View-Quarantine&id='.$post_a["ID"].'&'.GOTMLS_set_nonce(__FUNCTION__."191").'" title="View Quarantined File">'.str_replace($root_path, "...", $post_a["post_title"])."</a></li>\n";
341
+ }
342
+ $Q_Page .= "\n</ul>";
343
+ for ($p = 1; $p <= 0; $p++) {
344
+ $Q_Paged .= '<input class="GOTMLS_page" type="submit" value="'.$p.'"'.((isset($_POST["paged"]) && $_POST["paged"] == $p) || (!isset($_POST["paged"]) && 1 == $p)?" DISABLED":"").' onclick="document.getElementById(\'GOTMLS_paged\').value = \''.$p.'\';">';
345
+ }
346
+ } else
347
+ $Q_Page .= '<h3>'.__("No Items in Quarantine",'gotmls').'</h3>';
348
+ $return = "$Q_Paged\n</form><br style=\"clear: left;\" />\n$Q_Page\n</form>\n$Q_Paged\n</form><br style=\"clear: left;\" />\n";
349
+ die("$return");
350
+ }
351
+ } catch (Exception $e) {
352
+ die('Caught exception: '. $e->getMessage(). "\n");
353
+ }
354
+ } else {
355
+ header("Content-type: image/gif");
356
+ $img_src = GOTMLS_local_images_path.'GOTMLS-16x16.gif';
357
+ if (!(file_exists($img_src) && $img_bin = @file_get_contents($img_src)))
358
+ $img_bin = GOTMLS_decode('R=lGODlhEAAQAIABAAAAAP___yH5BAEAAAEALAAAAAAQABAAAAIshB=Qm-eo2HuJNWdrjlFm3S2hKB7kViKaxZmr98YgSo_jzH6tiU=974MADwUAOw2');
359
+ die($img_bin);
360
+ }
361
+ } elseif (isset($_GET["no_error_reporting"]))
362
+ @error_reporting(0);
363
+
364
+ if (function_exists("plugins_url"))
365
+ GOTMLS_define("GOTMLS_images_path", plugins_url('/', __FILE__));
366
+ elseif (function_exists("plugin_dir_url"))
367
+ GOTMLS_define("GOTMLS_images_path", plugin_dir_url(__FILE__));
368
+ elseif (isset($_SERVER["DOCUMENT_ROOT"]) && ($_SERVER["DOCUMENT_ROOT"]) && strlen($_SERVER["DOCUMENT_ROOT"]) < __FILE__ && substr(__FILE__, 0, strlen($_SERVER["DOCUMENT_ROOT"])) == $_SERVER["DOCUMENT_ROOT"])
369
+ GOTMLS_define("GOTMLS_images_path", substr(dirname(__FILE__), strlen($_SERVER["DOCUMENT_ROOT"])));
370
+ elseif (isset($_SERVER["SCRIPT_FILENAME"]) && isset($_SERVER["DOCUMENT_ROOT"]) && ($_SERVER["DOCUMENT_ROOT"]) && strlen($_SERVER["DOCUMENT_ROOT"]) < strlen($_SERVER["SCRIPT_FILENAME"]) && substr($_SERVER["SCRIPT_FILENAME"], 0, strlen($_SERVER["DOCUMENT_ROOT"])) == $_SERVER["DOCUMENT_ROOT"])
371
+ GOTMLS_define("GOTMLS_images_path", substr(dirname($_SERVER["SCRIPT_FILENAME"]), strlen($_SERVER["DOCUMENT_ROOT"])));
372
+ else
373
+ GOTMLS_define("GOTMLS_images_path", "/wp-content/plugins/update/images/");
374
+
375
+ $GOTMLS_image_alt = array("wait"=>"...", "checked"=>"&#x2714;", "blocked"=>"X", "question"=>"?", "threat"=>"!");
376
+ $GOTMLS_dir_at_depth = array();
377
+ $GOTMLS_dirs_at_depth = array();
378
+ $GLOBAL_STRING = array("REQUEST" => "&","SERVER" => "&","FILES" => "&");
379
+ if (isset($_REQUEST) && is_array($_REQUEST))
380
+ foreach ($_REQUEST as $req => $val)
381
+ $GLOBAL_STRING["REQUEST"] .= "$req=".(is_array($val)?print_r($val,1):$val)."&";
382
+ if (isset($_SERVER) && is_array($_SERVER))
383
+ foreach ($_SERVER as $req => $val)
384
+ $GLOBAL_STRING["SERVER"] .= "$req=".(is_array($val)?print_r($val,1):$val)."&";
385
+ if (isset($_FILES) && is_array($_FILES))
386
+ foreach ($_FILES as $req => $fila)
387
+ foreach (array("tmp_name","name") as $val)
388
+ if (isset($fila["$val"]))
389
+ $GLOBAL_STRING["FILES"] .= "$req.$val=".(is_array($fila["$val"])?print_r($fila["$val"],1):$fila["$val"])."&";
390
+ if (!(isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["firewall"]) && array($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["firewall"])))
391
+ $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["firewall"] = array(
392
+ "RevSlider"=>array("CCIGG", "Revolution Slider Exploit Protection", "This protection is automatically activated because of the widespread attacks on WordPress that have affected so many sites. It is still recommended that you make sure to upgrade any older versions of the Revolution Slider plugin, especially those included in themes that will not update automatically. Even if you don't think you have Revolution Slider on your site it doen't hurt to have this protection enabled.", "SERVER", '/\/admin-ajax\.php/i', "REQUEST", '/\&img=[^\&]*(?<!\.'.implode(')(?<!\.', array_slice($GLOBALS["GOTMLS"]["tmp"]["skip_ext"], 0, 10)).')\&/i'),
393
+ "Traversal"=>array("CCIGG", "Directory Traversal Protection", "This protection is automatically activated because this type of attack is quite common. This protection can prevent hackers from accessing secure files in parent directories (or user's folders outside the site_root).", "REQUEST", '/=[\s\/]*\.\.\//'),
394
+ "UploadPHP"=>array("CCIGG", "Upload PHP File Protection", "This protection is automatically activated because this type of attack is extremely dangerous. This protection can prevent hackers from uploading malicious code via web scripts.", "FILES", '/name=[^\&]*\.php\&/')
395
+ );
396
+ foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["firewall"] as $TP => $VA) {
397
+ $V = 3;
398
+ if (is_array($VA) && count($VA) > $V && is_array($VA[$V])) {
399
+ foreach ($VA[$V] as $reg => $arr) {
400
+ $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["firewall"]["$TP"][$V++] = $arr;
401
+ $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["firewall"]["$TP"][$V++] = $reg;
402
+ }
403
+ }
404
+ if (!(isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["firewall"]["$TP"]) && $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["firewall"]["$TP"])) {
405
+ $GLOBALS["GOTMLS"]["detected_attacks"] = "&attack[]=FW_$TP";
406
+ for ($V = 4; isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["firewall"]["$TP"][$V]); $V+=2)
407
+ if (!isset($GLOBAL_STRING[$GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["firewall"]["$TP"][$V-1]]))
408
+ die($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["firewall"]["$TP"][$V-1]." [$V] not in <pre>".htmlspecialchars(print_r($GLOBAL_STRING,1))."</pre>");
409
+ elseif (!preg_match($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["firewall"]["$TP"][$V], $GLOBAL_STRING[$GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["firewall"]["$TP"][$V-1]], $matches))
410
+ $GLOBALS["GOTMLS"]["detected_attacks"] = "";
411
+ if ($GLOBALS["GOTMLS"]["detected_attacks"])
412
+ include(dirname(dirname(__FILE__))."/safe-load/index.php");
413
+ }
414
+ }
415
+ $GLOBALS["GOTMLS"]["detected_attacks"] = "";
416
+ if (!(isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"]) && count($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"]) == 4))
417
+ $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"] = $GLOBALS["GOTMLS"]["tmp"]["default"]["msg_position"];
418
+ if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_what"]))
419
+ $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_what"] = 2;
420
+ if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_depth"]))
421
+ $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_depth"] = -1;
422
+ if (!(isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"])))
423
+ $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"] = $GLOBALS["GOTMLS"]["tmp"]["skip_ext"];
424
+ if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check_custom"]))
425
+ $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check_custom"] = "";
426
+ if (!(isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_dir"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_dir"])))
427
+ $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_dir"] = array();
428
+ $GOTMLS_total_percent = 0;
429
+ function GOTMLS_admin_notices() {
430
+ if (!is_admin())
431
+ return;
432
+ elseif ($GLOBALS["GOTMLS"]["tmp"]["HeadersError"])
433
+ echo $GLOBALS["GOTMLS"]["tmp"]["HeadersError"];
434
+ }
435
+
436
+ function GOTMLS_array_recurse($array1, $array2) {
437
+ foreach ($array2 as $key => $value) {
438
+ if (!isset($array1[$key]) || (isset($array1[$key]) && !is_array($array1[$key])))
439
+ $array1[$key] = array();
440
+ if (is_array($value))
441
+ $value = GOTMLS_array_recurse($array1[$key], $value);
442
+ $array1[$key] = $value;
443
+ }
444
+ return $array1;
445
+ }
446
+
447
+ function GOTMLS_array_replace($array1, $array2) {
448
+ foreach ($array2 as $key => $value)
449
+ $array1[$key] = $value;
450
+ return $array1;
451
+ }
452
+
453
+ function GOTMLS_array_replace_recursive($array1 = array()) {
454
+ $args = func_get_args();
455
+ $array1 = $args[0];
456
+ if (!is_array($array1))
457
+ $array1 = array();
458
+ for ($i = 1; $i < count($args); $i++)
459
+ if (is_array($args[$i]))
460
+ $array1 = GOTMLS_array_recurse($array1, $args[$i]);
461
+ return $array1;
462
+ }
463
+
464
+ function GOTMLS_update_scan_log($scan_log) {
465
+ if (is_array($scan_log)) {
466
+ $GLOBALS["GOTMLS"]["log"] = GOTMLS_array_replace_recursive($GLOBALS["GOTMLS"]["log"], $scan_log);
467
+ if (isset($GLOBALS["GOTMLS"]["log"]["scan"]["percent"]) && is_numeric($GLOBALS["GOTMLS"]["log"]["scan"]["percent"]) && ($GLOBALS["GOTMLS"]["log"]["scan"]["percent"] >= 100))
468
+ $GLOBALS["GOTMLS"]["log"]["scan"]["finish"] = time();
469
+ if (isset($GLOBALS["GOTMLS"]["log"]["scan"]))
470
+ update_option("GOTMLS_scan_log/".(isset($_SERVER["REMOTE_ADDR"])?$_SERVER["REMOTE_ADDR"]:"0.0.0.0")."/".$GLOBALS["GOTMLS"]["tmp"]["mt"], $GLOBALS["GOTMLS"]["log"]);
471
+ }
472
+ }
473
+
474
+ function GOTMLS_loaded() {
475
+ if (headers_sent($filename, $linenum)) {
476
+ if (!$filename)
477
+ $filename = __("an unknown file",'gotmls');
478
+ if (!is_numeric($linenum))
479
+ $linenum = __("unknown",'gotmls');
480
+ $GLOBALS["GOTMLS"]["tmp"]["HeadersError"] = '<div class="error">'.sprintf(__('<b>Headers already sent</b> in %1$s on line %2$s.<br />This is not a good sign, it may just be a poorly written plugin but Headers should not have been sent at this point.<br />Check the code in the above mentioned file to fix this problem.','gotmls'), $filename, $linenum).'</div>';
481
+ } elseif (isset($_GET["SESSION"]) && !session_id()) {
482
+ @session_start();
483
+ if (session_id() && $_GET["SESSION"] == "GOTMLS_debug" && !isset($_SESSION["GOTMLS_debug"]))
484
+ $_SESSION["GOTMLS_debug"]=array();
485
+ }
486
+ }
487
+
488
+ if (!function_exists("add_action")) {
489
+ GOTMLS_loaded();
490
+ // GOTMLS_admin_notices();
491
+ }
492
+
493
+ function GOTMLS_fileperms($file) {
494
+ if ($prm = @fileperms($file)) {
495
+ if (($prm & 0xC000) == 0xC000)
496
+ $ret = "s";
497
+ elseif (($prm & 0xA000) == 0xA000)
498
+ $ret = "l";
499
+ elseif (($prm & 0x8000) == 0x8000)
500
+ $ret = "-";
501
+ elseif (($prm & 0x6000) == 0x6000)
502
+ $ret = "b";
503
+ elseif (($prm & 0x4000) == 0x4000)
504
+ $ret = "d";
505
+ elseif (($prm & 0x2000) == 0x2000)
506
+ $ret = "c";
507
+ elseif (($prm & 0x1000) == 0x1000)
508
+ $ret = "p";
509
+ else
510
+ $ret = "u";
511
+ $ret .= (($prm & 0x0100)?"r":"-").(($prm & 0x0080)?"w":"-");
512
+ $ret .= (($prm & 0x0040)?(($prm & 0x0800)?"s":"x" ):(($prm & 0x0800)?"S":"-"));
513
+ $ret .= (($prm & 0x0020)?"r":"-").(($prm & 0x0010)?"w":"-");
514
+ $ret .= (($prm & 0x0008)?(($prm & 0x0400)?"s":"x" ):(($prm & 0x0400)?"S":"-"));
515
+ $ret .= (($prm & 0x0004)?"r":"-").(($prm & 0x0002)?"w":"-");
516
+ $ret .= (($prm & 0x0001)?(($prm & 0x0200)?"t":"x" ):(($prm & 0x0200)?"T":"-"));
517
+ return $ret;
518
+ } else
519
+ return "stat failed!";
520
+ }
521
+
522
+ function GOTMLS_get_ext($filename) {
523
+ $nameparts = explode(".", ".$filename");
524
+ return strtolower($nameparts[(count($nameparts)-1)]);
525
+ }
526
+
527
+ function GOTMLS_preg_match_all($threat_definition, $threat_name) {
528
+ if (@preg_match_all($threat_definition, $GLOBALS["GOTMLS"]["tmp"]["file_contents"], $threats_found)) {
529
+ $start = -1;
530
+ foreach ($threats_found[0] as $find) {
531
+ $potential_threat = str_replace("\r", "", $find);
532
+ $flen = strlen($potential_threat);
533
+ while (($start = strpos(str_replace("\r", "", $GLOBALS["GOTMLS"]["tmp"]["file_contents"]), $potential_threat, $start+1)) !== false)
534
+ $GLOBALS["GOTMLS"]["tmp"]["threats_found"]["$start-".($flen+$start)] = "$threat_name";
535
+ $GLOBALS["GOTMLS"]["tmp"]["new_contents"] = str_replace($find, "", $GLOBALS["GOTMLS"]["tmp"]["new_contents"]);
536
+ }
537
+ return count($GLOBALS["GOTMLS"]["tmp"]["threats_found"]);
538
+ } else
539
+ return false;
540
+ }
541
+
542
+ function GOTMLS_check_threat($check_threats, $file='UNKNOWN') {
543
+ global $wp_version;
544
+ $GLOBALS["GOTMLS"]["tmp"]["threats_found"] = array();
545
+ $GLOBALS["GOTMLS"]["log"]["scan"]["last_threat"] = microtime(true);
546
+ if (is_array($check_threats)) {
547
+ $path = str_replace("//", "/", "/".str_replace("\\", "/", substr($file, strlen(ABSPATH))));
548
+ if (substr($file, 0, strlen(ABSPATH)) == ABSPATH && isset($check_threats["$wp_version"]["$path"])) {
549
+ if (($check_threats["$wp_version"]["$path"] != md5($GLOBALS["GOTMLS"]["tmp"]["file_contents"])."O".strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"])) && ($source = GOTMLS_get_URL("http://core.svn.wordpress.org/tags/$wp_version$path")) && ($check_threats["$wp_version"]["$path"] == md5($source)."O".strlen($source))) {
550
+ $GLOBALS["GOTMLS"]["tmp"]["new_contents"] = $source;
551
+ $len = strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]);
552
+ if (strlen($source) < $len)
553
+ $len = strlen($source);
554
+ for ($start = 0, $end = 0; ($start == 0 || $end == 0) && $len > 0; $len--){
555
+ if ($start == 0 && substr($source, 0, $len) == substr($GLOBALS["GOTMLS"]["tmp"]["file_contents"], 0, $len))
556
+ $start = $len;
557
+ if ($end == 0 && substr($source, -1 * $len) == substr($GLOBALS["GOTMLS"]["tmp"]["file_contents"], -1 * $len))
558
+ $end = $len;
559
+ }
560
+ $GLOBALS["GOTMLS"]["tmp"]["threats_found"]["$start-".(strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"])-$end)] = "Core File Modified";
561
+ }
562
+ } else {
563
+ foreach ($check_threats as $threat_name=>$threat_definitions) {
564
+ $GLOBALS["GOTMLS"]["log"]["scan"]["last_threat"] = microtime(true);
565
+ if (is_array($threat_definitions) && count($threat_definitions) > 1 && strlen(array_shift($threat_definitions)) == 5 && (!(isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"]) && in_array($threat_name, $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"]))))
566
+ while ($threat_definition = array_shift($threat_definitions))
567
+ GOTMLS_preg_match_all($threat_definition, $threat_name);
568
+ if (isset($_SESSION["GOTMLS_debug"])) {
569
+ $_SESSION["GOTMLS_debug"]["threat_name"] = $threat_name;
570
+ $file_time = round(microtime(true) - $GLOBALS["GOTMLS"]["log"]["scan"]["last_threat"], 5);
571
+ if (isset($_GET["GOTMLS_debug"]) && is_numeric($_GET["GOTMLS_debug"]) && $file_time > $_GET["GOTMLS_debug"])
572
+ echo "\n//GOTMLS_debug $file_time $threat_name $file\n";
573
+ if (isset($_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["total"]))
574
+ $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["total"] += $file_time;
575
+ else
576
+ $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["total"] = $file_time;
577
+ if (isset($_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["count"]))
578
+ $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["count"] ++;
579
+ else
580
+ $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["count"] = 1;
581
+ if (!isset($_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["least"]) || $file_time < $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["least"])
582
+ $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["least"] = $file_time;
583
+ if (!isset($_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["most"]) || $file_time > $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["most"])
584
+ $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["most"] = $file_time;
585
+ }
586
+ }
587
+ }
588
+ } elseif (strlen($check_threats) && isset($_GET['eli']) && substr($check_threats, 0, 1) == '/')
589
+ GOTMLS_preg_match_all($check_threats, $check_threats);
590
+ if (isset($_SESSION["GOTMLS_debug"])) {
591
+ $file_time = round(microtime(true) - $GLOBALS["GOTMLS"]["log"]["scan"]["last_threat"], 5);
592
+ if (isset($_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_level"]]["total"]))
593
+ $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_level"]]["total"] += $file_time;
594
+ else
595
+ $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_level"]]["total"] = $file_time;
596
+ if (isset($_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_level"]]["count"]))
597
+ $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_level"]]["count"] ++;
598
+ else
599
+ $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_level"]]["count"] = 1;
600
+ if (!isset($_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_level"]]["least"]) || $file_time < $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_level"]]["least"])
601
+ $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_level"]]["least"] = $file_time;
602
+ if (!isset($_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_level"]]["most"]) || $file_time > $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_level"]]["most"])
603
+ $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_level"]]["most"] = $file_time;
604
+ }
605
+ return count($GLOBALS["GOTMLS"]["tmp"]["threats_found"]);
606
+ }
607
+
608
+ function GOTMLS_scanfile($file) {
609
+ global $wp_version, $wpdb, $GOTMLS_chmod_file, $GOTMLS_chmod_dir;
610
+ $GLOBALS["GOTMLS"]["tmp"]["debug_fix"]="Scanning...";
611
+ $GLOBALS["GOTMLS"]["tmp"]["threats_found"] = array();
612
+ $gt = ">";
613
+ $lt = "<";
614
+ $found = false;
615
+ $threat_link = "";
616
+ $className = "scanned";
617
+ $real_file = realpath($file);
618
+ $clean_file = GOTMLS_encode($real_file);
619
+ if (is_file($real_file) && ($filesize = filesize($real_file)) && ($GLOBALS["GOTMLS"]["tmp"]["file_contents"] = @file_get_contents($real_file))) {
620
+ if (isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]["$wp_version"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]["$wp_version"]))
621
+ $whitelist = array_flip($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]["$wp_version"]);
622
+ else
623
+ $whitelist = array();
624
+ if (isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"])) {
625
+ foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"] as $whitelist_file=>$non_threats) {
626
+ if (is_array($non_threats) && count($non_threats) > 1) {
627
+ if (isset($non_threats[0]))
628
+ unset($non_threats[0]);
629
+ $whitelist = array_merge($whitelist, $non_threats);
630
+ }
631
+ }
632
+ }
633
+ if (isset($whitelist[md5($GLOBALS["GOTMLS"]["tmp"]["file_contents"]).'O'.$filesize]))
634
+ return GOTMLS_return_threat($className, "checked.gif?$className", $file, $threat_link);
635
+ $GLOBALS["GOTMLS"]["tmp"]["new_contents"] = $GLOBALS["GOTMLS"]["tmp"]["file_contents"];
636
+ if (isset($GLOBALS["GOTMLS"]["log"]["settings"]["check_custom"]) && strlen($GLOBALS["GOTMLS"]["log"]["settings"]["check_custom"]) && isset($_GET['eli']) && substr($GLOBALS["GOTMLS"]["log"]["settings"]["check_custom"], 0, 1) == '/' && ($found = GOTMLS_check_threat($GLOBALS["GOTMLS"]["log"]["settings"]["check_custom"])))
637
+ $className = "known";
638
+ else {
639
+ $path = str_replace("//", "/", "/".str_replace("\\", "/", substr($file, strlen(ABSPATH))));
640
+ if (isset($_SESSION["GOTMLS_debug"])) {
641
+ $_SESSION["GOTMLS_debug"]["file"] = $file;
642
+ $_SESSION["GOTMLS_debug"]["last"]["total"] = microtime(true);
643
+ }
644
+ if (isset($GLOBALS["GOTMLS"]["tmp"]["threat_levels"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["threat_levels"])) {
645
+ foreach ($GLOBALS["GOTMLS"]["tmp"]["threat_levels"] as $threat_level) {
646
+ if (isset($_SESSION["GOTMLS_debug"])) {
647
+ $_SESSION["GOTMLS_debug"]["threat_level"] = $threat_level;
648
+ $_SESSION["GOTMLS_debug"]["last"]["threat_level"] = microtime(true);
649
+ }
650
+ if (in_array($threat_level, $GLOBALS["GOTMLS"]["log"]["settings"]["check"]) && !$found && isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"][$threat_level]) && ($threat_level != "wp_core" || (substr($file, 0, strlen(ABSPATH)) == ABSPATH && isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]["$wp_version"]["$path"]))) && (!array_key_exists($threat_level, $GLOBALS["GOTMLS"]["tmp"]["threat_files"]) || (substr($file."e", (-1 * strlen($GLOBALS["GOTMLS"]["tmp"]["threat_files"][$threat_level]."e"))) == $GLOBALS["GOTMLS"]["tmp"]["threat_files"][$threat_level]."e")) && ($found = GOTMLS_check_threat($GLOBALS["GOTMLS"]["tmp"]["definitions_array"][$threat_level],$file)))
651
+ $className = $threat_level;
652
+ }
653
+ }
654
+ if (isset($_SESSION["GOTMLS_debug"])) {
655
+ $file_time = round(microtime(true) - $_SESSION["GOTMLS_debug"]["last"]["total"], 5);
656
+ if (isset($_SESSION["GOTMLS_debug"]["total"]["total"]))
657
+ $_SESSION["GOTMLS_debug"]["total"]["total"] += $file_time;
658
+ else
659
+ $_SESSION["GOTMLS_debug"]["total"]["total"] = $file_time;
660
+ if (isset($_SESSION["GOTMLS_debug"]["total"]["count"]))
661
+ $_SESSION["GOTMLS_debug"]["total"]["count"] ++;
662
+ else
663
+ $_SESSION["GOTMLS_debug"]["total"]["count"] = 1;
664
+ if (!isset($_SESSION["GOTMLS_debug"]["total"]["least"]) || $file_time < $_SESSION["GOTMLS_debug"]["total"]["least"])
665
+ $_SESSION["GOTMLS_debug"]["total"]["least"] = $file_time;
666
+ if (!isset($_SESSION["GOTMLS_debug"]["total"]["most"]) || $file_time > $_SESSION["GOTMLS_debug"]["total"]["most"])
667
+ $_SESSION["GOTMLS_debug"]["total"]["most"] = $file_time;
668
+ }
669
+ }
670
+ } else {
671
+ $GLOBALS["GOTMLS"]["tmp"]["file_contents"] = (is_file($real_file)?(is_readable($real_file)?(filesize($real_file)?__("Failed to read file contents!",'gotmls'):__("Empty file!",'gotmls')):(isset($_GET["eli"])?(@chmod($real_file, $GOTMLS_chmod_file)?__("Fixed file permissions! (try again)",'gotmls'):__("File permissions read-only!",'gotmls')):__("File not readable!",'gotmls'))):__("File does not exist!",'gotmls'));
672
+ // $threat_link = GOTMLS_error_link($GLOBALS["GOTMLS"]["tmp"]["file_contents"], $real_file);
673
+ $className = "errors";
674
+ }
675
+ if (count($GLOBALS["GOTMLS"]["tmp"]["threats_found"])) {
676
+ $threat_link = $lt.'a target="GOTMLS_iFrame" href="'.admin_url('admin-ajax.php?action=GOTMLS_scan&'.GOTMLS_set_nonce(__FUNCTION__."431").'&mt='.$GLOBALS["GOTMLS"]["tmp"]["mt"].'&GOTMLS_scan='.$clean_file.preg_replace('/\&(GOTMLS_scan|mt|GOTMLS_mt|action)=/', '&last_\1=', isset($_SERVER["QUERY_STRING"])&&strlen($_SERVER["QUERY_STRING"])?"&".$_SERVER["QUERY_STRING"]:"")).'" id="list_'.$clean_file.'" onclick="loadIframe(\''.str_replace("\"", "&quot;", $lt.'div style="float: left; white-space: nowrap;"'.$gt.__("Examine File",'gotmls').' ... '.$lt.'/div'.$gt.$lt.'div style="overflow: hidden; position: relative; height: 20px;"'.$gt.$lt.'div style="position: absolute; right: 0px; text-align: right; width: 9000px;"'.$gt.htmlspecialchars(GOTMLS_strip4java($file), ENT_NOQUOTES)).$lt.'/div'.$gt.$lt.'/div'.$gt.'\');" class="GOTMLS_plugin"'.$gt;
677
+ if ($className == "errors") {
678
+ $GLOBALS["GOTMLS"]["tmp"]["debug_fix"]="errors";
679
+ $threat_link = GOTMLS_error_link($GLOBALS["GOTMLS"]["tmp"]["file_contents"], $file);
680
+ $imageFile = "/blocked";
681
+ } elseif ($className != "potential") {
682
+ if (isset($_POST["GOTMLS_fix"]) && is_array($_POST["GOTMLS_fix"]) && in_array($clean_file, $_POST["GOTMLS_fix"])) {
683
+ $GLOBALS["GOTMLS"]["tmp"]["debug_fix"]="GOTMLS_fix";
684
+ if (GOTMLS_get_nonce()) {
685
+ if ($className == "timthumb") {
686
+ if (($source = GOTMLS_get_URL("http://$className.googlecode.com/svn/trunk/$className.php")) && strlen($source) > 500)
687
+ $GLOBALS["GOTMLS"]["tmp"]["new_contents"] = $source;
688
+ else
689
+ $GLOBALS["GOTMLS"]["tmp"]["file_contents"] = "";
690
+ } elseif ($className == 'wp_core') {
691
+ $path = str_replace("//", "/", "/".str_replace("\\", "/", substr($file, strlen(ABSPATH))));
692
+ if (substr($file, 0, strlen(ABSPATH)) == ABSPATH && isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]["$wp_version"]["$path"]) && ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]["$wp_version"]["$path"] != md5($GLOBALS["GOTMLS"]["tmp"]["file_contents"])."O".strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"])) && ($source = GOTMLS_get_URL("http://core.svn.wordpress.org/tags/$wp_version$path")) && ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]["$wp_version"]["$path"] == md5($source)."O".strlen($source)))
693
+ $GLOBALS["GOTMLS"]["tmp"]["new_contents"] = $source;
694
+ else
695
+ $GLOBALS["GOTMLS"]["tmp"]["file_contents"] = "";
696
+ } else {
697
+ $GOTMLS_no_contents = trim(preg_replace('/\/\*.*?\*\/\s*/s', "", $GLOBALS["GOTMLS"]["tmp"]["new_contents"]));
698
+ $GOTMLS_no_contents = trim(preg_replace('/\n\s*\/\/.*/', "", $GOTMLS_no_contents));
699
+ $GOTMLS_no_contents = trim(preg_replace('/'.$lt.'\?(php)?\s*(\?'.$gt.'|$)/is', "", $GOTMLS_no_contents));
700
+ if (strlen($GOTMLS_no_contents))
701
+ $GLOBALS["GOTMLS"]["tmp"]["new_contents"] = trim(preg_replace('/'.$lt.'\?(php)?\s*(\?'.$gt.'|$)/is', "", $GLOBALS["GOTMLS"]["tmp"]["new_contents"]));
702
+ else
703
+ $GLOBALS["GOTMLS"]["tmp"]["new_contents"] = "";
704
+ }
705
+ if (strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]) > 0 && (($Q_post = GOTMLS_write_quarantine($file, $className)) !== false) && ((strlen($GLOBALS["GOTMLS"]["tmp"]["new_contents"])==0 && isset($_GET["eli"]) && @unlink($file)) || (($Write_File = GOTMLS_file_put_contents($file, $GLOBALS["GOTMLS"]["tmp"]["new_contents"])) !== false))) {
706
+ echo __("Success!",'gotmls');
707
+ return "/*--{$gt}*"."/\nfixedFile('$clean_file');\n/*{$lt}!--*"."/";
708
+ } else {
709
+ echo __("Failed:",'gotmls').' '.(strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"])?((is_writable(dirname($file)) && is_writable($file))?(($Q_post===false)?__("failed to quarantine!",'gotmls')." (".$wpdb->last_error.")":((isset($Write_File)&&$Write_File)?"Q=$Q_post: ".__("reason unknown!",'gotmls'):"Q=$Q_post: ".__("failed to write!",'gotmls'))):__("file not writable!",'gotmls')):__("no file contents!",'gotmls'));
710
+ if (isset($_GET["eli"]))
711
+ echo 'uid='.getmyuid().'('.get_current_user().'),gid='.getmygid().($lt.'br'.$gt.$lt.'pre'.$gt.'file_stat'.print_r(stat($file), true));
712
+ return "/*--{$gt}*"."/\nfailedFile('$clean_file');\n/*{$lt}!--*"."/";
713
+ }
714
+ } else {
715
+ echo GOTMLS_Invalid_Nonce(__("Failed: ",'gotmls'));
716
+ return "/*--{$gt}*"."/\nfailedFile('$clean_file');\n/*{$lt}!--*"."/";
717
+ }
718
+ }
719
+ $GLOBALS["GOTMLS"]["tmp"]["debug_fix"]=isset($_POST["GOTMLS_fix"])?"GOTMLS_fix=".htmlspecialchars(print_r($_POST["GOTMLS_fix"],1)):"!potential";
720
+ $threat_link = $lt.'input type="checkbox" name="GOTMLS_fix[]" value="'.$clean_file.'" id="check_'.$clean_file.(($className != "wp_core")?'" checked="'.$className:'').'" /'.$gt.$threat_link;
721
+ $imageFile = "threat";
722
+ } elseif (isset($_POST["GOTMLS_fix"]) && is_array($_POST["GOTMLS_fix"]) && in_array($clean_file, $_POST["GOTMLS_fix"])) {
723
+ echo __("Already Fixed!",'gotmls');
724
+ return "/*-->*"."/\nfixedFile('$clean_file');\n/*<!--*"."/";
725
+ } else
726
+ $imageFile = "question";
727
+ return GOTMLS_return_threat($className, $imageFile, $file, str_replace("GOTMLS_plugin", "GOTMLS_plugin $className", $threat_link));
728
+ } elseif (isset($_POST["GOTMLS_fix"]) && is_array($_POST["GOTMLS_fix"]) && in_array($clean_file, $_POST["GOTMLS_fix"])) {
729
+ $GLOBALS["GOTMLS"]["tmp"]["debug_fix"]="Already Fixed";
730
+ echo __("Already Fixed!",'gotmls');
731
+ return "/*--{$gt}*"."/\nfixedFile('$clean_file');\n/*{$lt}!--*"."/";
732
+ } else {
733
+ $GLOBALS["GOTMLS"]["tmp"]["debug_fix"]="no threat";
734
+ return GOTMLS_return_threat($className, ($className=="scanned"?"checked":"blocked").".gif?$className", $file, $threat_link);
735
+ }
736
+ }
737
+
738
+ function GOTMLS_remove_dots($dir) {
739
+ if ($dir != "." && $dir != "..")
740
+ return $dir;
741
+ }
742
+
743
+ function GOTMLS_getfiles($dir) {
744
+ $files = false;
745
+ if (is_dir($dir)) {
746
+ if (function_exists("scandir"))
747
+ $files = @scandir($dir);
748
+ if (is_array($files))
749
+ $files = array_filter($files, "GOTMLS_remove_dots");
750
+ elseif ($handle = @opendir($dir)) {
751
+ $files = array();
752
+ while (false !== ($entry = readdir($handle)))
753
+ if ($entry != "." && $entry != "..")
754
+ $files[] = "$entry";
755
+ closedir($handle);
756
+ } else
757
+ $files = GOTMLS_read_error($dir);
758
+ }
759
+ return $files;
760
+ }
761
+
762
+ function GOTMLS_decodeBase64($encoded_string) {
763
+ if (function_exists("base64_decode"))
764
+ $unencoded_string = base64_decode($encoded_string);
765
+ elseif (function_exists("mb_convert_encoding"))
766
+ $unencoded_string = mb_convert_encoding($encoded_string, "UTF-8", "BASE64");
767
+ else
768
+ return "Cannot decode: '$encoded_string'";
769
+ return "'".str_replace("'", "\\'", str_replace("\\", "\\\\", $unencoded_string))."'";
770
+ }
771
+
772
+ function GOTMLS_decodeHex($encoded_string) {
773
+ if (strtolower(substr($encoded_string, 0, 2)) == "\\x")
774
+ $dec_string = hexdec($encoded_string);
775
+ else
776
+ $dec_string = octdec($encoded_string);
777
+ return chr($dec_string);
778
+ }
779
+
780
+ function GOTMLS_return_threat($className, $imageFile, $fileName, $link = "") {
781
+ global $GOTMLS_image_alt;
782
+ $fileNameJS = GOTMLS_strip4java(str_replace(dirname($GLOBALS["GOTMLS"]["log"]["scan"]["dir"]), "...", $fileName));
783
+ $fileName64 = GOTMLS_encode($fileName);
784
+ $li_js = "/*-->*"."/";
785
+ if ($className != "scanned")
786
+ $li_js .= "\n$className++;\ndivx=document.getElementById('found_$className');\nif (divx) {\n\tvar newli = document.createElement('li');\n\tnewli.innerHTML='<img src=\"".GOTMLS_strip4java(GOTMLS_images_path.$imageFile).".gif\" height=16 width=16 alt=\"".$GOTMLS_image_alt[$imageFile]."\" style=\"float: left;\" id=\"$imageFile"."_$fileName64\">".GOTMLS_strip4java($link, true).$fileNameJS.($link?"</a>';\n\tdivx.display='block":"")."';\n\tdivx.appendChild(newli);\n}";
787
+ if ($className == "errors")
788
+ $li_js .= "\ndivx=document.getElementById('wait_$fileName64');\nif (divx) {\n\tdivx.src='".GOTMLS_images_path."blocked.gif';\n\tdirerrors++;\n}";
789
+ elseif (is_file($fileName))
790
+ $li_js .= "\nscanned++;\n";
791
+ if ($className == "dir")
792
+ $li_js .= "\ndivx=document.getElementById('wait_$fileName64');\nif (divx)\n\tdivx.src='".GOTMLS_images_path."checked.gif';";
793
+ return $li_js."\n/*<!--*"."/";
794
+ }
795
+
796
+ function GOTMLS_slash($dir = __FILE__) {
797
+ if (substr($dir.' ', 1, 1) == ':' || substr($dir.' ', 0, 1) == "\\")
798
+ return "\\";
799
+ else
800
+ return '/';
801
+ }
802
+
803
+ function GOTMLS_trailingslashit($dir = "") {
804
+ if (substr(' '.$dir, -1) != GOTMLS_slash($dir))
805
+ $dir .= GOTMLS_slash($dir);
806
+ return $dir;
807
+ }
808
+
809
+ function GOTMLS_explode_dir($dir, $pre = '') {
810
+ if (strlen($pre))
811
+ $dir = GOTMLS_slash($dir).$pre.$dir;
812
+ return explode(GOTMLS_slash($dir), $dir);
813
+ }
814
+
815
+ function GOTMLS_html_tags($tags, $inner = array()) {
816
+ $html = "";
817
+ $gt = ">";
818
+ if (!is_array($tags))
819
+ return $html;
820
+ foreach ($tags as $tag => $contents) {
821
+ $html .= ($tag=="html"?"<!DOCTYPE html$gt":"")."<$tag".(isset($inner[$tag])?" ".$inner[$tag]:"").$gt;
822
+ if (is_array($contents))
823
+ $html .= GOTMLS_html_tags($contents, $inner);
824
+ else
825
+ $html .= $contents;
826
+ $html .= "</$tag$gt";
827
+ }
828
+ return $html;
829
+ }
830
+
831
+ function GOTMLS_write_quarantine($file, $className) {
832
+ global $wpdb;
833
+ $insert = array("post_author"=>GOTMLS_get_current_user_id(), "post_content"=>GOTMLS_encode($GLOBALS["GOTMLS"]["tmp"]["file_contents"]), "post_mime_type"=>md5($GLOBALS["GOTMLS"]["tmp"]["file_contents"]), "post_title"=>$file, "ping_status"=>$className, "post_status"=>"private", "post_type"=>"GOTMLS_quarantine", "post_content_filtered"=>GOTMLS_encode($GLOBALS["GOTMLS"]["tmp"]["new_contents"]), "guid"=>GOTMLS_Version);//! comment_status post_password post_name to_ping post_parent menu_order";
834
+ $insert["post_date"] = date("Y-m-d H:i:s");
835
+ $insert["post_date_gmt"] = $insert["post_date"];
836
+ if (is_file($file)) {
837
+ if (@filemtime($file))
838
+ $insert["post_modified"] = date("Y-m-d H:i:s", @filemtime($file));
839
+ else
840
+ $insert["post_modified"] = $insert["post_date"];
841
+ if (@filectime($file))
842
+ $insert["post_modified_gmt"] = date("Y-m-d H:i:s", @filectime($file));
843
+ else
844
+ $insert["post_modified_gmt"] = $insert["post_date"];
845
+ if (!($insert["comment_count"] = @filesize($file)))
846
+ $insert["comment_count"] = strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]);
847
+ }
848
+ if (isset($GLOBALS["GOTMLS"]["tmp"]["threats_found"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["threats_found"])) {
849
+ $insert["post_excerpt"] = GOTMLS_encode(@serialize($GLOBALS["GOTMLS"]["tmp"]["threats_found"]));
850
+ $pinged = array();
851
+ foreach ($GLOBALS["GOTMLS"]["tmp"]["threats_found"] as $loc => $threat_name) {
852
+ if (isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["$className"]["$threat_name"][0]) && isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["$className"]["$threat_name"][1]) && strlen($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["$className"]["$threat_name"][0]) == 5 && strlen($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["$className"]["$threat_name"][1]))
853
+ $ping = $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["$className"]["$threat_name"][1];
854
+ else
855
+ $ping = $threat_name;
856
+ if (isset($pinged[$ping]))
857
+ $pinged[$ping]++;
858
+ else
859
+ $pinged[$ping] = 1;
860
+ }
861
+ $insert["pinged"] = GOTMLS_encode(@serialize($pinged));
862
+ }
863
+ if ($return = $wpdb->insert($wpdb->posts, $insert))
864
+ return $return;
865
+ else
866
+ die(print_r(array('return'=>($return===false)?"FALSE":$return, 'last_error'=>$wpdb->last_error, 'insert'=>$insert),1));
867
+ }
868
+
869
+ function GOTMLS_get_current_user_id() {
870
+ $return = 1;
871
+ if (($current_user = @wp_get_current_user()) && (@$current_user->ID > 1))
872
+ $return = $current_user->ID;
873
+ return $return;
874
+ }
875
+
876
+ function GOTMLS_update_status($status, $percent = -1) {
877
+ if (!(isset($GLOBALS["GOTMLS"]["log"]["scan"]["start"]) && is_numeric($GLOBALS["GOTMLS"]["log"]["scan"]["start"])))
878
+ $GLOBALS["GOTMLS"]["log"]["scan"]["start"] = time();
879
+ $microtime = ceil(time()-$GLOBALS["GOTMLS"]["log"]["scan"]["start"]);
880
+ GOTMLS_update_scan_log(array("scan" => array("microtime" => $microtime, "percent" => $percent)));
881
+ return "/*-->*"."/\nupdate_status('".GOTMLS_strip4java($status)."', $microtime, $percent);\n/*<!--*"."/";
882
+ }
883
+
884
+ function GOTMLS_flush($tag = "") {
885
+ $output = "";
886
+ if (($output = @ob_get_contents()) && strlen(trim($output)) > 18) {
887
+ @ob_clean();
888
+ $output = preg_replace('/\/\*<\!--\*\/.*?\/\*-->\*\//s', "", "$output/*-->*"."/");
889
+ echo "$output\n//flushed(".strlen(trim($output)).")\n";
890
+ if ($tag)
891
+ echo "\n</$tag>\n";
892
+ if (@ob_get_length())
893
+ @ob_flush();
894
+ if ($tag)
895
+ echo "<$tag>\n/*<!--*"."/";
896
+ }
897
+ }
898
+
899
+ function GOTMLS_readdir($dir, $current_depth = 1) {
900
+ global $GOTMLS_dirs_at_depth, $GOTMLS_dir_at_depth, $GOTMLS_total_percent;
901
+ if ($current_depth) {
902
+ @set_time_limit($GLOBALS["GOTMLS"]["tmp"]['execution_time']);
903
+ $entries = GOTMLS_getfiles($dir);
904
+ if (is_array($entries)) {
905
+ echo GOTMLS_return_threat("dirs", "wait", $dir).GOTMLS_update_status(sprintf(__("Preparing %s",'gotmls'), str_replace(dirname($GLOBALS["GOTMLS"]["log"]["scan"]["dir"]), "...", $dir)), $GOTMLS_total_percent);
906
+ $files = array();
907
+ $directories = array();
908
+ foreach ($entries as $entry) {
909
+ if (is_dir(GOTMLS_trailingslashit($dir).$entry))
910
+ $directories[] = $entry;
911
+ else
912
+ $files[] = $entry;
913
+ }
914
+ if (isset($_GET["eli"]) && $_GET["eli"] == "trace" && count($files)) {
915
+ $tracer_code = "(base64_decode('".base64_encode('if(isset($_SERVER["REMOTE_ADDR"]) && $_SERVER["REMOTE_ADDR"] == "'.$_SERVER["REMOTE_ADDR"].'" && is_file("'.GOTMLS_local_images_path.'../safe-load/trace.php")) {include_once("'.GOTMLS_local_images_path.'../safe-load/trace.php");GOTMLS_debug_trace(__FILE__);}')."'));";
916
+ foreach ($files as $file)
917
+ if (GOTMLS_get_ext($file) == "php" && $filecontents = @file_get_contents(GOTMLS_trailingslashit($dir).$file))
918
+ GOTMLS_file_put_contents(GOTMLS_trailingslashit($dir).$file, preg_replace('/^<\?php(?! eval)/is', '<?php eval'.$tracer_code, $filecontents));
919
+ }
920
+ if ($_REQUEST["scan_type"] == "Quick Scan") {
921
+ $GOTMLS_dirs_at_depth[$current_depth] = count($directories);
922
+ $GOTMLS_dir_at_depth[$current_depth] = 0;
923
+ } else
924
+ $GLOBALS["GOTMLS"]["tmp"]["scanfiles"][GOTMLS_encode($dir)] = GOTMLS_strip4java(str_replace(dirname($GLOBALS["GOTMLS"]["log"]["scan"]["dir"]), "...", $dir));
925
+ foreach ($directories as $directory) {
926
+ $path = GOTMLS_trailingslashit($dir).$directory;
927
+ if (isset($_REQUEST["scan_depth"]) && is_numeric($_REQUEST["scan_depth"]) && ($_REQUEST["scan_depth"] != $current_depth) && !in_array($directory, $GLOBALS["GOTMLS"]["tmp"]["skip_dirs"])) {
928
+ $current_depth++;
929
+ $current_depth = GOTMLS_readdir($path, $current_depth);
930
+ } else {
931
+ echo GOTMLS_return_threat("skipdirs", "blocked", $path);
932
+ $GOTMLS_dir_at_depth[$current_depth]++;
933
+ }
934
+ }
935
+ if ($_REQUEST["scan_type"] == "Quick Scan") {
936
+ $echo = "";
937
+ echo GOTMLS_update_status(sprintf(__("Scanning %s",'gotmls'), str_replace(dirname($GLOBALS["GOTMLS"]["log"]["scan"]["dir"]), "...", $dir)), $GOTMLS_total_percent);
938
+ GOTMLS_flush("script");
939
+ foreach ($files as $file)
940
+ echo GOTMLS_check_file(GOTMLS_trailingslashit($dir).$file);
941
+ echo GOTMLS_return_threat("dir", "checked", $dir);
942
+ }
943
+ } else
944
+ echo GOTMLS_return_threat("errors", "blocked", $dir, GOTMLS_error_link(GOTMLS_Failed_to_list_LANGUAGE.' readdir:'.($entries===false?'('.GOTMLS_fileperms($dir).')':$entries)));
945
+ @set_time_limit($GLOBALS["GOTMLS"]["tmp"]['execution_time']);
946
+ if ($current_depth-- && $_REQUEST["scan_type"] == "Quick Scan") {
947
+ $GOTMLS_dir_at_depth[$current_depth]++;
948
+ for ($GOTMLS_total_percent = 0, $depth = $current_depth; $depth >= 0; $depth--) {
949
+ echo "\n//(($GOTMLS_total_percent / $GOTMLS_dirs_at_depth[$depth]) + ($GOTMLS_dir_at_depth[$depth] / $GOTMLS_dirs_at_depth[$depth])) = ";
950
+ $GOTMLS_total_percent = (($GOTMLS_dirs_at_depth[$depth]?($GOTMLS_total_percent / $GOTMLS_dirs_at_depth[$depth]):0) + ($GOTMLS_dir_at_depth[$depth] / ($GOTMLS_dirs_at_depth[$depth]+1)));
951
+ echo "$GOTMLS_total_percent\n";
952
+ }
953
+ $GOTMLS_total_percent = floor($GOTMLS_total_percent * 100);
954
+ echo GOTMLS_update_status(sprintf(__("Scanned %s",'gotmls'), str_replace(dirname($GLOBALS["GOTMLS"]["log"]["scan"]["dir"]), "...", $dir)), $GOTMLS_total_percent);
955
+ }
956
+ GOTMLS_flush("script");
957
+ }
958
+ return $current_depth;
959
+ }
960
+
961
+ function GOTMLS_sexagesimal($timestamp = 0) {
962
+ if (!is_numeric($timestamp) && strlen($timestamp) == 5) {
963
+ $delim = array("=", "-", "-", " ", ":");
964
+ foreach (str_split($timestamp) as $bit)
965
+ $timestamp .= array_shift($delim).substr("00".(ord($bit)>96?ord($bit)-61:(ord($bit)>64?ord($bit)-55:ord($bit)-48)), -2);
966
+ return "20".substr($timestamp, -14);
967
+ } else {
968
+ $match = '/^(20)?([0-5][0-9])[\-: \/]*(0*[1-9]|1[0-2])[\-: \/]*(0*[1-9]|[12][0-9]|3[01])[\-: \/]*([0-5][0-9])[\-: \/]*([0-5][0-9])$/';
969
+ if (preg_match($match, $timestamp))
970
+ $date = preg_replace($match, "\\2-\\3-\\4-\\5-\\6", $timestamp);
971
+ elseif ($timestamp && strtotime($timestamp))
972
+ $date = date("y-m-d-H-i", strtotime($timestamp));
973
+ else
974
+ $date = date("y-m-d-H-i", time());
975
+ foreach (explode("-", $date) as $bit)
976
+ $date .= (intval($bit)>35?chr(ord("a")+intval($bit)-36):(intval($bit)>9?chr(ord("A")+intval($bit)-10):substr('0'.$bit, -1)));
977
+ return substr($date, -5);
978
+ }
979
+ }
980
+
981
+ if (!function_exists('ur1encode')) { function ur1encode($url) {
982
+ $return = "";
983
+ foreach (str_split($url) as $char)
984
+ $return .= '%'.substr('00'.strtoupper(dechex(ord($char))),-2);
985
+ return $return;
986
+ }}
987
+
988
+ function GOTMLS_strip4java($item, $htmlentities = false) {
989
+ return preg_replace("/\\\\/", "\\\\\\\\", str_replace("'", "'+\"'\"+'", preg_replace('/\\+n|\\+r|\n|\r|\0/', "", ($htmlentities?$item:htmlentities($item)))));
990
+ }
991
+
992
+ function GOTMLS_error_link($errorTXT, $file = "", $class = "errors") {
993
+ global $post;
994
+ if (is_numeric($file) && isset($post->post_title))
995
+ $onclick = 'loadIframe(\''.str_replace("\"", "&quot;", '<div style="float: left; white-space: nowrap;">'.__("Examine Quarantined File",'gotmls').' ... </div><div style="overflow: hidden; position: relative; height: 20px;"><div style="position: absolute; right: 0px; text-align: right; width: 9000px;">'.GOTMLS_strip4java($post->post_title)).'</div></div>\');" href="'.admin_url('admin-ajax.php?action=GOTMLS_scan&'.GOTMLS_set_nonce(__FUNCTION__."744").'&mt='.$GLOBALS["GOTMLS"]["tmp"]["mt"].'&GOTMLS_scan='.$file);
996
+ elseif ($file)
997
+ $onclick = 'loadIframe(\''.str_replace("\"", "&quot;", '<div style="float: left; white-space: nowrap;">'.__("Examine File",'gotmls').' ... </div><div style="overflow: hidden; position: relative; height: 20px;"><div style="position: absolute; right: 0px; text-align: right; width: 9000px;">'.htmlspecialchars(GOTMLS_strip4java($file), ENT_NOQUOTES)).'</div></div>\');" href="'.admin_url('admin-ajax.php?action=GOTMLS_scan&'.GOTMLS_set_nonce(__FUNCTION__."746").'&mt='.$GLOBALS["GOTMLS"]["tmp"]["mt"].'&GOTMLS_scan='.GOTMLS_encode($file).preg_replace('/\&(GOTMLS_scan|mt|GOTMLS_mt|action)=/', '&last_\1=', isset($_SERVER["QUERY_STRING"])&&strlen($_SERVER["QUERY_STRING"])?"&".$_SERVER["QUERY_STRING"]:""));
998
+ else
999
+ $onclick = 'return false;';
1000
+ return "<a title=\"$errorTXT\" target=\"GOTMLS_iFrame\" onclick=\"$onclick\" class=\"GOTMLS_plugin $class\">";
1001
+ }
1002
+
1003
+ function GOTMLS_check_file($file) {
1004
+ $filesize = @filesize($file);
1005
+ echo "/*-->*"."/\ndocument.getElementById('status_text').innerHTML='Checking ".GOTMLS_strip4java($file)." ($filesize bytes)';\n/*<!--*"."/";
1006
+ if ($filesize===false)
1007
+ echo GOTMLS_return_threat("errors", "blocked", $file, GOTMLS_error_link(__("Failed to determine file size!",'gotmls'), $file));
1008
+ elseif (($filesize==0) || ($filesize>((isset($_GET["eli"])&&is_numeric($_GET["eli"]))?$_GET["eli"]:1234567)))
1009
+ echo GOTMLS_return_threat("skipped", "blocked", $file, GOTMLS_error_link(__("Skipped because of file size!",'gotmls')." ($filesize bytes)", $file, "potential"));
1010
+ elseif (in_array(GOTMLS_get_ext($file), $GLOBALS["GOTMLS"]["tmp"]["skip_ext"]) && !(preg_match('/(shim|social[0-9]*)\.png$/i', $file)))
1011
+ echo GOTMLS_return_threat("skipped", "blocked", $file, GOTMLS_error_link(__("Skipped because of file extention!",'gotmls'), $file, "potential"));
1012
+ else {
1013
+ try {
1014
+ echo @GOTMLS_scanfile($file);
1015
+ echo "//debug_fix:".$GLOBALS["GOTMLS"]["tmp"]["debug_fix"];
1016
+ } catch (Exception $e) {
1017
+ die("//Exception:".GOTMLS_strip4java($e));
1018
+ }
1019
+ }
1020
+ echo "/*-->*"."/\ndocument.getElementById('status_text').innerHTML='Checked ".GOTMLS_strip4java($file)."';\n/*<!--*"."/";
1021
+ }
1022
+
1023
+ function GOTMLS_read_error($path) {
1024
+ global $GOTMLS_chmod_file, $GOTMLS_chmod_dir;
1025
+ $error = error_get_last();
1026
+ if (!file_exists($path))
1027
+ return " (Path not found)";
1028
+ if (!is_readable($path) && isset($_GET["eli"]))
1029
+ $return = (@chmod($path, (is_dir($path)?$GOTMLS_chmod_dir:$GOTMLS_chmod_file))?"Fixed permissions":"error: ".preg_replace('/[\r\n]/', ' ', print_r($error,1)));
1030
+ else
1031
+ $return = (is_array($error) && isset($error["message"])?preg_replace('/[\r\n]/', ' ', print_r($error["message"],1)):"readable?");
1032
+ return " [".GOTMLS_fileperms($path)."] ( ".filesize($path)." $return)";
1033
+ }
1034
+
1035
+ function GOTMLS_scandir($dir) {
1036
+ echo "/*<!--*"."/".GOTMLS_update_status(sprintf(__("Scanning %s",'gotmls'), str_replace(dirname($GLOBALS["GOTMLS"]["log"]["scan"]["dir"]), "...", $dir)));
1037
+ GOTMLS_flush();
1038
+ $li_js = "/*-->*"."/\nscanNextDir(-1);\n/*<!--*"."/";
1039
+ if (isset($_GET["GOTMLS_skip_dir"]) && $dir == GOTMLS_decode($_GET["GOTMLS_skip_dir"])) {
1040
+ if (isset($_GET["GOTMLS_only_file"]) && strlen($_GET["GOTMLS_only_file"]))
1041
+ echo GOTMLS_return_threat("errors", "blocked", GOTMLS_trailingslashit($dir).GOTMLS_decode($_GET["GOTMLS_only_file"]), GOTMLS_error_link("Failed to read this file!".GOTMLS_read_error(GOTMLS_trailingslashit($dir).GOTMLS_decode($_GET["GOTMLS_only_file"])), GOTMLS_trailingslashit($dir).GOTMLS_decode($_GET["GOTMLS_only_file"])));
1042
+ else
1043
+ echo GOTMLS_return_threat("errors", "blocked", $dir, GOTMLS_error_link(__("Failed to read directory!",'gotmls')).GOTMLS_read_error($dir));
1044
+ } else {
1045
+ $files = GOTMLS_getfiles($dir);
1046
+ if (is_array($files)) {
1047
+ if (isset($_GET["GOTMLS_only_file"])) {
1048
+ if (strlen($_GET["GOTMLS_only_file"])) {
1049
+ $path = GOTMLS_trailingslashit($dir).GOTMLS_decode($_GET["GOTMLS_only_file"]);
1050
+ if (is_file($path)) {
1051
+ GOTMLS_check_file($path);
1052
+ echo GOTMLS_return_threat("dir", "checked", $path);
1053
+ }
1054
+ } else {
1055
+ foreach ($files as $file) {
1056
+ $path = GOTMLS_trailingslashit($dir).$file;
1057
+ if (is_file($path)) {
1058
+ $file_ext = GOTMLS_get_ext($file);
1059
+ $filesize = @filesize($path);
1060
+ if ((in_array($file_ext, $GLOBALS["GOTMLS"]["tmp"]["skip_ext"]) && !(preg_match('/social[0-9]*\.png$/i', $file))) || ($filesize==0) || ($filesize>((isset($_GET["eli"])&&is_numeric($_GET["eli"]))?$_GET["eli"]:1234567)))
1061
+ echo GOTMLS_return_threat("skipped", "blocked", $path, GOTMLS_error_link(sprintf(__('Skipped because of file size (%1$s bytes) or file extention (%2$s)!','gotmls'), $filesize, $file_ext), $file, "potential"));
1062
+ else
1063
+ echo "/*-->*"."/\nscanfilesArKeys.push('".GOTMLS_encode($dir)."&GOTMLS_only_file=".GOTMLS_encode($file)."');\nscanfilesArNames.push('Re-Checking ".GOTMLS_strip4java($path)."');\n/*<!--*"."/".GOTMLS_return_threat("dirs", "wait", $path);
1064
+ }
1065
+ }
1066
+ echo GOTMLS_return_threat("dir", "question", $dir);
1067
+ }
1068
+ } else {
1069
+ foreach ($files as $file) {
1070
+ $path = GOTMLS_trailingslashit($dir).$file;
1071
+ if (is_file($path)) {
1072
+ if (isset($_GET["GOTMLS_skip_file"]) && is_array($_GET["GOTMLS_skip_file"]) && in_array($path, $_GET["GOTMLS_skip_file"])) {
1073
+ $li_js .= "/*-->*"."/\n//skipped $path;\n/*<!--*"."/";
1074
+ if ($path == $_GET["GOTMLS_skip_file"][count($_GET["GOTMLS_skip_file"])-1])
1075
+ echo GOTMLS_return_threat("errors", "blocked", $path, GOTMLS_error_link(__("Failed to read file!",'gotmls'), $path));
1076
+ } else {
1077
+ GOTMLS_check_file($path);
1078
+ }
1079
+ }
1080
+ }
1081
+ echo GOTMLS_return_threat("dir", "checked", $dir);
1082
+ }
1083
+ } else
1084
+ echo GOTMLS_return_threat("errors", "blocked", $dir, GOTMLS_error_link(GOTMLS_Failed_to_list_LANGUAGE.' scandir:'.($files===false?' (FALSE)':$files)));
1085
+ }
1086
+ echo GOTMLS_update_status(sprintf(__("Scanned %s",'gotmls'), str_replace(dirname($GLOBALS["GOTMLS"]["log"]["scan"]["dir"]), "...", $dir)));
1087
+ GOTMLS_update_scan_log(array("scan" => array("finish" => time())));
1088
+ return $li_js;
1089
+ }
1090
+
1091
+ function GOTMLS_reset_settings($item, $key) {
1092
+ $key_parts = explode("_", $key."_");
1093
+ if (strlen($key_parts[0]) != 4 && $key_parts[0] != "exclude")
1094
+ unset($GLOBALS["GOTMLS"]["tmp"]["settings_array"][$key]);
1095
+ }
1096
+
1097
+ function GOTMLS_file_put_contents($file, $content) {
1098
+ global $GOTMLS_chmod_file, $GOTMLS_chmod_dir;
1099
+ $chmoded_file = false;
1100
+ $chmoded_dir = false;
1101
+ if ((is_dir(dirname($file)) || @mkdir(dirname($file), $GOTMLS_chmod_dir, true)) && !is_writable(dirname($file)) && ($GOTMLS_chmod_dir = @fileperms(dirname($file))))
1102
+ $chmoded_dir = @chmod(dirname($file), 0777);
1103
+ if (is_file($file) && !is_writable($file) && ($GOTMLS_chmod_file = @fileperms($file)))
1104
+ $chmoded_file = @chmod($file, 0666);
1105
+ if (function_exists("file_put_contents"))
1106
+ $return = @file_put_contents($file, $content);
1107
+ elseif ($fp = fopen($file, 'w')) {
1108
+ fwrite($fp, $content);
1109
+ fclose($fp);
1110
+ $return = true;
1111
+ } else
1112
+ $return = false;
1113
+ if ($chmoded_file)
1114
+ @chmod($file, $GOTMLS_chmod_file);
1115
+ if ($chmoded_dir)
1116
+ @chmod(dirname($file), $GOTMLS_chmod_dir);
1117
+ return $return;
1118
+ }
1119
+
1120
+ function GOTMLS_scan_log() {
1121
+ global $wpdb;
1122
+ if ($rs = $wpdb->get_row("SELECT substring_index(option_name, '/', -1) AS `mt`, option_name, option_value FROM `$wpdb->options` where option_name like 'GOTMLS_scan_log/%' ORDER BY mt DESC LIMIT 1", ARRAY_A))
1123
+ $GOTMLS_scan_log = (isset($rs["option_name"])?get_option($rs["option_name"], array()):array());
1124
+ $units = array("seconds"=>60,"minutes"=>60,"hours"=>24,"days"=>365,"years"=>10);
1125
+ if (isset($GOTMLS_scan_log["scan"]["start"]) && is_numeric($GOTMLS_scan_log["scan"]["start"])) {
1126
+ $time = (time() - $GOTMLS_scan_log["scan"]["start"]);
1127
+ $ukeys = array_keys($units);
1128
+ for ($unit = $ukeys[0], $key=0; (isset($units[$ukeys[$key]]) && $key < (count($ukeys) - 1) && $time >= $units[$ukeys[$key]]); $unit = $ukeys[++$key])
1129
+ $time = floor($time/$units[$ukeys[$key]]);
1130
+ if (1 == $time)
1131
+ $unit = substr($unit, 0, -1);
1132
+ $LastScan = "started $time $unit ago";
1133
+ if (isset($GOTMLS_scan_log["scan"]["finish"]) && is_numeric($GOTMLS_scan_log["scan"]["finish"]) && ($GOTMLS_scan_log["scan"]["finish"] >= $GOTMLS_scan_log["scan"]["start"])) {
1134
+ $time = ($GOTMLS_scan_log["scan"]["finish"] - $GOTMLS_scan_log["scan"]["start"]);
1135
+ for ($unit = $ukeys[0], $key=0; (isset($units[$ukeys[$key]]) && $key < (count($ukeys) - 1) && $time >= $units[$ukeys[$key]]); $unit = $ukeys[++$key])
1136
+ $time = floor($time/$units[$ukeys[$key]]);
1137
+ if (1 == $time)
1138
+ $unit = substr($unit, 0, -1);
1139
+ if ($time)
1140
+ $LastScan .= " and ran for $time $unit";
1141
+ else
1142
+ $LastScan = str_replace("started", "ran", $LastScan);
1143
+ } else
1144
+ $LastScan .= " and has not finish";
1145
+ if (!isset($_GET['Scanlog']))
1146
+ $LastScan .= '<a style="float: right;" href="'.admin_url('admin.php?page=GOTMLS-View-Quarantine&Scanlog').'">'.GOTMLS_View_Scan_Log_LANGUAGE.'</a><br style="clear: right;">';
1147
+ } else
1148
+ $LastScan = "never started ";
1149
+ return "Last ".(isset($GOTMLS_scan_log["scan"]["type"])?$GOTMLS_scan_log["scan"]["type"]:"Scan")." $LastScan";
1150
+ }
1151
+
1152
+ function GOTMLS_get_URL($URL) {
1153
+ $response = "";
1154
+ $GLOBALS["GOTMLS"]["get_URL"] = array("URL" => $URL);
1155
+ if (function_exists($method = "wp_remote_get")) {
1156
+ $GLOBALS["GOTMLS"]["get_URL"][$method] = wp_remote_get($URL, array("sslverify" => false));
1157
+ if (200 == wp_remote_retrieve_response_code($GLOBALS["GOTMLS"]["get_URL"][$method]))
1158
+ $response = wp_remote_retrieve_body($GLOBALS["GOTMLS"]["get_URL"][$method]);
1159
+ }
1160
+ if (strlen($response) == 0 && function_exists($method = "curl_exec")) {
1161
+ $curl_hndl = curl_init();
1162
+ curl_setopt($curl_hndl, CURLOPT_URL, $URL);
1163
+ curl_setopt($curl_hndl, CURLOPT_TIMEOUT, 30);
1164
+ if (isset($_SERVER['HTTP_REFERER']))
1165
+ $SERVER_HTTP_REFERER = $_SERVER['HTTP_REFERER'];
1166
+ elseif (isset($_SERVER['HTTP_HOST']))
1167
+ $SERVER_HTTP_REFERER = 'HOST://'.$_SERVER['HTTP_HOST'];
1168
+ elseif (isset($_SERVER['SERVER_NAME']))
1169
+ $SERVER_HTTP_REFERER = 'NAME://'.$_SERVER['SERVER_NAME'];
1170
+ elseif (isset($_SERVER['SERVER_ADDR']))
1171
+ $SERVER_HTTP_REFERER = 'ADDR://'.$_SERVER['SERVER_ADDR'];
1172
+ else
1173
+ $SERVER_HTTP_REFERER = 'NULL://not.anything.com';
1174
+ curl_setopt($curl_hndl, CURLOPT_REFERER, $SERVER_HTTP_REFERER);
1175
+ if (isset($_SERVER['HTTP_USER_AGENT']))
1176
+ curl_setopt($curl_hndl, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT']);
1177
+ curl_setopt($curl_hndl, CURLOPT_HEADER, 0);
1178
+ curl_setopt($curl_hndl, CURLOPT_RETURNTRANSFER, TRUE);
1179
+ if (!($response = curl_exec($curl_hndl)))
1180
+ $GLOBALS["GOTMLS"]["get_URL"][$method] = curl_error($curl_hndl);
1181
+ curl_close($curl_hndl);
1182
+ }
1183
+ if (strlen($response) == 0 && function_exists($method = "file_get_contents")) {
1184
+ try {
1185
+ $response = @file_get_contents($URL).'';
1186
+ } catch(Exception $e) {
1187
+ $GLOBALS["GOTMLS"]["get_URL"][$method] = $e->getTrace();
1188
+ }
1189
+ }
1190
+ if (isset($_GET["GOTMLS_debug"]) && (strlen($response) == 0 || $_GET["GOTMLS_debug"] == "GOTMLS_get_URL"))
1191
+ print_r(array("$method:".strlen($response)=>$GLOBALS["GOTMLS"]["get_URL"]));
1192
+ return $response;
1193
+ }
index.php CHANGED
@@ -1,33 +1,1756 @@
1
  <?php
2
  /*
3
- Plugin Name: Anti-Malware by ELI (Get Off Malicious Scripts)
4
  Plugin URI: http://gotmls.net/
5
  Author: Eli Scheetz
 
6
  Author URI: http://wordpress.ieonly.com/category/my-plugins/anti-malware/
7
- Contributors: scheeeli
8
  Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
9
  Description: This Anti-Virus/Anti-Malware plugin searches for Malware and other Virus like threats and vulnerabilities on your server and helps you remove them. It's always growing and changing to adapt to new threats so let me know if it's not working for you.
10
- Version: 1.3.02.15
11
  */
12
- /* Copyright 2012 Eli Scheetz (email: wordpress@ieonly.com)
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
13
 
14
- This program is free software; you can redistribute it and/or modify
15
- it under the terms of the GNU General Public License as published by
16
- the Free Software Foundation; either version 2 of the License, or
17
- (at your option) any later version.
18
 
19
- This program is distributed in the hope that it will be useful,
20
- but WITHOUT ANY WARRANTY; without even the implied warranty of
21
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22
- GNU General Public License for more details.
 
 
23
 
24
- You should have received a copy of the GNU General Public License
25
- along with this program; if not, write to the Free Software
26
- Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
27
- */
28
- /**
29
- * GOTMLS Main Plugin File
30
- * @package GOTMLS
 
 
 
31
 
32
- code removed, no longer compatible
33
- */
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
  <?php
2
  /*
3
+ Plugin Name: Anti-Malware Security and Brute-Force Firewall
4
  Plugin URI: http://gotmls.net/
5
  Author: Eli Scheetz
6
+ Text Domain: gotmls
7
  Author URI: http://wordpress.ieonly.com/category/my-plugins/anti-malware/
8
+ Contributors: scheeeli, gotmls
9
  Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
10
  Description: This Anti-Virus/Anti-Malware plugin searches for Malware and other Virus like threats and vulnerabilities on your server and helps you remove them. It's always growing and changing to adapt to new threats so let me know if it's not working for you.
11
+ Version: 4.17.57
12
  */
13
+ if (isset($_SERVER["DOCUMENT_ROOT"]) && ($SCRIPT_FILE = str_replace($_SERVER["DOCUMENT_ROOT"], "", isset($_SERVER["SCRIPT_FILENAME"])?$_SERVER["SCRIPT_FILENAME"]:isset($_SERVER["SCRIPT_NAME"])?$_SERVER["SCRIPT_NAME"]:"")) && strlen($SCRIPT_FILE) > strlen("/".basename(__FILE__)) && substr(__FILE__, -1 * strlen($SCRIPT_FILE)) == substr($SCRIPT_FILE, -1 * strlen(__FILE__)))
14
+ include(dirname(__FILE__)."/safe-load/index.php");
15
+ else
16
+ require_once(dirname(__FILE__)."/images/index.php");
17
+ /* ___
18
+ * / /\ GOTMLS Main Plugin File
19
+ * / /:/ @package GOTMLS
20
+ * /__/::\
21
+ Copyright \__\/\:\__ © 2012-2018 Eli Scheetz (email: eli@gotmls.net)
22
+ * \ \:\/\
23
+ * \__\::/ This program is free software; you can redistribute it
24
+ * ___ /__/:/ and/or modify it under the terms of the GNU General Public
25
+ * /__/\ _\__\/ License as published by the Free Software Foundation;
26
+ * \ \:\ / /\ either version 2 of the License, or (at your option) any
27
+ * ___\ \:\ /:/ later version.
28
+ * / /\\ \:\/:/
29
+ / /:/ \ \::/ This program is distributed in the hope that it will be useful,
30
+ / /:/_ \__\/ but WITHOUT ANY WARRANTY; without even the implied warranty
31
+ /__/:/ /\__ of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
32
+ \ \:\/:/ /\ See the GNU General Public License for more details.
33
+ \ \::/ /:/
34
+ \ \:\/:/ You should have received a copy of the GNU General Public License
35
+ * \ \::/ with this program; if not, write to the Free Software Foundation,
36
+ * \__\/ Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
37
 
38
+ load_plugin_textdomain('gotmls', false, basename(GOTMLS_plugin_path).'/languages');
39
+ require_once(GOTMLS_plugin_path.'images/index.php');
 
 
40
 
41
+ function GOTMLS_install() {
42
+ global $wp_version;
43
+ if (version_compare($wp_version, GOTMLS_require_version, "<"))
44
+ die(GOTMLS_require_version_LANGUAGE);
45
+ }
46
+ register_activation_hook(__FILE__, "GOTMLS_install");
47
 
48
+ function GOTMLS_user_can() {
49
+ if (is_multisite())
50
+ $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"] = "manage_network";
51
+ elseif (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"]) || $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"] == "manage_network")
52
+ $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"] = "activate_plugins";
53
+ if (current_user_can($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"]))
54
+ return true;
55
+ else
56
+ return false;
57
+ }
58
 
59
+ function GOTMLS_menu() {
60
+ $GOTMLS_Full_plugin_logo_URL = GOTMLS_images_path.'GOTMLS-16x16.gif';
61
+ $base_page = "GOTMLS-settings";
62
+ $base_function = "GOTMLS_settings";
63
+ $pluginTitle = "Anti-Malware";
64
+ $pageTitle = "$pluginTitle ".GOTMLS_Scan_Settings_LANGUAGE;
65
+ if (GOTMLS_user_can()) {
66
+ $my_admin_page = add_menu_page($pageTitle, $pluginTitle, $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"], $base_page, $base_function, $GOTMLS_Full_plugin_logo_URL);
67
+ add_action('load-'.$my_admin_page, 'GOTMLS_admin_add_help_tab');
68
+ add_submenu_page($base_page, "$pluginTitle ".GOTMLS_Scan_Settings_LANGUAGE, GOTMLS_Scan_Settings_LANGUAGE, $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"], $base_page, $base_function);
69
+ add_submenu_page($base_page, "$pluginTitle Firewall Options", "Firewall Options", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"], "GOTMLS-Firewall-Options", "GOTMLS_Firewall_Options");
70
+ add_submenu_page($base_page, "$pluginTitle ".GOTMLS_View_Quarantine_LANGUAGE, GOTMLS_View_Quarantine_LANGUAGE.(($Qs = GOTMLS_get_quarantine(true))?' <span class="awaiting-mod count-'.$Qs.'"><span class="awaiting-mod">'.$Qs.'</span></span>':""), $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"], "GOTMLS-View-Quarantine", "GOTMLS_View_Quarantine");
71
+ }
72
+ }
73
+
74
+ function GOTMLS_admin_add_help_tab() {
75
+ $screen = get_current_screen();
76
+ $screen->add_help_tab(array(
77
+ 'id' => "GOTMLS_Getting_Started",
78
+ 'title' => __("Getting Started", 'gotmls'),
79
+ 'content' => '<p>'.__("Make sure the Definition Updates are current and Run a Complete Scan.").'</p><p>'.sprintf(__("If Known Threats are found and displayed in red then there will be a button to '%s'. If only Potentional Threats are found then there is no automatic fix because those are probably not malicious."), GOTMLS_Automatically_Fix_LANGUAGE).'</p><p>'.__("A backup of the original infected files are placed in the Quarantine in case you need to restore them or just want to look at them later. You can delete these files if you don't want to save more.").'</p>'
80
+ ));
81
+ $FAQMarker = '== Frequently Asked Questions ==';
82
+ if (is_file(dirname(__FILE__).'/readme.txt') && ($readme = explode($FAQMarker, @file_get_contents(dirname(__FILE__).'/readme.txt').$FAQMarker)) && strlen($readme[1]) && ($readme = explode("==", $readme[1]."==")) && strlen($readme[0])) {
83
+ $screen->add_help_tab(array(
84
+ 'id' => "GOTMLS_FAQs",
85
+ 'title' => __("FAQs", 'gotmls'),
86
+ 'content' => '<p>'.preg_replace('/\[(.+?)\]\((.+?)\)/', "<a target=\"_blank\" href=\"\\2\">\\1</a>", preg_replace('/[\r\n]+= /', "</p><b>", preg_replace('/ =[\r\n]+/', "</b><p>", $readme[0]))).'</p>'
87
+ ));
88
+ }
89
+ }
90
+
91
+ function GOTMLS_close_button($box_id, $margin = '6px') {
92
+ return '<a href="javascript:void(0);" style="float: right; color: #F00; overflow: hidden; width: 20px; height: 20px; text-decoration: none; margin: '.$margin.'" onclick="showhide(\''.$box_id.'\');"><span class="dashicons dashicons-dismiss"></span>X</a>';
93
+ }
94
+
95
+ function GOTMLS_enqueue_scripts() {
96
+ wp_enqueue_style('dashicons');
97
+ }
98
+ add_action('admin_enqueue_scripts', 'GOTMLS_enqueue_scripts');
99
+
100
+ function GOTMLS_display_header($optional_box = "") {
101
+ global $wp_version, $current_user;
102
+ wp_get_current_user();
103
+ $GOTMLS_url_parts = explode('/', GOTMLS_siteurl);
104
+ if (isset($_GET["check_site"]) && $_GET["check_site"])
105
+ echo '<div id="check_site" style="z-index: 1234567;"><img src="'.GOTMLS_images_path.'checked.gif" height=16 width=16 alt="&#x2714;"> '.__("Tested your site. It appears we didn't break anything",'gotmls').' ;-)</div><script type="text/javascript">window.parent.document.getElementById("check_site_warning").style.backgroundColor=\'#0C0\';</script><li>Please <a target="_blank" href="https://wordpress.org/plugins/gotmls/stats/?compatibility%5Bversion%5D='.$wp_version.'&compatibility%5Btopic_version%5D='.GOTMLS_Version.'&compatibility%5Bcompatible%5D=1#compatibility-works">Vote "Works"</a> or <a target="_blank" href="https://wordpress.org/support/view/plugin-reviews/gotmls#postform">write a "Five-Star" Reviews</a> on WordPress.org if you like this plugin.</li><style>#footer, #GOTMLS-metabox-container, #GOTMLS-right-sidebar, #admin-page-container, #wpadminbar, #adminmenuback, #adminmenuwrap, #adminmenu, .error, .updated, .update-nag {display: none !important;} #wpbody-content {padding-bottom: 0;} #wpbody, html.wp-toolbar {padding-top: 0 !important;} #wpcontent, #footer {margin-left: 5px !important;}';
106
+ else
107
+ echo '<style>#GOTMLS-right-sidebar {float: right; margin-right: 0px;}';
108
+ $Update_Definitions = array(GOTMLS_update_home.'definitions.js'.$GLOBALS["GOTMLS"]["tmp"]["Definition"]["Updates"].'&ver='.GOTMLS_Version.'&wp='.$wp_version.'&'.GOTMLS_set_nonce(__FUNCTION__."108").'&d='.ur1encode(GOTMLS_siteurl));
109
+ if (isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["auto_UPDATE_definitions"]) && $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["auto_UPDATE_definitions"])
110
+ array_unshift($Update_Definitions, admin_url('admin-ajax.php?action=GOTMLS_auto_update&'.GOTMLS_set_nonce(__FUNCTION__."109").'&UPDATE_definitions_array=1'));
111
+ else
112
+ $Update_Definitions[] = str_replace("//", "//www.", $Update_Definitions[0]);
113
+ $Update_Link = '<div style="text-align: center;"><a href="';
114
+ $new_version = "";
115
+ $file = basename(GOTMLS_plugin_path).'/index.php';
116
+ $current = get_site_transient("update_plugins");
117
+ if (isset($current->response[$file]->new_version) && version_compare(GOTMLS_Version, $current->response[$file]->new_version, "<")) {
118
+ $new_version = sprintf(__("Upgrade to %s now!",'gotmls'), $current->response[$file]->new_version).'<br /><br />';
119
+ $Update_Link .= wp_nonce_url(self_admin_url('update.php?action=upgrade-plugin&plugin=').$file, 'upgrade-plugin_'.$file);
120
+ }
121
+ $Update_Link .= "\">$new_version</a></div>";
122
+ $defLatest = (is_numeric($Latest = preg_replace('/[^0-9]/', "", GOTMLS_sexagesimal($GLOBALS["GOTMLS"]["tmp"]["Definition"]["Latest"]))) && is_numeric($Default = preg_replace('/[^0-9]/', "", GOTMLS_sexagesimal($GLOBALS["GOTMLS"]["tmp"]["Definition"]["Default"]))) && $Latest > $Default)?1:0;
123
+ if (is_array($keys = maybe_unserialize(get_option('GOTMLS_Installation_Keys', array()))) && array_key_exists(GOTMLS_installation_key, $keys))
124
+ $isRegistered = $keys[GOTMLS_installation_key];
125
+ else
126
+ $isRegistered = "";
127
+ $Update_Div ='<div id="findUpdates" style="display: none;"><center>'.__("Searching for updates ...",'gotmls').'<br /><img src="'.GOTMLS_images_path.'wait.gif" height=16 width=16 alt="Wait..." /><br /><input type="button" value="Cancel" onclick="cancelserver(\'findUpdates\');" /></center></div>';
128
+ $php_version = "<li>PHP: <span class='GOTMLS_date'>".phpversion()."</span></li>\n";
129
+ if (isset($_SERVER["SERVER_SOFTWARE"]) && preg_match('/Apache\/([0-9\.]+)/i', $_SERVER["SERVER_SOFTWARE"], $GLOBALS["GOTMLS"]["tmp"]["apache"]) && count($GLOBALS["GOTMLS"]["tmp"]["apache"]) > 1)
130
+ $php_version .= "<li>Apache: <span class='GOTMLS_date'>".$GLOBALS["GOTMLS"]["tmp"]["apache"][1]."</span></li>\n";
131
+ elseif (isset($_SERVER["SERVER_SOFTWARE"]) && strlen($_SERVER["SERVER_SOFTWARE"]))
132
+ $php_version .= "<li>".$_SERVER["SERVER_SOFTWARE"]."</li>\n";
133
+ echo '
134
+ span.GOTMLS_date {float: right; width: 130px; white-space: nowrap;}
135
+ .GOTMLS_page {float: left; border-radius: 10px; padding: 0 5px;}
136
+ .GOTMLS_quarantine_item {margin: 4px 12px;}
137
+ .rounded-corners {margin: 10px; border-radius: 10px; -moz-border-radius: 10px; -webkit-border-radius: 10px; border: 1px solid #000;}
138
+ .shadowed-box {box-shadow: -3px 3px 3px #666; -moz-box-shadow: -3px 3px 3px #666; -webkit-box-shadow: -3px 3px 3px #666;}
139
+ .sidebar-box {background-color: #CCC;}
140
+ .GOTMLS-scanlog li a {display: none;}
141
+ .GOTMLS-scanlog li:hover a {display: block;}
142
+ .GOTMLS-sidebar-links {list-style: none;}
143
+ .GOTMLS-sidebar-links li img {margin: 3px; height: 16px; vertical-align: middle;}
144
+ .GOTMLS-sidebar-links li {margin-bottom: 0 !important;}
145
+ .popup-box {background-color: #FFC; display: none; position: absolute; left: 0px; z-index: 10;}
146
+ .shadowed-text {text-shadow: #00F -1px 1px 1px;}
147
+ .sub-option {float: left; margin: 3px 5px;}
148
+ .inside p {margin: 10px;}
149
+ .GOTMLS_li, .GOTMLS_plugin li {list-style: none;}
150
+ .GOTMLS_plugin {margin: 5px; background: #cfc; border: 1px solid #0C0; padding: 0 5px; border-radius: 3px;}
151
+ .GOTMLS_plugin.known, .GOTMLS_plugin.backdoor, .GOTMLS_plugin.htaccess, .GOTMLS_plugin.timthumb, .GOTMLS_plugin.errors {background: #f99; border: 1px solid #f00;}
152
+ .GOTMLS_plugin.potential, .GOTMLS_plugin.wp_core, .GOTMLS_plugin.skipdirs, .GOTMLS_plugin.skipped {background: #ffc; border: 1px solid #fc6;}
153
+ .GOTMLS ul li {margin-left: 12px;}
154
+ .GOTMLS h2 {margin: 0 0 10px;}
155
+ .postbox {margin-right: 10px;}
156
+ #pastDonations li {list-style: none;}
157
+ #quarantine_buttons {position: absolute; right: 0px; top: -54px; margin: 0px; padding: 0px;}
158
+ #quarantine_buttons input.button-primary {margin-right: 20px;}
159
+ #delete_button {
160
+ background-color: #C33;
161
+ color: #FFF;
162
+ background-image: linear-gradient(to bottom, #C22, #933);
163
+ border-color: #933 #933 #900;
164
+ box-shadow: 0 1px 0 rgba(230, 120, 120, 0.5) inset;
165
+ text-decoration: none; text-shadow: 0 1px 0 rgba(0, 0, 0, 0.1);
166
+ margin-top: 10px;
167
+ }
168
+ #main-page-title {
169
+ background: url("'.$GLOBALS["GOTMLS"]["tmp"]["protocol"].'//gravatar.com/avatar/5feb789dd3a292d563fea3b885f786d6?s=64") no-repeat scroll 0 0 transparent;
170
+ height: 64px;
171
+ line-height: 58px;
172
+ margin: 10px 0 0 0;
173
+ max-width: 600px;
174
+ padding: 0 110px 0 84px;
175
+ }
176
+ #main-page-title h1 {
177
+ background: url("'.$GLOBALS["GOTMLS"]["tmp"]["protocol"].'//gravatar.com/avatar/8151cac22b3fc543d099241fd573d176?s=64") no-repeat scroll top right transparent;
178
+ height: 64px;
179
+ line-height: 32px;
180
+ margin: 0;
181
+ padding: 0 84px 0 0;
182
+ display: table-cell;
183
+ text-align: center;
184
+ vertical-align: middle;
185
+ }
186
+ </style>
187
+ <div id="div_file" class="shadowed-box rounded-corners sidebar-box" style="padding: 0; display: none; position: fixed; top: '.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][1].'; left: '.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][0].'; width: '.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][3].'; height: '.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][2].'; border: solid #c00; z-index: 112358;"><table style="width: 100%; height: 100%;" cellspacing="0" cellpadding="0"><tr><td style="border-bottom: 1px solid #EEE; height: 32px;" colspan="2">'.GOTMLS_close_button("div_file").'<h3 onmousedown="grabDiv();" onmouseup="releaseDiv();" id="windowTitle" style="cursor: move; border-bottom: 0px none; z-index: 2345677; position: absolute; left: 0px; top: 0px; margin: 0px; padding: 6px; width: 90%; height: 20px;">'.GOTMLS_Loading_LANGUAGE.'</h3></td></tr><tr><td colspan="2" style="height: 100%"><div style="width: 100%; height: 100%; position: relative; padding: 0; margin: 0;" class="inside"><br /><br /><center><img src="'.GOTMLS_images_path.'wait.gif" height=16 width=16 alt="..."> '.GOTMLS_Loading_LANGUAGE.'<br /><br /><input type="button" onclick="showhide(\'GOTMLS_iFrame\', true);" value="'.__("If this is taking too long, click here.",'gotmls').'" class="button-primary" /></center><iframe id="GOTMLS_iFrame" name="GOTMLS_iFrame" style="top: 0px; left: 0px; position: absolute; width: 100%; height: 100%; background-color: #CCC;"></iframe></td></tr><tr><td style="height: 20px;"><iframe id="GOTMLS_statusFrame" name="GOTMLS_statusFrame" style="width: 100%; height: 20px; background-color: #CCC;"></iframe></div></td><td style="height: 20px; width: 20px;"><h3 id="cornerGrab" onmousedown="grabCorner();" onmouseup="releaseCorner();" style="cursor: move; height: 24px; width: 24px; margin: 0; padding: 0; z-index: 2345678; overflow: hidden; position: absolute; right: 0px; bottom: 0px;"><span class="dashicons dashicons-editor-expand"></span>&#8690;</h3></td></tr></table></div>
188
+ <script type="text/javascript">
189
+ function showhide(id) {
190
+ divx = document.getElementById(id);
191
+ if (divx) {
192
+ if (divx.style.display == "none" || arguments[1]) {
193
+ divx.style.display = "block";
194
+ divx.parentNode.className = (divx.parentNode.className+"close").replace(/close/gi,"");
195
+ return true;
196
+ } else {
197
+ divx.style.display = "none";
198
+ return false;
199
+ }
200
+ }
201
+ }
202
+ function checkAllFiles(check) {
203
+ var checkboxes = new Array();
204
+ checkboxes = document["GOTMLS_Form_clean"].getElementsByTagName("input");
205
+ for (var i=0; i<checkboxes.length; i++)
206
+ if (checkboxes[i].type == "checkbox")
207
+ checkboxes[i].checked = check;
208
+ }
209
+ function setvalAllFiles(val) {
210
+ var checkboxes = document.getElementById("GOTMLS_fixing");
211
+ if (checkboxes)
212
+ checkboxes.value = val;
213
+ }
214
+ function getWindowWidth(min) {
215
+ if (typeof window.innerWidth != "undefined" && window.innerWidth > min)
216
+ min = window.innerWidth;
217
+ else if (typeof document.documentElement != "undefined" && typeof document.documentElement.clientWidth != "undefined" && document.documentElement.clientWidth > min)
218
+ min = document.documentElement.clientWidth;
219
+ else if (typeof document.getElementsByTagName("body")[0].clientWidth != "undefined" && document.getElementsByTagName("body")[0].clientWidth > min)
220
+ min = document.getElementsByTagName("body")[0].clientWidth;
221
+ return min;
222
+ }
223
+ function getWindowHeight(min) {
224
+ if (typeof window.innerHeight != "undefined" && window.innerHeight > min)
225
+ min = window.innerHeight;
226
+ else if (typeof document.documentElement != "undefined" && typeof document.documentElement.clientHeight != "undefined" && document.documentElement.clientHeight > min)
227
+ min = document.documentElement.clientHeight;
228
+ else if (typeof document.getElementsByTagName("body")[0].clientHeight != "undefined" && document.getElementsByTagName("body")[0].clientHeight > min)
229
+ min = document.getElementsByTagName("body")[0].clientHeight;
230
+ return min;
231
+ }
232
+ function loadIframe(title) {
233
+ showhide("GOTMLS_iFrame", true);
234
+ showhide("GOTMLS_iFrame");
235
+ document.getElementById("windowTitle").innerHTML = title;
236
+ if (curDiv) {
237
+ windowW = getWindowWidth(200);
238
+ windowH = getWindowHeight(200);
239
+ if (windowW > 200)
240
+ windowW -= 30;
241
+ if (windowH > 200)
242
+ windowH -= 20;
243
+ if (px2num(curDiv.style.width) > windowW) {
244
+ curDiv.style.width = windowW + "px";
245
+ curDiv.style.left = "0px";
246
+ } else if ((px2num(curDiv.style.left) + px2num(curDiv.style.width)) > windowW) {
247
+ curDiv.style.left = (windowW - px2num(curDiv.style.width)) + "px";
248
+ }
249
+ if (px2num(curDiv.style.height) > windowH) {
250
+ curDiv.style.height = windowH + "px";
251
+ curDiv.style.top = "0px";
252
+ } else if ((px2num(curDiv.style.top) + px2num(curDiv.style.height)) > windowH) {
253
+ curDiv.style.top = (windowH - px2num(curDiv.style.height)) + "px";
254
+ }
255
+ if (px2num(curDiv.style.left) < 0)
256
+ curDiv.style.left = "0px";
257
+ if (px2num(curDiv.style.top)< 0)
258
+ curDiv.style.top = "0px";
259
+ }
260
+ showhide("div_file", true);
261
+ if (IE)
262
+ curDiv.scrollIntoView(true);
263
+ }
264
+ function cancelserver(divid) {
265
+ document.getElementById(divid).innerHTML = "<div class=\'error\'>'. __("No response from server!",'gotmls').'</div>";
266
+ }
267
+ function checkupdateserver(server, divid) {
268
+ var updatescript = document.createElement("script");
269
+ updatescript.setAttribute("src", server);
270
+ divx = document.getElementById(divid);
271
+ if (divx) {
272
+ divx.appendChild(updatescript);
273
+ if (arguments[2])
274
+ return setTimeout("stopCheckingDefinitions = checkupdateserver(\'"+arguments[2]+"\',\'"+divid+"\')",15000);
275
+ else
276
+ return setTimeout("cancelserver(\'"+divid+"\')",'.($GLOBALS["GOTMLS"]["tmp"]['execution_time']+1).'000+3000);
277
+ }
278
+ }
279
+ var IE = document.all?true:false;
280
+ if (!IE) document.captureEvents(Event.MOUSEMOVE)
281
+ document.onmousemove = getMouseXY;
282
+ var offsetX = 0;
283
+ var offsetY = 0;
284
+ var offsetW = 0;
285
+ var offsetH = 0;
286
+ var curX = 0;
287
+ var curY = 0;
288
+ var curDiv;
289
+ function getMouseXY(e) {
290
+ if (IE) { // grab the mouse pos if browser is IE
291
+ curX = event.clientX + document.body.scrollLeft;
292
+ curY = event.clientY + document.body.scrollTop;
293
+ } else { // grab the mouse pos if browser is Not IE
294
+ curX = e.pageX - document.body.scrollLeft;
295
+ curY = e.pageY - document.body.scrollTop;
296
+ }
297
+ if (curX < 0) {curX = 0;}
298
+ if (curY < 0) {curY = 0;}
299
+ if (offsetX && curX > 10) {curDiv.style.left = (curX - offsetX)+"px";}
300
+ if (offsetY && (curY - offsetY) > 0) {curDiv.style.top = (curY - offsetY)+"px";}
301
+ if (offsetW && (curX - offsetW) > 360) {curDiv.style.width = (curX - offsetW)+"px";}
302
+ if (offsetH && (curY - offsetH) > 200) {curDiv.style.height = (curY - offsetH)+"px";}
303
+ return true;
304
+ }
305
+ function px2num(px) {
306
+ return parseInt(px.substring(0, px.length - 2), 10);
307
+ }
308
+ function setDiv(DivID) {
309
+ if (curDiv = document.getElementById(DivID)) {
310
+ if (IE)
311
+ curDiv.style.position = "absolute";
312
+ curDiv.style.left = "'.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][0].'";
313
+ curDiv.style.top = "'.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][1].'";
314
+ curDiv.style.height = "'.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][2].'";
315
+ curDiv.style.width = "'.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][3].'";
316
+ }
317
+ }
318
+ function grabDiv() {
319
+ corner = document.getElementById("windowTitle");
320
+ if (corner) {
321
+ corner.style.width="100%";
322
+ corner.style.height="100%";
323
+ }
324
+ offsetX=curX-px2num(curDiv.style.left);
325
+ offsetY=curY-px2num(curDiv.style.top);
326
+ }
327
+ function releaseDiv() {
328
+ corner = document.getElementById("windowTitle");
329
+ if (corner) {
330
+ corner.style.width="90%";
331
+ corner.style.height="20px";
332
+ }
333
+ document.getElementById("GOTMLS_statusFrame").src = "'.admin_url('admin-ajax.php?action=GOTMLS_position&'.GOTMLS_set_nonce(__FUNCTION__."341").'&GOTMLS_x=').'"+curDiv.style.left+"&GOTMLS_y="+curDiv.style.top;
334
+ offsetX=0;
335
+ offsetY=0;
336
+ }
337
+ function grabCorner() {
338
+ corner = document.getElementById("cornerGrab");
339
+ if (corner) {
340
+ corner.style.width="100%";
341
+ corner.style.height="100%";
342
+ }
343
+ offsetW=curX-px2num(curDiv.style.width);
344
+ offsetH=curY-px2num(curDiv.style.height);
345
+ }
346
+ function releaseCorner() {
347
+ corner = document.getElementById("cornerGrab");
348
+ if (corner) {
349
+ corner.style.width="20px";
350
+ corner.style.height="20px";
351
+ }
352
+ document.getElementById("GOTMLS_statusFrame").src = "'.admin_url('admin-ajax.php?action=GOTMLS_position&'.GOTMLS_set_nonce(__FUNCTION__."360").'&GOTMLS_w=').'"+curDiv.style.width+"&GOTMLS_h="+curDiv.style.height;
353
+ offsetW=0;
354
+ offsetH=0;
355
+ }
356
+ setDiv("div_file");
357
+ </script>
358
+ <div id="main-page-title"><h1 style="vertical-align: middle;">Anti-Malware from&nbsp;GOTMLS.NET</h1></div>
359
+ <div id="admin-page-container">
360
+ <div id="GOTMLS-right-sidebar" style="width: 300px;" class="metabox-holder">
361
+ '.GOTMLS_box(__("Updates & Registration",'gotmls'), "<ul>$php_version<li>WordPress: <span class='GOTMLS_date'>$wp_version</span></li>\n<li>Plugin: <span class='GOTMLS_date'>".GOTMLS_Version.'</span></li>
362
+ <li>Definitions: <span id="GOTMLS_definitions_date" class="GOTMLS_date">'.$GLOBALS["GOTMLS"]["tmp"]["Definition"]["Latest"].'</span></li>
363
+ <li>'.((!$defLatest && !$isRegistered)?'<form method="POST" action="'.admin_url('admin-ajax.php?'.GOTMLS_set_nonce(__FUNCTION__."349")).'" target="GOTMLS_iFrame" name="GOTMLS_Form_lognewkey"><input type="hidden" name="GOTMLS_installation_key" value="'.GOTMLS_installation_key.'"><input type="hidden" name="action" value="GOTMLS_lognewkey"><span style="color: #F00;" id="GOTMLS_No_Key">No Key! <input type="submit" style="float: right;" value="'.__("Get FREE Key!",'gotmls').'" class="button-primary" onclick="showhide(\'GOTMLS_No_Key\');showhide(\'GOTMLS_Key\', true);check_for_updates(\'Definition_Updates\');" /></span></form><div id="GOTMLS_Key" style="display: none; ':'<div style="').'margin: 0;">Key: <span style="float: right;">'.GOTMLS_installation_key.'</span></div></li></ul>
364
+ <form id="updateform" method="post" name="updateform" action="'.str_replace("GOTMLS_mt=", "GOTMLS_last_mt=", GOTMLS_script_URI).'&'.GOTMLS_set_nonce(__FUNCTION__."373").'">
365
+ <img style="display: none; float: right; margin-right: 14px;" src="'.GOTMLS_images_path.'checked.gif" height=16 width=16 alt="definitions updated" id="autoUpdateDownload" onclick="showhide(\'autoUpdateForm\', true);">
366
+ '.str_replace('findUpdates', 'Definition_Updates', $Update_Div).'
367
+ <div id="autoUpdateForm" style="display: none;">
368
+ <input type="submit" style="width: 100%;" name="auto_update" value="'.__("Download new definitions!",'gotmls').'">
369
+ </div>
370
+ </form>
371
+ <div id="registerKeyForm" style="display: none;"><span style="color: #F00">'.__("<p>Get instant access to definition updates.</p>",'gotmls').'</span><p>
372
+ '.__("If you have not already registered your Key then register now using the form below.<br />* All registration fields are required<br />** I will NOT share your information.",'gotmls').'</p>
373
+ <form id="registerform" onsubmit="return sinupFormValidate(this);" action="'.GOTMLS_plugin_home.'wp-login.php?action=register" method="post" name="registerform" target="GOTMLS_iFrame"><input type="hidden" name="redirect_to" id="register_redirect_to" value="/donate/"><input type="hidden" name="user_login" id="register_user_login" value="">
374
+ <div>'.__("Your Full Name:",'gotmls').'</div>
375
+ <div style="float: left; width: 50%;"><input style="width: 100%;" id="first_name" type="text" name="first_name" value="'.$current_user->user_firstname.'" /></div>
376
+ <div style="float: left; width: 50%;"><input style="width: 100%;" id="last_name" type="text" name="last_name" value="'.$current_user->user_lastname.'" /></div>
377
+ <div style="clear: left; width: 100%;">
378
+ <div>'.__("A password will be e-mailed to this address:",'gotmls').'</div>
379
+ <input style="width: 100%;" id="user_email" type="text" name="user_email" value="'.$current_user->user_email.'" /></div>
380
+ <div>
381
+ <div>'.__("Your WordPress Site URL:",'gotmls').'</div>
382
+ <input style="width: 100%;" id="user_url" type="text" name="user_url" value="'.GOTMLS_siteurl.'" readonly /></div>
383
+ <div>
384
+ <div>'.__("Plugin Installation Key:",'gotmls').'</div>
385
+ <input style="width: 100%;" id="installation_key" type="text" name="installation_key" value="'.GOTMLS_installation_key.'" readonly /><input id="old_key" type="hidden" name="old_key" value="'.md5($GOTMLS_url_parts[2]).'" /></div>
386
+ <input style="width: 100%;" id="wp-submit" type="submit" name="wp-submit" value="Register Now!" /></form></div>'.$Update_Link, "stuffbox").'
387
+ <script type="text/javascript">
388
+ var alt_addr = "'.$Update_Definitions[1].'";
389
+ function check_for_updates(update_type) {
390
+ showhide(update_type, true);
391
+ stopCheckingDefinitions = checkupdateserver("'.$Update_Definitions[0].'", update_type, alt_addr);
392
+ }
393
+ function updates_complete(chk) {
394
+ if (auto_img = document.getElementById("autoUpdateDownload")) {
395
+ auto_img.style.display="block";
396
+ check_for_donation(chk);
397
+ }
398
+ }
399
+ function check_for_donation(chk) {
400
+ if (document.getElementById("autoUpdateDownload").src.replace(/^.+\?/,"")=="0")
401
+ if (chk.substr(0, 8) != "Changed " || chk.substr(8, 1) != "0")
402
+ chk += "\\n\\n'.__("Please make a donation for the use of this wonderful feature!",'gotmls').'";
403
+ alert(chk);
404
+ }
405
+ function sinupFormValidate(form) {
406
+ var error = "";
407
+ if(form["first_name"].value == "")
408
+ error += "'.__("First Name is a required field!",'gotmls').'\n";
409
+ if(form["last_name"].value == "")
410
+ error += "'.__("Last Name is a required field!",'gotmls').'\n";
411
+ if(form["user_email"].value == "")
412
+ error += "'.__("Email Address is a required field!",'gotmls').'\n";
413
+ else {
414
+ if (uem = document.getElementById("register_user_login"))
415
+ uem.value = form["user_email"].value;
416
+ if (uem = document.getElementById("register_redirect_to"))
417
+ uem.value = "/donate/?email="+form["user_email"].value.replace("@", "%40");
418
+ }
419
+ if(form["user_url"].value == "")
420
+ error += "'.__("Your WordPress Site URL is a required field!",'gotmls').'\n";
421
+ if(form["installation_key"].value == "")
422
+ error += "'.__("Plugin Installation Key is a required field!",'gotmls').'\n";
423
+ if(error != "") {
424
+ alert(error);
425
+ return false;
426
+ } else {
427
+ document.getElementById("Definition_Updates").innerHTML = \'<img src="'.GOTMLS_images_path.'wait.gif">'.__("Submitting Registration ...",'gotmls').'\';
428
+ showhide("Definition_Updates", true);
429
+ setTimeout(\'stopCheckingDefinitions = checkupdateserver("'.$Update_Definitions[0].'", "Definition_Updates", "'.$Update_Definitions[1].'")\', 3000);
430
+ showhide("registerKeyForm");
431
+ return true;
432
+ }
433
+ }
434
+ var divNAtext = false;
435
+ function loadGOTMLS() {
436
+ clearTimeout(divNAtext);
437
+ setDivNAtext();
438
+ '.$GLOBALS["GOTMLS"]["tmp"]["onLoad"].'
439
+ }
440
+ if ('.($defLatest+strlen($isRegistered)).')
441
+ check_for_updates("Definition_Updates");
442
+ /* else
443
+ showhide("registerKeyForm", true);*/
444
+ if (divNAtext)
445
+ loadGOTMLS();
446
+ else
447
+ divNAtext=true;
448
+ </script>
449
+ '.GOTMLS_box(__("Resources & Links",'gotmls'), '
450
+ <div id="pastDonations"></div>
451
+ <form name="ppdform" id="ppdform" action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank">
452
+ <input type="hidden" name="cmd" value="_s-xclick">
453
+ <input type="hidden" name="hosted_button_id" value="NKANR75NUL9WY">
454
+ <input type="hidden" name="on0" value="Contribution Level">
455
+ <center>
456
+ <input type="radio" name="os0" value="Basic">$15
457
+ <input type="radio" name="os0" value="Full" checked>$29
458
+ <input type="radio" name="os0" value="Double">$52
459
+ <input type="radio" name="os0" value="Elite">$100
460
+ <input type="radio" name="os0" value="Ninja">$200
461
+ </center>
462
+ <input type="hidden" name="currency_code" value="USD">
463
+ <img alt="" border="0" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1">
464
+ <input type="hidden" name="no_shipping" value="1">
465
+ <input type="hidden" name="no_note" value="1">
466
+ <input type="hidden" name="tax" value="0">
467
+ <input type="hidden" name="lc" value="US">
468
+ <input type="hidden" name="item_name" value="Donation to Eli\'s Anti-Malware Plugin">
469
+ <input type="hidden" name="item_number" value="GOTMLS-key-'.GOTMLS_installation_key.'">
470
+ <input type="hidden" name="custom" value="key-'.GOTMLS_installation_key.'">
471
+ <input type="hidden" name="notify_url" value="'.GOTMLS_plugin_home.GOTMLS_installation_key.'/ipn">
472
+ <input type="hidden" name="page_style" value="GOTMLS">
473
+ <input type="hidden" name="return" value="'.GOTMLS_plugin_home.'donate/?donation-source=paid">
474
+ <input type="hidden" name="cancel_return" value="'.GOTMLS_plugin_home.'donate/?donation-source=cancel">
475
+ <input type="image" id="pp_button" src="'.GOTMLS_images_path.'btn_donateCC_WIDE.gif" border="0" name="submitc" alt="'.__("Make a Donation with PayPal",'gotmls').'">
476
+ <div>
477
+ <ul class="GOTMLS-sidebar-links">
478
+ <li style="float: right;"><b>on <a target="_blank" href="https://profiles.wordpress.org/scheeeli#content-plugins">WordPress.org</a></b><ul class="GOTMLS-sidebar-links">
479
+ <li><a target="_blank" href="https://wordpress.org/plugins/gotmls/faq/">Plugin FAQs</a></li>
480
+ <li><a target="_blank" href="https://wordpress.org/support/plugin/gotmls">Forum Posts</a></li>
481
+ <li><a target="_blank" href="https://wordpress.org/support/view/plugin-reviews/gotmls">Plugin Reviews</a></li>
482
+ </ul></li>
483
+ <li><img src="//gravatar.com/avatar/5feb789dd3a292d563fea3b885f786d6?s=16" border="0" alt="Plugin site:"><b><a target="_blank" href="'.GOTMLS_plugin_home.'">GOTMLS.NET</a></b></li>
484
+ <li><img src="//gravatar.com/avatar/8151cac22b3fc543d099241fd573d176?s=16" border="0" alt="Developer site:"><b><a target="_blank" href="http://wordpress.ieonly.com/category/my-plugins/anti-malware/">Eli\'s Blog</a></b></li>
485
+ <li><img src="https://ssl.gstatic.com/ui/v1/icons/mail/favicon.ico" border="0" alt="mail:"><b><a target="_blank" href="mailto:eli@gotmls.net">Email Eli</a></b></li>
486
+ <li><iframe allowtransparency="true" frameborder="0" scrolling="no" src="https://platform.twitter.com/widgets/follow_button.html?screen_name=GOTMLS&amp;show_count=false" style="width:125px; height:20px;"></iframe></li>
487
+ </ul>
488
+ </div>
489
+ </form>
490
+ <a target="_blank" href="https://www.google.com/transparencyreport/safebrowsing/diagnostic/index.html#url='.urlencode(GOTMLS_siteurl).'">Google Safe Browsing Diagnostic</a>', "stuffbox").//GOTMLS_box(__("Last Scan Status",'gotmls'), GOTMLS_scan_log(), "stuffbox").
491
+ $optional_box.'
492
+ </div>';
493
+ if (isset($GLOBALS["GOTMLS"]["tmp"]["stuffbox"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["stuffbox"])) {
494
+ echo '
495
+ <script type="text/javascript">
496
+ function stuffbox_showhide(id) {
497
+ divx = document.getElementById(id);
498
+ if (divx) {
499
+ if (divx.style.display == "none" || arguments[1]) {';
500
+ $else = '
501
+ if (divx = document.getElementById("GOTMLS-right-sidebar"))
502
+ divx.style.width = "30px";
503
+ if (divx = document.getElementById("GOTMLS-main-section"))
504
+ divx.style.marginRight = "30px";';
505
+ foreach ($GLOBALS["GOTMLS"]["tmp"]["stuffbox"] as $md5 => $bTitle) {
506
+ echo "\nif (divx = document.getElementById('inside_$md5'))\n\tdivx.style.display = 'block';\nif (divx = document.getElementById('title_$md5'))\n\tdivx.innerHTML = '".GOTMLS_strip4java($bTitle, true)."';";
507
+ $else .= "\nif (divx = document.getElementById('inside_$md5'))\n\tdivx.style.display = 'none';\nif (divx = document.getElementById('title_$md5'))\n\tdivx.innerHTML = '".substr($bTitle, 0, 1)."';";
508
+ }
509
+ echo '
510
+ if (divx = document.getElementById("GOTMLS-right-sidebar"))
511
+ divx.style.width = "300px";
512
+ if (divx = document.getElementById("GOTMLS-main-section"))
513
+ divx.style.marginRight = "300px";
514
+ return true;
515
+ } else {'.$else.'
516
+ return false;
517
+ }
518
+ }
519
+ }
520
+ if (getWindowWidth(780) == 780)
521
+ setTimeout("stuffbox_showhide(\'inside_'.$md5.'\')", 200);
522
+ </script>';
523
+ }
524
+ echo '
525
+ <div id="GOTMLS-main-section" style="margin-right: 300px;">
526
+ <div class="metabox-holder GOTMLS" style="width: 100%;" id="GOTMLS-metabox-container">';
527
+ }
528
+
529
+ function GOTMLS_box($bTitle, $bContents, $bType = "postbox") {
530
+ $md5 = md5($bTitle);
531
+ if (isset($GLOBALS["GOTMLS"]["tmp"]["$bType"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["$bType"]))
532
+ $GLOBALS["GOTMLS"]["tmp"]["$bType"]["$md5"] = "$bTitle";
533
+ else
534
+ $GLOBALS["GOTMLS"]["tmp"]["$bType"] = array("$md5"=>"$bTitle");
535
+ return '
536
+ <div id="box_'.$md5.'" class="'.$bType.'"><h3 title="Click to toggle" onclick="if (typeof '.$bType.'_showhide == \'function\'){'.$bType.'_showhide(\'inside_'.$md5.'\');}else{showhide(\'inside_'.$md5.'\');}" style="cursor: pointer;" class="hndle"><span id="title_'.$md5.'">'.$bTitle.'</span></h3>
537
+ <div id="inside_'.$md5.'" class="inside">
538
+ '.$bContents.'
539
+ </div>
540
+ </div>';
541
+ }
542
+
543
+ function GOTMLS_get_scanlog() {
544
+ global $wpdb;
545
+ $LastScan = '';
546
+ if (isset($_GET["GOTMLS_cl"]) && GOTMLS_get_nonce()) {
547
+ $SQL = $wpdb->prepare("DELETE FROM `$wpdb->options` WHERE option_name LIKE %s AND substring_index(option_name, '/', -1) < %s", 'GOTMLS_scan_log/%', $_GET["GOTMLS_cl"]);
548
+ if ($cleared = $wpdb->query($SQL))
549
+ $LastScan .= sprintf(__("Cleared %s records from this log.",'gotmls'), $cleared);
550
+ // else $LastScan .= $wpdb->last_error."<li>$SQL</li>";
551
+ }
552
+ $SQL = "SELECT substring_index(option_name, '/', -1) AS `mt`, option_name, option_value FROM `$wpdb->options` WHERE option_name LIKE 'GOTMLS_scan_log/%' ORDER BY mt DESC";
553
+ if ($rs = $wpdb->get_results($SQL, ARRAY_A)) {
554
+ $units = array("seconds"=>60,"minutes"=>60,"hours"=>24,"days"=>365,"years"=>10);
555
+ $LastScan .= '<ul class="GOTMLS-scanlog GOTMLS-sidebar-links">';
556
+ foreach ($rs as $row) {
557
+ $LastScan .= "\n<li>";
558
+ $GOTMLS_scan_log = (isset($row["option_name"])?get_option($row["option_name"], array()):array());
559
+ if (isset($GOTMLS_scan_log["scan"]["type"]) && strlen($GOTMLS_scan_log["scan"]["type"]))
560
+ $LastScan .= htmlentities($GOTMLS_scan_log["scan"]["type"]);
561
+ else
562
+ $LastScan .= "Unknown scan type";
563
+ if (isset($GOTMLS_scan_log["scan"]["dir"]) && is_dir($GOTMLS_scan_log["scan"]["dir"]))
564
+ $LastScan .= " of ".basename($GOTMLS_scan_log["scan"]["dir"]);
565
+ if (isset($GOTMLS_scan_log["scan"]["start"]) && is_numeric($GOTMLS_scan_log["scan"]["start"])) {
566
+ $time = (time() - $GOTMLS_scan_log["scan"]["start"]);
567
+ $ukeys = array_keys($units);
568
+ for ($unit = $ukeys[0], $key=0; (isset($units[$ukeys[$key]]) && $key < (count($ukeys) - 1) && $time >= $units[$ukeys[$key]]); $unit = $ukeys[++$key])
569
+ $time = floor($time/$units[$ukeys[$key]]);
570
+ if (1 == $time)
571
+ $unit = substr($unit, 0, -1);
572
+ $LastScan .= " started $time $unit ago";
573
+ if (isset($GOTMLS_scan_log["scan"]["finish"]) && is_numeric($GOTMLS_scan_log["scan"]["finish"]) && ($GOTMLS_scan_log["scan"]["finish"] >= $GOTMLS_scan_log["scan"]["start"])) {
574
+ $time = ($GOTMLS_scan_log["scan"]["finish"] - $GOTMLS_scan_log["scan"]["start"]);
575
+ for ($unit = $ukeys[0], $key=0; (isset($units[$ukeys[$key]]) && $key < (count($ukeys) - 1) && $time >= $units[$ukeys[$key]]); $unit = $ukeys[++$key])
576
+ $time = floor($time/$units[$ukeys[$key]]);
577
+ if (1 == $time)
578
+ $unit = substr($unit, 0, -1);
579
+ if ($time)
580
+ $LastScan .= " and ran for $time $unit";
581
+ else
582
+ $LastScan = str_replace("started", "ran", $LastScan);
583
+ } else
584
+ $LastScan .= " and has not finish";
585
+ } else
586
+ $LastScan .= " failed to started";
587
+ $LastScan .= '<a href="'.GOTMLS_script_URI.'&GOTMLS_cl='.$row["mt"].'&'.GOTMLS_set_nonce(__FUNCTION__."600").'">[clear log below this entry]</a></li>';
588
+ }
589
+ $LastScan .= '</ul>';
590
+ } else
591
+ $LastScan .= '<h3>'.__("No Scans have been logged",'gotmls').'</h3>';
592
+ return "$LastScan\n";
593
+ }
594
+
595
+ function GOTMLS_get_whitelists() {
596
+ $Q_Page = '';
597
+ if (isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"])) {
598
+ $Q_Page .= '<ul name="found_Quarantine" id="found_Quarantine" class="GOTMLS_plugin known" style="background-color: #ccc; padding: 0;"><h3>'.__("Globally White-listed files",'gotmls').'<span class="GOTMLS_date">'.__("# of patterns",'gotmls').'</span><span class="GOTMLS_date">'.__("Date Updated",'gotmls').'</span></h3>';
599
+ foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"] as $file => $non_threats) {
600
+ if (isset($non_threats[0])) {
601
+ $updated = GOTMLS_sexagesimal($non_threats[0]);
602
+ unset($non_threats[0]);
603
+ } else
604
+ $updated = "Unknown";
605
+ $Q_Page .= '<li style="margin: 4px 12px;"><span class="GOTMLS_date">'.count($non_threats).'</span><span class="GOTMLS_date">'.$updated."</span>$file</li>\n";
606
+ }
607
+ if (isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"])) {
608
+ $Q_Page .= '<h3>'.__("WordPress Core files",'gotmls').'<span class="GOTMLS_date">'.__("# of files",'gotmls').'</span></h3>';
609
+ foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"] as $ver => $files) {
610
+ $Q_Page .= '<li style="margin: 4px 12px;"><span class="GOTMLS_date">'.count($files)."</span>Version $ver</li>\n";
611
+ }
612
+ }
613
+ $Q_Page .= "</ul>";
614
+ }
615
+ return "$Q_Page\n";
616
+ }
617
+
618
+ function GOTMLS_get_quarantine($only = false) {
619
+ global $wpdb, $post;
620
+ if (is_numeric($only))
621
+ return get_post($only, ARRAY_A);
622
+ elseif ($only)
623
+ return $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->posts WHERE `post_type` = 'GOTMLS_quarantine' AND `post_status` = 'private'");
624
+ else
625
+ $args = array('posts_per_page' => (isset($_GET['posts_per_page'])&&is_numeric($_GET['posts_per_page'])&&$_GET['posts_per_page']>0?$_GET['posts_per_page']:200), 'orderby' => 'date', 'post_type' => 'GOTMLS_quarantine', "post_status" => "private");
626
+ if (isset($_POST["paged"]))
627
+ $args["paged"] = $_POST["paged"];
628
+ $my_query = new WP_Query($args);
629
+ $Q_Paged = '<form method="POST" name="GOTMLS_Form_page"><input type="hidden" id="GOTMLS_paged" name="paged" value="1"><div style="float: left;">Page:</div>';
630
+ $Q_Page = '
631
+ <form method="POST" action="'.admin_url('admin-ajax.php?'.GOTMLS_set_nonce(__FUNCTION__."700")).(isset($_SERVER["QUERY_STRING"])&&strlen($_SERVER["QUERY_STRING"])?"&".$_SERVER["QUERY_STRING"]:"").'" target="GOTMLS_iFrame" name="GOTMLS_Form_clean"><input type="hidden" id="GOTMLS_fixing" name="GOTMLS_fixing" value="1"><input type="hidden" name="action" value="GOTMLS_fix">';
632
+ if ($my_query->have_posts()) {
633
+ $Q_Page .= '<p id="quarantine_buttons" style="display: none;"><input id="repair_button" type="submit" value="'.__("Restore selected files",'gotmls').'" class="button-primary" onclick="if (confirm(\''.__("Are you sure you want to overwrite the previously cleaned files with the selected files in the Quarantine?",'gotmls').'\')) { setvalAllFiles(1); loadIframe(\'File Restoration Results\'); } else return false;" /><input id="delete_button" type="submit" class="button-primary" value="'.__("Delete selected files",'gotmls').'" onclick="if (confirm(\''.__("Are you sure you want to permanently delete the selected files in the Quarantine?",'gotmls').'\')) { setvalAllFiles(2); loadIframe(\'File Deletion Results\'); } else return false;" /></p><p><b>'.__("The following items have been found to contain malicious code, they have been cleaned, and the original infected file contents have been saved here in the Quarantine. The code is safe here and you do not need to do anything further with these files.",'gotmls').'</b></p>
634
+ <ul name="found_Quarantine" id="found_Quarantine" class="GOTMLS_plugin known" style="background-color: #ccc; padding: 0;"><h3 style="margin: 8px 12px;">'.($my_query->post_count>1?'<input type="checkbox" onchange="checkAllFiles(this.checked); document.getElementById(\'quarantine_buttons\').style.display = \'block\';"> '.sprintf(__("Check all %d",'gotmls'),$my_query->post_count):"").__(" Items in Quarantine",'gotmls').'<span class="GOTMLS_date">'.__("Quarantined",'gotmls').'</span><span class="GOTMLS_date">'.__("Date Infected",'gotmls').'</span></h3>';
635
+ $root_path = implode(GOTMLS_slash(), array_slice(GOTMLS_explode_dir(__FILE__), 0, (2 + intval($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"])) * -1));
636
+ while ($my_query->have_posts()) {
637
+ $my_query->the_post();
638
+ $Q_Page .= '
639
+ <li id="GOTMLS_quarantine_'.$post->ID.'" class="GOTMLS_quarantine_item"><span class="GOTMLS_date">'.$post->post_date_gmt.'</span><span class="GOTMLS_date">'.$post->post_modified_gmt.'</span><input type="checkbox" name="GOTMLS_fix[]" value="'.$post->ID.'" id="check_'.$post->ID.'" onchange="document.getElementById(\'quarantine_buttons\').style.display = \'block\';" /><img src="'.GOTMLS_images_path.'blocked.gif" height=16 width=16 alt="Q">'.GOTMLS_error_link(__("View Quarantined File",'gotmls'), $post->ID).str_replace($root_path, "...", $post->post_title)."</a></li>\n";
640
+ }
641
+ $Q_Page .= "\n</ul>";
642
+ for ($p = 1; $p <= $my_query->max_num_pages; $p++) {
643
+ $Q_Paged .= '<input class="GOTMLS_page" type="submit" value="'.$p.'"'.((isset($_POST["paged"]) && $_POST["paged"] == $p) || (!isset($_POST["paged"]) && 1 == $p)?" DISABLED":"").' onclick="document.getElementById(\'GOTMLS_paged\').value = \''.$p.'\';">';
644
+ }
645
+ } else
646
+ $Q_Page .= '<h3>'.__("No Items in Quarantine",'gotmls').'</h3>';
647
+ wp_reset_query();
648
+ $return = "$Q_Paged\n</form><br style=\"clear: left;\" />\n$Q_Page\n</form>\n$Q_Paged\n</form><br style=\"clear: left;\" />\n";
649
+ if (($trashed = $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->posts WHERE `post_type` = 'GOTMLS_quarantine' AND `post_status` != 'private'")) > 1)
650
+ $return = '<a href="'.admin_url('admin-ajax.php?action=GOTMLS_empty_trash&'.GOTMLS_set_nonce(__FUNCTION__."720")).'" id="empty_trash_link" style="float: right;" target="GOTMLS_statusFrame">['.sprintf(__("Clear %s Deleted Files from the Trash",'gotmls'), $trashed)."]</a>$return";
651
+ return $return;
652
+ }
653
+
654
+ function GOTMLS_View_Quarantine() {
655
+ GOTMLS_update_definitions();
656
+ $echo = GOTMLS_box($Q_Page = __("White-lists",'gotmls'), GOTMLS_get_whitelists());
657
+ if (!isset($_GET['Whitelists']))
658
+ $echo .= "\n<script>\nshowhide('inside_".md5($Q_Page)."');\n</script>\n";
659
+ $echo .= GOTMLS_box($Q_Page = __("Quarantine",'gotmls'), GOTMLS_get_quarantine());
660
+ GOTMLS_display_header();
661
+ echo $echo."\n</div></div></div>";
662
+ }
663
+
664
+ function GOTMLS_Firewall_Options() {
665
+ global $current_user, $wpdb, $table_prefix;
666
+ GOTMLS_update_definitions();
667
+ GOTMLS_display_header();
668
+ $GOTMLS_nonce_found = GOTMLS_get_nonce();
669
+ $gt = ">";
670
+ $lt = "<";
671
+ $save_action = "";
672
+ $patch_attr = array(
673
+ array(
674
+ "icon" => "blocked",
675
+ "language" => __("Your WordPress Login page is susceptible to a brute-force attack (just like any other login page). These types of attacks are becoming more prevalent these days and can sometimes cause your server to become slow or unresponsive, even if the attacks do not succeed in gaining access to your site. Applying this patch will block access to the WordPress Login page whenever this type of attack is detected."),
676
+ "status" => 'Not Installed',
677
+ "action" => 'Install Patch'
678
+ ),
679
+ array(
680
+ "language" => __("Your WordPress site has the current version of my brute-force Login protection installed."),
681
+ "action" => 'Uninstall Patch',
682
+ "status" => 'Enabled',
683
+ "icon" => "checked"
684
+ ),
685
+ array(
686
+ "language" => __("Your WordPress Login page has the old version of my brute-force protection installed. Upgrade this patch to improve the protection on the WordPress Login page and preserve the integrity of your WordPress core files."),
687
+ "action" => 'Upgrade Patch',
688
+ "status" => 'Out of Date',
689
+ "icon" => "threat"
690
+ )
691
+ );
692
+ $find = '|<Files[^>]+xmlrpc.php>(.+?)</Files>\s*(# END GOTMLS Patch to Block XMLRPC Access\s*)*|is';
693
+ $deny = "\n<IfModule !mod_authz_core.c>\norder deny,allow\ndeny from all";
694
+ $allow = "";
695
+ if (isset($_SERVER["REMOTE_ADDR"])) {
696
+ $deny .= "\nallow from ".$_SERVER["REMOTE_ADDR"];
697
+ $allow .= " ".$_SERVER["REMOTE_ADDR"];
698
+ }
699
+ if (isset($_SERVER["SERVER_ADDR"])) {
700
+ $deny .= "\nallow from ".$_SERVER["SERVER_ADDR"];
701
+ $allow .= " ".$_SERVER["SERVER_ADDR"];
702
+ }
703
+ $deny .= "\n</IfModule>\n<IfModule mod_authz_core.c>\nRequire";
704
+ if (strlen(trim($allow)) > 0)
705
+ $deny .= " ip$allow";
706
+ else
707
+ $deny .= " all denied";
708
+ $deny .= "\n</IfModule>";
709
+ if (count($GLOBALS["GOTMLS"]["tmp"]["apache"]) > 1)
710
+ $errdiv = "<!-- ".$GLOBALS["GOTMLS"]["tmp"]["apache"][0]." -->";
711
+ else
712
+ $errdiv = "<div class='error'>Unable to read Apache Version, this patch may not work!</div>";
713
+ $patch_action = $lt.'form method="POST" name="GOTMLS_Form_XMLRPC_patch"'.$gt.$lt.'input type="hidden" name="'.str_replace('=', '" value="', GOTMLS_set_nonce(__FUNCTION__."1159")).'"'.$gt.$lt.'script'.$gt."\nfunction setFirewall(opt, val) {\n\tif (autoUpdateDownloadGIF = document.getElementById('fw_opt'))\n\t\tautoUpdateDownloadGIF.value = opt;\n\tif (autoUpdateDownloadGIF = document.getElementById('fw_val'))\n\t\tautoUpdateDownloadGIF.value = val;\n}\nfunction testComplete() {\nif (autoUpdateDownloadGIF = document.getElementById('autoUpdateDownload'))\n\tdonationAmount = autoUpdateDownloadGIF.src.replace(/^.+\?/,'');\nif ((autoUpdateDownloadGIF.src == donationAmount) || donationAmount=='0') {\n\tif (patch_searching_div = document.getElementById('GOTMLS_XMLRPC_patch_searching')) {\n\t\tif (autoUpdateDownloadGIF.src == donationAmount)\n\t\t\tpatch_searching_div.innerHTML = '<span style=\"color: #F00;\">".__("You must register and donate to use this feature!",'gotmls')."</span>';\n\t\telse\n\t\t\tpatch_searching_div.innerHTML = '<span style=\"color: #F00;\">".__("This feature is available to those who have donated!",'gotmls')."</span>';\n\t}\n} else {\n\tshowhide('GOTMLS_XMLRPC_patch_searching');\n\tshowhide('GOTMLS_XMLRPC_patch_button', true);\n}\n}\nwindow.onload=testComplete;\n$lt/script$gt$lt".'div style="padding: 0 30px;"'.$gt.$lt.'input type="hidden" name="GOTMLS_XMLRPC_patching" value="';
714
+ $patch_found = false;
715
+ $head = str_replace(array('|<Files[^>]+', '(.+?)', '\\s*(', '\\s*)*|is'), array("<Files ", "$deny\n", "\n", "\n"), $find);
716
+ $htaccess = "";
717
+ if (is_file(ABSPATH.'.htaccess'))
718
+ if (($htaccess = @file_get_contents(ABSPATH.'.htaccess')) && strlen($htaccess))
719
+ $patch_found = preg_match($find, $htaccess);
720
+ if ($patch_found) {
721
+ $errdiv = "";
722
+ if ($GOTMLS_nonce_found && isset($_POST["GOTMLS_XMLRPC_patching"]) && ($_POST["GOTMLS_XMLRPC_patching"] < 0) && GOTMLS_file_put_contents(ABSPATH.'.htaccess', preg_replace($find, "", $htaccess)))
723
+ $patch_action .= '1"'.$gt.$lt.'input style="float: right;" type="submit" value="Block XMLRPC Access" /'.$gt.$lt.'p'.$gt.$lt.'img src="'.GOTMLS_images_path.'question.gif"'.$gt.$lt.'b'.$gt.'Block XMLRPC Access (Now Allowing Access';
724
+ elseif ($GOTMLS_nonce_found && isset($_POST["GOTMLS_XMLRPC_patching"]) && ($_POST["GOTMLS_XMLRPC_patching"] < 0))
725
+ $patch_action .= '-1"'.$gt.$lt.'input style="float: right;" type="submit" value="Unblock XMLRPC Access" /'.$gt.$lt.'p'.$gt.$lt.'img src="'.GOTMLS_images_path.'threat.gif"'.$gt.$lt.'b'.$gt.'Block XMLRPC Access (Still Blocking: '.sprintf(__("Failed to remove XMLRPC Protection [.htaccess %s]",'gotmls'),(is_readable(ABSPATH.'.htaccess')?'read-'.(is_writable(ABSPATH.'.htaccess')?'write?':'only!'):"unreadable!").": ".strlen($htaccess).GOTMLS_fileperms(ABSPATH.'.htaccess'));
726
+ else
727
+ $patch_action .= '-1"'.$gt.$lt.'input style="float: right;" type="submit" value="Unblock XMLRPC Access" /'.$gt.$lt.'p'.$gt.$lt.'img src="'.GOTMLS_images_path.'checked.gif"'.$gt.$lt.'b'.$gt.'Block XMLRPC Access (Currently Blocked';
728
+ } else {
729
+ if ($GOTMLS_nonce_found && isset($_POST["GOTMLS_XMLRPC_patching"]) && ($_POST["GOTMLS_XMLRPC_patching"] > 0) && GOTMLS_file_put_contents(ABSPATH.'.htaccess', "$head$htaccess")) {
730
+ $patch_action .= '-1"'.$gt.$lt.'input style="float: right;" type="submit" value="Unblock XMLRPC Access" /'.$gt.$lt.'p'.$gt.$lt.'img src="'.GOTMLS_images_path.'checked.gif"'.$gt.$lt.'b'.$gt.'Block XMLRPC Access (Now Blocked';
731
+ $errdiv = "";
732
+ } elseif ($GOTMLS_nonce_found && isset($_POST["GOTMLS_XMLRPC_patching"]) && ($_POST["GOTMLS_XMLRPC_patching"] > 0))
733
+ $patch_action .= '1"'.$gt.$lt.'input style="float: right;" type="submit" value="Block XMLRPC Access" /'.$gt.$lt.'p'.$gt.$lt.'img src="'.GOTMLS_images_path.'threat.gif"'.$gt.$lt.'b'.$gt.'Block XMLRPC Access (Still Allowing Access: '.sprintf(__("Failed to install XMLRPC Protection [.htaccess %s]",'gotmls'),(is_readable(ABSPATH.'.htaccess')?'read-'.(is_writable(ABSPATH.'.htaccess')?'write?':'only!'):"unreadable!").": ".strlen($htaccess).GOTMLS_fileperms(ABSPATH.'.htaccess'));
734
+ else
735
+ $patch_action .= '1"'.$gt.$lt.'input style="float: right;" type="submit" value="Block XMLRPC Access" /'.$gt.$lt.'p'.$gt.$lt.'img src="'.GOTMLS_images_path.'question.gif"'.$gt.$lt.'b'.$gt.'Block XMLRPC Access (Currently Allowing Access';
736
+ }
737
+ $patch_action .= ")$errdiv$lt/b$gt$lt/p$gt".__("Most WordPress sites do not use the XMLRPC features and hack attempts on the xmlrpc.php file are more common then ever before. Even if there are no vulnerabilities for hackers to exploit, these attempts can cause slowness or downtime similar to a DDoS attack. This patch automatically blocks all external access to the xmlrpc.php file.",'gotmls').$lt.'/div'.$gt.$lt.'/form'.$gt.$lt.'hr /'.$gt;
738
+ $patch_status = 0;
739
+ $patch_found = -1;
740
+ $find = "#if\s*\(([^\&]+\&\&)?\s*file_exists\((.+?)(safe-load|wp-login)\.php'\)\)\s*require(_once)?\((.+?)(safe-load|wp-login)\.php'\);#";
741
+ $head = str_replace(array('#', '\\(', '\\)', '(_once)?', ')\\.', '\\s*', '(.+?)(', '|', '([^\\&]+\\&\\&)?'), array(' ', '(', ')', '_once', '.', ' ', '\''.dirname(__FILE__).'/', '/', '!in_array($_SERVER["REMOTE_ADDR"], array("'.$_SERVER["REMOTE_ADDR"].'")) &&'), $find);
742
+ if (is_file(ABSPATH.'../wp-config.php') && !is_file(ABSPATH.'wp-config.php'))
743
+ $wp_config = '../wp-config.php';
744
+ else
745
+ $wp_config = 'wp-config.php';
746
+ if (is_file(ABSPATH.$wp_config)) {
747
+ if (($config = @file_get_contents(ABSPATH.$wp_config)) && strlen($config)) {
748
+ if ($patch_found = preg_match($find, $config)) {
749
+ if (strpos($config, substr($head, strpos($head, "file_exists")))) {
750
+ if ($GOTMLS_nonce_found && isset($_POST["GOTMLS_patching"]) && GOTMLS_file_put_contents(ABSPATH.$wp_config, preg_replace('#'.$lt.'\?[ph\s]+(//.*\s*)*\?'.$gt.'#i', "", preg_replace($find, "", $config))))
751
+ $patch_action .= $lt.'div class="error"'.$gt.__("Removed Brute-Force Protection",'gotmls').$lt.'/div'.$gt;
752
+ else
753
+ $patch_status = 1;
754
+ } else {
755
+ if ($GOTMLS_nonce_found && isset($_POST["GOTMLS_patching"]) && GOTMLS_file_put_contents(ABSPATH.$wp_config, preg_replace($find, "$head", $config))) {
756
+ $patch_action .= $lt.'div class="updated"'.$gt.__("Upgraded Brute-Force Protection",'gotmls').$lt.'/div'.$gt;
757
+ $patch_status = 1;
758
+ } else
759
+ $patch_status = 2;
760
+ }
761
+ } elseif ($GOTMLS_nonce_found && isset($_POST["GOTMLS_patching"]) && strlen($config) && ($patch_found == 0) && GOTMLS_file_put_contents(ABSPATH.$wp_config, "$lt?php$head// Load Brute-Force Protection by GOTMLS.NET before the WordPress bootstrap. ?$gt$config")) {
762
+ $patch_action .= $lt.'div class="updated"'.$gt.__("Installed Brute-Force Protection",'gotmls').$lt.'/div'.$gt;
763
+ $patch_status = 1;
764
+ } elseif ($GOTMLS_nonce_found && isset($_POST["GOTMLS_patching"]))
765
+ $patch_action .= $lt.'div class="updated"'.$gt.sprintf(__("Failed to install Brute-Force Protection (wp-config.php %s)",'gotmls'),(is_readable(ABSPATH.$wp_config)?'read-'.(is_writable(ABSPATH.$wp_config)?'write':'only'):"unreadable").": ".strlen($config).GOTMLS_fileperms(ABSPATH.$wp_config)).$lt.'/div'.$gt;
766
+ } else
767
+ $patch_action .= $lt.'div class="error"'.$gt.__("wp-config.php Not Readable!",'gotmls').$lt.'/div'.$gt;
768
+ } else
769
+ $patch_action .= $lt.'div class="error"'.$gt.__("wp-config.php Not Found!",'gotmls').$lt.'/div'.$gt;
770
+ if ($GOTMLS_nonce_found && file_exists(ABSPATH.'wp-login.php') && ($login = @file_get_contents(ABSPATH.'wp-login.php')) && strlen($login) && (preg_match($find, $login))) {
771
+ if (isset($_POST["GOTMLS_patching"]) && ($source = GOTMLS_get_URL("http://core.svn.wordpress.org/tags/".$wp_version.'/wp-login.php')) && (strlen($source) > 500) && GOTMLS_file_put_contents(ABSPATH.'wp-login.php', $source))
772
+ $patch_action .= $lt.'div class="updated"'.$gt.__("Removed Old Brute-Force Login Patch",'gotmls').$lt.'/div'.$gt;
773
+ else
774
+ $patch_status = 2;
775
+ }
776
+ if ($GOTMLS_nonce_found && isset($_POST["GOTMLS_firewall_option"]) && strlen($_POST["GOTMLS_firewall_option"]) && isset($_POST["GOTMLS_firewall_value"]) && strlen($_POST["GOTMLS_firewall_value"])) {
777
+ $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["firewall"][$_POST["GOTMLS_firewall_option"]] = $_POST["GOTMLS_firewall_value"];
778
+ if (update_option("GOTMLS_settings_array", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]))
779
+ $save_action = "\n{$lt}div onclick=\"this.style.display='none';\" style='position: relative; top: -40px; margin: 0 300px 0 130px;' class='updated'$gt\nSettings Saved!$lt/div$gt\n";
780
+ else
781
+ $save_action = "\n{$lt}div onclick=\"this.style.display='none';\" style='position: relative; top: -40px; margin: 0 300px 0 130px;' class='updated'$gt\nSave Failed!$lt/div$gt\n";
782
+ }
783
+ $sec_opts = $lt.'form method="POST" name="GOTMLS_Form_firewall"'.$gt.$lt.'input type="hidden" id="fw_opt" name="GOTMLS_firewall_option" value="traversal"'.$gt.$lt.'input type="hidden" name="GOTMLS_firewall_value" id="fw_val" value="0"'.$gt.$lt.'input type="hidden" name="'.str_replace('=', '" value="', GOTMLS_set_nonce(__FUNCTION__."805")).'"'.$gt;
784
+ if (isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["firewall"]) && array($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["firewall"]))
785
+ foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["firewall"] as $TP => $VA)
786
+ if (is_array($VA) && count($VA) > 3 && strlen($VA[1]) && strlen($VA[2]))
787
+ $sec_opts .= $lt.'div style="padding: 0 30px;"'.$gt.$lt.'input type="submit" style="float: right;" value="'.(isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["firewall"]["$TP"]) && $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["firewall"]["$TP"]?"Enable Protection\" onclick=\"setFirewall('$TP', 0);\"$gt$lt".'p'.$gt.$lt.'img src="'.GOTMLS_images_path.'threat.gif"'.$gt.$lt."b$gt$VA[1] (Currently Disabled)":"Disable Protection\" onclick=\"setFirewall('$TP', 1);\"$gt$lt".'p'.$gt.$lt.'img src="'.GOTMLS_images_path.'checked.gif"'.$gt.$lt."b$gt$VA[1] (Automatically Enabled)")."$lt/b$gt$lt/p$gt$VA[2]$lt/div$gt$lt".'hr /'.$gt;
788
+ $sec_opts .= "$lt/form$gt\n$patch_action\n$lt".'form method="POST" name="GOTMLS_Form_patch"'.$gt.$lt.'div style="padding: 0 30px;"'.$gt.$lt.'input type="hidden" name="'.str_replace('=', '" value="', GOTMLS_set_nonce(__FUNCTION__."807")).'"'.$gt.$lt.'input type="submit" value="'.$patch_attr[$patch_status]["action"].'" style="float: right;'.($patch_status?'"'.$gt:' display: none;" id="GOTMLS_patch_button"'.$gt.$lt.'div id="GOTMLS_patch_searching" style="float: right;"'.$gt.__("Checking for session compatibility ...",'gotmls').' '.$lt.'img src="'.GOTMLS_images_path.'wait.gif" height=16 width=16 alt="Wait..." /'.$gt.$lt.'/div'.$gt).$lt.'input type="hidden" name="GOTMLS_patching" value="1"'.$gt.$lt.'p'.$gt.$lt.'img src="'.GOTMLS_images_path.$patch_attr[$patch_status]["icon"].'.gif"'.$gt.$lt.'b'.$gt.'Brute-force Protection '.$patch_attr[$patch_status]["status"].$lt.'/b'.$gt.$lt.'/p'.$gt.$patch_attr[$patch_status]["language"].__(" For more information on Brute-Force attack prevention and the WordPress wp-login-php file ",'gotmls').' '.$lt.'a target="_blank" href="http://gotmls.net/tag/wp-login-php/"'.$gt.__("read my blog",'gotmls')."$lt/a$gt.$lt/div$gt$lt/form$gt\n$lt"."script type='text/javascript'$gt\nfunction search_patch_onload() {\n\tstopCheckingSession = checkupdateserver('".GOTMLS_images_path."gotmls.js?SESSION=0', 'GOTMLS_patch_searching');\n}\nif (window.addEventListener)\n\twindow.addEventListener('load', search_patch_onload)\nelse\n\tdocument.attachEvent('onload', search_patch_onload);\n$lt/script$gt";
789
+ $admin_notice = "";
790
+ if ($current_user->user_login == "admin") {
791
+ $admin_notice .= $lt.'hr /'.$gt;
792
+ if ($GOTMLS_nonce_found && isset($_POST["GOTMLS_admin_username"]) && ($current_user->user_login != trim($_POST["GOTMLS_admin_username"])) && strlen(trim($_POST["GOTMLS_admin_username"])) && preg_match('/^\s*[a-z_0-9\@\.\-]{3,}\s*$/i', $_POST["GOTMLS_admin_username"])) {
793
+ if ($wpdb->update($wpdb->users, array("user_login" => trim($_POST["GOTMLS_admin_username"])), array("user_login" => $current_user->user_login))) {
794
+ $wpdb->query("UPDATE `{$table_prefix}sitemeta` SET `meta_value` = REPLACE(`meta_value`, 's:5:\"admin\";', 's:".strlen(trim($_POST["GOTMLS_admin_username"])).":\"".trim($_POST["GOTMLS_admin_username"])."\";') WHERE `meta_key` = 'site_admins' AND `meta_value` like '%s:5:\"admin\";%'");
795
+ $admin_notice .= $lt.'div class="updated"'.$gt.sprintf(__("You username has been change to %s. Don't forget to use your new username when you login again.",'gotmls'), $_POST["GOTMLS_admin_username"]).$lt.'/div'.$gt;
796
+ } else
797
+ $admin_notice .= $lt.'div class="error"'.$gt.sprintf(__("SQL Error changing username: %s. Please try again later.",'gotmls'), $wpdb->last_error).$lt.'/div'.$gt;
798
+ } else {
799
+ if (isset($_POST["GOTMLS_admin_username"]))
800
+ $admin_notice .= $lt.'div class="updated"'.$gt.sprintf(__("Your new username must be at least 3 characters and can only contain &quot;%s&quot;. Please try again.",'gotmls'), "a-z0-9_.-@").$lt.'/div'.$gt;
801
+ $admin_notice .= $lt.'form method="POST" name="GOTMLS_Form_admin"'.$gt.$lt.'div style="float: right;"'.$gt.$lt.'div style="float: left;"'.$gt.__("Change your username:",'gotmls').$lt.'/div'.$gt.$lt.'input type="hidden" name="'.str_replace('=', '" value="', GOTMLS_set_nonce(__FUNCTION__."1235")).'"'.$gt.$lt.'input style="float: left;" type="text" id="GOTMLS_admin_username" name="GOTMLS_admin_username" size="6" value="'.$current_user->user_login.'"'.$gt.$lt.'input style="float: left;" type="submit" value="Change"'.$gt.$lt.'/div'.$gt.$lt.'div style="padding: 0 30px;"'.$gt.$lt.'p'.$gt.$lt.'img src="'.GOTMLS_images_path.'threat.gif"'.$gt.$lt.'b'.$gt.'Admin Notice'.$lt.'/b'.$gt.$lt.'/p'.$gt.__("Your username is \"admin\", this is the most commonly guessed username by hackers and brute-force scripts. It is highly recommended that you change your username immediately.",'gotmls').$lt.'/div'.$gt.$lt.'/form'.$gt;
802
+ }
803
+ }
804
+ if ($GOTMLS_nonce_found && isset($_POST["GOTMLS_wpfirewall_action"])) {
805
+ if ($_POST["GOTMLS_wpfirewall_action"] == "exclude_terms")
806
+ update_option("WP_firewall_exclude_terms", "");
807
+ elseif ($_POST["GOTMLS_wpfirewall_action"] == "whitelisted_ip" && isset($_SERVER["REMOTE_ADDR"])) {
808
+ $ips = maybe_unserialize(get_option("WP_firewall_whitelisted_ip", "not Array!"));
809
+ if (is_array($ips))
810
+ $ips = array_merge($ips, array($_SERVER["REMOTE_ADDR"]));
811
+ else
812
+ $ips = array($_SERVER["REMOTE_ADDR"]);
813
+ update_option("WP_firewall_whitelisted_ip", serialize($ips));
814
+ }
815
+ }
816
+ if (get_option("WP_firewall_exclude_terms", "Not Found!") == "allow") {
817
+ $end = "$lt/div$gt$lt/form$gt\n{$lt}hr /$gt";
818
+ $img = 'threat.gif"';
819
+ $button = $lt.'input type="submit" onclick="document.getElementById(\'GOTMLS_wpfirewall_action\').value=\'exclude_terms\';" value="'.__("Disable this Rule",'gotmls').'"'.$gt;
820
+ $wpfirewall_action = $lt.'form method="POST" name="GOTMLS_Form_wpfirewall2"'.$gt.$lt.'div style="float: right;"'.$gt.$lt.'input type="hidden" name="GOTMLS_wpfirewall_action" id="GOTMLS_wpfirewall_action" value=""'.$gt.$lt.'input type="hidden" name="'.str_replace('=', '" value="', GOTMLS_set_nonce(__FUNCTION__."1223")).'"'.$gt.$button.$lt.'/div'.$gt.$lt.'div style="padding: 0 30px;"'.$gt.$lt.'p'.$gt.$lt.'img src="'.GOTMLS_images_path.$img.$gt.$lt.'b'.$gt."WP Firewall 2 (Conflicting Firewall Rule)$lt/b$gt$lt/p$gt".__("The Conflicting Firewall Rule (WP_firewall_exclude_terms) activated by the WP Firewall 2 plugin has been shown to interfere with the Definition Updates and WP Core File Scans in my Anti-Malware plugin. I recommend that you disable this rule in the WP Firewall 2 plugin.",'gotmls').$end;
821
+ if (isset($_SERVER["REMOTE_ADDR"])) {
822
+ if (is_array($ips = maybe_unserialize(get_option("WP_firewall_whitelisted_ip", "not Array!"))) && in_array($_SERVER["REMOTE_ADDR"], $ips))
823
+ $wpfirewall_action = str_replace(array($img, $end), array('question.gif"', __(" However, your current IP has been Whitelisted so you could probably keep this rule enabled if you really want to.",'gotmls').$end), $wpfirewall_action);
824
+ else
825
+ $wpfirewall_action = str_replace(array($button, $end), array($button.$lt."br /$gt$lt".'input type="submit" onclick="document.getElementById(\'GOTMLS_wpfirewall_action\').value=\'whitelisted_ip\';" value="'.__("Whitelist your IP",'gotmls').'"'.$gt, __(" However, if you would like to keep this rule enabled you should at least Whitelist your IP.",'gotmls').$end), $wpfirewall_action);
826
+ }
827
+ $sec_opts = $wpfirewall_action.$sec_opts;
828
+ }
829
+ echo GOTMLS_box(__("Firewall Options",'gotmls'), $save_action.$sec_opts.$admin_notice)."\n</div></div></div>";
830
+ }
831
+
832
+ function GOTMLS_update_definitions() {
833
+ global $wp_version, $current_user, $wpdb;
834
+ wp_get_current_user();
835
+ $GOTMLS_definitions_versions = array();
836
+ $user_info = array();
837
+ $saved = false;
838
+ $moreJS = "";
839
+ $finJS = "\n}";
840
+ $form = 'registerKeyForm';
841
+ $innerHTML = "<li style=\\\"color: #f00\\\">Your Installation Key could not be confirmed!</li>";
842
+ $autoUpJS = '<span style="color: #C00;">This new feature is currently only available to registered users who have donated above the default level.</span><br />';
843
+ foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"] as $threat_level=>$definition_names)
844
+ foreach ($definition_names as $definition_name=>$definition_version)
845
+ if (is_array($definition_version) && isset($definition_version[0]) && strlen($definition_version[0]) == 5)
846
+ if (!isset($GOTMLS_definitions_versions[$threat_level]) || $definition_version[0] > $GOTMLS_definitions_versions[$threat_level])
847
+ $GOTMLS_definitions_versions[$threat_level] = $definition_version[0];
848
+ asort($GOTMLS_definitions_versions);
849
+ if (isset($_REQUEST["UPDATE_definitions_array"]) && strlen($_REQUEST["UPDATE_definitions_array"]) && GOTMLS_get_nonce()) {
850
+ if (strlen($_REQUEST["UPDATE_definitions_array"]) > 1) {
851
+ $GOTnew_definitions = maybe_unserialize(GOTMLS_decode($_REQUEST["UPDATE_definitions_array"]));
852
+ if (is_array($GOTnew_definitions)) {
853
+ $form = 'autoUpdateDownload';
854
+ $GLOBALS["GOTMLS"]["tmp"]["onLoad"] .= "updates_complete('Downloaded Definitions');";
855
+ }
856
+ } elseif (($DEF = GOTMLS_get_URL('http:'.GOTMLS_update_home.'definitions.php?ver='.GOTMLS_Version.'&wp='.$wp_version.'&'.GOTMLS_set_nonce(__FUNCTION__."870").'&d='.ur1encode(GOTMLS_siteurl))) && is_array($GOTnew_definitions = maybe_unserialize(GOTMLS_decode($DEF))) && count($GOTnew_definitions)) {
857
+ if (isset($GOTnew_definitions["you"]["user_email"]) && strlen($GOTnew_definitions["you"]["user_email"]) == 32) {
858
+ $user_info = $GOTnew_definitions["you"];
859
+ if ($user_info["user_email"] == md5($current_user->user_email))
860
+ $toInfo = $current_user->user_email;
861
+ elseif (!($toInfo = $wpdb->get_var("SELECT `user_nicename` FROM $wpdb->users WHERE MD5(`user_email`) = '".$user_info["user_email"]."'")))
862
+ $toInfo = get_option("siteurl");
863
+ $innerHTML = "<li style=\\\"color: #0C0\\\">Your Installation Key is Registered to:<br /> $toInfo</li>";
864
+ $form = 'autoUpdateForm';
865
+ if (isset($user_info["user_donations"]) && isset($user_info["user_donation_total"]) && isset($user_info["user_donation_freshness"])) {
866
+ $user_donations_src = $user_info["user_donations"];
867
+ if ($user_info["user_donation_total"] > 27.99) {
868
+ $autoUpJS = '<input type="checkbox" id="auto_UPDATE_definitions_check" name="UPDATE_definitions_array" value="1"> <input type="hidden" name="UPDATE_definitions_checkbox" value="UPDATE_definitions_array">';
869
+ $moreJS = 'if (foundUpdates = document.getElementById("check_wp_core_div_NA"))
870
+ foundUpdates.innerHTML = "<a href=\'javascript:document.updateform.submit();\' onclick=\'document.updateform.UPDATE_definitions_array.value=1;\' style=\'color: #f00;\'>Set Definition Updates to Automatically Download to activate this feature.</a>";';
871
+ }
872
+ if ($user_donations_src > 0 && $user_info["user_donation_total"] > 0)
873
+ $li = "<li> You have made $user_donations_src donation".($user_donations_src?'s totalling':' for').' $'.$user_info["user_donation_total"].".</li><!-- ".$user_info["user_donation_freshness"]." -->";
874
+ }
875
+ } else
876
+ $innerHTML = "<li style=\\\"color: #f00\\\">Your Installation Key is not registered!</li>";
877
+ unset($GOTnew_definitions["you"]);
878
+ asort($GOTnew_definitions);
879
+ if (serialize($GOTnew_definitions) == serialize($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]))
880
+ unset($GOTnew_definitions);
881
+ else {
882
+ $debug = substr(serialize($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]), 0, 9)." ".md5(serialize($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]))." ".strlen(serialize($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]))." ".substr(serialize($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]), -9)." = ".substr(serialize($GOTnew_definitions), 0, 9)." ".md5(serialize($GOTnew_definitions))." ".strlen(serialize($GOTnew_definitions)." ".substr(serialize($GOTnew_definitions), -9));
883
+ $GLOBALS["GOTMLS"]["tmp"]["definitions_array"] = $GOTnew_definitions;
884
+ $GLOBALS["GOTMLS"]["tmp"]["onLoad"] .= "updates_complete('New Definitions Automatically Installed :-)');";
885
+ }
886
+ $finJS .= "\nif (divNAtext)\n\tloadGOTMLS();\nelse\n\tdivNAtext = setTimeout('loadGOTMLS()', 4000);";
887
+ $finJS .= "\nif (typeof stopCheckingDefinitions !== 'undefined')\n\tclearTimeout(stopCheckingDefinitions);";
888
+ } else
889
+ $innerHTML = "<li style=\\\"color: #f00\\\"><a title='report error' href='#' onclick=\\\"stopCheckingDefinitions = checkupdateserver(alt_addr+'&error=".GOTMLS_encode(serialize(array("get_URL"=>$GLOBALS["GOTMLS"]["get_URL"])))."', 'Definition_Updates');\\\">Automatic Update Connection Failed!</a></li>";
890
+ } else
891
+ $innerHTML = "<li style=\\\"color: #f00\\\">".GOTMLS_Invalid_Nonce("Nonce Error")."</li>";
892
+ if (isset($GOTnew_definitions) && is_array($GOTnew_definitions)) {
893
+ $GLOBALS["GOTMLS"]["tmp"]["definitions_array"] = GOTMLS_array_replace($GLOBALS["GOTMLS"]["tmp"]["definitions_array"], $GOTnew_definitions);
894
+ if (file_exists(GOTMLS_plugin_path.'definitions_update.txt'))
895
+ @unlink(GOTMLS_plugin_path.'definitions_update.txt');
896
+ $saved = GOTMLS_update_option('definitions', $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]);
897
+ $_REQUEST["check"] = array();
898
+ foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"] as $threat_level=>$definition_names) {
899
+ if ($threat_level != "potential")
900
+ $_REQUEST["check"][] = $threat_level;
901
+ foreach ($definition_names as $definition_name=>$definition_version)
902
+ if (is_array($definition_version) && isset($definition_version[0]) && strlen($definition_version[0]) == 5)
903
+ if (!isset($GOTMLS_definitions_versions[$threat_level]) || $definition_version[0] > $GOTMLS_definitions_versions[$threat_level])
904
+ $GOTMLS_definitions_versions[$threat_level] = $definition_version[0];
905
+ }
906
+ $GLOBALS["GOTMLS"]["log"]["settings"]["check"] = $_REQUEST["check"];
907
+ $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"] = $_REQUEST["check"];
908
+ asort($GOTMLS_definitions_versions);
909
+ $autoUpJS .= '<span style="color: #0C0;">(Newest Definition Updates Installed.)</span>';
910
+ } else {
911
+ $autoUpJS .= '<span style="color: #0C0;">(No newer Definition Updates are available at this time.)</span>';
912
+ $innerHTML .= "<li style=\\\"color: #0C0\\\">No Newer Definition Updates Available.</li>";
913
+ }
914
+ if (isset($_SERVER["SCRIPT_FILENAME"]) && preg_match('/\/admin-ajax\.php/i', $_SERVER["SCRIPT_FILENAME"]) && isset($_REQUEST["action"]) && $_REQUEST["action"] == "GOTMLS_auto_update") {
915
+ if (!$user_donations_src)
916
+ $li = "<li style=\\\"color: #f00;\\\">You have not donated yet!</li>";
917
+ if (strlen($moreJS) == 0)
918
+ $moreJS = 'if (foundUpdates = document.getElementById("check_wp_core_div_NA"))
919
+ foundUpdates.innerHTML = "<a href=\'javascript:document.ppdform.submit();\' onclick=\'document.ppdform.amount.value=32;\' style=\'color: #f00;\'>Donate $29+ now then enable Automatic Definition Updates to Scan for Core Files changes.</a>";';
920
+ $moreJS .= "\n\tif (foundUpdates = document.getElementById('pastDonations'))\n\tfoundUpdates.innerHTML = '$li';";
921
+ @header("Content-type: text/javascript");
922
+ if (is_array($GOTMLS_definitions_versions) && count($GOTMLS_definitions_versions) && (strlen($new_ver = trim(array_pop($GOTMLS_definitions_versions))) == 5) && $saved) {
923
+ $innerHTML .= "<li style=\\\"color: #0C0\\\">New Definition Updates Installed.</li>";
924
+ $finJS .= "\nif (foundUpdates = document.getElementById('GOTMLS_definitions_date')) foundUpdates.innerHTML = '$new_ver';";
925
+ } elseif (is_array($GOTnew_definitions) && count($GOTnew_definitions))
926
+ $finJS .= "\nalert('Definition update $new_ver could not be saved because update_option Failed! $debug');";
927
+ die('//<![CDATA[
928
+ var inc_form = "";
929
+ if (foundUpdates = document.getElementById("autoUpdateDownload"))
930
+ foundUpdates.src += "?'.$user_donations_src.'";
931
+ if (foundUpdates = document.getElementById("registerKeyForm"))
932
+ foundUpdates.style.display = "none";
933
+ if (foundUpdates = document.getElementById("'.$form.'"))
934
+ foundUpdates.style.display = "block";
935
+ if (foundUpdates = document.getElementById("Definition_Updates"))
936
+ foundUpdates.innerHTML = "<ul class=\\"sidebar-links\\">'.$innerHTML.'</ul>"+inc_form;
937
+ function setDivNAtext() {
938
+ var foundUpdates;
939
+ '.$moreJS.$finJS.'
940
+ if (foundUpdates = document.getElementById("UPDATE_definitions_div"))
941
+ foundUpdates.innerHTML = \''.$autoUpJS.'\';
942
+ //]]>');
943
+ }
944
+ $GLOBALS["GOTMLS"]["tmp"]["Definition"]["Updates"] = '?div=Definition_Updates';
945
+ foreach ($GOTMLS_definitions_versions as $definition_name=>$GLOBALS["GOTMLS"]["tmp"]["Definition"]["Latest"])
946
+ $GLOBALS["GOTMLS"]["tmp"]["Definition"]["Updates"] .= "&def[$definition_name]=".$GLOBALS["GOTMLS"]["tmp"]["Definition"]["Latest"];
947
+ }
948
+ add_action('wp_ajax_GOTMLS_auto_update', 'GOTMLS_update_definitions');
949
+
950
+ function GOTMLS_settings() {
951
+ global $current_user, $wpdb, $wp_version, $GOTMLS_dirs_at_depth, $GOTMLS_dir_at_depth;
952
+ $GOTMLS_scan_groups = array();
953
+ $gt = ">";
954
+ $lt = "<";
955
+ GOTMLS_update_definitions();
956
+ if (($GOTMLS_nonce_found = GOTMLS_get_nonce()) && isset($_REQUEST["check"]) && is_array($_REQUEST["check"]))
957
+ $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"] = $_REQUEST["check"];
958
+ /* $threat_names = array_keys($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"]);
959
+ foreach ($threat_names as $threat_name) {
960
+ if (isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"][$threat_name]) && is_array($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"][$threat_name]) && count($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"][$threat_name]) > 1) {
961
+ if ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"][$threat_name][0] > $GOTMLS_definitions_version)
962
+ $GOTMLS_definitions_version = $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"][$threat_name][0];
963
+ if (!(count($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"]) && in_array($threat_name, $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"]))) {
964
+ $GLOBALS["GOTMLS"]["tmp"]["threat_levels"][$threat_name] = count($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"][$threat_name]);
965
+ if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"]) && $GLOBALS["GOTMLS"]["tmp"]["threat_levels"][$threat_name] > 2)
966
+ $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"] = "known";
967
+ }
968
+ }
969
+ }*/
970
+ if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"])) {
971
+ $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"] = $GLOBALS["GOTMLS"]["tmp"]["threat_levels"];
972
+ update_option("GOTMLS_settings_array", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]);
973
+ }
974
+ $dirs = GOTMLS_explode_dir(__FILE__);
975
+ for ($SL=0;$SL<intval($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"]);$SL++)
976
+ $GOTMLS_scan_groups[] = $lt.'b'.$gt.implode(GOTMLS_slash(), array_slice($dirs, -1 * (3 + $SL), 1)).$lt.'/b'.$gt;
977
+ if (isset($_POST["exclude_ext"])) {
978
+ if (strlen(trim(str_replace(",","",$_POST["exclude_ext"]).' ')) > 0)
979
+ $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"] = preg_split('/[\s]*([,]+[\s]*)+/', trim(str_replace('.', ',', htmlentities($_POST["exclude_ext"]))), -1, PREG_SPLIT_NO_EMPTY);
980
+ else
981
+ $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"] = array();
982
+ }
983
+ $default_exclude_ext = str_replace(",gotmls", "", implode(",", $GLOBALS["GOTMLS"]["tmp"]["skip_ext"]));
984
+ $GLOBALS["GOTMLS"]["tmp"]["skip_ext"] = $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"];
985
+ if (isset($_POST["UPDATE_definitions_checkbox"])) {
986
+ if (isset($_POST[$_POST["UPDATE_definitions_checkbox"]]) && $_POST[$_POST["UPDATE_definitions_checkbox"]] == 1)
987
+ $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["auto_UPDATE_definitions"] = 1;
988
+ else
989
+ $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["auto_UPDATE_definitions"] = "";
990
+ }
991
+ if (isset($_POST["exclude_dir"])) {
992
+ if (strlen(trim(str_replace(",","",$_POST["exclude_dir"]).' ')) > 0)
993
+ $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_dir"] = preg_split('/[\s]*([,]+[\s]*)+/', trim(htmlentities($_POST["exclude_dir"])), -1, PREG_SPLIT_NO_EMPTY);
994
+ else
995
+ $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_dir"] = array();
996
+ for ($d=0; $d<count($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_dir"]); $d++)
997
+ if (dirname($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_dir"][$d]) != ".")
998
+ $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_dir"][$d] = str_replace("\\", "", str_replace("/", "", str_replace(dirname($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_dir"][$d]), "", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_dir"][$d])));
999
+ }
1000
+ $GLOBALS["GOTMLS"]["tmp"]["skip_dirs"] = array_merge($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_dir"], $GLOBALS["GOTMLS"]["tmp"]["skip_dirs"]);
1001
+ if (isset($_POST["scan_what"]) && is_numeric($_POST["scan_what"]) && $_POST["scan_what"] != $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_what"])
1002
+ $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_what"] = $_POST["scan_what"];
1003
+ if (isset($_POST["check_custom"]) && $_POST["check_custom"] != $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check_custom"])
1004
+ $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check_custom"] = stripslashes($_POST["check_custom"]);
1005
+ if (isset($_POST["scan_depth"]) && is_numeric($_POST["scan_depth"]) && $_POST["scan_depth"] != $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_depth"])
1006
+ $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_depth"] = $_POST["scan_depth"];
1007
+ /* if (isset($_POST['check_htaccess']) && is_numeric($_POST['check_htaccess']) && $_POST['check_htaccess'] != $GLOBALS["GOTMLS"]["tmp"]["settings_array"]['check_htaccess'])
1008
+ $GLOBALS["GOTMLS"]["tmp"]["settings_array"]['check_htaccess'] = $_POST['check_htaccess'];
1009
+ if (isset($_POST['check_timthumb']) && is_numeric($_POST['check_timthumb']) && $_POST['check_timthumb'] != $GLOBALS["GOTMLS"]["tmp"]["settings_array"]['check_timthumb'])
1010
+ $GLOBALS["GOTMLS"]["tmp"]["settings_array"]['check_timthumb'] = $_POST['check_timthumb'];
1011
+ if (isset($_POST['check_wp_core']) && is_numeric($_POST['check_wp_core']) && $_POST['check_wp_core'] != $GLOBALS["GOTMLS"]["tmp"]["settings_array"]['check_wp_core'])
1012
+ $GLOBALS["GOTMLS"]["tmp"]["settings_array"]['check_wp_core'] = $_POST['check_wp_core'];
1013
+ if (isset($_POST['check_known']) && is_numeric($_POST['check_known']) && $_POST['check_known'] != $GLOBALS["GOTMLS"]["tmp"]["settings_array"]['check_known'])
1014
+ $GLOBALS["GOTMLS"]["tmp"]["settings_array"]['check_known'] = $_POST['check_known'];
1015
+ if (isset($_POST['check_potential']) && is_numeric($_POST['check_potential']) && $_POST['check_potential'] != $GLOBALS["GOTMLS"]["tmp"]["settings_array"]['check_potential'])
1016
+ $GLOBALS["GOTMLS"]["tmp"]["settings_array"]['check_potential'] = $_POST['check_potential'];*/
1017
+ if (isset($_POST['skip_quarantine']) && $_POST['skip_quarantine'])
1018
+ $GLOBALS["GOTMLS"]["tmp"]["settings_array"]['skip_quarantine'] = $_POST['skip_quarantine'];
1019
+ elseif (isset($_POST["exclude_ext"]))
1020
+ $GLOBALS["GOTMLS"]["tmp"]["settings_array"]['skip_quarantine'] = 0;
1021
+ GOTMLS_update_scan_log(array("settings" => $GLOBALS["GOTMLS"]["tmp"]["settings_array"]));
1022
+ $scan_whatopts = '';
1023
+ $scan_optjs = "\n{$lt}script type=\"text/javascript\"$gt\nfunction showOnly(what) {\n";
1024
+ foreach ($GOTMLS_scan_groups as $mg => $GOTMLS_scan_group) {
1025
+ $scan_optjs .= "document.getElementById('only$mg').style.display = 'none';\n";
1026
+ $scan_whatopts = "\n$lt/div$gt\n$lt/div$gt\n$scan_whatopts";
1027
+ $dir = implode(GOTMLS_slash(), array_slice($dirs, 0, -1 * (2 + $mg)));
1028
+ $files = GOTMLS_getfiles($dir);
1029
+ if (is_array($files))
1030
+ foreach ($files as $file)
1031
+ if (is_dir(GOTMLS_trailingslashit($dir).$file))
1032
+ $scan_whatopts = $lt.'input type="checkbox" name="scan_only[]" value="'.htmlentities($file).'" /'.$gt.htmlentities($file).$lt.'br /'.$gt.$scan_whatopts;
1033
+ $scan_whatopts = "\n$lt".'div style="padding: 4px 30px;" id="scan_group_div_'.$mg.'"'.$gt.$lt.'input type="radio" name="scan_what" id="not-only'.$mg.'" value="'.$mg.'"'.($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_what"]==$mg?' checked':'').' /'.$gt.$lt.'a style="text-decoration: none;" href="#scan_what" onclick="showOnly(\''.$mg.'\');document.getElementById(\'not-only'.$mg.'\').checked=true;"'."$gt$GOTMLS_scan_group$lt/a$gt{$lt}br /$gt\n$lt".'div class="rounded-corners" style="position: absolute; display: none; background-color: #CCF; margin: 0; padding: 10px; z-index: 10;" id="only'.$mg.'"'.$gt.$lt.'div style="padding-bottom: 6px;"'.$gt.GOTMLS_close_button('only'.$mg, 0).$lt.'b'.$gt.str_replace(" ", "&nbsp;", __("Only Scan These Folders:",'gotmls')).$lt.'/b'.$gt.$lt.'/div'.$gt.$scan_whatopts;
1034
+ }
1035
+ $scan_optjs .= "document.getElementById('only'+what).style.display = 'block';\n}";
1036
+ if (isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["auto_UPDATE_definitions"]) && $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["auto_UPDATE_definitions"])
1037
+ $scan_optjs .= "\nfunction auto_UPDATE_check() {\n\tif (auto_UPdef_check = document.getElementById('auto_UPDATE_definitions_check'))\n\t\tauto_UPdef_check.checked = true;\n}\nif (window.addEventListener)\n\twindow.addEventListener('load', auto_UPDATE_check)\nelse\n\tdocument.attachEvent('onload', auto_UPDATE_check);\n";
1038
+ $scan_optjs .= "$lt/script$gt";
1039
+ $GOTMLS_nonce_URL = GOTMLS_set_nonce(__FUNCTION__."853");
1040
+ $scan_opts = "\n$lt".'form method="POST" name="GOTMLS_Form"'.$gt.$lt.'input type="hidden" name="'.str_replace('=', '" value="', $GOTMLS_nonce_URL).'"'.$gt.$lt.'input type="hidden" name="scan_type" id="scan_type" value="Complete Scan" /'.$gt.$lt.'div style="float: right;"'.$gt.$lt.'input type="submit" id="complete_scan" value="'.__("Run Complete Scan",'gotmls').'" class="button-primary" onclick="document.getElementById(\'scan_type\').value=\'Complete Scan\';" /'.$gt.$lt.'/div'.$gt.'
1041
+ '.$lt.'div style="float: left;"'.$gt.$lt.'p'.$gt.$lt.'b'.$gt.__("What to look for:",'gotmls').$lt.'/b'.$gt.$lt.'/p'.$gt.'
1042
+ '.$lt.'div style="padding: 0 30px;"'.$gt;
1043
+ $cInput = '"'.$gt.$lt.'input';
1044
+ $pCheck = "$cInput checked";
1045
+ $kCheck = "";
1046
+ foreach ($GLOBALS["GOTMLS"]["tmp"]["threat_levels"] as $threat_level_name=>$threat_level) {
1047
+ $scan_opts .= $lt.'div id="check_'.$threat_level.'_div" style="padding: 0; position: relative;';
1048
+ if (($threat_level != "wp_core" && isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"][$threat_level])) || isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"][$threat_level]["$wp_version"])) {
1049
+ if ($threat_level != "potential" && in_array($threat_level,$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"])) {
1050
+ $pCheck = " display: none;$cInput";
1051
+ $scan_opts .= "$cInput checked";
1052
+ } elseif ($threat_level == "potential")
1053
+ $scan_opts .= $pCheck;
1054
+ else
1055
+ $scan_opts .= $cInput;
1056
+ if ($threat_level != "potential")
1057
+ $kCheck .= ",'$threat_level'";
1058
+ $scan_opts .= ' type="checkbox" onchange="pCheck(this);" name="check[]" id="check_'.$threat_level.'_Yes" value="'.$threat_level.'" /'.$gt.' '.$lt.'a style="text-decoration: none;" href="#check_'.$threat_level.'_div_0" onclick="document.getElementById(\'check_'.$threat_level.'_Yes\').checked=true;pCheck(document.getElementById(\'check_'.$threat_level.'_Yes\'));showhide(\'dont_check_'.$threat_level.'\');"'."$gt{$lt}b$gt$threat_level_name$lt/b$gt$lt/a$gt\n";
1059
+ if (isset($_GET["SESSION"])) {
1060
+ if (isset($_SESSION["GOTMLS_debug"][$threat_level]))
1061
+ $lt.'div style="float: right;"'.$gt.print_r($_SESSION["GOTMLS_debug"][$threat_level],1)."$lt/div$gt";
1062
+ $scan_opts .= "\n$lt".'div style="padding: 0 20px; position: relative; top: -18px; display: none;" id="dont_check_'.$threat_level.'"'.$gt.$lt.'a class="rounded-corners" style="position: absolute; left: 0; margin: 0; padding: 0 4px; text-decoration: none; color: #C00; background-color: #FCC; border: solid #F00 1px;" href="#check_'.$threat_level.'_div_0" onclick="showhide(\'dont_check_'.$threat_level.'\');"'.$gt.'X'.$lt.'/a'.$gt;
1063
+ foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"][$threat_level] as $threat_name => $threat_regex)
1064
+ $scan_opts .= $lt."br /$gt\n$lt".'input type="checkbox" name="dont_check[]" value="'.htmlspecialchars($threat_name).'"'.(in_array($threat_name, $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"])?' checked /'.$gt.$lt.'script'.$gt.'showhide("dont_check_'.$threat_level.'", true);'.$lt.'/script'.$gt:' /'.$gt).(isset($_SESSION["GOTMLS_debug"][$threat_name])?$lt.'div style="float: right;"'.$gt.print_r($_SESSION["GOTMLS_debug"][$threat_name],1)."$lt/div$gt":"").$threat_name;
1065
+ $scan_opts .= "\n$lt/div$gt";
1066
+ }
1067
+ } else
1068
+ $scan_opts .= $lt.'a title="'.__("Download Definition Updates to Use this feature",'gotmls').'"'.$gt.$lt.'img src="'.GOTMLS_images_path.'blocked.gif" height=16 width=16 alt="X"'.$gt.$lt.'b'.$gt.'&nbsp; '.$threat_level_name.$lt.'/b'.$gt.$lt.'br /'.$gt.$lt.'div style="padding: 14px;" id="check_'.$threat_level.'_div_NA"'.$gt.$lt.'span style="color: #F00"'.$gt.__("Download the new definitions (Right sidebar) to activate this feature.",'gotmls')."$lt/span$gt$lt/div$gt";
1069
+ $scan_opts .= "\n$lt/div$gt";
1070
+ }
1071
+ $scan_opts .= $lt.'/div'.$gt.$lt.'/div'.$gt.'
1072
+ '.$lt.'div style="float: left;"'.$gt.$lt.'p'.$gt.$lt.'b'.$gt.__("What to scan:",'gotmls').$lt.'/b'.$gt.$lt.'/p'.$gt.$scan_whatopts.$scan_optjs.$lt.'/div'.$gt.'
1073
+ '.$lt.'div style="float: left;" id="scanwhatfolder"'.$gt.$lt.'/div'.$gt.'
1074
+ '.$lt.'div style="float: left;"'.$gt.$lt.'p'.$gt.$lt.'b'.$gt.__("Scan Depth:",'gotmls').$lt.'/b'.$gt.$lt.'/p'.$gt.'
1075
+ '.$lt.'div style="padding: 0 30px;"'.$gt.$lt.'input type="text" value="'.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_depth"].'" name="scan_depth" size="5"'.$gt.$lt.'br /'.$gt.__("how far to drill down",'gotmls').$lt.'br /'.$gt.'('.__("-1 is infinite depth",'gotmls').')'.$lt.'/div'.$gt.$lt.'/div'.$gt.$lt.'br style="clear: left;"'.$gt;
1076
+ if (isset($_GET["SESSION"]) && isset($_SESSION["GOTMLS_debug"]['total'])) {$scan_opts .= $lt.'div style="float: right;"'.$gt.print_r($_SESSION["GOTMLS_debug"]['total'],1)."$lt/div$gt"; unset($_SESSION["GOTMLS_debug"]);}
1077
+ if (isset($_GET["eli"])) {//still testing this option
1078
+ $scan_opts .= "\n$lt".'div style="padding: 10px;"'.$gt.$lt.'p'.$gt.$lt.'b'.$gt.__("Custom RegExp:",'gotmls').$lt.'/b'.$gt.' ('.__("For very advanced users only. Do not use this without talking to Eli first. If used incorrectly you could easily break your site.",'gotmls').')'.$lt.'/p'.$gt.$lt.'input type="text" name="check_custom" style="width: 100%;" value="'.htmlspecialchars($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check_custom"]).'" /'."$gt$lt/div$gt\n";
1079
+ }
1080
+ $QuickScan = $lt.((is_dir(dirname(__FILE__)."/../../../wp-includes") && is_dir(dirname(__FILE__)."/../../../wp-admin"))?'a href="'.admin_url("admin.php?page=GOTMLS-settings&scan_type=Quick+Scan&$GOTMLS_nonce_URL").'" class="button-primary" style="height: 22px; line-height: 13px; padding: 3px;">WP_Core</a':"!-- No wp-includes or wp-admin --").$gt;
1081
+ foreach (array("Plugins", "Themes") as $ScanFolder)
1082
+ $QuickScan .= '&nbsp;'.$lt.((is_dir(dirname(__FILE__)."/../../../wp-content/".strtolower($ScanFolder)))?'a href="'.admin_url("admin.php?page=GOTMLS-settings&scan_type=Quick+Scan&scan_only[]=wp-content/".strtolower($ScanFolder)."&$GOTMLS_nonce_URL")."\" class=\"button-primary\" style=\"height: 22px; line-height: 13px; padding: 3px;\"$gt$ScanFolder$lt/a":"!-- No $ScanFolder in wp-content --").$gt;
1083
+ $scan_opts .= "\n$lt".'p'.$gt.$lt.'b'.$gt.__("Skip files with the following extensions:",'gotmls')."$lt/b$gt".(($default_exclude_ext!=implode(",", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"]))?" {$lt}a href=\"javascript:void(0);\" onclick=\"document.getElementById('exclude_ext').value = '$default_exclude_ext';\"{$gt}[Restore Defaults]$lt/a$gt":"").$lt.'/p'.$gt.'
1084
+ '.$lt.'div style="padding: 0 30px;"'.$gt.$lt.'input type="text" placeholder="'.__("a comma separated list of file extentions to skip",'gotmls').'" name="exclude_ext" id="exclude_ext" value="'.implode(",", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"]).'" style="width: 100%;" /'."$gt$lt/div$gt$lt".'p'.$gt.$lt.'b'.$gt.__("Skip directories with the following names:",'gotmls')."$lt/b$gt$lt/p$gt$lt".'div style="padding: 0 30px;"'.$gt.$lt.'input type="text" placeholder="'.__("a folder name or comma separated list of folder names to skip",'gotmls').'" name="exclude_dir" value="'.implode(",", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_dir"]).'" style="width: 100%;" /'.$gt.$lt.'/div'.$gt.'
1085
+ '.$lt.'table style="width: 100%" cellspacing="10"'.$gt.$lt.'tr'.$gt.$lt.'td nowrap valign="top" style="white-space: nowrap; width: 1px;"'.$gt.$lt.'b'.$gt.__("Automatically Update Definitions:",'gotmls').$lt."br$gt$lt/b$gt$lt/td$gt$lt".'td'.$gt.$lt.'div id="UPDATE_definitions_div"'.$gt.$lt.'br'.$gt.$lt.'span style="color: #C00;"'.$gt.__("This feature is only available to registered users who have donated at a certain level.",'gotmls')."$lt/span$gt$lt/div$gt$lt/td$gt$lt".'td align="right" valign="bottom"'.$gt.$lt.'input type="submit" id="save_settings" value="'.__("Save Settings",'gotmls').'" class="button-primary" onclick="document.getElementById(\'scan_type\').value=\'Save\';" /'."$gt$lt/td$gt$lt/tr$gt$lt/table$gt$lt/form$gt";
1086
+ $title_tagline = $lt."li$gt Site Title: ".htmlspecialchars($wpdb->get_var("SELECT `option_value` FROM `$wpdb->options` WHERE `option_name` = 'blogname'"));
1087
+ $title_tagline .= "$lt/li$gt$lt"."li$gt Tagline: ".htmlspecialchars($wpdb->get_var("SELECT `option_value` FROM `$wpdb->options` WHERE `option_name` = 'blogdescription'"));
1088
+ if (preg_match('/h[\@a]ck[3e]d.*by/is', $title_tagline))
1089
+ echo $lt.'div class="error"'.$gt.sprintf(__("Your Site Title or Tagline suggests that you may have been hacked ...%sThis could impact the indexing of your site and may even lead to blacklisting. You can change those options on the %sGeneral Settings$lt/a$gt page.",'gotmls'), "$title_tagline$lt/li$gt", $lt.'a href="'.admin_url("options-general.php").'"'.$gt)."$lt/div$gt";
1090
+ @ob_start();
1091
+ $OB_default_handlers = array("default output handler", "zlib output compression");
1092
+ $OB_handlers = @ob_list_handlers();
1093
+ if (is_array($OB_handlers) && count($OB_handlers))
1094
+ foreach ($OB_handlers as $OB_last_handler)
1095
+ if (!in_array($OB_last_handler, $OB_default_handlers))
1096
+ echo $lt.'div class="error"'.$gt.sprintf(__("Another Plugin or Theme is using '%s' to handle output buffers. <br />This prevents actively outputing the buffer on-the-fly and could severely degrade the performance of this (and many other) Plugins. <br />Consider disabling caching and compression plugins (at least during the scanning process).",'gotmls'), $OB_last_handler)."$lt/div$gt";
1097
+ GOTMLS_display_header();
1098
+ $scan_groups = array_merge(array(__("Scanned Files",'gotmls')=>"scanned",__("Selected Folders",'gotmls')=>"dirs",__("Scanned Folders",'gotmls')=>"dir",__("Skipped Folders",'gotmls')=>"skipdirs",__("Skipped Files",'gotmls')=>"skipped",__("Read/Write Errors",'gotmls')=>"errors",__("Quarantined Files",'gotmls')=>"bad"), $GLOBALS["GOTMLS"]["tmp"]["threat_levels"]);
1099
+ echo $lt.'script type="text/javascript">
1100
+ var percent = 0;
1101
+ function pCheck(chkb) {
1102
+ var kCheck = ['.trim($kCheck,",").'];
1103
+ chk = true;
1104
+ for (var i = 0; i < kCheck.length; i++) {
1105
+ var chkbox = document.getElementById("check_"+kCheck[i]+"_Yes");
1106
+ if (chkbox && chkb.id == "check_potential_Yes" && chkb.checked == false) {
1107
+ chk = false;
1108
+ chkbox.checked = true;
1109
+ } else if (chkbox && chkbox.checked) {
1110
+ chk = false;
1111
+ }
1112
+ }
1113
+ if (chkbox = document.getElementById("check_potential_Yes"))
1114
+ chkbox.checked = chk;
1115
+ if (chk) {
1116
+ document.getElementById("check_potential_div").style.display = "block";
1117
+ alert("If you do not select any other threat types, then only potential threats will be found and the automatic fix will not be available!");
1118
+ } else
1119
+ document.getElementById("check_potential_div").style.display = "none";
1120
+ }
1121
+ function changeFavicon(percent) {
1122
+ var oldLink = document.getElementById("wait_gif");
1123
+ if (oldLink) {
1124
+ if (percent >= 100) {
1125
+ document.getElementsByTagName("head")[0].removeChild(oldLink);
1126
+ var link = document.createElement("link");
1127
+ link.id = "wait_gif";
1128
+ link.type = "image/gif";
1129
+ link.rel = "shortcut icon";
1130
+ var threats = '.implode(" + ", array_merge($GLOBALS["GOTMLS"]["tmp"]["threat_levels"], array(__("Potential Threats",'gotmls')=>"errors",__("WP-Login Updates",'gotmls')=>"errors"))).';
1131
+ if (threats > 0) {
1132
+ if ((errors * 2) == threats)
1133
+ linkhref = "blocked";
1134
+ else
1135
+ linkhref = "threat";
1136
+ } else
1137
+ linkhref = "checked";
1138
+ link.href = "'.GOTMLS_images_path.'"+linkhref+".gif";
1139
+ document.getElementsByTagName("head")[0].appendChild(link);
1140
+ }
1141
+ } else {
1142
+ var icons = document.getElementsByTagName("link");
1143
+ var link = document.createElement("link");
1144
+ link.id = "wait_gif";
1145
+ link.type = "image/gif";
1146
+ link.rel = "shortcut icon";
1147
+ link.href = "'.GOTMLS_images_path.'wait.gif";
1148
+ // document.head.appendChild(link);
1149
+ document.getElementsByTagName("head")[0].appendChild(link);
1150
+ }
1151
+ }
1152
+ function update_status(title, time) {
1153
+ sdir = (dir+direrrors);
1154
+ if (arguments[2] >= 0 && arguments[2] <= 100)
1155
+ percent = arguments[2];
1156
+ else
1157
+ percent = Math.floor((sdir*100)/dirs);
1158
+ scan_state = "6F6";
1159
+ if (percent == 100) {
1160
+ showhide("pause_button", true);
1161
+ showhide("pause_button");
1162
+ title = "'.$lt.'b'.$gt.__("Scan Complete!",'gotmls').$lt.'/b'.$gt.'";
1163
+ } else
1164
+ scan_state = "99F";
1165
+ changeFavicon(percent);
1166
+ if (sdir) {
1167
+ if (arguments[2] >= 0 && arguments[2] <= 100)
1168
+ timeRemaining = Math.ceil(((time-startTime)*(100/percent))-(time-startTime));
1169
+ else
1170
+ timeRemaining = Math.ceil(((time-startTime)*(dirs/sdir))-(time-startTime));
1171
+ if (timeRemaining > 59)
1172
+ timeRemaining = Math.ceil(timeRemaining/60)+" Minute";
1173
+ else
1174
+ timeRemaining += " Second";
1175
+ if (timeRemaining.substr(0, 2) != "1 ")
1176
+ timeRemaining += "s";
1177
+ } else
1178
+ timeRemaining = "Calculating Time";
1179
+ timeElapsed = Math.ceil(time);
1180
+ if (timeElapsed > 59)
1181
+ timeElapsed = Math.floor(timeElapsed/60)+" Minute";
1182
+ else
1183
+ timeElapsed += " Second";
1184
+ if (timeElapsed.substr(0, 2) != "1 ")
1185
+ timeElapsed += "s";
1186
+ divHTML = \''.$lt.'div align="center" style="vertical-align: middle; background-color: #ccc; z-index: 3; height: 18px; width: 100%; border: solid #000 1px; position: relative; padding: 10px 0;"'.$gt.$lt.'div style="height: 18px; padding: 10px 0; position: absolute; top: 0px; left: 0px; background-color: #\'+scan_state+\'; width: \'+percent+\'%"'.$gt.$lt.'/div'.$gt.$lt.'div style="height: 32px; position: absolute; top: 3px; left: 10px; z-index: 5; line-height: 16px;" align="left"'.$gt.'\'+sdir+" Folder"+(sdir==1?"":"s")+" Checked'.$lt.'br /'.$gt.'"+timeElapsed+\' Elapsed'.$lt.'/div'.$gt.$lt.'div style="height: 38px; position: absolute; top: 0px; left: 0px; width: 100%; z-index: 5; line-height: 38px; font-size: 30px; text-align: center;"'.$gt.'\'+percent+\'%'.$lt.'/div'.$gt.$lt.'div style="height: 32px; position: absolute; top: 3px; right: 10px; z-index: 5; line-height: 16px;" align="right"'.$gt.'\'+(dirs-sdir)+" Folder"+((dirs-sdir)==1?"":"s")+" Remaining'.$lt.'br /'.$gt.'"+timeRemaining+" Remaining'.$lt.'/div'.$gt.$lt.'/div'.$gt.'";
1187
+ document.getElementById("status_bar").innerHTML = divHTML;
1188
+ document.getElementById("status_text").innerHTML = title;
1189
+ dis="none";
1190
+ divHTML = \''.$lt.'ul style="float: right; margin: 0 20px; text-align: right;"'.$gt.'\';
1191
+ /*'.$lt.'!--*'.'/';
1192
+ $MAX = 0;
1193
+ $vars = "var i, intrvl, direrrors=0";
1194
+ $fix_button_js = "";
1195
+ $found = "";
1196
+ $li_js = "return false;";
1197
+ if (isset($_REQUEST["scan_type"]) && $_REQUEST["scan_type"] == "Quick Scan") {
1198
+ $GLOBALS["GOTMLS"]["log"]["settings"]["check"] = array();
1199
+ foreach ($GLOBALS["GOTMLS"]["tmp"]["threat_levels"] as $check)
1200
+ if ($check != "potential")
1201
+ $GLOBALS["GOTMLS"]["log"]["settings"]["check"][] = $check;
1202
+ }
1203
+ foreach ($scan_groups as $scan_name => $scan_group) {
1204
+ if ($MAX++ == 6) {
1205
+ $quarantineCountOnly = GOTMLS_get_quarantine(true);
1206
+ $vars .= ", $scan_group=$quarantineCountOnly";
1207
+ echo "/*--{$gt}*"."/\n\tif ($scan_group > 0)\n\t\tscan_state = ' potential'; \n\telse\n\t\tscan_state = '';\n\tdivHTML += '</ul><ul style=\"text-align: left;\"><li class=\"GOTMLS_li\"><a href=\"admin.php?page=GOTMLS-View-Quarantine\" class=\"GOTMLS_plugin".("'+scan_state+'\" title=\"".GOTMLS_View_Quarantine_LANGUAGE)."\">'+$scan_group+'&nbsp;'+($scan_group==1?('$scan_name').slice(0,-1):'$scan_name')+'</a></li>';\n/*{$lt}!--*"."/";
1208
+ $found = "Found ";
1209
+ $fix_button_js = "\n\t\tdis='block';";
1210
+ } else {
1211
+ $vars .= ", $scan_group=0";
1212
+ if ($found && !in_array($scan_group, $GLOBALS["GOTMLS"]["log"]["settings"]["check"]))
1213
+ $potential_threat = ' potential" title="'.__("You are not currently scanning for this type of threat!",'gotmls');
1214
+ else
1215
+ $potential_threat = "";
1216
+ echo "/*--{$gt}*"."/\n\tif ($scan_group > 0) {\n\t\tscan_state = ' href=\"#found_$scan_group\" onclick=\"$li_js showhide(\\'found_$scan_group\\', true);\" class=\"GOTMLS_plugin $scan_group\"';$fix_button_js".($MAX>6?"\n\tshowhide('found_$scan_group', true);":"")."\n\t} else\n\t\tscan_state = ' class=\"GOTMLS_plugin$potential_threat\"';\n\tdivHTML += '<li class=\"GOTMLS_li\"".(($found && $scan_group == "potential" && !in_array($scan_group, $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"]))?' style="display: none;"':"")."><a'+scan_state+'>$found'+$scan_group+'&nbsp;'+($scan_group==1?('$scan_name').slice(0,-1):'$scan_name')+'</a></li>';\n/*{$lt}!--*"."/";
1217
+ }
1218
+ $li_js = "";
1219
+ if ($MAX > 11)
1220
+ $fix_button_js = "";
1221
+ }
1222
+ $ScanSettings = $lt.'div style="float: right;"'.$gt.GOTMLS_Run_Quick_Scan_LANGUAGE.":&nbsp;$QuickScan$lt/div$gt".GOTMLS_Scan_Settings_LANGUAGE;
1223
+ echo "/*--{$gt}*".'/
1224
+ document.getElementById("status_counts").innerHTML = divHTML+"'.$lt.'/ul'.$gt.'";
1225
+ document.getElementById("fix_button").style.display = dis;
1226
+ }
1227
+ '.$vars.';
1228
+ function showOnly(what) {
1229
+ document.getElementById("only_what").innerHTML = document.getElementById("only"+what).innerHTML;
1230
+ }
1231
+ var startTime = 0;
1232
+ '.$lt.'/script'.$gt.GOTMLS_box($ScanSettings, $scan_opts);
1233
+ $Settings_Saved = "\n{$lt}div onclick=\"this.style.display='none';\" style='position: relative; top: -50px; margin: 0 300px 0 130px;' class='updated'$gt\nSettings Saved!$lt/div$gt\n";//script type='text/javascript'$gt\nalert('Settings Saved!');\n$lt/script$gt\n";
1234
+ if (isset($_REQUEST["scan_type"]) && $_REQUEST["scan_type"] == "Save") {
1235
+ if ($GOTMLS_nonce_found) {
1236
+ update_option('GOTMLS_settings_array', $GLOBALS["GOTMLS"]["tmp"]["settings_array"]);
1237
+ echo $Settings_Saved;
1238
+ } else
1239
+ echo GOTMLS_box(GOTMLS_Invalid_Nonce(""), __("Saving these settings requires a valid Nonce Token. No valid Nonce Token was found at this time, either because the token have expired or because the data was invalid. Please try re-submitting the form above.",'gotmls')."\n{$lt}script type='text/javascript'$gt\nalert('".GOTMLS_Invalid_Nonce("")."');\n$lt/script$gt\n");
1240
+ echo GOTMLS_box(__("Scan Logs",'gotmls'), GOTMLS_get_scanlog());
1241
+ } elseif (isset($_REQUEST["scan_what"]) && is_numeric($_REQUEST["scan_what"]) && ($_REQUEST["scan_what"] > -1)) {
1242
+ if ($GOTMLS_nonce_found) {
1243
+ update_option('GOTMLS_settings_array', $GLOBALS["GOTMLS"]["tmp"]["settings_array"]);
1244
+ $GLOBALS["GOTMLS"]["log"]["settings"]["check"] = array();
1245
+ GOTMLS_update_scan_log(array("settings" => $GLOBALS["GOTMLS"]["tmp"]["settings_array"]));
1246
+ echo $Settings_Saved;
1247
+ if (!isset($_REQUEST["scan_type"]))
1248
+ $_REQUEST["scan_type"] = "Complete Scan";
1249
+ elseif ($_REQUEST["scan_type"] == "Quick Scan") {
1250
+ $li_js = "\nfunction testComplete() {\n\tif (percent != 100)\n\t\talert('".__("The Quick Scan was unable to finish because of a shortage of memory or a problem accessing a file. Please try using the Complete Scan, it is slower but it will handle these errors better and continue scanning the rest of the files.",'gotmls')."');\n}\nwindow.onload=testComplete;\n$lt/script$gt\n$lt".'script type="text/javascript"'.$gt;
1251
+ $GLOBALS["GOTMLS"]["log"]["settings"]["check"] = array();
1252
+ foreach ($GLOBALS["GOTMLS"]["tmp"]["threat_levels"] as $check)
1253
+ if ($check != "potential")
1254
+ $GLOBALS["GOTMLS"]["log"]["settings"]["check"][] = $check;
1255
+ }
1256
+ echo "\n$lt".'form method="POST" action="'.admin_url('admin-ajax.php?'.GOTMLS_set_nonce(__FUNCTION__."1030")).(isset($_SERVER["QUERY_STRING"])&&strlen($_SERVER["QUERY_STRING"])?"&".$_SERVER["QUERY_STRING"]:"").'" target="GOTMLS_iFrame" name="GOTMLS_Form_clean"'.$gt.$lt.'input type="hidden" name="action" value="GOTMLS_fix"'.$gt.$lt.'input type="hidden" id="GOTMLS_fixing" name="GOTMLS_fixing" value="1"'.$gt;
1257
+ foreach ($_POST as $name => $value) {
1258
+ if (substr($name, 0, 10) != 'GOTMLS_fix') {
1259
+ if (is_array($value)) {
1260
+ foreach ($value as $val)
1261
+ echo $lt.'input type="hidden" name="'.$name.'[]" value="'.htmlspecialchars($val).'"'.$gt;
1262
+ } else
1263
+ echo $lt.'input type="hidden" name="'.$name.'" value="'.htmlspecialchars($value).'"'.$gt;
1264
+ }
1265
+ }
1266
+ echo "\n$lt".'script type="text/javascript"'.$gt.'showhide("inside_'.md5($ScanSettings).'");'.$lt.'/script'.$gt.GOTMLS_box(htmlentities($_REQUEST["scan_type"]).' Status', $lt.'div id="status_text"'.$gt.$lt.'img src="'.GOTMLS_images_path.'wait.gif" height=16 width=16 alt="..."'.$gt.' '.GOTMLS_Loading_LANGUAGE.$lt.'/div'.$gt.$lt.'div id="status_bar"'.$gt.$lt.'/div'.$gt.$lt.'p id="pause_button" style="display: none; position: absolute; left: 0; text-align: center; margin-left: -30px; padding-left: 50%;"'.$gt.$lt.'input type="button" value="Pause" class="button-primary" onclick="pauseresume(this);" id="resume_button" /'.$gt.$lt.'/p'.$gt.$lt.'div id="status_counts"'.$gt.$lt.'/div'.$gt.$lt.'p id="fix_button" style="display: none; text-align: center;"'.$gt.$lt.'input id="repair_button" type="submit" value="'.GOTMLS_Automatically_Fix_LANGUAGE.'" class="button-primary" onclick="loadIframe(\'Examine Results\');" /'.$gt.$lt.'/p'.$gt);
1267
+ $scan_groups_UL = "";
1268
+ foreach ($scan_groups as $scan_name => $scan_group)
1269
+ $scan_groups_UL .= "\n{$lt}ul name=\"found_$scan_group\" id=\"found_$scan_group\" class=\"GOTMLS_plugin $scan_group\" style=\"background-color: #ccc; display: none; padding: 0;\"$gt{$lt}a class=\"rounded-corners\" name=\"link_$scan_group\" style=\"float: right; padding: 0 4px; margin: 5px 5px 0 30px; line-height: 16px; text-decoration: none; color: #C00; background-color: #FCC; border: solid #F00 1px;\" href=\"#found_top\" onclick=\"showhide('found_$scan_group');\"{$gt}X$lt/a$gt{$lt}h3$gt$scan_name$lt/h3$gt\n".($scan_group=='potential'?$lt.'p'.$gt.' &nbsp; * '.__("NOTE: These are probably not malicious scripts (but it's a good place to start looking <u>IF</u> your site is infected and no Known Threats were found).",'gotmls').$lt.'/p'.$gt:($scan_group=='wp_core'?$lt.'p'.$gt.' &nbsp; * '.sprintf(__("NOTE: We have detected changes to the WordPress Core files on your site. This could be an intentional modification or the malicious work of a hacker. We can restore these files to their original state to preserve the integrity of your original WordPress %s installation.",'gotmls'), $wp_version).' (for more info '.$lt.'a target="_blank" href="http://gotmls.net/tag/wp-core-files/"'.$gt.__("read my blog",'gotmls').$lt.'/a'.$gt.').'.$lt.'/p'.$gt:$lt.'br /'.$gt)).$lt.'/ul'.$gt;
1270
+ if (!($dir = implode(GOTMLS_slash(), array_slice($dirs, 0, -1 * (2 + $_REQUEST["scan_what"]))))) $dir = "/";
1271
+ GOTMLS_update_scan_log(array("scan" => array("dir" => $dir, "start" => time(), "type" => htmlentities($_REQUEST["scan_type"]))));
1272
+ echo GOTMLS_box($lt.'div style="float: right;"'.$gt.'&nbsp;('.$GLOBALS["GOTMLS"]["log"]["scan"]["dir"].")&nbsp;$lt/div$gt".__("Scan Details:",'gotmls'), $scan_groups_UL);
1273
+ $no_flush_LANGUAGE = __("Not flushing OB Handlers: %s",'gotmls');
1274
+ if (isset($_REQUEST["no_ob_end_flush"]))
1275
+ echo $lt.'div class="error"'.$gt.sprintf($no_flush_LANGUAGE, print_r(ob_list_handlers(), 1))."$lt/div$gt\n";
1276
+ elseif (is_array($OB_handlers) && count($OB_handlers)) {
1277
+ // $GOTMLS_OB_handlers = get_option("GOTMLS_OB_handlers", array());
1278
+ foreach (array_reverse($OB_handlers) as $OB_handler) {
1279
+ if (isset($GOTMLS_OB_handlers[$OB_handler]) && $GOTMLS_OB_handlers[$OB_handler] == "no_end_flush")
1280
+ echo $lt.'div class="error"'.$gt.sprintf($no_flush_LANGUAGE, $OB_handler)."$lt/div$gt\n";
1281
+ elseif (in_array($OB_handler, $OB_default_handlers)) {
1282
+ // $GOTMLS_OB_handlers[$OB_handler] = "no_end_flush";
1283
+ // update_option("GOTMLS_OB_handlers", $GOTMLS_OB_handlers);
1284
+ @ob_end_flush();
1285
+ // $GOTMLS_OB_handlers[$OB_handler] = "ob_end_flush";
1286
+ // update_option("GOTMLS_OB_handlers", $GOTMLS_OB_handlers);
1287
+ }
1288
+ }
1289
+ }
1290
+ @ob_start();
1291
+ echo "\n{$lt}script type=\"text/javascript\"$gt$li_js\n/*{$lt}!--*"."/";
1292
+ if (is_dir($dir)) {
1293
+ $GOTMLS_dirs_at_depth[0] = 1;
1294
+ $GOTMLS_dir_at_depth[0] = 0;
1295
+ if (isset($_REQUEST['scan_only']) && is_array($_REQUEST['scan_only'])) {
1296
+ $GOTMLS_dirs_at_depth[0] += (count($_REQUEST['scan_only']) - 1);
1297
+ foreach ($_REQUEST['scan_only'] as $only_dir)
1298
+ if (is_dir(GOTMLS_trailingslashit($dir).$only_dir))
1299
+ GOTMLS_readdir(GOTMLS_trailingslashit($dir).$only_dir);
1300
+ } else
1301
+ GOTMLS_readdir($dir);
1302
+ } else
1303
+ echo GOTMLS_return_threat("errors", "blocked", $dir, GOTMLS_error_link("Not a valid directory!"));
1304
+ if ($_REQUEST["scan_type"] == "Quick Scan")
1305
+ echo GOTMLS_update_status(__("Completed!",'gotmls'), 100);
1306
+ else {
1307
+ echo GOTMLS_update_status(__("Starting Scan ...",'gotmls'))."/*--{$gt}*"."/";
1308
+ echo "\nvar scriptSRC = '".admin_url('admin-ajax.php?action=GOTMLS_scan&'.GOTMLS_set_nonce(__FUNCTION__."1087").'&mt='.$GLOBALS["GOTMLS"]["tmp"]["mt"].preg_replace('/\&(GOTMLS_scan|mt|GOTMLS_mt|action)=/', '&last_\1=', isset($_SERVER["QUERY_STRING"])&&strlen($_SERVER["QUERY_STRING"])?"&".$_SERVER["QUERY_STRING"]:"").'&GOTMLS_scan=')."';\nvar scanfilesArKeys = new Array('".implode("','", array_keys($GLOBALS["GOTMLS"]["tmp"]["scanfiles"]))."');\nvar scanfilesArNames = new Array('Scanning ".implode("','Scanning ", $GLOBALS["GOTMLS"]["tmp"]["scanfiles"])."');".'
1309
+ var scanfilesI = 0;
1310
+ var stopScanning;
1311
+ var gotStuckOn = "";
1312
+ function scanNextDir(gotStuck) {
1313
+ clearTimeout(stopScanning);
1314
+ if (gotStuck > -1) {
1315
+ if (scanfilesArNames[gotStuck].substr(0, 3) != "Re-") {
1316
+ if (scanfilesArNames[gotStuck].substr(0, 9) == "Checking ") {
1317
+ scanfilesArNames.push(scanfilesArNames[gotStuck]);
1318
+ scanfilesArKeys.push(scanfilesArKeys[gotStuck]+"&GOTMLS_skip_file[]="+encodeURIComponent(scanfilesArNames[gotStuck].substr(9)));
1319
+ } else {
1320
+ scanfilesArNames.push("Re-"+scanfilesArNames[gotStuck]);
1321
+ scanfilesArKeys.push(scanfilesArKeys[gotStuck]+"&GOTMLS_only_file=");
1322
+ }
1323
+ } else {
1324
+ scanfilesArNames.push("Got Stuck "+scanfilesArNames[gotStuck]);
1325
+ scanfilesArKeys.push(scanfilesArKeys[gotStuck]+"&GOTMLS_skip_dir="+scanfilesArKeys[gotStuck]);
1326
+ }
1327
+ }
1328
+ if (document.getElementById("resume_button").value != "Pause") {
1329
+ stopScanning=setTimeout("scanNextDir(-1)", 1000);
1330
+ startTime++;
1331
+ }
1332
+ else if (scanfilesI < scanfilesArKeys.length) {
1333
+ document.getElementById("status_text").innerHTML = scanfilesArNames[scanfilesI];
1334
+ var newscript = document.createElement("script");
1335
+ newscript.setAttribute("src", scriptSRC+scanfilesArKeys[scanfilesI]);
1336
+ divx = document.getElementById("found_scanned");
1337
+ if (divx)
1338
+ divx.appendChild(newscript);
1339
+ stopScanning=setTimeout("scanNextDir("+(scanfilesI++)+")",'.$GLOBALS["GOTMLS"]["tmp"]['execution_time'].'000);
1340
+ }
1341
+ }
1342
+ startTime = ('.ceil(time()-$GLOBALS["GOTMLS"]["log"]["scan"]["start"]).'+3);
1343
+ stopScanning=setTimeout("scanNextDir(-1)",3000);
1344
+ function pauseresume(butt) {
1345
+ if (butt.value == "Resume")
1346
+ butt.value = "Pause";
1347
+ else
1348
+ butt.value = "Resume";
1349
+ }
1350
+ showhide("pause_button", true);'."\n/*{$lt}!--*"."/";
1351
+ }
1352
+ if (@ob_get_level()) {
1353
+ GOTMLS_flush('script');
1354
+ @ob_end_flush();
1355
+ }
1356
+ echo "/*--{$gt}*"."/\n$lt/script$gt";
1357
+ } else
1358
+ echo GOTMLS_box(GOTMLS_Invalid_Nonce(""), __("Starting a Complete Scan requires a valid Nonce Token. No valid Nonce Token was found at this time, either because the token have expired or because the data was invalid. Please try re-submitting the form above.",'gotmls')."\n{$lt}script type='text/javascript'$gt\nalert('".GOTMLS_Invalid_Nonce("")."');\n$lt/script$gt\n");
1359
+ } else
1360
+ echo GOTMLS_box(__("Scan Logs",'gotmls'), GOTMLS_get_scanlog());
1361
+ echo "\n$lt/div$gt$lt/div$gt$lt/div$gt";
1362
+ }
1363
+
1364
+ function GOTMLS_login_form($form_id = "loginform") {
1365
+ $sess = time();
1366
+ $ajaxURL = admin_url("admin-ajax.php?action=GOTMLS_logintime&GOTMLS_sess=");
1367
+ echo '<input type="hidden" name="sess_id" value="'.substr($sess, 4).'"><input type="hidden" id="offset_id" value="0" name="sess'.substr($sess, 4).'"><script type="text/javascript">'."\nvar GOTMLS_login_offset = new Date();\nvar GOTMLS_login_script = document.createElement('script');\nGOTMLS_login_script.src = '$ajaxURL'+GOTMLS_login_offset.getTime();\n\ndocument.head.appendChild(GOTMLS_login_script);\n</script>\n";//GOTMLS_login_script.onload = set_offset_id();
1368
+ }
1369
+ add_action("login_form", "GOTMLS_login_form");
1370
+
1371
+ function GOTMLS_ajax_logintime() {
1372
+ @header("Content-type: text/javascript");
1373
+ $sess = (false && isset($_GET["GOTMLS_sess"]) && is_numeric($_GET["GOTMLS_sess"])) ? $_GET["sess"] : time();
1374
+ die("\n//Permission Error: User not authenticated!\nvar GOTMLS_login_offset = new Date();\nvar GOTMLS_login_offset_start = GOTMLS_login_offset.getTime() - ".$sess."000;\nfunction set_offset_id() {\n\tGOTMLS_login_offset = new Date();\n\tif (form_login = document.getElementById('offset_id'))\n\t\tform_login.value = GOTMLS_login_offset.getTime() - GOTMLS_login_offset_start;\n\tsetTimeout(set_offset_id, 15673);\n}\nset_offset_id();");
1375
+ }
1376
+ add_action('wp_ajax_nopriv_GOTMLS_logintime', 'GOTMLS_ajax_logintime');
1377
+ add_action('wp_ajax_GOTMLS_logintime', 'GOTMLS_ajax_logintime');
1378
+
1379
+ function GOTMLS_ajax_lognewkey() {
1380
+ @header("Content-type: text/javascript");
1381
+ if (GOTMLS_get_nonce()) {
1382
+ if (isset($_POST["GOTMLS_installation_key"]) && ($_POST["GOTMLS_installation_key"] == GOTMLS_installation_key)) {
1383
+ $keys = maybe_unserialize(get_option('GOTMLS_Installation_Keys', array()));
1384
+ if (is_array($keys)) {
1385
+ $count = count($keys);
1386
+ if (!array_key_exists(GOTMLS_installation_key, $keys))
1387
+ $keys = array_merge($keys, array(GOTMLS_installation_key => GOTMLS_siteurl));
1388
+ } else
1389
+ $keys = array(GOTMLS_installation_key => GOTMLS_siteurl);
1390
+ update_option("GOTMLS_Installation_Keys", serialize($keys));
1391
+ die("\n//$count~".count($keys));
1392
+ } else
1393
+ die("\n//0");
1394
+ } else
1395
+ die(GOTMLS_Invalid_Nonce("\n//Log New Key Error: ")."\n");
1396
+ }
1397
+ add_action('wp_ajax_GOTMLS_lognewkey', 'GOTMLS_ajax_lognewkey');
1398
+ add_action('wp_ajax_nopriv_GOTMLS_lognewkey', 'GOTMLS_ajax_nopriv');
1399
+
1400
+ function GOTMLS_set_plugin_action_links($links_array, $plugin_file) {
1401
+ if ($plugin_file == substr(str_replace("\\", "/", __FILE__), (-1 * strlen($plugin_file))) && strlen($plugin_file) > 10)
1402
+ $links_array = array_merge(array('<a href="'.admin_url('admin.php?page=GOTMLS-settings').'"><span class="dashicons dashicons-admin-settings"></span>'.GOTMLS_Scan_Settings_LANGUAGE.'</a>'), $links_array);
1403
+ return $links_array;
1404
+ }
1405
+ add_filter("plugin_action_links", "GOTMLS_set_plugin_action_links", 1, 2);
1406
+
1407
+ function GOTMLS_set_plugin_row_meta($links_array, $plugin_file) {
1408
+ if ($plugin_file == substr(str_replace("\\", "/", __FILE__), (-1 * strlen($plugin_file))) && strlen($plugin_file) > 10)
1409
+ $links_array = array_merge($links_array, array('<a target="_blank" href="http://gotmls.net/faqs/">FAQ</a>','<a target="_blank" href="http://gotmls.net/support/">Support</a>','<a target="_blank" href="https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE"><span class="dashicons dashicons-heart"></span>Donate</a>'));
1410
+ return $links_array;
1411
+ }
1412
+ add_filter("plugin_row_meta", "GOTMLS_set_plugin_row_meta", 1, 2);
1413
+
1414
+ function GOTMLS_in_plugin_update_message($args) {
1415
+ $transient_name = 'GOTMLS_upgrade_notice_'.$args["Version"].'_'.$args["new_version"];
1416
+ if ((false === ($upgrade_notice = get_transient($transient_name))) && ($ret = GOTMLS_get_URL("https://plugins.svn.wordpress.org/gotmls/trunk/readme.txt"))) {
1417
+ $upgrade_notice = '';
1418
+ if ($match = preg_split('/==\s*Upgrade Notice\s*==\s+/i', $ret)) {
1419
+ if (preg_match('/\n+=\s*'.str_replace(".", "\\.", GOTMLS_Version).'\s*=\s+/is', $match[1]))
1420
+ $notice = (array) preg_split('/\n+=\s*'.str_replace(".", "\\.", GOTMLS_Version).'\s*=\s+/is', $match[1]);
1421
+ else
1422
+ $notice = (array) preg_split('/\n+=/is', $match[1]."\n=");
1423
+ $upgrade_notice .= '<div class="GOTMLS_upgrade_notice">'.preg_replace('/=\s*([\.0-9]+)\s*=\s*([^=]+)/i', '<li><b>${1}:</b> ${2}</li>', preg_replace('~\[([^\]]*)\]\(([^\)]*)\)~', '<a href="${2}">${1}</a>', $notice[0])).'</div>';
1424
+ set_transient($transient_name, $upgrade_notice, DAY_IN_SECONDS);
1425
+ }
1426
+ }
1427
+ echo $upgrade_notice;
1428
+ }
1429
+ add_action("in_plugin_update_message-gotmls/index.php", "GOTMLS_in_plugin_update_message");
1430
+
1431
+ function GOTMLS_init() {
1432
+ if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_what"]))
1433
+ $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_what"] = 2;
1434
+ if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_depth"]))
1435
+ $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_depth"] = -1;
1436
+ if (isset($_REQUEST["scan_type"]) && $_REQUEST["scan_type"] == "Quick Scan") {
1437
+ if (!isset($_REQUEST["scan_what"])) $_REQUEST["scan_what"] = 2;
1438
+ if (!isset($_REQUEST["scan_depth"]))
1439
+ $_REQUEST["scan_depth"] = 2;
1440
+ if (!isset($_REQUEST["scan_only"]))
1441
+ $_REQUEST["scan_only"] = array("","wp-includes","wp-admin");
1442
+ if ($_REQUEST["scan_only"] && !is_array($_REQUEST["scan_only"]))
1443
+ $_REQUEST["scan_only"] = array($_REQUEST["scan_only"]);
1444
+ }//$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check_custom"] = stripslashes($_POST["check_custom"]);
1445
+ if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check_custom"]))
1446
+ $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check_custom"] = "";
1447
+ if (isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"]) && is_numeric($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"]))
1448
+ $scan_level = intval($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"]);
1449
+ else
1450
+ $scan_level = count(explode('/', trailingslashit(get_option("siteurl")))) - 1;
1451
+ if (GOTMLS_get_nonce()) {
1452
+ if (isset($_REQUEST["dont_check"]) && is_array($_REQUEST["dont_check"]) && count($_REQUEST["dont_check"]))
1453
+ $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"] = $_REQUEST["dont_check"];
1454
+ elseif (isset($_POST["scan_type"]) || !(isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"])))
1455
+ $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"] = array();
1456
+ if (isset($_POST["scan_level"]) && is_numeric($_POST["scan_level"]))
1457
+ $scan_level = intval($_POST["scan_level"]);
1458
+ if (isset($scan_level) && is_numeric($scan_level))
1459
+ $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"] = intval($scan_level);
1460
+ }
1461
+ if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"]))
1462
+ $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"] = count(explode('/', trailingslashit(get_option("siteurl")))) - 1;
1463
+ }
1464
+ add_action("admin_init", "GOTMLS_init");
1465
+
1466
+ function GOTMLS_ajax_position() {
1467
+ if (GOTMLS_get_nonce()) {
1468
+ $GLOBALS["GOTMLS_msg"] = __("Default position",'gotmls');
1469
+ $properties = array("body" => 'style="margin: 0; padding: 0;"');
1470
+ if (isset($_GET["GOTMLS_msg"]) && $_GET["GOTMLS_msg"] == $GLOBALS["GOTMLS_msg"]) {
1471
+ $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"] = $GLOBALS["GOTMLS"]["tmp"]["default"]["msg_position"];
1472
+ $gl = '><';
1473
+ $properties["html"] = $gl.'head'.$gl.'script type="text/javascript">
1474
+ if (curDiv = window.parent.document.getElementById("div_file")) {
1475
+ curDiv.style.left = "'.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][0].'";
1476
+ curDiv.style.top = "'.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][1].'";
1477
+ curDiv.style.height = "'.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][2].'";
1478
+ curDiv.style.width = "'.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][3].'";
1479
+ }
1480
+ </script'.$gl.'/head';
1481
+ } elseif (isset($_GET["GOTMLS_x"]) || isset($_GET["GOTMLS_y"]) || isset($_GET["GOTMLS_h"]) || isset($_GET["GOTMLS_w"])) {
1482
+ if (isset($_GET["GOTMLS_x"]))
1483
+ $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][0] = $_GET["GOTMLS_x"];
1484
+ if (isset($_GET["GOTMLS_y"]))
1485
+ $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][1] = $_GET["GOTMLS_y"];
1486
+ if (isset($_GET["GOTMLS_h"]))
1487
+ $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][2] = $_GET["GOTMLS_h"];
1488
+ if (isset($_GET["GOTMLS_w"]))
1489
+ $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][3] = $_GET["GOTMLS_w"];
1490
+ $_GET["GOTMLS_msg"] = __("New position",'gotmls');
1491
+ } else
1492
+ die("\n//Position Error: No new position to save!\n");
1493
+ update_option("GOTMLS_settings_array", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]);
1494
+ die(GOTMLS_html_tags(array("html" => array("body" => htmlentities($_GET["GOTMLS_msg"]).' '.__("saved.",'gotmls').(implode($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"]) == implode($GLOBALS["GOTMLS"]["tmp"]["default"]["msg_position"])?"":' <a href="'.admin_url('admin-ajax.php?action=GOTMLS_position&'.GOTMLS_set_nonce(__FUNCTION__."1350").'&GOTMLS_msg='.urlencode($GLOBALS["GOTMLS_msg"])).'">['.$GLOBALS["GOTMLS_msg"].']</a>'))), $properties));
1495
+ } else
1496
+ die(GOTMLS_Invalid_Nonce("\n//Position Error: ")."\n");
1497
+ }
1498
+ add_action('wp_ajax_GOTMLS_position', 'GOTMLS_ajax_position');
1499
+
1500
+ function GOTMLS_ajax_empty_trash() {
1501
+ global $wpdb;
1502
+ $gl = '><';
1503
+ if (GOTMLS_get_nonce()) {
1504
+ if ($trashed = $wpdb->query("DELETE FROM $wpdb->posts WHERE `post_type` = 'GOTMLS_quarantine' AND `post_status` != 'private'")) {
1505
+ $wpdb->query("REPAIR TABLE $wpdb->posts");
1506
+ $trashmsg = __("Emptied $trashed item from the quarantine trash.",'gotmls');
1507
+ } else
1508
+ $trashmsg = __("Failed to empty the trash.",'gotmls');
1509
+ } else
1510
+ $trashmsg = GOTMLS_Invalid_Nonce("");
1511
+ $properties = array("html" => $gl.'head'.$gl."script type='text/javascript'>\nif (curDiv = window.parent.document.getElementById('empty_trash_link'))\n\tcurDiv.style.display = 'none';\nalert('$trashmsg');\n</script$gl/head", "body" => 'style="margin: 0; padding: 0;"');
1512
+ die(GOTMLS_html_tags(array("html" => array("body" => $trashmsg)), $properties));
1513
+ }
1514
+ add_action('wp_ajax_GOTMLS_empty_trash', 'GOTMLS_ajax_empty_trash');
1515
+
1516
+ function GOTMLS_ajax_whitelist() {
1517
+ if (GOTMLS_get_nonce()) {
1518
+ if (isset($_POST['GOTMLS_whitelist']) && isset($_POST['GOTMLS_chksum'])) {
1519
+ $file = GOTMLS_decode($_POST['GOTMLS_whitelist']);
1520
+ $chksum = explode("O", $_POST['GOTMLS_chksum']."O");
1521
+ if (strlen($chksum[0]) == 32 && strlen($chksum[1]) == 32 && is_file($file) && md5(@file_get_contents($file)) == $chksum[0]) {
1522
+ $filesize = @filesize($file);
1523
+ if (true) {
1524
+ if (!isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"][$file][0]))
1525
+ $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"][$file][0] = "A0002";
1526
+ $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"][$file][$chksum[0].'O'.$filesize] = "A0002";
1527
+ } else
1528
+ unset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"][$file]);
1529
+ GOTMLS_update_option("definitions", $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]);
1530
+ $body = "Added $file to Whitelist!<br />\n<iframe style='width: 90%; height: 250px; border: none;' src='".GOTMLS_plugin_home."whitelist.html?whitelist=".$_POST['GOTMLS_whitelist']."&hash=$chksum[0]&size=$filesize&key=$chksum[1]'></iframe>";
1531
+ } else
1532
+ $body = "<li>Invalid Data!</li>";
1533
+ die(GOTMLS_html_tags(array("html" => array("body" => $body))));
1534
+ } else
1535
+ die("\n//Whitelist Error: Invalid checksum!\n");
1536
+ } else
1537
+ die(GOTMLS_Invalid_Nonce("\n//Whitelist Error: ")."\n");
1538
+ }
1539
+ add_action('wp_ajax_GOTMLS_whitelist', 'GOTMLS_ajax_whitelist');
1540
+
1541
+ function GOTMLS_ajax_fix() {
1542
+ if (GOTMLS_get_nonce()) {
1543
+ if (isset($_POST["GOTMLS_fix"]) && !is_array($_POST["GOTMLS_fix"]))
1544
+ $_POST["GOTMLS_fix"] = array($_POST["GOTMLS_fix"]);
1545
+ if (isset($_REQUEST["GOTMLS_fix"]) && is_array($_REQUEST["GOTMLS_fix"]) && isset($_REQUEST["GOTMLS_fixing"]) && $_REQUEST["GOTMLS_fixing"]) {
1546
+ GOTMLS_update_scan_log(array("settings" => $GLOBALS["GOTMLS"]["tmp"]["settings_array"]));
1547
+ $callAlert = "clearTimeout(callAlert);\ncallAlert=setTimeout('alert_repaired(1)', 30000);";
1548
+ $li_js = "\n<script type=\"text/javascript\">\nvar callAlert;\nfunction alert_repaired(failed) {\nclearTimeout(callAlert);\nif (failed)\nfilesFailed='the rest, try again to change more.';\nwindow.parent.check_for_donation('Changed '+filesFixed+' files, failed to change '+filesFailed);\n}\n$callAlert\nwindow.parent.showhide('GOTMLS_iFrame', true);\nfilesFixed=0;\nfilesFailed=0;\nfunction fixedFile(file) {\n filesFixed++;\nif (li_file = window.parent.document.getElementById('check_'+file))\n\tli_file.checked=false;\nif (li_file = window.parent.document.getElementById('list_'+file))\n\tli_file.className='GOTMLS_plugin';\nif (li_file = window.parent.document.getElementById('GOTMLS_quarantine_'+file)) {\n\tli_file.style.display='none';\n\tli_file.innerHTML='';\n\t}\n}\nfunction DeletedFile(file) {\n filesFixed++;\nif (li_file = window.parent.document.getElementById('check_'+file))\n\tli_file.checked=false;\nif (li_file = window.parent.document.getElementById('GOTMLS_quarantine_'+file)) {\n\tli_file.style.display='none';\n\tli_file.innerHTML='';\n\t}}\nfunction failedFile(file) {\n filesFailed++;\nwindow.parent.document.getElementById('check_'+file).checked=false; \n}\n</script>\n<script type=\"text/javascript\">\n/*<!--*"."/";
1549
+ @set_time_limit($GLOBALS["GOTMLS"]["tmp"]['execution_time'] * 2);
1550
+ $HTML = explode("split-here-for-content", GOTMLS_html_tags(array("html" => array("body" => "split-here-for-content"))));
1551
+ echo $HTML[0];
1552
+ GOTMLS_update_scan_log(array("scan" => array("dir" => count($_REQUEST["GOTMLS_fix"])." Files", "start" => time())));
1553
+ foreach ($_REQUEST["GOTMLS_fix"] as $clean_file) {
1554
+ if (is_numeric($clean_file)) {
1555
+ if (($Q_post = GOTMLS_get_quarantine($clean_file)) && isset($Q_post["post_type"]) && strtolower($Q_post["post_type"]) == "gotmls_quarantine" && isset($Q_post["post_status"]) && strtolower($Q_post["post_status"]) == "private") {
1556
+ $path = $Q_post["post_title"];
1557
+ if ($_REQUEST["GOTMLS_fixing"] > 1) {
1558
+ echo "<li>Removing $path ... ";
1559
+ $Q_post["post_status"] = "trash";
1560
+ if (wp_update_post($Q_post)) {
1561
+ echo __("Done!",'gotmls');
1562
+ $li_js .= "/*-->*"."/\nDeletedFile('$clean_file');\n/*<!--*"."/";
1563
+ } else {
1564
+ echo __("Failed to delete!",'gotmls');
1565
+ $li_js .= "/*-->*"."/\nfailedFile('$clean_file');\n/*<!--*"."/";
1566
+ }
1567
+ GOTMLS_update_scan_log(array("scan" => array("finish" => time(), "type" => "Removal from Quarantine")));
1568
+ } else {
1569
+ echo "<li>Restoring $path ... ";
1570
+ $Q_post["post_status"] = "pending";
1571
+ if (GOTMLS_file_put_contents($path, GOTMLS_decode($Q_post["post_content"])) && wp_update_post($Q_post)) {
1572
+ echo __("Complete!",'gotmls');
1573
+ $li_js .= "/*-->*"."/\nfixedFile('$clean_file');\n/*<!--*"."/";
1574
+ } else {
1575
+ echo __("Restore Failed!",'gotmls');
1576
+ $li_js .= "/*-->*"."/\nfailedFile('$clean_file');\n/*<!--*"."/";
1577
+ }
1578
+ GOTMLS_update_scan_log(array("scan" => array("finish" => time(), "type" => "Restoration from Quarantine")));
1579
+ }
1580
+ echo "</li>\n$li_js/*-->*"."/\n$callAlert\n</script>\n";
1581
+ $li_js = "<script type=\"text/javascript\">\n/*<!--*"."/";
1582
+ }//else print_r(array("i:$clean_file"=>$Q_post));
1583
+ } else {
1584
+ $path = realpath(GOTMLS_decode($clean_file));
1585
+ if (is_file($path)) {
1586
+ echo "<li>Fixing $path ... ";
1587
+ $li_js .= GOTMLS_scanfile($path);
1588
+ echo "</li>\n$li_js/*-->*"."/\n$callAlert\n//".$GLOBALS["GOTMLS"]["tmp"]["debug_fix"]."\n</script>\n";
1589
+ $li_js = "<script type=\"text/javascript\">\n/*<!--*"."/";
1590
+ } else
1591
+ echo "<li>".__("File ".htmlentities($path)." not found!",'gotmls')."</li>";
1592
+ GOTMLS_update_scan_log(array("scan" => array("finish" => time(), "type" => "Automatic Fix")));
1593
+ }
1594
+ }
1595
+ $nonce = GOTMLS_set_nonce(__FUNCTION__."1593");
1596
+ die('<div id="check_site_warning" style="background-color: #F00;">'.sprintf(__("Because some changes were made we need to check to make sure it did not break your site. If this stays Red and the frame below does not load please <a %s>revert the changes</a> made during this automated fix process.",'gotmls'), 'href="'.GOTMLS_images_path.'?page=GOTMLS-View-Quarantine&'.$nonce.'"').' <span style="color: #F00;">'.__("Never mind, it worked!",'gotmls').'</span></div><br /><iframe id="test_frame" name="test_frame" src="'.admin_url('admin.php?page=GOTMLS-settings&check_site=1&'.$nonce).'" style="width: 100%; height: 200px"></iframe>'.$li_js."/*-->*"."/\nalert_repaired(0);\n</script>\n$HTML[1]");
1597
+ } else
1598
+ die(GOTMLS_html_tags(array("html" => array("body" => "<script type=\"text/javascript\">\nwindow.parent.showhide('GOTMLS_iFrame', true);\nalert('".__("Nothing Selected to be Changed!",'gotmls')."');\n</script>".__("Done!",'gotmls')))));
1599
+ } else
1600
+ die(GOTMLS_html_tags(array("html" => array("body" => "<script type=\"text/javascript\">\nwindow.parent.showhide('GOTMLS_iFrame', true);\nalert('".GOTMLS_Invalid_Nonce("")."');\n</script>".__("Done!",'gotmls')))));
1601
+ }
1602
+ add_action('wp_ajax_GOTMLS_fix', 'GOTMLS_ajax_fix');
1603
+
1604
+ function GOTMLS_ajax_scan() {
1605
+ if (GOTMLS_get_nonce()) {
1606
+ @error_reporting(0);
1607
+ if (isset($_GET["GOTMLS_scan"])) {
1608
+ @set_time_limit($GLOBALS["GOTMLS"]["tmp"]['execution_time'] - 5);
1609
+ if (is_numeric($_GET["GOTMLS_scan"])) {
1610
+ if (($Q_post = GOTMLS_get_quarantine($_GET["GOTMLS_scan"])) && isset($Q_post["post_type"]) && $Q_post["post_type"] == "GOTMLS_quarantine" && isset($Q_post["post_status"]) && $Q_post["post_status"] == "private") {
1611
+ $clean_file = $Q_post["post_title"];
1612
+ $GLOBALS["GOTMLS"]["tmp"]["file_contents"] = GOTMLS_decode($Q_post["post_content"]);
1613
+ $fa = "";
1614
+ $function = 'GOTMLS_decode';
1615
+ if (isset($_GET[$function]) && is_array($_GET[$function])) {
1616
+ foreach ($_GET[$function] as $decode) {
1617
+ $fa .= " NO-$decode";
1618
+ }
1619
+ } elseif (isset($Q_post["post_excerpt"]) && strlen($Q_post["post_excerpt"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["threats_found"] = @maybe_unserialize(GOTMLS_decode($Q_post["post_excerpt"])))) {
1620
+ $f = 1;
1621
+ //print_r(array("excerpt:"=>$GLOBALS["GOTMLS"]["tmp"]["threats_found"]));
1622
+ foreach ($GLOBALS["GOTMLS"]["tmp"]["threats_found"] as $threats_found => $threats_name) {
1623
+ list($start, $end, $junk) = explode("-", "$threats_found--", 3);
1624
+ if (strlen($end) > 0 && is_numeric($start) && is_numeric($end)) {
1625
+ if ($start < $end)
1626
+ $fa .= ' <a title="'.htmlspecialchars($threats_name).'" href="javascript:select_text_range(\'ta_file\', '.$start.', '.$end.');">['.$f++.']</a>';
1627
+ else
1628
+ $fa .= ' <a title="'.htmlspecialchars($threats_name).'" href="javascript:select_text_range(\'ta_file\', '.$end.', '.$start.');">['.$f++.']</a>';
1629
+ } else {
1630
+ if (is_numeric($threats_found)) {
1631
+ $threats_found = $threats_name;
1632
+ $threats_name = $f;
1633
+ }
1634
+ $fpos = 0;
1635
+ $flen = 0;
1636
+ $potential_threat = str_replace("\r", "", $threats_found);
1637
+ while (($fpos = strpos(str_replace("\r", "", $GLOBALS["GOTMLS"]["tmp"]["file_contents"]), ($potential_threat), $flen + $fpos)) !== false) {
1638
+ $flen = strlen($potential_threat);
1639
+ $fa .= ' <a title="'.htmlspecialchars($threats_name).'" href="javascript:select_text_range(\'ta_file\', '.($fpos).', '.($fpos + $flen).');">['.$f++.']</a>';
1640
+ }
1641
+ }
1642
+ }
1643
+ } //else echo "excerpt:".$Q_post["post_excerpt"];
1644
+ // foreach ($decode_list as $decode => $regex) if (preg_match($regex.substr($GLOBALS["GOTMLS"]["tmp"]["default_ext"], 0, 1), $GLOBALS["GOTMLS"]["tmp"]["file_contents"])) $fa .= ' <a href="'.GOTMLS_script_URI.'&'.$function.'[]='.$decode.'">decode['.$decode.']</a>';
1645
+ die("\n".'<script type="text/javascript">
1646
+ function select_text_range(ta_id, start, end) {
1647
+ var textBox = document.getElementById(ta_id);
1648
+ var scrolledText = "";
1649
+ scrolledText = textBox.value.substring(0, end);
1650
+ textBox.focus();
1651
+ if (textBox.setSelectionRange) {
1652
+ scrolledText = textBox.value.substring(end);
1653
+ textBox.value = textBox.value.substring(0, end);
1654
+ textBox.scrollTop = textBox.scrollHeight;
1655
+ textBox.value = textBox.value + scrolledText;
1656
+ textBox.setSelectionRange(start, end);
1657
+ } else if (textBox.createTextRange) {
1658
+ var range = textBox.createTextRange();
1659
+ range.collapse(true);
1660
+ range.moveStart("character", start);
1661
+ range.moveEnd("character", end);
1662
+ range.select();
1663
+ } else
1664
+ alert("The highlighting function does not work in your browser");
1665
+ }
1666
+ window.parent.showhide("GOTMLS_iFrame", true);
1667
+ </script><table style="top: 0px; left: 0px; width: 100%; height: 100%; position: absolute;"><tr><td style="width: 100%"><form style="margin: 0;" method="post" action="'.admin_url('admin-ajax.php?'.GOTMLS_set_nonce(__FUNCTION__."1522")).'" onsubmit="return confirm(\''.__("Are you sure you want to delete this file from the quarantine?",'gotmls').'\');"><input type="hidden" name="GOTMLS_fix[]" value="'.$Q_post["ID"].'"><input type="hidden" name="GOTMLS_fixing" value="2"><input type="hidden" name="action" value="GOTMLS_fix"><input type="submit" value="DELETE from Quarantine" style="background-color: #C00; float: right;"></form><div id="fileperms" class="shadowed-box rounded-corners" style="display: none; position: absolute; left: 8px; top: 29px; background-color: #ccc; border: medium solid #C00; box-shadow: -3px 3px 3px #666; border-radius: 10px; padding: 10px;"><b>File Details</b><br />encoding: '.(function_exists("mb_detect_encoding")?mb_detect_encoding($GLOBALS["GOTMLS"]["tmp"]["file_contents"]):"Unknown").'<br />size: '.strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]).' bytes<br />infected:'.$Q_post["post_modified_gmt"].'<br />quarantined:'.$Q_post["post_date_gmt"].'</div><div style="overflow: auto;"><span onmouseover="document.getElementById(\'fileperms\').style.display=\'block\';" onmouseout="document.getElementById(\'fileperms\').style.display=\'none\';">'.__("File Details:",'gotmls').'</span> ('.$fa.' )</div></td></tr><tr><td style="height: 100%"><textarea id="ta_file" style="width: 100%; height: 100%">'.htmlentities(str_replace("\r", "", $GLOBALS["GOTMLS"]["tmp"]["file_contents"])).'</textarea></td></tr></table>');
1668
+ } else
1669
+ die(GOTMLS_html_tags(array("html" => array("body" => __("This file no longer exists in the quarantine.",'gotmls')."<br />\n<script type=\"text/javascript\">\nwindow.parent.showhide('GOTMLS_iFrame', true);\n</script>"))));
1670
+ } else {
1671
+ $file = GOTMLS_decode($_GET["GOTMLS_scan"]);
1672
+ if (is_dir($file)) {
1673
+ @error_reporting(0);
1674
+ @header("Content-type: text/javascript");
1675
+ if (isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"]))
1676
+ $GLOBALS["GOTMLS"]["tmp"]["skip_ext"] = $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"];
1677
+ @ob_start();
1678
+ echo GOTMLS_scandir($file);
1679
+ if (@ob_get_level()) {
1680
+ GOTMLS_flush();
1681
+ @ob_end_flush();
1682
+ }
1683
+ die('//END OF JavaScript');
1684
+ } else {
1685
+ if (!file_exists($file))
1686
+ die(GOTMLS_html_tags(array("html" => array("body" => sprintf(__("The file %s does not exist, it must have already been deleted.",'gotmls'), $file)."<script type=\"text/javascript\">\nwindow.parent.showhide('GOTMLS_iFrame', true);\n</script>"))));
1687
+ else {
1688
+ GOTMLS_scanfile($file);
1689
+ $fa = "";
1690
+ $function = 'GOTMLS_decode';
1691
+ if (isset($_GET[$function]) && is_array($_GET[$function])) {
1692
+ foreach ($_GET[$function] as $decode) {
1693
+ $fa .= " NO-$decode";
1694
+ }
1695
+ } elseif (isset($GLOBALS["GOTMLS"]["tmp"]["threats_found"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["threats_found"]) && count($GLOBALS["GOTMLS"]["tmp"]["threats_found"])) {
1696
+ $f = 1;
1697
+ foreach ($GLOBALS["GOTMLS"]["tmp"]["threats_found"] as $threats_found=>$threats_name) {
1698
+ list($start, $end, $junk) = explode("-", "$threats_found--", 3);
1699
+ if ($start > $end)
1700
+ $fa .= 'ERROR['.($f++).']: Threat_size{'.$threats_found.'} Content_size{'.strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]).'}';
1701
+ else
1702
+ $fa .= ' <a title="'.htmlspecialchars($threats_name).'" href="javascript:select_text_range(\'ta_file\', '.$start.', '.$end.');">['.$f++.']</a>';
1703
+ }
1704
+ } else
1705
+ $fa = " No Threats Found";
1706
+ // foreach ($decode_list as $decode => $regex) if (preg_match($regex.substr($GLOBALS["GOTMLS"]["tmp"]["default_ext"], 0, 1), $GLOBALS["GOTMLS"]["tmp"]["file_contents"])) $fa .= ' <a href="'.GOTMLS_script_URI.'&'.$function.'[]='.$decode.'">decode['.$decode.']</a>';
1707
+ die("\n".'<script type="text/javascript">
1708
+ function select_text_range(ta_id, start, end) {
1709
+ var textBox = document.getElementById(ta_id);
1710
+ var scrolledText = "";
1711
+ scrolledText = textBox.value.substring(0, end);
1712
+ textBox.focus();
1713
+ if (textBox.setSelectionRange) {
1714
+ scrolledText = textBox.value.substring(end);
1715
+ textBox.value = textBox.value.substring(0, end);
1716
+ textBox.scrollTop = textBox.scrollHeight;
1717
+ textBox.value = textBox.value + scrolledText;
1718
+ textBox.setSelectionRange(start, end);
1719
+ } else if (textBox.createTextRange) {
1720
+ var range = textBox.createTextRange();
1721
+ range.collapse(true);
1722
+ range.moveStart("character", start);
1723
+ range.moveEnd("character", end);
1724
+ range.select();
1725
+ } else
1726
+ alert("The highlighting function does not work in your browser");
1727
+ }
1728
+ window.parent.showhide("GOTMLS_iFrame", true);
1729
+ </script><table style="top: 0px; left: 0px; width: 100%; height: 100%; position: absolute;"><tr><td style="width: 100%"><form style="margin: 0;" method="post" action="'.admin_url('admin-ajax.php?'.GOTMLS_set_nonce(__FUNCTION__."1583")).'" onsubmit="return confirm(\''.__("Are you sure this file is not infected and you want to ignore it in future scans?",'gotmls').'\');"><input type="hidden" name="GOTMLS_whitelist" value="'.GOTMLS_encode($file).'"><input type="hidden" name="action" value="GOTMLS_whitelist"><input type="hidden" name="GOTMLS_chksum" value="'.md5($GLOBALS["GOTMLS"]["tmp"]["file_contents"]).'O'.GOTMLS_installation_key.'"><input type="submit" value="Whitelist this file" style="float: right;"></form><div id="fileperms" class="shadowed-box rounded-corners" style="display: none; position: absolute; left: 8px; top: 29px; background-color: #ccc; border: medium solid #C00; box-shadow: -3px 3px 3px #666; border-radius: 10px; padding: 10px;"><b>File Details: '.basename($file).'</b><br />in: '.dirname(realpath($file)).'<br />encoding: '.(function_exists("mb_detect_encoding")?mb_detect_encoding($GLOBALS["GOTMLS"]["tmp"]["file_contents"]):"Unknown").'<br />size: '.strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]).' ('.filesize(realpath($file)).'bytes)<br />permissions: '.GOTMLS_fileperms(realpath($file)).'<br />Owner/Group: '.fileowner(realpath($file)).'/'.filegroup(realpath($file)).' (you are: '.getmyuid().'/'.getmygid().')<br />modified:'.date(" Y-m-d H:i:s ", filemtime(realpath($file))).'<br />changed:'.date(" Y-m-d H:i:s ", filectime(realpath($file))).'</div><div style="overflow: auto;"><span onmouseover="document.getElementById(\'fileperms\').style.display=\'block\';" onmouseout="document.getElementById(\'fileperms\').style.display=\'none\';">'.__("Potential threats in file:",'gotmls').'</span> ('.$fa.' )</div></td></tr><tr><td style="height: 100%"><textarea id="ta_file" style="width: 100%; height: 100%">'.htmlentities(str_replace("\r", "", $GLOBALS["GOTMLS"]["tmp"]["file_contents"])).'</textarea></td></tr></table>');
1730
+ }
1731
+ }
1732
+ }
1733
+ } else
1734
+ die("\n//Directory Error: Nothing to scan!\n");
1735
+ } else {
1736
+ if (isset($_GET["GOTMLS_scan"]) && is_dir(GOTMLS_decode($_GET["GOTMLS_scan"])))
1737
+ @header("Content-type: text/javascript");
1738
+ die(GOTMLS_Invalid_Nonce("\n//Ajax Scan Error: ")."\n");
1739
+ }
1740
+ }
1741
+ add_action('wp_ajax_GOTMLS_scan', 'GOTMLS_ajax_scan');
1742
+
1743
+ function GOTMLS_ajax_nopriv() {
1744
+ die("\n//Permission Error: User not authenticated!\n");
1745
+ }
1746
+ add_action('wp_ajax_nopriv_GOTMLS_scan', 'GOTMLS_ajax_nopriv');
1747
+ add_action('wp_ajax_nopriv_GOTMLS_position', 'GOTMLS_ajax_nopriv');
1748
+ add_action('wp_ajax_nopriv_GOTMLS_fix', 'GOTMLS_ajax_nopriv');
1749
+ add_action('wp_ajax_nopriv_GOTMLS_whitelist', 'GOTMLS_ajax_nopriv');
1750
+ add_action('wp_ajax_nopriv_GOTMLS_empty_trash', 'GOTMLS_ajax_nopriv');
1751
+ add_action('wp_ajax_nopriv_GOTMLS_auto_update', 'GOTMLS_update_definitions');
1752
+
1753
+ add_action("plugins_loaded", "GOTMLS_loaded");
1754
+ add_action("admin_notices", "GOTMLS_admin_notices");
1755
+ add_action("admin_menu", "GOTMLS_menu");
1756
+ add_action("network_admin_menu", "GOTMLS_menu");
languages/gotmls-es_ES.mo ADDED
Binary file
languages/gotmls-es_ES.po ADDED
@@ -0,0 +1,336 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ # SOME DESCRIPTIVE TITLE.
2
+ # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
3
+ # This file is distributed under the same license as the PACKAGE package.
4
+ # Eli Scheetz <eli@gotmls.net>, 2014.
5
+ #
6
+ #, fuzzy
7
+ msgid ""
8
+ msgstr ""
9
+ "Project-Id-Version: GOTMLS\n"
10
+ "Report-Msgid-Bugs-To: eli@gotmls.net\n"
11
+ "POT-Creation-Date: 2014-02-24 11:27+0100\n"
12
+ "PO-Revision-Date: 2014-02-08 13:43-1000\n"
13
+ "Last-Translator: jelena kovacevic <jecajeca260@gmail.com>\n"
14
+ "Language-Team: Andrew Kurtis <andrewk@webhostinghub.com>\n"
15
+ "Language: es_ES\n"
16
+ "MIME-Version: 1.0\n"
17
+ "Content-Type: text/plain; charset=UTF-8\n"
18
+ "Content-Transfer-Encoding: 8bit\n"
19
+
20
+ msgid "Upgrade to %s now!"
21
+ msgstr "¡Actualice a %s ahora!"
22
+
23
+ msgid "First Name is a required field!"
24
+ msgstr "¡Nombre es un campo requerido!"
25
+
26
+ msgid "Last Name is a required field!"
27
+ msgstr "¡Apellidos es un campo requerido!"
28
+
29
+ msgid "Email Address is a required field!"
30
+ msgstr "¡Dirección Email es una campo requerido!"
31
+
32
+ msgid "Your WordPress Site URL is a required field!"
33
+ msgstr "¡Su URL del Sitio de Wordpress es una campo requerido!"
34
+
35
+ msgid "Plugin Installation Key is a required field!"
36
+ msgstr "¡La llave de Instalación del Plugin es un campo requerido!"
37
+
38
+ msgid "Submitting Registration ..."
39
+ msgstr "Cargando ..."
40
+
41
+ msgid "Download new definitions!"
42
+ msgstr "¡Bajar nuevas definiciones!"
43
+
44
+ msgid "If you have not already registered your Key then register now and get instant access to definition updates.<p>*All fields are required and I will NOT share your registration information with anyone.</p>"
45
+ msgstr "Si aún no ha registrado su clave, entonces regístrese ahora y obtenga acceso inmediato a las actualizaciones de las definiciones.<p>* Todos los campos son requeridos y NO compartirán su información de registro con nadie.</p>"
46
+
47
+ msgid "Your Full Name:"
48
+ msgstr "Su Nombre Completo:"
49
+
50
+ msgid "A password will be e-mailed to this address:"
51
+ msgstr "Una contraseña será enviada por correo electrónico a esta dirección:"
52
+
53
+ msgid "Your WordPress Site URL:"
54
+ msgstr "Su URL del Sitio WordPress:"
55
+
56
+ msgid "Plugin Installation Key:"
57
+ msgstr "Su Llave de Instalación del Plugin:"
58
+
59
+ msgid "Plugin Links"
60
+ msgstr "Enlaces del Plugin"
61
+
62
+ msgid "Make a Donation with PayPal"
63
+ msgstr "Haga una Donación con PayPal"
64
+
65
+ msgid "Main Menu Item placed below <b>Comments</b> and above <b>Appearance</b>"
66
+ msgstr "Elemento del Menú Principal posicionado debajo de <b>Comentarios</b> y arriba de <b>Apariencia</b>"
67
+
68
+ msgid "Main Menu Item placed below <b>Settings</b>"
69
+ msgstr "Elemento del Menú Principal posicionado debajo de <b>Ajustes</b>"
70
+
71
+ msgid "Sub-Menu inside the <b>Tools</b> Menu Item"
72
+ msgstr "Submenú dentro del Elemento del Menú <b>Herramientas</b>"
73
+
74
+ msgid "ONLY SHOW for <b>Network Admins</b>"
75
+ msgstr "SOLO MOSTRAR para <b>Administradores de Red</b>"
76
+
77
+ msgid "Only Scan These Folders:"
78
+ msgstr "Solo Escanear Estos Archivos:"
79
+
80
+ msgid "What to scan:"
81
+ msgstr "Qué escanear:"
82
+
83
+ msgid "Scan Depth:"
84
+ msgstr "Profundidad de Escaneo:"
85
+
86
+ msgid "how far do you want to drill down from your starting directory?"
87
+ msgstr "¿cuán lejos desea bajar desde su directorio de comienzo?"
88
+
89
+ msgid "-1 is infinite depth"
90
+ msgstr "-1 es profundidad infinita"
91
+
92
+ msgid "What to look for:"
93
+ msgstr "Qué buscar:"
94
+
95
+ msgid "Download Definition Updates to Use this feature"
96
+ msgstr "Bajar Actualizaciones de Definición para Usar esta característica"
97
+
98
+ msgid "Registration of your Installation Key is required for this feature"
99
+ msgstr "El registro de su Llave de instalación es requerido para esta característica"
100
+
101
+ msgid "Custom RegExp:"
102
+ msgstr "RegExp Personalizada:"
103
+
104
+ msgid "For very advanced users only. Do not use this without talking to Eli first. If used incorrectly you could easily break your site."
105
+ msgstr "Sólo para usuarios muy avanzados. No utilice esto sin hablar con Eli primero. Si se utiliza de forma incorrecta se podía romper fácilmente su sitio."
106
+
107
+ msgid "<b>Skip files with the following extentions:</b> (a comma separated list of file extentions to be excluded from the scan)"
108
+ msgstr "<b>Omitir archivos con las siguientes extensiones:</b> (una lista separada por coma de extensiones de archivos a ser excluidos del escaneo)"
109
+
110
+ msgid "<b>Skip directories with the following names:</b> (a comma separated list of folders to be excluded from the scan)"
111
+ msgstr "<b>Saltar directorios con los nombres siguientes:</b> (una lista separada por coma de carpetas a ser excluidas del escaneo)"
112
+
113
+ msgid "Menu Item Placement Options"
114
+ msgstr "Opciones de Posicionamiento del Elemento del Menú"
115
+
116
+ msgid "Another Plugin or Theme is using '%s' to handle output buffers. <br />This prevents actively outputing the buffer on-the-fly and will severely degrade the performance of this (and many other) Plugins. <br />Consider disabling caching and compression plugins (at least during the scanning process)."
117
+ msgstr "Otro Plugin o Tema está utilizando '%s' para manejar buffers de salida. <br />Esto evita enviar hacia afuera activamente al búfer en la marcha y se degradará seriamente el rendimiento de este (y muchos otros) Plugins. <br />Considere deshabilitar el almacenamiento en caché y los plugins de compresión (al menos durante el proceso de escaneando)."
118
+
119
+ msgid "Scanned Files"
120
+ msgstr "Archivos Escaneados"
121
+
122
+ msgid "Selected Folders"
123
+ msgstr "Carpetas Seleccionadas"
124
+
125
+ msgid "Scanned Folders"
126
+ msgstr "Carpetas Escaneadas"
127
+
128
+ msgid "Skipped Folders"
129
+ msgstr "Carpetas Omitidas"
130
+
131
+ msgid "Skipped Files"
132
+ msgstr "Archivos Omitidos"
133
+
134
+ msgid "Read/Write Errors"
135
+ msgstr "Errores de Lectura/Escritura"
136
+
137
+ msgid "Quarantined Files"
138
+ msgstr "Archivos en Cuarentena"
139
+
140
+ msgid "Scan Complete!"
141
+ msgstr "¡Scan Completo!"
142
+
143
+ msgid "You are not currently scanning for this type of threat!"
144
+ msgstr "¡Usted no está actualmente escaneando para este tipo de amenaza!"
145
+
146
+ msgid "Automatically Fix SELECTED Files Now"
147
+ msgstr "Arreglar Archivos SELECCIONADOS Automáticamente Ahora"
148
+
149
+ msgid "Scan Details:"
150
+ msgstr "Detalles del Escaneo:"
151
+
152
+ msgid "Restore SELECTED files from Quarantine"
153
+ msgstr "Restaurar archivos SELECCIONADOS de la Cuarentena"
154
+
155
+ msgid "Are you sure you want to overwrite the previously cleaned files with the selected files in the Quarantine?"
156
+ msgstr "¿Está seguro que desea sobrescribir los archivos limpiados anteriormente con los archivos seleccionados en la Cuarentena?"
157
+
158
+ msgid "Delete SELECTED files from Quarantine"
159
+ msgstr "Borrados archivos SELECCIONADOS de la Cuarentena"
160
+
161
+ msgid "Are you sure you want to permanently delete the selected files in the Quarantine?"
162
+ msgstr "¿Está seguro que desea borrar permanentemente los archivos seleccionados en la Cuarentena?"
163
+
164
+ msgid "<p><b>The following items have been found to contain malicious code, they have been cleaned, and the original infected file contents have been saved here in the Quarantine. The code is safe here and you do not need to do anything further with these files.</b></p> FYI - these files are found in:"
165
+ msgstr "<p><b> Los siguientes elementos han sido encontrados como que contienen código malicioso, ellos han sido limpiados, y los contenidos de archivo originalmente infectados han sido salvados aquí en la Cuarentena. El código es seguro aquí y usted no necesita hacer nada más con estos archivos </b></p> PARA-SU-INFORMACIÓN - estos archivos se encuentran en:"
166
+
167
+ msgid "No Items in Quarantine"
168
+ msgstr "No hay Elementos en Cuarentena"
169
+
170
+ msgid "NOTE: These are probably not malicious scripts (but it's a good place to start looking <u>IF</u> your site is infected and no Known Threats were found)."
171
+ msgstr "NOTA: Estos son scripts probablemente no maliciosos (pero es un buen lugar para empezar a buscar <u>SI</u> su sitio está infectado y no se encontraron amenazas conocidas)."
172
+
173
+ msgid "NOTE: Your WordPress Login page is susceptible to a brute-force attack (just like any other login page). These types of attacks are becoming more prevalent these days and can sometimes cause your server to become slow or unresponsive, even if the attacks do not succeed in gaining access to your site. Applying this patch will block access to the WordPress Login page whenever this type of attack is detected. For more information on this subject"
174
+ msgstr "NOTA: Su página Inicio de sesión de WordPress es susceptible a un ataque de fuerza bruta (al igual que cualquier otra página de inicio de sesión). Estos tipos de ataques son cada vez más frecuentes en estos días y, a veces pueden provocar que el servidor se vuelva lento o no responda, aunque los ataques no tienen éxito en el acceso a su sitio. La aplicación de este parche bloqueará el acceso a la página de WordPress sesión cada vez que se detecta este tipo de ataque. Para obtener más información sobre este tema"
175
+
176
+ msgid "read my blog"
177
+ msgstr "lea mi blog"
178
+
179
+ msgid "The Quick Scan was unable to finish because of a shortage of memory or a problem accessing a file. Please try using the Complete Scan, it is slower but it will handle these errors better and continue scanning the rest of the files."
180
+ msgstr "El Escaneo Rápido no pudo terminar debido a la escasez de memoria o un problema de acceso a un archivo. Por favor, trate de usar el Escaneo Completo, es más lento pero va a manejar estos errores mejor y continuará escaneando el resto de los archivos."
181
+
182
+ msgid "Completed!"
183
+ msgstr "¡Completado!"
184
+
185
+ msgid "Starting Scan ..."
186
+ msgstr "Comenzando Scan ..."
187
+
188
+ msgid "Last Scan Status"
189
+ msgstr "Estatus del Último Escaneo"
190
+
191
+ msgid "The file %s does not exist."
192
+ msgstr "El archivo %s no existe."
193
+
194
+ msgid "You could <a %s>try viewing the quarantined backup file</a>."
195
+ msgstr "Usted puede <a %s> probar ver el archivo de backup en cuarentena</a>."
196
+
197
+ msgid "The file must have already been delete."
198
+ msgstr "El archivo debe ya haber sido borrado."
199
+
200
+ msgid "Are you sure this file is not infected and you want to ignore it in future scans?"
201
+ msgstr "¿Está seguro de que este archivo no está infectado y desea ignorarlo en análisis futuros?"
202
+
203
+ msgid "Potential threats in file:"
204
+ msgstr "Amenazas potenciales en el archivo:"
205
+
206
+ msgid "Because some threats were automatically fixed we need to check to make sure the removal did not break your site. If this stays Red and the frame below does not load please <a %s>revert the changes</a> made during the automated fix process."
207
+ msgstr "Debido a que algunas amenazas se fijaron automáticamente tenemos que comprobar para asegurar que la eliminación no rompió su sitio. Si permanece en Rojo y los frames de abajo no se cargan por favor <a %s> revierta los cambios </a> hechos durante el proceso de corrección automática."
208
+
209
+ msgid "Never mind, it worked!"
210
+ msgstr "¡No importa, funcionó!"
211
+
212
+ msgid "Nothing Selected to be Changed!"
213
+ msgstr "¡Nada seleccionado para ser Cambiando!"
214
+
215
+ msgid "Done!"
216
+ msgstr "¡Hecho!"
217
+
218
+ msgid "Run Quick Scan"
219
+ msgstr "Ejecutar Escaneo Rápido"
220
+
221
+ msgid "Run Complete Scan"
222
+ msgstr "Ejecutar Escaneo Completo"
223
+
224
+ msgid "View Quarantine"
225
+ msgstr "Ver Garantía"
226
+
227
+ msgid "Tested your site. It appears we didn't break anything"
228
+ msgstr "Probado en su sitio. Parece ser que no rompimos nada"
229
+
230
+ msgid "This Plugin requires WordPress version %s or higher"
231
+ msgstr "Este plugin requiere la versión %s de WordPress o superior"
232
+
233
+ msgid "Scan Settings"
234
+ msgstr "Ajustes de Scan"
235
+
236
+ msgid "Loading, Please Wait ..."
237
+ msgstr "Cargando, Por Favor Espere ..."
238
+
239
+ msgid "If this is taking too long, click here."
240
+ msgstr "¿Mucho tiempo ha pasado? pulse aquí"
241
+
242
+ msgid "Could not find server!"
243
+ msgstr "¡No se pudo encontrar el servidor!"
244
+
245
+ msgid "Plugin Updates for WP"
246
+ msgstr "Actualizaciones de plugin para WP"
247
+
248
+ msgid "Searching for updates ..."
249
+ msgstr "Buscando actualizaciones ..."
250
+
251
+ msgid "Definition Updates"
252
+ msgstr "Actualizaciones de Definición"
253
+
254
+ msgid "Please make a donation for the use of this wonderful feature!"
255
+ msgstr "¡Por favor haga una donación para el uso de esta característica maravillosa!"
256
+
257
+ msgid "an unknown file"
258
+ msgstr "un archivo desconocido"
259
+
260
+ msgid "unknown"
261
+ msgstr "desconocido"
262
+
263
+ msgid "<b>Headers already sent</b> in %1$s on line %2$s.<br />This is not a good sign, it may just be a poorly written plugin but Headers should not have been sent at this point.<br />Check the code in the above mentioned file to fix this problem."
264
+ msgstr "<b>Headers ya enviados</b> en %1$s en la línea %2$s. <br />Esto no es una buena señal, puede ser sólo un plugin mal escrito pero los Headers no deberían haber sido enviados en este punto. <br />Compruebe el código en el archivo mencionado anteriormente para solucionar este problema."
265
+
266
+ msgid "<b>Session not found</b>, some functionality may be diminished.<br />If you are getting this error consistently it may mean that this site is unable to maintain a persistent session.<br />Check with your hosting provider or see if you can enable sessions on this site."
267
+ msgstr "<b>Sesión no encontrada</b>, algunas funciones pueden verse disminuidas. <br />Si usted está recibiendo este error constantemente puede significar que este sitio es incapaz de mantener una sesión persistente. <br />Consulte con su proveedor de hosting o vea si se puede permitir sesiones de este sitio."
268
+
269
+ msgid "Failed to read file contents!"
270
+ msgstr "¡Error al leer los contenidos del archivo!"
271
+
272
+ msgid "Deleted!"
273
+ msgstr "¡Borrado!"
274
+
275
+ msgid "Restored!"
276
+ msgstr "¡Restaurado!"
277
+
278
+ msgid "Restore Failed!"
279
+ msgstr "¡Restauración Fallida!"
280
+
281
+ msgid "Already Fixed!"
282
+ msgstr "¡Ya se Arregló!"
283
+
284
+ msgid "htaccess Threats"
285
+ msgstr "Amenazas de htaccess"
286
+
287
+ msgid "TimThumb Exploits"
288
+ msgstr "Exploits de TimThumb"
289
+
290
+ msgid "Backdoor Scripts"
291
+ msgstr "Scripts de Backdoor"
292
+
293
+ msgid "Known Threats"
294
+ msgstr "Amenazas Conocidas"
295
+
296
+ msgid "WP-Login Vulnerability "
297
+ msgstr "Vulnerabilidad de WP-Login "
298
+
299
+ msgid "Potential Threats"
300
+ msgstr "Amenazas Potenciales"
301
+
302
+ msgid "Unknown"
303
+ msgstr "Desconocido"
304
+
305
+ msgid "Preparing %s"
306
+ msgstr "Preparando %s"
307
+
308
+ msgid "Scanning %s"
309
+ msgstr "Escaneando %s"
310
+
311
+ msgid "Failed to list files in directory!"
312
+ msgstr "¡Falló listar los archivos en el directorio!"
313
+
314
+ msgid "Scanned %s"
315
+ msgstr "Escaneado %s"
316
+
317
+ msgid "Skipped because of file extention!"
318
+ msgstr "¡Omitido debido a la extensión del archivo!"
319
+
320
+ msgid "Failed to determine file size!"
321
+ msgstr "¡Falló determinar el tamaño!"
322
+
323
+ msgid "Skipped because of file size!"
324
+ msgstr "¡Omitido debido al tamaño del archivo!"
325
+
326
+ msgid "Failed to read directory!"
327
+ msgstr "¡Falló leer el directorio!"
328
+
329
+ msgid "Skipped because of file size (%1$s bytes) or file extention (%2$s)!"
330
+ msgstr "¡Omitido debido al tamaño del archivo (%1$s bytes) o la extensión del archivo (%2$s)!"
331
+
332
+ msgid "Failed to read file!"
333
+ msgstr "¡Falló leer el archivo!"
334
+
335
+ msgid "Empty file!"
336
+ msgstr "¡archivo vacío!"
languages/gotmls-pt_BR.mo ADDED
Binary file
languages/gotmls-pt_BR.po ADDED
@@ -0,0 +1,743 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ # Translation of Development (trunk) in Portuguese (Brazil)
2
+ # This file is distributed under the same license as the Development (trunk) package.
3
+ msgid ""
4
+ msgstr ""
5
+ "PO-Revision-Date: +0000\n"
6
+ "MIME-Version: 1.0\n"
7
+ "Content-Type: text/plain; charset=UTF-8\n"
8
+ "Content-Transfer-Encoding: 8bit\n"
9
+ "Plural-Forms: nplurals=2; plural=(n > 1);\n"
10
+ "X-Generator: GlotPress/1.0-alpha-1100\n"
11
+ "Project-Id-Version: Development (trunk)\n"
12
+
13
+ #: index.php:878
14
+ msgid "Custom Code to be Checked:"
15
+ msgstr "Código personalizado a ser verificado:"
16
+
17
+ #: index.php:884
18
+ msgid "Save Settings"
19
+ msgstr "Salvar Configurações"
20
+
21
+ #: index.php:878
22
+ msgid "For very advanced users only. If you enter anything in this box then no other files will be scanned on your site."
23
+ msgstr "Apenas para usuários muito avançados. Se você colocar algo nesta caixa, nenhum outro arquivo será escaneado em seu site."
24
+
25
+ #: index.php:1313
26
+ msgid "saved."
27
+ msgstr "salvo."
28
+
29
+ #: index.php:1324
30
+ msgid "Failed to empty the trash."
31
+ msgstr "Falha ao esvaziar a lixeira."
32
+
33
+ #: index.php:1371 index.php:1407
34
+ msgid "Done!"
35
+ msgstr "Pronto!"
36
+
37
+ #: index.php:1374
38
+ msgid "Failed to delete!"
39
+ msgstr "Falha ao excluir!"
40
+
41
+ #: index.php:1309
42
+ msgid "New position"
43
+ msgstr "Nova posição"
44
+
45
+ #: index.php:1382
46
+ msgid "Complete!"
47
+ msgstr "Completo!"
48
+
49
+ #: index.php:1385
50
+ msgid "Restore Failed!"
51
+ msgstr "Restauração Falhou!"
52
+
53
+ #: index.php:1405
54
+ msgid "Because some changes were made we need to check to make sure it did not break your site. If this stays Red and the frame below does not load please <a %s>revert the changes</a> made during this automated fix process."
55
+ msgstr "Por haver algumas mudanças feitas, precisamos checar para ter certeza que isso não quebrou o seu site. Se isso ficar em Vermelho e o quadro abaixo não carregar, <a %s> reverta as alterações</a> feitas durante esse processo automatizado de correção."
56
+
57
+ #: index.php:1405
58
+ msgid "Never mind, it worked!"
59
+ msgstr "Não importa, funcionou!"
60
+
61
+ #: index.php:1407
62
+ msgid "Nothing Selected to be Changed!"
63
+ msgstr "Nada selecionado para ter alterado!"
64
+
65
+ #: index.php:1473
66
+ msgid "Are you sure you want to delete this file from the quarantine?"
67
+ msgstr "Você tem certeza que quer excluir esse arquivo da quarentena?"
68
+
69
+ #: index.php:1473
70
+ msgid "File Details:"
71
+ msgstr "Detalhes do arquivo:"
72
+
73
+ #: index.php:1535
74
+ msgid "Potential threats in file:"
75
+ msgstr "Ameaças potenciais no arquivo:"
76
+
77
+ #: safe-load/trace.php:18
78
+ msgid ": Headers sent by %1$s on line %2$s."
79
+ msgstr ": Cabeçalhos enviados por %1$s na linha %2$s."
80
+
81
+ #. Plugin Name of the plugin/theme
82
+ msgid "Anti-Malware and Brute-Force Security by ELI"
83
+ msgstr "Anti-Malware e Brute-Force Security by ELI"
84
+
85
+ #. Plugin URI of the plugin/theme
86
+ msgid "http://gotmls.net/"
87
+ msgstr "http://gotmls.net/"
88
+
89
+ #. Description of the plugin/theme
90
+ msgid "This Anti-Virus/Anti-Malware plugin searches for Malware and other Virus like threats and vulnerabilities on your server and helps you remove them. It's always growing and changing to adapt to new threats so let me know if it's not working for you."
91
+ msgstr "Este plugin Anti-Virus/Anti-Malware procura por Malware e outros Virus como ameaças e vulnerabilidades em seu servidor, e lhe auxilia a resolvê-los. Isto está sempre mudando e precisa de atualizações e adaptação frequentemente. Para novas ameaças, ou se isso não funcionou bem para você, entre em contato comigo."
92
+
93
+ #. Author of the plugin/theme
94
+ msgid "Eli Scheetz"
95
+ msgstr "Eli Scheetz"
96
+
97
+ #. Author URI of the plugin/theme
98
+ msgid "http://wordpress.ieonly.com/category/my-plugins/anti-malware/"
99
+ msgstr "http://wordpress.ieonly.com/category/my-plugins/anti-malware/"
100
+
101
+ #: index.php:1535
102
+ msgid "Are you sure this file is not infected and you want to ignore it in future scans?"
103
+ msgstr "Tem certeza que esse arquivo não está infectado e deseja ignorá-lo nós escaneamentos futuros?"
104
+
105
+ #: index.php:1492
106
+ msgid "The file %s does not exist, it must have already been deleted."
107
+ msgstr "O arquivo %s não existe, ele já foi excluído."
108
+
109
+ #: index.php:1475
110
+ msgid "This file no longer exists in the quarantine."
111
+ msgstr "Este arquivo não existe mais na quarentena."
112
+
113
+ #: index.php:872
114
+ msgid "What to scan:"
115
+ msgstr "O que verificar:"
116
+
117
+ #: index.php:868
118
+ msgid "Download the new definitions (Right sidebar) to activate this feature."
119
+ msgstr "Faça download das novas definições (barra lateral direita) para ativar este recurso."
120
+
121
+ #: index.php:868
122
+ msgid "Download Definition Updates to Use this feature"
123
+ msgstr "Usar este recurso"
124
+
125
+ #: index.php:853
126
+ msgid "What to look for:"
127
+ msgstr "Procurar por:"
128
+
129
+ #: index.php:849
130
+ msgid "Only Scan These Folders:"
131
+ msgstr "Escanear Somente Essas Pastas"
132
+
133
+ #: index.php:717
134
+ msgid "Scan Logs"
135
+ msgstr "Escanear Logs"
136
+
137
+ #: index.php:713
138
+ msgid "Quarantine"
139
+ msgstr "Quarentena "
140
+
141
+ #: index.php:710
142
+ msgid "White-lists"
143
+ msgstr "White-lists (lista branca)"
144
+
145
+ #: index.php:700
146
+ msgid "No Items in Quarantine"
147
+ msgstr "Não há itens na Quarentena "
148
+
149
+ #: index.php:693
150
+ msgid "View Quarantined File"
151
+ msgstr "Visualizar Arquivo na Quarentena "
152
+
153
+ #: images/index.php:32 index.php:905
154
+ msgid "Potential Threats"
155
+ msgstr "Ameaças potenciais"
156
+
157
+ #: images/index.php:71 index.php:1136
158
+ msgid "You must register and donate to use this feature!"
159
+ msgstr "Você precisa se registrar e fazer uma doação para usar essa funcionalidade!"
160
+
161
+ #: images/index.php:71 index.php:1136
162
+ msgid "This feature is available to those who have donated!"
163
+ msgstr "Este recurso está disponível àqueles que fizeram uma doação!"
164
+
165
+ #: images/index.php:75
166
+ msgid "Your Server could not start a Session!"
167
+ msgstr "Seu servidor não pôde iniciar uma sessão!"
168
+
169
+ #: images/index.php:88
170
+ msgid "Failed to list files in directory!"
171
+ msgstr "Falha ao listar arquivos no diretório!"
172
+
173
+ #: images/index.php:89
174
+ msgid "Quick Scan"
175
+ msgstr "Escaneamento Rápido"
176
+
177
+ #: images/index.php:90
178
+ msgid "View Quarantine"
179
+ msgstr "Ver Quarentena"
180
+
181
+ #: images/index.php:91
182
+ msgid "View Scan Log"
183
+ msgstr "Ver Log de Escaneamento"
184
+
185
+ #: images/index.php:92
186
+ msgid "This Plugin requires WordPress version %s or higher"
187
+ msgstr "Este Plugin requer a versão %s do WordPress, ou superior"
188
+
189
+ #: images/index.php:93
190
+ msgid "Scan Settings"
191
+ msgstr "Configurações de Escaneamento"
192
+
193
+ #: images/index.php:94
194
+ msgid "Loading, Please Wait ..."
195
+ msgstr "Carregando, Aguarde Por Favor..."
196
+
197
+ #: images/index.php:95
198
+ msgid "Automatically Fix SELECTED Files Now"
199
+ msgstr "Corrigir automaticamente os arquivos SELECIONADOS abaixo"
200
+
201
+ #: images/index.php:202 safe-load/trace.php:15
202
+ msgid "an unknown file"
203
+ msgstr "um arquivo desconhecido"
204
+
205
+ #: images/index.php:204 safe-load/trace.php:17
206
+ msgid "unknown"
207
+ msgstr "desconhecido"
208
+
209
+ #: images/index.php:205
210
+ msgid "<b>Headers already sent</b> in %1$s on line %2$s.<br />This is not a good sign, it may just be a poorly written plugin but Headers should not have been sent at this point.<br />Check the code in the above mentioned file to fix this problem."
211
+ msgstr "<b>Cabeçalhos já enviados</b> em %1$s na linha %2$s.<br />Isso não é um bom sinal, pode ser apenas um plugin mal escrito, mas os cabeçalhos não deveriam ter sido enviado neste momento.<br />Verifique o código mencionado abaixo para resolver este problema."
212
+
213
+ #: index.php:1207
214
+ msgid "Your new username must be at least 3 characters and can only contain &quot;%s&quot;. Please try again."
215
+ msgstr "Seu novo nome de usuário precisa conter ao menos 3 caracteres e pode conter apenas &quot;%s&quot;. Tente novamente por favor."
216
+
217
+ #: index.php:1208
218
+ msgid "Change your username:"
219
+ msgstr "Troque seu nome de usuário:"
220
+
221
+ #: index.php:1287
222
+ msgid "Default position"
223
+ msgstr "Posição padrão"
224
+
225
+ #: index.php:1148
226
+ msgid "Failed to remove XMLRPC Protection (.htaccess %s)"
227
+ msgstr "Falha ao remover a proteção XMLRPC (.htaccess %s)"
228
+
229
+ #: index.php:1155
230
+ msgid "Failed to install XMLRPC Protection (.htaccess %s)"
231
+ msgstr "Falha ao instalar a proteção XMLRPC (.htaccess %s)"
232
+
233
+ #: index.php:1159
234
+ msgid "Most WordPress site do not use the XMLRPC features and hack attempt on the xmlrpc.php file are more common then ever before. Even if there are no vulnerabilities for hackers to exploit these attempts can cause slowness or downtime similar to a DDoS attack. This patch automatically blocks all external access to the xmlrpc.php file."
235
+ msgstr "A maioria dos sites em WordPress não usam os recursos XMLRPC e restringir o uso do arquivo xmlrpc.php é mais comuns do que nunca. Mesmo que não haja vulnerabilidades para hackers explorarem essas tentativas podem causar lentidão ou paralisação semelhante a um ataque DDoS. Este patch bloqueia automaticamente todos os acessos externos ao arquivo xmlrpc.php."
236
+
237
+ #: index.php:1169
238
+ msgid "Removed Brute-Force Protection"
239
+ msgstr "Proteção Brute-Force Removida"
240
+
241
+ #: index.php:1174
242
+ msgid "Upgraded Brute-Force Protection"
243
+ msgstr "Proteção Brute-Force Atualizada"
244
+
245
+ #: index.php:1180
246
+ msgid "Installed Brute-Force Protection"
247
+ msgstr "Proteção Brute-Force Instalada"
248
+
249
+ #: index.php:1183
250
+ msgid "Failed to install Brute-Force Protection (wp-config.php %s)"
251
+ msgstr "Falha ao instalar a Proteção Brute-Force (wp-config.php %s)"
252
+
253
+ #: index.php:1185
254
+ msgid "wp-config.php Not Readable!"
255
+ msgstr "wp-config.php Não pode ser lido!"
256
+
257
+ #: index.php:1187
258
+ msgid "wp-config.php Not Found!"
259
+ msgstr "wp-config.php Não Encontrado!"
260
+
261
+ #: index.php:1190
262
+ msgid "Removed Old Brute-Force Login Patch"
263
+ msgstr "Patch antigo de Brute-Force Login Removido"
264
+
265
+ #: index.php:1194
266
+ msgid "This protection is automatically activated with this plugin because of the widespread attack on WordPress that are affecting so many site right now. It is still recommended that you make sure to upgrade and older versions of the Revolution Slider plugin, especially those included in some themes that will not update automatically. Even if you do not have Revolution Slider on your site it still can't hurt to have this protection installed."
267
+ msgstr "Essa proteção é ativada automaticamente com este plugin por causa do ataque generalizado no WordPress que afetam tantos site atualmente. É recomendado que você tenha certeza de atualizar as versões mais antigas do plugin Revolution Slider, especialmente aqueles incluídos em alguns temas que não irão atualizá-lo automaticamente. Mesmo se você não tem Revolution Slider em seu site ainda, é melhor ter essa proteção instalada."
268
+
269
+ #: index.php:1196
270
+ msgid "Checking for session compatibility ..."
271
+ msgstr "Verificando por compatibilidade de sessão..."
272
+
273
+ #: index.php:1196
274
+ msgid " For more information on Brute-Force attack prevention and the WordPress wp-login-php file "
275
+ msgstr "Para mais informação sobre prevenção de ataques Brute-Force e o arquivo wp-login-php do WordPress"
276
+
277
+ #: index.php:1201
278
+ msgid "You username has been change to %s. Don't forget to use your new username when you login again."
279
+ msgstr "Seu nome de usuário foi alterado para %s. Não se esqueça de usar o novo nome de usuário quando fizer login novamente."
280
+
281
+ #: index.php:1203
282
+ msgid "SQL Error changing username: %s. Please try again later."
283
+ msgstr "Erro SQL ao alterar o nome de usuário: %s. Tente novamente por favor. "
284
+
285
+ #: index.php:905
286
+ msgid "WP-Login Updates"
287
+ msgstr "Atualizações no WP-Login"
288
+
289
+ #: index.php:937
290
+ msgid "Scan Complete!"
291
+ msgstr "Escaneamento Completo!"
292
+
293
+ #: index.php:982
294
+ msgid "You are not currently scanning for this type of threat!"
295
+ msgstr "Você não está escaneando para este tipo de ameaça atualmente!"
296
+
297
+ #: index.php:1022
298
+ msgid "NOTE: These are probably not malicious scripts (but it's a good place to start looking <u>IF</u> your site is infected and no Known Threats were found)."
299
+ msgstr "NOTA: Estes provavelmente não são scripts maliciosos (mas é um bom lugar para começar a olhar <u>SE</u> seu site está infectado e não há ameaças conhecidas encontradas)."
300
+
301
+ #: index.php:1022
302
+ msgid "NOTE: We have detected changes to the WordPress Core files on your site. This could be an intentional modification or the malicious work of a hacker. We can restore these files to their original state to preserve the integrity of your original WordPress %s installation."
303
+ msgstr "NOTA: Detectamos alterações nos arquivos do núcleo do WordPress em seu site. Esta poderia ser uma modificação intencional ou o trabalho de um hacker mal-intencionado. Podemos restaurar esses arquivos para seu estado original para preservar a integridade da instalação do seu WordPress %s original."
304
+
305
+ #: index.php:1022 index.php:1196
306
+ msgid "read my blog"
307
+ msgstr "leia meu blog"
308
+
309
+ #: index.php:1025
310
+ msgid "Scan Details:"
311
+ msgstr "Detalhes de Escaneamento:"
312
+
313
+ #: index.php:1045
314
+ msgid "The Quick Scan was unable to finish because of a shortage of memory or a problem accessing a file. Please try using the Complete Scan, it is slower but it will handle these errors better and continue scanning the rest of the files."
315
+ msgstr "O Escaneamento Rápido foi incapaz de terminar devido a uma falta de memória ou um problema ao acessar um arquivo. Por favor, tente usar o escaneamento completo, é mais lento, mas ele vai lidar com esses erros melhor e continuar o escaneamento do restante dos arquivos."
316
+
317
+ #: index.php:1063
318
+ msgid "Completed!"
319
+ msgstr "Completado!"
320
+
321
+ #: index.php:1065
322
+ msgid "Starting Scan ..."
323
+ msgstr "Iniciando Escaneamento..."
324
+
325
+ #: index.php:1119
326
+ msgid "Your WordPress Login page is susceptible to a brute-force attack (just like any other login page). These types of attacks are becoming more prevalent these days and can sometimes cause your server to become slow or unresponsive, even if the attacks do not succeed in gaining access to your site. Applying this patch will block access to the WordPress Login page whenever this type of attack is detected."
327
+ msgstr "Sua página de login do WordPress é suscetível a um ataque de força bruta (assim como qualquer outra página de login). Estes tipos de ataques estão se tornando mais frequentes atualmente, e às vezes pode fazer com que o servidor fique lento ou sem resposta, mesmo se os ataques não conseguem ter acesso ao seu site. Aplicando este patch você irá bloquear o acesso à página de login do WordPress sempre que este tipo de ataque é detectado."
328
+
329
+ #: index.php:1124
330
+ msgid "Your WordPress site has the current version of my brute-force Login protection installed."
331
+ msgstr "Seu site WordPress tem a versão atual da minha proteção de brute-force instalada."
332
+
333
+ #: index.php:1130
334
+ msgid "Your WordPress Login page has the old version of my brute-force protection installed. Upgrade this patch to improve the protection on the WordPress Login page and preserve the integrity of your WordPress core files."
335
+ msgstr "Sua página WordPress tem a versão antiga da minha proteção brute-force instalada. Atualize este patch para melhorar a proteção na página de Login do WordPress e preservar a integridade de seus arquivos de núcleo do WordPress."
336
+
337
+ #: index.php:1136
338
+ msgid "Checking .htaccess file ..."
339
+ msgstr "Verificando arquivo .htaccess..."
340
+
341
+ #: index.php:880
342
+ msgid "Skip files with the following extentions:"
343
+ msgstr "Ignorar arquivos com as seguintes extensões:"
344
+
345
+ #: index.php:881
346
+ msgid "a comma separated list of file extentions to skip"
347
+ msgstr "uma lista de extensões de arquivo separadas por vírgula para ignorar"
348
+
349
+ #: index.php:882
350
+ msgid "Skip directories with the following names:"
351
+ msgstr "Ignorar diretórios com os seguintes nomes:"
352
+
353
+ #: index.php:883
354
+ msgid "a folder name or comma separated list of folder names to skip"
355
+ msgstr "um nome ou uma lista de nomes de pastas, separada por vírgulas para ignorar"
356
+
357
+ #: index.php:884
358
+ msgid "Automatically Update Definitions:"
359
+ msgstr "Definições de Atualização Automática"
360
+
361
+ #: index.php:884
362
+ msgid "This new BETA feature is only available to registered users who have donated at a certain level."
363
+ msgstr "Este novo recurso beta está disponível apenas para usuários registrados que doaram a um determinado nível."
364
+
365
+ #: index.php:884
366
+ msgid "Run Complete Scan"
367
+ msgstr "Rodar o Escaneamento Completo"
368
+
369
+ #: index.php:893
370
+ msgid "Scanned Files"
371
+ msgstr "Arquivos Escaneados"
372
+
373
+ #: index.php:893
374
+ msgid "Selected Folders"
375
+ msgstr "Pastas Selecionadas"
376
+
377
+ #: index.php:893
378
+ msgid "Scanned Folders"
379
+ msgstr "Pastas Escaneadas"
380
+
381
+ #: index.php:893
382
+ msgid "Skipped Folders"
383
+ msgstr "Pastas Ignoradas"
384
+
385
+ #: index.php:893
386
+ msgid "Skipped Files"
387
+ msgstr "Arquivos Ignorados"
388
+
389
+ #: index.php:893
390
+ msgid "Read/Write Errors"
391
+ msgstr "Erros de Leitura/Gravação"
392
+
393
+ #: index.php:893
394
+ msgid "Quarantined Files"
395
+ msgstr "Arquivos em Quarentena"
396
+
397
+ #: index.php:891
398
+ msgid "Another Plugin or Theme is using '%s' to handle output buffers. <br />This prevents actively outputing the buffer on-the-fly and will severely degrade the performance of this (and many other) Plugins. <br />Consider disabling caching and compression plugins (at least during the scanning process)."
399
+ msgstr "Outro Plugin ou Tema está usando '%s' para lidar com buffers de saída. <br /> Isso impede ativamente a saída do buffer em tempo real e irá degradar severamente o desempenho deste (e muitos outros) Plugins. <br /> Considere desabilitar os plugins de compressão ou de cache (pelo menos durante o processo de escaneamento)."
400
+
401
+ #: index.php:874
402
+ msgid "Scan Depth:"
403
+ msgstr "Profundidade do escaneamento:"
404
+
405
+ #: index.php:875
406
+ msgid "how far to drill down"
407
+ msgstr "o quão longe detalhar"
408
+
409
+ #: index.php:875
410
+ msgid "-1 is infinite depth"
411
+ msgstr "-1 é profundidade infinita"
412
+
413
+ #: index.php:878
414
+ msgid "Custom RegExp:"
415
+ msgstr "RegExp Personalizado:"
416
+
417
+ #: index.php:878
418
+ msgid "For very advanced users only. Do not use this without talking to Eli first. If used incorrectly you could easily break your site."
419
+ msgstr "Apenas para usuários muito avançados. Não use isso sem falar com o Eli primeiro. Se você usar incorretamente, você poderá facilmente quebrar seu site."
420
+
421
+ #: index.php:497
422
+ msgid "Last Scan Status"
423
+ msgstr "Último Status de Escaneamento"
424
+
425
+ #: index.php:556
426
+ msgid "Cleared %s records from this log."
427
+ msgstr "%s registros removidos deste log."
428
+
429
+ #: index.php:598
430
+ msgid "No Scans have been logged"
431
+ msgstr "Não há escaneamentos registrados em log."
432
+
433
+ #: index.php:605
434
+ msgid "Globally White-listed files"
435
+ msgstr "Arquivos globalmente marcados como white-list "
436
+
437
+ #: index.php:605
438
+ msgid "# of patterns"
439
+ msgstr "# de padrões "
440
+
441
+ #: index.php:605
442
+ msgid "Date Updated"
443
+ msgstr "Data de Atualização "
444
+
445
+ #: index.php:615
446
+ msgid "WordPress Core files"
447
+ msgstr "Arquivos de núcleo do WordPress"
448
+
449
+ #: index.php:615
450
+ msgid "# of files"
451
+ msgstr "# de arquivos"
452
+
453
+ #: index.php:687
454
+ msgid "Restore selected files"
455
+ msgstr "Restaurar arquivos selecionados"
456
+
457
+ #: index.php:687
458
+ msgid "Are you sure you want to overwrite the previously cleaned files with the selected files in the Quarantine?"
459
+ msgstr "Tem certeza que você quer sobrescrever os arquivos previamente limpos com esses arquivos selecionados na Quarentena?"
460
+
461
+ #: index.php:687
462
+ msgid "Delete selected files"
463
+ msgstr "Excluir arquivos selecionados"
464
+
465
+ #: index.php:687
466
+ msgid "Are you sure you want to permanently delete the selected files in the Quarantine?"
467
+ msgstr "Tem certeza que deseja excluir permanentemente os arquivos selecionados na Quarentena?"
468
+
469
+ #: index.php:687
470
+ msgid "The following items have been found to contain malicious code, they have been cleaned, and the original infected file contents have been saved here in the Quarantine. The code is safe here and you do not need to do anything further with these files."
471
+ msgstr "Os itens a seguir foram encontrados por conter código malicioso, eles foram limpos, e os arquivos com conteúdo original infectado, foram salvos na Quarentena. O código está seguro aqui e você não precisa de mais nada com esses arquivos."
472
+
473
+ #: index.php:688
474
+ msgid "Check all %d"
475
+ msgstr "Verificar todos %d"
476
+
477
+ #: index.php:688
478
+ msgid " Items in Quarantine"
479
+ msgstr "Itens na Quarentena "
480
+
481
+ #: index.php:375
482
+ msgid "Check for Definition Updates Now!"
483
+ msgstr "Verificar Atualização de Definições Agora!"
484
+
485
+ #: index.php:376
486
+ msgid "If you have not already registered your Key then register now using the form below.<br />* All registration fields are required<br />** I will NOT share your information."
487
+ msgstr "Se você ainda não registrou sua Chave, registre-se agora usando o formulário abaixo.<br />* Todos os campos de registro são requeridos<br />**Eu NÃO irei compartilhar suas informações."
488
+
489
+ #: index.php:378
490
+ msgid "Your Full Name:"
491
+ msgstr "Seu Nome Completo:"
492
+
493
+ #: index.php:382
494
+ msgid "A password will be e-mailed to this address:"
495
+ msgstr "Uma senha será enviada a este endereço de e-mail:"
496
+
497
+ #: index.php:385
498
+ msgid "Your WordPress Site URL:"
499
+ msgstr "A URL de seu site em WordPress:"
500
+
501
+ #: index.php:388
502
+ msgid "Plugin Installation Key:"
503
+ msgstr "Chave de instalação do Plugin:"
504
+
505
+ #: index.php:411
506
+ msgid "Please make a donation for the use of this wonderful feature!"
507
+ msgstr "Por favor faça uma doação para usar esse recurso maravilhoso!"
508
+
509
+ #: index.php:417
510
+ msgid "First Name is a required field!"
511
+ msgstr "Primeiro Nome é um campo obrigatório!"
512
+
513
+ #: index.php:419
514
+ msgid "Last Name is a required field!"
515
+ msgstr "Último Nome é um campo obrigatório!"
516
+
517
+ #: index.php:421
518
+ msgid "Email Address is a required field!"
519
+ msgstr "E-mail é um campo obrigatório!"
520
+
521
+ #: index.php:429
522
+ msgid "Your WordPress Site URL is a required field!"
523
+ msgstr "A URL de seu site WordPress é um campo obrigatório!"
524
+
525
+ #: index.php:431
526
+ msgid "Plugin Installation Key is a required field!"
527
+ msgstr "A Chave de Instalação do Plugin é um campo obrigatório!"
528
+
529
+ #: index.php:436
530
+ msgid "Submitting Registration ..."
531
+ msgstr "Enviando o registro..."
532
+
533
+ #: index.php:458
534
+ msgid "Resources & Links"
535
+ msgstr "Links e Recursos"
536
+
537
+ #: index.php:481
538
+ msgid "Make a Donation with PayPal"
539
+ msgstr "Faça uma doação com PayPal"
540
+
541
+ #: index.php:93
542
+ msgid "FAQs"
543
+ msgstr "FAQs"
544
+
545
+ #: index.php:98
546
+ msgid "Main Menu Item placed at the <b>Top</b>"
547
+ msgstr "Item do Menu Principal colocado no <b>Topo</b>"
548
+
549
+ #: index.php:98
550
+ msgid "Main Menu Item placed at the <b>Bottom</b>"
551
+ msgstr "Item do Menu Principal colocado no <b>Rodapé</b>"
552
+
553
+ #: index.php:100
554
+ msgid "Main Menu Item placed below <b>Comments</b> and above <b>Appearance</b>"
555
+ msgstr "Item do Menu Principal colocado abaixo <b>Comentários</b> e acima <b>Aparência</b>"
556
+
557
+ #: index.php:100
558
+ msgid "Main Menu Item placed below <b>Settings</b>"
559
+ msgstr "Item do Menu Principal colocado abaixo <b>Configurações</b>"
560
+
561
+ #: index.php:101
562
+ msgid "Menu Item Placement Options"
563
+ msgstr "Opções de posicionamento de item de menu"
564
+
565
+ #: index.php:106
566
+ msgid "Menu Placement"
567
+ msgstr "Posicionamento de Menu"
568
+
569
+ #: index.php:122
570
+ msgid "Tested your site. It appears we didn't break anything"
571
+ msgstr "Site testado. Parece que nós não quebramos nada"
572
+
573
+ #: index.php:131
574
+ msgid "Upgrade to %s now!"
575
+ msgstr "Upgrade para %s agora!"
576
+
577
+ #: index.php:135
578
+ msgid "Searching for updates ..."
579
+ msgstr "Buscando por atualizações..."
580
+
581
+ #: index.php:190
582
+ msgid "If this is taking too long, click here."
583
+ msgstr "Se isso estiver demorando muito, clique aqui."
584
+
585
+ #: index.php:268
586
+ msgid "No response from server!"
587
+ msgstr "Nenhuma resposta do servidor!"
588
+
589
+ #: index.php:364
590
+ msgid "Updates & Registration"
591
+ msgstr "Registro e Atualizações "
592
+
593
+ #: index.php:372
594
+ msgid "Download new definitions!"
595
+ msgstr "Download de novas definições!"
596
+
597
+ #: index.php:375
598
+ msgid "<p>Get instant access to definition updates.</p>"
599
+ msgstr "<p>Tenha acesso instantâneo à atualizações de definição.</p>"
600
+
601
+ #: images/index.php:648 images/index.php:746
602
+ msgid "Scanning %s"
603
+ msgstr "Escaneando %s"
604
+
605
+ #: images/index.php:665 images/index.php:796
606
+ msgid "Scanned %s"
607
+ msgstr "Escaneado %s"
608
+
609
+ #: images/index.php:706
610
+ msgid "Examine Quarantined File"
611
+ msgstr "Examinar Arquivo na Quarentena "
612
+
613
+ #: images/index.php:708
614
+ msgid "Examine File"
615
+ msgstr "Examinar Arquivo"
616
+
617
+ #: images/index.php:718
618
+ msgid "Failed to determine file size!"
619
+ msgstr "Falha ao determinar tamanho de arquivo!"
620
+
621
+ #: images/index.php:720
622
+ msgid "Skipped because of file size!"
623
+ msgstr "Ignorado por causa do tamanho do arquivo!"
624
+
625
+ #: images/index.php:722
626
+ msgid "Skipped because of file extention!"
627
+ msgstr "Ignorado por causa da extensão do arquivo."
628
+
629
+ #: images/index.php:753
630
+ msgid "Failed to read directory!"
631
+ msgstr "Falha ao ler diretório!"
632
+
633
+ #: images/index.php:771
634
+ msgid "Skipped because of file size (%1$s bytes) or file extention (%2$s)!"
635
+ msgstr "Ignorado por tamanho do arquivo (%1$s bytes) ou extensão (%2$s)!"
636
+
637
+ #: images/index.php:785
638
+ msgid "Failed to read file!"
639
+ msgstr "Falha ao ler arquivo!"
640
+
641
+ #: index.php:87
642
+ msgid "Make sure the Definition Updates are current and Run a Complete Scan."
643
+ msgstr "Tenha ceerteza que a atualização das definições é a mais atual e rode o Escaneamento Completo."
644
+
645
+ #: index.php:87
646
+ msgid "If Known Threats are found and displayed in red then there will be a button to '%s'. If only Potentional Threats are found then there is no automatic fix because those are probably not malicious."
647
+ msgstr "Se ameaças conhecidas forem encontradas e exibidas em vermelho, em seguida, haverá um botão para '%s'. Se apenas ameaças potenciais forem encontradas, então não há nenhuma correção automática porque esses provavelmente não são arquivos maliciosos."
648
+
649
+ #: index.php:87
650
+ msgid "A backup of the original infected files are placed in the Quarantine in case you need to restore them or just want to look at them later. You can delete these files if you don't want to save more."
651
+ msgstr "Um backup dos arquivos originais infectados é colocado na Quarentena em caso de necessidade de restaurá-los ou se você quiser apenas verificá-los depois. Você pode excluir esses arquivos se não quiser utilizá-los mais."
652
+
653
+ #: index.php:86
654
+ msgid "Getting Started"
655
+ msgstr "Iniciando"
656
+
657
+ #: images/index.php:397
658
+ msgid "Failed to read file contents!"
659
+ msgstr "Falha ao ler conteúdo dos arquivos!"
660
+
661
+ #: images/index.php:397
662
+ msgid "Empty file!"
663
+ msgstr "Arquivo vazio!"
664
+
665
+ #: images/index.php:397
666
+ msgid "Fixed file permissions! (try again)"
667
+ msgstr "Permissões de arquivos corrigidas! (tente novamente)"
668
+
669
+ #: images/index.php:397
670
+ msgid "File permissions read-only!"
671
+ msgstr "Permissões de arquivos apenas-leitura!"
672
+
673
+ #: images/index.php:397
674
+ msgid "File not readable!"
675
+ msgstr "Arquivo não pode ser lido!"
676
+
677
+ #: images/index.php:397
678
+ msgid "File does not exist!"
679
+ msgstr "Arquivo não existe!"
680
+
681
+ #: images/index.php:429
682
+ msgid "Success!"
683
+ msgstr "Sucesso!"
684
+
685
+ #: images/index.php:432
686
+ msgid "Failed:"
687
+ msgstr "Falha:"
688
+
689
+ #: images/index.php:432
690
+ msgid "failed to quarantine!"
691
+ msgstr "falha da ação de quarentena!"
692
+
693
+ #: images/index.php:432
694
+ msgid "reason unknown!"
695
+ msgstr "razão desconhecida!"
696
+
697
+ #: images/index.php:432
698
+ msgid "failed to write!"
699
+ msgstr "Falha na escrita!"
700
+
701
+ #: images/index.php:432
702
+ msgid "file not writable!"
703
+ msgstr "arquivo bloqueado para escrita!"
704
+
705
+ #: images/index.php:432
706
+ msgid "no file contents!"
707
+ msgstr "sem conteúdo no arquivo!"
708
+
709
+ #: images/index.php:441 images/index.php:447
710
+ msgid "Already Fixed!"
711
+ msgstr "Já Corrigido!"
712
+
713
+ #: images/index.php:616
714
+ msgid "Preparing %s"
715
+ msgstr "Preparando %s"
716
+
717
+ #: images/index.php:32
718
+ msgid "htaccess Threats"
719
+ msgstr "Ameaças htaccess"
720
+
721
+ #: images/index.php:32
722
+ msgid "TimThumb Exploits"
723
+ msgstr "TimThumb Exploits"
724
+
725
+ #: images/index.php:32
726
+ msgid "Backdoor Scripts"
727
+ msgstr "Backdoor Scripts"
728
+
729
+ #: images/index.php:32
730
+ msgid "Known Threats"
731
+ msgstr "Ameaças Conhecidas"
732
+
733
+ #: images/index.php:32
734
+ msgid "Core File Changes"
735
+ msgstr "Alterações em Arquivos do Núcleo "
736
+
737
+ #: images/index.php:813
738
+ msgid "The <b>base64_decode</b> function is currently disabled by the disable_functions Directive in your server's php.ini file.<br />This function is required for this Anti-Malware plugin to work properly.<br />Check the disable_functions Directive in your php.ini and take out base64_decode to fix this problem."
739
+ msgstr "A função <b>base64_decode</b> está desabilitada atualmente pelas diretivas \"disable_functions\" Do seu servidor, no arquivo php.ini.<br />Esta função é requerida para que esse plugin Anti-Malware funcione corretamente<br />Verifique a diretiva disable_functions em seu arquivo php.ini e remova o base64_decode para resolver esse problema."
740
+
741
+ #: index.php:1026
742
+ msgid "Not flushing OB Handlers: %s"
743
+ msgstr "Não há manipuladores de flush OB: %s"
languages/gotmls.pot ADDED
@@ -0,0 +1,798 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ # SOME DESCRIPTIVE TITLE.
2
+ # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
3
+ # This file is distributed under the same license as the PACKAGE package.
4
+ # Eli Scheetz <eli@gotmls.net>, 2015.
5
+ #
6
+ #, fuzzy
7
+ msgid ""
8
+ msgstr ""
9
+ "Project-Id-Version: GOTMLS\n"
10
+ "Report-Msgid-Bugs-To: eli@gotmls.net\n"
11
+ "POT-Creation-Date: 2015-12-12 09:04-1000\n"
12
+ "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
13
+ "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
14
+ "Language-Team: LANGUAGE <LL@li.org>\n"
15
+ "Language: \n"
16
+ "MIME-Version: 1.0\n"
17
+ "Content-Type: text/plain; charset=UTF-8\n"
18
+ "Content-Transfer-Encoding: 8bit\n"
19
+
20
+ #: index.php:83
21
+ msgid "Getting Started"
22
+ msgstr ""
23
+
24
+ #: index.php:84
25
+ msgid "Make sure the Definition Updates are current and Run a Complete Scan."
26
+ msgstr ""
27
+
28
+ #: index.php:84
29
+ #, php-format
30
+ msgid "If Known Threats are found and displayed in red then there will be a button to '%s'. If only Potentional Threats are found then there is no automatic fix because those are probably not malicious."
31
+ msgstr ""
32
+
33
+ #: index.php:84
34
+ msgid "A backup of the original infected files are placed in the Quarantine in case you need to restore them or just want to look at them later. You can delete these files if you don't want to save more."
35
+ msgstr ""
36
+
37
+ #: index.php:90
38
+ msgid "FAQs"
39
+ msgstr ""
40
+
41
+ #: index.php:95
42
+ msgid "Main Menu Item placed at the <b>Top</b>"
43
+ msgstr ""
44
+
45
+ #: index.php:95
46
+ msgid "Main Menu Item placed at the <b>Bottom</b>"
47
+ msgstr ""
48
+
49
+ #: index.php:97
50
+ msgid "Main Menu Item placed below <b>Comments</b> and above <b>Appearance</b>"
51
+ msgstr ""
52
+
53
+ #: index.php:97
54
+ msgid "Main Menu Item placed below <b>Settings</b>"
55
+ msgstr ""
56
+
57
+ #: index.php:98
58
+ msgid "Menu Item Placement Options"
59
+ msgstr ""
60
+
61
+ #: index.php:103
62
+ msgid "Menu Placement"
63
+ msgstr ""
64
+
65
+ #: index.php:122
66
+ msgid "Tested your site. It appears we didn't break anything"
67
+ msgstr ""
68
+
69
+ #: index.php:131
70
+ #, php-format
71
+ msgid "Upgrade to %s now!"
72
+ msgstr ""
73
+
74
+ #: index.php:136
75
+ msgid "Searching for updates ..."
76
+ msgstr ""
77
+
78
+ #: index.php:191
79
+ msgid "If this is taking too long, click here."
80
+ msgstr ""
81
+
82
+ #: index.php:269
83
+ msgid "No response from server!"
84
+ msgstr ""
85
+
86
+ #: index.php:365
87
+ msgid "Updates & Registration"
88
+ msgstr ""
89
+
90
+ #: index.php:368
91
+ msgid "Get FREE Key!"
92
+ msgstr ""
93
+
94
+ #: index.php:373
95
+ msgid "Download new definitions!"
96
+ msgstr ""
97
+
98
+ #: index.php:376
99
+ msgid "<p>Get instant access to definition updates.</p>"
100
+ msgstr ""
101
+
102
+ #: index.php:377
103
+ msgid "If you have not already registered your Key then register now using the form below.<br />* All registration fields are required<br />** I will NOT share your information."
104
+ msgstr ""
105
+
106
+ #: index.php:379
107
+ msgid "Your Full Name:"
108
+ msgstr ""
109
+
110
+ #: index.php:383
111
+ msgid "A password will be e-mailed to this address:"
112
+ msgstr ""
113
+
114
+ #: index.php:386
115
+ msgid "Your WordPress Site URL:"
116
+ msgstr ""
117
+
118
+ #: index.php:389
119
+ msgid "Plugin Installation Key:"
120
+ msgstr ""
121
+
122
+ #: index.php:406
123
+ msgid "Please make a donation for the use of this wonderful feature!"
124
+ msgstr ""
125
+
126
+ #: index.php:412
127
+ msgid "First Name is a required field!"
128
+ msgstr ""
129
+
130
+ #: index.php:414
131
+ msgid "Last Name is a required field!"
132
+ msgstr ""
133
+
134
+ #: index.php:416
135
+ msgid "Email Address is a required field!"
136
+ msgstr ""
137
+
138
+ #: index.php:424
139
+ msgid "Your WordPress Site URL is a required field!"
140
+ msgstr ""
141
+
142
+ #: index.php:426
143
+ msgid "Plugin Installation Key is a required field!"
144
+ msgstr ""
145
+
146
+ #: index.php:431
147
+ msgid "Submitting Registration ..."
148
+ msgstr ""
149
+
150
+ #: index.php:452
151
+ msgid "Resources & Links"
152
+ msgstr ""
153
+
154
+ #: index.php:475
155
+ msgid "Make a Donation with PayPal"
156
+ msgstr ""
157
+
158
+ #: index.php:491
159
+ msgid "Last Scan Status"
160
+ msgstr ""
161
+
162
+ #: index.php:550
163
+ #, php-format
164
+ msgid "Cleared %s records from this log."
165
+ msgstr ""
166
+
167
+ #: index.php:592
168
+ msgid "No Scans have been logged"
169
+ msgstr ""
170
+
171
+ #: index.php:599
172
+ msgid "Globally White-listed files"
173
+ msgstr ""
174
+
175
+ #: index.php:599
176
+ msgid "# of patterns"
177
+ msgstr ""
178
+
179
+ #: index.php:599
180
+ msgid "Date Updated"
181
+ msgstr ""
182
+
183
+ #: index.php:609
184
+ msgid "WordPress Core files"
185
+ msgstr ""
186
+
187
+ #: index.php:609
188
+ msgid "# of files"
189
+ msgstr ""
190
+
191
+ #: index.php:683
192
+ msgid "You have old Quarantined files in the uploads directory on your server. The new quarantine is in your WordPress Database. You need to import these files into your database where they will be safer or just delete the quarantine folder inside /wp-content/uploads/ if you would rather just delete them."
193
+ msgstr ""
194
+
195
+ #: index.php:690
196
+ msgid "Restore selected files"
197
+ msgstr ""
198
+
199
+ #: index.php:690
200
+ msgid "Are you sure you want to overwrite the previously cleaned files with the selected files in the Quarantine?"
201
+ msgstr ""
202
+
203
+ #: index.php:690
204
+ msgid "Delete selected files"
205
+ msgstr ""
206
+
207
+ #: index.php:690
208
+ msgid "Are you sure you want to permanently delete the selected files in the Quarantine?"
209
+ msgstr ""
210
+
211
+ #: index.php:690
212
+ msgid "The following items have been found to contain malicious code, they have been cleaned, and the original infected file contents have been saved here in the Quarantine. The code is safe here and you do not need to do anything further with these files."
213
+ msgstr ""
214
+
215
+ #: index.php:691
216
+ #, php-format
217
+ msgid "Check all %d"
218
+ msgstr ""
219
+
220
+ #: index.php:691
221
+ msgid " Items in Quarantine"
222
+ msgstr ""
223
+
224
+ #: index.php:691
225
+ msgid "Quarantined"
226
+ msgstr ""
227
+
228
+ #: index.php:691
229
+ msgid "Date Infected"
230
+ msgstr ""
231
+
232
+ #: index.php:696
233
+ msgid "View Quarantined File"
234
+ msgstr ""
235
+
236
+ #: index.php:703
237
+ msgid "No Items in Quarantine"
238
+ msgstr ""
239
+
240
+ #: index.php:708
241
+ #, php-format
242
+ msgid "Clear %s Deleted Files from the Trash"
243
+ msgstr ""
244
+
245
+ #: index.php:714
246
+ msgid "White-lists"
247
+ msgstr ""
248
+
249
+ #: index.php:717
250
+ msgid "Quarantine"
251
+ msgstr ""
252
+
253
+ #: index.php:721
254
+ msgid "Scan Logs"
255
+ msgstr ""
256
+
257
+ #: index.php:733
258
+ msgid "Your WordPress Login page is susceptible to a brute-force attack (just like any other login page). These types of attacks are becoming more prevalent these days and can sometimes cause your server to become slow or unresponsive, even if the attacks do not succeed in gaining access to your site. Applying this patch will block access to the WordPress Login page whenever this type of attack is detected."
259
+ msgstr ""
260
+
261
+ #: index.php:738
262
+ msgid "Your WordPress site has the current version of my brute-force Login protection installed."
263
+ msgstr ""
264
+
265
+ #: index.php:744
266
+ msgid "Your WordPress Login page has the old version of my brute-force protection installed. Upgrade this patch to improve the protection on the WordPress Login page and preserve the integrity of your WordPress core files."
267
+ msgstr ""
268
+
269
+ #: index.php:750
270
+ msgid "Checking .htaccess file ..."
271
+ msgstr ""
272
+
273
+ #: index.php:750
274
+ #: images/index.php:71
275
+ msgid "You must register and donate to use this feature!"
276
+ msgstr ""
277
+
278
+ #: index.php:750
279
+ #: images/index.php:71
280
+ msgid "This feature is available to those who have donated!"
281
+ msgstr ""
282
+
283
+ #: index.php:762
284
+ #, php-format
285
+ msgid "Failed to remove XMLRPC Protection (.htaccess %s)"
286
+ msgstr ""
287
+
288
+ #: index.php:769
289
+ #, php-format
290
+ msgid "Failed to install XMLRPC Protection (.htaccess %s)"
291
+ msgstr ""
292
+
293
+ #: index.php:773
294
+ msgid "Most WordPress site do not use the XMLRPC features and hack attempt on the xmlrpc.php file are more common then ever before. Even if there are no vulnerabilities for hackers to exploit these attempts can cause slowness or downtime similar to a DDoS attack. This patch automatically blocks all external access to the xmlrpc.php file."
295
+ msgstr ""
296
+
297
+ #: index.php:787
298
+ msgid "Removed Brute-Force Protection"
299
+ msgstr ""
300
+
301
+ #: index.php:792
302
+ msgid "Upgraded Brute-Force Protection"
303
+ msgstr ""
304
+
305
+ #: index.php:798
306
+ msgid "Installed Brute-Force Protection"
307
+ msgstr ""
308
+
309
+ #: index.php:801
310
+ #, php-format
311
+ msgid "Failed to install Brute-Force Protection (wp-config.php %s)"
312
+ msgstr ""
313
+
314
+ #: index.php:803
315
+ msgid "wp-config.php Not Readable!"
316
+ msgstr ""
317
+
318
+ #: index.php:805
319
+ msgid "wp-config.php Not Found!"
320
+ msgstr ""
321
+
322
+ #: index.php:808
323
+ msgid "Removed Old Brute-Force Login Patch"
324
+ msgstr ""
325
+
326
+ #: index.php:812
327
+ msgid "This protection is automatically activated with this plugin because of the widespread attack on WordPress that are affecting so many site right now. It is still recommended that you make sure to upgrade and older versions of the Revolution Slider plugin, especially those included in some themes that will not update automatically. Even if you do not have Revolution Slider on your site it still can't hurt to have this protection installed."
328
+ msgstr ""
329
+
330
+ #: index.php:814
331
+ msgid "Checking for session compatibility ..."
332
+ msgstr ""
333
+
334
+ #: index.php:814
335
+ msgid " For more information on Brute-Force attack prevention and the WordPress wp-login-php file "
336
+ msgstr ""
337
+
338
+ #: index.php:814
339
+ #: index.php:1138
340
+ msgid "read my blog"
341
+ msgstr ""
342
+
343
+ #: index.php:819
344
+ #, php-format
345
+ msgid "You username has been change to %s. Don't forget to use your new username when you login again."
346
+ msgstr ""
347
+
348
+ #: index.php:821
349
+ #, php-format
350
+ msgid "SQL Error changing username: %s. Please try again later."
351
+ msgstr ""
352
+
353
+ #: index.php:825
354
+ #, php-format
355
+ msgid "Your new username must be at least 3 characters and can only contain &quot;%s&quot;. Please try again."
356
+ msgstr ""
357
+
358
+ #: index.php:826
359
+ msgid "Change your username:"
360
+ msgstr ""
361
+
362
+ #: index.php:826
363
+ msgid "Your username is \"admin\", this is the most commonly guessed username by hackers and brute-force scripts. It is highly recommended that you change your username immediately."
364
+ msgstr ""
365
+
366
+ #: index.php:829
367
+ msgid "Firewall Options"
368
+ msgstr ""
369
+
370
+ #: index.php:959
371
+ msgid "Only Scan These Folders:"
372
+ msgstr ""
373
+
374
+ #: index.php:963
375
+ msgid "Run Complete Scan"
376
+ msgstr ""
377
+
378
+ #: index.php:964
379
+ msgid "What to look for:"
380
+ msgstr ""
381
+
382
+ #: index.php:979
383
+ msgid "Download Definition Updates to Use this feature"
384
+ msgstr ""
385
+
386
+ #: index.php:979
387
+ msgid "Download the new definitions (Right sidebar) to activate this feature."
388
+ msgstr ""
389
+
390
+ #: index.php:983
391
+ msgid "What to scan:"
392
+ msgstr ""
393
+
394
+ #: index.php:985
395
+ msgid "Scan Depth:"
396
+ msgstr ""
397
+
398
+ #: index.php:986
399
+ msgid "how far to drill down"
400
+ msgstr ""
401
+
402
+ #: index.php:986
403
+ msgid "-1 is infinite depth"
404
+ msgstr ""
405
+
406
+ #: index.php:989
407
+ msgid "Custom RegExp:"
408
+ msgstr ""
409
+
410
+ #: index.php:989
411
+ msgid "For very advanced users only. Do not use this without talking to Eli first. If used incorrectly you could easily break your site."
412
+ msgstr ""
413
+
414
+ #: index.php:989
415
+ msgid "Custom Code to be Checked:"
416
+ msgstr ""
417
+
418
+ #: index.php:989
419
+ msgid "For very advanced users only. If you enter anything in this box then no other files will be scanned on your site."
420
+ msgstr ""
421
+
422
+ #: index.php:994
423
+ msgid "Skip files with the following extentions:"
424
+ msgstr ""
425
+
426
+ #: index.php:995
427
+ msgid "a comma separated list of file extentions to skip"
428
+ msgstr ""
429
+
430
+ #: index.php:995
431
+ msgid "Skip directories with the following names:"
432
+ msgstr ""
433
+
434
+ #: index.php:995
435
+ msgid "a folder name or comma separated list of folder names to skip"
436
+ msgstr ""
437
+
438
+ #: index.php:996
439
+ msgid "Automatically Update Definitions:"
440
+ msgstr ""
441
+
442
+ #: index.php:996
443
+ msgid "This new BETA feature is only available to registered users who have donated at a certain level."
444
+ msgstr ""
445
+
446
+ #: index.php:996
447
+ msgid "Save Settings"
448
+ msgstr ""
449
+
450
+ #: index.php:1003
451
+ #, php-format
452
+ msgid "Another Plugin or Theme is using '%s' to handle output buffers. <br />This prevents actively outputing the buffer on-the-fly and will severely degrade the performance of this (and many other) Plugins. <br />Consider disabling caching and compression plugins (at least during the scanning process)."
453
+ msgstr ""
454
+
455
+ #: index.php:1005
456
+ msgid "Scanned Files"
457
+ msgstr ""
458
+
459
+ #: index.php:1005
460
+ msgid "Selected Folders"
461
+ msgstr ""
462
+
463
+ #: index.php:1005
464
+ msgid "Scanned Folders"
465
+ msgstr ""
466
+
467
+ #: index.php:1005
468
+ msgid "Skipped Folders"
469
+ msgstr ""
470
+
471
+ #: index.php:1005
472
+ msgid "Skipped Files"
473
+ msgstr ""
474
+
475
+ #: index.php:1005
476
+ msgid "Read/Write Errors"
477
+ msgstr ""
478
+
479
+ #: index.php:1005
480
+ msgid "Quarantined Files"
481
+ msgstr ""
482
+
483
+ #: index.php:1017
484
+ #: images/index.php:32
485
+ msgid "Potential Threats"
486
+ msgstr ""
487
+
488
+ #: index.php:1017
489
+ msgid "WP-Login Updates"
490
+ msgstr ""
491
+
492
+ #: index.php:1049
493
+ msgid "Scan Complete!"
494
+ msgstr ""
495
+
496
+ #: index.php:1094
497
+ msgid "You are not currently scanning for this type of threat!"
498
+ msgstr ""
499
+
500
+ #: index.php:1119
501
+ msgid "Saving these settings requires a valid Nonce Token. No valid Nonce Token was found at this time, either because the token have expired or because the data was invalid. Please try re-submitting the form above."
502
+ msgstr ""
503
+
504
+ #: index.php:1138
505
+ msgid "NOTE: These are probably not malicious scripts (but it's a good place to start looking <u>IF</u> your site is infected and no Known Threats were found)."
506
+ msgstr ""
507
+
508
+ #: index.php:1138
509
+ #, php-format
510
+ msgid "NOTE: We have detected changes to the WordPress Core files on your site. This could be an intentional modification or the malicious work of a hacker. We can restore these files to their original state to preserve the integrity of your original WordPress %s installation."
511
+ msgstr ""
512
+
513
+ #: index.php:1141
514
+ msgid "Scan Details:"
515
+ msgstr ""
516
+
517
+ #: index.php:1142
518
+ #, php-format
519
+ msgid "Not flushing OB Handlers: %s"
520
+ msgstr ""
521
+
522
+ #: index.php:1161
523
+ msgid "The Quick Scan was unable to finish because of a shortage of memory or a problem accessing a file. Please try using the Complete Scan, it is slower but it will handle these errors better and continue scanning the rest of the files."
524
+ msgstr ""
525
+
526
+ #: index.php:1179
527
+ msgid "Completed!"
528
+ msgstr ""
529
+
530
+ #: index.php:1181
531
+ msgid "Starting Scan ..."
532
+ msgstr ""
533
+
534
+ #: index.php:1232
535
+ msgid "Starting a Complete Scan requires a valid Nonce Token. No valid Nonce Token was found at this time, either because the token have expired or because the data was invalid. Please try re-submitting the form above."
536
+ msgstr ""
537
+
538
+ #: index.php:1320
539
+ msgid "Default position"
540
+ msgstr ""
541
+
542
+ #: index.php:1342
543
+ msgid "New position"
544
+ msgstr ""
545
+
546
+ #: index.php:1346
547
+ msgid "saved."
548
+ msgstr ""
549
+
550
+ #: index.php:1360
551
+ msgid "Failed to empty the trash."
552
+ msgstr ""
553
+
554
+ #: index.php:1413
555
+ #: index.php:1449
556
+ #: index.php:1451
557
+ msgid "Done!"
558
+ msgstr ""
559
+
560
+ #: index.php:1416
561
+ msgid "Failed to delete!"
562
+ msgstr ""
563
+
564
+ #: index.php:1424
565
+ msgid "Complete!"
566
+ msgstr ""
567
+
568
+ #: index.php:1427
569
+ msgid "Restore Failed!"
570
+ msgstr ""
571
+
572
+ #: index.php:1443
573
+ msgid "File "
574
+ msgstr ""
575
+
576
+ #: index.php:1447
577
+ #, php-format
578
+ msgid "Because some changes were made we need to check to make sure it did not break your site. If this stays Red and the frame below does not load please <a %s>revert the changes</a> made during this automated fix process."
579
+ msgstr ""
580
+
581
+ #: index.php:1447
582
+ msgid "Never mind, it worked!"
583
+ msgstr ""
584
+
585
+ #: index.php:1449
586
+ msgid "Nothing Selected to be Changed!"
587
+ msgstr ""
588
+
589
+ #: index.php:1518
590
+ msgid "Are you sure you want to delete this file from the quarantine?"
591
+ msgstr ""
592
+
593
+ #: index.php:1518
594
+ msgid "File Details:"
595
+ msgstr ""
596
+
597
+ #: index.php:1520
598
+ msgid "This file no longer exists in the quarantine."
599
+ msgstr ""
600
+
601
+ #: index.php:1537
602
+ #, php-format
603
+ msgid "The file %s does not exist, it must have already been deleted."
604
+ msgstr ""
605
+
606
+ #: index.php:1579
607
+ msgid "Are you sure this file is not infected and you want to ignore it in future scans?"
608
+ msgstr ""
609
+
610
+ #: index.php:1579
611
+ msgid "Potential threats in file:"
612
+ msgstr ""
613
+
614
+ #: images/index.php:32
615
+ msgid "htaccess Threats"
616
+ msgstr ""
617
+
618
+ #: images/index.php:32
619
+ msgid "TimThumb Exploits"
620
+ msgstr ""
621
+
622
+ #: images/index.php:32
623
+ msgid "Backdoor Scripts"
624
+ msgstr ""
625
+
626
+ #: images/index.php:32
627
+ msgid "Known Threats"
628
+ msgstr ""
629
+
630
+ #: images/index.php:32
631
+ msgid "Core File Changes"
632
+ msgstr ""
633
+
634
+ #: images/index.php:75
635
+ msgid "Your Server could not start a Session!"
636
+ msgstr ""
637
+
638
+ #: images/index.php:88
639
+ msgid "Failed to list files in directory!"
640
+ msgstr ""
641
+
642
+ #: images/index.php:89
643
+ msgid "Quick Scan"
644
+ msgstr ""
645
+
646
+ #: images/index.php:90
647
+ msgid "View Quarantine"
648
+ msgstr ""
649
+
650
+ #: images/index.php:91
651
+ msgid "View Scan Log"
652
+ msgstr ""
653
+
654
+ #: images/index.php:92
655
+ #, php-format
656
+ msgid "This Plugin requires WordPress version %s or higher"
657
+ msgstr ""
658
+
659
+ #: images/index.php:93
660
+ msgid "Scan Settings"
661
+ msgstr ""
662
+
663
+ #: images/index.php:94
664
+ msgid "Loading, Please Wait ..."
665
+ msgstr ""
666
+
667
+ #: images/index.php:95
668
+ msgid "Automatically Fix SELECTED Files Now"
669
+ msgstr ""
670
+
671
+ #: images/index.php:129
672
+ msgid "Invalid or expired Nonce Token!"
673
+ msgstr ""
674
+
675
+ #: images/index.php:231
676
+ msgid "an unknown file"
677
+ msgstr ""
678
+
679
+ #: images/index.php:233
680
+ msgid "unknown"
681
+ msgstr ""
682
+
683
+ #: images/index.php:234
684
+ #, php-format
685
+ msgid "<b>Headers already sent</b> in %1$s on line %2$s.<br />This is not a good sign, it may just be a poorly written plugin but Headers should not have been sent at this point.<br />Check the code in the above mentioned file to fix this problem."
686
+ msgstr ""
687
+
688
+ #: images/index.php:426
689
+ msgid "Failed to read file contents!"
690
+ msgstr ""
691
+
692
+ #: images/index.php:426
693
+ msgid "Empty file!"
694
+ msgstr ""
695
+
696
+ #: images/index.php:426
697
+ msgid "Fixed file permissions! (try again)"
698
+ msgstr ""
699
+
700
+ #: images/index.php:426
701
+ msgid "File permissions read-only!"
702
+ msgstr ""
703
+
704
+ #: images/index.php:426
705
+ msgid "File not readable!"
706
+ msgstr ""
707
+
708
+ #: images/index.php:426
709
+ msgid "File does not exist!"
710
+ msgstr ""
711
+
712
+ #: images/index.php:431
713
+ #: images/index.php:746
714
+ msgid "Examine File"
715
+ msgstr ""
716
+
717
+ #: images/index.php:459
718
+ msgid "Success!"
719
+ msgstr ""
720
+
721
+ #: images/index.php:462
722
+ msgid "Failed:"
723
+ msgstr ""
724
+
725
+ #: images/index.php:462
726
+ msgid "failed to quarantine!"
727
+ msgstr ""
728
+
729
+ #: images/index.php:462
730
+ msgid "reason unknown!"
731
+ msgstr ""
732
+
733
+ #: images/index.php:462
734
+ msgid "failed to write!"
735
+ msgstr ""
736
+
737
+ #: images/index.php:462
738
+ msgid "file not writable!"
739
+ msgstr ""
740
+
741
+ #: images/index.php:462
742
+ msgid "no file contents!"
743
+ msgstr ""
744
+
745
+ #: images/index.php:468
746
+ msgid "Failed: "
747
+ msgstr ""
748
+
749
+ #: images/index.php:475
750
+ #: images/index.php:481
751
+ msgid "Already Fixed!"
752
+ msgstr ""
753
+
754
+ #: images/index.php:654
755
+ #, php-format
756
+ msgid "Preparing %s"
757
+ msgstr ""
758
+
759
+ #: images/index.php:686
760
+ #: images/index.php:784
761
+ #, php-format
762
+ msgid "Scanning %s"
763
+ msgstr ""
764
+
765
+ #: images/index.php:703
766
+ #: images/index.php:834
767
+ #, php-format
768
+ msgid "Scanned %s"
769
+ msgstr ""
770
+
771
+ #: images/index.php:744
772
+ msgid "Examine Quarantined File"
773
+ msgstr ""
774
+
775
+ #: images/index.php:756
776
+ msgid "Failed to determine file size!"
777
+ msgstr ""
778
+
779
+ #: images/index.php:758
780
+ msgid "Skipped because of file size!"
781
+ msgstr ""
782
+
783
+ #: images/index.php:760
784
+ msgid "Skipped because of file extention!"
785
+ msgstr ""
786
+
787
+ #: images/index.php:791
788
+ msgid "Failed to read directory!"
789
+ msgstr ""
790
+
791
+ #: images/index.php:809
792
+ #, php-format
793
+ msgid "Skipped because of file size (%1$s bytes) or file extention (%2$s)!"
794
+ msgstr ""
795
+
796
+ #: images/index.php:823
797
+ msgid "Failed to read file!"
798
+ msgstr ""
readme.txt CHANGED
@@ -1,48 +1,64 @@
1
- === Anti-Malware (Get Off Malicious Scripts) ===
2
  Plugin URI: http://gotmls.net/
3
  Author: Eli Scheetz
4
  Author URI: http://wordpress.ieonly.com/category/my-plugins/anti-malware/
5
- Contributors: scheeeli
6
  Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
7
- Tags: anti-malware, security, plugin, scan, automatic, repair, remove, malware, virus, threat, recover, hacked, server, malicious, scripts, infection, timthumb, exploit, vulnerability
8
- Version: 1.3.02.15
9
- Stable tag: 1.3.02.15
10
- Requires at least: 2.8
11
- Tested up to: 3.5.1
12
 
13
- This Anti-Virus/Anti-Malware plugin searches for Malware and other Virus like threats and vulnerabilities on your server and it helps you remove them.
14
 
15
  == Description ==
16
 
17
  **Features:**
18
 
19
- * Automatic removal of "Known Threats".
20
- * Download definitions of new threat as they are discovered.
21
- * Automatically upgrade vulnerable versions of timthumb to patch security holes.
22
- * Customize Scan Setting.
23
- * Run a Quick Scan from the admin menu or a Complete Scan from the Settings Page.
24
 
25
- Updated Feb-15th
 
 
 
 
 
 
26
 
27
  Register this plugin at [GOTMLS.NET](http://gotmls.net/) and get access to new definitions of "Known Threats" and added features like Automatic Removal, plus patches for specific security vulnerabilities like old versions of timthumb. Updated definition files can be downloaded automatically within the admin once your Key is registered. Otherwise, this plugin just scans for "Potential Threats" and leaves it up to you to identify and remove the malicious ones.
28
 
29
- NOTICE: This plugin make use of a "phone home" feature to check for updates. This is not unlike what WordPress already does with all your plugins. It is an essential part of any worthwhile security plugin and it is here to let you know when there are new plugin and definition update available. If you're allergic to "phone home" scripts then don't use this plugin (or WordPress at all for that matter).
 
 
 
 
 
 
 
30
 
31
  == Installation ==
32
 
33
  1. Download and unzip the plugin into your WordPress plugins directory (usually `/wp-content/plugins/`).
34
  1. Activate the plugin through the 'Plugins' menu in your WordPress Admin.
35
- 1. Register on gotmls.net to have access to new definitions of "known threats" and added features like automatic removal and automatic security patches from your admin page.
36
 
37
  == Frequently Asked Questions ==
38
 
39
- = How did I get hacked in the first place? =
40
 
41
- This was most likely a random attack on your file-system by a hacker's robot/virus (automated script). This is usually because you are running an older version of WordPress or have installed a Plugin or Theme with vulnerabilities, or because your site is on a shared server with other exploitable sites that got infected. In some cases it's possible that your hosting provider got hacked at a root level and all their clients on that machine got infected.
42
 
43
- = What can I do to prevent it from happening again? =
44
 
45
- There is no sure-fire way to protect your site from any kind of hack attempt. That said, some of the basic steps should include: hardening your password, keeping all your sites up-to-date, and regular scans with Anti-Malware software like [GOTMLS.NET](http://gotmls.net/)
 
 
 
 
46
 
47
  = Why can't I automatically remove the "Potential Threats" in yellow? =
48
 
@@ -50,233 +66,414 @@ Many of these files may use eval and other powerful PHP function for perfectly l
50
 
51
  = How do I know if any of the "Potential Threats" are dangerous? =
52
 
53
- Click on the linked filename, then click each numbered link above the file content box to highlight the suspect code. If you cannot tell whether or not the code is malicious just leave it alone or ask someone else to look at it for you. If you find that it is malicious please send me a copy of the file so that I can add it to the definitions file as a "Know Threats", then it can be automatically removed. If you want me to examine your files please consider making a donation.
54
 
55
  = What if the scan gets stuck part way through? =
56
 
57
- First just leave it for a while. If there are a lot of files on your server it could take quite a while and could sometimes appear to not be moving along at all even if it really is working. If, after a while, it still seems really stuck then try the Complete Scan or try running the scan again. If it stops in the exact same place then you may want to try to figure out what file in that folder is causing it to hang or avoid scanning that folder all together. If you figure it out let me know what it was and I will try and make the program find it's own way around that problem.
58
 
59
- = Why should I register? =
 
 
 
 
60
 
61
- If you register on [GOTMLS.NET](http://gotmls.net/) you will have access to new definitions of "Know Threats" and added features like automatic removal and patches for specific security threats and vulnerabilities like timthumb. Otherwise, this plugin only scans for "Potential Threats" on your site, it would still be up to you to identify the good from the bad and remove them accordingly.
 
 
 
 
62
 
63
  == Screenshots ==
64
 
65
- 1. The menu showing Anti-Malware.
66
- 2. An example scan that found some threats.
 
 
 
67
 
68
  == Changelog ==
69
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
70
  = 1.3.02.15 =
71
  * Improved security on the Quarantine directory to fix the 500 error on some servers.
72
-
73
- = 1.2.12.31 =
74
  * Fixed count of Quarantined items.
75
  * Added htaccess security to the Uploads directory.
76
-
77
- = 1.2.12.30 =
78
- * Fixed progress bar bug in the last release.
79
  * Linked the Quarantined items to the File Examiner.
80
-
81
- = 1.2.12.29 =
82
- * Brought back the TimThumb and htaccess scan categories.
83
- * Added a scan category for Backdoor Scripts.
84
-
85
- = 1.2.12.14 =
86
- * Fixed bugs in the last release.
87
-
88
- = 1.2.12.12 =
89
  * Consolidated the Definition Types and added a Whitelist category.
90
  * Completely redesigned the Definition Updates to handle incremental updates.
91
  * Added "View Quarantine" to the menu.
92
-
93
- = 1.2.11.15 =
94
  * Enhanced Output Buffer to work with compression enabled (like ob_gzhandler).
95
  * Moved the quarantine to the uploads directory to protect against blanket inclusion.
96
-
97
- = 1.2.10.31 =
98
  * Fixed Output Buffer issue for when ob_start has already been called.
99
-
100
- = 1.2.10.27 =
101
  * Enhanced the Automatic Fix process to handle bad directory permissions.
102
  * Added more detailed error messages for different types of file errors.
103
- * Fixed calculation for Time Remaining on the Progress Bar.
104
-
105
- = 1.2.10.16 =
106
- * Re-calibrated the Progress Bar on the Quick Scan.
107
  * Improved overall error handling.
108
  * Minor UI enhancements and a few bug fixes.
109
-
110
- = 1.2.10.05 =
111
  * Completely revamped the scan engine to handle large file systems with better error handling.
112
  * Enhanced the results for the Automatic Fix process.
113
  * Fixed a few other small bugs.
114
-
115
- = 1.2.09.22 =
116
  * Enhanced the iFrame for the File Viewer and Automatic Fix process.
117
  * Improved error handling during the scan.
118
- * Fixed update checker script.
119
-
120
- = 1.2.09.21 =
121
- * BETA version (finished and replaced by version 1.2.10.05).
122
-
123
- = 1.2.09.15 =
124
- * Fixed major bug in unregistered scan definition interpretation that causes many false positives.
125
-
126
- = 1.2.09.14 =
127
  * Moved the File Viewer and Automatic Fix process into an iFrame to decrease scan time and memory usage.
128
  * Enhanced the Automatic Fix process for better success with read-only files.
129
  * Improved code cleanup process and general efficiency of the scan.
130
-
131
- = 1.2.08.31 =
132
  * Encoded definition update for better compatibility with some servers that have post limitation.
133
- * Improved the code cleanup expression that is applied after removal of known threats.
134
-
135
- = 1.2.07.30 =
136
- * BETA Release, Only downlod this version if your version does not finish the scan.
137
- * Whole new scan engine (not for everyone), takes longer but finishes more often.
 
 
138
 
139
- = 1.2.07.29 =
140
- * Fixed return URL on Donate form.
141
 
142
- = 1.2.07.28 =
143
- * Added options to limit scan to specific folders.
144
 
145
- = 1.2.07.20 =
146
- * Fixed XSS vulnerability.
147
 
148
- = 1.2.05.20 =
149
- * Changed registration to allow for multiple sites/keys to be registered under one user/email.
150
 
151
- = 1.2.05.04 =
152
- * Fixed "Invalid Threat level" Error on default values for pre-registration scans.
153
- * Changed auto-update path to update threat level array for all new definition updates.
154
 
155
- = 1.2.04.24 =
156
- * Fixed auto-update script to update scan level even if there is no new definitions.
157
 
158
- = 1.2.04.09 =
159
- * Added more info about registration to the readme file.
160
- * Updated timthumb replacement patch to version 2.8.10 per WordPress.org plugins requirement.
161
- * Fixed menu option placement to work just as well as a sub-menu under tools.
162
 
163
- = 1.2.04.08 =
164
- * Fixed option to exclude directories so that the scan would not get stuck if omitted.
165
- * Added support for winblows servers using BACKSLASH directory structures.
166
 
167
- = 1.2.04.04 =
168
- * Fixed new definition updates to properly update the version number.
169
- * Added option to exclude directories.
170
 
171
- = 1.2.04.02 =
172
- * Changed definition updates to write to the DB instead of a file.
173
- * Added better messages about available updates.
174
 
175
- = 1.2.04.01 =
176
- * Fixed caching issue with downloading second definition file in Safari.
177
- * Added more FAQs to the readme.
178
- * Encoded registration URL so your email address could be used as your username.
179
 
180
- = 1.2.03.28 =
181
- * Fixed registration form.
182
 
183
- = 1.2.03.27 =
184
- * Fixed some of the links on the settings page.
185
 
186
- = 1.2.03.23 =
187
- * First BETA versions available for WordPress.
188
 
189
- == Upgrade Notice ==
 
190
 
191
- = 1.3.02.15 =
192
- Improved security on the Quarantine directory to fix the 500 error on some servers.
193
 
194
- = 1.2.12.31 =
195
- Fixed count of Quarantined items and added htaccess security to the Uploads directory.
196
 
197
- = 1.2.12.30 =
198
- Fixed progress bar bug and linked the Quarantined items to the File Examiner.
199
 
200
- = 1.2.12.29 =
201
- Brought back the TimThumb and htaccess scan categories and added a category for Backdoor Scripts.
202
 
203
- = 1.2.12.14 =
204
- Fixed bugs in the last release.
205
 
206
- = 1.2.12.12 =
207
- BETA Release: Consolidated Definition Types and completely redesigned the Definition Updates.
208
 
209
- = 1.2.11.15 =
210
- Enhanced Output Buffer to work with compression enabled and moved the quarantine.
211
 
212
- = 1.2.10.31 =
213
- Fixed Output Buffer issue for when ob_start has already been called.
214
 
215
- = 1.2.10.27 =
216
- Enhanced the Automatic Fix to handle bad directory permissions, added more detailed error messages, and fixed calculation for Time Remaining.
217
 
218
- = 1.2.10.16 =
219
- Re-calibrated the Progress Bar, improved error handling, and fixed a few minor bugs.
220
 
221
- = 1.2.10.05 =
222
- Completely revamped the scan engine, enhanced the Automatic Fix results, and fixed a few other small bugs.
223
 
224
- = 1.2.09.22 =
225
- Enhanced the iFrame for the File Viewer and Automatic Fix process and improved error handling.
226
 
227
- = 1.2.09.21 =
228
- BETA version (finished and replaced by version 1.2.10.05).
229
 
230
- = 1.2.09.15 =
231
- Fixed major bug in unregistered scan definition interpretation that causes many false positives.
232
 
233
- = 1.2.09.14 =
234
- Moved the File Viewer and Automatic Fix into an iFrame for efficiency and enhanced for better success with read-only files.
235
 
236
- = 1.2.08.31 =
237
- Encoded definition update to broaden server compatibility and improved the code cleanup expression after threat removal.
238
 
239
- = 1.2.07.30 =
240
- BETA Release, Only download this version if your version does not finish the scan.
241
 
242
- = 1.2.07.29 =
243
- Fixed return URL on Donate form.
244
 
245
- = 1.2.07.28 =
246
- Added options to limit scan to specific folders.
247
 
248
- = 1.2.07.20 =
249
- Fixed XSS vulnerability.
250
 
251
- = 1.2.05.20 =
252
- Changed registration to allow for multiple sites/keys to be registered under one user/email.
253
 
254
- = 1.2.05.04 =
255
- Fixed Threat Level error and changed auto-update path to update threat level array for all new definition updates.
256
 
257
- = 1.2.04.24 =
258
- Fixed auto-update script to update scan level even if there is no new definitions.
259
 
260
- = 1.2.04.09 =
261
- Added more info about registration to the readme file, Updated timthumb replacement patch to version 2.8.10, and fixed menu option placement.
262
 
263
- = 1.2.04.08 =
264
- Fixed option to exclude directories and added support for winblows servers using BACKSLASH directory structures.
265
 
266
- = 1.2.04.04 =
267
- Fixed new definition updates to properly update the version number and added option to exclude directories.
268
 
269
- = 1.2.04.02 =
270
- Changed definition updates to write to the DB instead of a file and added better messages about available updates.
271
 
272
- = 1.2.04.01 =
273
- Fixed caching issue with downloading second definition file in Safari and encoded registration URL so your email address is your username.
274
 
275
- = 1.2.03.28 =
276
- Fixed registration form.
277
 
278
- = 1.2.03.27 =
279
- Fixed some of the links on the settings page.
280
 
281
  = 1.2.03.23 =
282
- First BETA versions available for WordPress.
1
+ === Anti-Malware Security and Brute-Force Firewall ===
2
  Plugin URI: http://gotmls.net/
3
  Author: Eli Scheetz
4
  Author URI: http://wordpress.ieonly.com/category/my-plugins/anti-malware/
5
+ Contributors: scheeeli, gotmls
6
  Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
7
+ Tags: security, firewall, anti-malware, scanner, automatic, repair, remove, malware, virus, threat, hacked, malicious, infection, timthumb, exploit, block, brute-force, wp-login, patch, antimalware, revslider, Revolution Slider
8
+ Version: 4.17.57
9
+ Stable tag: 4.17.57
10
+ Requires at least: 3.3
11
+ Tested up to: 4.9.3
12
 
13
+ This Anti-Malware scanner searches for Malware, Viruses, and other security threats and vulnerabilities on your server and it helps you fix them.
14
 
15
  == Description ==
16
 
17
  **Features:**
18
 
19
+ * Run a Complete Scan to automatically remove known security threats and backdoor scripts.
20
+ * Firewall block SoakSoak and other malware from exploiting Revolution Slider and other plugins from known vulnerabilites.
21
+ * Upgrade vulnerable versions of timthumb scripts.
22
+ * Download Definition Updates to protect against new threats.
 
23
 
24
+ **Premium Features:**
25
+
26
+ * Patch your wp-login and XMLRPC to block Brute-Force and DDoS attacks.
27
+ * Check the integrity of your WordPress Core files.
28
+ * Automatically download new Definition Updates when running a Complete Scan.
29
+
30
+ Updated February 5th
31
 
32
  Register this plugin at [GOTMLS.NET](http://gotmls.net/) and get access to new definitions of "Known Threats" and added features like Automatic Removal, plus patches for specific security vulnerabilities like old versions of timthumb. Updated definition files can be downloaded automatically within the admin once your Key is registered. Otherwise, this plugin just scans for "Potential Threats" and leaves it up to you to identify and remove the malicious ones.
33
 
34
+ NOTICE: This plugin make call to GOTMLS.NET to check for updates not unlike what WordPress does when checking your plugins and themes for new versions. Staying up-to-date is an essential part of any security plugin and this plugin can let you know when there are new plugin and definition update available. If you're allergic to "phone home" scripts then don't use this plugin (or WordPress at all for that matter).
35
+
36
+ **Special thanks to:**
37
+
38
+ * Clarus Dignus for design suggestions and graphic design work on the banner image.
39
+ * Jelena Kovacevic and Andrew Kurtis of webhostinghub.com for providing the Spanish translation.
40
+ * Marcelo Guernieri for the Brazilian Portuguese translation.
41
+ * Umut Can Alparslan for the Turkish translation.
42
 
43
  == Installation ==
44
 
45
  1. Download and unzip the plugin into your WordPress plugins directory (usually `/wp-content/plugins/`).
46
  1. Activate the plugin through the 'Plugins' menu in your WordPress Admin.
47
+ 1. Register on gotmls.net and download the newest definition updates to scan for Known Threats.
48
 
49
  == Frequently Asked Questions ==
50
 
51
+ = Why should I register? =
52
 
53
+ If you register on [GOTMLS.NET](http://gotmls.net/) you will have access to download definitions of New Threats and added features like automatic removal of "Known Threats" and patches for specific security issues like old versions of timthumb and brute-force attacks on wp-login.php. Otherwise, this plugin only scans for "Potential Threats" on your site, it would then be up to you to identify the good from the bad and remove them accordingly.
54
 
55
+ = How do I patch the Revolution Slider vulnerability? =
56
 
57
+ Easy, if you have installed and activated my this Anti-Malware plugin on your site then it will automatically block attempts to exploit the Revolution Slider vulnerability.
58
+
59
+ = How do I patch the wp-login vulnerability? =
60
+
61
+ The WordPress Login page is susceptible to a brute-force attack (just like any other login page). These types of attacks are becoming more prevalent these days and can sometimes cause your server to become slow or unresponsive, even if the attacks do not succeed in gaining access to your site. This plugin can apply a patch that will block access to the WordPress Login page whenever this type of attack is detected. Just click the Install Patch button under Brute-force Protection on the Anti-Malware Setting page. For more information on this subject [read my blog](http://gotmls.net/tag/wp-login-php/).
62
 
63
  = Why can't I automatically remove the "Potential Threats" in yellow? =
64
 
66
 
67
  = How do I know if any of the "Potential Threats" are dangerous? =
68
 
69
+ Click on the linked filename to examine it, then click each numbered link above the file content box to highlight the suspicious code. If you cannot tell whether or not the code is malicious just leave it alone or ask someone else to look at it for you. If you find that it is malicious please send me a copy of the file so that I can add it to my definition update as a "Know Threat", then it can be automatically removed.
70
 
71
  = What if the scan gets stuck part way through? =
72
 
73
+ First just leave it for a while. If there are a lot of files on your server it could take quite a while and could sometimes appear to not be moving along at all even if it really is working. If it still seems stuck after a while then try running the scan again, be sure you try both the Complete Scan and the Quick scan.
74
 
75
+ = How did I get hacked in the first place? =
76
+
77
+ First, don't take the attack personally. Lots of hackers routinely run automated script that crawl the internet looking for easy targets. Your site probably got hacked because you are unknowingly an easy target. This might be because you are running an older version of WordPress or have installed a Plugin or Theme with a backdoor or known security vulnerability. However, the most common type of infection I see is cross-conamination. This can happen when your site is on a shared server with other exploitable sites that got infected. In most shared hosting environments it's possible for hackers to use an one infected site to infect other sites on the same server, sometimes even if the sites are on different accounts.
78
+
79
+ = What can I do to prevent it from happening again? =
80
 
81
+ There is no sure way to protect your site from every kind of hack attempt. That said, don't be an easy target. Some basic steps should include: hardening your password, keeping all your sites up-to-date, and run regular scans with Anti-Malware software like [GOTMLS.NET](http://gotmls.net/)
82
+
83
+ = Why does sucuri.net or the Google Safe Browsing Diagnostic page still say my site is infected after I have removed the malicious code? =
84
+
85
+ sucuri.net caches their scan results and will not refresh the scan until you click the small link near the bottom of the page that says "Force a Re-scan" to clear the cache. Google also caches your infected pages and usually takes some time before crawling your site again, but you can speed up that process by Requesting a Review in the Malware or Security section of [Google Webmaster Tools](https://www.google.com/webmasters/tools/). It is a good idea to have a Webmaster Tools account for your site anyway as it can provide lots of other helpful information about your site.
86
 
87
  == Screenshots ==
88
 
89
+ 1. The menu showing Anti-Malware options.
90
+ 2. The Scan Setting page in the admin.
91
+ 3. An example scan that found some threats.
92
+ 4. The results window when "Automatic Repair" fixes threats.
93
+ 5. The Quarantine showing threats that have been fix already.
94
 
95
  == Changelog ==
96
 
97
+ = 4.17.57 =
98
+ * Updated code for compatibility with WP 4.9.3 (latest release).
99
+ * Fixed registration form and alternate domain for definition updates to work on HTTPS.
100
+ * Fixed the wording on the Title check error message.
101
+
102
+ = 4.17.44 =
103
+ * Added Title check to make sure it does say you were hacked.
104
+ * Updated code for compatibility with WP 4.8.3 (latest release).
105
+ * Fixed Undefined variable error in Quarantine.
106
+ * Fixed XSS vulnerability in nonce error output.
107
+
108
+ = 4.17.29 =
109
+ * Changed the definition update URL to only use SSL when required.
110
+ * Updated PayPal form for better domestic IPN compatibility.
111
+
112
+ = 4.17.28 =
113
+ * Added the Turkish translation thanks to Umut Can Alparslan.
114
+ * Improved the auto update so that old definitions could be phased out and new threat types would be selected by default.
115
+ * Fixed the admin username change feature on multisite installs.
116
+
117
+ = 4.16.53 =
118
+ * Fixed the details window so that it scrolls to the highlighted code.
119
+ * Set defaults to disable the Potential Threat scan if other threats definitions are enabled.
120
+ * Encoded definitions array for DB storage.
121
+
122
+ = 4.16.49 =
123
+ * Fixed syntax error in the XMLRPC patch for newer versions of Apache.
124
+
125
+ = 4.16.48 =
126
+ * Added fall-back to manual updates if the Automatic update feature fails.
127
+ * Fixed PHP Notices about undefined variable added in last Version release.
128
+ * Improved Apache version detection.
129
+
130
+ = 4.16.47 =
131
+ * Changed Automatic update feature to automatically download all definitions and firewall updates.
132
+ * Added PHP and Apache version detections and changed the XMLRPC patch to work with Apache 2.4 directives.
133
+ * Removed the onbeforeunload function because Norton detected it as a False Positive.
134
+ * Removed code that was deprecated in PHP Version 7.
135
+
136
+ = 4.16.39 =
137
+ * Fixed PHP Notice about an array to string conversion with some rare global variable conditions.
138
+
139
+ = 4.16.38 =
140
+ * Added more firewall options.
141
+ * Moved Scan Log from the Quarantine page to the main Setings page.
142
+ * Fixed PHP Warning about an invalid argument in foreach and some other bugs too.
143
+
144
+ = 4.16.26 =
145
+ * Fixed "What to look for" Options so that changes are saved.
146
+ * Changed get_currentuserinfo to wp_get_current_user because the get_currentuserinfo function was deprecated in WP 4.5
147
+
148
+ = 4.16.17 =
149
+ * Removed Menu Item Placement Options because the add_object_page function was deprecated in WP 4.5.
150
+ * Added firewall options for better compatibility with WP Firewall 2.
151
+ * Fixed an XSS vulnerability in the debug output of the nonce token.
152
+
153
+ = 4.15.49 =
154
+ * Moved the Firewall Options to it's own page linked to from the admin menu.
155
+ * Moved the Quick Scan from the admin menu to the top of the Scan Settings page.
156
+
157
+ = 4.15.46 =
158
+ * Fixed PHP Warning about in_array function expecting parameter 2 to be an array, found by Georgey B.
159
+ * Made a few minor cosmetic changes and fixed a few other small bugs in the interface.
160
+
161
+ = 4.15.45 =
162
+ * Fixed the Nonce Token error caused by W3 Total Cache breaking the set_transient function in WordPress.
163
+ * Added the Brazilian Portuguese language files, thanks to Marcelo Guernieri for the translation.
164
+
165
+ = 4.15.44 =
166
+ * Fixed the admin menu and also some links that did not work on Windows server.
167
+
168
+ = 4.15.43 =
169
+ * Added Core Files to the Quick Scan list on the admin menu.
170
+ * Added a nonce token to prevent Cross-Site Request Forgery by admins who are logged-in from another site.
171
+ * Hardened against XSS vulnerability triggered by the file names being scanned (thanks to Mahadev Subedi).
172
+ * Improved brute-force patch compatibility with alternate wp-config.php location.
173
+
174
+ = 4.15.42 =
175
+ * Had to remove the encoding of the Default Definitions to meet the WordPress Plugin Guidelines.
176
+
177
+ = 4.15.41 =
178
+ * Improved the JavaScript in the new Brute-Force login patch so that it works with caching enabled on the login page.
179
+
180
+ = 4.15.40 =
181
+ * Improved the Brute-Force login patch with custom fields and JavaScript.
182
+ * Added a Save button to that Scan Settings page.
183
+ * Fixed a bug in the XMLRPC Patch "Unblock" feature.
184
+
185
+ = 4.15.30 =
186
+ * Added a link to purge the deleted Quarantine items from the database.
187
+ * Added firewall option to Block all XMLRPC calls.
188
+ * Fixed a few cosmetic bugs in the quarantine and firewall options.
189
+
190
+ = 4.15.29 =
191
+ * Fixed a bugs in the Quarantine that was memory_limit errors if there number of files in the was too high.
192
+ * Added the highlight malicious code feature back to the Quarantine file viewer.
193
+ * Added the ability to change the admin username if the current username is "admin".
194
+ * Improved the code in the Brute-Force Protection patch.
195
+
196
+ = 4.15.28 =
197
+ * Fixed a few bugs in the Core Files Check that was preventing it from fixing some unusual file modifications.
198
+
199
+ = 4.15.27 =
200
+ * Fixed a major bug that made multisite scan extremely slow and sometimes error out.
201
+ * Moved all ajax call out of the init function and into their own functions for better handling time.
202
+
203
+ = 4.15.26 =
204
+ * Moved the quarantine files into the database and deleted the old directory in uploads.
205
+ * Fixed some minor formatting issues in the HTML output on the settings page.
206
+ * Added a warning message if base64_decode has been disabled.
207
+
208
+ = 4.15.24 =
209
+ * Hardened against injected HTML content by encoding the tags with variables.
210
+ * Fixed debug option to exclude individual definitions.
211
+
212
+ = 4.15.23 =
213
+ * Hardened admin_init with current_user_can and realpath on the quarantine file deletion (thanks to J.D. Grimes).
214
+ * Fixed another XSS vulnerabilities in the admin (thanks to James H.)
215
+
216
+ = 4.15.20 =
217
+ * Hardened against XSS vulnerabilities in the admin (thanks to Tim Coen).
218
+ * Added feature to restore default settings for Exclude Extensions.
219
+ * Changed the encoding on the index.php file in the Quarantine to make it more human-readable.
220
+ * Fixed a few small bugs that were throwing PHP Notices in some configurations and added more info to some error messages.
221
+
222
+ = 4.15.17 =
223
+ * Extended execution_time during the Fix process to increase the number of files that could be fixed at a time.
224
+ * Added a Quarantine log to the database.
225
+ * Fixed a couple of minor bugs that would throw PHP notices.
226
+
227
+ = 4.15.16 =
228
+ * Created an automatic update feature that downloads any new definition updates before starting the scan.
229
+ * Added WordPress Core files to the new definitions update process and included a scan option to check the integrity of the Core files.
230
+ * Automatically whitelisted the unmodified WordPress Core files.
231
+ * Made more improvements to the Brute-Force protection patch and other minor cosmetic changes to the interface.
232
+ * Protected the HTML in my plugin from filter injections and fixed a few other minor bugs.
233
+
234
+ = 4.14.65 =
235
+ * Fixed a problem with deleting files from the Quarantine folder.
236
+ * Added a descriptive reason to the error displayed if the fix was unsuccessful.
237
+ * Added link to restore the default location of the Examine Results window.
238
+
239
+ = 4.14.64 =
240
+ * Improved the encoding of definition updates so that they would not be blocked by poorly written firewall rules.
241
+ * Suppressed the "Please make a donation" nag if the fix was unsuccessful, to avoid confusion over premium services.
242
+
243
+ = 4.14.63 =
244
+ * Removed debug alert from initial session check.
245
+
246
+ = 4.14.62 =
247
+ * Improved rewrite compatibility of session check for the Brute-Force Protection Installation.
248
+
249
+ = 4.14.59 =
250
+ * Improved session check for the option to Install Brute-Force Protection and added an error message on failure.
251
+ * Improved support for Multisite by only allowing Network Admins access to the Anti-Malware menu.
252
+
253
+ = 4.14.55 =
254
+ * Added link to view a simple scan history on the Quarantine page.
255
+ * Updated firewall to better protect agains new variations of the RevSlider Exploit.
256
+ * Improved check for session support before giving the option to Install Brute-Force patch.
257
+
258
+ = 4.14.54 =
259
+ * Added option to skip scanning the Quarantined files.
260
+ * Updated Brute-Force patch to fix the problem of being included more that once.
261
+ * Fixed a few minor bugs (better window positioning and css, cleaner results page, updated new help tab, etc.).
262
+ * Made sure that the plugin does not check my servers for updates unless you have registered (this opt-in requirement is part of the WordPress Repository Guidelines).
263
+
264
+ = 4.14.52 =
265
+ * Added exception for the social.png files to the skip files by extension list.
266
+ * Fixed removal of Known Threats from files in the Quarantine directory.
267
+
268
+ = 4.14.51 =
269
+ * Block SoakSoak and other malware from exploiting the Slider Revolution Vulnerability (THIS IS A WIDESPREAD THREAT RIGHT NOW).
270
+
271
+ = 4.14.50 =
272
+ * Enabled the Brute-Force protection option directly from the Settings page.
273
+ * Fixed window position to auto-adjust on small screens.
274
+
275
+ = 4.14.47 =
276
+ * Major upgrade to the protection for wp-login.php Brute-Force attempts.
277
+ * Fixes a bug in setting the permissions for read-only files so that they could still be cleaned.
278
+ * Fixes a minor bug with pass-by-reference which raises a fatal error in PHP v5.4.
279
+ * Enhanced the Examine File window with better styles and more info.
280
+ * Changed form submission of encrypted file lists to array values instead of keys.
281
+ * Fixes other minor bugs.
282
+ * Made the Examine File window sizable.
283
+ * Fixed a few small bugs and removed some old code.
284
+ * Added a link to my new twitter account.
285
+ * Re-purposed Quick Scan to just scan the most affected areas.
286
+ * Set the registration form to display by defaulted in the definition update section.
287
+ * Fixed a few small bugs in advanced features and directory depth determination.
288
+ * Fixed a session bug to display the last directory scanned.
289
+ * Fixed a few small cosmetic bugs for WP 3.8.
290
+ * Added Spanish translation, thanks to Jelena Kovacevic and Andrew Kurtis at webhostinghub.com.
291
+ * Updated string in the code and added a .pot file to be ready for translation into other languages.
292
+ * Added "Select All" checkbox to Quarantine and a new button to delete items from the Quarantine.
293
+ * Added a trace.php file for advanced session tracking.
294
+ * Fixed undefined index bug with menu_group item in settings array.
295
+ * Added support for multisite network admin menu and the ability to restrict admin access.
296
+ * Fixed a session bug in the progress bar related to the last release.
297
+ * Fixed a session bug that conflicted with jigoshop. (Thanks dragonflyfla)
298
+ * Fixed a few bug in the Whitelist definition feature.
299
+
300
+ = 3.07.06 =
301
+ * Added SSL support for definition updates and registration form.
302
+ * Upgraded the Whitelist feature so the it could not contain duplicates.
303
+ * Downgraded the WP-Login threat and changed it to an opt-in fix.
304
+ * Fixed a bug in the Add to Whitelist feature so the you do not need to update the definitions after whitelisting a file.
305
+ * Added ability to whitelist files.
306
+ * Fixed a major bug in yesterdays release broke the login page on some sites.
307
+ * Added a patch for the wp-login.php brute force attack that has been going around.
308
+ * Created a process to restore files from the Quarantine.
309
+ * Fixed a few other small bugs including path issues on Winblows server.
310
+
311
  = 1.3.02.15 =
312
  * Improved security on the Quarantine directory to fix the 500 error on some servers.
 
 
313
  * Fixed count of Quarantined items.
314
  * Added htaccess security to the Uploads directory.
 
 
 
315
  * Linked the Quarantined items to the File Examiner.
316
+ * Added a scan category for Backdoor Scripts.
 
 
 
 
 
 
 
 
317
  * Consolidated the Definition Types and added a Whitelist category.
318
  * Completely redesigned the Definition Updates to handle incremental updates.
319
  * Added "View Quarantine" to the menu.
 
 
320
  * Enhanced Output Buffer to work with compression enabled (like ob_gzhandler).
321
  * Moved the quarantine to the uploads directory to protect against blanket inclusion.
 
 
322
  * Fixed Output Buffer issue for when ob_start has already been called.
 
 
323
  * Enhanced the Automatic Fix process to handle bad directory permissions.
324
  * Added more detailed error messages for different types of file errors.
 
 
 
 
325
  * Improved overall error handling.
326
  * Minor UI enhancements and a few bug fixes.
 
 
327
  * Completely revamped the scan engine to handle large file systems with better error handling.
328
  * Enhanced the results for the Automatic Fix process.
329
  * Fixed a few other small bugs.
 
 
330
  * Enhanced the iFrame for the File Viewer and Automatic Fix process.
331
  * Improved error handling during the scan.
 
 
 
 
 
 
 
 
 
332
  * Moved the File Viewer and Automatic Fix process into an iFrame to decrease scan time and memory usage.
333
  * Enhanced the Automatic Fix process for better success with read-only files.
334
  * Improved code cleanup process and general efficiency of the scan.
 
 
335
  * Encoded definition update for better compatibility with some servers that have post limitation.
336
+ * Fixed XSS vulnerability.
337
+ * Changed registration to allow for multiple sites/keys to be registered under one user/email.
338
+ * Changed auto-update path to update threat level array for all new definition updates.
339
+ * Updated timthumb replacement patch to version 2.8.10 per WordPress.org plugins requirement.
340
+ * Fixed option to exclude directories so that the scan would not get stuck if omitted.
341
+ * Added support for winblows servers using BACKSLASH directory structures.
342
+ * Changed definition updates to write to the DB instead of a file.
343
 
344
+ = 1.2.03.23 =
345
+ * First versions available for WordPress (code removed, no longer compatible).
346
 
347
+ == Upgrade Notice ==
 
348
 
349
+ = 4.17.57 =
350
+ Updated code for compatibility with WP 4.9.3, fixed registration form and alternate domain for definition updates to work on HTTPS, and fixed the wording on the Title Check error message.
351
 
352
+ = 4.17.44 =
353
+ Added Title check to make sure it does say you were hacked, updated code for compatibility with WP 4.8.3 and fixed Undefined variable error in Quarantine and an XSS vulnerability in nonce error output.
354
 
355
+ = 4.17.29 =
356
+ Changed the definition update URL to only use SSL when required, and updated PayPal form for better domestic IPN compatibility.
 
357
 
358
+ = 4.17.28 =
359
+ Added the Turkish translation thanks to Umut Can Alparslan, improved the auto update feature, and fixed the admin username change feature on multisite installs.
360
 
361
+ = 4.16.53 =
362
+ Fixed the details window to scrolls to the highlighted code, set default Potential Threat scan to disabled, and encoded definitions array for DB storage.
 
 
363
 
364
+ = 4.16.49 =
365
+ Fixed syntax error in the XMLRPC patch for newer versions of Apache.
 
366
 
367
+ = 4.16.48 =
368
+ Added fall-back to manual updates if the Automatic update feature fails, fixed PHP Notices and improved Apache version detection.
 
369
 
370
+ = 4.16.47 =
371
+ Changed Automatic update feature, added PHP and Apache version detections, and removed the onbeforeunload function other code that was deprecated.
 
372
 
373
+ = 4.16.39 =
374
+ Fixed PHP Notice about an array to string conversion with some rare global variable conditions.
 
 
375
 
376
+ = 4.16.38 =
377
+ Added more firewall options, moved Scan Log from to the main Setings page, and fixed PHP Warning about an invalid argument and some other bugs too.
378
 
379
+ = 4.16.26 =
380
+ Fixed "What to look for" Options so that changes are saved, and changed get_currentuserinfo to wp_get_current_user.
381
 
382
+ = 4.16.17 =
383
+ Removed Menu Item Placement Options that were deprecated in WP 4.5, Added firewall options for better compatibility with WP Firewall 2, and fixed an XSS vulnerability in the debug output of the nonce token.
384
 
385
+ = 4.15.49 =
386
+ Moved the Firewall Options to it's own page and moved the Quick Scan to the top of the Scan Settings page.
387
 
388
+ = 4.15.46 =
389
+ Made a few minor cosmetic changes and fixed a few small bugs including a PHP Warning about in_array function expecting parameter 2 to be an array.
390
 
391
+ = 4.15.45 =
392
+ Fixed the Nonce Token error caused by W3 Total Cache, and added the Brazilian Portuguese translation by Marcelo Guernieri.
393
 
394
+ = 4.15.44 =
395
+ Fixed the admin menu and also some links that did not work on Windows server.
396
 
397
+ = 4.15.43 =
398
+ Improved brute-force patch compatibility, added Core Files to the Quick Scan list, added a nonce token to prevent Cross-Site Request Forgery by admins who are logged-in, and hardened against XSS vulnerability triggered by bad file names.
399
 
400
+ = 4.15.42 =
401
+ Had to remove the encoding of the Default Definitions to meet the WordPress Plugin Guidelines.
402
 
403
+ = 4.15.41 =
404
+ Improved the JavaScript in the new Brute-Force login patch so that it works with caching enabled on the login page.
405
 
406
+ = 4.15.40 =
407
+ Improved the Brute-Force login patch with custom fields and JavaScript, added a Save button to that Scan Settings page, and fixed a bug in the XMLRPC Patch.
408
 
409
+ = 4.15.30 =
410
+ Added a new firewall option to Block all XMLRPC calls and a link to purge the deleted Quarantine items from the database, and fixed a few cosmetic bugs in the quarantine and firewall options.
411
 
412
+ = 4.15.29 =
413
+ Fixed a bugs in the Quarantine, added the highlight malicious code feature back to the Quarantine file viewer, added the ability to change the admin username, and improved the Brute-Force Protection.
414
 
415
+ = 4.15.28 =
416
+ Fixed a few bugs in the Core Files Check that was preventing it from fixing some unusual file modifications.
417
 
418
+ = 4.15.27 =
419
+ Fixed a major bug that made multisite scan extremely slow and moved all ajax call out of the init function and into their own functions.
420
 
421
+ = 4.15.26 =
422
+ Moved the quarantine files into the database and deleted the old directory in uploads, fixed some minor HTML formatting issues, and added a warning if base64_decode is disabled.
423
 
424
+ = 4.15.24 =
425
+ Hardened against injected HTML content and fixed debug option to exclude individual definitions.
426
 
427
+ = 4.15.23 =
428
+ Fixed another XSS vulnerabilities in the admin (thanks to James H.), and hardened admin_init with current_user_can and realpath on the quarantine file deletion (thanks to J.D. Grimes).
429
 
430
+ = 4.15.20 =
431
+ Hardened against XSS in the admin, changed encoding of the index.php file in the Quarantine, added more info to some error messages and a feature to restore a default setting, and fixed a few small bugs.
432
 
433
+ = 4.15.17 =
434
+ Extended execution_time during the Fix process, added a Quarantine log to the database, and fixed a couple of minor bugs.
435
 
436
+ = 4.15.16 =
437
+ Created automatic definition updates that include WordPress Core files for integrity checking and whitelisting, made more improvements to the Brute-Force protection patch, and a few other cosmetic changes and minor bug fixes.
438
 
439
+ = 4.14.65 =
440
+ Fixed a problem with deleting files from the Quarantine folder, added more descriptive errors and a link to restore the default location of the Examine Results window.
441
 
442
+ = 4.14.64 =
443
+ Improved the encoding of definition updates and suppressed the "Please make a donation" nag if the fix was unsuccessful.
444
 
445
+ = 4.14.63 =
446
+ Removed debug alert from initial session check.
447
 
448
+ = 4.14.62 =
449
+ Improved rewrite compatibility of session check for the Brute-Force Protection Installation.
450
 
451
+ = 4.14.59 =
452
+ Improved session check for the Brute-Force Protection and support for Multisite menu.
453
 
454
+ = 4.14.55 =
455
+ Added link to scan history, improved check for session support before giving installing Brute-Force patch, and updated firewall to better protect agains the RevSlider Exploit.
456
 
457
+ = 4.14.54 =
458
+ Added option to skip scanning the Quarantine, updated Brute-Force patch, and fixed a few minor bugs.
459
 
460
+ = 4.14.52 =
461
+ Added exception for the social.png files to the skip files by extension list, and fixed removal of Known Threats from files in the Quarantine directory.
462
 
463
+ = 4.14.51 =
464
+ Block SoakSoak and other malware from exploiting the Slider Revolution Vulnerability (THIS IS A WIDESPREAD THREAT RIGHT NOW).
465
 
466
+ = 4.14.50 =
467
+ Enabled the Brute-Force protection from the Settings page and fixed window position on small screens.
468
 
469
+ = 4.14.47 =
470
+ Major upgrade to the protection for Brute-Force attempts, and a bug fix for resetting the permissions of read-only files (Plus many other improvement from v3.X: see Changelog for details).
471
 
472
+ = 3.07.06 =
473
+ Added SSL support for definition updates and upgraded the Whitelist feature (Plus many other improvement from v1.3: see Changelog for details).
474
 
475
+ = 1.3.02.15 =
476
+ Improved security on the Quarantine directory to fix the 500 error on some servers (Plus many other improvement from v1.2: see Changelog for details).
477
 
478
  = 1.2.03.23 =
479
+ First versions available for WordPress (code removed, no longer compatible).
safe-load/.htaccess ADDED
@@ -0,0 +1,8 @@
 
 
 
 
 
 
 
 
1
+ # BEGIN GOTMLS Directory Protection
2
+ <IfModule mod_rewrite.c>
3
+ RewriteEngine On
4
+ RewriteCond %{REQUEST_FILENAME} !-f
5
+ RewriteCond %{REQUEST_FILENAME} !-d
6
+ RewriteRule . index.php [L]
7
+ </IfModule>
8
+ # END GOTMLS Directory Protection
safe-load/index.php ADDED
@@ -0,0 +1,21 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ /**
3
+ * GOTMLS Brute-Force protections
4
+ * @package GOTMLS
5
+ */
6
+
7
+ if (!(isset($GLOBALS["GOTMLS"]["detected_attacks"]) && $GLOBALS["GOTMLS"]["detected_attacks"])) {
8
+ $file = (isset($_SERVER["SCRIPT_FILENAME"])?$_SERVER["SCRIPT_FILENAME"]:__FILE__);
9
+ $GLOBALS["GOTMLS"]["detected_attacks"] = '&attack[]='.strtolower((isset($_SERVER["DOCUMENT_ROOT"]) && strlen($_SERVER["DOCUMENT_ROOT"]) < strlen($file))?substr($file, strlen($_SERVER["DOCUMENT_ROOT"])):basename($file));
10
+ }
11
+ foreach (array("REMOTE_ADDR", "HTTP_HOST", "REQUEST_URI", "HTTP_REFERER", "HTTP_USER_AGENT") as $var)
12
+ $GLOBALS["GOTMLS"]["detected_attacks"] .= (isset($_SERVER[$var])?"&SERVER_$var=".urlencode($_SERVER[$var]):"");
13
+ foreach (array("log", "session_id") as $var)
14
+ $GLOBALS["GOTMLS"]["detected_attacks"] .= (isset($_POST[$var])?"&POST_$var=".urlencode($_POST[$var]).(isset($_POST["sess".$_POST[$var]])?"&TIME=".time()."&POST_sess$var=".urlencode($_POST["sess".$_POST[$var]]):""):"");
15
+ $ver = "Unknown";
16
+ if ($file = str_replace(basename(dirname(__FILE__)), basename(__FILE__), dirname(__FILE__)))
17
+ if (is_file($file) && $contents = @file_get_contents($file))
18
+ if (preg_match('/\nversion:\s*([0-9\.]+)/i', $contents, $match))
19
+ $ver = $match[1];
20
+ header("location: http://safe-load.gotmls.net/report.php?ver=$ver".$GLOBALS["GOTMLS"]["detected_attacks"]);
21
+ die();
safe-load/session.php ADDED
@@ -0,0 +1,15 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ /**
3
+ * GOTMLS SESSION Start
4
+ * @package GOTMLS
5
+ */
6
+
7
+ if (!defined("GOTMLS_SESSION_TIME"))
8
+ define("GOTMLS_SESSION_TIME", microtime(true));
9
+ if (!@session_id())
10
+ @session_start();
11
+ if (isset($_SESSION["GOTMLS_SESSION_TIME"]))
12
+ $_SESSION["GOTMLS_SESSION_LAST"] = $_SESSION["GOTMLS_SESSION_TIME"];
13
+ else
14
+ $_SESSION["GOTMLS_SESSION_LAST"] = 0;
15
+ $_SESSION["GOTMLS_SESSION_TIME"] = GOTMLS_SESSION_TIME;
safe-load/trace.php ADDED
@@ -0,0 +1,35 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php // Debug Tracer function by ELI at GOTMLS.NET
2
+ if (!function_exists("GOTMLS_debug_trace")) {
3
+ function GOTMLS_debug_trace($file) {
4
+ $mt = microtime(true);
5
+ if (!session_id())
6
+ @session_start();
7
+ if (!isset($_SESSION["GOTMLS_traces"]))
8
+ $_SESSION["GOTMLS_traces"] = 0;
9
+ if (!isset($_SESSION["GOTMLS_trace_includes"]))
10
+ $_SESSION["GOTMLS_trace_includes"] = array();
11
+ if (isset($_SESSION["GOTMLS_trace_includes"][$_SESSION["GOTMLS_traces"]][$file]))
12
+ $_SESSION["GOTMLS_traces"] = $mt;
13
+ if (!$GOTMLS_headers_sent && $GOTMLS_headers_sent = headers_sent($filename, $linenum)) {
14
+ if (!$filename)
15
+ $filename = __("an unknown file",'gotmls');
16
+ if (!is_numeric($linenum))
17
+ $linenum = __("unknown",'gotmls');
18
+ $mt .= sprintf(__(': Headers sent by %1$s on line %2$s.','gotmls'), $filename, $linenum);
19
+ }
20
+ if (!(isset($_SESSION["GOTMLS_OBs"]) && is_array($_SESSION["GOTMLS_OBs"])))
21
+ $_SESSION["GOTMLS_OBs"] = array();
22
+ if (($OBs = ob_list_handlers()) && is_array($OBs) && (count($_SESSION["GOTMLS_OBs"]) != count($OBs))) {
23
+ $mt .= print_r(array("ob"=>ob_list_handlers()),1);
24
+ $_SESSION["GOTMLS_OBs"] = $OBs;
25
+ }
26
+ $_SESSION["GOTMLS_trace_includes"][$_SESSION["GOTMLS_traces"]][$file] = $mt;
27
+ if (isset($_GET["GOTMLS_traces"]) && count($_SESSION["GOTMLS_trace_includes"][$_SESSION["GOTMLS_traces"]]) > $_GET["GOTMLS_includes"]) {
28
+ $_SESSION["GOTMLS_traces"] = $mt;
29
+ foreach ($_SESSION["GOTMLS_trace_includes"] as $trace => $array)
30
+ if ($trace < $_GET["GOTMLS_traces"])
31
+ unset($_SESSION["GOTMLS_trace_includes"][$trace]);
32
+ die(print_r(array("<a href='?GOTMLS_traces=".substr($_SESSION["GOTMLS_traces"], 0, 10)."'>".substr($_SESSION["GOTMLS_traces"], 0, 10)."</a><pre>",$_SESSION["GOTMLS_trace_includes"],"<pre>")));
33
+ }
34
+ }
35
+ }
safe-load/wp-login.php ADDED
@@ -0,0 +1,94 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ /**
3
+ * GOTMLS wp-login protection
4
+ * @package GOTMLS
5
+ */
6
+
7
+ if (!defined("GOTMLS_REQUEST_METHOD"))
8
+ define("GOTMLS_REQUEST_METHOD", (isset($_SERVER["REQUEST_METHOD"])?strtoupper($_SERVER["REQUEST_METHOD"]):"none"));
9
+ if ((GOTMLS_REQUEST_METHOD == "POST") && isset($_POST["log"]) && isset($_POST["pwd"]) && isset($_POST["session_id"]) && isset($_POST["sess".$_POST["session_id"]]) && is_numeric($_POST["sess".$_POST["session_id"]])) {
10
+ $sess = round($_POST["sess".$_POST["session_id"]] / 60000);
11
+ $time = round(time() / 60);
12
+ if ((($time - $sess) > 2) || (($sess - $time) > 2)) {
13
+ $GLOBALS["GOTMLS"]["detected_attacks"] = '&attack[]=NO_JS';
14
+ include(dirname(__FILE__)."/index.php");
15
+ }
16
+ } else {
17
+ include(dirname(__FILE__)."/session.php");
18
+ if (!function_exists("GOTMLS_update_log_file")) {
19
+ function GOTMLS_update_log_file($dont_force_write = true) {
20
+ if (!defined("GOTMLS_SESSION_FILE"))
21
+ define("GOTMLS_SESSION_FILE", dirname(__FILE__)."/_SESSION/index.php");
22
+ if (is_file(GOTMLS_SESSION_FILE))
23
+ include(GOTMLS_SESSION_FILE);
24
+ else {
25
+ if (!is_dir(dirname(GOTMLS_SESSION_FILE)))
26
+ @mkdir(dirname(GOTMLS_SESSION_FILE));
27
+ if (is_dir(dirname(GOTMLS_SESSION_FILE)))
28
+ if (!is_file(GOTMLS_SESSION_FILE))
29
+ if (file_put_contents(GOTMLS_SESSION_FILE, "<?php if (!defined('GOTMLS_INSTALL_TIME')) define('GOTMLS_INSTALL_TIME', '".GOTMLS_SESSION_TIME."');"))
30
+ include(GOTMLS_SESSION_FILE);
31
+ }
32
+ if (!defined("GOTMLS_INSTALL_TIME"))
33
+ return false;
34
+ else {
35
+ $GOTMLS_LOGIN_ARRAY = array("ADDR"=>(isset($_SERVER["REMOTE_ADDR"])?$_SERVER["REMOTE_ADDR"]:"REMOTE_ADDR"), "AGENT"=>(isset($_SERVER["HTTP_USER_AGENT"])?$_SERVER["HTTP_USER_AGENT"]:"HTTP_USER_AGENT"), "TIME"=>GOTMLS_INSTALL_TIME);
36
+ $GOTMLS_LOGIN_KEY = md5(serialize($GOTMLS_LOGIN_ARRAY));
37
+ if (!defined("GOTMLS_LOG_FILE"))
38
+ define("GOTMLS_LOG_FILE", dirname(GOTMLS_SESSION_FILE)."/.GOTMLS.$GOTMLS_LOGIN_KEY.php");
39
+ if (is_file(GOTMLS_LOG_FILE))
40
+ include(GOTMLS_LOG_FILE);
41
+ if (GOTMLS_REQUEST_METHOD == "POST")
42
+ $GLOBALS["GOTMLS"]["logins"][$GOTMLS_LOGIN_KEY][GOTMLS_REQUEST_METHOD][GOTMLS_INSTALL_TIME] = $GOTMLS_LOGIN_ARRAY;
43
+ else
44
+ $GLOBALS["GOTMLS"]["logins"][$GOTMLS_LOGIN_KEY][GOTMLS_REQUEST_METHOD] = GOTMLS_INSTALL_TIME;
45
+ @file_put_contents(GOTMLS_LOG_FILE, '<?php $GLOBALS["GOTMLS"]["logins"]["'.$GOTMLS_LOGIN_KEY.'"]=unserialize(base64_decode("'.base64_encode(serialize($GLOBALS["GOTMLS"]["logins"][$GOTMLS_LOGIN_KEY])).'"));');
46
+ if (isset($GLOBALS["GOTMLS"]["logins"][$GOTMLS_LOGIN_KEY]) && is_array($GLOBALS["GOTMLS"]["logins"][$GOTMLS_LOGIN_KEY]))
47
+ return $GOTMLS_LOGIN_KEY;
48
+ else
49
+ return 0;
50
+ }
51
+ }
52
+ }
53
+ if ((GOTMLS_REQUEST_METHOD == "POST") && isset($_POST["log"]) && isset($_POST["pwd"]) && !(isset($GOTMLS_LOGIN_KEY) && isset($GOTMLS_logins[$GOTMLS_LOGIN_KEY]["whitelist"]))) {
54
+ if (!(isset($_SESSION["GOTMLS_detected_attacks"]) && $_SESSION["GOTMLS_SESSION_LAST"]))
55
+ $GLOBALS["GOTMLS"]["detected_attacks"] = '&attack[]=NO_SESSION';
56
+ if (!isset($_SERVER["REMOTE_ADDR"]))
57
+ $GLOBALS["GOTMLS"]["detected_attacks"] .= '&attack[]=NO_REMOTE_ADDR';
58
+ if (!isset($_SERVER["HTTP_USER_AGENT"]))
59
+ $GLOBALS["GOTMLS"]["detected_attacks"] .= '&attack[]=NO_HTTP_USER_AGENT';
60
+ if (!isset($_SERVER["HTTP_REFERER"]))
61
+ $GLOBALS["GOTMLS"]["detected_attacks"] .= '&attack[]=NO_HTTP_REFERER';
62
+ if (!$GLOBALS["GOTMLS"]["detected_attacks"]) {
63
+ if (isset($_SESSION["GOTMLS_login_attempts"]) && is_numeric($_SESSION["GOTMLS_login_attempts"]) && strlen($_SESSION["GOTMLS_login_attempts"]."") > 0)
64
+ $_SESSION["GOTMLS_login_attempts"]++;
65
+ else {
66
+ if ($GOTMLS_LOGIN_KEY = GOTMLS_update_log_file()) {
67
+ if (!(isset($GLOBALS["GOTMLS"]["logins"][$GOTMLS_LOGIN_KEY]["POST"]) && is_array($GLOBALS["GOTMLS"]["logins"][$GOTMLS_LOGIN_KEY]["POST"])))
68
+ $GLOBALS["GOTMLS"]["detected_attacks"] .= '&attack[]=NO_LOGIN_ATTEMPTS';
69
+ elseif (!isset($GLOBALS["GOTMLS"]["logins"][$GOTMLS_LOGIN_KEY]["GET"]))
70
+ $GLOBALS["GOTMLS"]["detected_attacks"] .= '&attack[]=NO_LOGIN_GETS';
71
+ else {
72
+ $_SESSION["GOTMLS_login_attempts"] = 0;
73
+ foreach ($GLOBALS["GOTMLS"]["logins"][$GOTMLS_LOGIN_KEY]["POST"] as $LOGIN_TIME=>$LOGIN_ARRAY) {
74
+ if ($LOGIN_TIME > $GLOBALS["GOTMLS"]["logins"][$GOTMLS_LOGIN_KEY]["GET"])
75
+ $_SESSION["GOTMLS_login_attempts"]++;
76
+ else
77
+ unset($GLOBALS["GOTMLS"]["logins"][$GOTMLS_LOGIN_KEY]["POST"][$LOGIN_TIME]);
78
+ }
79
+ }
80
+ } else
81
+ $GLOBALS["GOTMLS"]["detected_attacks"] .= '&attack[]=NO_LOG_FILE';
82
+ }
83
+ if (!(isset($_SESSION["GOTMLS_login_attempts"]) && is_numeric($_SESSION["GOTMLS_login_attempts"]) && ($_SESSION["GOTMLS_login_attempts"] < 6) && $_SESSION["GOTMLS_login_attempts"]))
84
+ $GLOBALS["GOTMLS"]["detected_attacks"] .= '&attack[]=TOO_MANY_login_attempts';
85
+ }
86
+ if ($GLOBALS["GOTMLS"]["detected_attacks"])
87
+ include(dirname(__FILE__)."/index.php");
88
+ } else {
89
+ if (isset($_SERVER["SCRIPT_FILENAME"]) && basename(__FILE__) == basename($_SERVER["SCRIPT_FILENAME"]))
90
+ GOTMLS_update_log_file();
91
+ $_SESSION["GOTMLS_detected_attacks"] = '';
92
+ $_SESSION["GOTMLS_login_attempts"] = 0;
93
+ }
94
+ }
safe-load/wp-settings.php ADDED
@@ -0,0 +1,161 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ if (is_file("../../../../wp-includes/version.php"))
3
+ require_once("../../../../wp-includes/version.php");
4
+ if (is_file("../../../../wp-includes/default-constants.php"))
5
+ require_once("../../../../wp-includes/default-constants.php");
6
+ if ( !defined('WP_DEBUG_DISPLAY') )
7
+ define( 'WP_DEBUG_DISPLAY', true );
8
+
9
+ if (!function_exists("apply_filters")) {
10
+ function apply_filters($filter, $value) {
11
+ return $value;
12
+ }}
13
+ if (!function_exists("wp_load_translations_early")) {
14
+ function wp_load_translations_early() {
15
+ return false;
16
+ }}
17
+ if (!function_exists("wp_debug_backtrace_summary")) {
18
+ function wp_debug_backtrace_summary() {
19
+ return false;
20
+ }}
21
+ if (!function_exists("is_multisite")) {
22
+ function is_multisite() {
23
+ return false;
24
+ }}
25
+ if (!function_exists("is_wp_error")) {
26
+ function is_wp_error() {
27
+ return false;
28
+ }}
29
+ if (!function_exists("mbstring_binary_safe_encoding")) {
30
+ function mbstring_binary_safe_encoding( $reset = false ) {
31
+ static $encodings = array();
32
+ static $overloaded = null;
33
+
34
+ if ( is_null( $overloaded ) )
35
+ $overloaded = function_exists( 'mb_internal_encoding' ) && ( ini_get( 'mbstring.func_overload' ) & 2 );
36
+
37
+ if ( false === $overloaded )
38
+ return;
39
+
40
+ if ( ! $reset ) {
41
+ $encoding = mb_internal_encoding();
42
+ array_push( $encodings, $encoding );
43
+ mb_internal_encoding( 'ISO-8859-1' );
44
+ }
45
+
46
+ if ( $reset && $encodings ) {
47
+ $encoding = array_pop( $encodings );
48
+ mb_internal_encoding( $encoding );
49
+ }
50
+ }}
51
+ if (!function_exists("reset_mbstring_encoding")) {
52
+ function reset_mbstring_encoding() {
53
+ mbstring_binary_safe_encoding( true );
54
+ }}
55
+ if (!function_exists("_wp_filter_build_unique_id")) {
56
+ function _wp_filter_build_unique_id($tag, $function, $priority) {
57
+ global $wp_filter;
58
+ static $filter_id_count = 0;
59
+
60
+ if ( is_string($function) )
61
+ return $function;
62
+
63
+ if ( is_object($function) ) {
64
+ // Closures are currently implemented as objects
65
+ $function = array( $function, '' );
66
+ } else {
67
+ $function = (array) $function;
68
+ }
69
+
70
+ if (is_object($function[0]) ) {
71
+ // Object Class Calling
72
+ if ( function_exists('spl_object_hash') ) {
73
+ return spl_object_hash($function[0]) . $function[1];
74
+ } else {
75
+ $obj_idx = get_class($function[0]).$function[1];
76
+ if ( !isset($function[0]->wp_filter_id) ) {
77
+ if ( false === $priority )
78
+ return false;
79
+ $obj_idx .= isset($wp_filter[$tag][$priority]) ? count((array)$wp_filter[$tag][$priority]) : $filter_id_count;
80
+ $function[0]->wp_filter_id = $filter_id_count;
81
+ ++$filter_id_count;
82
+ } else {
83
+ $obj_idx .= $function[0]->wp_filter_id;
84
+ }
85
+
86
+ return $obj_idx;
87
+ }
88
+ } elseif ( is_string( $function[0] ) ) {
89
+ // Static Calling
90
+ return $function[0] . '::' . $function[1];
91
+ }
92
+ }}
93
+
94
+ if (!function_exists("add_filter")) {
95
+ function add_filter( $tag, $function_to_add, $priority = 10, $accepted_args = 1 ) {
96
+ global $wp_filter, $merged_filters;
97
+
98
+ $idx = _wp_filter_build_unique_id($tag, $function_to_add, $priority);
99
+ $wp_filter[$tag][$priority][$idx] = array('function' => $function_to_add, 'accepted_args' => $accepted_args);
100
+ unset( $merged_filters[ $tag ] );
101
+ return true;
102
+ }}
103
+ if (!function_exists("has_filter")) {
104
+ function has_filter($tag, $function_to_check = false) {
105
+ global $wp_filter;
106
+ $has = ! empty( $wp_filter[ $tag ] );
107
+ if ( $has ) {
108
+ $exists = false;
109
+ foreach ( $wp_filter[ $tag ] as $callbacks ) {
110
+ if ( ! empty( $callbacks ) ) {
111
+ $exists = true;
112
+ break;
113
+ }
114
+ }
115
+ if ( ! $exists )
116
+ $has = false;
117
+ }
118
+ if ( false === $function_to_check || false == $has )
119
+ return $has;
120
+ if ( !$idx = _wp_filter_build_unique_id($tag, $function_to_check, false) )
121
+ return false;
122
+ foreach ( (array) array_keys($wp_filter[$tag]) as $priority )
123
+ if ( isset($wp_filter[$tag][$priority][$idx]) )
124
+ return $priority;
125
+ return false;
126
+ }}
127
+
128
+ if (is_file("../../../../wp-includes/wp-db.php"))
129
+ require_once("../../../../wp-includes/wp-db.php");
130
+
131
+ $wpdb = new wpdb( DB_USER, DB_PASSWORD, DB_NAME, DB_HOST );
132
+
133
+ if (!function_exists("delete_option")) {
134
+ function delete_option($index) {
135
+ global $wpdb, $table_prefix;
136
+ $wpdb->delete($table_prefix."options", array( 'option_name' => "'$index'"));
137
+ // echo "<li>del:".$index."<li>qry:".$wpdb->last_query."<li>err:".$wpdb->last_error;
138
+ }}
139
+
140
+ if (!function_exists("update_option")) {
141
+ function update_option($index, $value = "") {
142
+ global $wpdb, $table_prefix;
143
+ if (is_array($value))
144
+ $value = serialize($value);
145
+ // $value = mysqli_real_escape_string($wpdb, $value);
146
+ $return = $wpdb->update($table_prefix."options", array('option_value' => $value), array('option_name' => $index));
147
+ // echo "<li>upd:".$index."<li>qry:".$wpdb->last_query."<li>err:".$wpdb->last_error;
148
+ return $return;
149
+ }}
150
+
151
+ if (!function_exists("get_option")) {
152
+ function get_option($index, $value = array()) {
153
+ global $wpdb, $table_prefix;
154
+ $qry = "SELECT option_value FROM {$table_prefix}options WHERE option_name = '$index'";
155
+ $return = $wpdb->get_var( $qry );
156
+ if (@unserialize($return) && is_array(@unserialize($return)))
157
+ return unserialize($return);
158
+ else
159
+ return $return;
160
+ // echo $wpdb->func_call."<li>get:".$index."<li>qry:$qry;/".$wpdb->last_query."<li>err:".$wpdb->last_error;
161
+ }}
screenshot-1.png DELETED
Binary file
screenshot-2.png DELETED
Binary file