Version Description
- Added a whole new DB Scan category that looks for links and scripts injected directly into the database content and removes them.
- Updated Firewall landing page for HTTPS compatibility.
- Removed some old code that was no longer needed.
- Added a feature to clear cache files before running the Complete Scan, this will speed up the scan and prevent malware from being saved on your cached paged.
- Updated code for compatibility with WP 5.0.2 (latest release).
Download this release
Release Info
| Developer | scheeeli |
| Plugin |  Anti-Malware Security and Brute-Force Firewall |
| Version | 4.18.52 |
| Comparing to | |
| See all releases | |
Code changes from version 4.17.69 to 4.18.52
- images/index.php +137 -27
- index.php +156 -136
- readme.txt +16 -6
- safe-load/index.php +1 -1
images/index.php
CHANGED
|
@@ -18,7 +18,8 @@ if (is_file(GOTMLS_plugin_path.$file) && ($contents = @file_get_contents(GOTMLS_
|
|
| 18 |
else
|
| 19 |
GOTMLS_define("GOTMLS_Version", "Unknown");
|
| 20 |
GOTMLS_define("GOTMLS_require_version", "3.3");
|
| 21 |
-
|
|
|
|
| 22 |
if (!function_exists("__")) {
|
| 23 |
function __($text, $domain = "gotmls") {
|
| 24 |
return $text;
|
|
@@ -30,16 +31,16 @@ $GLOBALS["GOTMLS"] = array(
|
|
| 30 |
"skip_dirs" => array(".", ".."), "scanfiles" => array(), "nonce"=>array(),
|
| 31 |
"mt" => ((isset($_REQUEST["mt"])&&is_numeric($_REQUEST["mt"]))?$_REQUEST["mt"]:microtime(true)),
|
| 32 |
"threat_files" => array("htaccess"=>".htaccess","timthumb"=>"thumb.php"),
|
| 33 |
-
"threat_levels" => array(__("
|
| 34 |
"apache" => array(),
|
| 35 |
-
"skip_ext"=>array("png", "jpg", "jpeg", "gif", "bmp", "tif", "tiff", "psd", "svg", "
|
| 36 |
"execution_time" => 60,
|
| 37 |
"default" => array("msg_position" => array("80px", "40px", "400px", "600px")),
|
| 38 |
"Definition" => array("Default" => "CCIGG"),
|
| 39 |
"definitions_array" => array(
|
| 40 |
"potential"=>array(
|
| 41 |
$bad[0]=>array("CCIGG", "/[^a-z_\\/'\"]".$bad[0]."\\(.+\\)+\\s*;/i"),
|
| 42 |
-
$bad[1]." /e"=>array("CCIGG", "/".$bad[1]."[\\s*\\(]+(['\"])([\\!\\/\\#\\|\\@\\%\\^\\*\\~]).+?\\2[imsx]*e[imsx]*\\1\\s*,[^,]+,[^\\)]+[\\);\\s]
|
| 43 |
$bad[2]=>array("CCIGG", "/\\\$".$bad[2]."\\s*=.+;/i"),
|
| 44 |
"function add_action wp_enqueue_script json2"=>array("CCIGG", "/json2\\.min\\.js/i"),
|
| 45 |
"Tagged Code"=>array("CCIGG", "/\\#(\\w+)\\#.+?\\#\\/\\1\\#/is"),
|
|
@@ -116,14 +117,16 @@ if (!defined("ABSPATH")) {
|
|
| 116 |
function GOTMLS_update_option($index, $value = array()) {
|
| 117 |
return update_option('GOTMLS_'.$index.'_blob', GOTMLS_encode(serialize($value)));
|
| 118 |
}
|
|
|
|
| 119 |
function GOTMLS_get_option($index, $value = array()) {
|
| 120 |
-
if (
|
| 121 |
GOTMLS_update_option($index, $tmp);
|
| 122 |
delete_option('GOTMLS_'.$index.'_array');
|
| 123 |
} else
|
| 124 |
$tmp = $value;
|
| 125 |
return unserialize(GOTMLS_decode(get_option('GOTMLS_'.$index.'_blob', GOTMLS_encode(serialize($tmp)))));
|
| 126 |
}
|
|
|
|
| 127 |
$GOTMLS_chmod_file = (0644);
|
| 128 |
$GOTMLS_chmod_dir = (0755);
|
| 129 |
$GLOBALS["GOTMLS"]["tmp"]["nonce"] = get_option('GOTMLS_nonce_array', array());
|
|
@@ -215,7 +218,7 @@ span.GOTMLS_date {float: right; width: 135px; white-space: nowrap; font-size: 11
|
|
| 215 |
.GOTMLS_li, .GOTMLS_plugin li {list-style: none;}
|
| 216 |
.GOTMLS_plugin {margin: 5px; background: #cfc; border: 1px solid #0C0; padding: 0 5px; border-radius: 3px;}
|
| 217 |
.GOTMLS_plugin.disabled, .GOTMLS_plugin.read-only {background: #9f9; border: 1px solid #0f0;}
|
| 218 |
-
.GOTMLS_plugin.known, .GOTMLS_plugin.
|
| 219 |
.GOTMLS_plugin.potential, .GOTMLS_plugin.wp_core, .GOTMLS_plugin.skipdirs, .GOTMLS_plugin.skipped {background: #ffc; border: 1px solid #fc6;}
|
| 220 |
.GOTMLS ul li {margin-left: 12px;}
|
| 221 |
.GOTMLS h2 {margin: 0 0 10px;}
|
|
@@ -337,7 +340,7 @@ function select_text_range(ta_id, start, end) {
|
|
| 337 |
}
|
| 338 |
}
|
| 339 |
$Q_Page .= '
|
| 340 |
-
<li id="GOTMLS_quarantine_'.$post_a["ID"].'" class="GOTMLS_quarantine_item"><span class="GOTMLS_date">'.$post_a["post_date_gmt"].'</span><span class="GOTMLS_date">'.$post_a["post_modified_gmt"].'</span><input'.$restored.' type="checkbox" name="id[]" value="'.$post_a["ID"].'" id="
|
| 341 |
}
|
| 342 |
$Q_Page .= "\n</ul>";
|
| 343 |
for ($p = 1; $p <= 0; $p++) {
|
|
@@ -546,13 +549,12 @@ function GOTMLS_preg_match_all($threat_definition, $threat_name) {
|
|
| 546 |
}
|
| 547 |
|
| 548 |
function GOTMLS_check_threat($check_threats, $file='UNKNOWN') {
|
| 549 |
-
global $wp_version;
|
| 550 |
$GLOBALS["GOTMLS"]["tmp"]["threats_found"] = array();
|
| 551 |
$GLOBALS["GOTMLS"]["log"]["scan"]["last_threat"] = microtime(true);
|
| 552 |
if (is_array($check_threats)) {
|
| 553 |
$path = str_replace("//", "/", "/".str_replace("\\", "/", substr($file, strlen(ABSPATH))));
|
| 554 |
-
if (substr($file, 0, strlen(ABSPATH)) == ABSPATH && isset($check_threats[
|
| 555 |
-
if (($check_threats[
|
| 556 |
$GLOBALS["GOTMLS"]["tmp"]["new_contents"] = $source;
|
| 557 |
$len = strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]);
|
| 558 |
if (strlen($source) < $len)
|
|
@@ -612,7 +614,7 @@ function GOTMLS_check_threat($check_threats, $file='UNKNOWN') {
|
|
| 612 |
}
|
| 613 |
|
| 614 |
function GOTMLS_scanfile($file) {
|
| 615 |
-
global $
|
| 616 |
$GLOBALS["GOTMLS"]["tmp"]["debug_fix"]="Scanning...";
|
| 617 |
$GLOBALS["GOTMLS"]["tmp"]["threats_found"] = array();
|
| 618 |
$gt = ">";
|
|
@@ -623,8 +625,8 @@ function GOTMLS_scanfile($file) {
|
|
| 623 |
$real_file = realpath($file);
|
| 624 |
$clean_file = GOTMLS_encode($real_file);
|
| 625 |
if (is_file($real_file) && ($filesize = filesize($real_file)) && ($GLOBALS["GOTMLS"]["tmp"]["file_contents"] = @file_get_contents($real_file))) {
|
| 626 |
-
if (isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"][
|
| 627 |
-
$whitelist = array_flip($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"][
|
| 628 |
else
|
| 629 |
$whitelist = array();
|
| 630 |
if (isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"])) {
|
|
@@ -649,12 +651,14 @@ function GOTMLS_scanfile($file) {
|
|
| 649 |
}
|
| 650 |
if (isset($GLOBALS["GOTMLS"]["tmp"]["threat_levels"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["threat_levels"])) {
|
| 651 |
foreach ($GLOBALS["GOTMLS"]["tmp"]["threat_levels"] as $threat_level) {
|
| 652 |
-
if (
|
| 653 |
-
$_SESSION["GOTMLS_debug"]
|
| 654 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
| 655 |
}
|
| 656 |
-
if (in_array($threat_level, $GLOBALS["GOTMLS"]["log"]["settings"]["check"]) && !$found && isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"][$threat_level]) && ($threat_level != "wp_core" || (substr($file, 0, strlen(ABSPATH)) == ABSPATH && isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]["$wp_version"]["$path"]))) && (!array_key_exists($threat_level, $GLOBALS["GOTMLS"]["tmp"]["threat_files"]) || (substr($file."e", (-1 * strlen($GLOBALS["GOTMLS"]["tmp"]["threat_files"][$threat_level]."e"))) == $GLOBALS["GOTMLS"]["tmp"]["threat_files"][$threat_level]."e")) && ($found = GOTMLS_check_threat($GLOBALS["GOTMLS"]["tmp"]["definitions_array"][$threat_level],$file)))
|
| 657 |
-
$className = $threat_level;
|
| 658 |
}
|
| 659 |
}
|
| 660 |
if (isset($_SESSION["GOTMLS_debug"])) {
|
|
@@ -679,7 +683,7 @@ function GOTMLS_scanfile($file) {
|
|
| 679 |
$className = "errors";
|
| 680 |
}
|
| 681 |
if (count($GLOBALS["GOTMLS"]["tmp"]["threats_found"])) {
|
| 682 |
-
$threat_link = $lt.'a target="GOTMLS_iFrame" href="'.admin_url('admin-ajax.php?action=GOTMLS_scan&'.GOTMLS_set_nonce(__FUNCTION__."
|
| 683 |
if ($className == "errors") {
|
| 684 |
$GLOBALS["GOTMLS"]["tmp"]["debug_fix"]="errors";
|
| 685 |
$threat_link = GOTMLS_error_link($GLOBALS["GOTMLS"]["tmp"]["file_contents"], $file);
|
|
@@ -695,7 +699,7 @@ $GLOBALS["GOTMLS"]["tmp"]["debug_fix"]="GOTMLS_fix";
|
|
| 695 |
$GLOBALS["GOTMLS"]["tmp"]["file_contents"] = "";
|
| 696 |
} elseif ($className == 'wp_core') {
|
| 697 |
$path = str_replace("//", "/", "/".str_replace("\\", "/", substr($file, strlen(ABSPATH))));
|
| 698 |
-
if (substr($file, 0, strlen(ABSPATH)) == ABSPATH && isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"][
|
| 699 |
$GLOBALS["GOTMLS"]["tmp"]["new_contents"] = $source;
|
| 700 |
else
|
| 701 |
$GLOBALS["GOTMLS"]["tmp"]["file_contents"] = "";
|
|
@@ -708,7 +712,7 @@ $GLOBALS["GOTMLS"]["tmp"]["debug_fix"]="GOTMLS_fix";
|
|
| 708 |
else
|
| 709 |
$GLOBALS["GOTMLS"]["tmp"]["new_contents"] = "";
|
| 710 |
}
|
| 711 |
-
if (strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]) > 0 && (($Q_post = GOTMLS_write_quarantine($file, $className)) !== false) && ((strlen($GLOBALS["GOTMLS"]["tmp"]["new_contents"])==0 && isset($_GET["eli"]) && @unlink($file)) || (($Write_File = GOTMLS_file_put_contents($file, $GLOBALS["GOTMLS"]["tmp"]["new_contents"])) !== false))) {
|
| 712 |
echo __("Success!",'gotmls');
|
| 713 |
return "/*--{$gt}*"."/\nfixedFile('$clean_file');\n/*{$lt}!--*"."/";
|
| 714 |
} else {
|
|
@@ -741,6 +745,103 @@ $GLOBALS["GOTMLS"]["tmp"]["debug_fix"]="no threat";
|
|
| 741 |
}
|
| 742 |
}
|
| 743 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 744 |
function GOTMLS_remove_dots($dir) {
|
| 745 |
if ($dir != "." && $dir != "..")
|
| 746 |
return $dir;
|
|
@@ -836,7 +937,14 @@ function GOTMLS_html_tags($tags, $inner = array()) {
|
|
| 836 |
|
| 837 |
function GOTMLS_write_quarantine($file, $className) {
|
| 838 |
global $wpdb;
|
| 839 |
-
$insert = array("post_author"=>GOTMLS_get_current_user_id(), "post_content"=>GOTMLS_encode($GLOBALS["GOTMLS"]["tmp"]["file_contents"]), "post_mime_type"=>md5($GLOBALS["GOTMLS"]["tmp"]["file_contents"]), "
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 840 |
$insert["post_date"] = date("Y-m-d H:i:s");
|
| 841 |
$insert["post_date_gmt"] = $insert["post_date"];
|
| 842 |
if (is_file($file)) {
|
|
@@ -997,13 +1105,15 @@ function GOTMLS_strip4java($item, $htmlentities = false) {
|
|
| 997 |
|
| 998 |
function GOTMLS_error_link($errorTXT, $file = "", $class = "errors") {
|
| 999 |
global $post;
|
| 1000 |
-
|
| 1001 |
-
|
| 1002 |
-
|
| 1003 |
-
$onclick = 'loadIframe(\''.str_replace("\"", """, '<div style="float: left; white-space: nowrap;">'.__("Examine
|
|
|
|
|
|
|
| 1004 |
else
|
| 1005 |
$onclick = 'return false;';
|
| 1006 |
-
return "<a title=\"$errorTXT\" target=\"GOTMLS_iFrame\" onclick=\"$onclick\" class=\"GOTMLS_plugin $class\">";
|
| 1007 |
}
|
| 1008 |
|
| 1009 |
function GOTMLS_check_file($file) {
|
| 18 |
else
|
| 19 |
GOTMLS_define("GOTMLS_Version", "Unknown");
|
| 20 |
GOTMLS_define("GOTMLS_require_version", "3.3");
|
| 21 |
+
if (isset($wp_version) && ($wp_version))
|
| 22 |
+
GOTMLS_define("GOTMLS_wp_version", $wp_version);
|
| 23 |
if (!function_exists("__")) {
|
| 24 |
function __($text, $domain = "gotmls") {
|
| 25 |
return $text;
|
| 31 |
"skip_dirs" => array(".", ".."), "scanfiles" => array(), "nonce"=>array(),
|
| 32 |
"mt" => ((isset($_REQUEST["mt"])&&is_numeric($_REQUEST["mt"]))?$_REQUEST["mt"]:microtime(true)),
|
| 33 |
"threat_files" => array("htaccess"=>".htaccess","timthumb"=>"thumb.php"),
|
| 34 |
+
"threat_levels" => array(__("Database Injections",'gotmls')=>"db_scan",__("htaccess Threats",'gotmls')=>"htaccess",__("TimThumb Exploits",'gotmls')=>"timthumb",__("Known Threats",'gotmls')=>"known",__("Core File Changes",'gotmls')=>"wp_core",__("Potential Threats",'gotmls')=>"potential"),
|
| 35 |
"apache" => array(),
|
| 36 |
+
"skip_ext"=>array("png", "jpg", "jpeg", "gif", "bmp", "tif", "tiff", "psd", "svg", "doc", "docx", "ttf", "fla", "flv", "mov", "mp3", "pdf", "css", "pot", "po", "mo", "so", "exe", "zip", "7z", "gz", "rar"),
|
| 37 |
"execution_time" => 60,
|
| 38 |
"default" => array("msg_position" => array("80px", "40px", "400px", "600px")),
|
| 39 |
"Definition" => array("Default" => "CCIGG"),
|
| 40 |
"definitions_array" => array(
|
| 41 |
"potential"=>array(
|
| 42 |
$bad[0]=>array("CCIGG", "/[^a-z_\\/'\"]".$bad[0]."\\(.+\\)+\\s*;/i"),
|
| 43 |
+
$bad[1]." /e"=>array("CCIGG", "/".$bad[1]."[\\s*\\(]+(['\"])([\\!\\/\\#\\|\\@\\%\\^\\*\\~]).+?\\2[imsx]*e[imsx]*\\1\\s*,[^,]+,[^\\)]+[\\);\\s]+/i"),
|
| 44 |
$bad[2]=>array("CCIGG", "/\\\$".$bad[2]."\\s*=.+;/i"),
|
| 45 |
"function add_action wp_enqueue_script json2"=>array("CCIGG", "/json2\\.min\\.js/i"),
|
| 46 |
"Tagged Code"=>array("CCIGG", "/\\#(\\w+)\\#.+?\\#\\/\\1\\#/is"),
|
| 117 |
function GOTMLS_update_option($index, $value = array()) {
|
| 118 |
return update_option('GOTMLS_'.$index.'_blob', GOTMLS_encode(serialize($value)));
|
| 119 |
}
|
| 120 |
+
|
| 121 |
function GOTMLS_get_option($index, $value = array()) {
|
| 122 |
+
if (is_array($tmp = get_option('GOTMLS_'.$index.'_array', array())) && count($tmp)) {
|
| 123 |
GOTMLS_update_option($index, $tmp);
|
| 124 |
delete_option('GOTMLS_'.$index.'_array');
|
| 125 |
} else
|
| 126 |
$tmp = $value;
|
| 127 |
return unserialize(GOTMLS_decode(get_option('GOTMLS_'.$index.'_blob', GOTMLS_encode(serialize($tmp)))));
|
| 128 |
}
|
| 129 |
+
|
| 130 |
$GOTMLS_chmod_file = (0644);
|
| 131 |
$GOTMLS_chmod_dir = (0755);
|
| 132 |
$GLOBALS["GOTMLS"]["tmp"]["nonce"] = get_option('GOTMLS_nonce_array', array());
|
| 218 |
.GOTMLS_li, .GOTMLS_plugin li {list-style: none;}
|
| 219 |
.GOTMLS_plugin {margin: 5px; background: #cfc; border: 1px solid #0C0; padding: 0 5px; border-radius: 3px;}
|
| 220 |
.GOTMLS_plugin.disabled, .GOTMLS_plugin.read-only {background: #9f9; border: 1px solid #0f0;}
|
| 221 |
+
.GOTMLS_plugin.known, .GOTMLS_plugin.db_scan, .GOTMLS_plugin.htaccess, .GOTMLS_plugin.timthumb, .GOTMLS_plugin.errors {background: #f99; border: 1px solid #f00;}
|
| 222 |
.GOTMLS_plugin.potential, .GOTMLS_plugin.wp_core, .GOTMLS_plugin.skipdirs, .GOTMLS_plugin.skipped {background: #ffc; border: 1px solid #fc6;}
|
| 223 |
.GOTMLS ul li {margin-left: 12px;}
|
| 224 |
.GOTMLS h2 {margin: 0 0 10px;}
|
| 340 |
}
|
| 341 |
}
|
| 342 |
$Q_Page .= '
|
| 343 |
+
<li id="GOTMLS_quarantine_'.$post_a["ID"].'" class="GOTMLS_quarantine_item"><span class="GOTMLS_date">'.$post_a["post_date_gmt"].'</span><span class="GOTMLS_date">'.$post_a["post_modified_gmt"].'</span><input'.$restored.' type="checkbox" name="id[]" value="'.$post_a["ID"].'" id="GOTMLS_quarantine_check_'.$post_a["ID"].'" onchange="document.getElementById(\'quarantine_buttons\').style.display = \'block\';" /><img src="'.$image.'.gif" height=16 width=16 alt="Q"><a class="GOTMLS_plugin '.$restored.$post_a["ping_status"].'" target="_blank" href="?page=GOTMLS-View-Quarantine&id='.$post_a["ID"].'&'.GOTMLS_set_nonce(__FUNCTION__."191").'" title="View Quarantined File">'.str_replace($root_path, "...", $post_a["post_title"])."</a></li>\n";
|
| 344 |
}
|
| 345 |
$Q_Page .= "\n</ul>";
|
| 346 |
for ($p = 1; $p <= 0; $p++) {
|
| 549 |
}
|
| 550 |
|
| 551 |
function GOTMLS_check_threat($check_threats, $file='UNKNOWN') {
|
|
|
|
| 552 |
$GLOBALS["GOTMLS"]["tmp"]["threats_found"] = array();
|
| 553 |
$GLOBALS["GOTMLS"]["log"]["scan"]["last_threat"] = microtime(true);
|
| 554 |
if (is_array($check_threats)) {
|
| 555 |
$path = str_replace("//", "/", "/".str_replace("\\", "/", substr($file, strlen(ABSPATH))));
|
| 556 |
+
if (substr($file, 0, strlen(ABSPATH)) == ABSPATH && isset($check_threats[GOTMLS_wp_version]["$path"])) {
|
| 557 |
+
if (($check_threats[GOTMLS_wp_version]["$path"] != md5($GLOBALS["GOTMLS"]["tmp"]["file_contents"])."O".strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"])) && ($source = GOTMLS_get_URL("http://core.svn.wordpress.org/tags/".GOTMLS_wp_version."$path")) && ($check_threats[GOTMLS_wp_version]["$path"] == md5($source)."O".strlen($source))) {
|
| 558 |
$GLOBALS["GOTMLS"]["tmp"]["new_contents"] = $source;
|
| 559 |
$len = strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]);
|
| 560 |
if (strlen($source) < $len)
|
| 614 |
}
|
| 615 |
|
| 616 |
function GOTMLS_scanfile($file) {
|
| 617 |
+
global $wpdb, $GOTMLS_chmod_file, $GOTMLS_chmod_dir;
|
| 618 |
$GLOBALS["GOTMLS"]["tmp"]["debug_fix"]="Scanning...";
|
| 619 |
$GLOBALS["GOTMLS"]["tmp"]["threats_found"] = array();
|
| 620 |
$gt = ">";
|
| 625 |
$real_file = realpath($file);
|
| 626 |
$clean_file = GOTMLS_encode($real_file);
|
| 627 |
if (is_file($real_file) && ($filesize = filesize($real_file)) && ($GLOBALS["GOTMLS"]["tmp"]["file_contents"] = @file_get_contents($real_file))) {
|
| 628 |
+
if (isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"][GOTMLS_wp_version]) && is_array($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"][GOTMLS_wp_version]))
|
| 629 |
+
$whitelist = array_flip($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"][GOTMLS_wp_version]);
|
| 630 |
else
|
| 631 |
$whitelist = array();
|
| 632 |
if (isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"])) {
|
| 651 |
}
|
| 652 |
if (isset($GLOBALS["GOTMLS"]["tmp"]["threat_levels"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["threat_levels"])) {
|
| 653 |
foreach ($GLOBALS["GOTMLS"]["tmp"]["threat_levels"] as $threat_level) {
|
| 654 |
+
if ("db_scan" != $threat_level) {
|
| 655 |
+
if (isset($_SESSION["GOTMLS_debug"])) {
|
| 656 |
+
$_SESSION["GOTMLS_debug"]["threat_level"] = $threat_level;
|
| 657 |
+
$_SESSION["GOTMLS_debug"]["last"]["threat_level"] = microtime(true);
|
| 658 |
+
}
|
| 659 |
+
if (in_array($threat_level, $GLOBALS["GOTMLS"]["log"]["settings"]["check"]) && !$found && isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"][$threat_level]) && ($threat_level != "wp_core" || (substr($file, 0, strlen(ABSPATH)) == ABSPATH && isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"][GOTMLS_wp_version]["$path"]))) && (!array_key_exists($threat_level, $GLOBALS["GOTMLS"]["tmp"]["threat_files"]) || (substr($file."e", (-1 * strlen($GLOBALS["GOTMLS"]["tmp"]["threat_files"][$threat_level]."e"))) == $GLOBALS["GOTMLS"]["tmp"]["threat_files"][$threat_level]."e")) && ($found = GOTMLS_check_threat($GLOBALS["GOTMLS"]["tmp"]["definitions_array"][$threat_level],$file)))
|
| 660 |
+
$className = $threat_level;
|
| 661 |
}
|
|
|
|
|
|
|
| 662 |
}
|
| 663 |
}
|
| 664 |
if (isset($_SESSION["GOTMLS_debug"])) {
|
| 683 |
$className = "errors";
|
| 684 |
}
|
| 685 |
if (count($GLOBALS["GOTMLS"]["tmp"]["threats_found"])) {
|
| 686 |
+
$threat_link = $lt.'a target="GOTMLS_iFrame" href="'.admin_url('admin-ajax.php?action=GOTMLS_scan&'.GOTMLS_set_nonce(__FUNCTION__."687").'&mt='.$GLOBALS["GOTMLS"]["tmp"]["mt"].'&GOTMLS_scan='.$clean_file.preg_replace('/\&(GOTMLS_scan|mt|GOTMLS_mt|action)=/', '&last_\1=', isset($_SERVER["QUERY_STRING"])&&strlen($_SERVER["QUERY_STRING"])?"&".$_SERVER["QUERY_STRING"]:"")).'" id="list_'.$clean_file.'" onclick="loadIframe(\''.str_replace("\"", """, $lt.'div style="float: left; white-space: nowrap;"'.$gt.__("Examine File",'gotmls').' ... '.$lt.'/div'.$gt.$lt.'div style="overflow: hidden; position: relative; height: 20px;"'.$gt.$lt.'div style="position: absolute; right: 0px; text-align: right; width: 9000px;"'.$gt.htmlspecialchars(GOTMLS_strip4java($file), ENT_NOQUOTES)).$lt.'/div'.$gt.$lt.'/div'.$gt.'\');" class="GOTMLS_plugin"'.$gt;
|
| 687 |
if ($className == "errors") {
|
| 688 |
$GLOBALS["GOTMLS"]["tmp"]["debug_fix"]="errors";
|
| 689 |
$threat_link = GOTMLS_error_link($GLOBALS["GOTMLS"]["tmp"]["file_contents"], $file);
|
| 699 |
$GLOBALS["GOTMLS"]["tmp"]["file_contents"] = "";
|
| 700 |
} elseif ($className == 'wp_core') {
|
| 701 |
$path = str_replace("//", "/", "/".str_replace("\\", "/", substr($file, strlen(ABSPATH))));
|
| 702 |
+
if (substr($file, 0, strlen(ABSPATH)) == ABSPATH && isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"][GOTMLS_wp_version]["$path"]) && ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"][GOTMLS_wp_version]["$path"] != md5($GLOBALS["GOTMLS"]["tmp"]["file_contents"])."O".strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"])) && ($source = GOTMLS_get_URL("http://core.svn.wordpress.org/tags/".GOTMLS_wp_version."$path")) && ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"][GOTMLS_wp_version]["$path"] == md5($source)."O".strlen($source)))
|
| 703 |
$GLOBALS["GOTMLS"]["tmp"]["new_contents"] = $source;
|
| 704 |
else
|
| 705 |
$GLOBALS["GOTMLS"]["tmp"]["file_contents"] = "";
|
| 712 |
else
|
| 713 |
$GLOBALS["GOTMLS"]["tmp"]["new_contents"] = "";
|
| 714 |
}
|
| 715 |
+
if (strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]) > 0 && (($Q_post = GOTMLS_write_quarantine($file, $className)) !== false) && ((strlen($GLOBALS["GOTMLS"]["tmp"]["new_contents"])==0 && isset($_GET["eli"]) && ($_GET["eli"] == "delete") && @unlink($file)) || (($Write_File = GOTMLS_file_put_contents($file, $GLOBALS["GOTMLS"]["tmp"]["new_contents"])) !== false))) {
|
| 716 |
echo __("Success!",'gotmls');
|
| 717 |
return "/*--{$gt}*"."/\nfixedFile('$clean_file');\n/*{$lt}!--*"."/";
|
| 718 |
} else {
|
| 745 |
}
|
| 746 |
}
|
| 747 |
|
| 748 |
+
function GOTMLS_db_scan($id = 0) {
|
| 749 |
+
global $wpdb;
|
| 750 |
+
if (isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["db_scan"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["db_scan"]) && count($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["db_scan"])) {
|
| 751 |
+
if ($id) {
|
| 752 |
+
if (($Q_post = GOTMLS_get_quarantine($id)) && isset($Q_post["post_content"])) {
|
| 753 |
+
$path = 'Post ID: '.$Q_post["ID"];
|
| 754 |
+
$clean_file = $Q_post["post_title"];
|
| 755 |
+
$fa = "";
|
| 756 |
+
$GLOBALS["GOTMLS"]["tmp"]["file_contents"] = $Q_post["post_content"];
|
| 757 |
+
$GLOBALS["GOTMLS"]["tmp"]["new_contents"] = ($Q_post["post_content"]);
|
| 758 |
+
$found = 0;
|
| 759 |
+
$GLOBALS["GOTMLS"]["tmp"]["threats_found"] = array();
|
| 760 |
+
foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["db_scan"] as $scan_sql => $scan_regex) {
|
| 761 |
+
$GLOBALS["GOTMLS"]["log"]["scan"]["last_threat"] = microtime(true);
|
| 762 |
+
$threat_name = array_shift($scan_regex);
|
| 763 |
+
while ($threat_definition = array_shift($scan_regex))
|
| 764 |
+
$found += GOTMLS_preg_match_all($threat_definition, $threat_name);
|
| 765 |
+
}
|
| 766 |
+
if (isset($GLOBALS["GOTMLS"]["tmp"]["threats_found"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["threats_found"]) && count($GLOBALS["GOTMLS"]["tmp"]["threats_found"])) {
|
| 767 |
+
$f = 1;
|
| 768 |
+
foreach ($GLOBALS["GOTMLS"]["tmp"]["threats_found"] as $threats_found => $threats_name) {
|
| 769 |
+
list($start, $end, $junk) = explode("-", "$threats_found--", 3);
|
| 770 |
+
if ($start > $end)
|
| 771 |
+
$fa .= 'ERROR['.($f++).']: Threat_size{'.$threats_found.'} Content_size{'.strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]).'}';
|
| 772 |
+
else
|
| 773 |
+
$fa .= ' <a title="'.htmlspecialchars($threats_name).'" href="javascript:select_text_range(\'ta_file\', '.$start.', '.$end.');">['.$f++.']</a>';
|
| 774 |
+
}
|
| 775 |
+
} else
|
| 776 |
+
$fa = " No Threats Found";
|
| 777 |
+
if (isset($_REQUEST["GOTMLS_fix"]) && is_array($_REQUEST["GOTMLS_fix"]) && in_array(GOTMLS_encode($id), $_REQUEST["GOTMLS_fix"]) && isset($_REQUEST["GOTMLS_fixing"]) && $_REQUEST["GOTMLS_fixing"] > 0) {
|
| 778 |
+
if ($_REQUEST["GOTMLS_fixing"] > 1) {
|
| 779 |
+
echo "<li>Removing $path ... ";
|
| 780 |
+
$Q_post["post_status"] = "trash";
|
| 781 |
+
if (wp_update_post($Q_post)) {
|
| 782 |
+
echo __("Done!",'gotmls');
|
| 783 |
+
$li_js .= "/*-->*"."/\nDeletedFile('$id');\n/*<!--*"."/";
|
| 784 |
+
} else {
|
| 785 |
+
echo __("Failed to delete!",'gotmls');
|
| 786 |
+
$li_js .= "/*-->*"."/\nfailedFile('$id');\n/*<!--*"."/";
|
| 787 |
+
}
|
| 788 |
+
GOTMLS_update_scan_log(array("scan" => array("finish" => time(), "type" => "Removal from Content")));
|
| 789 |
+
} else {
|
| 790 |
+
echo "<li>Fixing $path ... ";
|
| 791 |
+
GOTMLS_write_quarantine($Q_post, "db_scan");
|
| 792 |
+
$Q_post["post_content"] = $GLOBALS["GOTMLS"]["tmp"]["new_contents"];
|
| 793 |
+
if (wp_update_post($Q_post)) {
|
| 794 |
+
echo __("Success!",'gotmls');
|
| 795 |
+
$li_js .= "/*-->*"."/\nfixedFile('$id');\n/*<!--*"."/";
|
| 796 |
+
} else {
|
| 797 |
+
echo __("Update Failed!",'gotmls');
|
| 798 |
+
$li_js .= "/*-->*"."/\nfailedFile('$id');\n/*<!--*"."/";
|
| 799 |
+
}
|
| 800 |
+
GOTMLS_update_scan_log(array("scan" => array("finish" => time(), "type" => "Restoration from Quarantine")));
|
| 801 |
+
}
|
| 802 |
+
return $li_js;
|
| 803 |
+
} else {
|
| 804 |
+
return admin_url('admin-ajax.php?'.GOTMLS_set_nonce(__FUNCTION__."805")).($Q_post["post_type"]=="revision"?'" onsubmit="return confirm(\''.__("Are you sure you want to delete this revision?",'gotmls').'\');"><input type="hidden" name="GOTMLS_fixing" value="2"><input type="hidden" name="action" value="GOTMLS_fix"><input type="submit" value="Delete this revision" style="float: right;"><input type="hidden" name="GOTMLS_fix[]" value="'.GOTMLS_encode($Q_post["ID"]):"").'"></form><div id="fileperms" class="shadowed-box rounded-corners" style="display: none; position: absolute; left: 8px; top: 29px; background-color: #ccc; border: medium solid #C00; box-shadow: -3px 3px 3px #666; border-radius: 10px; padding: 10px;"><b>Record Details</b><br />encoding: '.(function_exists("mb_detect_encoding")?mb_detect_encoding($GLOBALS["GOTMLS"]["tmp"]["file_contents"]):"Unknown").'<br />size: '.strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]).' bytes<br />last_modified:'.$Q_post["post_modified_gmt"].'<br />post_type:'.$Q_post["post_type"].'<br />author:'.$Q_post["post_author"].'<br />status:'.$Q_post["post_status"].'</div><div style="overflow: auto;"><span onmouseover="document.getElementById(\'fileperms\').style.display=\'block\';" onmouseout="document.getElementById(\'fileperms\').style.display=\'none\';">'.__("Record Details:",'gotmls').'</span> ('.$fa.' )</div></td></tr><tr><td style="height: 100%"><textarea id="ta_file" style="width: 100%; height: 100%">'.htmlentities(str_replace("\r", "", $GLOBALS["GOTMLS"]["tmp"]["file_contents"])).'</textarea></td></tr></table>';
|
| 805 |
+
}
|
| 806 |
+
} else
|
| 807 |
+
die(GOTMLS_html_tags(array("html" => array("body" => __("This record no longer exists in the posts table.",'gotmls')."<br />\n<script type=\"text/javascript\">\nwindow.parent.showhide('GOTMLS_iFrame', true);\n</script>"))));
|
| 808 |
+
} else {
|
| 809 |
+
$threats_found = array();
|
| 810 |
+
if (!isset($_REQUEST["eli"]))
|
| 811 |
+
$and = " AND `post_status` != 'trash'";
|
| 812 |
+
foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["db_scan"] as $scan_sql => $scan_regex) {
|
| 813 |
+
$SQL = preg_replace('/\{[a-f0-9]{64}\}/', '%', $wpdb->prepare("SELECT * FROM `$wpdb->posts` WHERE `post_content` LIKE %s $and", $scan_sql));
|
| 814 |
+
$threat_name = array_shift($scan_regex);
|
| 815 |
+
if (($found_row = $wpdb->get_results($SQL, ARRAY_A)) && is_array($found_row) && count($found_row)) {
|
| 816 |
+
$val = count($found_row);
|
| 817 |
+
if (isset($_REQUEST["eli"]) && ($_REQUEST["eli"] == "debug"))
|
| 818 |
+
echo GOTMLS_return_threat("db_scan", "question", (print_r(array("scan_regex:"=>$scan_regex,"SQL:"=>$SQL),1)), GOTMLS_error_link("$val Rows", 0));//debug
|
| 819 |
+
foreach ($found_row as $frow) {
|
| 820 |
+
$found = 0;
|
| 821 |
+
if ($frow["post_type"] != "revision" || isset($_REQUEST["eli"])) {
|
| 822 |
+
$GLOBALS["GOTMLS"]["tmp"]["file_contents"] = $frow["post_content"];
|
| 823 |
+
$GLOBALS["GOTMLS"]["tmp"]["threats_found"] = array();
|
| 824 |
+
$GLOBALS["GOTMLS"]["log"]["scan"]["last_threat"] = microtime(true);
|
| 825 |
+
foreach ($scan_regex as $threat_definition)
|
| 826 |
+
$found += GOTMLS_preg_match_all($threat_definition, $threat_name);
|
| 827 |
+
if ($found && !isset($threats_found['row_id_'.$frow["ID"]])) {
|
| 828 |
+
$li_js = GOTMLS_return_threat("db_scan", "threat", "$found $threat_name(\"".str_replace('%', '*', trim($scan_sql, "%")).'") in '.$frow["post_type"]."(".(($frow["post_status"]=='inherit')?$frow["post_parent"]:$frow["post_status"]).'):"'.htmlspecialchars($frow["post_title"]).'":'.$frow["ID"], '<input type="checkbox" name="GOTMLS_fix[]" id="check_'.$frow["ID"].'" value="'.GOTMLS_encode($frow["ID"]).'" checked="true">'.GOTMLS_error_link(__("View DB Injection",'gotmls'), $frow["ID"], "db_scan"));
|
| 829 |
+
if (isset($_REQUEST["eli"]))
|
| 830 |
+
echo str_replace($frow["ID"].'</a>', '</a><a target="_blank" title="Edit '.$frow["post_type"].'" href="'.admin_url(($frow["post_type"]=="revision")?'revision.php?revision='.$frow["ID"]:'post.php?action=edit&post='.$frow["ID"]).'">EDIT: '.$frow["ID"].'</a>', $li_js);
|
| 831 |
+
else
|
| 832 |
+
echo $li_js;
|
| 833 |
+
$threats_found['row_id_'.$frow["ID"]] = $threat_name;
|
| 834 |
+
} elseif (isset($_REQUEST["eli"]) && ($_REQUEST["eli"] == "debug"))
|
| 835 |
+
echo GOTMLS_return_threat("db_scan", "question", (print_r(array("post_id"=>$frow["ID"], "scan_regex:"=>$scan_regex,"SQL:"=>$SQL),1)), GOTMLS_error_link("No preg_match", 0));//debug
|
| 836 |
+
}
|
| 837 |
+
}
|
| 838 |
+
} elseif (isset($_REQUEST["eli"]) && ($_REQUEST["eli"] == "debug"))
|
| 839 |
+
echo GOTMLS_return_threat("db_scan", "question", (print_r(array("db_scan"=>$GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["db_scan"], "scan_regex:"=>$scan_regex,"SQL:"=>$SQL),1)), GOTMLS_error_link("No Rows", 0));//debug
|
| 840 |
+
}
|
| 841 |
+
}
|
| 842 |
+
}
|
| 843 |
+
}
|
| 844 |
+
|
| 845 |
function GOTMLS_remove_dots($dir) {
|
| 846 |
if ($dir != "." && $dir != "..")
|
| 847 |
return $dir;
|
| 937 |
|
| 938 |
function GOTMLS_write_quarantine($file, $className) {
|
| 939 |
global $wpdb;
|
| 940 |
+
$insert = array("post_author"=>GOTMLS_get_current_user_id(), "post_content"=>GOTMLS_encode($GLOBALS["GOTMLS"]["tmp"]["file_contents"]), "post_mime_type"=>md5($GLOBALS["GOTMLS"]["tmp"]["file_contents"]), "ping_status"=>$className, "post_status"=>"private", "post_type"=>"GOTMLS_quarantine", "post_content_filtered"=>GOTMLS_encode($GLOBALS["GOTMLS"]["tmp"]["new_contents"]), "guid"=>GOTMLS_Version);//! comment_status post_password post_name to_ping post_parent menu_order";
|
| 941 |
+
if (isset($file["ID"]) && is_numeric($file["ID"])) {
|
| 942 |
+
$insert["post_modified"] = $file["post_modified"];
|
| 943 |
+
$insert["post_modified_gmt"] = $file["post_modified_gmt"];
|
| 944 |
+
$insert["comment_count"] = strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]);
|
| 945 |
+
$file = $file["post_type"].':'.$file["ID"].':"'.$file["post_title"].'"';
|
| 946 |
+
}
|
| 947 |
+
$insert["post_title"] = $file;
|
| 948 |
$insert["post_date"] = date("Y-m-d H:i:s");
|
| 949 |
$insert["post_date_gmt"] = $insert["post_date"];
|
| 950 |
if (is_file($file)) {
|
| 1105 |
|
| 1106 |
function GOTMLS_error_link($errorTXT, $file = "", $class = "errors") {
|
| 1107 |
global $post;
|
| 1108 |
+
$encoded_file = GOTMLS_encode($file);
|
| 1109 |
+
if (is_numeric($file) && isset($post->post_title)) {
|
| 1110 |
+
$encoded_file = $file;
|
| 1111 |
+
$onclick = 'loadIframe(\''.str_replace("\"", """, '<div style="float: left; white-space: nowrap;">'.__("Examine Quarantined Content",'gotmls').' ... </div><div style="overflow: hidden; position: relative; height: 20px;"><div style="position: absolute; right: 0px; text-align: right; width: 9000px;">'.GOTMLS_strip4java($post->post_title)).'</div></div>\');" href="'.admin_url('admin-ajax.php?action=GOTMLS_scan&'.GOTMLS_set_nonce(__FUNCTION__."744").'&mt='.$GLOBALS["GOTMLS"]["tmp"]["mt"].'&GOTMLS_scan='.$file);
|
| 1112 |
+
} elseif ($file)
|
| 1113 |
+
$onclick = 'loadIframe(\''.str_replace("\"", """, '<div style="float: left; white-space: nowrap;">'.__("Examine Content",'gotmls').' ... </div><div style="overflow: hidden; position: relative; height: 20px;"><div style="position: absolute; right: 0px; text-align: right; width: 9000px;">'.htmlspecialchars(GOTMLS_strip4java($file), ENT_NOQUOTES)).'</div></div>\');" href="'.admin_url('admin-ajax.php?action=GOTMLS_scan&'.GOTMLS_set_nonce(__FUNCTION__."746").'&mt='.$GLOBALS["GOTMLS"]["tmp"]["mt"].'&GOTMLS_scan='.$encoded_file.preg_replace('/\&(GOTMLS_scan|mt|GOTMLS_mt|action)=/', '&last_\1=', isset($_SERVER["QUERY_STRING"])&&strlen($_SERVER["QUERY_STRING"])?"&".$_SERVER["QUERY_STRING"]:""));
|
| 1114 |
else
|
| 1115 |
$onclick = 'return false;';
|
| 1116 |
+
return "<a id=\"list_$encoded_file\" title=\"$errorTXT\" target=\"GOTMLS_iFrame\" onclick=\"$onclick\" class=\"GOTMLS_plugin $class\">";
|
| 1117 |
}
|
| 1118 |
|
| 1119 |
function GOTMLS_check_file($file) {
|
index.php
CHANGED
|
@@ -8,7 +8,7 @@ Author URI: http://wordpress.ieonly.com/category/my-plugins/anti-malware/
|
|
| 8 |
Contributors: scheeeli, gotmls
|
| 9 |
Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
|
| 10 |
Description: This Anti-Virus/Anti-Malware plugin searches for Malware and other Virus like threats and vulnerabilities on your server and helps you remove them. It's always growing and changing to adapt to new threats so let me know if it's not working for you.
|
| 11 |
-
Version: 4.
|
| 12 |
*/
|
| 13 |
if (isset($_SERVER["DOCUMENT_ROOT"]) && ($SCRIPT_FILE = str_replace($_SERVER["DOCUMENT_ROOT"], "", isset($_SERVER["SCRIPT_FILENAME"])?$_SERVER["SCRIPT_FILENAME"]:isset($_SERVER["SCRIPT_NAME"])?$_SERVER["SCRIPT_NAME"]:"")) && strlen($SCRIPT_FILE) > strlen("/".basename(__FILE__)) && substr(__FILE__, -1 * strlen($SCRIPT_FILE)) == substr($SCRIPT_FILE, -1 * strlen(__FILE__)))
|
| 14 |
include(dirname(__FILE__)."/safe-load/index.php");
|
|
@@ -40,8 +40,12 @@ require_once(GOTMLS_plugin_path.'images/index.php');
|
|
| 40 |
|
| 41 |
function GOTMLS_install() {
|
| 42 |
global $wp_version;
|
| 43 |
-
if (
|
| 44 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
| 45 |
}
|
| 46 |
register_activation_hook(__FILE__, "GOTMLS_install");
|
| 47 |
|
|
@@ -98,14 +102,14 @@ function GOTMLS_enqueue_scripts() {
|
|
| 98 |
add_action('admin_enqueue_scripts', 'GOTMLS_enqueue_scripts');
|
| 99 |
|
| 100 |
function GOTMLS_display_header($optional_box = "") {
|
| 101 |
-
global $
|
| 102 |
wp_get_current_user();
|
| 103 |
$GOTMLS_url_parts = explode('/', GOTMLS_siteurl);
|
| 104 |
if (isset($_GET["check_site"]) && $_GET["check_site"])
|
| 105 |
echo '<div id="check_site" style="z-index: 1234567;"><img src="'.GOTMLS_images_path.'checked.gif" height=16 width=16 alt="✔"> '.__("Tested your site. It appears we didn't break anything",'gotmls').' ;-)</div><script type="text/javascript">window.parent.document.getElementById("check_site_warning").style.backgroundColor=\'#0C0\';</script><li>Please <a target="_blank" href="https://wordpress.org/support/view/plugin-reviews/gotmls#postform">write a "Five-Star" Review</a> on WordPress.org if you like this plugin.</li><style>#footer, #GOTMLS-metabox-container, #GOTMLS-right-sidebar, #admin-page-container, #wpadminbar, #adminmenuback, #adminmenuwrap, #adminmenu, .error, .updated, .update-nag {display: none !important;} #wpbody-content {padding-bottom: 0;} #wpbody, html.wp-toolbar {padding-top: 0 !important;} #wpcontent, #footer {margin-left: 5px !important;}';
|
| 106 |
else
|
| 107 |
echo '<style>#GOTMLS-right-sidebar {float: right; margin-right: 0px;}';
|
| 108 |
-
$Update_Definitions = array(GOTMLS_update_home.'definitions.js'.$GLOBALS["GOTMLS"]["tmp"]["Definition"]["Updates"].'&ver='.GOTMLS_Version.'&wp='
|
| 109 |
if (isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["auto_UPDATE_definitions"]) && $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["auto_UPDATE_definitions"])
|
| 110 |
array_unshift($Update_Definitions, admin_url('admin-ajax.php?action=GOTMLS_auto_update&'.GOTMLS_set_nonce(__FUNCTION__."109").'&UPDATE_definitions_array=1'));
|
| 111 |
else
|
|
@@ -154,7 +158,7 @@ span.GOTMLS_date {float: right; width: 130px; white-space: nowrap;}
|
|
| 154 |
.inside p {margin: 10px;}
|
| 155 |
.GOTMLS_li, .GOTMLS_plugin li {list-style: none;}
|
| 156 |
.GOTMLS_plugin {margin: 5px; background: #cfc; border: 1px solid #0C0; padding: 0 5px; border-radius: 3px;}
|
| 157 |
-
.GOTMLS_plugin.known, .GOTMLS_plugin.
|
| 158 |
.GOTMLS_plugin.potential, .GOTMLS_plugin.wp_core, .GOTMLS_plugin.skipdirs, .GOTMLS_plugin.skipped {background: #ffc; border: 1px solid #fc6;}
|
| 159 |
.GOTMLS ul li {margin-left: 12px;}
|
| 160 |
.GOTMLS h2 {margin: 0 0 10px;}
|
|
@@ -364,7 +368,7 @@ setDiv("div_file");
|
|
| 364 |
<div id="main-page-title"><h1 style="vertical-align: middle;">Anti-Malware from GOTMLS.NET</h1></div>
|
| 365 |
<div id="admin-page-container">
|
| 366 |
<div id="GOTMLS-right-sidebar" style="width: 300px;" class="metabox-holder">
|
| 367 |
-
'.GOTMLS_box(__("Updates & Registration",'gotmls'), "<ul>$php_version<li>WordPress: <span class='GOTMLS_date'
|
| 368 |
<li><div id="GOTMLS_Key" style="margin: 0;'.((!$defLatest && !$isRegistered)?' display: none;">Key: <span style="float: right;">'.GOTMLS_installation_key.'</span></div><div style="':'">Key: <span style="float: right;">'.GOTMLS_installation_key.'</span></div><div style="display: none;').'"><form method="POST" action="'.admin_url('admin-ajax.php?'.$head_nonce).'" target="GOTMLS_iFrame" name="GOTMLS_Form_lognewkey"><input type="hidden" name="GOTMLS_installation_key" value="'.GOTMLS_installation_key.'"><input type="hidden" name="action" value="GOTMLS_lognewkey"><span style="color: #F00;" id="GOTMLS_No_Key">No Key! <input type="submit" style="float: right;" value="'.__("Get FREE Key!",'gotmls').'" class="button-primary" onclick="showhide(\'GOTMLS_No_Key\');showhide(\'GOTMLS_Key\', true);check_for_updates(\'Definition_Updates\');" /></span></form></div></li>
|
| 369 |
<li>Definitions: <span id="GOTMLS_definitions_date" class="GOTMLS_date">'.$GLOBALS["GOTMLS"]["tmp"]["Definition"]["Latest"].'</span></li></ul>
|
| 370 |
<form id="updateform" method="post" name="updateform" action="'.str_replace("GOTMLS_mt=", "GOTMLS_last_mt=", GOTMLS_script_URI).'&'.$head_nonce.'">
|
|
@@ -638,7 +642,7 @@ function GOTMLS_get_quarantine($only = false) {
|
|
| 638 |
$my_query = new WP_Query($args);
|
| 639 |
$Q_Paged = '<form method="POST" name="GOTMLS_Form_page"><input type="hidden" id="GOTMLS_paged" name="paged" value="1"><div style="float: left;">Page:</div>';
|
| 640 |
$Q_Page = '
|
| 641 |
-
<form method="POST" action="'.admin_url('admin-ajax.php?'.GOTMLS_set_nonce(__FUNCTION__."
|
| 642 |
if ($my_query->have_posts()) {
|
| 643 |
$Q_Page .= '<p id="quarantine_buttons" style="display: none;"><input id="repair_button" type="submit" value="'.__("Restore selected files",'gotmls').'" class="button-primary" onclick="if (confirm(\''.__("Are you sure you want to overwrite the previously cleaned files with the selected files in the Quarantine?",'gotmls').'\')) { setvalAllFiles(1); loadIframe(\'File Restoration Results\'); } else return false;" /><input id="delete_button" type="submit" class="button-primary" value="'.__("Delete selected files",'gotmls').'" onclick="if (confirm(\''.__("Are you sure you want to permanently delete the selected files in the Quarantine?",'gotmls').'\')) { setvalAllFiles(2); loadIframe(\'File Deletion Results\'); } else return false;" /></p><p><b>'.__("The following items have been found to contain malicious code, they have been cleaned, and the original infected file contents have been saved here in the Quarantine. The code is safe here and you do not need to do anything further with these files.",'gotmls').'</b></p>
|
| 644 |
<ul name="found_Quarantine" id="found_Quarantine" class="GOTMLS_plugin known" style="background-color: #ccc; padding: 0;"><h3 style="margin: 8px 12px;">'.($my_query->post_count>1?'<input type="checkbox" onchange="checkAllFiles(this.checked); document.getElementById(\'quarantine_buttons\').style.display = \'block\';"> '.sprintf(__("Check all %d",'gotmls'),$my_query->post_count):"").__(" Items in Quarantine",'gotmls').'<span class="GOTMLS_date">'.__("Quarantined",'gotmls').'</span><span class="GOTMLS_date">'.__("Date Infected",'gotmls').'</span></h3>';
|
|
@@ -778,7 +782,7 @@ function GOTMLS_Firewall_Options() {
|
|
| 778 |
} else
|
| 779 |
$patch_action .= $lt.'div class="error"'.$gt.__("wp-config.php Not Found!",'gotmls').$lt.'/div'.$gt;
|
| 780 |
if ($GOTMLS_nonce_found && file_exists(ABSPATH.'wp-login.php') && ($login = @file_get_contents(ABSPATH.'wp-login.php')) && strlen($login) && (preg_match($find, $login))) {
|
| 781 |
-
if (isset($_POST["GOTMLS_patching"]) && ($source = GOTMLS_get_URL("http://core.svn.wordpress.org/tags/"
|
| 782 |
$patch_action .= $lt.'div class="updated"'.$gt.__("Removed Old Brute-Force Login Patch",'gotmls').$lt.'/div'.$gt;
|
| 783 |
else
|
| 784 |
$patch_status = 2;
|
|
@@ -855,7 +859,7 @@ function GOTMLS_get_registrant($you) {
|
|
| 855 |
}
|
| 856 |
|
| 857 |
function GOTMLS_update_definitions() {
|
| 858 |
-
global $
|
| 859 |
$GOTMLS_definitions_versions = array();
|
| 860 |
$user_info = array();
|
| 861 |
$saved = false;
|
|
@@ -871,6 +875,7 @@ function GOTMLS_update_definitions() {
|
|
| 871 |
$GOTMLS_definitions_versions[$threat_level] = $definition_version[0];
|
| 872 |
asort($GOTMLS_definitions_versions);
|
| 873 |
if (isset($_REQUEST["UPDATE_definitions_array"]) && strlen($_REQUEST["UPDATE_definitions_array"]) && GOTMLS_get_nonce()) {
|
|
|
|
| 874 |
if (strlen($_REQUEST["UPDATE_definitions_array"]) > 1) {
|
| 875 |
$GOTnew_definitions = maybe_unserialize(GOTMLS_decode($_REQUEST["UPDATE_definitions_array"]));
|
| 876 |
if (is_array($GOTnew_definitions)) {
|
|
@@ -880,8 +885,7 @@ function GOTMLS_update_definitions() {
|
|
| 880 |
} elseif ($_REQUEST["UPDATE_definitions_array"] == "D") {
|
| 881 |
$GLOBALS["GOTMLS"]["tmp"]["definitions_array"] = array();
|
| 882 |
$GOTnew_definitions = array();
|
| 883 |
-
} elseif (($DEF = GOTMLS_get_URL(
|
| 884 |
-
// $moreJS .= "\n//".count($GOTnew_definitions["you"]).'http:'.GOTMLS_update_home.'definitions.php?ver='.GOTMLS_Version.'&wp='.$wp_version.'&'.GOTMLS_set_nonce(__FUNCTION__."870").'&d='.ur1encode(GOTMLS_siteurl)."\n";
|
| 885 |
if (isset($GOTnew_definitions["you"]["user_email"]) && strlen($GOTnew_definitions["you"]["user_email"]) == 32) {
|
| 886 |
$toInfo = GOTMLS_get_registrant($GOTnew_definitions["you"]);
|
| 887 |
$innerHTML = "<li style=\\\"color: #0C0\\\">Your Installation Key is Registered to:<br /> $toInfo</li>";
|
|
@@ -891,14 +895,13 @@ function GOTMLS_update_definitions() {
|
|
| 891 |
if ($GOTnew_definitions["you"]["user_donation_total"] > 27.99) {
|
| 892 |
$autoUpJS = '<input type="radio" id="auto_UPDATE_definitions_1" name="UPDATE_definitions_array" value="1">Yes | <input type="radio" id="auto_UPDATE_definitions_0" name="UPDATE_definitions_array" value="0" checked>No <input type="hidden" name="UPDATE_definitions_checkbox" value="UPDATE_definitions_array">';
|
| 893 |
$moreJS = 'if (foundUpdates = document.getElementById("check_wp_core_div_NA"))
|
| 894 |
-
foundUpdates.innerHTML = "<a href=\'javascript:document.
|
| 895 |
}
|
| 896 |
if ($user_donations_src > 0 && $GOTnew_definitions["you"]["user_donation_total"] > 0)
|
| 897 |
$li = "<li> You have made $user_donations_src donation".($user_donations_src?'s totalling':' for').' $'.$GOTnew_definitions["you"]["user_donation_total"].".</li><!-- ".$GOTnew_definitions["you"]["user_donation_freshness"]." -->";
|
| 898 |
}
|
| 899 |
} else
|
| 900 |
$innerHTML = "<li style=\\\"color: #f00\\\">Your Installation Key is not registered!</li>";
|
| 901 |
-
//unset($GOTnew_definitions["you"]);
|
| 902 |
asort($GOTnew_definitions);
|
| 903 |
if (serialize($GOTnew_definitions) == serialize($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]))
|
| 904 |
unset($GOTnew_definitions);
|
|
@@ -911,6 +914,8 @@ function GOTMLS_update_definitions() {
|
|
| 911 |
$finJS .= "\nif (typeof stopCheckingDefinitions !== 'undefined')\n\tclearTimeout(stopCheckingDefinitions);";
|
| 912 |
} else
|
| 913 |
$innerHTML = "<li style=\\\"color: #f00\\\"><a title='report error' href='#' onclick=\\\"stopCheckingDefinitions = checkupdateserver(alt_addr+'&error=".GOTMLS_encode(serialize(array("get_URL"=>$GLOBALS["GOTMLS"]["get_URL"])))."', 'Definition_Updates');\\\">Automatic Update Connection Failed!</a></li>";
|
|
|
|
|
|
|
| 914 |
} else
|
| 915 |
$innerHTML = "<li style=\\\"color: #f00\\\">".GOTMLS_Invalid_Nonce("Nonce Error")."</li>";
|
| 916 |
if (isset($GOTnew_definitions) && is_array($GOTnew_definitions)) {
|
|
@@ -949,7 +954,7 @@ function GOTMLS_update_definitions() {
|
|
| 949 |
$finJS .= "\nif (foundUpdates = document.getElementById('GOTMLS_definitions_date')) foundUpdates.innerHTML = '$new_ver';";
|
| 950 |
} elseif (is_array($GOTnew_definitions) && count($GOTnew_definitions))
|
| 951 |
$finJS .= "\nalert('Definition update $new_ver could not be saved because update_option Failed! $debug');";
|
| 952 |
-
if (isset($_REQUEST["UPDATE_core"]) && ($_REQUEST["UPDATE_core"] ==
|
| 953 |
foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"][$_REQUEST["UPDATE_core"]] as $file => $md5) {
|
| 954 |
if (is_file(ABSPATH.$file)) {
|
| 955 |
$GLOBALS["GOTMLS"]["tmp"]["file_contents"] = file_get_contents(ABSPATH.$file);
|
|
@@ -990,25 +995,14 @@ if (foundUpdates = document.getElementById("UPDATE_definitions_div"))
|
|
| 990 |
add_action('wp_ajax_GOTMLS_auto_update', 'GOTMLS_update_definitions');
|
| 991 |
|
| 992 |
function GOTMLS_settings() {
|
| 993 |
-
global $wpdb, $
|
| 994 |
$GOTMLS_scan_groups = array();
|
| 995 |
$gt = ">";
|
| 996 |
$lt = "<";
|
| 997 |
GOTMLS_update_definitions();
|
| 998 |
if (($GOTMLS_nonce_found = GOTMLS_get_nonce()) && isset($_REQUEST["check"]) && is_array($_REQUEST["check"]))
|
| 999 |
$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"] = $_REQUEST["check"];
|
| 1000 |
-
/*
|
| 1001 |
-
foreach ($threat_names as $threat_name) {
|
| 1002 |
-
if (isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"][$threat_name]) && is_array($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"][$threat_name]) && count($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"][$threat_name]) > 1) {
|
| 1003 |
-
if ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"][$threat_name][0] > $GOTMLS_definitions_version)
|
| 1004 |
-
$GOTMLS_definitions_version = $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"][$threat_name][0];
|
| 1005 |
-
if (!(count($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"]) && in_array($threat_name, $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"]))) {
|
| 1006 |
-
$GLOBALS["GOTMLS"]["tmp"]["threat_levels"][$threat_name] = count($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"][$threat_name]);
|
| 1007 |
-
if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"]) && $GLOBALS["GOTMLS"]["tmp"]["threat_levels"][$threat_name] > 2)
|
| 1008 |
-
$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"] = "known";
|
| 1009 |
-
}
|
| 1010 |
-
}
|
| 1011 |
-
}*/
|
| 1012 |
if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"])) {
|
| 1013 |
$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"] = $GLOBALS["GOTMLS"]["tmp"]["threat_levels"];
|
| 1014 |
update_option("GOTMLS_settings_array", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]);
|
|
@@ -1046,16 +1040,7 @@ function GOTMLS_settings() {
|
|
| 1046 |
$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check_custom"] = stripslashes($_POST["check_custom"]);
|
| 1047 |
if (isset($_POST["scan_depth"]) && is_numeric($_POST["scan_depth"]) && $_POST["scan_depth"] != $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_depth"])
|
| 1048 |
$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_depth"] = $_POST["scan_depth"];
|
| 1049 |
-
/*
|
| 1050 |
-
$GLOBALS["GOTMLS"]["tmp"]["settings_array"]['check_htaccess'] = $_POST['check_htaccess'];
|
| 1051 |
-
if (isset($_POST['check_timthumb']) && is_numeric($_POST['check_timthumb']) && $_POST['check_timthumb'] != $GLOBALS["GOTMLS"]["tmp"]["settings_array"]['check_timthumb'])
|
| 1052 |
-
$GLOBALS["GOTMLS"]["tmp"]["settings_array"]['check_timthumb'] = $_POST['check_timthumb'];
|
| 1053 |
-
if (isset($_POST['check_wp_core']) && is_numeric($_POST['check_wp_core']) && $_POST['check_wp_core'] != $GLOBALS["GOTMLS"]["tmp"]["settings_array"]['check_wp_core'])
|
| 1054 |
-
$GLOBALS["GOTMLS"]["tmp"]["settings_array"]['check_wp_core'] = $_POST['check_wp_core'];
|
| 1055 |
-
if (isset($_POST['check_known']) && is_numeric($_POST['check_known']) && $_POST['check_known'] != $GLOBALS["GOTMLS"]["tmp"]["settings_array"]['check_known'])
|
| 1056 |
-
$GLOBALS["GOTMLS"]["tmp"]["settings_array"]['check_known'] = $_POST['check_known'];
|
| 1057 |
-
if (isset($_POST['check_potential']) && is_numeric($_POST['check_potential']) && $_POST['check_potential'] != $GLOBALS["GOTMLS"]["tmp"]["settings_array"]['check_potential'])
|
| 1058 |
-
$GLOBALS["GOTMLS"]["tmp"]["settings_array"]['check_potential'] = $_POST['check_potential'];*/
|
| 1059 |
if (isset($_POST['skip_quarantine']) && $_POST['skip_quarantine'])
|
| 1060 |
$GLOBALS["GOTMLS"]["tmp"]["settings_array"]['skip_quarantine'] = $_POST['skip_quarantine'];
|
| 1061 |
elseif (isset($_POST["exclude_ext"]))
|
|
@@ -1079,7 +1064,7 @@ function GOTMLS_settings() {
|
|
| 1079 |
$scan_optjs .= "\nfunction auto_UPDATE_check() {\n\tif (auto_UPdef_check = document.getElementById('auto_UPDATE_definitions_".$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["auto_UPDATE_definitions"]."'))\n\t\tauto_UPdef_check.checked = true;\n}\nif (window.addEventListener)\n\twindow.addEventListener('load', auto_UPDATE_check)\nelse\n\tdocument.attachEvent('onload', auto_UPDATE_check);\n";
|
| 1080 |
$scan_optjs .= "$lt/script$gt";
|
| 1081 |
$GOTMLS_nonce_URL = GOTMLS_set_nonce(__FUNCTION__."853");
|
| 1082 |
-
$scan_opts = "\n$lt".'form method="POST" name="GOTMLS_Form"'.$gt.$lt.'input type="hidden" name="'.str_replace('=', '" value="', $GOTMLS_nonce_URL).'"'.$gt.$lt.'input type="hidden" name="scan_type" id="scan_type" value="Complete Scan" /'.$gt.$lt.'div style="float: right;"'.$gt.$lt.'input type="submit" id="complete_scan" value="'.__("Run Complete Scan",'gotmls').'" class="button-primary" onclick="document.getElementById(\'scan_type\').value=\'Complete Scan\';" /'.$gt.$lt.'/div'.$gt.'
|
| 1083 |
'.$lt.'div style="float: left;"'.$gt.$lt.'p'.$gt.$lt.'b'.$gt.__("What to look for:",'gotmls').$lt.'/b'.$gt.$lt.'/p'.$gt.'
|
| 1084 |
'.$lt.'div style="padding: 0 30px;"'.$gt;
|
| 1085 |
$cInput = '"'.$gt.$lt.'input';
|
|
@@ -1087,7 +1072,7 @@ function GOTMLS_settings() {
|
|
| 1087 |
$kCheck = "";
|
| 1088 |
foreach ($GLOBALS["GOTMLS"]["tmp"]["threat_levels"] as $threat_level_name=>$threat_level) {
|
| 1089 |
$scan_opts .= $lt.'div id="check_'.$threat_level.'_div" style="padding: 0; position: relative;';
|
| 1090 |
-
if (($threat_level != "wp_core" && isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"][$threat_level])) || isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"][$threat_level][
|
| 1091 |
if ($threat_level != "potential" && in_array($threat_level,$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"])) {
|
| 1092 |
$pCheck = " display: none;$cInput";
|
| 1093 |
$scan_opts .= "$cInput checked";
|
|
@@ -1099,11 +1084,9 @@ function GOTMLS_settings() {
|
|
| 1099 |
$kCheck .= ",'$threat_level'";
|
| 1100 |
$scan_opts .= ' type="checkbox" onchange="pCheck(this);" name="check[]" id="check_'.$threat_level.'_Yes" value="'.$threat_level.'" /'.$gt.' '.$lt.'a style="text-decoration: none;" href="#check_'.$threat_level.'_div_0" onclick="document.getElementById(\'check_'.$threat_level.'_Yes\').checked=true;pCheck(document.getElementById(\'check_'.$threat_level.'_Yes\'));showhide(\'dont_check_'.$threat_level.'\');"'."$gt{$lt}b$gt$threat_level_name$lt/b$gt$lt/a$gt\n";
|
| 1101 |
if (isset($_GET["SESSION"])) {
|
| 1102 |
-
if (isset($_SESSION["GOTMLS_debug"][$threat_level]))
|
| 1103 |
-
$lt.'div style="float: right;"'.$gt.print_r($_SESSION["GOTMLS_debug"][$threat_level],1)."$lt/div$gt";
|
| 1104 |
$scan_opts .= "\n$lt".'div style="padding: 0 20px; position: relative; top: -18px; display: none;" id="dont_check_'.$threat_level.'"'.$gt.$lt.'a class="rounded-corners" style="position: absolute; left: 0; margin: 0; padding: 0 4px; text-decoration: none; color: #C00; background-color: #FCC; border: solid #F00 1px;" href="#check_'.$threat_level.'_div_0" onclick="showhide(\'dont_check_'.$threat_level.'\');"'.$gt.'X'.$lt.'/a'.$gt;
|
| 1105 |
foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"][$threat_level] as $threat_name => $threat_regex)
|
| 1106 |
-
$scan_opts .= $lt."br /$gt\n$lt".'input type="checkbox" name="dont_check[]" value="'.htmlspecialchars($threat_name).'"'.(in_array($threat_name, $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"])?' checked /'.$gt.$lt.'script'.$gt.'showhide("dont_check_'.$threat_level.'", true);'.$lt.'/script'.$gt:' /'.$gt).(isset($_SESSION["GOTMLS_debug"][$threat_name])?$lt.'div style="float: right;"'.$gt.print_r($_SESSION["GOTMLS_debug"][$threat_name],1)."$lt/div$gt":"")
|
| 1107 |
$scan_opts .= "\n$lt/div$gt";
|
| 1108 |
}
|
| 1109 |
} else
|
|
@@ -1250,11 +1233,12 @@ function update_status(title, time) {
|
|
| 1250 |
$found = "Found ";
|
| 1251 |
$fix_button_js = "\n\t\tdis='block';";
|
| 1252 |
} else {
|
| 1253 |
-
$
|
| 1254 |
if ($found && !in_array($scan_group, $GLOBALS["GOTMLS"]["log"]["settings"]["check"]))
|
| 1255 |
$potential_threat = ' potential" title="'.GOTMLS_strip4java(__("You are not currently scanning for this type of threat!",'gotmls'));
|
| 1256 |
else
|
| 1257 |
$potential_threat = "";
|
|
|
|
| 1258 |
echo "/*--{$gt}*"."/\n\tif ($scan_group > 0) {\n\t\tscan_state = ' href=\"#found_$scan_group\" onclick=\"$li_js showhide(\\'found_$scan_group\\', true);\" class=\"GOTMLS_plugin $scan_group\"';$fix_button_js".($MAX>6?"\n\tshowhide('found_$scan_group', true);":"")."\n\t} else\n\t\tscan_state = ' class=\"GOTMLS_plugin$potential_threat\"';\n\tdivHTML += '<li class=\"GOTMLS_li\"".(($found && $scan_group == "potential" && !in_array($scan_group, $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"]))?' style="display: none;"':"")."><a'+scan_state+'>$found'+$scan_group+' '+($scan_group==1?('$scan_name').slice(0,-1):'$scan_name')+'</a></li>';\n/*{$lt}!--*"."/";
|
| 1259 |
}
|
| 1260 |
$li_js = "";
|
|
@@ -1285,6 +1269,25 @@ var startTime = 0;
|
|
| 1285 |
update_option('GOTMLS_settings_array', $GLOBALS["GOTMLS"]["tmp"]["settings_array"]);
|
| 1286 |
$GLOBALS["GOTMLS"]["log"]["settings"]["check"] = array();
|
| 1287 |
GOTMLS_update_scan_log(array("settings" => $GLOBALS["GOTMLS"]["tmp"]["settings_array"]));
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1288 |
echo $Settings_Saved;
|
| 1289 |
if (!isset($_REQUEST["scan_type"]))
|
| 1290 |
$_REQUEST["scan_type"] = "Complete Scan";
|
|
@@ -1295,7 +1298,7 @@ var startTime = 0;
|
|
| 1295 |
if ($check != "potential")
|
| 1296 |
$GLOBALS["GOTMLS"]["log"]["settings"]["check"][] = $check;
|
| 1297 |
}
|
| 1298 |
-
echo "\n$lt".'form method="POST" action="'.admin_url('admin-ajax.php?'.GOTMLS_set_nonce(__FUNCTION__."
|
| 1299 |
foreach ($_POST as $name => $value) {
|
| 1300 |
if (substr($name, 0, 10) != 'GOTMLS_fix') {
|
| 1301 |
if (is_array($value)) {
|
|
@@ -1308,10 +1311,10 @@ var startTime = 0;
|
|
| 1308 |
echo "\n$lt".'script type="text/javascript"'.$gt.'showhide("inside_'.md5($ScanSettings).'");'.$lt.'/script'.$gt.GOTMLS_box(htmlspecialchars($_REQUEST["scan_type"]).' Status', $lt.'div id="status_text"'.$gt.$lt.'img src="'.GOTMLS_images_path.'wait.gif" height=16 width=16 alt="..."'.$gt.' '.GOTMLS_Loading_LANGUAGE.$lt.'/div'.$gt.$lt.'div id="status_bar"'.$gt.$lt.'/div'.$gt.$lt.'p id="pause_button" style="display: none; position: absolute; left: 0; text-align: center; margin-left: -30px; padding-left: 50%;"'.$gt.$lt.'input type="button" value="Pause" class="button-primary" onclick="pauseresume(this);" id="resume_button" /'.$gt.$lt.'/p'.$gt.$lt.'div id="status_counts"'.$gt.$lt.'/div'.$gt.$lt.'p id="fix_button" style="display: none; text-align: center;"'.$gt.$lt.'input id="repair_button" type="submit" value="'.GOTMLS_Automatically_Fix_LANGUAGE.'" class="button-primary" onclick="loadIframe(\'Examine Results\');" /'.$gt.$lt.'/p'.$gt);
|
| 1309 |
$scan_groups_UL = "";
|
| 1310 |
foreach ($scan_groups as $scan_name => $scan_group)
|
| 1311 |
-
$scan_groups_UL .= "\n{$lt}ul name=\"found_$scan_group\" id=\"found_$scan_group\" class=\"GOTMLS_plugin $scan_group\" style=\"background-color: #ccc; display: none; padding: 0;\"$gt{$lt}a class=\"rounded-corners\" name=\"link_$scan_group\" style=\"float: right; padding: 0 4px; margin: 5px 5px 0 30px; line-height: 16px; text-decoration: none; color: #C00; background-color: #FCC; border: solid #F00 1px;\" href=\"#found_top\" onclick=\"showhide('found_$scan_group');\"{$gt}X$lt/a$gt{$lt}h3$gt$scan_name$lt/h3$gt\n".($scan_group=='potential'?$lt.'p'.$gt.' * '.__("NOTE: These are probably not malicious scripts (but it's a good place to start looking <u>IF</u> your site is infected and no Known Threats were found).",'gotmls').$lt.'/p'.$gt:($scan_group=='wp_core'?$lt.'p'.$gt.' * '.sprintf(__("NOTE: We have detected changes to the WordPress Core files on your site. This could be an intentional modification or the malicious work of a hacker. We can restore these files to their original state to preserve the integrity of your original WordPress %s installation.",'gotmls'),
|
| 1312 |
if (!($dir = implode(GOTMLS_slash(), array_slice($dirs, 0, -1 * (2 + $_REQUEST["scan_what"]))))) $dir = "/";
|
| 1313 |
GOTMLS_update_scan_log(array("scan" => array("dir" => $dir, "start" => time(), "type" => htmlentities($_REQUEST["scan_type"]))));
|
| 1314 |
-
echo GOTMLS_box($lt.'div style="float: right;"'.$gt.' ('.$GLOBALS["GOTMLS"]["log"]["scan"]["dir"].") $lt/div$gt".__("Scan Details:",'gotmls'), $scan_groups_UL);
|
| 1315 |
$no_flush_LANGUAGE = __("Not flushing OB Handlers: %s",'gotmls');
|
| 1316 |
if (isset($_REQUEST["no_ob_end_flush"]))
|
| 1317 |
echo $lt.'div class="error"'.$gt.sprintf($no_flush_LANGUAGE, print_r(ob_list_handlers(), 1))."$lt/div$gt\n";
|
|
@@ -1346,8 +1349,10 @@ var startTime = 0;
|
|
| 1346 |
if ($_REQUEST["scan_type"] == "Quick Scan")
|
| 1347 |
echo GOTMLS_update_status(__("Completed!",'gotmls'), 100);
|
| 1348 |
else {
|
| 1349 |
-
echo GOTMLS_update_status(__("Starting Scan ...",'gotmls'))
|
| 1350 |
-
|
|
|
|
|
|
|
| 1351 |
var scanfilesI = 0;
|
| 1352 |
var stopScanning;
|
| 1353 |
var gotStuckOn = "";
|
|
@@ -1471,11 +1476,16 @@ function GOTMLS_in_plugin_update_message($args) {
|
|
| 1471 |
add_action("in_plugin_update_message-gotmls/index.php", "GOTMLS_in_plugin_update_message");
|
| 1472 |
|
| 1473 |
function GOTMLS_init() {
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1474 |
if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_what"]))
|
| 1475 |
$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_what"] = 2;
|
| 1476 |
if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_depth"]))
|
| 1477 |
$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_depth"] = -1;
|
| 1478 |
-
if (isset($_REQUEST["scan_type"]) && $_REQUEST["scan_type"] == "Quick Scan") {
|
| 1479 |
if (!isset($_REQUEST["scan_what"])) $_REQUEST["scan_what"] = 2;
|
| 1480 |
if (!isset($_REQUEST["scan_depth"]))
|
| 1481 |
$_REQUEST["scan_depth"] = 2;
|
|
@@ -1483,7 +1493,7 @@ function GOTMLS_init() {
|
|
| 1483 |
$_REQUEST["scan_only"] = array("","wp-includes","wp-admin");
|
| 1484 |
if ($_REQUEST["scan_only"] && !is_array($_REQUEST["scan_only"]))
|
| 1485 |
$_REQUEST["scan_only"] = array($_REQUEST["scan_only"]);
|
| 1486 |
-
}
|
| 1487 |
if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check_custom"]))
|
| 1488 |
$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check_custom"] = "";
|
| 1489 |
if (isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"]) && is_numeric($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"]))
|
|
@@ -1587,7 +1597,7 @@ function GOTMLS_ajax_fix() {
|
|
| 1587 |
if (isset($_REQUEST["GOTMLS_fix"]) && is_array($_REQUEST["GOTMLS_fix"]) && isset($_REQUEST["GOTMLS_fixing"]) && $_REQUEST["GOTMLS_fixing"]) {
|
| 1588 |
GOTMLS_update_scan_log(array("settings" => $GLOBALS["GOTMLS"]["tmp"]["settings_array"]));
|
| 1589 |
$callAlert = "clearTimeout(callAlert);\ncallAlert=setTimeout('alert_repaired(1)', 30000);";
|
| 1590 |
-
$li_js = "\n<script type=\"text/javascript\">\nvar callAlert;\nfunction alert_repaired(failed) {\nclearTimeout(callAlert);\nif (failed)\nfilesFailed='the rest, try again to change more.';\nwindow.parent.check_for_donation('Changed '+filesFixed+' files, failed to change '+filesFailed);\n}\n$callAlert\nwindow.parent.showhide('GOTMLS_iFrame', true);\nfilesFixed=0;\nfilesFailed=0;\nfunction fixedFile(file) {\n filesFixed++;\nif (li_file = window.parent.document.getElementById('check_'+file))\n\tli_file.checked=false;\nif (li_file = window.parent.document.getElementById('list_'+file))\n\tli_file.className='GOTMLS_plugin';\nif (li_file = window.parent.document.getElementById('GOTMLS_quarantine_'+file)) {\n\tli_file.style.display='none';\n\tli_file.innerHTML='';\n\t}\n}\nfunction DeletedFile(file) {\n filesFixed++;\nif (li_file = window.parent.document.getElementById('check_'+file))\n\tli_file.checked=false;\nif (li_file = window.parent.document.getElementById('
|
| 1591 |
@set_time_limit($GLOBALS["GOTMLS"]["tmp"]['execution_time'] * 2);
|
| 1592 |
$HTML = explode("split-here-for-content", GOTMLS_html_tags(array("html" => array("body" => "split-here-for-content"))));
|
| 1593 |
echo $HTML[0];
|
|
@@ -1603,38 +1613,72 @@ function GOTMLS_ajax_fix() {
|
|
| 1603 |
echo __("Done!",'gotmls');
|
| 1604 |
$li_js .= "/*-->*"."/\nDeletedFile('$clean_file');\n/*<!--*"."/";
|
| 1605 |
} else {
|
| 1606 |
-
echo __("Failed to
|
| 1607 |
$li_js .= "/*-->*"."/\nfailedFile('$clean_file');\n/*<!--*"."/";
|
| 1608 |
}
|
| 1609 |
GOTMLS_update_scan_log(array("scan" => array("finish" => time(), "type" => "Removal from Quarantine")));
|
| 1610 |
} else {
|
| 1611 |
-
echo "<li>Restoring $path ... ";
|
| 1612 |
$Q_post["post_status"] = "pending";
|
| 1613 |
-
|
| 1614 |
-
|
| 1615 |
-
$
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1616 |
} else {
|
| 1617 |
-
echo __("
|
| 1618 |
$li_js .= "/*-->*"."/\nfailedFile('$clean_file');\n/*<!--*"."/";
|
| 1619 |
}
|
| 1620 |
GOTMLS_update_scan_log(array("scan" => array("finish" => time(), "type" => "Restoration from Quarantine")));
|
| 1621 |
}
|
| 1622 |
echo "</li>\n$li_js/*-->*"."/\n$callAlert\n</script>\n";
|
| 1623 |
$li_js = "<script type=\"text/javascript\">\n/*<!--*"."/";
|
| 1624 |
-
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1625 |
} else {
|
| 1626 |
-
$path = realpath(GOTMLS_decode($clean_file));
|
| 1627 |
if (is_file($path)) {
|
| 1628 |
echo "<li>Fixing $path ... ";
|
| 1629 |
$li_js .= GOTMLS_scanfile($path);
|
| 1630 |
echo "</li>\n$li_js/*-->*"."/\n$callAlert\n//".$GLOBALS["GOTMLS"]["tmp"]["debug_fix"]."\n</script>\n";
|
| 1631 |
$li_js = "<script type=\"text/javascript\">\n/*<!--*"."/";
|
| 1632 |
} else
|
| 1633 |
-
echo "<li>".__("File
|
| 1634 |
GOTMLS_update_scan_log(array("scan" => array("finish" => time(), "type" => "Automatic Fix")));
|
| 1635 |
}
|
| 1636 |
}
|
| 1637 |
-
$nonce = GOTMLS_set_nonce(__FUNCTION__."
|
| 1638 |
die('<div id="check_site_warning" style="background-color: #F00;">'.sprintf(__("Because some changes were made we need to check to make sure it did not break your site. If this stays Red and the frame below does not load please <a %s>revert the changes</a> made during this automated fix process.",'gotmls'), 'href="'.GOTMLS_images_path.'?page=GOTMLS-View-Quarantine&'.$nonce.'"').' <span style="color: #F00;">'.__("Never mind, it worked!",'gotmls').'</span></div><br /><iframe id="test_frame" name="test_frame" src="'.admin_url('admin.php?page=GOTMLS-settings&check_site=1&'.$nonce).'" style="width: 100%; height: 200px"></iframe>'.$li_js."/*-->*"."/\nalert_repaired(0);\n</script>\n$HTML[1]");
|
| 1639 |
} else
|
| 1640 |
die(GOTMLS_html_tags(array("html" => array("body" => "<script type=\"text/javascript\">\nwindow.parent.showhide('GOTMLS_iFrame', true);\nalert('".__("Nothing Selected to be Changed!",'gotmls')."');\n</script>".__("Done!",'gotmls')))));
|
|
@@ -1647,6 +1691,29 @@ function GOTMLS_ajax_scan() {
|
|
| 1647 |
if (GOTMLS_get_nonce()) {
|
| 1648 |
@error_reporting(0);
|
| 1649 |
if (isset($_GET["GOTMLS_scan"])) {
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1650 |
@set_time_limit($GLOBALS["GOTMLS"]["tmp"]['execution_time'] - 5);
|
| 1651 |
if (is_numeric($_GET["GOTMLS_scan"])) {
|
| 1652 |
if (($Q_post = GOTMLS_get_quarantine($_GET["GOTMLS_scan"])) && isset($Q_post["post_type"]) && $Q_post["post_type"] == "GOTMLS_quarantine" && isset($Q_post["post_status"]) && $Q_post["post_status"] == "private") {
|
|
@@ -1683,35 +1750,14 @@ function GOTMLS_ajax_scan() {
|
|
| 1683 |
}
|
| 1684 |
}
|
| 1685 |
} //else echo "excerpt:".$Q_post["post_excerpt"];
|
| 1686 |
-
|
| 1687 |
-
die("\n".'<script type="text/javascript">
|
| 1688 |
-
function select_text_range(ta_id, start, end) {
|
| 1689 |
-
var textBox = document.getElementById(ta_id);
|
| 1690 |
-
var scrolledText = "";
|
| 1691 |
-
scrolledText = textBox.value.substring(0, end);
|
| 1692 |
-
textBox.focus();
|
| 1693 |
-
if (textBox.setSelectionRange) {
|
| 1694 |
-
scrolledText = textBox.value.substring(end);
|
| 1695 |
-
textBox.value = textBox.value.substring(0, end);
|
| 1696 |
-
textBox.scrollTop = textBox.scrollHeight;
|
| 1697 |
-
textBox.value = textBox.value + scrolledText;
|
| 1698 |
-
textBox.setSelectionRange(start, end);
|
| 1699 |
-
} else if (textBox.createTextRange) {
|
| 1700 |
-
var range = textBox.createTextRange();
|
| 1701 |
-
range.collapse(true);
|
| 1702 |
-
range.moveStart("character", start);
|
| 1703 |
-
range.moveEnd("character", end);
|
| 1704 |
-
range.select();
|
| 1705 |
-
} else
|
| 1706 |
-
alert("The highlighting function does not work in your browser");
|
| 1707 |
-
}
|
| 1708 |
-
window.parent.showhide("GOTMLS_iFrame", true);
|
| 1709 |
-
</script><table style="top: 0px; left: 0px; width: 100%; height: 100%; position: absolute;"><tr><td style="width: 100%"><form style="margin: 0;" method="post" action="'.admin_url('admin-ajax.php?'.GOTMLS_set_nonce(__FUNCTION__."1522")).'" onsubmit="return confirm(\''.__("Are you sure you want to delete this file from the quarantine?",'gotmls').'\');"><input type="hidden" name="GOTMLS_fix[]" value="'.$Q_post["ID"].'"><input type="hidden" name="GOTMLS_fixing" value="2"><input type="hidden" name="action" value="GOTMLS_fix"><input type="submit" value="DELETE from Quarantine" style="background-color: #C00; float: right;"></form><div id="fileperms" class="shadowed-box rounded-corners" style="display: none; position: absolute; left: 8px; top: 29px; background-color: #ccc; border: medium solid #C00; box-shadow: -3px 3px 3px #666; border-radius: 10px; padding: 10px;"><b>File Details</b><br />encoding: '.(function_exists("mb_detect_encoding")?mb_detect_encoding($GLOBALS["GOTMLS"]["tmp"]["file_contents"]):"Unknown").'<br />size: '.strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]).' bytes<br />infected:'.$Q_post["post_modified_gmt"].'<br />quarantined:'.$Q_post["post_date_gmt"].'</div><div style="overflow: auto;"><span onmouseover="document.getElementById(\'fileperms\').style.display=\'block\';" onmouseout="document.getElementById(\'fileperms\').style.display=\'none\';">'.__("File Details:",'gotmls').'</span> ('.$fa.' )</div></td></tr><tr><td style="height: 100%"><textarea id="ta_file" style="width: 100%; height: 100%">'.htmlentities(str_replace("\r", "", $GLOBALS["GOTMLS"]["tmp"]["file_contents"])).'</textarea></td></tr></table>');
|
| 1710 |
} else
|
| 1711 |
-
die(GOTMLS_html_tags(array("html" => array("body" => __("This
|
| 1712 |
} else {
|
| 1713 |
$file = GOTMLS_decode($_GET["GOTMLS_scan"]);
|
| 1714 |
-
if (
|
|
|
|
|
|
|
| 1715 |
@error_reporting(0);
|
| 1716 |
@header("Content-type: text/javascript");
|
| 1717 |
if (isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"]))
|
|
@@ -1723,54 +1769,28 @@ window.parent.showhide("GOTMLS_iFrame", true);
|
|
| 1723 |
@ob_end_flush();
|
| 1724 |
}
|
| 1725 |
die('//END OF JavaScript');
|
| 1726 |
-
}
|
| 1727 |
-
|
| 1728 |
-
|
| 1729 |
-
|
| 1730 |
-
|
| 1731 |
-
$
|
| 1732 |
-
|
| 1733 |
-
|
| 1734 |
-
|
| 1735 |
-
|
| 1736 |
-
|
| 1737 |
-
|
| 1738 |
-
$
|
| 1739 |
-
|
| 1740 |
-
|
| 1741 |
-
|
| 1742 |
-
|
| 1743 |
-
|
| 1744 |
-
|
| 1745 |
-
|
| 1746 |
-
|
| 1747 |
-
|
| 1748 |
-
// foreach ($decode_list as $decode => $regex) if (preg_match($regex.substr($GLOBALS["GOTMLS"]["tmp"]["default_ext"], 0, 1), $GLOBALS["GOTMLS"]["tmp"]["file_contents"])) $fa .= ' <a href="'.GOTMLS_script_URI.'&'.$function.'[]='.$decode.'">decode['.$decode.']</a>';
|
| 1749 |
-
die("\n".'<script type="text/javascript">
|
| 1750 |
-
function select_text_range(ta_id, start, end) {
|
| 1751 |
-
var textBox = document.getElementById(ta_id);
|
| 1752 |
-
var scrolledText = "";
|
| 1753 |
-
scrolledText = textBox.value.substring(0, end);
|
| 1754 |
-
textBox.focus();
|
| 1755 |
-
if (textBox.setSelectionRange) {
|
| 1756 |
-
scrolledText = textBox.value.substring(end);
|
| 1757 |
-
textBox.value = textBox.value.substring(0, end);
|
| 1758 |
-
textBox.scrollTop = textBox.scrollHeight;
|
| 1759 |
-
textBox.value = textBox.value + scrolledText;
|
| 1760 |
-
textBox.setSelectionRange(start, end);
|
| 1761 |
-
} else if (textBox.createTextRange) {
|
| 1762 |
-
var range = textBox.createTextRange();
|
| 1763 |
-
range.collapse(true);
|
| 1764 |
-
range.moveStart("character", start);
|
| 1765 |
-
range.moveEnd("character", end);
|
| 1766 |
-
range.select();
|
| 1767 |
-
} else
|
| 1768 |
-
alert("The highlighting function does not work in your browser");
|
| 1769 |
-
}
|
| 1770 |
-
window.parent.showhide("GOTMLS_iFrame", true);
|
| 1771 |
-
</script><table style="top: 0px; left: 0px; width: 100%; height: 100%; position: absolute;"><tr><td style="width: 100%"><form style="margin: 0;" method="post" action="'.admin_url('admin-ajax.php?'.GOTMLS_set_nonce(__FUNCTION__."1583")).'" onsubmit="return confirm(\''.__("Are you sure this file is not infected and you want to ignore it in future scans?",'gotmls').'\');"><input type="hidden" name="GOTMLS_whitelist" value="'.GOTMLS_encode($file).'"><input type="hidden" name="action" value="GOTMLS_whitelist"><input type="hidden" name="GOTMLS_chksum" value="'.md5($GLOBALS["GOTMLS"]["tmp"]["file_contents"]).'O'.GOTMLS_installation_key.'"><input type="submit" value="Whitelist this file" style="float: right;"></form><div id="fileperms" class="shadowed-box rounded-corners" style="display: none; position: absolute; left: 8px; top: 29px; background-color: #ccc; border: medium solid #C00; box-shadow: -3px 3px 3px #666; border-radius: 10px; padding: 10px;"><b>File Details: '.htmlspecialchars(basename($file)).'</b><br />in: '.dirname(realpath($file)).'<br />encoding: '.(function_exists("mb_detect_encoding")?mb_detect_encoding($GLOBALS["GOTMLS"]["tmp"]["file_contents"]):"Unknown").'<br />size: '.strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]).' ('.filesize(realpath($file)).'bytes)<br />permissions: '.GOTMLS_fileperms(realpath($file)).'<br />Owner/Group: '.fileowner(realpath($file)).'/'.filegroup(realpath($file)).' (you are: '.getmyuid().'/'.getmygid().')<br />modified:'.date(" Y-m-d H:i:s ", filemtime(realpath($file))).'<br />changed:'.date(" Y-m-d H:i:s ", filectime(realpath($file))).'</div><div style="overflow: auto;"><span onmouseover="document.getElementById(\'fileperms\').style.display=\'block\';" onmouseout="document.getElementById(\'fileperms\').style.display=\'none\';">'.__("Potential threats in file:",'gotmls').'</span> ('.$fa.' )</div></td></tr><tr><td style="height: 100%"><textarea id="ta_file" style="width: 100%; height: 100%">'.htmlentities(str_replace("\r", "", $GLOBALS["GOTMLS"]["tmp"]["file_contents"])).'</textarea></td></tr></table>');
|
| 1772 |
-
}
|
| 1773 |
-
}
|
| 1774 |
}
|
| 1775 |
} else
|
| 1776 |
die("\n//Directory Error: Nothing to scan!\n");
|
| 8 |
Contributors: scheeeli, gotmls
|
| 9 |
Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
|
| 10 |
Description: This Anti-Virus/Anti-Malware plugin searches for Malware and other Virus like threats and vulnerabilities on your server and helps you remove them. It's always growing and changing to adapt to new threats so let me know if it's not working for you.
|
| 11 |
+
Version: 4.18.52
|
| 12 |
*/
|
| 13 |
if (isset($_SERVER["DOCUMENT_ROOT"]) && ($SCRIPT_FILE = str_replace($_SERVER["DOCUMENT_ROOT"], "", isset($_SERVER["SCRIPT_FILENAME"])?$_SERVER["SCRIPT_FILENAME"]:isset($_SERVER["SCRIPT_NAME"])?$_SERVER["SCRIPT_NAME"]:"")) && strlen($SCRIPT_FILE) > strlen("/".basename(__FILE__)) && substr(__FILE__, -1 * strlen($SCRIPT_FILE)) == substr($SCRIPT_FILE, -1 * strlen(__FILE__)))
|
| 14 |
include(dirname(__FILE__)."/safe-load/index.php");
|
| 40 |
|
| 41 |
function GOTMLS_install() {
|
| 42 |
global $wp_version;
|
| 43 |
+
if (isset($wp_version) && ($wp_version))
|
| 44 |
+
GOTMLS_define("GOTMLS_wp_version", $wp_version);
|
| 45 |
+
else
|
| 46 |
+
GOTMLS_define("GOTMLS_wp_version", "Unknown");
|
| 47 |
+
if (version_compare(GOTMLS_wp_version, GOTMLS_require_version, "<"))
|
| 48 |
+
die(GOTMLS_require_version_LANGUAGE.", NOT version: ".GOTMLS_wp_version);
|
| 49 |
}
|
| 50 |
register_activation_hook(__FILE__, "GOTMLS_install");
|
| 51 |
|
| 102 |
add_action('admin_enqueue_scripts', 'GOTMLS_enqueue_scripts');
|
| 103 |
|
| 104 |
function GOTMLS_display_header($optional_box = "") {
|
| 105 |
+
global $current_user, $wpdb;
|
| 106 |
wp_get_current_user();
|
| 107 |
$GOTMLS_url_parts = explode('/', GOTMLS_siteurl);
|
| 108 |
if (isset($_GET["check_site"]) && $_GET["check_site"])
|
| 109 |
echo '<div id="check_site" style="z-index: 1234567;"><img src="'.GOTMLS_images_path.'checked.gif" height=16 width=16 alt="✔"> '.__("Tested your site. It appears we didn't break anything",'gotmls').' ;-)</div><script type="text/javascript">window.parent.document.getElementById("check_site_warning").style.backgroundColor=\'#0C0\';</script><li>Please <a target="_blank" href="https://wordpress.org/support/view/plugin-reviews/gotmls#postform">write a "Five-Star" Review</a> on WordPress.org if you like this plugin.</li><style>#footer, #GOTMLS-metabox-container, #GOTMLS-right-sidebar, #admin-page-container, #wpadminbar, #adminmenuback, #adminmenuwrap, #adminmenu, .error, .updated, .update-nag {display: none !important;} #wpbody-content {padding-bottom: 0;} #wpbody, html.wp-toolbar {padding-top: 0 !important;} #wpcontent, #footer {margin-left: 5px !important;}';
|
| 110 |
else
|
| 111 |
echo '<style>#GOTMLS-right-sidebar {float: right; margin-right: 0px;}';
|
| 112 |
+
$Update_Definitions = array(GOTMLS_update_home.'definitions.js'.$GLOBALS["GOTMLS"]["tmp"]["Definition"]["Updates"].'&ver='.GOTMLS_Version.'&wp='.GOTMLS_wp_version.'&'.GOTMLS_set_nonce(__FUNCTION__."108").'&d='.ur1encode(GOTMLS_siteurl));
|
| 113 |
if (isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["auto_UPDATE_definitions"]) && $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["auto_UPDATE_definitions"])
|
| 114 |
array_unshift($Update_Definitions, admin_url('admin-ajax.php?action=GOTMLS_auto_update&'.GOTMLS_set_nonce(__FUNCTION__."109").'&UPDATE_definitions_array=1'));
|
| 115 |
else
|
| 158 |
.inside p {margin: 10px;}
|
| 159 |
.GOTMLS_li, .GOTMLS_plugin li {list-style: none;}
|
| 160 |
.GOTMLS_plugin {margin: 5px; background: #cfc; border: 1px solid #0C0; padding: 0 5px; border-radius: 3px;}
|
| 161 |
+
.GOTMLS_plugin.known, .GOTMLS_plugin.db_scan, .GOTMLS_plugin.htaccess, .GOTMLS_plugin.timthumb, .GOTMLS_plugin.errors {background: #f99; border: 1px solid #f00;}
|
| 162 |
.GOTMLS_plugin.potential, .GOTMLS_plugin.wp_core, .GOTMLS_plugin.skipdirs, .GOTMLS_plugin.skipped {background: #ffc; border: 1px solid #fc6;}
|
| 163 |
.GOTMLS ul li {margin-left: 12px;}
|
| 164 |
.GOTMLS h2 {margin: 0 0 10px;}
|
| 368 |
<div id="main-page-title"><h1 style="vertical-align: middle;">Anti-Malware from GOTMLS.NET</h1></div>
|
| 369 |
<div id="admin-page-container">
|
| 370 |
<div id="GOTMLS-right-sidebar" style="width: 300px;" class="metabox-holder">
|
| 371 |
+
'.GOTMLS_box(__("Updates & Registration",'gotmls'), "<ul>$php_version<li>WordPress: <span class='GOTMLS_date'>".GOTMLS_wp_version."</span></li>\n<li>Plugin: <span class='GOTMLS_date'>".GOTMLS_Version.'</span></li>
|
| 372 |
<li><div id="GOTMLS_Key" style="margin: 0;'.((!$defLatest && !$isRegistered)?' display: none;">Key: <span style="float: right;">'.GOTMLS_installation_key.'</span></div><div style="':'">Key: <span style="float: right;">'.GOTMLS_installation_key.'</span></div><div style="display: none;').'"><form method="POST" action="'.admin_url('admin-ajax.php?'.$head_nonce).'" target="GOTMLS_iFrame" name="GOTMLS_Form_lognewkey"><input type="hidden" name="GOTMLS_installation_key" value="'.GOTMLS_installation_key.'"><input type="hidden" name="action" value="GOTMLS_lognewkey"><span style="color: #F00;" id="GOTMLS_No_Key">No Key! <input type="submit" style="float: right;" value="'.__("Get FREE Key!",'gotmls').'" class="button-primary" onclick="showhide(\'GOTMLS_No_Key\');showhide(\'GOTMLS_Key\', true);check_for_updates(\'Definition_Updates\');" /></span></form></div></li>
|
| 373 |
<li>Definitions: <span id="GOTMLS_definitions_date" class="GOTMLS_date">'.$GLOBALS["GOTMLS"]["tmp"]["Definition"]["Latest"].'</span></li></ul>
|
| 374 |
<form id="updateform" method="post" name="updateform" action="'.str_replace("GOTMLS_mt=", "GOTMLS_last_mt=", GOTMLS_script_URI).'&'.$head_nonce.'">
|
| 642 |
$my_query = new WP_Query($args);
|
| 643 |
$Q_Paged = '<form method="POST" name="GOTMLS_Form_page"><input type="hidden" id="GOTMLS_paged" name="paged" value="1"><div style="float: left;">Page:</div>';
|
| 644 |
$Q_Page = '
|
| 645 |
+
<form method="POST" action="'.admin_url('admin-ajax.php?'.GOTMLS_set_nonce(__FUNCTION__."645")).(isset($_SERVER["QUERY_STRING"])&&strlen($_SERVER["QUERY_STRING"])?"&".$_SERVER["QUERY_STRING"]:"").'" target="GOTMLS_iFrame" name="GOTMLS_Form_clean"><input type="hidden" id="GOTMLS_fixing" name="GOTMLS_fixing" value="1"><input type="hidden" name="action" value="GOTMLS_fix">';
|
| 646 |
if ($my_query->have_posts()) {
|
| 647 |
$Q_Page .= '<p id="quarantine_buttons" style="display: none;"><input id="repair_button" type="submit" value="'.__("Restore selected files",'gotmls').'" class="button-primary" onclick="if (confirm(\''.__("Are you sure you want to overwrite the previously cleaned files with the selected files in the Quarantine?",'gotmls').'\')) { setvalAllFiles(1); loadIframe(\'File Restoration Results\'); } else return false;" /><input id="delete_button" type="submit" class="button-primary" value="'.__("Delete selected files",'gotmls').'" onclick="if (confirm(\''.__("Are you sure you want to permanently delete the selected files in the Quarantine?",'gotmls').'\')) { setvalAllFiles(2); loadIframe(\'File Deletion Results\'); } else return false;" /></p><p><b>'.__("The following items have been found to contain malicious code, they have been cleaned, and the original infected file contents have been saved here in the Quarantine. The code is safe here and you do not need to do anything further with these files.",'gotmls').'</b></p>
|
| 648 |
<ul name="found_Quarantine" id="found_Quarantine" class="GOTMLS_plugin known" style="background-color: #ccc; padding: 0;"><h3 style="margin: 8px 12px;">'.($my_query->post_count>1?'<input type="checkbox" onchange="checkAllFiles(this.checked); document.getElementById(\'quarantine_buttons\').style.display = \'block\';"> '.sprintf(__("Check all %d",'gotmls'),$my_query->post_count):"").__(" Items in Quarantine",'gotmls').'<span class="GOTMLS_date">'.__("Quarantined",'gotmls').'</span><span class="GOTMLS_date">'.__("Date Infected",'gotmls').'</span></h3>';
|
| 782 |
} else
|
| 783 |
$patch_action .= $lt.'div class="error"'.$gt.__("wp-config.php Not Found!",'gotmls').$lt.'/div'.$gt;
|
| 784 |
if ($GOTMLS_nonce_found && file_exists(ABSPATH.'wp-login.php') && ($login = @file_get_contents(ABSPATH.'wp-login.php')) && strlen($login) && (preg_match($find, $login))) {
|
| 785 |
+
if (isset($_POST["GOTMLS_patching"]) && ($source = GOTMLS_get_URL("http://core.svn.wordpress.org/tags/".GOTMLS_wp_version.'/wp-login.php')) && (strlen($source) > 500) && GOTMLS_file_put_contents(ABSPATH.'wp-login.php', $source))
|
| 786 |
$patch_action .= $lt.'div class="updated"'.$gt.__("Removed Old Brute-Force Login Patch",'gotmls').$lt.'/div'.$gt;
|
| 787 |
else
|
| 788 |
$patch_status = 2;
|
| 859 |
}
|
| 860 |
|
| 861 |
function GOTMLS_update_definitions() {
|
| 862 |
+
global $wpdb;
|
| 863 |
$GOTMLS_definitions_versions = array();
|
| 864 |
$user_info = array();
|
| 865 |
$saved = false;
|
| 875 |
$GOTMLS_definitions_versions[$threat_level] = $definition_version[0];
|
| 876 |
asort($GOTMLS_definitions_versions);
|
| 877 |
if (isset($_REQUEST["UPDATE_definitions_array"]) && strlen($_REQUEST["UPDATE_definitions_array"]) && GOTMLS_get_nonce()) {
|
| 878 |
+
$DEF_url = 'http:'.GOTMLS_update_home.'definitions.php?ver='.GOTMLS_Version.'&wp='.GOTMLS_wp_version.'&'.GOTMLS_set_nonce(__FUNCTION__."870").'&d='.ur1encode(GOTMLS_siteurl);
|
| 879 |
if (strlen($_REQUEST["UPDATE_definitions_array"]) > 1) {
|
| 880 |
$GOTnew_definitions = maybe_unserialize(GOTMLS_decode($_REQUEST["UPDATE_definitions_array"]));
|
| 881 |
if (is_array($GOTnew_definitions)) {
|
| 885 |
} elseif ($_REQUEST["UPDATE_definitions_array"] == "D") {
|
| 886 |
$GLOBALS["GOTMLS"]["tmp"]["definitions_array"] = array();
|
| 887 |
$GOTnew_definitions = array();
|
| 888 |
+
} elseif (($DEF = GOTMLS_get_URL($DEF_url)) && is_array($GOTnew_definitions = maybe_unserialize(GOTMLS_decode($DEF))) && count($GOTnew_definitions)) {
|
|
|
|
| 889 |
if (isset($GOTnew_definitions["you"]["user_email"]) && strlen($GOTnew_definitions["you"]["user_email"]) == 32) {
|
| 890 |
$toInfo = GOTMLS_get_registrant($GOTnew_definitions["you"]);
|
| 891 |
$innerHTML = "<li style=\\\"color: #0C0\\\">Your Installation Key is Registered to:<br /> $toInfo</li>";
|
| 895 |
if ($GOTnew_definitions["you"]["user_donation_total"] > 27.99) {
|
| 896 |
$autoUpJS = '<input type="radio" id="auto_UPDATE_definitions_1" name="UPDATE_definitions_array" value="1">Yes | <input type="radio" id="auto_UPDATE_definitions_0" name="UPDATE_definitions_array" value="0" checked>No <input type="hidden" name="UPDATE_definitions_checkbox" value="UPDATE_definitions_array">';
|
| 897 |
$moreJS = 'if (foundUpdates = document.getElementById("check_wp_core_div_NA"))
|
| 898 |
+
foundUpdates.innerHTML = "<a href=\'javascript:document.getElementById(\\"GOTMLS_Form\\").submit();\' onclick=\'document.getElementById(\\"auto_UPDATE_definitions_1\\").checked=true;\' style=\'color: #f00;\'>Set Definition Updates to Automatically Download to activate this feature.</a>";';
|
| 899 |
}
|
| 900 |
if ($user_donations_src > 0 && $GOTnew_definitions["you"]["user_donation_total"] > 0)
|
| 901 |
$li = "<li> You have made $user_donations_src donation".($user_donations_src?'s totalling':' for').' $'.$GOTnew_definitions["you"]["user_donation_total"].".</li><!-- ".$GOTnew_definitions["you"]["user_donation_freshness"]." -->";
|
| 902 |
}
|
| 903 |
} else
|
| 904 |
$innerHTML = "<li style=\\\"color: #f00\\\">Your Installation Key is not registered!</li>";
|
|
|
|
| 905 |
asort($GOTnew_definitions);
|
| 906 |
if (serialize($GOTnew_definitions) == serialize($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]))
|
| 907 |
unset($GOTnew_definitions);
|
| 914 |
$finJS .= "\nif (typeof stopCheckingDefinitions !== 'undefined')\n\tclearTimeout(stopCheckingDefinitions);";
|
| 915 |
} else
|
| 916 |
$innerHTML = "<li style=\\\"color: #f00\\\"><a title='report error' href='#' onclick=\\\"stopCheckingDefinitions = checkupdateserver(alt_addr+'&error=".GOTMLS_encode(serialize(array("get_URL"=>$GLOBALS["GOTMLS"]["get_URL"])))."', 'Definition_Updates');\\\">Automatic Update Connection Failed!</a></li>";
|
| 917 |
+
if (isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["backdoor"]))
|
| 918 |
+
unset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["backdoor"]);
|
| 919 |
} else
|
| 920 |
$innerHTML = "<li style=\\\"color: #f00\\\">".GOTMLS_Invalid_Nonce("Nonce Error")."</li>";
|
| 921 |
if (isset($GOTnew_definitions) && is_array($GOTnew_definitions)) {
|
| 954 |
$finJS .= "\nif (foundUpdates = document.getElementById('GOTMLS_definitions_date')) foundUpdates.innerHTML = '$new_ver';";
|
| 955 |
} elseif (is_array($GOTnew_definitions) && count($GOTnew_definitions))
|
| 956 |
$finJS .= "\nalert('Definition update $new_ver could not be saved because update_option Failed! $debug');";
|
| 957 |
+
if (isset($_REQUEST["UPDATE_core"]) && ($_REQUEST["UPDATE_core"] == GOTMLS_wp_version) && isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"][GOTMLS_wp_version])) {
|
| 958 |
foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"][$_REQUEST["UPDATE_core"]] as $file => $md5) {
|
| 959 |
if (is_file(ABSPATH.$file)) {
|
| 960 |
$GLOBALS["GOTMLS"]["tmp"]["file_contents"] = file_get_contents(ABSPATH.$file);
|
| 995 |
add_action('wp_ajax_GOTMLS_auto_update', 'GOTMLS_update_definitions');
|
| 996 |
|
| 997 |
function GOTMLS_settings() {
|
| 998 |
+
global $wpdb, $GOTMLS_dirs_at_depth, $GOTMLS_dir_at_depth;
|
| 999 |
$GOTMLS_scan_groups = array();
|
| 1000 |
$gt = ">";
|
| 1001 |
$lt = "<";
|
| 1002 |
GOTMLS_update_definitions();
|
| 1003 |
if (($GOTMLS_nonce_found = GOTMLS_get_nonce()) && isset($_REQUEST["check"]) && is_array($_REQUEST["check"]))
|
| 1004 |
$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"] = $_REQUEST["check"];
|
| 1005 |
+
/* removed old code */
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1006 |
if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"])) {
|
| 1007 |
$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"] = $GLOBALS["GOTMLS"]["tmp"]["threat_levels"];
|
| 1008 |
update_option("GOTMLS_settings_array", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]);
|
| 1040 |
$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check_custom"] = stripslashes($_POST["check_custom"]);
|
| 1041 |
if (isset($_POST["scan_depth"]) && is_numeric($_POST["scan_depth"]) && $_POST["scan_depth"] != $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_depth"])
|
| 1042 |
$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_depth"] = $_POST["scan_depth"];
|
| 1043 |
+
/* removed old code */
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1044 |
if (isset($_POST['skip_quarantine']) && $_POST['skip_quarantine'])
|
| 1045 |
$GLOBALS["GOTMLS"]["tmp"]["settings_array"]['skip_quarantine'] = $_POST['skip_quarantine'];
|
| 1046 |
elseif (isset($_POST["exclude_ext"]))
|
| 1064 |
$scan_optjs .= "\nfunction auto_UPDATE_check() {\n\tif (auto_UPdef_check = document.getElementById('auto_UPDATE_definitions_".$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["auto_UPDATE_definitions"]."'))\n\t\tauto_UPdef_check.checked = true;\n}\nif (window.addEventListener)\n\twindow.addEventListener('load', auto_UPDATE_check)\nelse\n\tdocument.attachEvent('onload', auto_UPDATE_check);\n";
|
| 1065 |
$scan_optjs .= "$lt/script$gt";
|
| 1066 |
$GOTMLS_nonce_URL = GOTMLS_set_nonce(__FUNCTION__."853");
|
| 1067 |
+
$scan_opts = "\n$lt".'form method="POST" id="GOTMLS_Form" name="GOTMLS_Form"'.$gt.$lt.'input type="hidden" name="'.str_replace('=', '" value="', $GOTMLS_nonce_URL).'"'.$gt.$lt.'input type="hidden" name="scan_type" id="scan_type" value="Complete Scan" /'.$gt.$lt.'div style="float: right;"'.$gt.$lt.'input type="submit" id="complete_scan" value="'.__("Run Complete Scan",'gotmls').'" class="button-primary" onclick="document.getElementById(\'scan_type\').value=\'Complete Scan\';" /'.$gt.$lt.'/div'.$gt.'
|
| 1068 |
'.$lt.'div style="float: left;"'.$gt.$lt.'p'.$gt.$lt.'b'.$gt.__("What to look for:",'gotmls').$lt.'/b'.$gt.$lt.'/p'.$gt.'
|
| 1069 |
'.$lt.'div style="padding: 0 30px;"'.$gt;
|
| 1070 |
$cInput = '"'.$gt.$lt.'input';
|
| 1072 |
$kCheck = "";
|
| 1073 |
foreach ($GLOBALS["GOTMLS"]["tmp"]["threat_levels"] as $threat_level_name=>$threat_level) {
|
| 1074 |
$scan_opts .= $lt.'div id="check_'.$threat_level.'_div" style="padding: 0; position: relative;';
|
| 1075 |
+
if (($threat_level != "wp_core" && isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"][$threat_level])) || isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"][$threat_level][GOTMLS_wp_version])) {
|
| 1076 |
if ($threat_level != "potential" && in_array($threat_level,$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"])) {
|
| 1077 |
$pCheck = " display: none;$cInput";
|
| 1078 |
$scan_opts .= "$cInput checked";
|
| 1084 |
$kCheck .= ",'$threat_level'";
|
| 1085 |
$scan_opts .= ' type="checkbox" onchange="pCheck(this);" name="check[]" id="check_'.$threat_level.'_Yes" value="'.$threat_level.'" /'.$gt.' '.$lt.'a style="text-decoration: none;" href="#check_'.$threat_level.'_div_0" onclick="document.getElementById(\'check_'.$threat_level.'_Yes\').checked=true;pCheck(document.getElementById(\'check_'.$threat_level.'_Yes\'));showhide(\'dont_check_'.$threat_level.'\');"'."$gt{$lt}b$gt$threat_level_name$lt/b$gt$lt/a$gt\n";
|
| 1086 |
if (isset($_GET["SESSION"])) {
|
|
|
|
|
|
|
| 1087 |
$scan_opts .= "\n$lt".'div style="padding: 0 20px; position: relative; top: -18px; display: none;" id="dont_check_'.$threat_level.'"'.$gt.$lt.'a class="rounded-corners" style="position: absolute; left: 0; margin: 0; padding: 0 4px; text-decoration: none; color: #C00; background-color: #FCC; border: solid #F00 1px;" href="#check_'.$threat_level.'_div_0" onclick="showhide(\'dont_check_'.$threat_level.'\');"'.$gt.'X'.$lt.'/a'.$gt;
|
| 1088 |
foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"][$threat_level] as $threat_name => $threat_regex)
|
| 1089 |
+
$scan_opts .= $lt."br /$gt\n$lt".'input type="checkbox" name="dont_check[]" value="'.htmlspecialchars($threat_name).'"'.(in_array($threat_name, $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"])?' checked /'.$gt.$lt.'script'.$gt.'showhide("dont_check_'.$threat_level.'", true);'.$lt.'/script'.$gt:' /'.$gt).(isset($_SESSION["GOTMLS_debug"][$threat_name])?$lt.'div style="float: right;"'.$gt.print_r($_SESSION["GOTMLS_debug"][$threat_name],1)."$lt/div$gt":"").htmlspecialchars($threat_name);
|
| 1090 |
$scan_opts .= "\n$lt/div$gt";
|
| 1091 |
}
|
| 1092 |
} else
|
| 1233 |
$found = "Found ";
|
| 1234 |
$fix_button_js = "\n\t\tdis='block';";
|
| 1235 |
} else {
|
| 1236 |
+
$val = 0;
|
| 1237 |
if ($found && !in_array($scan_group, $GLOBALS["GOTMLS"]["log"]["settings"]["check"]))
|
| 1238 |
$potential_threat = ' potential" title="'.GOTMLS_strip4java(__("You are not currently scanning for this type of threat!",'gotmls'));
|
| 1239 |
else
|
| 1240 |
$potential_threat = "";
|
| 1241 |
+
$vars .= ", $scan_group=$val";
|
| 1242 |
echo "/*--{$gt}*"."/\n\tif ($scan_group > 0) {\n\t\tscan_state = ' href=\"#found_$scan_group\" onclick=\"$li_js showhide(\\'found_$scan_group\\', true);\" class=\"GOTMLS_plugin $scan_group\"';$fix_button_js".($MAX>6?"\n\tshowhide('found_$scan_group', true);":"")."\n\t} else\n\t\tscan_state = ' class=\"GOTMLS_plugin$potential_threat\"';\n\tdivHTML += '<li class=\"GOTMLS_li\"".(($found && $scan_group == "potential" && !in_array($scan_group, $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"]))?' style="display: none;"':"")."><a'+scan_state+'>$found'+$scan_group+' '+($scan_group==1?('$scan_name').slice(0,-1):'$scan_name')+'</a></li>';\n/*{$lt}!--*"."/";
|
| 1243 |
}
|
| 1244 |
$li_js = "";
|
| 1269 |
update_option('GOTMLS_settings_array', $GLOBALS["GOTMLS"]["tmp"]["settings_array"]);
|
| 1270 |
$GLOBALS["GOTMLS"]["log"]["settings"]["check"] = array();
|
| 1271 |
GOTMLS_update_scan_log(array("settings" => $GLOBALS["GOTMLS"]["tmp"]["settings_array"]));
|
| 1272 |
+
$cleadCache = false;
|
| 1273 |
+
if (function_exists('is_plugin_active')) {
|
| 1274 |
+
if (function_exists('wp_cache_clear_cache')) {
|
| 1275 |
+
wp_cache_clear_cache();
|
| 1276 |
+
$cleadCache = true;
|
| 1277 |
+
}
|
| 1278 |
+
if (function_exists('w3tc_pgcache_flush')) {
|
| 1279 |
+
w3tc_pgcache_flush();
|
| 1280 |
+
$cleadCache = true;
|
| 1281 |
+
}
|
| 1282 |
+
if (class_exists('WpFastestCache')) {
|
| 1283 |
+
$newCache = new WpFastestCache();
|
| 1284 |
+
$newCache->deleteCache();
|
| 1285 |
+
$cleadCache = true;
|
| 1286 |
+
}
|
| 1287 |
+
|
| 1288 |
+
}
|
| 1289 |
+
if ($cleadCache)
|
| 1290 |
+
str_replace("Settings Saved!", "Cache Cleared and Settings Saved!", $Settings_Saved);
|
| 1291 |
echo $Settings_Saved;
|
| 1292 |
if (!isset($_REQUEST["scan_type"]))
|
| 1293 |
$_REQUEST["scan_type"] = "Complete Scan";
|
| 1298 |
if ($check != "potential")
|
| 1299 |
$GLOBALS["GOTMLS"]["log"]["settings"]["check"][] = $check;
|
| 1300 |
}
|
| 1301 |
+
echo "\n$lt".'form method="POST" action="'.admin_url('admin-ajax.php?'.GOTMLS_set_nonce(__FUNCTION__."1314")).(isset($_SERVER["QUERY_STRING"])&&strlen($_SERVER["QUERY_STRING"])?"&".$_SERVER["QUERY_STRING"]:"").'" target="GOTMLS_iFrame" name="GOTMLS_Form_clean"'.$gt.$lt.'input type="hidden" name="action" value="GOTMLS_fix"'.$gt.$lt.'input type="hidden" id="GOTMLS_fixing" name="GOTMLS_fixing" value="1"'.$gt;
|
| 1302 |
foreach ($_POST as $name => $value) {
|
| 1303 |
if (substr($name, 0, 10) != 'GOTMLS_fix') {
|
| 1304 |
if (is_array($value)) {
|
| 1311 |
echo "\n$lt".'script type="text/javascript"'.$gt.'showhide("inside_'.md5($ScanSettings).'");'.$lt.'/script'.$gt.GOTMLS_box(htmlspecialchars($_REQUEST["scan_type"]).' Status', $lt.'div id="status_text"'.$gt.$lt.'img src="'.GOTMLS_images_path.'wait.gif" height=16 width=16 alt="..."'.$gt.' '.GOTMLS_Loading_LANGUAGE.$lt.'/div'.$gt.$lt.'div id="status_bar"'.$gt.$lt.'/div'.$gt.$lt.'p id="pause_button" style="display: none; position: absolute; left: 0; text-align: center; margin-left: -30px; padding-left: 50%;"'.$gt.$lt.'input type="button" value="Pause" class="button-primary" onclick="pauseresume(this);" id="resume_button" /'.$gt.$lt.'/p'.$gt.$lt.'div id="status_counts"'.$gt.$lt.'/div'.$gt.$lt.'p id="fix_button" style="display: none; text-align: center;"'.$gt.$lt.'input id="repair_button" type="submit" value="'.GOTMLS_Automatically_Fix_LANGUAGE.'" class="button-primary" onclick="loadIframe(\'Examine Results\');" /'.$gt.$lt.'/p'.$gt);
|
| 1312 |
$scan_groups_UL = "";
|
| 1313 |
foreach ($scan_groups as $scan_name => $scan_group)
|
| 1314 |
+
$scan_groups_UL .= "\n{$lt}ul name=\"found_$scan_group\" id=\"found_$scan_group\" class=\"GOTMLS_plugin $scan_group\" style=\"background-color: #ccc; display: none; padding: 0;\"$gt{$lt}a class=\"rounded-corners\" name=\"link_$scan_group\" style=\"float: right; padding: 0 4px; margin: 5px 5px 0 30px; line-height: 16px; text-decoration: none; color: #C00; background-color: #FCC; border: solid #F00 1px;\" href=\"#found_top\" onclick=\"showhide('found_$scan_group');\"{$gt}X$lt/a$gt{$lt}h3$gt$scan_name$lt/h3$gt\n".($scan_group=='potential'?$lt.'p'.$gt.' * '.__("NOTE: These are probably not malicious scripts (but it's a good place to start looking <u>IF</u> your site is infected and no Known Threats were found).",'gotmls').$lt.'/p'.$gt:($scan_group=='wp_core'?$lt.'p'.$gt.' * '.sprintf(__("NOTE: We have detected changes to the WordPress Core files on your site. This could be an intentional modification or the malicious work of a hacker. We can restore these files to their original state to preserve the integrity of your original WordPress %s installation.",'gotmls'), GOTMLS_wp_version).' (for more info '.$lt.'a target="_blank" href="http://gotmls.net/tag/wp-core-files/"'.$gt.__("read my blog",'gotmls').$lt.'/a'.$gt.').'.$lt.'/p'.$gt:$lt.'br /'.$gt)).$lt.'/ul'.$gt;
|
| 1315 |
if (!($dir = implode(GOTMLS_slash(), array_slice($dirs, 0, -1 * (2 + $_REQUEST["scan_what"]))))) $dir = "/";
|
| 1316 |
GOTMLS_update_scan_log(array("scan" => array("dir" => $dir, "start" => time(), "type" => htmlentities($_REQUEST["scan_type"]))));
|
| 1317 |
+
echo GOTMLS_box($lt.'div id="GOTMLS_scan_dir" style="float: right;"'.$gt.' ('.$GLOBALS["GOTMLS"]["log"]["scan"]["dir"].") $lt/div$gt".__("Scan Details:",'gotmls'), $scan_groups_UL);
|
| 1318 |
$no_flush_LANGUAGE = __("Not flushing OB Handlers: %s",'gotmls');
|
| 1319 |
if (isset($_REQUEST["no_ob_end_flush"]))
|
| 1320 |
echo $lt.'div class="error"'.$gt.sprintf($no_flush_LANGUAGE, print_r(ob_list_handlers(), 1))."$lt/div$gt\n";
|
| 1349 |
if ($_REQUEST["scan_type"] == "Quick Scan")
|
| 1350 |
echo GOTMLS_update_status(__("Completed!",'gotmls'), 100);
|
| 1351 |
else {
|
| 1352 |
+
echo GOTMLS_update_status(__("Starting Scan ...",'gotmls'));
|
| 1353 |
+
if (isset($GLOBALS["GOTMLS"]["log"]["settings"]["check"]) && is_array($GLOBALS["GOTMLS"]["log"]["settings"]["check"]) && in_array("db_scan", $GLOBALS["GOTMLS"]["log"]["settings"]["check"]))
|
| 1354 |
+
GOTMLS_db_scan();
|
| 1355 |
+
echo "/*--{$gt}*"."/\nvar scriptSRC = '".admin_url('admin-ajax.php?action=GOTMLS_scan&'.GOTMLS_set_nonce(__FUNCTION__."1087").'&mt='.$GLOBALS["GOTMLS"]["tmp"]["mt"].preg_replace('/\&(GOTMLS_scan|mt|GOTMLS_mt|action)=/', '&last_\1=', isset($_SERVER["QUERY_STRING"])&&strlen($_SERVER["QUERY_STRING"])?"&".$_SERVER["QUERY_STRING"]:"").'&GOTMLS_scan=')."';\nvar scanfilesArKeys = new Array('".implode("','", array_keys($GLOBALS["GOTMLS"]["tmp"]["scanfiles"]))."');\nvar scanfilesArNames = new Array('Scanning ".implode("','Scanning ", $GLOBALS["GOTMLS"]["tmp"]["scanfiles"])."');".'
|
| 1356 |
var scanfilesI = 0;
|
| 1357 |
var stopScanning;
|
| 1358 |
var gotStuckOn = "";
|
| 1476 |
add_action("in_plugin_update_message-gotmls/index.php", "GOTMLS_in_plugin_update_message");
|
| 1477 |
|
| 1478 |
function GOTMLS_init() {
|
| 1479 |
+
global $wp_version;
|
| 1480 |
+
if (isset($wp_version) && ($wp_version))
|
| 1481 |
+
GOTMLS_define("GOTMLS_wp_version", $wp_version);
|
| 1482 |
+
else
|
| 1483 |
+
GOTMLS_define("GOTMLS_wp_version", "Not Set");
|
| 1484 |
if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_what"]))
|
| 1485 |
$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_what"] = 2;
|
| 1486 |
if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_depth"]))
|
| 1487 |
$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_depth"] = -1;
|
| 1488 |
+
if (isset($_REQUEST["scan_type"]) && ($_REQUEST["scan_type"] == "Quick Scan")) {
|
| 1489 |
if (!isset($_REQUEST["scan_what"])) $_REQUEST["scan_what"] = 2;
|
| 1490 |
if (!isset($_REQUEST["scan_depth"]))
|
| 1491 |
$_REQUEST["scan_depth"] = 2;
|
| 1493 |
$_REQUEST["scan_only"] = array("","wp-includes","wp-admin");
|
| 1494 |
if ($_REQUEST["scan_only"] && !is_array($_REQUEST["scan_only"]))
|
| 1495 |
$_REQUEST["scan_only"] = array($_REQUEST["scan_only"]);
|
| 1496 |
+
}
|
| 1497 |
if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check_custom"]))
|
| 1498 |
$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check_custom"] = "";
|
| 1499 |
if (isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"]) && is_numeric($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"]))
|
| 1597 |
if (isset($_REQUEST["GOTMLS_fix"]) && is_array($_REQUEST["GOTMLS_fix"]) && isset($_REQUEST["GOTMLS_fixing"]) && $_REQUEST["GOTMLS_fixing"]) {
|
| 1598 |
GOTMLS_update_scan_log(array("settings" => $GLOBALS["GOTMLS"]["tmp"]["settings_array"]));
|
| 1599 |
$callAlert = "clearTimeout(callAlert);\ncallAlert=setTimeout('alert_repaired(1)', 30000);";
|
| 1600 |
+
$li_js = "\n<script type=\"text/javascript\">\nvar callAlert;\nfunction alert_repaired(failed) {\nclearTimeout(callAlert);\nif (failed)\nfilesFailed='the rest, try again to change more.';\nwindow.parent.check_for_donation('Changed '+filesFixed+' files, failed to change '+filesFailed);\n}\n$callAlert\nwindow.parent.showhide('GOTMLS_iFrame', true);\nfilesFixed=0;\nfilesFailed=0;\nfunction fixedFile(file) {\n filesFixed++;\nif (li_file = window.parent.document.getElementById('check_'+file))\n\tli_file.checked=false;\nif (li_file = window.parent.document.getElementById('list_'+file))\n\tli_file.className='GOTMLS_plugin';\nif (li_file = window.parent.document.getElementById('GOTMLS_quarantine_'+file)) {\n\tli_file.style.display='none';\n\tli_file.innerHTML='';\n\t}\n}\nfunction DeletedFile(file) {\n filesFixed++;\nif (li_file = window.parent.document.getElementById('check_'+file))\n\tli_file.checked=false;\nif (li_file = window.parent.document.getElementById('list_'+file)) {\n\tli_file.className='GOTMLS_plugin';\n\tif (!isNaN(file)) {\n\t\tli_file = li_file.parentNode;\n\t\tli_file.style.display='none';\n\t\tli_file.innerHTML='';\n}}}\nfunction failedFile(file) {\n filesFailed++;\nwindow.parent.document.getElementById('check_'+file).checked=false; \n}\n</script>\n<script type=\"text/javascript\">\n/*<!--*"."/";
|
| 1601 |
@set_time_limit($GLOBALS["GOTMLS"]["tmp"]['execution_time'] * 2);
|
| 1602 |
$HTML = explode("split-here-for-content", GOTMLS_html_tags(array("html" => array("body" => "split-here-for-content"))));
|
| 1603 |
echo $HTML[0];
|
| 1613 |
echo __("Done!",'gotmls');
|
| 1614 |
$li_js .= "/*-->*"."/\nDeletedFile('$clean_file');\n/*<!--*"."/";
|
| 1615 |
} else {
|
| 1616 |
+
echo __("Failed to remove!",'gotmls');
|
| 1617 |
$li_js .= "/*-->*"."/\nfailedFile('$clean_file');\n/*<!--*"."/";
|
| 1618 |
}
|
| 1619 |
GOTMLS_update_scan_log(array("scan" => array("finish" => time(), "type" => "Removal from Quarantine")));
|
| 1620 |
} else {
|
|
|
|
| 1621 |
$Q_post["post_status"] = "pending";
|
| 1622 |
+
$part = explode(":", $Q_post["post_title"].':');
|
| 1623 |
+
if (count($part) > 2 && is_numeric($part[1])) {
|
| 1624 |
+
if (($R_post = GOTMLS_get_quarantine($part[1])) && isset($R_post["post_type"]) && strtolower($R_post["post_type"]) == $part[0]) {
|
| 1625 |
+
if (isset($_GET["eli"]) || ($R_post["post_content"] == GOTMLS_decode($Q_post["post_content_filtered"])) || ($R_post["post_content"] == stripslashes(GOTMLS_decode($Q_post["post_content_filtered"])))) {
|
| 1626 |
+
echo "<li>Restoring Post ID $part[1] ... ";
|
| 1627 |
+
$R_post["post_modified_gmt"] = $Q_post["post_modified"];
|
| 1628 |
+
$R_post["post_content"] = GOTMLS_decode($Q_post["post_content"]);
|
| 1629 |
+
if (wp_update_post($R_post)) {
|
| 1630 |
+
|
| 1631 |
+
echo __("Complete!",'gotmls');
|
| 1632 |
+
wp_update_post($Q_post);
|
| 1633 |
+
$li_js .= "/*-->*"."/\nfixedFile('$clean_file');\n/*<!--*"."/";
|
| 1634 |
+
} else {
|
| 1635 |
+
echo __("Restoration Failed!",'gotmls');
|
| 1636 |
+
$li_js .= "/*-->*"."/\nfailedFile('$clean_file');\n/*<!--*"."/";
|
| 1637 |
+
}
|
| 1638 |
+
} else {
|
| 1639 |
+
echo "<li>".__("Restoration Aborted, post_content was modified outside of this quarantine!<pre>".htmlspecialchars(print_r(array("R"=>$R_post,"Q"=>$Q_post),1))."</pre>",'gotmls');
|
| 1640 |
+
$li_js .= "/*-->*"."/\nfailedFile('$clean_file');\n/*<!--*"."/";
|
| 1641 |
+
}
|
| 1642 |
+
} else {
|
| 1643 |
+
echo "<li>".__("Restore Failed!",'gotmls');
|
| 1644 |
+
$li_js .= "/*-->*"."/\nfailedFile('$clean_file');\n/*<!--*"."/";
|
| 1645 |
+
}
|
| 1646 |
+
} elseif (isset($_GET["eli"]) || is_file($path)) {
|
| 1647 |
+
echo "<li>Restoring $path ... ";
|
| 1648 |
+
if (GOTMLS_file_put_contents($path, GOTMLS_decode($Q_post["post_content"])) && wp_update_post($Q_post)) {
|
| 1649 |
+
echo __("Complete!",'gotmls');
|
| 1650 |
+
$li_js .= "/*-->*"."/\nfixedFile('$clean_file');\n/*<!--*"."/";
|
| 1651 |
+
} else {
|
| 1652 |
+
echo __("Restore Failed!",'gotmls');
|
| 1653 |
+
$li_js .= "/*-->*"."/\nfailedFile('$clean_file');\n/*<!--*"."/";
|
| 1654 |
+
}
|
| 1655 |
} else {
|
| 1656 |
+
echo "<li>".__("Restoration Aborted, file $path does not exist!",'gotmls');
|
| 1657 |
$li_js .= "/*-->*"."/\nfailedFile('$clean_file');\n/*<!--*"."/";
|
| 1658 |
}
|
| 1659 |
GOTMLS_update_scan_log(array("scan" => array("finish" => time(), "type" => "Restoration from Quarantine")));
|
| 1660 |
}
|
| 1661 |
echo "</li>\n$li_js/*-->*"."/\n$callAlert\n</script>\n";
|
| 1662 |
$li_js = "<script type=\"text/javascript\">\n/*<!--*"."/";
|
| 1663 |
+
}
|
| 1664 |
+
} elseif (is_numeric($decoded_file = GOTMLS_decode($clean_file))) {
|
| 1665 |
+
$li_js .= GOTMLS_db_scan($decoded_file);
|
| 1666 |
+
echo "</li>\n$li_js/*-->*"."/\n$callAlert\n//".$GLOBALS["GOTMLS"]["tmp"]["debug_fix"]."\n</script>\n";
|
| 1667 |
+
$li_js = "<script type=\"text/javascript\">\n/*<!--*"."/";
|
| 1668 |
+
GOTMLS_update_scan_log(array("scan" => array("finish" => time(), "type" => "DB Fix")));
|
| 1669 |
} else {
|
| 1670 |
+
$path = realpath($decoded_file = GOTMLS_decode($clean_file));
|
| 1671 |
if (is_file($path)) {
|
| 1672 |
echo "<li>Fixing $path ... ";
|
| 1673 |
$li_js .= GOTMLS_scanfile($path);
|
| 1674 |
echo "</li>\n$li_js/*-->*"."/\n$callAlert\n//".$GLOBALS["GOTMLS"]["tmp"]["debug_fix"]."\n</script>\n";
|
| 1675 |
$li_js = "<script type=\"text/javascript\">\n/*<!--*"."/";
|
| 1676 |
} else
|
| 1677 |
+
echo "<li>".sprintf(__("File %s not found!",'gotmls'), htmlentities($path))."</li>";
|
| 1678 |
GOTMLS_update_scan_log(array("scan" => array("finish" => time(), "type" => "Automatic Fix")));
|
| 1679 |
}
|
| 1680 |
}
|
| 1681 |
+
$nonce = GOTMLS_set_nonce(__FUNCTION__."1685");
|
| 1682 |
die('<div id="check_site_warning" style="background-color: #F00;">'.sprintf(__("Because some changes were made we need to check to make sure it did not break your site. If this stays Red and the frame below does not load please <a %s>revert the changes</a> made during this automated fix process.",'gotmls'), 'href="'.GOTMLS_images_path.'?page=GOTMLS-View-Quarantine&'.$nonce.'"').' <span style="color: #F00;">'.__("Never mind, it worked!",'gotmls').'</span></div><br /><iframe id="test_frame" name="test_frame" src="'.admin_url('admin.php?page=GOTMLS-settings&check_site=1&'.$nonce).'" style="width: 100%; height: 200px"></iframe>'.$li_js."/*-->*"."/\nalert_repaired(0);\n</script>\n$HTML[1]");
|
| 1683 |
} else
|
| 1684 |
die(GOTMLS_html_tags(array("html" => array("body" => "<script type=\"text/javascript\">\nwindow.parent.showhide('GOTMLS_iFrame', true);\nalert('".__("Nothing Selected to be Changed!",'gotmls')."');\n</script>".__("Done!",'gotmls')))));
|
| 1691 |
if (GOTMLS_get_nonce()) {
|
| 1692 |
@error_reporting(0);
|
| 1693 |
if (isset($_GET["GOTMLS_scan"])) {
|
| 1694 |
+
$script_form = '<script type="text/javascript">
|
| 1695 |
+
function select_text_range(ta_id, start, end) {
|
| 1696 |
+
var textBox = document.getElementById(ta_id);
|
| 1697 |
+
var scrolledText = "";
|
| 1698 |
+
scrolledText = textBox.value.substring(0, end);
|
| 1699 |
+
textBox.focus();
|
| 1700 |
+
if (textBox.setSelectionRange) {
|
| 1701 |
+
scrolledText = textBox.value.substring(end);
|
| 1702 |
+
textBox.value = textBox.value.substring(0, end);
|
| 1703 |
+
textBox.scrollTop = textBox.scrollHeight;
|
| 1704 |
+
textBox.value = textBox.value + scrolledText;
|
| 1705 |
+
textBox.setSelectionRange(start, end);
|
| 1706 |
+
} else if (textBox.createTextRange) {
|
| 1707 |
+
var range = textBox.createTextRange();
|
| 1708 |
+
range.collapse(true);
|
| 1709 |
+
range.moveStart("character", start);
|
| 1710 |
+
range.moveEnd("character", end);
|
| 1711 |
+
range.select();
|
| 1712 |
+
} else
|
| 1713 |
+
alert("The highlighting function does not work in your browser");
|
| 1714 |
+
}
|
| 1715 |
+
window.parent.showhide("GOTMLS_iFrame", true);
|
| 1716 |
+
</script><table style="top: 0px; left: 0px; width: 100%; height: 100%; position: absolute;"><tr><td style="width: 100%"><form style="margin: 0;" method="post" action="';
|
| 1717 |
@set_time_limit($GLOBALS["GOTMLS"]["tmp"]['execution_time'] - 5);
|
| 1718 |
if (is_numeric($_GET["GOTMLS_scan"])) {
|
| 1719 |
if (($Q_post = GOTMLS_get_quarantine($_GET["GOTMLS_scan"])) && isset($Q_post["post_type"]) && $Q_post["post_type"] == "GOTMLS_quarantine" && isset($Q_post["post_status"]) && $Q_post["post_status"] == "private") {
|
| 1750 |
}
|
| 1751 |
}
|
| 1752 |
} //else echo "excerpt:".$Q_post["post_excerpt"];
|
| 1753 |
+
die("\n$script_form".admin_url('admin-ajax.php?'.GOTMLS_set_nonce(__FUNCTION__."1779")).'" onsubmit="return confirm(\''.__("Are you sure you want to delete the record of this file from the quarantine?",'gotmls').'\');"><input type="hidden" name="GOTMLS_fix[]" value="'.$Q_post["ID"].'"><input type="hidden" name="GOTMLS_fixing" value="2"><input type="hidden" name="action" value="GOTMLS_fix"><input type="submit" value="DELETE from Quarantine" style="background-color: #C00; float: right;"></form><div id="fileperms" class="shadowed-box rounded-corners" style="display: none; position: absolute; left: 8px; top: 29px; background-color: #ccc; border: medium solid #C00; box-shadow: -3px 3px 3px #666; border-radius: 10px; padding: 10px;"><b>File Details</b><br />encoding: '.(function_exists("mb_detect_encoding")?mb_detect_encoding($GLOBALS["GOTMLS"]["tmp"]["file_contents"]):"Unknown").'<br />size: '.strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]).' bytes<br />infected:'.$Q_post["post_modified_gmt"].'<br />quarantined:'.$Q_post["post_date_gmt"].'</div><div style="overflow: auto;"><span onmouseover="document.getElementById(\'fileperms\').style.display=\'block\';" onmouseout="document.getElementById(\'fileperms\').style.display=\'none\';">'.__("File Details:",'gotmls').'</span> ('.$fa.' )</div></td></tr><tr><td style="height: 100%"><textarea id="ta_file" style="width: 100%; height: 100%">'.htmlentities(str_replace("\r", "", $GLOBALS["GOTMLS"]["tmp"]["file_contents"])).'</textarea></td></tr></table>');
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1754 |
} else
|
| 1755 |
+
die(GOTMLS_html_tags(array("html" => array("body" => __("This record no longer exists in the quarantine.",'gotmls')."<br />\n<script type=\"text/javascript\">\nwindow.parent.showhide('GOTMLS_iFrame', true);\n</script>"))));
|
| 1756 |
} else {
|
| 1757 |
$file = GOTMLS_decode($_GET["GOTMLS_scan"]);
|
| 1758 |
+
if (is_numeric($file))
|
| 1759 |
+
die("\n$script_form".GOTMLS_db_scan($file));
|
| 1760 |
+
elseif (is_dir($file)) {
|
| 1761 |
@error_reporting(0);
|
| 1762 |
@header("Content-type: text/javascript");
|
| 1763 |
if (isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"]))
|
| 1769 |
@ob_end_flush();
|
| 1770 |
}
|
| 1771 |
die('//END OF JavaScript');
|
| 1772 |
+
} elseif (file_exists($file)) {
|
| 1773 |
+
GOTMLS_scanfile($file);
|
| 1774 |
+
$fa = "";
|
| 1775 |
+
$function = 'GOTMLS_decode';
|
| 1776 |
+
if (isset($_GET[$function]) && is_array($_GET[$function])) {
|
| 1777 |
+
foreach ($_GET[$function] as $decode) {
|
| 1778 |
+
$fa .= " NO-$decode";
|
| 1779 |
+
}
|
| 1780 |
+
} elseif (isset($GLOBALS["GOTMLS"]["tmp"]["threats_found"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["threats_found"]) && count($GLOBALS["GOTMLS"]["tmp"]["threats_found"])) {
|
| 1781 |
+
$f = 1;
|
| 1782 |
+
foreach ($GLOBALS["GOTMLS"]["tmp"]["threats_found"] as $threats_found => $threats_name) {
|
| 1783 |
+
list($start, $end, $junk) = explode("-", "$threats_found--", 3);
|
| 1784 |
+
if ($start > $end)
|
| 1785 |
+
$fa .= 'ERROR['.($f++).']: Threat_size{'.$threats_found.'} Content_size{'.strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]).'}';
|
| 1786 |
+
else
|
| 1787 |
+
$fa .= ' <a title="'.htmlspecialchars($threats_name).'" href="javascript:select_text_range(\'ta_file\', '.$start.', '.$end.');">['.$f++.']</a>';
|
| 1788 |
+
}
|
| 1789 |
+
} else
|
| 1790 |
+
$fa = " No Threats Found";
|
| 1791 |
+
die("\n$script_form".admin_url('admin-ajax.php?'.GOTMLS_set_nonce(__FUNCTION__."1821")).'" onsubmit="return confirm(\''.__("Are you sure this file is not infected and you want to ignore it in future scans?",'gotmls').'\');"><input type="hidden" name="GOTMLS_whitelist" value="'.GOTMLS_encode($file).'"><input type="hidden" name="action" value="GOTMLS_whitelist"><input type="hidden" name="GOTMLS_chksum" value="'.md5($GLOBALS["GOTMLS"]["tmp"]["file_contents"]).'O'.GOTMLS_installation_key.'"><input type="submit" value="Whitelist this file" style="float: right;"></form><div id="fileperms" class="shadowed-box rounded-corners" style="display: none; position: absolute; left: 8px; top: 29px; background-color: #ccc; border: medium solid #C00; box-shadow: -3px 3px 3px #666; border-radius: 10px; padding: 10px;"><b>File Details: '.htmlspecialchars(basename($file)).'</b><br />in: '.dirname(realpath($file)).'<br />encoding: '.(function_exists("mb_detect_encoding")?mb_detect_encoding($GLOBALS["GOTMLS"]["tmp"]["file_contents"]):"Unknown").'<br />size: '.strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]).' ('.filesize(realpath($file)).'bytes)<br />permissions: '.GOTMLS_fileperms(realpath($file)).'<br />Owner/Group: '.fileowner(realpath($file)).'/'.filegroup(realpath($file)).' (you are: '.getmyuid().'/'.getmygid().')<br />modified:'.date(" Y-m-d H:i:s ", filemtime(realpath($file))).'<br />changed:'.date(" Y-m-d H:i:s ", filectime(realpath($file))).'</div><div style="overflow: auto;"><span onmouseover="document.getElementById(\'fileperms\').style.display=\'block\';onmouseout="document.getElementById(\'fileperms\').style.display=\'none\';">'.__("Potential threats in file:",'gotmls').'</span> ('.$fa.' )</div></td></tr><tr><td style="height: 100%"><textarea id="ta_file" style="width: 100%; height: 100%">'.htmlentities(str_replace("\r", "", $GLOBALS["GOTMLS"]["tmp"]["file_contents"])).'</textarea></td></tr></table>');
|
| 1792 |
+
} else
|
| 1793 |
+
die(GOTMLS_html_tags(array("html" => array("body" => sprintf(__("The file %s does not exist, it must have already been deleted.",'gotmls'), htmlspecialchars($file))."<script type=\"text/javascript\">\nwindow.parent.showhide('GOTMLS_iFrame', true);\n</script>"))));
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1794 |
}
|
| 1795 |
} else
|
| 1796 |
die("\n//Directory Error: Nothing to scan!\n");
|
readme.txt
CHANGED
|
@@ -5,10 +5,10 @@ Author URI: http://wordpress.ieonly.com/category/my-plugins/anti-malware/
|
|
| 5 |
Contributors: scheeeli, gotmls
|
| 6 |
Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
|
| 7 |
Tags: security, firewall, anti-malware, scanner, automatic, repair, remove, malware, virus, threat, hacked, malicious, infection, timthumb, exploit, block, brute-force, wp-login, patch, antimalware, revslider, Revolution Slider
|
| 8 |
-
Version: 4.
|
| 9 |
-
Stable tag: 4.
|
| 10 |
Requires at least: 3.3
|
| 11 |
-
Tested up to:
|
| 12 |
|
| 13 |
This Anti-Malware scanner searches for Malware, Viruses, and other security threats and vulnerabilities on your server and it helps you fix them.
|
| 14 |
|
|
@@ -16,8 +16,8 @@ This Anti-Malware scanner searches for Malware, Viruses, and other security thre
|
|
| 16 |
|
| 17 |
**Features:**
|
| 18 |
|
| 19 |
-
* Run a Complete Scan to automatically remove known security threats and
|
| 20 |
-
* Firewall block SoakSoak and other malware from exploiting Revolution Slider and other plugins
|
| 21 |
* Upgrade vulnerable versions of timthumb scripts.
|
| 22 |
* Download Definition Updates to protect against new threats.
|
| 23 |
|
|
@@ -27,7 +27,7 @@ This Anti-Malware scanner searches for Malware, Viruses, and other security thre
|
|
| 27 |
* Check the integrity of your WordPress Core files.
|
| 28 |
* Automatically download new Definition Updates when running a Complete Scan.
|
| 29 |
|
| 30 |
-
Updated
|
| 31 |
|
| 32 |
Register this plugin at [GOTMLS.NET](http://gotmls.net/) and get access to new definitions of "Known Threats" and added features like Automatic Removal, plus patches for specific security vulnerabilities like old versions of timthumb. Updated definition files can be downloaded automatically within the admin once your Key is registered. Otherwise, this plugin just scans for "Potential Threats" and leaves it up to you to identify and remove the malicious ones.
|
| 33 |
|
|
@@ -94,6 +94,13 @@ sucuri.net caches their scan results and will not refresh the scan until you cli
|
|
| 94 |
|
| 95 |
== Changelog ==
|
| 96 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 97 |
= 4.17.69 =
|
| 98 |
* Updated code for compatibility with WP 4.9.8 (latest release).
|
| 99 |
* Fixed PHP Notice for the unknown offset of SERVER_parts.
|
|
@@ -343,6 +350,9 @@ sucuri.net caches their scan results and will not refresh the scan until you cli
|
|
| 343 |
|
| 344 |
== Upgrade Notice ==
|
| 345 |
|
|
|
|
|
|
|
|
|
|
| 346 |
= 4.17.69 =
|
| 347 |
Updated code for compatibility with WP 4.9.8, fixed PHP Notice and escaped single-quotes in translated strings.
|
| 348 |
|
| 5 |
Contributors: scheeeli, gotmls
|
| 6 |
Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
|
| 7 |
Tags: security, firewall, anti-malware, scanner, automatic, repair, remove, malware, virus, threat, hacked, malicious, infection, timthumb, exploit, block, brute-force, wp-login, patch, antimalware, revslider, Revolution Slider
|
| 8 |
+
Version: 4.18.52
|
| 9 |
+
Stable tag: 4.18.52
|
| 10 |
Requires at least: 3.3
|
| 11 |
+
Tested up to: 5.0.2
|
| 12 |
|
| 13 |
This Anti-Malware scanner searches for Malware, Viruses, and other security threats and vulnerabilities on your server and it helps you fix them.
|
| 14 |
|
| 16 |
|
| 17 |
**Features:**
|
| 18 |
|
| 19 |
+
* Run a Complete Scan to automatically remove known security threats, backdoor scripts, and database injections.
|
| 20 |
+
* Firewall block SoakSoak and other malware from exploiting Revolution Slider and other plugins with known vulnerabilites.
|
| 21 |
* Upgrade vulnerable versions of timthumb scripts.
|
| 22 |
* Download Definition Updates to protect against new threats.
|
| 23 |
|
| 27 |
* Check the integrity of your WordPress Core files.
|
| 28 |
* Automatically download new Definition Updates when running a Complete Scan.
|
| 29 |
|
| 30 |
+
Updated December 31st
|
| 31 |
|
| 32 |
Register this plugin at [GOTMLS.NET](http://gotmls.net/) and get access to new definitions of "Known Threats" and added features like Automatic Removal, plus patches for specific security vulnerabilities like old versions of timthumb. Updated definition files can be downloaded automatically within the admin once your Key is registered. Otherwise, this plugin just scans for "Potential Threats" and leaves it up to you to identify and remove the malicious ones.
|
| 33 |
|
| 94 |
|
| 95 |
== Changelog ==
|
| 96 |
|
| 97 |
+
= 4.18.52 =
|
| 98 |
+
* Added a whole new DB Scan category that looks for links and scripts injected directly into the database content and removes them.
|
| 99 |
+
* Updated Firewall landing page for HTTPS compatibility.
|
| 100 |
+
* Removed some old code that was no longer needed.
|
| 101 |
+
* Added a feature to clear cache files before running the Complete Scan, this will speed up the scan and prevent malware from being saved on your cached paged.
|
| 102 |
+
* Updated code for compatibility with WP 5.0.2 (latest release).
|
| 103 |
+
|
| 104 |
= 4.17.69 =
|
| 105 |
* Updated code for compatibility with WP 4.9.8 (latest release).
|
| 106 |
* Fixed PHP Notice for the unknown offset of SERVER_parts.
|
| 350 |
|
| 351 |
== Upgrade Notice ==
|
| 352 |
|
| 353 |
+
= 4.18.52 =
|
| 354 |
+
Added a whole new DB Scan category, updated Firewall landing page, removed some old code that was no longer needed, clear cache files before running the Complete Scan,, and updated code for compatibility with WP 5.0.2 (latest release).
|
| 355 |
+
|
| 356 |
= 4.17.69 =
|
| 357 |
Updated code for compatibility with WP 4.9.8, fixed PHP Notice and escaped single-quotes in translated strings.
|
| 358 |
|
safe-load/index.php
CHANGED
|
@@ -17,5 +17,5 @@ if ($file = str_replace(basename(dirname(__FILE__)), basename(__FILE__), dirname
|
|
| 17 |
if (is_file($file) && $contents = @file_get_contents($file))
|
| 18 |
if (preg_match('/\nversion:\s*([0-9\.]+)/i', $contents, $match))
|
| 19 |
$ver = $match[1];
|
| 20 |
-
header("location:
|
| 21 |
die();
|
| 17 |
if (is_file($file) && $contents = @file_get_contents($file))
|
| 18 |
if (preg_match('/\nversion:\s*([0-9\.]+)/i', $contents, $match))
|
| 19 |
$ver = $match[1];
|
| 20 |
+
header("location: https://safe-load.gotmls.net/report.php?ver=$ver".$GLOBALS["GOTMLS"]["detected_attacks"]);
|
| 21 |
die();
|
