Anti-Malware Security and Brute-Force Firewall

Version Description

Fixed a bug in the Firewall that prevented some iPad devices from logging in.
Fixed an encoding bug that prevented the Examine File window from dispaying some file formats.
Restored the File Details window in the Examine File window.
Updated code for compatibility with WP 5.1.1 (latest release).

Release Info

Developer	scheeeli
Plugin	Anti-Malware Security and Brute-Force Firewall
Version	4.18.62
Comparing to
See all releases

Code changes from version 4.18.52 to 4.18.62

Files changed (5) hide show

images/index.php +80 -45
index.php +40 -27
readme.txt +13 -4
safe-load/wp-login.php +2 -2
safe-load/wp-settings.php +1 -1

images/index.php CHANGED Viewed

	@@ -25,6 +25,36 @@ function __($text, $domain = "gotmls") {
25	return $text;
26	}}
27






























28	$bad = array("eval", "preg_replace", "auth_pass");
29	$GLOBALS["GOTMLS"] = array(
30	"tmp"=>array("HeadersError"=>"", "onLoad"=>"", "file_contents"=>"", "new_contents"=>"", "threats_found"=>array(),
	@@ -63,7 +93,7 @@ if ((isset($_SERVER["HTTPS"]) && ($_SERVER["HTTPS"] == "on" \|\| $_SERVER["HTTPS"]
63	$GLOBALS["GOTMLS"]["tmp"]["protocol"] = "https:";
64	else
65	$GLOBALS["GOTMLS"]["tmp"]["protocol"] = "http:";
66	- GOTMLS_define("GOTMLS_script_URI", preg_replace('/\&(last_)?mt=[0-9\.]+/i', '', str_replace('&', '&', ~~htmlspecialchars~~($_SERVER["REQUEST_URI"], ENT_QUOTES))).'&mt='.$GLOBALS["GOTMLS"]["tmp"]["mt"]);
67	GOTMLS_define("GOTMLS_plugin_home", $GLOBALS["GOTMLS"]["tmp"]["protocol"]."//gotmls.net/");
68
69	if (!function_exists("GOTMLS_encode")) {
	@@ -142,7 +172,7 @@ GOTMLS_define("GOTMLS_update_home", "//updates.gotmls.net/".GOTMLS_installation_
142
143	if (!function_exists("GOTMLS_Invalid_Nonce")) {
144	function GOTMLS_Invalid_Nonce($pre = "//Error: ") {
145	- return $pre.__("Invalid or expired Nonce Token!",'gotmls').(isset($_REQUEST["GOTMLS_mt"])?(~~htmlspecialchars~~($_REQUEST["GOTMLS_mt"]).((strlen($_REQUEST["GOTMLS_mt"]) == 32)?(isset($GLOBALS["GOTMLS"]["tmp"]["nonce"][$_REQUEST["GOTMLS_mt"]])?$GLOBALS["GOTMLS"]["tmp"]["nonce"][$_REQUEST["GOTMLS_mt"]]:" !found"):" !len(".strlen($_REQUEST["GOTMLS_mt"]).")")):" GOTMLS_mt !set");
146	}}
147
148	if (!function_exists("GOTMLS_set_nonce")) {
	@@ -155,7 +185,7 @@ function GOTMLS_set_nonce($context = "NULL") {
155	if (!isset($GLOBALS["GOTMLS"]["tmp"]["nonce"][$transient_name])) {
156	$GLOBALS["GOTMLS"]["tmp"]["nonce"][$transient_name] = $hour;
157	if (!update_option('GOTMLS_nonce_array', $GLOBALS["GOTMLS"]["tmp"]["nonce"]))
158	- return ("$context=DB-err:".preg_replace('/[\r\n]+/', " ", ~~htmlspecialchars~~(print_r($GLOBALS["GOTMLS"]["tmp"]["nonce"],1).$wpdb->last_error)));
159	}
160	return 'GOTMLS_mt='.$transient_name;
161	}}
	@@ -175,6 +205,40 @@ function GOTMLS_get_nonce() {
175	} else
176	return false;
177	}}


































178	if (isset($_GET["SESSION"]) && is_numeric($_GET["SESSION"]) && preg_match('\|(.*?/gotmls\.js\?SESSION=)\|', GOTMLS_script_URI, $match)) {
179	header("Content-type: text/javascript");
180	if (is_file(GOTMLS_plugin_path."safe-load/session.php"))
	@@ -280,9 +344,9 @@ function checkAllFiles(check) {
280	list($start, $end, $junk) = explode("-", "$threats_found--", 3);
281	if (strlen($end) > 0 && is_numeric($start) && is_numeric($end)) {
282	if ($start < $end)
283	- $fa .= ' <a title="'.~~htmlspecialchars~~($threats_name).'" href="javascript:select_text_range(\'ta_file\', '.$start.', '.$end.');">['.$f++.']</a>';
284	else
285	- $fa .= ' <a title="'.~~htmlspecialchars~~($threats_name).'" href="javascript:select_text_range(\'ta_file\', '.$end.', '.$start.');">['.$f++.']</a>';
286	} else {
287	if (is_numeric($threats_found)) {
288	$threats_found = $threats_name;
	@@ -293,7 +357,7 @@ function checkAllFiles(check) {
293	$potential_threat = str_replace("\r", "", $threats_found);
294	while (($fpos = strpos(str_replace("\r", "", $GLOBALS["GOTMLS"]["tmp"]["file_contents"]), ($potential_threat), $flen + $fpos)) !== false) {
295	$flen = strlen($potential_threat);
296	- $fa .= ' <a title="'.~~htmlspecialchars~~($threats_name).'" href="javascript:select_text_range(\'ta_file\', '.($fpos).', '.($fpos + $flen).');">['.$f++.']</a>';
297	}
298	}
299	}
	@@ -319,7 +383,7 @@ function select_text_range(ta_id, start, end) {
319	} else
320	alert("The highlighting function does not work in your browser");
321	}
322	- </script><table style="top: 0px; left: 0px; width: 100%; height: 100%; position: absolute;"><tr><td style="width: 100%"><form style="margin: 0;" method="post" action="?'.GOTMLS_set_nonce(__FUNCTION__."1522").'&page=GOTMLS-View-Quarantine" onsubmit="return confirm(\''.__("Are you sure you want to restore this file from the quarantine?",'gotmls').'\');"><input type="hidden" name="id[]" value="'.$Q_post["ID"].'"><input type="submit" value="RESTORE from Quarantine" style="display: none; background-color: #0C0; float: right;"></form><div id="fileperms" class="shadowed-box rounded-corners" style="display: none; position: absolute; left: 8px; top: 29px; background-color: #ccc; border: medium solid #C00; box-shadow: -3px 3px 3px #666; border-radius: 10px; padding: 10px;"><b>File Details</b><br />encoding: '.(function_exists("mb_detect_encoding")?mb_detect_encoding($GLOBALS["GOTMLS"]["tmp"]["file_contents"]):"Unknown").'<br />size: '.strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]).' bytes<br />infected:'.$Q_post["post_modified_gmt"].'<br />quarantined:'.$Q_post["post_date_gmt"].'</div><div style="overflow: auto;"><span onmouseover="document.getElementById(\'fileperms\').style.display=\'block\';" onmouseout="document.getElementById(\'fileperms\').style.display=\'none\';">'.__("File Details:",'gotmls').'</span> ('.$fa.' )</div></td></tr><tr><td style="height: 100%"><textarea id="ta_file" style="width: 100%; height: 100%">'.~~htmlentities~~(str_replace("\r", "", $GLOBALS["GOTMLS"]["tmp"]["file_contents"])).'</textarea></td></tr></table>');
323	} else
324	die('<h3>Item NOT Found in Quarantine</h3>');
325	} else {
	@@ -407,7 +471,7 @@ foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["firewall"] as $TP => $V
407	$GLOBALS["GOTMLS"]["detected_attacks"] = "&attack[]=FW_$TP";
408	for ($V = 4; isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["firewall"]["$TP"][$V]); $V+=2)
409	if (!isset($GLOBAL_STRING[$GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["firewall"]["$TP"][$V-1]]))
410	- die($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["firewall"]["$TP"][$V-1]." [$V] not in <pre>".~~htmlspecialchars~~(print_r($GLOBAL_STRING,1))."</pre>");
411	elseif (!preg_match($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["firewall"]["$TP"][$V], $GLOBAL_STRING[$GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["firewall"]["$TP"][$V-1]], $matches))
412	$GLOBALS["GOTMLS"]["detected_attacks"] = "";
413	if ($GLOBALS["GOTMLS"]["detected_attacks"])
	@@ -492,35 +556,6 @@ if (!function_exists("add_action")) {
492	// GOTMLS_admin_notices();
493	}
494
495	- function GOTMLS_fileperms($file) {
496	- if ($prm = @fileperms($file)) {
497	- if (($prm & 0xC000) == 0xC000)
498	- $ret = "s";
499	- elseif (($prm & 0xA000) == 0xA000)
500	- $ret = "l";
501	- elseif (($prm & 0x8000) == 0x8000)
502	- $ret = "-";
503	- elseif (($prm & 0x6000) == 0x6000)
504	- $ret = "b";
505	- elseif (($prm & 0x4000) == 0x4000)
506	- $ret = "d";
507	- elseif (($prm & 0x2000) == 0x2000)
508	- $ret = "c";
509	- elseif (($prm & 0x1000) == 0x1000)
510	- $ret = "p";
511	- else
512	- $ret = "u";
513	- $ret .= (($prm & 0x0100)?"r":"-").(($prm & 0x0080)?"w":"-");
514	- $ret .= (($prm & 0x0040)?(($prm & 0x0800)?"s":"x" ):(($prm & 0x0800)?"S":"-"));
515	- $ret .= (($prm & 0x0020)?"r":"-").(($prm & 0x0010)?"w":"-");
516	- $ret .= (($prm & 0x0008)?(($prm & 0x0400)?"s":"x" ):(($prm & 0x0400)?"S":"-"));
517	- $ret .= (($prm & 0x0004)?"r":"-").(($prm & 0x0002)?"w":"-");
518	- $ret .= (($prm & 0x0001)?(($prm & 0x0200)?"t":"x" ):(($prm & 0x0200)?"T":"-"));
519	- return $ret;
520	- } else
521	- return "stat failed!";
522	- }
523	-
524	function GOTMLS_get_ext($filename) {
525	$nameparts = explode(".", ".$filename");
526	return strtolower($nameparts[(count($nameparts)-1)]);
	@@ -683,7 +718,7 @@ function GOTMLS_scanfile($file) {
683	$className = "errors";
684	}
685	if (count($GLOBALS["GOTMLS"]["tmp"]["threats_found"])) {
686	- $threat_link = $lt.'a target="GOTMLS_iFrame" href="'.admin_url('admin-ajax.php?action=GOTMLS_scan&'.GOTMLS_set_nonce(__FUNCTION__."687").'&mt='.$GLOBALS["GOTMLS"]["tmp"]["mt"].'&GOTMLS_scan='.$clean_file.preg_replace('/\&(GOTMLS_scan\|mt\|GOTMLS_mt\|action)=/', '&last_\1=', isset($_SERVER["QUERY_STRING"])&&strlen($_SERVER["QUERY_STRING"])?"&".$_SERVER["QUERY_STRING"]:"")).'" id="list_'.$clean_file.'" onclick="loadIframe(\''.str_replace("\"", """, $lt.'div style="float: left; white-space: nowrap;"'.$gt.__("Examine File",'gotmls').' ... '.$lt.'/div'.$gt.$lt.'div style="overflow: hidden; position: relative; height: 20px;"'.$gt.$lt.'div style="position: absolute; right: 0px; text-align: right; width: 9000px;"'.$gt.~~htmlspecialchars~~(GOTMLS_strip4java($file), ENT_NOQUOTES)).$lt.'/div'.$gt.$lt.'/div'.$gt.'\');" class="GOTMLS_plugin"'.$gt;
687	if ($className == "errors") {
688	$GLOBALS["GOTMLS"]["tmp"]["debug_fix"]="errors";
689	$threat_link = GOTMLS_error_link($GLOBALS["GOTMLS"]["tmp"]["file_contents"], $file);
	@@ -726,7 +761,7 @@ $GLOBALS["GOTMLS"]["tmp"]["debug_fix"]="GOTMLS_fix";
726	return "/--{$gt}"."/\nfailedFile('$clean_file');\n/{$lt}!--"."/";
727	}
728	}
729	- $GLOBALS["GOTMLS"]["tmp"]["debug_fix"]=isset($_POST["GOTMLS_fix"])?"GOTMLS_fix=".~~htmlspecialchars~~(print_r($_POST["GOTMLS_fix"],1)):"!potential";
730	$threat_link = $lt.'input type="checkbox" name="GOTMLS_fix[]" value="'.$clean_file.'" id="check_'.$clean_file.(($className != "wp_core\|\|ifitis")?'" checked="'.$className:'').'" /'.$gt.$threat_link;
731	$imageFile = "threat";
732	} elseif (isset($_POST["GOTMLS_fix"]) && is_array($_POST["GOTMLS_fix"]) && in_array($clean_file, $_POST["GOTMLS_fix"])) {
	@@ -770,7 +805,7 @@ function GOTMLS_db_scan($id = 0) {
770	if ($start > $end)
771	$fa .= 'ERROR['.($f++).']: Threat_size{'.$threats_found.'} Content_size{'.strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]).'}';
772	else
773	- $fa .= ' <a title="'.~~htmlspecialchars~~($threats_name).'" href="javascript:select_text_range(\'ta_file\', '.$start.', '.$end.');">['.$f++.']</a>';
774	}
775	} else
776	$fa = " No Threats Found";
	@@ -801,7 +836,7 @@ function GOTMLS_db_scan($id = 0) {
801	}
802	return $li_js;
803	} else {
804	- return admin_url('admin-ajax.php?'.GOTMLS_set_nonce(__FUNCTION__."805")).($Q_post["post_type"]=="revision"?'" onsubmit="return confirm(\''.__("Are you sure you want to delete this revision?",'gotmls').'\');"><input type="hidden" name="GOTMLS_fixing" value="2"><input type="hidden" name="action" value="GOTMLS_fix"><input type="submit" value="Delete this revision" style="float: right;"><input type="hidden" name="GOTMLS_fix[]" value="'.GOTMLS_encode($Q_post["ID"]):"").'"></form><div id="fileperms" class="shadowed-box rounded-corners" style="display: none; position: absolute; left: 8px; top: 29px; background-color: #ccc; border: medium solid #C00; box-shadow: -3px 3px 3px #666; border-radius: 10px; padding: 10px;"><b>Record Details</b><br />encoding: '.(function_exists("mb_detect_encoding")?mb_detect_encoding($GLOBALS["GOTMLS"]["tmp"]["file_contents"]):"Unknown").'<br />size: '.strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]).' bytes<br />last_modified:'.$Q_post["post_modified_gmt"].'<br />post_type:'.$Q_post["post_type"].'<br />author:'.$Q_post["post_author"].'<br />status:'.$Q_post["post_status"].'</div><div style="overflow: auto;"><span onmouseover="document.getElementById(\'fileperms\').style.display=\'block\';" onmouseout="document.getElementById(\'fileperms\').style.display=\'none\';">'.__("Record Details:",'gotmls').'</span> ('.$fa.' )</div></td></tr><tr><td style="height: 100%"><textarea id="ta_file" style="width: 100%; height: 100%">'.~~htmlentities~~(str_replace("\r", "", $GLOBALS["GOTMLS"]["tmp"]["file_contents"])).'</textarea></td></tr></table>';
805	}
806	} else
807	die(GOTMLS_html_tags(array("html" => array("body" => __("This record no longer exists in the posts table.",'gotmls')."<br />\n<script type=\"text/javascript\">\nwindow.parent.showhide('GOTMLS_iFrame', true);\n</script>"))));
	@@ -825,7 +860,7 @@ function GOTMLS_db_scan($id = 0) {
825	foreach ($scan_regex as $threat_definition)
826	$found += GOTMLS_preg_match_all($threat_definition, $threat_name);
827	if ($found && !isset($threats_found['row_id_'.$frow["ID"]])) {
828	- $li_js = GOTMLS_return_threat("db_scan", "threat", "$found $threat_name(\"".str_replace('%', '*', trim($scan_sql, "%")).'") in '.$frow["post_type"]."(".(($frow["post_status"]=='inherit')?$frow["post_parent"]:$frow["post_status"]).'):"'.~~htmlspecialchars~~($frow["post_title"]).'":'.$frow["ID"], '<input type="checkbox" name="GOTMLS_fix[]" id="check_'.$frow["ID"].'" value="'.GOTMLS_encode($frow["ID"]).'" checked="true">'.GOTMLS_error_link(__("View DB Injection",'gotmls'), $frow["ID"], "db_scan"));
829	if (isset($_REQUEST["eli"]))
830	echo str_replace($frow["ID"].'</a>', '</a><a target="_blank" title="Edit '.$frow["post_type"].'" href="'.admin_url(($frow["post_type"]=="revision")?'revision.php?revision='.$frow["ID"]:'post.php?action=edit&post='.$frow["ID"]).'">EDIT: '.$frow["ID"].'</a>', $li_js);
831	else
	@@ -1100,7 +1135,7 @@ if (!function_exists('ur1encode')) { function ur1encode($url) {
1100	}}
1101
1102	function GOTMLS_strip4java($item, $htmlentities = false) {
1103	- return preg_replace("/\\\\/", "\\\\\\\\", str_replace("'", "'+\"'\"+'", preg_replace('/\\+n\|\\+r\|\n\|\r\|\0/', "", ($htmlentities?$item:~~htmlentities~~($item)))));
1104	}
1105
1106	function GOTMLS_error_link($errorTXT, $file = "", $class = "errors") {
	@@ -1110,7 +1145,7 @@ function GOTMLS_error_link($errorTXT, $file = "", $class = "errors") {
1110	$encoded_file = $file;
1111	$onclick = 'loadIframe(\''.str_replace("\"", """, '<div style="float: left; white-space: nowrap;">'.__("Examine Quarantined Content",'gotmls').' ... </div><div style="overflow: hidden; position: relative; height: 20px;"><div style="position: absolute; right: 0px; text-align: right; width: 9000px;">'.GOTMLS_strip4java($post->post_title)).'</div></div>\');" href="'.admin_url('admin-ajax.php?action=GOTMLS_scan&'.GOTMLS_set_nonce(__FUNCTION__."744").'&mt='.$GLOBALS["GOTMLS"]["tmp"]["mt"].'&GOTMLS_scan='.$file);
1112	} elseif ($file)
1113	- $onclick = 'loadIframe(\''.str_replace("\"", """, '<div style="float: left; white-space: nowrap;">'.__("Examine Content",'gotmls').' ... </div><div style="overflow: hidden; position: relative; height: 20px;"><div style="position: absolute; right: 0px; text-align: right; width: 9000px;">'.~~htmlspecialchars~~(GOTMLS_strip4java($file), ENT_NOQUOTES)).'</div></div>\');" href="'.admin_url('admin-ajax.php?action=GOTMLS_scan&'.GOTMLS_set_nonce(__FUNCTION__."746").'&mt='.$GLOBALS["GOTMLS"]["tmp"]["mt"].'&GOTMLS_scan='.$encoded_file.preg_replace('/\&(GOTMLS_scan\|mt\|GOTMLS_mt\|action)=/', '&last_\1=', isset($_SERVER["QUERY_STRING"])&&strlen($_SERVER["QUERY_STRING"])?"&".$_SERVER["QUERY_STRING"]:""));
1114	else
1115	$onclick = 'return false;';
1116	return "<a id=\"list_$encoded_file\" title=\"$errorTXT\" target=\"GOTMLS_iFrame\" onclick=\"$onclick\" class=\"GOTMLS_plugin $class\">";
	@@ -1149,7 +1184,7 @@ function GOTMLS_read_error($path) {
1149	}
1150
1151	function GOTMLS_scandir($dir) {
1152	- echo "/<!--"."/".GOTMLS_update_status(sprintf(__("Scanning %s",'gotmls'), str_replace(dirname($GLOBALS["GOTMLS"]["log"]["scan"]["dir"]), "...", ~~htmlspecialchars~~($dir))));
1153	GOTMLS_flush();
1154	$li_js = "/-->"."/\nscanNextDir(-1);\n/<!--"."/";
1155	if (isset($_GET["GOTMLS_skip_dir"]) && $dir == GOTMLS_decode($_GET["GOTMLS_skip_dir"])) {


25	return $text;
26	}}
27
28	+ function GOTMLS_htmlentities($TXT, $flags = ENT_COMPAT, $encoding = "UTF-8") {
29	+ $prelen = strlen($TXT);
30	+ if ($prelen == 0)
31	+ return "";
32	+ $encoded = htmlentities($TXT, $flags, $encoding);
33	+ if (strlen($encoded) == 0) {
34	+ $encoding = "ISO-8859-1";
35	+ $encoded = htmlentities($TXT, $flags, $encoding);
36	+ }
37	+ if (strlen($encoded) == 0)
38	+ $encoded = __("Failed to encode HTML entities!",'gotmls');
39	+ $GLOBALS["GOTMLS"]["tmp"]["encoding"] = $encoding;
40	+ return $encoded;
41	+ }
42	+
43	+ function GOTMLS_htmlspecialchars($TXT, $flags = ENT_COMPAT, $encoding = "UTF-8") {
44	+ $prelen = strlen($TXT);
45	+ if ($prelen == 0)
46	+ return "";
47	+ $encoded = htmlspecialchars($TXT, $flags, $encoding);
48	+ if (strlen($encoded) == 0) {
49	+ $encoding = "ISO-8859-1";
50	+ $encoded = htmlspecialchars($TXT, $flags, $encoding);
51	+ }
52	+ if (strlen($encoded) == 0)
53	+ $encoded = __("Failed to encode HTML characters!",'gotmls');
54	+ $GLOBALS["GOTMLS"]["tmp"]["encoding"] = $encoding;
55	+ return $encoded;
56	+ }
57	+
58	$bad = array("eval", "preg_replace", "auth_pass");
59	$GLOBALS["GOTMLS"] = array(
60	"tmp"=>array("HeadersError"=>"", "onLoad"=>"", "file_contents"=>"", "new_contents"=>"", "threats_found"=>array(),

93	$GLOBALS["GOTMLS"]["tmp"]["protocol"] = "https:";
94	else
95	$GLOBALS["GOTMLS"]["tmp"]["protocol"] = "http:";
96	+ GOTMLS_define("GOTMLS_script_URI", preg_replace('/\&(last_)?mt=[0-9\.]+/i', '', str_replace('&', '&', GOTMLS_htmlspecialchars($_SERVER["REQUEST_URI"], ENT_QUOTES))).'&mt='.$GLOBALS["GOTMLS"]["tmp"]["mt"]);
97	GOTMLS_define("GOTMLS_plugin_home", $GLOBALS["GOTMLS"]["tmp"]["protocol"]."//gotmls.net/");
98
99	if (!function_exists("GOTMLS_encode")) {

172
173	if (!function_exists("GOTMLS_Invalid_Nonce")) {
174	function GOTMLS_Invalid_Nonce($pre = "//Error: ") {
175	+ return $pre.__("Invalid or expired Nonce Token!",'gotmls').(isset($_REQUEST["GOTMLS_mt"])?(GOTMLS_htmlspecialchars($_REQUEST["GOTMLS_mt"]).((strlen($_REQUEST["GOTMLS_mt"]) == 32)?(isset($GLOBALS["GOTMLS"]["tmp"]["nonce"][$_REQUEST["GOTMLS_mt"]])?$GLOBALS["GOTMLS"]["tmp"]["nonce"][$_REQUEST["GOTMLS_mt"]]:" !found"):" !len(".strlen($_REQUEST["GOTMLS_mt"]).")")):" GOTMLS_mt !set");
176	}}
177
178	if (!function_exists("GOTMLS_set_nonce")) {

185	if (!isset($GLOBALS["GOTMLS"]["tmp"]["nonce"][$transient_name])) {
186	$GLOBALS["GOTMLS"]["tmp"]["nonce"][$transient_name] = $hour;
187	if (!update_option('GOTMLS_nonce_array', $GLOBALS["GOTMLS"]["tmp"]["nonce"]))
188	+ return ("$context=DB-err:".preg_replace('/[\r\n]+/', " ", GOTMLS_htmlspecialchars(print_r($GLOBALS["GOTMLS"]["tmp"]["nonce"],1).$wpdb->last_error)));
189	}
190	return 'GOTMLS_mt='.$transient_name;
191	}}

205	} else
206	return false;
207	}}
208	+
209	+ function GOTMLS_fileperms($file) {
210	+ if ($prm = @fileperms($file)) {
211	+ if (($prm & 0xC000) == 0xC000)
212	+ $ret = "s";
213	+ elseif (($prm & 0xA000) == 0xA000)
214	+ $ret = "l";
215	+ elseif (($prm & 0x8000) == 0x8000)
216	+ $ret = "-";
217	+ elseif (($prm & 0x6000) == 0x6000)
218	+ $ret = "b";
219	+ elseif (($prm & 0x4000) == 0x4000)
220	+ $ret = "d";
221	+ elseif (($prm & 0x2000) == 0x2000)
222	+ $ret = "c";
223	+ elseif (($prm & 0x1000) == 0x1000)
224	+ $ret = "p";
225	+ else
226	+ $ret = "u";
227	+ $ret .= (($prm & 0x0100)?"r":"-").(($prm & 0x0080)?"w":"-");
228	+ $ret .= (($prm & 0x0040)?(($prm & 0x0800)?"s":"x" ):(($prm & 0x0800)?"S":"-"));
229	+ $ret .= (($prm & 0x0020)?"r":"-").(($prm & 0x0010)?"w":"-");
230	+ $ret .= (($prm & 0x0008)?(($prm & 0x0400)?"s":"x" ):(($prm & 0x0400)?"S":"-"));
231	+ $ret .= (($prm & 0x0004)?"r":"-").(($prm & 0x0002)?"w":"-");
232	+ $ret .= (($prm & 0x0001)?(($prm & 0x0200)?"t":"x" ):(($prm & 0x0200)?"T":"-"));
233	+ return $ret;
234	+ } else
235	+ return "stat failed!";
236	+ }
237	+
238	+ function GOTMLS_file_details($file) {
239	+ return '<div id="file_details_'.md5($file).'" class="shadowed-box rounded-corners" style="display: none; position: absolute; left: 8px; top: 29px; background-color: #ccc; border: medium solid #C00; box-shadow: -3px 3px 3px #666; border-radius: 10px; padding: 10px;"><b>File Details: '.GOTMLS_htmlspecialchars(basename($file)).'</b><br />in: '.dirname(realpath($file)).'<br />size: '.filesize(realpath($file)).' ( '.ceil(strlen(GOTMLS_htmlspecialchars($GLOBALS["GOTMLS"]["tmp"]["file_contents"]))/1024).' KB )<br />encoding: '.(isset($GLOBALS["GOTMLS"]["tmp"]["encoding"])?$GLOBALS["GOTMLS"]["tmp"]["encoding"]:(function_exists("mb_detect_encoding")?mb_detect_encoding($GLOBALS["GOTMLS"]["tmp"]["file_contents"]):"Unknown")).'<br />permissions: '.GOTMLS_fileperms(realpath($file)).'<br />Owner/Group: '.fileowner(realpath($file)).'/'.filegroup(realpath($file)).' (you are: '.getmyuid().'/'.getmygid().')<br />modified:'.date(" Y-m-d H:i:s ", filemtime(realpath($file))).'<br />changed:'.date(" Y-m-d H:i:s ", filectime(realpath($file))).'</div>';
240	+ }
241	+
242	if (isset($_GET["SESSION"]) && is_numeric($_GET["SESSION"]) && preg_match('\|(.*?/gotmls\.js\?SESSION=)\|', GOTMLS_script_URI, $match)) {
243	header("Content-type: text/javascript");
244	if (is_file(GOTMLS_plugin_path."safe-load/session.php"))

344	list($start, $end, $junk) = explode("-", "$threats_found--", 3);
345	if (strlen($end) > 0 && is_numeric($start) && is_numeric($end)) {
346	if ($start < $end)
347	+ $fa .= ' <a title="'.GOTMLS_htmlspecialchars($threats_name).'" href="javascript:select_text_range(\'ta_file\', '.$start.', '.$end.');">['.$f++.']</a>';
348	else
349	+ $fa .= ' <a title="'.GOTMLS_htmlspecialchars($threats_name).'" href="javascript:select_text_range(\'ta_file\', '.$end.', '.$start.');">['.$f++.']</a>';
350	} else {
351	if (is_numeric($threats_found)) {
352	$threats_found = $threats_name;

357	$potential_threat = str_replace("\r", "", $threats_found);
358	while (($fpos = strpos(str_replace("\r", "", $GLOBALS["GOTMLS"]["tmp"]["file_contents"]), ($potential_threat), $flen + $fpos)) !== false) {
359	$flen = strlen($potential_threat);
360	+ $fa .= ' <a title="'.GOTMLS_htmlspecialchars($threats_name).'" href="javascript:select_text_range(\'ta_file\', '.($fpos).', '.($fpos + $flen).');">['.$f++.']</a>';
361	}
362	}
363	}

383	} else
384	alert("The highlighting function does not work in your browser");
385	}
386	+ </script><table style="top: 0px; left: 0px; width: 100%; height: 100%; position: absolute;"><tr><td style="width: 100%"><form style="margin: 0;" method="post" action="?'.GOTMLS_set_nonce(__FUNCTION__."1522").'&page=GOTMLS-View-Quarantine" onsubmit="return confirm(\''.__("Are you sure you want to restore this file from the quarantine?",'gotmls').'\');"><input type="hidden" name="id[]" value="'.$Q_post["ID"].'"><input type="submit" value="RESTORE from Quarantine" style="display: none; background-color: #0C0; float: right;"></form><div id="fileperms" class="shadowed-box rounded-corners" style="display: none; position: absolute; left: 8px; top: 29px; background-color: #ccc; border: medium solid #C00; box-shadow: -3px 3px 3px #666; border-radius: 10px; padding: 10px;"><b>File Details</b><br />encoding: '.(function_exists("mb_detect_encoding")?mb_detect_encoding($GLOBALS["GOTMLS"]["tmp"]["file_contents"]):"Unknown").'<br />size: '.strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]).' bytes<br />infected:'.$Q_post["post_modified_gmt"].'<br />quarantined:'.$Q_post["post_date_gmt"].'</div><div style="overflow: auto;"><span onmouseover="document.getElementById(\'fileperms\').style.display=\'block\';" onmouseout="document.getElementById(\'fileperms\').style.display=\'none\';">'.__("File Details:",'gotmls').'</span> ('.$fa.' )</div></td></tr><tr><td style="height: 100%"><textarea id="ta_file" style="width: 100%; height: 100%">'.GOTMLS_htmlentities(str_replace("\r", "", $GLOBALS["GOTMLS"]["tmp"]["file_contents"])).'</textarea></td></tr></table>');
387	} else
388	die('<h3>Item NOT Found in Quarantine</h3>');
389	} else {

471	$GLOBALS["GOTMLS"]["detected_attacks"] = "&attack[]=FW_$TP";
472	for ($V = 4; isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["firewall"]["$TP"][$V]); $V+=2)
473	if (!isset($GLOBAL_STRING[$GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["firewall"]["$TP"][$V-1]]))
474	+ die($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["firewall"]["$TP"][$V-1]." [$V] not in <pre>".GOTMLS_htmlspecialchars(print_r($GLOBAL_STRING,1))."</pre>");
475	elseif (!preg_match($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["firewall"]["$TP"][$V], $GLOBAL_STRING[$GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["firewall"]["$TP"][$V-1]], $matches))
476	$GLOBALS["GOTMLS"]["detected_attacks"] = "";
477	if ($GLOBALS["GOTMLS"]["detected_attacks"])

556	// GOTMLS_admin_notices();
557	}
558





























559	function GOTMLS_get_ext($filename) {
560	$nameparts = explode(".", ".$filename");
561	return strtolower($nameparts[(count($nameparts)-1)]);

718	$className = "errors";
719	}
720	if (count($GLOBALS["GOTMLS"]["tmp"]["threats_found"])) {
721	+ $threat_link = $lt.'a target="GOTMLS_iFrame" href="'.admin_url('admin-ajax.php?action=GOTMLS_scan&'.GOTMLS_set_nonce(__FUNCTION__."687").'&mt='.$GLOBALS["GOTMLS"]["tmp"]["mt"].'&GOTMLS_scan='.$clean_file.preg_replace('/\&(GOTMLS_scan\|mt\|GOTMLS_mt\|action)=/', '&last_\1=', isset($_SERVER["QUERY_STRING"])&&strlen($_SERVER["QUERY_STRING"])?"&".$_SERVER["QUERY_STRING"]:"")).'" id="list_'.$clean_file.'" onclick="loadIframe(\''.str_replace("\"", """, $lt.'div style="float: left; white-space: nowrap;"'.$gt.__("Examine File",'gotmls').' ... '.$lt.'/div'.$gt.$lt.'div style="overflow: hidden; position: relative; height: 20px;"'.$gt.$lt.'div style="position: absolute; right: 0px; text-align: right; width: 9000px;"'.$gt.GOTMLS_htmlspecialchars(GOTMLS_strip4java($file), ENT_NOQUOTES)).$lt.'/div'.$gt.$lt.'/div'.$gt.'\');" class="GOTMLS_plugin"'.$gt;
722	if ($className == "errors") {
723	$GLOBALS["GOTMLS"]["tmp"]["debug_fix"]="errors";
724	$threat_link = GOTMLS_error_link($GLOBALS["GOTMLS"]["tmp"]["file_contents"], $file);

761	return "/--{$gt}"."/\nfailedFile('$clean_file');\n/{$lt}!--"."/";
762	}
763	}
764	+ $GLOBALS["GOTMLS"]["tmp"]["debug_fix"]=isset($_POST["GOTMLS_fix"])?"GOTMLS_fix=".GOTMLS_htmlspecialchars(print_r($_POST["GOTMLS_fix"],1)):"!potential";
765	$threat_link = $lt.'input type="checkbox" name="GOTMLS_fix[]" value="'.$clean_file.'" id="check_'.$clean_file.(($className != "wp_core\|\|ifitis")?'" checked="'.$className:'').'" /'.$gt.$threat_link;
766	$imageFile = "threat";
767	} elseif (isset($_POST["GOTMLS_fix"]) && is_array($_POST["GOTMLS_fix"]) && in_array($clean_file, $_POST["GOTMLS_fix"])) {

805	if ($start > $end)
806	$fa .= 'ERROR['.($f++).']: Threat_size{'.$threats_found.'} Content_size{'.strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]).'}';
807	else
808	+ $fa .= ' <a title="'.GOTMLS_htmlspecialchars($threats_name).'" href="javascript:select_text_range(\'ta_file\', '.$start.', '.$end.');">['.$f++.']</a>';
809	}
810	} else
811	$fa = " No Threats Found";

836	}
837	return $li_js;
838	} else {
839	+ return admin_url('admin-ajax.php?'.GOTMLS_set_nonce(__FUNCTION__."805")).($Q_post["post_type"]=="revision"?'" onsubmit="return confirm(\''.__("Are you sure you want to delete this revision?",'gotmls').'\');"><input type="hidden" name="GOTMLS_fixing" value="2"><input type="hidden" name="action" value="GOTMLS_fix"><input type="submit" value="Delete this revision" style="float: right;"><input type="hidden" name="GOTMLS_fix[]" value="'.GOTMLS_encode($Q_post["ID"]):"").'"></form><div id="fileperms" class="shadowed-box rounded-corners" style="display: none; position: absolute; left: 8px; top: 29px; background-color: #ccc; border: medium solid #C00; box-shadow: -3px 3px 3px #666; border-radius: 10px; padding: 10px;"><b>Record Details</b><br />encoding: '.(function_exists("mb_detect_encoding")?mb_detect_encoding($GLOBALS["GOTMLS"]["tmp"]["file_contents"]):"Unknown").'<br />size: '.strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]).' bytes<br />last_modified:'.$Q_post["post_modified_gmt"].'<br />post_type:'.$Q_post["post_type"].'<br />author:'.$Q_post["post_author"].'<br />status:'.$Q_post["post_status"].'</div><div style="overflow: auto;"><span onmouseover="document.getElementById(\'fileperms\').style.display=\'block\';" onmouseout="document.getElementById(\'fileperms\').style.display=\'none\';">'.__("Record Details:",'gotmls').'</span> ('.$fa.' )</div></td></tr><tr><td style="height: 100%"><textarea id="ta_file" style="width: 100%; height: 100%">'.GOTMLS_htmlentities(str_replace("\r", "", $GLOBALS["GOTMLS"]["tmp"]["file_contents"])).'</textarea></td></tr></table>';
840	}
841	} else
842	die(GOTMLS_html_tags(array("html" => array("body" => __("This record no longer exists in the posts table.",'gotmls')."<br />\n<script type=\"text/javascript\">\nwindow.parent.showhide('GOTMLS_iFrame', true);\n</script>"))));

860	foreach ($scan_regex as $threat_definition)
861	$found += GOTMLS_preg_match_all($threat_definition, $threat_name);
862	if ($found && !isset($threats_found['row_id_'.$frow["ID"]])) {
863	+ $li_js = GOTMLS_return_threat("db_scan", "threat", "$found $threat_name(\"".str_replace('%', '*', trim($scan_sql, "%")).'") in '.$frow["post_type"]."(".(($frow["post_status"]=='inherit')?$frow["post_parent"]:$frow["post_status"]).'):"'.GOTMLS_htmlspecialchars($frow["post_title"]).'":'.$frow["ID"], '<input type="checkbox" name="GOTMLS_fix[]" id="check_'.$frow["ID"].'" value="'.GOTMLS_encode($frow["ID"]).'" checked="true">'.GOTMLS_error_link(__("View DB Injection",'gotmls'), $frow["ID"], "db_scan"));
864	if (isset($_REQUEST["eli"]))
865	echo str_replace($frow["ID"].'</a>', '</a><a target="_blank" title="Edit '.$frow["post_type"].'" href="'.admin_url(($frow["post_type"]=="revision")?'revision.php?revision='.$frow["ID"]:'post.php?action=edit&post='.$frow["ID"]).'">EDIT: '.$frow["ID"].'</a>', $li_js);
866	else

1135	}}
1136
1137	function GOTMLS_strip4java($item, $htmlentities = false) {
1138	+ return preg_replace("/\\\\/", "\\\\\\\\", str_replace("'", "'+\"'\"+'", preg_replace('/\\+n\|\\+r\|\n\|\r\|\0/', "", ($htmlentities?$item:GOTMLS_htmlentities($item)))));
1139	}
1140
1141	function GOTMLS_error_link($errorTXT, $file = "", $class = "errors") {

1145	$encoded_file = $file;
1146	$onclick = 'loadIframe(\''.str_replace("\"", """, '<div style="float: left; white-space: nowrap;">'.__("Examine Quarantined Content",'gotmls').' ... </div><div style="overflow: hidden; position: relative; height: 20px;"><div style="position: absolute; right: 0px; text-align: right; width: 9000px;">'.GOTMLS_strip4java($post->post_title)).'</div></div>\');" href="'.admin_url('admin-ajax.php?action=GOTMLS_scan&'.GOTMLS_set_nonce(__FUNCTION__."744").'&mt='.$GLOBALS["GOTMLS"]["tmp"]["mt"].'&GOTMLS_scan='.$file);
1147	} elseif ($file)
1148	+ $onclick = 'loadIframe(\''.str_replace("\"", """, '<div style="float: left; white-space: nowrap;">'.__("Examine Content",'gotmls').' ... </div><div style="overflow: hidden; position: relative; height: 20px;"><div style="position: absolute; right: 0px; text-align: right; width: 9000px;">'.GOTMLS_htmlspecialchars(GOTMLS_strip4java($file), ENT_NOQUOTES)).'</div></div>\');" href="'.admin_url('admin-ajax.php?action=GOTMLS_scan&'.GOTMLS_set_nonce(__FUNCTION__."746").'&mt='.$GLOBALS["GOTMLS"]["tmp"]["mt"].'&GOTMLS_scan='.$encoded_file.preg_replace('/\&(GOTMLS_scan\|mt\|GOTMLS_mt\|action)=/', '&last_\1=', isset($_SERVER["QUERY_STRING"])&&strlen($_SERVER["QUERY_STRING"])?"&".$_SERVER["QUERY_STRING"]:""));
1149	else
1150	$onclick = 'return false;';
1151	return "<a id=\"list_$encoded_file\" title=\"$errorTXT\" target=\"GOTMLS_iFrame\" onclick=\"$onclick\" class=\"GOTMLS_plugin $class\">";

1184	}
1185
1186	function GOTMLS_scandir($dir) {
1187	+ echo "/<!--"."/".GOTMLS_update_status(sprintf(__("Scanning %s",'gotmls'), str_replace(dirname($GLOBALS["GOTMLS"]["log"]["scan"]["dir"]), "...", GOTMLS_htmlspecialchars($dir))));
1188	GOTMLS_flush();
1189	$li_js = "/-->"."/\nscanNextDir(-1);\n/<!--"."/";
1190	if (isset($_GET["GOTMLS_skip_dir"]) && $dir == GOTMLS_decode($_GET["GOTMLS_skip_dir"])) {

index.php CHANGED Viewed

	@@ -8,7 +8,7 @@ Author URI: http://wordpress.ieonly.com/category/my-plugins/anti-malware/
8	Contributors: scheeeli, gotmls
9	Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
10	Description: This Anti-Virus/Anti-Malware plugin searches for Malware and other Virus like threats and vulnerabilities on your server and helps you remove them. It's always growing and changing to adapt to new threats so let me know if it's not working for you.
11	- Version: 4.18.52
12	*/
13	if (isset($_SERVER["DOCUMENT_ROOT"]) && ($SCRIPT_FILE = str_replace($_SERVER["DOCUMENT_ROOT"], "", isset($_SERVER["SCRIPT_FILENAME"])?$_SERVER["SCRIPT_FILENAME"]:isset($_SERVER["SCRIPT_NAME"])?$_SERVER["SCRIPT_NAME"]:"")) && strlen($SCRIPT_FILE) > strlen("/".basename(__FILE__)) && substr(__FILE__, -1 * strlen($SCRIPT_FILE)) == substr($SCRIPT_FILE, -1 * strlen(__FILE__)))
14	include(dirname(__FILE__)."/safe-load/index.php");
	@@ -571,7 +571,7 @@ function GOTMLS_get_scanlog() {
571	$LastScan .= "\n<li>";
572	$GOTMLS_scan_log = (isset($row["option_name"])?get_option($row["option_name"], array()):array());
573	if (isset($GOTMLS_scan_log["scan"]["type"]) && strlen($GOTMLS_scan_log["scan"]["type"]))
574	- $LastScan .= ~~htmlentities~~($GOTMLS_scan_log["scan"]["type"]);
575	else
576	$LastScan .= "Unknown scan type";
577	if (isset($GOTMLS_scan_log["scan"]["dir"]) && is_dir($GOTMLS_scan_log["scan"]["dir"]))
	@@ -1012,7 +1012,7 @@ function GOTMLS_settings() {
1012	$GOTMLS_scan_groups[] = $lt.'b'.$gt.implode(GOTMLS_slash(), array_slice($dirs, -1 * (3 + $SL), 1)).$lt.'/b'.$gt;
1013	if (isset($_POST["exclude_ext"])) {
1014	if (strlen(trim(str_replace(",","",$_POST["exclude_ext"]).' ')) > 0)
1015	- $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"] = preg_split('/[\s]([,]+[\s])+/', trim(str_replace('.', ',', ~~htmlentities~~($_POST["exclude_ext"]))), -1, PREG_SPLIT_NO_EMPTY);
1016	else
1017	$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"] = array();
1018	}
	@@ -1026,7 +1026,7 @@ function GOTMLS_settings() {
1026	}
1027	if (isset($_POST["exclude_dir"])) {
1028	if (strlen(trim(str_replace(",","",$_POST["exclude_dir"]).' ')) > 0)
1029	- $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_dir"] = preg_split('/[\s]([,]+[\s])+/', trim(~~htmlentities~~($_POST["exclude_dir"])), -1, PREG_SPLIT_NO_EMPTY);
1030	else
1031	$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_dir"] = array();
1032	for ($d=0; $d<count($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_dir"]); $d++)
	@@ -1056,7 +1056,7 @@ function GOTMLS_settings() {
1056	if (is_array($files))
1057	foreach ($files as $file)
1058	if (is_dir(GOTMLS_trailingslashit($dir).$file))
1059	- $scan_whatopts = $lt.'input type="checkbox" name="scan_only[]" value="'.~~htmlentities~~($file).'" /'.$gt.~~htmlentities~~($file).$lt.'br /'.$gt.$scan_whatopts;
1060	$scan_whatopts = "\n$lt".'div style="padding: 4px 30px;" id="scan_group_div_'.$mg.'"'.$gt.$lt.'input type="radio" name="scan_what" id="not-only'.$mg.'" value="'.$mg.'"'.($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_what"]==$mg?' checked':'').' /'.$gt.$lt.'a style="text-decoration: none;" href="#scan_what" onclick="showOnly(\''.$mg.'\');document.getElementById(\'not-only'.$mg.'\').checked=true;"'."$gt$GOTMLS_scan_group$lt/a$gt{$lt}br /$gt\n$lt".'div class="rounded-corners" style="position: absolute; display: none; background-color: #CCF; margin: 0; padding: 10px; z-index: 10;" id="only'.$mg.'"'.$gt.$lt.'div style="padding-bottom: 6px;"'.$gt.GOTMLS_close_button('only'.$mg, 0).$lt.'b'.$gt.str_replace(" ", " ", __("Only Scan These Folders:",'gotmls')).$lt.'/b'.$gt.$lt.'/div'.$gt.$scan_whatopts;
1061	}
1062	$scan_optjs .= "document.getElementById('only'+what).style.display = 'block';\n}";
	@@ -1086,7 +1086,7 @@ function GOTMLS_settings() {
1086	if (isset($_GET["SESSION"])) {
1087	$scan_opts .= "\n$lt".'div style="padding: 0 20px; position: relative; top: -18px; display: none;" id="dont_check_'.$threat_level.'"'.$gt.$lt.'a class="rounded-corners" style="position: absolute; left: 0; margin: 0; padding: 0 4px; text-decoration: none; color: #C00; background-color: #FCC; border: solid #F00 1px;" href="#check_'.$threat_level.'_div_0" onclick="showhide(\'dont_check_'.$threat_level.'\');"'.$gt.'X'.$lt.'/a'.$gt;
1088	foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"][$threat_level] as $threat_name => $threat_regex)
1089	- $scan_opts .= $lt."br /$gt\n$lt".'input type="checkbox" name="dont_check[]" value="'.~~htmlspecialchars~~($threat_name).'"'.(in_array($threat_name, $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"])?' checked /'.$gt.$lt.'script'.$gt.'showhide("dont_check_'.$threat_level.'", true);'.$lt.'/script'.$gt:' /'.$gt).(isset($_SESSION["GOTMLS_debug"][$threat_name])?$lt.'div style="float: right;"'.$gt.print_r($_SESSION["GOTMLS_debug"][$threat_name],1)."$lt/div$gt":"").~~htmlspecialchars~~($threat_name);
1090	$scan_opts .= "\n$lt/div$gt";
1091	}
1092	} else
	@@ -1100,7 +1100,19 @@ function GOTMLS_settings() {
1100	'.$lt.'div style="padding: 0 30px;"'.$gt.$lt.'input type="text" value="'.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_depth"].'" name="scan_depth" size="5"'.$gt.$lt.'br /'.$gt.__("how far to drill down",'gotmls').$lt.'br /'.$gt.'('.__("-1 is infinite depth",'gotmls').')'.$lt.'/div'.$gt.$lt.'/div'.$gt.$lt.'br style="clear: left;"'.$gt;
1101	if (isset($_GET["SESSION"]) && isset($_SESSION["GOTMLS_debug"]['total'])) {$scan_opts .= $lt.'div style="float: right;"'.$gt.print_r($_SESSION["GOTMLS_debug"]['total'],1)."$lt/div$gt"; unset($_SESSION["GOTMLS_debug"]);}
1102	if (isset($_GET["eli"])) {//still testing this option
1103	- ~~$scan_opts~~ ~~.= "\n$lt".'div style="padding: 10px;"'.$gt.$lt.'p'.$gt.$lt.'b'.$gt.__~~("Custom RegExp:",'gotmls').$lt.'/b'.$gt.' ('.__("For very advanced users only. Do not use this without talking to Eli first. If used incorrectly you could easily break your site.",'gotmls').')'.$lt.'/p'.$gt.$lt.'input type="text" name="check_custom" style="width: 100%;" value="'.htmlspecialchars($~~GLOBALS~~["~~GOTMLS~~"]["~~tmp~~"~~]["settings_array"]["check_custom"]~~)~~.'"~~ ~~/'."$gt$lt/div$gt\n";~~












1104	}
1105	$QuickScan = $lt.((is_dir(dirname(__FILE__)."/../../../wp-includes") && is_dir(dirname(__FILE__)."/../../../wp-admin"))?'a href="'.admin_url("admin.php?page=GOTMLS-settings&scan_type=Quick+Scan&$GOTMLS_nonce_URL").'" class="button-primary" style="height: 22px; line-height: 13px; padding: 3px;">WP_Core</a':"!-- No wp-includes or wp-admin --").$gt;
1106	foreach (array("Plugins", "Themes") as $ScanFolder)
	@@ -1108,8 +1120,8 @@ function GOTMLS_settings() {
1108	$scan_opts .= "\n$lt".'p'.$gt.$lt.'b'.$gt.__("Skip files with the following extensions:",'gotmls')."$lt/b$gt".(($default_exclude_ext!=implode(",", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"]))?" {$lt}a href=\"javascript:void(0);\" onclick=\"document.getElementById('exclude_ext').value = '$default_exclude_ext';\"{$gt}[Restore Defaults]$lt/a$gt":"").$lt.'/p'.$gt.'
1109	'.$lt.'div style="padding: 0 30px;"'.$gt.$lt.'input type="text" placeholder="'.__("a comma separated list of file extentions to skip",'gotmls').'" name="exclude_ext" id="exclude_ext" value="'.implode(",", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"]).'" style="width: 100%;" /'."$gt$lt/div$gt$lt".'p'.$gt.$lt.'b'.$gt.__("Skip directories with the following names:",'gotmls')."$lt/b$gt$lt/p$gt$lt".'div style="padding: 0 30px;"'.$gt.$lt.'input type="text" placeholder="'.__("a folder name or comma separated list of folder names to skip",'gotmls').'" name="exclude_dir" value="'.implode(",", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_dir"]).'" style="width: 100%;" /'.$gt.$lt.'/div'.$gt.'
1110	'.$lt.'table style="width: 100%" cellspacing="10"'.$gt.$lt.'tr'.$gt.$lt.'td nowrap valign="top" style="white-space: nowrap; width: 1px;"'.$gt.$lt.'b'.$gt.__("Automatically Update Definitions:",'gotmls').$lt."br$gt$lt/b$gt$lt/td$gt$lt".'td'.$gt.$lt.'div id="UPDATE_definitions_div"'.$gt.$lt.'br'.$gt.$lt.'span style="color: #C00;"'.$gt.__("This feature is only available to registered users who have donated at a certain level.",'gotmls')."$lt/span$gt$lt/div$gt$lt/td$gt$lt".'td align="right" valign="bottom"'.$gt.$lt.'input type="submit" id="save_settings" value="'.__("Save Settings",'gotmls').'" class="button-primary" onclick="document.getElementById(\'scan_type\').value=\'Save\';" /'."$gt$lt/td$gt$lt/tr$gt$lt/table$gt$lt/form$gt";
1111	- $title_tagline = $lt."li$gt Site Title: ".~~htmlspecialchars~~($wpdb->get_var("SELECT `option_value` FROM `$wpdb->options` WHERE `option_name` = 'blogname'"));
1112	- $title_tagline .= "$lt/li$gt$lt"."li$gt Tagline: ".~~htmlspecialchars~~($wpdb->get_var("SELECT `option_value` FROM `$wpdb->options` WHERE `option_name` = 'blogdescription'"));
1113	if (preg_match('/h[\@a]ck[3e]d.*by/is', $title_tagline))
1114	echo $lt.'div class="error"'.$gt.sprintf(__("Your Site Title or Tagline suggests that you may have been hacked ...%sThis could impact the indexing of your site and may even lead to blacklisting. You can change those options on the %sGeneral Settings$lt/a$gt page.",'gotmls'), "$title_tagline$lt/li$gt", $lt.'a href="'.admin_url("options-general.php").'"'.$gt)."$lt/div$gt";
1115	@ob_start();
	@@ -1303,17 +1315,17 @@ var startTime = 0;
1303	if (substr($name, 0, 10) != 'GOTMLS_fix') {
1304	if (is_array($value)) {
1305	foreach ($value as $val)
1306	- echo $lt.'input type="hidden" name="'.$name.'[]" value="'.~~htmlspecialchars~~($val).'"'.$gt;
1307	} else
1308	- echo $lt.'input type="hidden" name="'.$name.'" value="'.~~htmlspecialchars~~($value).'"'.$gt;
1309	}
1310	}
1311	- echo "\n$lt".'script type="text/javascript"'.$gt.'showhide("inside_'.md5($ScanSettings).'");'.$lt.'/script'.$gt.GOTMLS_box(~~htmlspecialchars~~($_REQUEST["scan_type"]).' Status', $lt.'div id="status_text"'.$gt.$lt.'img src="'.GOTMLS_images_path.'wait.gif" height=16 width=16 alt="..."'.$gt.' '.GOTMLS_Loading_LANGUAGE.$lt.'/div'.$gt.$lt.'div id="status_bar"'.$gt.$lt.'/div'.$gt.$lt.'p id="pause_button" style="display: none; position: absolute; left: 0; text-align: center; margin-left: -30px; padding-left: 50%;"'.$gt.$lt.'input type="button" value="Pause" class="button-primary" onclick="pauseresume(this);" id="resume_button" /'.$gt.$lt.'/p'.$gt.$lt.'div id="status_counts"'.$gt.$lt.'/div'.$gt.$lt.'p id="fix_button" style="display: none; text-align: center;"'.$gt.$lt.'input id="repair_button" type="submit" value="'.GOTMLS_Automatically_Fix_LANGUAGE.'" class="button-primary" onclick="loadIframe(\'Examine Results\');" /'.$gt.$lt.'/p'.$gt);
1312	$scan_groups_UL = "";
1313	foreach ($scan_groups as $scan_name => $scan_group)
1314	$scan_groups_UL .= "\n{$lt}ul name=\"found_$scan_group\" id=\"found_$scan_group\" class=\"GOTMLS_plugin $scan_group\" style=\"background-color: #ccc; display: none; padding: 0;\"$gt{$lt}a class=\"rounded-corners\" name=\"link_$scan_group\" style=\"float: right; padding: 0 4px; margin: 5px 5px 0 30px; line-height: 16px; text-decoration: none; color: #C00; background-color: #FCC; border: solid #F00 1px;\" href=\"#found_top\" onclick=\"showhide('found_$scan_group');\"{$gt}X$lt/a$gt{$lt}h3$gt$scan_name$lt/h3$gt\n".($scan_group=='potential'?$lt.'p'.$gt.'   * '.__("NOTE: These are probably not malicious scripts (but it's a good place to start looking <u>IF</u> your site is infected and no Known Threats were found).",'gotmls').$lt.'/p'.$gt:($scan_group=='wp_core'?$lt.'p'.$gt.'   * '.sprintf(__("NOTE: We have detected changes to the WordPress Core files on your site. This could be an intentional modification or the malicious work of a hacker. We can restore these files to their original state to preserve the integrity of your original WordPress %s installation.",'gotmls'), GOTMLS_wp_version).' (for more info '.$lt.'a target="_blank" href="http://gotmls.net/tag/wp-core-files/"'.$gt.__("read my blog",'gotmls').$lt.'/a'.$gt.').'.$lt.'/p'.$gt:$lt.'br /'.$gt)).$lt.'/ul'.$gt;
1315	if (!($dir = implode(GOTMLS_slash(), array_slice($dirs, 0, -1 * (2 + $_REQUEST["scan_what"]))))) $dir = "/";
1316	- GOTMLS_update_scan_log(array("scan" => array("dir" => $dir, "start" => time(), "type" => ~~htmlentities~~($_REQUEST["scan_type"]))));
1317	echo GOTMLS_box($lt.'div id="GOTMLS_scan_dir" style="float: right;"'.$gt.' ('.$GLOBALS["GOTMLS"]["log"]["scan"]["dir"].") $lt/div$gt".__("Scan Details:",'gotmls'), $scan_groups_UL);
1318	$no_flush_LANGUAGE = __("Not flushing OB Handlers: %s",'gotmls');
1319	if (isset($_REQUEST["no_ob_end_flush"]))
	@@ -1417,7 +1429,7 @@ add_action("login_form", "GOTMLS_login_form");
1417
1418	function GOTMLS_ajax_logintime() {
1419	@header("Content-type: text/javascript");
1420	- $sess = (false && isset($_GET["GOTMLS_sess"]) && is_numeric($_GET["GOTMLS_sess"])) ? ~~htmlspecialchars~~($_GET["sess"]) : time();
1421	die("\n//Permission Error: User not authenticated!\nvar GOTMLS_login_offset = new Date();\nvar GOTMLS_login_offset_start = GOTMLS_login_offset.getTime() - ".$sess."000;\nfunction set_offset_id() {\n\tGOTMLS_login_offset = new Date();\n\tif (form_login = document.getElementById('offset_id'))\n\t\tform_login.value = GOTMLS_login_offset.getTime() - GOTMLS_login_offset_start;\n\tsetTimeout(set_offset_id, 15673);\n}\nset_offset_id();");
1422	}
1423	add_action('wp_ajax_nopriv_GOTMLS_logintime', 'GOTMLS_ajax_logintime');
	@@ -1543,7 +1555,7 @@ function GOTMLS_ajax_position() {
1543	} else
1544	die("\n//Position Error: No new position to save!\n");
1545	update_option("GOTMLS_settings_array", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]);
1546	- die(GOTMLS_html_tags(array("html" => array("body" => ~~htmlentities~~($_GET["GOTMLS_msg"]).' '.__("saved.",'gotmls').(implode($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"]) == implode($GLOBALS["GOTMLS"]["tmp"]["default"]["msg_position"])?"":' <a href="'.admin_url('admin-ajax.php?action=GOTMLS_position&'.GOTMLS_set_nonce(__FUNCTION__."1350").'&GOTMLS_msg='.urlencode($GLOBALS["GOTMLS_msg"])).'">['.$GLOBALS["GOTMLS_msg"].']</a>'))), $properties));
1547	} else
1548	die(GOTMLS_Invalid_Nonce("\n//Position Error: ")."\n");
1549	}
	@@ -1579,7 +1591,7 @@ function GOTMLS_ajax_whitelist() {
1579	} else
1580	unset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"][$file]);
1581	GOTMLS_update_option("definitions", $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]);
1582	- $body = "Added $file to Whitelist!<br />\n<iframe style='width: 90%; height: 250px; border: none;' src='".GOTMLS_plugin_home."whitelist.html?whitelist=".~~htmlspecialchars~~($_POST['GOTMLS_whitelist'])."&hash=$chksum[0]&size=$filesize&key=$chksum[1]'></iframe>";
1583	} else
1584	$body = "<li>Invalid Data!</li>";
1585	die(GOTMLS_html_tags(array("html" => array("body" => $body))));
	@@ -1636,7 +1648,7 @@ function GOTMLS_ajax_fix() {
1636	$li_js .= "/-->"."/\nfailedFile('$clean_file');\n/<!--"."/";
1637	}
1638	} else {
1639	- echo "<li>".__("Restoration Aborted, post_content was modified outside of this quarantine!<pre>".~~htmlspecialchars~~(print_r(array("R"=>$R_post,"Q"=>$Q_post),1))."</pre>",'gotmls');
1640	$li_js .= "/-->"."/\nfailedFile('$clean_file');\n/<!--"."/";
1641	}
1642	} else {
	@@ -1674,7 +1686,7 @@ function GOTMLS_ajax_fix() {
1674	echo "</li>\n$li_js/-->"."/\n$callAlert\n//".$GLOBALS["GOTMLS"]["tmp"]["debug_fix"]."\n</script>\n";
1675	$li_js = "<script type=\"text/javascript\">\n/<!--"."/";
1676	} else
1677	- echo "<li>".sprintf(__("File %s not found!",'gotmls'), ~~htmlentities~~($path))."</li>";
1678	GOTMLS_update_scan_log(array("scan" => array("finish" => time(), "type" => "Automatic Fix")));
1679	}
1680	}
	@@ -1712,7 +1724,8 @@ function select_text_range(ta_id, start, end) {
1712	} else
1713	alert("The highlighting function does not work in your browser");
1714	}
1715	- window.parent.showhide("~~GOTMLS_iFrame~~", ~~true);~~

1716	</script><table style="top: 0px; left: 0px; width: 100%; height: 100%; position: absolute;"><tr><td style="width: 100%"><form style="margin: 0;" method="post" action="';
1717	@set_time_limit($GLOBALS["GOTMLS"]["tmp"]['execution_time'] - 5);
1718	if (is_numeric($_GET["GOTMLS_scan"])) {
	@@ -1732,9 +1745,9 @@ window.parent.showhide("GOTMLS_iFrame", true);
1732	list($start, $end, $junk) = explode("-", "$threats_found--", 3);
1733	if (strlen($end) > 0 && is_numeric($start) && is_numeric($end)) {
1734	if ($start < $end)
1735	- $fa .= ' <a title="'.~~htmlspecialchars~~($threats_name).'" href="javascript:select_text_range(\'ta_file\', '.$start.', '.$end.');">['.$f++.']</a>';
1736	else
1737	- $fa .= ' <a title="'.~~htmlspecialchars~~($threats_name).'" href="javascript:select_text_range(\'ta_file\', '.$end.', '.$start.');">['.$f++.']</a>';
1738	} else {
1739	if (is_numeric($threats_found)) {
1740	$threats_found = $threats_name;
	@@ -1745,14 +1758,14 @@ window.parent.showhide("GOTMLS_iFrame", true);
1745	$potential_threat = str_replace("\r", "", $threats_found);
1746	while (($fpos = strpos(str_replace("\r", "", $GLOBALS["GOTMLS"]["tmp"]["file_contents"]), ($potential_threat), $flen + $fpos)) !== false) {
1747	$flen = strlen($potential_threat);
1748	- $fa .= ' <a title="'.~~htmlspecialchars~~($threats_name).'" href="javascript:select_text_range(\'ta_file\', '.($fpos).', '.($fpos + $flen).');">['.$f++.']</a>';
1749	}
1750	}
1751	}
1752	} //else echo "excerpt:".$Q_post["post_excerpt"];
1753	- die("\n$script_form".admin_url('admin-ajax.php?'.GOTMLS_set_nonce(__FUNCTION__."1779")).'" onsubmit="return confirm(\''.__("Are you sure you want to delete the record of this file from the quarantine?",'gotmls').'\');"><input type="hidden" name="GOTMLS_fix[]" value="'.$Q_post["ID"].'"><input type="hidden" name="GOTMLS_fixing" value="2"><input type="hidden" name="action" value="GOTMLS_fix"><input type="submit" value="DELETE from Quarantine" style="background-color: #C00; float: right;"></form><div id="fileperms" class="shadowed-box rounded-corners" style="display: none; position: absolute; left: 8px; top: 29px; background-color: #ccc; border: medium solid #C00; box-shadow: -3px 3px 3px #666; border-radius: 10px; padding: 10px;"><b>File Details</b><br />~~encoding~~: '.(~~function_exists~~(~~"mb_detect_encoding")?mb_detect_encoding(~~$GLOBALS["GOTMLS"]["tmp"]["file_contents"]):"~~Unknown~~").'<br />~~size~~: '.~~strlen~~($GLOBALS["GOTMLS"]["tmp"]["~~file_contents~~"])~~.' bytes<br />infected~~:~~'.$Q_post~~["~~post_modified_gmt~~"].'<br />quarantined:'.$Q_post["post_date_gmt"].'</div><div style="overflow: auto;"><span onmouseover="document.getElementById(\'fileperms\').style.display=\'block\';" onmouseout="document.getElementById(\'fileperms\').style.display=\'none\';">'.__("File Details:",'gotmls').'</span> ('.$fa.' )</div></td></tr><tr><td style="height: 100%"><textarea id="ta_file" style="width: 100%; height: 100%">'.~~htmlentities~~(str_replace("\r", "", $GLOBALS["GOTMLS"]["tmp"]["file_contents"])).'</textarea></td></tr></table>');
1754	} else
1755	- die(GOTMLS_html_tags(array("html" => array("body" => __("This record no longer exists in the quarantine.",'gotmls')."<br />\n<script type=\"text/javascript\">\~~nwindow~~.parent.showhide('GOTMLS_iFrame', true);\n</script>"))));
1756	} else {
1757	$file = GOTMLS_decode($_GET["GOTMLS_scan"]);
1758	if (is_numeric($file))
	@@ -1784,13 +1797,13 @@ window.parent.showhide("GOTMLS_iFrame", true);
1784	if ($start > $end)
1785	$fa .= 'ERROR['.($f++).']: Threat_size{'.$threats_found.'} Content_size{'.strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]).'}';
1786	else
1787	- $fa .= ' <a title="'.~~htmlspecialchars~~($threats_name).'" href="javascript:select_text_range(\'ta_file\', '.$start.', '.$end.');">['.$f++.']</a>';
1788	}
1789	} else
1790	$fa = " No Threats Found";
1791	- die("\n$script_form".admin_url('admin-ajax.php?'.GOTMLS_set_nonce(__FUNCTION__."1821")).'" onsubmit="return confirm(\''.__("Are you sure this file is not infected and you want to ignore it in future scans?",'gotmls').'\');"><input type="hidden" name="GOTMLS_whitelist" value="'.GOTMLS_encode($file).'"><input type="hidden" name="action" value="GOTMLS_whitelist"><input type="hidden" name="GOTMLS_chksum" value="'.md5($GLOBALS["GOTMLS"]["tmp"]["file_contents"]).'O'.GOTMLS_installation_key.'"><input type="submit" value="Whitelist this file" style="float: right;"></form><div id="fileperms" class="shadowed-box rounded-corners" style="display: none; position: absolute; left: 8px; top: 29px; background-color: #ccc; border: medium solid #C00; box-shadow: -3px 3px 3px #666; border-radius: 10px; padding: 10px;"><b>~~File Details:~~ '.~~htmlspecialchars~~(~~basename(~~$file)).'~~</b><br />in: '.dirname(realpath($file)).'~~<br />encoding: '.(function_exists("mb_detect_encoding")?mb_detect_encoding($GLOBALS["GOTMLS"]["tmp"]["file_contents"]):"Unknown").'<br />size: '.strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]).' ('.filesize(realpath($file)).'bytes)<br />permissions: '.GOTMLS_fileperms(realpath($file)).'<br />Owner/Group: '.fileowner(realpath($file)).'/'.filegroup(realpath($file)).' (you are: '.getmyuid().'/'.getmygid().')<br />modified:'.date(" Y-m-d H:i:s ", filemtime(realpath($file))).'<br />changed:'.date(" Y-m-d H:i:s ", filectime(realpath($file))).'</div~~><div~~ style="overflow: auto;"><span onmouseover="document.getElementById(\'~~fileperms~~\').style.display=\'block\';onmouseout="document.getElementById(\'~~fileperms~~\').style.display=\'none\';">'.__("Potential threats in file:",'gotmls').'</span> ('.$fa.' )</div></td></tr><tr><td style="height: 100%"><textarea id="ta_file" style="width: 100%; height: 100%">'.~~htmlentities~~(str_replace("\r", "", $GLOBALS["GOTMLS"]["tmp"]["file_contents"])).'</textarea></td></tr></table>');
1792	} else
1793	- die(GOTMLS_html_tags(array("html" => array("body" => sprintf(__("The file %s does not exist, it must have already been deleted.",'gotmls'), ~~htmlspecialchars~~($file))."<script type=\"text/javascript\">\~~nwindow~~.parent.showhide('GOTMLS_iFrame', true);\n</script>"))));
1794	}
1795	} else
1796	die("\n//Directory Error: Nothing to scan!\n");


8	Contributors: scheeeli, gotmls
9	Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
10	Description: This Anti-Virus/Anti-Malware plugin searches for Malware and other Virus like threats and vulnerabilities on your server and helps you remove them. It's always growing and changing to adapt to new threats so let me know if it's not working for you.
11	+ Version: 4.18.62
12	*/
13	if (isset($_SERVER["DOCUMENT_ROOT"]) && ($SCRIPT_FILE = str_replace($_SERVER["DOCUMENT_ROOT"], "", isset($_SERVER["SCRIPT_FILENAME"])?$_SERVER["SCRIPT_FILENAME"]:isset($_SERVER["SCRIPT_NAME"])?$_SERVER["SCRIPT_NAME"]:"")) && strlen($SCRIPT_FILE) > strlen("/".basename(__FILE__)) && substr(__FILE__, -1 * strlen($SCRIPT_FILE)) == substr($SCRIPT_FILE, -1 * strlen(__FILE__)))
14	include(dirname(__FILE__)."/safe-load/index.php");

571	$LastScan .= "\n<li>";
572	$GOTMLS_scan_log = (isset($row["option_name"])?get_option($row["option_name"], array()):array());
573	if (isset($GOTMLS_scan_log["scan"]["type"]) && strlen($GOTMLS_scan_log["scan"]["type"]))
574	+ $LastScan .= GOTMLS_htmlentities($GOTMLS_scan_log["scan"]["type"]);
575	else
576	$LastScan .= "Unknown scan type";
577	if (isset($GOTMLS_scan_log["scan"]["dir"]) && is_dir($GOTMLS_scan_log["scan"]["dir"]))

1012	$GOTMLS_scan_groups[] = $lt.'b'.$gt.implode(GOTMLS_slash(), array_slice($dirs, -1 * (3 + $SL), 1)).$lt.'/b'.$gt;
1013	if (isset($_POST["exclude_ext"])) {
1014	if (strlen(trim(str_replace(",","",$_POST["exclude_ext"]).' ')) > 0)
1015	+ $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"] = preg_split('/[\s]([,]+[\s])+/', trim(str_replace('.', ',', GOTMLS_htmlentities($_POST["exclude_ext"]))), -1, PREG_SPLIT_NO_EMPTY);
1016	else
1017	$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"] = array();
1018	}

1026	}
1027	if (isset($_POST["exclude_dir"])) {
1028	if (strlen(trim(str_replace(",","",$_POST["exclude_dir"]).' ')) > 0)
1029	+ $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_dir"] = preg_split('/[\s]([,]+[\s])+/', trim(GOTMLS_htmlentities($_POST["exclude_dir"])), -1, PREG_SPLIT_NO_EMPTY);
1030	else
1031	$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_dir"] = array();
1032	for ($d=0; $d<count($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_dir"]); $d++)

1056	if (is_array($files))
1057	foreach ($files as $file)
1058	if (is_dir(GOTMLS_trailingslashit($dir).$file))
1059	+ $scan_whatopts = $lt.'input type="checkbox" name="scan_only[]" value="'.GOTMLS_htmlentities($file).'" /'.$gt.GOTMLS_htmlentities($file).$lt.'br /'.$gt.$scan_whatopts;
1060	$scan_whatopts = "\n$lt".'div style="padding: 4px 30px;" id="scan_group_div_'.$mg.'"'.$gt.$lt.'input type="radio" name="scan_what" id="not-only'.$mg.'" value="'.$mg.'"'.($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_what"]==$mg?' checked':'').' /'.$gt.$lt.'a style="text-decoration: none;" href="#scan_what" onclick="showOnly(\''.$mg.'\');document.getElementById(\'not-only'.$mg.'\').checked=true;"'."$gt$GOTMLS_scan_group$lt/a$gt{$lt}br /$gt\n$lt".'div class="rounded-corners" style="position: absolute; display: none; background-color: #CCF; margin: 0; padding: 10px; z-index: 10;" id="only'.$mg.'"'.$gt.$lt.'div style="padding-bottom: 6px;"'.$gt.GOTMLS_close_button('only'.$mg, 0).$lt.'b'.$gt.str_replace(" ", " ", __("Only Scan These Folders:",'gotmls')).$lt.'/b'.$gt.$lt.'/div'.$gt.$scan_whatopts;
1061	}
1062	$scan_optjs .= "document.getElementById('only'+what).style.display = 'block';\n}";

1086	if (isset($_GET["SESSION"])) {
1087	$scan_opts .= "\n$lt".'div style="padding: 0 20px; position: relative; top: -18px; display: none;" id="dont_check_'.$threat_level.'"'.$gt.$lt.'a class="rounded-corners" style="position: absolute; left: 0; margin: 0; padding: 0 4px; text-decoration: none; color: #C00; background-color: #FCC; border: solid #F00 1px;" href="#check_'.$threat_level.'_div_0" onclick="showhide(\'dont_check_'.$threat_level.'\');"'.$gt.'X'.$lt.'/a'.$gt;
1088	foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"][$threat_level] as $threat_name => $threat_regex)
1089	+ $scan_opts .= $lt."br /$gt\n$lt".'input type="checkbox" name="dont_check[]" value="'.GOTMLS_htmlspecialchars($threat_name).'"'.(in_array($threat_name, $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"])?' checked /'.$gt.$lt.'script'.$gt.'showhide("dont_check_'.$threat_level.'", true);'.$lt.'/script'.$gt:' /'.$gt).(isset($_SESSION["GOTMLS_debug"][$threat_name])?$lt.'div style="float: right;"'.$gt.print_r($_SESSION["GOTMLS_debug"][$threat_name],1)."$lt/div$gt":"").GOTMLS_htmlspecialchars($threat_name);
1090	$scan_opts .= "\n$lt/div$gt";
1091	}
1092	} else

1100	'.$lt.'div style="padding: 0 30px;"'.$gt.$lt.'input type="text" value="'.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_depth"].'" name="scan_depth" size="5"'.$gt.$lt.'br /'.$gt.__("how far to drill down",'gotmls').$lt.'br /'.$gt.'('.__("-1 is infinite depth",'gotmls').')'.$lt.'/div'.$gt.$lt.'/div'.$gt.$lt.'br style="clear: left;"'.$gt;
1101	if (isset($_GET["SESSION"]) && isset($_SESSION["GOTMLS_debug"]['total'])) {$scan_opts .= $lt.'div style="float: right;"'.$gt.print_r($_SESSION["GOTMLS_debug"]['total'],1)."$lt/div$gt"; unset($_SESSION["GOTMLS_debug"]);}
1102	if (isset($_GET["eli"])) {//still testing this option
1103	+ if ($_GET["eli"] == "find") {
1104	+ if (isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check_custom"]) && isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"][$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check_custom"]]) && is_array($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"][$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check_custom"]]) && (count($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"][$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check_custom"]]) > 1)) {
1105	+ $fe = $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"][$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check_custom"]][0];
1106	+ $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check_custom"] = $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"][$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check_custom"]][1];
1107	+ } else {
1108	+ $fe = " no";
1109	+ foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"] as $f => $e)
1110	+ if (is_array($e) && in_array($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check_custom"], $e))
1111	+ $fe = " $f";
1112	+ }
1113	+ } else
1114	+ $fe = "";
1115	+ $scan_opts .= "\n$lt".'div style="padding: 10px;"'.$gt.$lt.'p'.$gt.$lt.'b'.$gt.__("Custom RegExp:",'gotmls').$fe.$lt.'/b'.$gt.' ('.__("For very advanced users only. Do not use this without talking to Eli first. If used incorrectly you could easily break your site.",'gotmls').')'.$lt.'/p'.$gt.$lt.'input type="text" name="check_custom" style="width: 100%;" value="'.GOTMLS_htmlspecialchars($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check_custom"]).'" /'."$gt$lt/div$gt\n";
1116	}
1117	$QuickScan = $lt.((is_dir(dirname(__FILE__)."/../../../wp-includes") && is_dir(dirname(__FILE__)."/../../../wp-admin"))?'a href="'.admin_url("admin.php?page=GOTMLS-settings&scan_type=Quick+Scan&$GOTMLS_nonce_URL").'" class="button-primary" style="height: 22px; line-height: 13px; padding: 3px;">WP_Core</a':"!-- No wp-includes or wp-admin --").$gt;
1118	foreach (array("Plugins", "Themes") as $ScanFolder)

1120	$scan_opts .= "\n$lt".'p'.$gt.$lt.'b'.$gt.__("Skip files with the following extensions:",'gotmls')."$lt/b$gt".(($default_exclude_ext!=implode(",", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"]))?" {$lt}a href=\"javascript:void(0);\" onclick=\"document.getElementById('exclude_ext').value = '$default_exclude_ext';\"{$gt}[Restore Defaults]$lt/a$gt":"").$lt.'/p'.$gt.'
1121	'.$lt.'div style="padding: 0 30px;"'.$gt.$lt.'input type="text" placeholder="'.__("a comma separated list of file extentions to skip",'gotmls').'" name="exclude_ext" id="exclude_ext" value="'.implode(",", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"]).'" style="width: 100%;" /'."$gt$lt/div$gt$lt".'p'.$gt.$lt.'b'.$gt.__("Skip directories with the following names:",'gotmls')."$lt/b$gt$lt/p$gt$lt".'div style="padding: 0 30px;"'.$gt.$lt.'input type="text" placeholder="'.__("a folder name or comma separated list of folder names to skip",'gotmls').'" name="exclude_dir" value="'.implode(",", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_dir"]).'" style="width: 100%;" /'.$gt.$lt.'/div'.$gt.'
1122	'.$lt.'table style="width: 100%" cellspacing="10"'.$gt.$lt.'tr'.$gt.$lt.'td nowrap valign="top" style="white-space: nowrap; width: 1px;"'.$gt.$lt.'b'.$gt.__("Automatically Update Definitions:",'gotmls').$lt."br$gt$lt/b$gt$lt/td$gt$lt".'td'.$gt.$lt.'div id="UPDATE_definitions_div"'.$gt.$lt.'br'.$gt.$lt.'span style="color: #C00;"'.$gt.__("This feature is only available to registered users who have donated at a certain level.",'gotmls')."$lt/span$gt$lt/div$gt$lt/td$gt$lt".'td align="right" valign="bottom"'.$gt.$lt.'input type="submit" id="save_settings" value="'.__("Save Settings",'gotmls').'" class="button-primary" onclick="document.getElementById(\'scan_type\').value=\'Save\';" /'."$gt$lt/td$gt$lt/tr$gt$lt/table$gt$lt/form$gt";
1123	+ $title_tagline = $lt."li$gt Site Title: ".GOTMLS_htmlspecialchars($wpdb->get_var("SELECT `option_value` FROM `$wpdb->options` WHERE `option_name` = 'blogname'"));
1124	+ $title_tagline .= "$lt/li$gt$lt"."li$gt Tagline: ".GOTMLS_htmlspecialchars($wpdb->get_var("SELECT `option_value` FROM `$wpdb->options` WHERE `option_name` = 'blogdescription'"));
1125	if (preg_match('/h[\@a]ck[3e]d.*by/is', $title_tagline))
1126	echo $lt.'div class="error"'.$gt.sprintf(__("Your Site Title or Tagline suggests that you may have been hacked ...%sThis could impact the indexing of your site and may even lead to blacklisting. You can change those options on the %sGeneral Settings$lt/a$gt page.",'gotmls'), "$title_tagline$lt/li$gt", $lt.'a href="'.admin_url("options-general.php").'"'.$gt)."$lt/div$gt";
1127	@ob_start();

1315	if (substr($name, 0, 10) != 'GOTMLS_fix') {
1316	if (is_array($value)) {
1317	foreach ($value as $val)
1318	+ echo $lt.'input type="hidden" name="'.$name.'[]" value="'.GOTMLS_htmlspecialchars($val).'"'.$gt;
1319	} else
1320	+ echo $lt.'input type="hidden" name="'.$name.'" value="'.GOTMLS_htmlspecialchars($value).'"'.$gt;
1321	}
1322	}
1323	+ echo "\n$lt".'script type="text/javascript"'.$gt.'showhide("inside_'.md5($ScanSettings).'");'.$lt.'/script'.$gt.GOTMLS_box(GOTMLS_htmlspecialchars($_REQUEST["scan_type"]).' Status', $lt.'div id="status_text"'.$gt.$lt.'img src="'.GOTMLS_images_path.'wait.gif" height=16 width=16 alt="..."'.$gt.' '.GOTMLS_Loading_LANGUAGE.$lt.'/div'.$gt.$lt.'div id="status_bar"'.$gt.$lt.'/div'.$gt.$lt.'p id="pause_button" style="display: none; position: absolute; left: 0; text-align: center; margin-left: -30px; padding-left: 50%;"'.$gt.$lt.'input type="button" value="Pause" class="button-primary" onclick="pauseresume(this);" id="resume_button" /'.$gt.$lt.'/p'.$gt.$lt.'div id="status_counts"'.$gt.$lt.'/div'.$gt.$lt.'p id="fix_button" style="display: none; text-align: center;"'.$gt.$lt.'input id="repair_button" type="submit" value="'.GOTMLS_Automatically_Fix_LANGUAGE.'" class="button-primary" onclick="loadIframe(\'Examine Results\');" /'.$gt.$lt.'/p'.$gt);
1324	$scan_groups_UL = "";
1325	foreach ($scan_groups as $scan_name => $scan_group)
1326	$scan_groups_UL .= "\n{$lt}ul name=\"found_$scan_group\" id=\"found_$scan_group\" class=\"GOTMLS_plugin $scan_group\" style=\"background-color: #ccc; display: none; padding: 0;\"$gt{$lt}a class=\"rounded-corners\" name=\"link_$scan_group\" style=\"float: right; padding: 0 4px; margin: 5px 5px 0 30px; line-height: 16px; text-decoration: none; color: #C00; background-color: #FCC; border: solid #F00 1px;\" href=\"#found_top\" onclick=\"showhide('found_$scan_group');\"{$gt}X$lt/a$gt{$lt}h3$gt$scan_name$lt/h3$gt\n".($scan_group=='potential'?$lt.'p'.$gt.'   * '.__("NOTE: These are probably not malicious scripts (but it's a good place to start looking <u>IF</u> your site is infected and no Known Threats were found).",'gotmls').$lt.'/p'.$gt:($scan_group=='wp_core'?$lt.'p'.$gt.'   * '.sprintf(__("NOTE: We have detected changes to the WordPress Core files on your site. This could be an intentional modification or the malicious work of a hacker. We can restore these files to their original state to preserve the integrity of your original WordPress %s installation.",'gotmls'), GOTMLS_wp_version).' (for more info '.$lt.'a target="_blank" href="http://gotmls.net/tag/wp-core-files/"'.$gt.__("read my blog",'gotmls').$lt.'/a'.$gt.').'.$lt.'/p'.$gt:$lt.'br /'.$gt)).$lt.'/ul'.$gt;
1327	if (!($dir = implode(GOTMLS_slash(), array_slice($dirs, 0, -1 * (2 + $_REQUEST["scan_what"]))))) $dir = "/";
1328	+ GOTMLS_update_scan_log(array("scan" => array("dir" => $dir, "start" => time(), "type" => GOTMLS_htmlentities($_REQUEST["scan_type"]))));
1329	echo GOTMLS_box($lt.'div id="GOTMLS_scan_dir" style="float: right;"'.$gt.' ('.$GLOBALS["GOTMLS"]["log"]["scan"]["dir"].") $lt/div$gt".__("Scan Details:",'gotmls'), $scan_groups_UL);
1330	$no_flush_LANGUAGE = __("Not flushing OB Handlers: %s",'gotmls');
1331	if (isset($_REQUEST["no_ob_end_flush"]))

1429
1430	function GOTMLS_ajax_logintime() {
1431	@header("Content-type: text/javascript");
1432	+ $sess = (false && isset($_GET["GOTMLS_sess"]) && is_numeric($_GET["GOTMLS_sess"])) ? GOTMLS_htmlspecialchars($_GET["sess"]) : time();
1433	die("\n//Permission Error: User not authenticated!\nvar GOTMLS_login_offset = new Date();\nvar GOTMLS_login_offset_start = GOTMLS_login_offset.getTime() - ".$sess."000;\nfunction set_offset_id() {\n\tGOTMLS_login_offset = new Date();\n\tif (form_login = document.getElementById('offset_id'))\n\t\tform_login.value = GOTMLS_login_offset.getTime() - GOTMLS_login_offset_start;\n\tsetTimeout(set_offset_id, 15673);\n}\nset_offset_id();");
1434	}
1435	add_action('wp_ajax_nopriv_GOTMLS_logintime', 'GOTMLS_ajax_logintime');

1555	} else
1556	die("\n//Position Error: No new position to save!\n");
1557	update_option("GOTMLS_settings_array", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]);
1558	+ die(GOTMLS_html_tags(array("html" => array("body" => GOTMLS_htmlentities($_GET["GOTMLS_msg"]).' '.__("saved.",'gotmls').(implode($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"]) == implode($GLOBALS["GOTMLS"]["tmp"]["default"]["msg_position"])?"":' <a href="'.admin_url('admin-ajax.php?action=GOTMLS_position&'.GOTMLS_set_nonce(__FUNCTION__."1350").'&GOTMLS_msg='.urlencode($GLOBALS["GOTMLS_msg"])).'">['.$GLOBALS["GOTMLS_msg"].']</a>'))), $properties));
1559	} else
1560	die(GOTMLS_Invalid_Nonce("\n//Position Error: ")."\n");
1561	}

1591	} else
1592	unset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"][$file]);
1593	GOTMLS_update_option("definitions", $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]);
1594	+ $body = "Added $file to Whitelist!<br />\n<iframe style='width: 90%; height: 250px; border: none;' src='".GOTMLS_plugin_home."whitelist.html?whitelist=".GOTMLS_htmlspecialchars($_POST['GOTMLS_whitelist'])."&hash=$chksum[0]&size=$filesize&key=$chksum[1]'></iframe>";
1595	} else
1596	$body = "<li>Invalid Data!</li>";
1597	die(GOTMLS_html_tags(array("html" => array("body" => $body))));

1648	$li_js .= "/-->"."/\nfailedFile('$clean_file');\n/<!--"."/";
1649	}
1650	} else {
1651	+ echo "<li>".__("Restoration Aborted, post_content was modified outside of this quarantine!<pre>".GOTMLS_htmlspecialchars(print_r(array("R"=>$R_post,"Q"=>$Q_post),1))."</pre>",'gotmls');
1652	$li_js .= "/-->"."/\nfailedFile('$clean_file');\n/<!--"."/";
1653	}
1654	} else {

1686	echo "</li>\n$li_js/-->"."/\n$callAlert\n//".$GLOBALS["GOTMLS"]["tmp"]["debug_fix"]."\n</script>\n";
1687	$li_js = "<script type=\"text/javascript\">\n/<!--"."/";
1688	} else
1689	+ echo "<li>".sprintf(__("File %s not found!",'gotmls'), GOTMLS_htmlentities($path))."</li>";
1690	GOTMLS_update_scan_log(array("scan" => array("finish" => time(), "type" => "Automatic Fix")));
1691	}
1692	}

1724	} else
1725	alert("The highlighting function does not work in your browser");
1726	}
1727	+ if (typeof window.parent.showhide === "function")
1728	+ window.parent.showhide("GOTMLS_iFrame", true);
1729	</script><table style="top: 0px; left: 0px; width: 100%; height: 100%; position: absolute;"><tr><td style="width: 100%"><form style="margin: 0;" method="post" action="';
1730	@set_time_limit($GLOBALS["GOTMLS"]["tmp"]['execution_time'] - 5);
1731	if (is_numeric($_GET["GOTMLS_scan"])) {

1745	list($start, $end, $junk) = explode("-", "$threats_found--", 3);
1746	if (strlen($end) > 0 && is_numeric($start) && is_numeric($end)) {
1747	if ($start < $end)
1748	+ $fa .= ' <a title="'.GOTMLS_htmlspecialchars($threats_name).'" href="javascript:select_text_range(\'ta_file\', '.$start.', '.$end.');">['.$f++.']</a>';
1749	else
1750	+ $fa .= ' <a title="'.GOTMLS_htmlspecialchars($threats_name).'" href="javascript:select_text_range(\'ta_file\', '.$end.', '.$start.');">['.$f++.']</a>';
1751	} else {
1752	if (is_numeric($threats_found)) {
1753	$threats_found = $threats_name;

1758	$potential_threat = str_replace("\r", "", $threats_found);
1759	while (($fpos = strpos(str_replace("\r", "", $GLOBALS["GOTMLS"]["tmp"]["file_contents"]), ($potential_threat), $flen + $fpos)) !== false) {
1760	$flen = strlen($potential_threat);
1761	+ $fa .= ' <a title="'.GOTMLS_htmlspecialchars($threats_name).'" href="javascript:select_text_range(\'ta_file\', '.($fpos).', '.($fpos + $flen).');">['.$f++.']</a>';
1762	}
1763	}
1764	}
1765	} //else echo "excerpt:".$Q_post["post_excerpt"];
1766	+ die("\n$script_form".admin_url('admin-ajax.php?'.GOTMLS_set_nonce(__FUNCTION__."1779")).'" onsubmit="return confirm(\''.__("Are you sure you want to delete the record of this file from the quarantine?",'gotmls').'\');"><input type="hidden" name="GOTMLS_fix[]" value="'.$Q_post["ID"].'"><input type="hidden" name="GOTMLS_fixing" value="2"><input type="hidden" name="action" value="GOTMLS_fix"><input type="submit" value="DELETE from Quarantine" style="background-color: #C00; float: right;"></form><div id="fileperms" class="shadowed-box rounded-corners" style="display: none; position: absolute; left: 8px; top: 29px; background-color: #ccc; border: medium solid #C00; box-shadow: -3px 3px 3px #666; border-radius: 10px; padding: 10px;"><b>File Details</b><br />size: '.strlen(GOTMLS_htmlspecialchars($GLOBALS["GOTMLS"]["tmp"]["file_contents"])).' bytes<br />infected:'.$Q_post["post_modified_gmt"].'<br />encoding: '.(isset($GLOBALS["GOTMLS"]["tmp"]["encoding"])?$GLOBALS["GOTMLS"]["tmp"]["encoding"]:(function_exists("mb_detect_encoding")?mb_detect_encoding($GLOBALS["GOTMLS"]["tmp"]["file_contents"]):"Unknown")).'<br />quarantined:'.$Q_post["post_date_gmt"].'</div><div style="overflow: auto;"><span onmouseover="document.getElementById(\'fileperms\').style.display=\'block\';" onmouseout="document.getElementById(\'fileperms\').style.display=\'none\';">'.__("File Details:",'gotmls').'</span> ('.$fa.' )</div></td></tr><tr><td style="height: 100%"><textarea id="ta_file" style="width: 100%; height: 100%">'.GOTMLS_htmlentities(str_replace("\r", "", $GLOBALS["GOTMLS"]["tmp"]["file_contents"])).'</textarea></td></tr></table>');
1767	} else
1768	+ die(GOTMLS_html_tags(array("html" => array("body" => __("This record no longer exists in the quarantine.",'gotmls')."<br />\n<script type=\"text/javascript\">\nif (typeof window.parent.showhide === 'function') window.parent.showhide('GOTMLS_iFrame', true);\n</script>"))));
1769	} else {
1770	$file = GOTMLS_decode($_GET["GOTMLS_scan"]);
1771	if (is_numeric($file))

1797	if ($start > $end)
1798	$fa .= 'ERROR['.($f++).']: Threat_size{'.$threats_found.'} Content_size{'.strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]).'}';
1799	else
1800	+ $fa .= ' <a title="'.GOTMLS_htmlspecialchars($threats_name).'" href="javascript:select_text_range(\'ta_file\', '.$start.', '.$end.');">['.$f++.']</a>';
1801	}
1802	} else
1803	$fa = " No Threats Found";
1804	+ die("\n$script_form".admin_url('admin-ajax.php?'.GOTMLS_set_nonce(__FUNCTION__."1821")).'" onsubmit="return confirm(\''.__("Are you sure this file is not infected and you want to ignore it in future scans?",'gotmls').'\');"><input type="hidden" name="GOTMLS_whitelist" value="'.GOTMLS_encode($file).'"><input type="hidden" name="action" value="GOTMLS_whitelist"><input type="hidden" name="GOTMLS_chksum" value="'.md5($GLOBALS["GOTMLS"]["tmp"]["file_contents"]).'O'.GOTMLS_installation_key.'"><input type="submit" value="Whitelist this file" style="float: right;"></form>'.GOTMLS_file_details($file).'<div style="overflow: auto;"><span onmouseover="document.getElementById(\'file_details_'.md5($file).'\').style.display=\'block\';" onmouseout="document.getElementById(\'file_details_'.md5($file).'\').style.display=\'none\';">'.__("Potential threats in file:",'gotmls').'</span> ('.$fa.' )</div></td></tr><tr><td style="height: 100%"><textarea id="ta_file" style="width: 100%; height: 100%">'.GOTMLS_htmlentities(str_replace("\r", "", $GLOBALS["GOTMLS"]["tmp"]["file_contents"])).'</textarea></td></tr></table>');
1805	} else
1806	+ die(GOTMLS_html_tags(array("html" => array("body" => sprintf(__("The file %s does not exist, it must have already been deleted.",'gotmls'), GOTMLS_htmlspecialchars($file))."<script type=\"text/javascript\">\nif (typeof window.parent.showhide === 'function') window.parent.showhide('GOTMLS_iFrame', true);\n</script>"))));
1807	}
1808	} else
1809	die("\n//Directory Error: Nothing to scan!\n");

readme.txt CHANGED Viewed

	@@ -5,10 +5,10 @@ Author URI: http://wordpress.ieonly.com/category/my-plugins/anti-malware/
5	Contributors: scheeeli, gotmls
6	Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
7	Tags: security, firewall, anti-malware, scanner, automatic, repair, remove, malware, virus, threat, hacked, malicious, infection, timthumb, exploit, block, brute-force, wp-login, patch, antimalware, revslider, Revolution Slider
8	- Version: 4.18.52
9	- Stable tag: 4.18.52
10	Requires at least: 3.3
11	- Tested up to: 5.0.2
12
13	This Anti-Malware scanner searches for Malware, Viruses, and other security threats and vulnerabilities on your server and it helps you fix them.
14
	@@ -27,7 +27,7 @@ This Anti-Malware scanner searches for Malware, Viruses, and other security thre
27	* Check the integrity of your WordPress Core files.
28	* Automatically download new Definition Updates when running a Complete Scan.
29
30	- Updated ~~December~~ ~~31st~~
31
32	Register this plugin at [GOTMLS.NET](http://gotmls.net/) and get access to new definitions of "Known Threats" and added features like Automatic Removal, plus patches for specific security vulnerabilities like old versions of timthumb. Updated definition files can be downloaded automatically within the admin once your Key is registered. Otherwise, this plugin just scans for "Potential Threats" and leaves it up to you to identify and remove the malicious ones.
33
	@@ -94,6 +94,12 @@ sucuri.net caches their scan results and will not refresh the scan until you cli
94
95	== Changelog ==
96






97	= 4.18.52 =
98	* Added a whole new DB Scan category that looks for links and scripts injected directly into the database content and removes them.
99	* Updated Firewall landing page for HTTPS compatibility.
	@@ -350,6 +356,9 @@ sucuri.net caches their scan results and will not refresh the scan until you cli
350
351	== Upgrade Notice ==
352



353	= 4.18.52 =
354	Added a whole new DB Scan category, updated Firewall landing page, removed some old code that was no longer needed, clear cache files before running the Complete Scan,, and updated code for compatibility with WP 5.0.2 (latest release).
355


5	Contributors: scheeeli, gotmls
6	Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
7	Tags: security, firewall, anti-malware, scanner, automatic, repair, remove, malware, virus, threat, hacked, malicious, infection, timthumb, exploit, block, brute-force, wp-login, patch, antimalware, revslider, Revolution Slider
8	+ Version: 4.18.62
9	+ Stable tag: 4.18.62
10	Requires at least: 3.3
11	+ Tested up to: 5.1.1
12
13	This Anti-Malware scanner searches for Malware, Viruses, and other security threats and vulnerabilities on your server and it helps you fix them.
14

27	* Check the integrity of your WordPress Core files.
28	* Automatically download new Definition Updates when running a Complete Scan.
29
30	+ Updated Mar 16th
31
32	Register this plugin at [GOTMLS.NET](http://gotmls.net/) and get access to new definitions of "Known Threats" and added features like Automatic Removal, plus patches for specific security vulnerabilities like old versions of timthumb. Updated definition files can be downloaded automatically within the admin once your Key is registered. Otherwise, this plugin just scans for "Potential Threats" and leaves it up to you to identify and remove the malicious ones.
33

94
95	== Changelog ==
96
97	+ = 4.18.62 =
98	+ * Fixed a bug in the Firewall that prevented some iPad devices from logging in.
99	+ * Fixed an encoding bug that prevented the Examine File window from dispaying some file formats.
100	+ * Restored the File Details window in the Examine File window.
101	+ * Updated code for compatibility with WP 5.1.1 (latest release).
102	+
103	= 4.18.52 =
104	* Added a whole new DB Scan category that looks for links and scripts injected directly into the database content and removes them.
105	* Updated Firewall landing page for HTTPS compatibility.

356
357	== Upgrade Notice ==
358
359	+ = 4.18.62 =
360	+ Fixed a few minor bugs and updated code for compatibility with WP 5.1.1 (latest release).
361	+
362	= 4.18.52 =
363	Added a whole new DB Scan category, updated Firewall landing page, removed some old code that was no longer needed, clear cache files before running the Complete Scan,, and updated code for compatibility with WP 5.0.2 (latest release).
364

safe-load/wp-login.php CHANGED Viewed

	@@ -57,7 +57,7 @@ if ((GOTMLS_REQUEST_METHOD == "POST") && isset($_POST["log"]) && isset($_POST["p
57	$GLOBALS["GOTMLS"]["detected_attacks"] .= '&attack[]=NO_REMOTE_ADDR';
58	if (!isset($_SERVER["HTTP_USER_AGENT"]))
59	$GLOBALS["GOTMLS"]["detected_attacks"] .= '&attack[]=NO_HTTP_USER_AGENT';
60	- if (!isset($_SERVER["HTTP_REFERER"]))
61	$GLOBALS["GOTMLS"]["detected_attacks"] .= '&attack[]=NO_HTTP_REFERER';
62	if (!$GLOBALS["GOTMLS"]["detected_attacks"]) {
63	if (isset($_SESSION["GOTMLS_login_attempts"]) && is_numeric($_SESSION["GOTMLS_login_attempts"]) && strlen($_SESSION["GOTMLS_login_attempts"]."") > 0)
	@@ -91,4 +91,4 @@ if ((GOTMLS_REQUEST_METHOD == "POST") && isset($_POST["log"]) && isset($_POST["p
91	$_SESSION["GOTMLS_detected_attacks"] = '';
92	$_SESSION["GOTMLS_login_attempts"] = 0;
93	}
94	- }


57	$GLOBALS["GOTMLS"]["detected_attacks"] .= '&attack[]=NO_REMOTE_ADDR';
58	if (!isset($_SERVER["HTTP_USER_AGENT"]))
59	$GLOBALS["GOTMLS"]["detected_attacks"] .= '&attack[]=NO_HTTP_USER_AGENT';
60	+ if (!isset($_SERVER["HTTP_REFERER"]) && !(isset($_SERVER["HTTP_USER_AGENT"]) && substr($_SERVER["HTTP_USER_AGENT"], 0, 18) == "Mozilla/5.0 (iPad;"))
61	$GLOBALS["GOTMLS"]["detected_attacks"] .= '&attack[]=NO_HTTP_REFERER';
62	if (!$GLOBALS["GOTMLS"]["detected_attacks"]) {
63	if (isset($_SESSION["GOTMLS_login_attempts"]) && is_numeric($_SESSION["GOTMLS_login_attempts"]) && strlen($_SESSION["GOTMLS_login_attempts"]."") > 0)

91	$_SESSION["GOTMLS_detected_attacks"] = '';
92	$_SESSION["GOTMLS_login_attempts"] = 0;
93	}
94	+ }

safe-load/wp-settings.php CHANGED Viewed

	@@ -32,7 +32,7 @@ function mbstring_binary_safe_encoding( $reset = false ) {
32	static $overloaded = null;
33
34	if ( is_null( $overloaded ) )
35	- $overloaded = function_exists( 'mb_internal_encoding' ) && ( ini_get( 'mbstring.~~func_overload~~' ) & 2 );
36
37	if ( false === $overloaded )
38	return;


32	static $overloaded = null;
33
34	if ( is_null( $overloaded ) )
35	+ $overloaded = function_exists( 'mb_internal_encoding' ) && ( ini_get( 'mbstring.func_'.'overload' ) & 2 );
36
37	if ( false === $overloaded )
38	return;

Anti-Malware Security and Brute-Force Firewall - Version 4.18.62

Version Description

Release Info

Code changes from version 4.18.52 to 4.18.62