Anti-Malware Security and Brute-Force Firewall - Version 4.18.74

Version Description

  • Fixed a bug in the Nonce Token Errors that was created by changes in the last release.
Download this release

Release Info

Developer scheeeli
Plugin Icon 128x128 Anti-Malware Security and Brute-Force Firewall
Version 4.18.74
Comparing to
See all releases

Code changes from version 4.18.71 to 4.18.74

Files changed (3) hide show
  1. images/index.php +52 -36
  2. index.php +24 -20
  3. readme.txt +9 -3
images/index.php CHANGED
@@ -183,7 +183,7 @@ GOTMLS_define("GOTMLS_update_home", "//updates.gotmls.net/".GOTMLS_installation_
183
 
184
  if (!function_exists("GOTMLS_Invalid_Nonce")) {
185
  function GOTMLS_Invalid_Nonce($pre = "//Error: ") {
186
- return $pre.__("Invalid or expired Nonce Token!",'gotmls').(isset($_REQUEST["GOTMLS_mt"])?(GOTMLS_htmlspecialchars($_REQUEST["GOTMLS_mt"]).((strlen($_REQUEST["GOTMLS_mt"]) == 32)?(isset($GLOBALS["GOTMLS"]["tmp"]["nonce"][$_REQUEST["GOTMLS_mt"]])?$GLOBALS["GOTMLS"]["tmp"]["nonce"][$_REQUEST["GOTMLS_mt"]]:" !found"):" !len(".strlen($_REQUEST["GOTMLS_mt"]).")")):" GOTMLS_mt !set");
187
  }}
188
 
189
  if (!function_exists("GOTMLS_set_nonce")) {
@@ -1427,43 +1427,59 @@ function GOTMLS_scan_log() {
1427
 
1428
  function GOTMLS_get_URL($URL) {
1429
  $response = "";
1430
- $GLOBALS["GOTMLS"]["get_URL"] = array("URL" => $URL);
1431
- if (function_exists($method = "wp_remote_get")) {
1432
- $GLOBALS["GOTMLS"]["get_URL"][$method] = wp_remote_get($URL, array("sslverify" => false));
1433
- if (200 == wp_remote_retrieve_response_code($GLOBALS["GOTMLS"]["get_URL"][$method]))
1434
- $response = wp_remote_retrieve_body($GLOBALS["GOTMLS"]["get_URL"][$method]);
1435
- }
1436
- if (strlen($response) == 0 && function_exists($method = "curl_exec")) {
1437
- $curl_hndl = curl_init();
1438
- curl_setopt($curl_hndl, CURLOPT_URL, $URL);
1439
- curl_setopt($curl_hndl, CURLOPT_TIMEOUT, 30);
1440
- if (isset($_SERVER['HTTP_REFERER']))
1441
- $SERVER_HTTP_REFERER = $_SERVER['HTTP_REFERER'];
1442
- elseif (isset($_SERVER['HTTP_HOST']))
1443
- $SERVER_HTTP_REFERER = 'HOST://'.$_SERVER['HTTP_HOST'];
1444
- elseif (isset($_SERVER['SERVER_NAME']))
1445
- $SERVER_HTTP_REFERER = 'NAME://'.$_SERVER['SERVER_NAME'];
1446
- elseif (isset($_SERVER['SERVER_ADDR']))
1447
- $SERVER_HTTP_REFERER = 'ADDR://'.$_SERVER['SERVER_ADDR'];
1448
- else
1449
- $SERVER_HTTP_REFERER = 'NULL://not.anything.com';
1450
- curl_setopt($curl_hndl, CURLOPT_REFERER, $SERVER_HTTP_REFERER);
1451
- if (isset($_SERVER['HTTP_USER_AGENT']))
1452
- curl_setopt($curl_hndl, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT']);
1453
- curl_setopt($curl_hndl, CURLOPT_HEADER, 0);
1454
- curl_setopt($curl_hndl, CURLOPT_RETURNTRANSFER, TRUE);
1455
- if (!($response = curl_exec($curl_hndl)))
1456
- $GLOBALS["GOTMLS"]["get_URL"][$method] = curl_error($curl_hndl);
1457
- curl_close($curl_hndl);
1458
- }
1459
- if (strlen($response) == 0 && function_exists($method = "file_get_contents")) {
1460
- try {
1461
- $response = @file_get_contents($URL).'';
1462
- } catch(Exception $e) {
1463
- $GLOBALS["GOTMLS"]["get_URL"][$method] = $e->getTrace();
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1464
  }
 
 
1465
  }
1466
  if (isset($_GET["GOTMLS_debug"]) && (strlen($response) == 0 || $_GET["GOTMLS_debug"] == "GOTMLS_get_URL"))
1467
- print_r(array("$method:".strlen($response)=>$GLOBALS["GOTMLS"]["get_URL"]));
1468
  return $response;
1469
  }
183
 
184
  if (!function_exists("GOTMLS_Invalid_Nonce")) {
185
  function GOTMLS_Invalid_Nonce($pre = "//Error: ") {
186
+ return $pre.__("Invalid or expired Nonce Token!",'gotmls').(isset($_REQUEST["GOTMLS_mt"])?(" (".GOTMLS_htmlspecialchars($_REQUEST["GOTMLS_mt"]).((strlen($_REQUEST["GOTMLS_mt"]) == 32)?(isset($GLOBALS["GOTMLS"]["tmp"]["nonce"][$_REQUEST["GOTMLS_mt"]])?$GLOBALS["GOTMLS"]["tmp"]["nonce"][$_REQUEST["GOTMLS_mt"]]:" !found)"):" !len[".strlen($_REQUEST["GOTMLS_mt"])."])")):" (GOTMLS_mt !set)").__("Refresh and try again?",'gotmls');
187
  }}
188
 
189
  if (!function_exists("GOTMLS_set_nonce")) {
1427
 
1428
  function GOTMLS_get_URL($URL) {
1429
  $response = "";
1430
+ $GLOBALS["GOTMLS"]["get_URL"] = get_option('GOTMLS_get_URL_array', array());
1431
+ $min = round($GLOBALS["GOTMLS"]["tmp"]["mt"]/60);
1432
+ if (is_array($GLOBALS["GOTMLS"]["get_URL"])) {
1433
+ foreach ($GLOBALS["GOTMLS"]["get_URL"] as $URI => $property)
1434
+ if (!(isset($property["time"]) && is_numeric($property["time"]) && ($property["time"] + 60) > $min))
1435
+ unset($GLOBALS["GOTMLS"]["get_URL"]["$URI"]);
1436
+ } else
1437
+ $GLOBALS["GOTMLS"]["get_URL"] = array();
1438
+ $URI = md5(preg_replace('/GOTMLS_mt[\[\]]*=[0-9a-f]*/i', "", $URL));
1439
+ if (isset($GLOBALS["GOTMLS"]["get_URL"]["$URI"]["response"]) && strlen($GLOBALS["GOTMLS"]["get_URL"]["$URI"]["response"])) {
1440
+ $method = "cached";
1441
+ $response = $GLOBALS["GOTMLS"]["get_URL"]["$URI"]["response"];
1442
+ } else {
1443
+ $GLOBALS["GOTMLS"]["get_URL"]["$URI"] = array("time" => $min);
1444
+ if (function_exists($method = "wp_remote_get")) {
1445
+ $GLOBALS["GOTMLS"]["get_URL"]["$URI"][$method] = wp_remote_get($URL, array("sslverify" => false));
1446
+ if (200 == wp_remote_retrieve_response_code($GLOBALS["GOTMLS"]["get_URL"]["$URI"][$method]))
1447
+ $response = wp_remote_retrieve_body($GLOBALS["GOTMLS"]["get_URL"]["$URI"][$method]);
1448
+ }
1449
+ if (strlen($response) == 0 && function_exists($method = "curl_exec")) {
1450
+ $curl_hndl = curl_init();
1451
+ curl_setopt($curl_hndl, CURLOPT_URL, $URL);
1452
+ curl_setopt($curl_hndl, CURLOPT_TIMEOUT, 30);
1453
+ if (isset($_SERVER['HTTP_REFERER']))
1454
+ $SERVER_HTTP_REFERER = $_SERVER['HTTP_REFERER'];
1455
+ elseif (isset($_SERVER['HTTP_HOST']))
1456
+ $SERVER_HTTP_REFERER = 'HOST://'.$_SERVER['HTTP_HOST'];
1457
+ elseif (isset($_SERVER['SERVER_NAME']))
1458
+ $SERVER_HTTP_REFERER = 'NAME://'.$_SERVER['SERVER_NAME'];
1459
+ elseif (isset($_SERVER['SERVER_ADDR']))
1460
+ $SERVER_HTTP_REFERER = 'ADDR://'.$_SERVER['SERVER_ADDR'];
1461
+ else
1462
+ $SERVER_HTTP_REFERER = 'NULL://not.anything.com';
1463
+ curl_setopt($curl_hndl, CURLOPT_REFERER, $SERVER_HTTP_REFERER);
1464
+ if (isset($_SERVER['HTTP_USER_AGENT']))
1465
+ curl_setopt($curl_hndl, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT']);
1466
+ curl_setopt($curl_hndl, CURLOPT_HEADER, 0);
1467
+ curl_setopt($curl_hndl, CURLOPT_RETURNTRANSFER, TRUE);
1468
+ if (!($response = curl_exec($curl_hndl)))
1469
+ $GLOBALS["GOTMLS"]["get_URL"]["$URI"][$method] = curl_error($curl_hndl);
1470
+ curl_close($curl_hndl);
1471
+ }
1472
+ if (strlen($response) == 0 && function_exists($method = "file_get_contents")) {
1473
+ try {
1474
+ $response = @file_get_contents($URL).'';
1475
+ } catch(Exception $e) {
1476
+ $GLOBALS["GOTMLS"]["get_URL"]["$URI"][$method] = $e->getTrace();
1477
+ }
1478
  }
1479
+ $GLOBALS["GOTMLS"]["get_URL"]["$URI"]["response"] = $response;
1480
+ update_option('GOTMLS_get_URL_array', $GLOBALS["GOTMLS"]["get_URL"]);
1481
  }
1482
  if (isset($_GET["GOTMLS_debug"]) && (strlen($response) == 0 || $_GET["GOTMLS_debug"] == "GOTMLS_get_URL"))
1483
+ print_r(array("$method $URI:".strlen($response)=>htmlspecialchars($GLOBALS["GOTMLS"]["get_URL"]["$URI"]["time"]." ~ $min: ".count($GLOBALS["GOTMLS"]["get_URL"]))));
1484
  return $response;
1485
  }
index.php CHANGED
@@ -8,7 +8,7 @@ Author URI: http://wordpress.ieonly.com/category/my-plugins/anti-malware/
8
  Contributors: scheeeli, gotmls
9
  Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
10
  Description: This Anti-Virus/Anti-Malware plugin searches for Malware and other Virus like threats and vulnerabilities on your server and helps you remove them. It's always growing and changing to adapt to new threats so let me know if it's not working for you.
11
- Version: 4.18.71
12
  */
13
  if (isset($_SERVER["DOCUMENT_ROOT"]) && ($SCRIPT_FILE = str_replace($_SERVER["DOCUMENT_ROOT"], "", isset($_SERVER["SCRIPT_FILENAME"])?$_SERVER["SCRIPT_FILENAME"]:isset($_SERVER["SCRIPT_NAME"])?$_SERVER["SCRIPT_NAME"]:"")) && strlen($SCRIPT_FILE) > strlen("/".basename(__FILE__)) && substr(__FILE__, -1 * strlen($SCRIPT_FILE)) == substr($SCRIPT_FILE, -1 * strlen(__FILE__)))
14
  include(dirname(__FILE__)."/safe-load/index.php");
@@ -104,7 +104,7 @@ function GOTMLS_display_header($optional_box = "") {
104
  echo '<style>#GOTMLS-right-sidebar {float: right; margin-right: 0px;}';
105
  $Update_Definitions = array(GOTMLS_update_home.'definitions.js'.$GLOBALS["GOTMLS"]["tmp"]["Definition"]["Updates"].'&ver='.GOTMLS_Version.'&wp='.GOTMLS_wp_version.'&'.GOTMLS_set_nonce(__FUNCTION__."108").'&d='.ur1encode(GOTMLS_siteurl));
106
  if (isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["auto_UPDATE_definitions"]) && $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["auto_UPDATE_definitions"])
107
- array_unshift($Update_Definitions, admin_url('admin-ajax.php?action=GOTMLS_auto_update&'.GOTMLS_set_nonce(__FUNCTION__."109").'&UPDATE_definitions_array=1'));
108
  else
109
  $Update_Definitions[] = str_replace("//", "//www.", $Update_Definitions[0]);
110
  $Update_Link = '<div style="text-align: center;"><a href="';
@@ -696,7 +696,7 @@ function GOTMLS_get_quarantine($only = false) {
696
  }
697
 
698
  function GOTMLS_View_Quarantine() {
699
- GOTMLS_ajax_auto_update();
700
  $echo = GOTMLS_box($Q_Page = __("White-lists",'gotmls'), GOTMLS_get_whitelists());
701
  if (!isset($_GET['Whitelists']))
702
  $echo .= "\n<script>\nshowhide('inside_".md5($Q_Page)."');\n</script>\n";
@@ -707,7 +707,7 @@ function GOTMLS_View_Quarantine() {
707
 
708
  function GOTMLS_Firewall_Options() {
709
  global $current_user, $wpdb, $table_prefix;
710
- GOTMLS_ajax_auto_update();
711
  GOTMLS_display_header();
712
  $GOTMLS_nonce_found = GOTMLS_get_nonce();
713
  $gt = ">";
@@ -888,8 +888,9 @@ function GOTMLS_get_registrant($you) {
888
  return $registrant;
889
  }
890
 
891
- function GOTMLS_ajax_auto_update() {
892
  global $wpdb;
 
893
  $GOTMLS_definitions_versions = array();
894
  $user_info = array();
895
  $saved = false;
@@ -898,21 +899,22 @@ function GOTMLS_ajax_auto_update() {
898
  $form = 'registerKeyForm';
899
  $innerHTML = "<li style=\\\"color: #f00\\\">Your Installation Key could not be confirmed!</li>";
900
  $autoUpJS = '<span style="color: #C00;">This new feature is currently only available to registered users who have donated above the default level.</span><br />';
901
- foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"] as $threat_level=>$definition_names)
902
- foreach ($definition_names as $definition_name=>$definition_version)
903
- if (is_array($definition_version) && isset($definition_version[0]) && strlen($definition_version[0]) == 5)
904
- if (!isset($GOTMLS_definitions_versions[$threat_level]) || $definition_version[0] > $GOTMLS_definitions_versions[$threat_level])
905
- $GOTMLS_definitions_versions[$threat_level] = $definition_version[0];
 
906
  asort($GOTMLS_definitions_versions);
907
- if (isset($_REQUEST["UPDATE_definitions_array"]) && strlen($_REQUEST["UPDATE_definitions_array"]) && GOTMLS_get_nonce()) {
908
  $DEF_url = 'http:'.GOTMLS_update_home.'definitions.php?ver='.GOTMLS_Version.'&wp='.GOTMLS_wp_version.'&'.GOTMLS_set_nonce(__FUNCTION__."870").'&d='.ur1encode(GOTMLS_siteurl);
909
- if (strlen($_REQUEST["UPDATE_definitions_array"]) > 1) {
910
  $GOTnew_definitions = maybe_unserialize(GOTMLS_decode($_REQUEST["UPDATE_definitions_array"]));
911
  if (is_array($GOTnew_definitions)) {
912
  $form = 'autoUpdateDownload';
913
  $GLOBALS["GOTMLS"]["tmp"]["onLoad"] .= "updates_complete('Downloaded Definitions');";
914
  }
915
- } elseif ($_REQUEST["UPDATE_definitions_array"] == "D") {
916
  $GLOBALS["GOTMLS"]["tmp"]["definitions_array"] = array();
917
  $GOTnew_definitions = array();
918
  } elseif (($DEF = GOTMLS_get_URL($DEF_url)) && is_array($GOTnew_definitions = maybe_unserialize(GOTMLS_decode($DEF))) && count($GOTnew_definitions)) {
@@ -947,7 +949,7 @@ function GOTMLS_ajax_auto_update() {
947
  if (isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["backdoor"]))
948
  unset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["backdoor"]);
949
  } else
950
- $innerHTML = "<li style=\\\"color: #f00\\\">".GOTMLS_Invalid_Nonce("Nonce Error")."</li>";
951
  if (isset($GOTnew_definitions) && is_array($GOTnew_definitions)) {
952
  $GLOBALS["GOTMLS"]["tmp"]["definitions_array"] = GOTMLS_array_replace($GLOBALS["GOTMLS"]["tmp"]["definitions_array"], $GOTnew_definitions);
953
  if (file_exists(GOTMLS_plugin_path.'definitions_update.txt'))
@@ -971,14 +973,17 @@ function GOTMLS_ajax_auto_update() {
971
  $autoUpJS .= '<span style="color: #0C0;">(No newer Definition Updates are available at this time.)</span>';
972
  $innerHTML .= "<li style=\\\"color: #0C0\\\">No Newer Definition Updates Available.</li>";
973
  }
974
- if (isset($_SERVER["SCRIPT_FILENAME"]) && preg_match('/\/admin-ajax\.php/i', $_SERVER["SCRIPT_FILENAME"]) && isset($_REQUEST["action"]) && $_REQUEST["action"] == "GOTMLS_auto_update") {
975
  if (!$user_donations_src)
976
  $li = "<li style=\\\"color: #f00;\\\">You have not donated yet!</li>";
977
  if (strlen($moreJS) == 0)
978
  $moreJS = 'if (foundUpdates = document.getElementById("check_wp_core_div_NA"))
979
  foundUpdates.innerHTML = "<a href=\'javascript:document.ppdform.submit();\' onclick=\'document.ppdform.amount.value=32;\' style=\'color: #f00;\'>Donate $29+ now then enable Automatic Definition Updates to Scan for Core Files changes.</a>";';
980
  $moreJS .= "\n\tif (foundUpdates = document.getElementById('pastDonations'))\n\tfoundUpdates.innerHTML = '$li';";
981
- @header("Content-type: text/javascript");
 
 
 
982
  if (is_array($GOTMLS_definitions_versions) && count($GOTMLS_definitions_versions) && (strlen($new_ver = trim(array_pop($GOTMLS_definitions_versions))) == 5) && $saved) {
983
  $innerHTML .= "<li style=\\\"color: #0C0\\\">New Definition Updates Installed.</li>";
984
  $finJS .= "\nif (foundUpdates = document.getElementById('GOTMLS_definitions_date')) foundUpdates.innerHTML = '$new_ver';";
@@ -1028,7 +1033,7 @@ function GOTMLS_settings() {
1028
  $GOTMLS_scan_groups = array();
1029
  $gt = ">";
1030
  $lt = "<";
1031
- GOTMLS_ajax_auto_update();
1032
  if (($GOTMLS_nonce_found = GOTMLS_get_nonce()) && isset($_REQUEST["check"]) && is_array($_REQUEST["check"]))
1033
  $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"] = $_REQUEST["check"];
1034
  /* removed old code */
@@ -1537,7 +1542,7 @@ function GOTMLS_init() {
1537
  $scan_level = intval($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"]);
1538
  else
1539
  $scan_level = count(explode('/', trailingslashit(GOTMLS_siteurl))) - 1;
1540
- $ajax_functions = array('auto_update', 'empty_trash', 'fix', 'logintime', 'lognewkey', 'position', 'scan', 'whitelist');
1541
  if (GOTMLS_get_nonce()) {
1542
  if (isset($_REQUEST["dont_check"]) && is_array($_REQUEST["dont_check"]) && count($_REQUEST["dont_check"]))
1543
  $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"] = $_REQUEST["dont_check"];
@@ -1559,7 +1564,7 @@ function GOTMLS_init() {
1559
  } else {
1560
  foreach ($ajax_functions as $ajax_function) {
1561
  add_action("wp_ajax_GOTMLS_$ajax_function", "GOTMLS_ajax_nopriv");
1562
- add_action("wp_ajax_nopriv_GOTMLS_$ajax_function", "GOTMLS_ajax_nopriv");
1563
  }
1564
  }
1565
  if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"]))
@@ -1854,4 +1859,3 @@ if (typeof window.parent.showhide === "function")
1854
  function GOTMLS_ajax_nopriv() {
1855
  die("\n//Permission Error: User not authenticated!\n");
1856
  }
1857
-
8
  Contributors: scheeeli, gotmls
9
  Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
10
  Description: This Anti-Virus/Anti-Malware plugin searches for Malware and other Virus like threats and vulnerabilities on your server and helps you remove them. It's always growing and changing to adapt to new threats so let me know if it's not working for you.
11
+ Version: 4.18.74
12
  */
13
  if (isset($_SERVER["DOCUMENT_ROOT"]) && ($SCRIPT_FILE = str_replace($_SERVER["DOCUMENT_ROOT"], "", isset($_SERVER["SCRIPT_FILENAME"])?$_SERVER["SCRIPT_FILENAME"]:isset($_SERVER["SCRIPT_NAME"])?$_SERVER["SCRIPT_NAME"]:"")) && strlen($SCRIPT_FILE) > strlen("/".basename(__FILE__)) && substr(__FILE__, -1 * strlen($SCRIPT_FILE)) == substr($SCRIPT_FILE, -1 * strlen(__FILE__)))
14
  include(dirname(__FILE__)."/safe-load/index.php");
104
  echo '<style>#GOTMLS-right-sidebar {float: right; margin-right: 0px;}';
105
  $Update_Definitions = array(GOTMLS_update_home.'definitions.js'.$GLOBALS["GOTMLS"]["tmp"]["Definition"]["Updates"].'&ver='.GOTMLS_Version.'&wp='.GOTMLS_wp_version.'&'.GOTMLS_set_nonce(__FUNCTION__."108").'&d='.ur1encode(GOTMLS_siteurl));
106
  if (isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["auto_UPDATE_definitions"]) && $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["auto_UPDATE_definitions"])
107
+ array_unshift($Update_Definitions, admin_url('admin-ajax.php?action=GOTMLS_load_update&'.GOTMLS_set_nonce(__FUNCTION__."109").'&UPDATE_definitions_array=1'));
108
  else
109
  $Update_Definitions[] = str_replace("//", "//www.", $Update_Definitions[0]);
110
  $Update_Link = '<div style="text-align: center;"><a href="';
696
  }
697
 
698
  function GOTMLS_View_Quarantine() {
699
+ GOTMLS_ajax_load_update();
700
  $echo = GOTMLS_box($Q_Page = __("White-lists",'gotmls'), GOTMLS_get_whitelists());
701
  if (!isset($_GET['Whitelists']))
702
  $echo .= "\n<script>\nshowhide('inside_".md5($Q_Page)."');\n</script>\n";
707
 
708
  function GOTMLS_Firewall_Options() {
709
  global $current_user, $wpdb, $table_prefix;
710
+ GOTMLS_ajax_load_update();
711
  GOTMLS_display_header();
712
  $GOTMLS_nonce_found = GOTMLS_get_nonce();
713
  $gt = ">";
888
  return $registrant;
889
  }
890
 
891
+ function GOTMLS_ajax_load_update() {
892
  global $wpdb;
893
+ $GOTMLS_nonce_found = GOTMLS_get_nonce();
894
  $GOTMLS_definitions_versions = array();
895
  $user_info = array();
896
  $saved = false;
899
  $form = 'registerKeyForm';
900
  $innerHTML = "<li style=\\\"color: #f00\\\">Your Installation Key could not be confirmed!</li>";
901
  $autoUpJS = '<span style="color: #C00;">This new feature is currently only available to registered users who have donated above the default level.</span><br />';
902
+ if (is_array($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]))
903
+ foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"] as $threat_level=>$definition_names)
904
+ foreach ($definition_names as $definition_name=>$definition_version)
905
+ if (is_array($definition_version) && isset($definition_version[0]) && strlen($definition_version[0]) == 5)
906
+ if (!isset($GOTMLS_definitions_versions[$threat_level]) || $definition_version[0] > $GOTMLS_definitions_versions[$threat_level])
907
+ $GOTMLS_definitions_versions[$threat_level] = $definition_version[0];
908
  asort($GOTMLS_definitions_versions);
909
+ if (isset($_REQUEST["UPDATE_definitions_array"]) && strlen($_REQUEST["UPDATE_definitions_array"])) {
910
  $DEF_url = 'http:'.GOTMLS_update_home.'definitions.php?ver='.GOTMLS_Version.'&wp='.GOTMLS_wp_version.'&'.GOTMLS_set_nonce(__FUNCTION__."870").'&d='.ur1encode(GOTMLS_siteurl);
911
+ if (strlen($_REQUEST["UPDATE_definitions_array"]) > 1 && $GOTMLS_nonce_found) {
912
  $GOTnew_definitions = maybe_unserialize(GOTMLS_decode($_REQUEST["UPDATE_definitions_array"]));
913
  if (is_array($GOTnew_definitions)) {
914
  $form = 'autoUpdateDownload';
915
  $GLOBALS["GOTMLS"]["tmp"]["onLoad"] .= "updates_complete('Downloaded Definitions');";
916
  }
917
+ } elseif ($_REQUEST["UPDATE_definitions_array"] == "D" && $GOTMLS_nonce_found) {
918
  $GLOBALS["GOTMLS"]["tmp"]["definitions_array"] = array();
919
  $GOTnew_definitions = array();
920
  } elseif (($DEF = GOTMLS_get_URL($DEF_url)) && is_array($GOTnew_definitions = maybe_unserialize(GOTMLS_decode($DEF))) && count($GOTnew_definitions)) {
949
  if (isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["backdoor"]))
950
  unset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["backdoor"]);
951
  } else
952
+ $innerHTML = "<li style=\\\"color: #f00\\\">".__("definitions_array not set!", 'gotmls')."</li>";
953
  if (isset($GOTnew_definitions) && is_array($GOTnew_definitions)) {
954
  $GLOBALS["GOTMLS"]["tmp"]["definitions_array"] = GOTMLS_array_replace($GLOBALS["GOTMLS"]["tmp"]["definitions_array"], $GOTnew_definitions);
955
  if (file_exists(GOTMLS_plugin_path.'definitions_update.txt'))
973
  $autoUpJS .= '<span style="color: #0C0;">(No newer Definition Updates are available at this time.)</span>';
974
  $innerHTML .= "<li style=\\\"color: #0C0\\\">No Newer Definition Updates Available.</li>";
975
  }
976
+ if (isset($_SERVER["SCRIPT_FILENAME"]) && preg_match('/\/admin-ajax\.php/i', $_SERVER["SCRIPT_FILENAME"]) && isset($_REQUEST["action"]) && $_REQUEST["action"] == "GOTMLS_load_update") {
977
  if (!$user_donations_src)
978
  $li = "<li style=\\\"color: #f00;\\\">You have not donated yet!</li>";
979
  if (strlen($moreJS) == 0)
980
  $moreJS = 'if (foundUpdates = document.getElementById("check_wp_core_div_NA"))
981
  foundUpdates.innerHTML = "<a href=\'javascript:document.ppdform.submit();\' onclick=\'document.ppdform.amount.value=32;\' style=\'color: #f00;\'>Donate $29+ now then enable Automatic Definition Updates to Scan for Core Files changes.</a>";';
982
  $moreJS .= "\n\tif (foundUpdates = document.getElementById('pastDonations'))\n\tfoundUpdates.innerHTML = '$li';";
983
+ if ($GOTMLS_nonce_found)
984
+ @header("Content-type: text/javascript");
985
+ else
986
+ die(GOTMLS_Invalid_Nonce("Nonce Error: "));
987
  if (is_array($GOTMLS_definitions_versions) && count($GOTMLS_definitions_versions) && (strlen($new_ver = trim(array_pop($GOTMLS_definitions_versions))) == 5) && $saved) {
988
  $innerHTML .= "<li style=\\\"color: #0C0\\\">New Definition Updates Installed.</li>";
989
  $finJS .= "\nif (foundUpdates = document.getElementById('GOTMLS_definitions_date')) foundUpdates.innerHTML = '$new_ver';";
1033
  $GOTMLS_scan_groups = array();
1034
  $gt = ">";
1035
  $lt = "<";
1036
+ GOTMLS_ajax_load_update();
1037
  if (($GOTMLS_nonce_found = GOTMLS_get_nonce()) && isset($_REQUEST["check"]) && is_array($_REQUEST["check"]))
1038
  $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"] = $_REQUEST["check"];
1039
  /* removed old code */
1542
  $scan_level = intval($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"]);
1543
  else
1544
  $scan_level = count(explode('/', trailingslashit(GOTMLS_siteurl))) - 1;
1545
+ $ajax_functions = array('load_update', 'empty_trash', 'fix', 'logintime', 'lognewkey', 'position', 'scan', 'whitelist');
1546
  if (GOTMLS_get_nonce()) {
1547
  if (isset($_REQUEST["dont_check"]) && is_array($_REQUEST["dont_check"]) && count($_REQUEST["dont_check"]))
1548
  $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"] = $_REQUEST["dont_check"];
1564
  } else {
1565
  foreach ($ajax_functions as $ajax_function) {
1566
  add_action("wp_ajax_GOTMLS_$ajax_function", "GOTMLS_ajax_nopriv");
1567
+ add_action("wp_ajax_nopriv_GOTMLS_$ajax_function", substr($ajax_function, 0, 1) == "l"?"GOTMLS_ajax_$ajax_function":"GOTMLS_ajax_nopriv");
1568
  }
1569
  }
1570
  if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"]))
1859
  function GOTMLS_ajax_nopriv() {
1860
  die("\n//Permission Error: User not authenticated!\n");
1861
  }
 
readme.txt CHANGED
@@ -5,8 +5,8 @@ Author URI: http://wordpress.ieonly.com/category/my-plugins/anti-malware/
5
  Contributors: scheeeli, gotmls
6
  Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
7
  Tags: security, firewall, anti-malware, scanner, automatic, repair, remove, malware, virus, threat, hacked, malicious, infection, timthumb, exploit, block, brute-force, wp-login, patch, antimalware, revslider, Revolution Slider
8
- Version: 4.18.71
9
- Stable tag: 4.18.71
10
  Requires at least: 3.3
11
  Tested up to: 5.2.1
12
 
@@ -27,7 +27,7 @@ This Anti-Malware scanner searches for Malware, Viruses, and other security thre
27
  * Check the integrity of your WordPress Core files.
28
  * Automatically download new Definition Updates when running a Complete Scan.
29
 
30
- Updated June 2nd
31
 
32
  Register this plugin at [GOTMLS.NET](http://gotmls.net/) and get access to new definitions of "Known Threats" and added features like Automatic Removal, plus patches for specific security vulnerabilities like old versions of timthumb. Updated definition files can be downloaded automatically within the admin once your Key is registered. Otherwise, this plugin just scans for "Potential Threats" and leaves it up to you to identify and remove the malicious ones.
33
 
@@ -94,6 +94,9 @@ sucuri.net caches their scan results and will not refresh the scan until you cli
94
 
95
  == Changelog ==
96
 
 
 
 
97
  = 4.18.71 =
98
  * Added wp_options table to the db_scan.
99
  * Fixed a few minor bugs in the db scan quarantine view.
@@ -373,6 +376,9 @@ sucuri.net caches their scan results and will not refresh the scan until you cli
373
 
374
  == Upgrade Notice ==
375
 
 
 
 
376
  = 4.18.71 =
377
  Added wp_options table to the db_scan and fixed a few minor bugs in the quarantine view, and changed some wording and checked code for compatibility with WP 5.2.1 (latest release).
378
 
5
  Contributors: scheeeli, gotmls
6
  Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
7
  Tags: security, firewall, anti-malware, scanner, automatic, repair, remove, malware, virus, threat, hacked, malicious, infection, timthumb, exploit, block, brute-force, wp-login, patch, antimalware, revslider, Revolution Slider
8
+ Version: 4.18.74
9
+ Stable tag: 4.18.74
10
  Requires at least: 3.3
11
  Tested up to: 5.2.1
12
 
27
  * Check the integrity of your WordPress Core files.
28
  * Automatically download new Definition Updates when running a Complete Scan.
29
 
30
+ Updated June 4th
31
 
32
  Register this plugin at [GOTMLS.NET](http://gotmls.net/) and get access to new definitions of "Known Threats" and added features like Automatic Removal, plus patches for specific security vulnerabilities like old versions of timthumb. Updated definition files can be downloaded automatically within the admin once your Key is registered. Otherwise, this plugin just scans for "Potential Threats" and leaves it up to you to identify and remove the malicious ones.
33
 
94
 
95
  == Changelog ==
96
 
97
+ = 4.18.74 =
98
+ * Fixed a bug in the Nonce Token Errors that was created by changes in the last release.
99
+
100
  = 4.18.71 =
101
  * Added wp_options table to the db_scan.
102
  * Fixed a few minor bugs in the db scan quarantine view.
376
 
377
  == Upgrade Notice ==
378
 
379
+ = 4.18.74 =
380
+ Fixed a bug in the Nonce Token Errors that was created by changes in the last release.
381
+
382
  = 4.18.71 =
383
  Added wp_options table to the db_scan and fixed a few minor bugs in the quarantine view, and changed some wording and checked code for compatibility with WP 5.2.1 (latest release).
384