Anti-Malware Security and Brute-Force Firewall

Version Description

Various minor bug fixes.
Added Core Files Definitions for ClassicPress.
Tweaked code for better compatibility with WordPress 5.7.2 and ClassicPress 1.2.0.

Release Info

Developer	scheeeli
Plugin	Anti-Malware Security and Brute-Force Firewall
Version	4.20.59
Comparing to
See all releases

Code changes from version 4.19.69 to 4.20.59

Files changed (3) hide show

images/index.php +53 -23
index.php +11 -19
readme.txt +11 -3

images/index.php CHANGED Viewed

	@@ -13,18 +13,35 @@ function GOTMLS_define($DEF, $val) {
13	$file = basename(__FILE__);
14	GOTMLS_define("GOTMLS_local_images_path", substr(__FILE__, 0, strlen(__FILE__) - strlen($file)));
15	GOTMLS_define("GOTMLS_plugin_path", substr(dirname(__FILE__), 0, strlen(dirname(__FILE__)) - strlen(basename(dirname(__FILE__)))));
16	- if (is_file(GOTMLS_plugin_path.$file) && ($contents = @file_get_contents(GOTMLS_plugin_path.$file)) && preg_match('/\nversion:\s*([0-9\.]+)/i', $contents, $match))
17	- GOTMLS_define("GOTMLS_Version", $match[1]);
18	- else
19	- GOTMLS_define("GOTMLS_Version", ~~"Unknown"~~);
20	GOTMLS_define("GOTMLS_require_version", "3.3");
21	- if (isset($wp_version) && ($wp_version))
22	- GOTMLS_define("GOTMLS_wp_version", $wp_version);
23	if (!function_exists("__")) {
24	function __($text, $domain = "gotmls") {
25	return $text;
26	}}
27



















28	function GOTMLS_htmlentities($TXT, $flags = ENT_COMPAT, $encoding = "UTF-8") {
29	$prelen = strlen($TXT);
30	if ($prelen == 0)
	@@ -64,7 +81,7 @@ $GLOBALS["GOTMLS"] = array(
64	"threat_files" => array("htaccess"=>".htaccess","timthumb"=>"thumb.php"),
65	"threat_levels" => array(__("Database Injections",'gotmls')=>"db_scan",__("htaccess Threats",'gotmls')=>"htaccess",__("TimThumb Exploits",'gotmls')=>"timthumb",__("Known Threats",'gotmls')=>"known",__("Core File Changes",'gotmls')=>"wp_core",__("Potential Threats",'gotmls')=>"potential"),
66	"apache" => array(),
67	- "skip_ext"=>array("png", "jpg", "jpeg", "gif", "bmp", "tif", "tiff", "psd", "svg", "doc", "docx", "ttf", "fla", "flv", "mov", "mp3", "pdf", "css", "pot", "po", "mo", "so", "exe", "zip", "7z", "gz", "rar"),
68	"execution_time" => 60,
69	"default" => array("msg_position" => array("80px", "40px", "400px", "600px")),
70	"Definition" => array("Default" => "CCIGG"),
	@@ -139,11 +156,11 @@ if (function_exists("plugins_url"))
139	elseif (function_exists("plugin_dir_url"))
140	GOTMLS_define("GOTMLS_images_path", plugin_dir_url(__FILE__));
141	elseif (isset($_SERVER["DOCUMENT_ROOT"]) && ($_SERVER["DOCUMENT_ROOT"]) && strlen($_SERVER["DOCUMENT_ROOT"]) < __FILE__ && substr(__FILE__, 0, strlen($_SERVER["DOCUMENT_ROOT"])) == $_SERVER["DOCUMENT_ROOT"])
142	- GOTMLS_define("GOTMLS_images_path", substr(dirname(__FILE__), strlen($_SERVER["DOCUMENT_ROOT"])));
143	elseif (isset($_SERVER["SCRIPT_FILENAME"]) && isset($_SERVER["DOCUMENT_ROOT"]) && ($_SERVER["DOCUMENT_ROOT"]) && strlen($_SERVER["DOCUMENT_ROOT"]) < strlen($_SERVER["SCRIPT_FILENAME"]) && substr($_SERVER["SCRIPT_FILENAME"], 0, strlen($_SERVER["DOCUMENT_ROOT"])) == $_SERVER["DOCUMENT_ROOT"])
144	- GOTMLS_define("GOTMLS_images_path", substr(dirname($_SERVER["SCRIPT_FILENAME"]), strlen($_SERVER["DOCUMENT_ROOT"])));
145	else
146	- GOTMLS_define("GOTMLS_images_path", "/wp-content/plugins/~~update~~/images/");
147
148	function GOTMLS_user_can() {
149	if (is_multisite())
	@@ -191,7 +208,13 @@ if (!(isset($GLOBALS["GOTMLS"]["log"]["settings"]) && is_array($GLOBALS["GOTMLS"
191	$GLOBALS["GOTMLS"]["log"]["settings"] = $GLOBALS["GOTMLS"]["tmp"]["settings_array"];
192	GOTMLS_define("GOTMLS_installation_key", md5(GOTMLS_siteurl));
193	GOTMLS_define("GOTMLS_update_home", "//updates.gotmls.net/".GOTMLS_installation_key."/");
194	-






195	if (!function_exists("GOTMLS_Invalid_Nonce")) {
196	function GOTMLS_Invalid_Nonce($pre = "//Error: ") {
197	return $pre.__("Invalid or expired Nonce Token!",'gotmls').(isset($_REQUEST["GOTMLS_mt"])?(" (".GOTMLS_htmlspecialchars($_REQUEST["GOTMLS_mt"]).((strlen($_REQUEST["GOTMLS_mt"]) == 32)?(isset($GLOBALS["GOTMLS"]["tmp"]["nonce"][$_REQUEST["GOTMLS_mt"]])?$GLOBALS["GOTMLS"]["tmp"]["nonce"][$_REQUEST["GOTMLS_mt"]]:" !found)"):" !len[".strlen($_REQUEST["GOTMLS_mt"])."])")):" (GOTMLS_mt !set)").__("Refresh and try again?",'gotmls');
	@@ -199,7 +222,7 @@ function GOTMLS_Invalid_Nonce($pre = "//Error: ") {
199
200	if (!function_exists("GOTMLS_set_nonce")) {
201	function GOTMLS_set_nonce($context = "NULL") {
202	- $hour = round(($GLOBALS["GOTMLS"]["tmp"]["mt"]/60)/60);
203	$transient_name = md5(substr(number_format(microtime(true), 9, '-', '/'), 6).GOTMLS_installation_key.GOTMLS_plugin_path);
204	if (isset($GLOBALS["GOTMLS"]["tmp"]["nonce"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["nonce"])) {
205	foreach ($GLOBALS["GOTMLS"]["tmp"]["nonce"] as $nonce_key => $nonce_value) {
	@@ -523,7 +546,7 @@ setDiv("div_file");
523
524	function GOTMLS_get_header($optional_box = "") {
525	if (isset($_GET["check_site"]) && $_GET["check_site"])
526	- $pre_style = '<div id="check_site" style="z-index: 1234567;"><img src="'.GOTMLS_images_path.'checked.gif" ~~onload="showhide(\'inside_ddd6dbd641b9a5909fe4d44da2017cc7\');"~~ height=16 width=16 alt="✔"> '.__("Tested your site. It appears we didn't break anything",'gotmls').' ;-)</div><script type="text/javascript">if (csw = window.parent.document.getElementById("check_site_warning")) csw.style.backgroundColor=\'#0C0\';</script><li>Please <a target="_blank" href="https://wordpress.org/support/plugin/gotmls/reviews/#wporg-footer">write a "Five-Star" Review</a> on WordPress.org if you like this plugin.</li><style>#footer, #GOTMLS-metabox-container, #GOTMLS-right-sidebar, #admin-page-container, #wpadminbar, #adminmenuback, #adminmenuwrap, #adminmenu, .error, .updated, .notice, .update-nag {display: none !important;} #wpbody-content {padding-bottom: 0;} #wpbody, html.wp-toolbar {padding-top: 0 !important;} #wpcontent, #footer {margin-left: 5px !important;}';
527	else
528	$pre_style = '<style>#GOTMLS-right-sidebar {float: right; margin-right: 0px;}';
529	return GOTMLS_get_styles($pre_style).'<div id="main-page-title"><h1 style="vertical-align: middle;">Anti-Malware from GOTMLS.NET</h1></div>';
	@@ -540,7 +563,7 @@ function GOTMLS_get_quarantine($only = false) {
540	if (isset($_POST["paged"]))
541	$args["paged"] = $_POST["paged"];
542	$my_query = new WP_Query($args);
543	- $Q_Paged = '<form method="POST" name="GOTMLS_Form_page"><~~input type="hidden" id="GOTMLS_paged" name="paged" value="1"><~~div style="float: left;">Page:</div>';
544	$Q_Page = '
545	<form method="POST" action="'.admin_url('admin-ajax.php?'.GOTMLS_set_nonce(__FUNCTION__."645")).(isset($_SERVER["QUERY_STRING"])&&strlen($_SERVER["QUERY_STRING"])?"&".$_SERVER["QUERY_STRING"]:"").'" target="GOTMLS_iFrame" name="GOTMLS_Form_clean"><input type="hidden" id="GOTMLS_fixing" name="GOTMLS_fixing" value="1"><input type="hidden" name="action" value="GOTMLS_fix">';
546	if ($my_query->have_posts()) {
	@@ -584,7 +607,7 @@ function GOTMLS_get_quarantine($only = false) {
584	}
585	$Q_Page .= "\n</ul>";
586	for ($p = 1; $p <= $my_query->max_num_pages; $p++) {
587	- $Q_Paged .= '<input class="GOTMLS_page" type="submit" value="'.$p.'"'.((isset($_POST["paged"]) && $_POST["paged"] == $p) \|\| (!isset($_POST["paged"]) && 1 == $p)?" DISABLED":"").' ~~onclick~~="~~document.getElementById(\'GOTMLS_paged\').value = \''.$p.'\';~~">';
588	}
589	} else
590	$Q_Page .= '<h3>'.__("No Items in Quarantine",'gotmls').'</h3>';
	@@ -628,8 +651,9 @@ $return = (print_r( array("nonce"=>$GLOBALS["GOTMLS"]["tmp"]["nonce"][$_REQUEST[
628	try {
629	$Q_Paged = '<form method="POST" name="GOTMLS_Form_page"><input type="hidden" id="GOTMLS_paged" name="paged" value="1">';//<div style="float: left;">Page:</div>';
630	$Q_Page = '<form method="POST" action="?'.(isset($_SERVER["QUERY_STRING"])&&strlen($_SERVER["QUERY_STRING"])?$_SERVER["QUERY_STRING"]:"page=GOTMLS_View_Quarantine&".GOTMLS_set_nonce(__FUNCTION__."592")).'" name="GOTMLS_Form_clean">';

631	if (isset($_REQUEST["id"]) && is_numeric($_REQUEST["id"])) {
632	- $my_query = $wpdb->get_results("SELECT * FROM `{$~~table_prefix~~}posts` WHERE `post_type` = 'GOTMLS_quarantine' AND `post_status` = 'private' AND `ID` = ".$_REQUEST["id"], ARRAY_A);
633	if (is_array($my_query) && count($my_query) && ($Q_post = $my_query[0]) && isset($Q_post["post_type"]) && $Q_post["post_type"] == "GOTMLS_quarantine" && isset($Q_post["post_status"]) && $Q_post["post_status"] == "private") {
634	$clean_file = $Q_post["post_title"];
635	$GLOBALS["GOTMLS"]["tmp"]["file_contents"] = GOTMLS_decode($Q_post["post_content"]);
	@@ -683,7 +707,7 @@ function select_text_range(ta_id, start, end) {
683	} else
684	die('<h3>Item NOT Found in Quarantine</h3>');
685	} else {
686	- $my_query = $wpdb->get_results("SELECT * FROM `{$~~table_prefix~~}posts` WHERE `post_type` = 'GOTMLS_quarantine' AND `post_status` = 'private' ORDER BY `post_date_gmt` DESC", ARRAY_A);
687	if (is_array($my_query) && count($my_query)) {
688	$Q_Page .= '<p id="quarantine_buttons" style="display: none;"><input id="repair_button" type="submit" value="Restore selected files" class="button-primary" style="background-color: #0C0;" onclick="return confirm(\'Are you sure you want to overwrite the previously cleaned files with the selected files in the Quarantine?\');" /></p><p><b>The following items have been found to contain malicious code, they have been cleaned, and the original infected file contents have been saved here in the Quarantine. The code is safe here and you do not need to do anything further with these files.</b></p>
689	<ul name="found_Quarantine" id="found_Quarantine" class="GOTMLS_plugin known" style="background-color: #ccc; padding: 0;"><h3 style="margin: 8px 12px;">'.(count($my_query)>1?'<input type="checkbox" onchange="checkAllFiles(this.checked); document.getElementById(\'quarantine_buttons\').style.display = \'block\';"> '.sprintf(__("Check all %d",'gotmls'),count($my_query)):"").__(" Items in Quarantine",'gotmls').'<span class="GOTMLS_date">'.__("Quarantined",'gotmls').'</span><span class="GOTMLS_date">'.__("Date Infected",'gotmls').'</span></h3>';
	@@ -696,7 +720,7 @@ function select_text_range(ta_id, start, end) {
696	if (GOTMLS_file_put_contents($post_a["post_title"], GOTMLS_decode($post_a["post_content"]))) {
697	$post_a["post_modified_gmt"] = date("Y-m-d H:i:s");
698	$image = "checked";
699	- $wpdb->query("UPDATE `{$~~table_prefix~~}posts` SET `post_status` = 'pending' WHERE `post_type` = 'GOTMLS_quarantine' AND `post_status` = 'private' AND `ID` = ".$post_a["ID"]);
700	}
701	}
702	$Q_Page .= '
	@@ -728,8 +752,11 @@ $GOTMLS_image_alt = array("wait"=>"...", "checked"=>"✔", "blocked"=>"X",
728	$GOTMLS_dir_at_depth = array();
729	$GOTMLS_dirs_at_depth = array();
730	$GLOBAL_STRING = array("REQUEST" => "&","SERVER" => "&","FILES" => "&");
731	- if (isset($~~_REQUEST~~) && is_array($~~_REQUEST~~))
732	- foreach ($~~_REQUEST~~ as $req => $val)



733	$GLOBAL_STRING["REQUEST"] .= "$req=".(is_array($val)?print_r($val,1):$val)."&";
734	if (isset($_SERVER) && is_array($_SERVER))
735	foreach ($_SERVER as $req => $val)
	@@ -879,7 +906,7 @@ function GOTMLS_check_threat($check_threats, $file='UNKNOWN') {
879	if (is_array($check_threats)) {
880	$path = str_replace("//", "/", "/".str_replace("\\", "/", substr($file, strlen(ABSPATH))));
881	if (substr($file, 0, strlen(ABSPATH)) == ABSPATH && isset($check_threats[GOTMLS_wp_version]["$path"])) {
882	- if (($check_threats[GOTMLS_wp_version]["$path"] != md5($GLOBALS["GOTMLS"]["tmp"]["file_contents"])."O".strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"])) && ($source = GOTMLS_get_URL("~~http://core.svn.wordpress.org/tags/~~".GOTMLS_wp_version."$path")) && ($check_threats[GOTMLS_wp_version]["$path"] == md5($source)."O".strlen($source))) {
883	$GLOBALS["GOTMLS"]["tmp"]["new_contents"] = $source;
884	$len = strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]);
885	if (strlen($source) < $len)
	@@ -1007,6 +1034,8 @@ function GOTMLS_scanfile($file) {
1007	// $threat_link = GOTMLS_error_link($GLOBALS["GOTMLS"]["tmp"]["file_contents"], $real_file);
1008	$className = "errors";
1009	}


1010	if (count($GLOBALS["GOTMLS"]["tmp"]["threats_found"])) {
1011	$threat_link = $lt.'a target="GOTMLS_iFrame" href="'.admin_url('admin-ajax.php?action=GOTMLS_scan&'.GOTMLS_set_nonce(__FUNCTION__."687").'&mt='.$GLOBALS["GOTMLS"]["tmp"]["mt"].'&GOTMLS_scan='.$clean_file.preg_replace('/\&(GOTMLS_scan\|mt\|GOTMLS_mt\|action)=/', '&last_\1=', isset($_SERVER["QUERY_STRING"])&&strlen($_SERVER["QUERY_STRING"])?"&".$_SERVER["QUERY_STRING"]:"")).'" id="list_'.$clean_file.'" onclick="loadIframe(\''.str_replace("\"", """, $lt.'div style="float: left; white-space: nowrap;"'.$gt.GOTMLS_strip4java(__("Examine File",'gotmls')).' ... '.$lt.'/div'.$gt.$lt.'div style="overflow: hidden; position: relative; height: 20px;"'.$gt.$lt.'div style="position: absolute; right: 0px; text-align: right; width: 9000px;"'.$gt.GOTMLS_htmlspecialchars(GOTMLS_strip4java($file), ENT_NOQUOTES)).$lt.'/div'.$gt.$lt.'/div'.$gt.'\');" class="GOTMLS_plugin"'.$gt;
1012	if ($className == "errors") {
	@@ -1024,7 +1053,7 @@ $GLOBALS["GOTMLS"]["tmp"]["debug_fix"]="GOTMLS_fix";
1024	$GLOBALS["GOTMLS"]["tmp"]["file_contents"] = "";
1025	} elseif ($className == 'wp_core') {
1026	$path = str_replace("//", "/", "/".str_replace("\\", "/", substr($file, strlen(ABSPATH))));
1027	- if (substr($file, 0, strlen(ABSPATH)) == ABSPATH && isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"][GOTMLS_wp_version]["$path"]) && ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"][GOTMLS_wp_version]["$path"] != md5($GLOBALS["GOTMLS"]["tmp"]["file_contents"])."O".strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"])) && ($source = GOTMLS_get_URL("~~http://core.svn.wordpress.org/tags/~~".GOTMLS_wp_version."$path")) && ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"][GOTMLS_wp_version]["$path"] == md5($source)."O".strlen($source)))
1028	$GLOBALS["GOTMLS"]["tmp"]["new_contents"] = $source;
1029	else
1030	$GLOBALS["GOTMLS"]["tmp"]["file_contents"] = "";
	@@ -1325,8 +1354,9 @@ function GOTMLS_return_threat($className, $imageFile, $fileName, $link = "") {
1325	$fileNameJS = GOTMLS_strip4java(str_replace("db_scan", "Database", str_replace("db_scan=", "Database Query ", isset($GLOBALS["GOTMLS"]["log"]["scan"]["dir"])?str_replace(dirname($GLOBALS["GOTMLS"]["log"]["scan"]["dir"]), "...", $fileName):$fileName)));
1326	$fileName64 = GOTMLS_encode($fileName);
1327	$li_js = "/-->"."/";

1328	if ($className != "scanned")
1329	- $li_js .= "\n$className++;\ndivx=document.getElementById('found_$className');\nif (divx) {\n\tvar newli = document.createElement('li');\n\tnewli.innerHTML='<img src=\"".GOTMLS_strip4java(GOTMLS_images_path.$imageFile).".gif\" height=16 width=16 alt=\"".$GOTMLS_image_alt[$~~imageFile~~]."\" style=\"float: left;\" id=\"$imageFile"."_$fileName64\">".GOTMLS_strip4java($link, true).$fileNameJS.($link?"</a>';\n\tdivx.display='block":"")."';\n\tdivx.appendChild(newli);\n}";
1330	if ($className == "errors")
1331	$li_js .= "\ndivx=document.getElementById('wait_$fileName64');\nif (divx) {\n\tdivx.src='".GOTMLS_images_path."blocked.gif';\n\tdirerrors++;\n}";
1332	elseif (is_file($fileName))


13	$file = basename(__FILE__);
14	GOTMLS_define("GOTMLS_local_images_path", substr(__FILE__, 0, strlen(__FILE__) - strlen($file)));
15	GOTMLS_define("GOTMLS_plugin_path", substr(dirname(__FILE__), 0, strlen(dirname(__FILE__)) - strlen(basename(dirname(__FILE__)))));
16	+ //if (is_file(GOTMLS_plugin_path.$file) && ($contents = @file_get_contents(GOTMLS_plugin_path.$file)) && preg_match('/\nversion:\s*([0-9\.]+)/i', $contents, $match))
17	+ // GOTMLS_define("GOTMLS_Version", $match[1]);
18	+ //else
19	+ GOTMLS_define("GOTMLS_Version", '4.20.59');
20	GOTMLS_define("GOTMLS_require_version", "3.3");


21	if (!function_exists("__")) {
22	function __($text, $domain = "gotmls") {
23	return $text;
24	}}
25
26	+ function GOTMLS_get_version($which = "") {
27	+ global $wp_version;
28	+ if (function_exists('classicpress_version')) {
29	+ GOTMLS_define("GOTMLS_wp_version", classicpress_version());
30	+ $URL = 'ver='.GOTMLS_Version.'&cp='.GOTMLS_wp_version;
31	+ } else {
32	+ if (isset($wp_version) && ($wp_version))
33	+ $match = array("GOTMLS_wp_version", "w", "$wp_version");
34	+ elseif (!(is_file(GOTMLS_plugin_path.$file) && ($contents = @file_get_contents(GOTMLS_plugin_path.$file)) && preg_match('/\n\$(c\|w)p_version\s=\s[\'"]([0-9\.]+)/i', $contents, $match)))
35	+ $match = array("GOTMLS_wp_version", "w", "Unknown");
36	+ GOTMLS_define($match[0], $match[2]);
37	+ $URL = 'ver='.GOTMLS_Version.'&'.$match[1].'p='.GOTMLS_wp_version;
38	+ }
39	+ if ($which == "URL")
40	+ return $URL;
41	+ else
42	+ return GOTMLS_wp_version;
43	+ }
44	+
45	function GOTMLS_htmlentities($TXT, $flags = ENT_COMPAT, $encoding = "UTF-8") {
46	$prelen = strlen($TXT);
47	if ($prelen == 0)

81	"threat_files" => array("htaccess"=>".htaccess","timthumb"=>"thumb.php"),
82	"threat_levels" => array(__("Database Injections",'gotmls')=>"db_scan",__("htaccess Threats",'gotmls')=>"htaccess",__("TimThumb Exploits",'gotmls')=>"timthumb",__("Known Threats",'gotmls')=>"known",__("Core File Changes",'gotmls')=>"wp_core",__("Potential Threats",'gotmls')=>"potential"),
83	"apache" => array(),
84	+ "skip_ext"=>array("png", "jpg", "jpeg", "gif", "bmp", "tif", "tiff", "psd", "svg", "webp", "doc", "docx", "ttf", "fla", "flv", "mov", "mp3", "pdf", "css", "pot", "po", "mo", "so", "exe", "zip", "7z", "gz", "rar"),
85	"execution_time" => 60,
86	"default" => array("msg_position" => array("80px", "40px", "400px", "600px")),
87	"Definition" => array("Default" => "CCIGG"),

156	elseif (function_exists("plugin_dir_url"))
157	GOTMLS_define("GOTMLS_images_path", plugin_dir_url(__FILE__));
158	elseif (isset($_SERVER["DOCUMENT_ROOT"]) && ($_SERVER["DOCUMENT_ROOT"]) && strlen($_SERVER["DOCUMENT_ROOT"]) < __FILE__ && substr(__FILE__, 0, strlen($_SERVER["DOCUMENT_ROOT"])) == $_SERVER["DOCUMENT_ROOT"])
159	+ GOTMLS_define("GOTMLS_images_path", substr(dirname(__FILE__), strlen($_SERVER["DOCUMENT_ROOT"])).'/');
160	elseif (isset($_SERVER["SCRIPT_FILENAME"]) && isset($_SERVER["DOCUMENT_ROOT"]) && ($_SERVER["DOCUMENT_ROOT"]) && strlen($_SERVER["DOCUMENT_ROOT"]) < strlen($_SERVER["SCRIPT_FILENAME"]) && substr($_SERVER["SCRIPT_FILENAME"], 0, strlen($_SERVER["DOCUMENT_ROOT"])) == $_SERVER["DOCUMENT_ROOT"])
161	+ GOTMLS_define("GOTMLS_images_path", substr(dirname($_SERVER["SCRIPT_FILENAME"]), strlen($_SERVER["DOCUMENT_ROOT"])).'/');
162	else
163	+ GOTMLS_define("GOTMLS_images_path", "/wp-content/plugins/gotmls/images/");
164
165	function GOTMLS_user_can() {
166	if (is_multisite())

208	$GLOBALS["GOTMLS"]["log"]["settings"] = $GLOBALS["GOTMLS"]["tmp"]["settings_array"];
209	GOTMLS_define("GOTMLS_installation_key", md5(GOTMLS_siteurl));
210	GOTMLS_define("GOTMLS_update_home", "//updates.gotmls.net/".GOTMLS_installation_key."/");
211	+ function GOTMLS_get_corefile_URL($path, $hash) {
212	+ if (strpos($URL = GOTMLS_get_version("URL"), '&cp='))
213	+ //$hash != md5($contents)."O".strlen($contents)
214	+ return 'http:'.GOTMLS_update_home.'cp_core.php?'.$URL.'&f='.GOTMLS_encode($path)."&h=$hash&ts=".date("YmdHis").'&d='.urlencode(GOTMLS_siteurl);
215	+ else
216	+ return "http://core.svn.wordpress.org/tags/".GOTMLS_wp_version."$path";
217	+ }
218	if (!function_exists("GOTMLS_Invalid_Nonce")) {
219	function GOTMLS_Invalid_Nonce($pre = "//Error: ") {
220	return $pre.__("Invalid or expired Nonce Token!",'gotmls').(isset($_REQUEST["GOTMLS_mt"])?(" (".GOTMLS_htmlspecialchars($_REQUEST["GOTMLS_mt"]).((strlen($_REQUEST["GOTMLS_mt"]) == 32)?(isset($GLOBALS["GOTMLS"]["tmp"]["nonce"][$_REQUEST["GOTMLS_mt"]])?$GLOBALS["GOTMLS"]["tmp"]["nonce"][$_REQUEST["GOTMLS_mt"]]:" !found)"):" !len[".strlen($_REQUEST["GOTMLS_mt"])."])")):" (GOTMLS_mt !set)").__("Refresh and try again?",'gotmls');

222
223	if (!function_exists("GOTMLS_set_nonce")) {
224	function GOTMLS_set_nonce($context = "NULL") {
225	+ $hour = (int) round(round($GLOBALS["GOTMLS"]["tmp"]["mt"]/60)/60);
226	$transient_name = md5(substr(number_format(microtime(true), 9, '-', '/'), 6).GOTMLS_installation_key.GOTMLS_plugin_path);
227	if (isset($GLOBALS["GOTMLS"]["tmp"]["nonce"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["nonce"])) {
228	foreach ($GLOBALS["GOTMLS"]["tmp"]["nonce"] as $nonce_key => $nonce_value) {

546
547	function GOTMLS_get_header($optional_box = "") {
548	if (isset($_GET["check_site"]) && $_GET["check_site"])
549	+ $pre_style = '<div id="check_site" style="z-index: 1234567;"><img src="'.GOTMLS_images_path.'checked.gif" height=16 width=16 alt="✔"> '.__("Tested your site. It appears we didn't break anything",'gotmls').' ;-)</div><script type="text/javascript">if (csw = window.parent.document.getElementById("check_site_warning")) csw.style.backgroundColor=\'#0C0\';window.addEventListener(\'load\', (event) => {showhide(\'inside_ddd6dbd641b9a5909fe4d44da2017cc7\');});</script><li>Please <a target="_blank" href="https://wordpress.org/support/plugin/gotmls/reviews/#wporg-footer">write a "Five-Star" Review</a> on WordPress.org if you like this plugin.</li><style>#footer, #GOTMLS-metabox-container, #GOTMLS-right-sidebar, #admin-page-container, #wpadminbar, #adminmenuback, #adminmenuwrap, #adminmenu, .error, .updated, .notice, .update-nag {display: none !important;} #wpbody-content {padding-bottom: 0;} #wpbody, html.wp-toolbar {padding-top: 0 !important;} #wpcontent, #footer {margin-left: 5px !important;}';
550	else
551	$pre_style = '<style>#GOTMLS-right-sidebar {float: right; margin-right: 0px;}';
552	return GOTMLS_get_styles($pre_style).'<div id="main-page-title"><h1 style="vertical-align: middle;">Anti-Malware from GOTMLS.NET</h1></div>';

563	if (isset($_POST["paged"]))
564	$args["paged"] = $_POST["paged"];
565	$my_query = new WP_Query($args);
566	+ $Q_Paged = '<form method="POST" name="GOTMLS_Form_page"><div style="float: left;">Page:</div>';
567	$Q_Page = '
568	<form method="POST" action="'.admin_url('admin-ajax.php?'.GOTMLS_set_nonce(__FUNCTION__."645")).(isset($_SERVER["QUERY_STRING"])&&strlen($_SERVER["QUERY_STRING"])?"&".$_SERVER["QUERY_STRING"]:"").'" target="GOTMLS_iFrame" name="GOTMLS_Form_clean"><input type="hidden" id="GOTMLS_fixing" name="GOTMLS_fixing" value="1"><input type="hidden" name="action" value="GOTMLS_fix">';
569	if ($my_query->have_posts()) {

607	}
608	$Q_Page .= "\n</ul>";
609	for ($p = 1; $p <= $my_query->max_num_pages; $p++) {
610	+ $Q_Paged .= '<input class="GOTMLS_page" type="submit" value="'.$p.'"'.((isset($_POST["paged"]) && $_POST["paged"] == $p) \|\| (!isset($_POST["paged"]) && 1 == $p)?" DISABLED":"").' name="paged">';
611	}
612	} else
613	$Q_Page .= '<h3>'.__("No Items in Quarantine",'gotmls').'</h3>';

651	try {
652	$Q_Paged = '<form method="POST" name="GOTMLS_Form_page"><input type="hidden" id="GOTMLS_paged" name="paged" value="1">';//<div style="float: left;">Page:</div>';
653	$Q_Page = '<form method="POST" action="?'.(isset($_SERVER["QUERY_STRING"])&&strlen($_SERVER["QUERY_STRING"])?$_SERVER["QUERY_STRING"]:"page=GOTMLS_View_Quarantine&".GOTMLS_set_nonce(__FUNCTION__."592")).'" name="GOTMLS_Form_clean">';
654	+ $wpdb->prefix = $table_prefix;
655	if (isset($_REQUEST["id"]) && is_numeric($_REQUEST["id"])) {
656	+ $my_query = $wpdb->get_results("SELECT * FROM `{$wpdb->prefix}posts` WHERE `post_type` = 'GOTMLS_quarantine' AND `post_status` = 'private' AND `ID` = ".$_REQUEST["id"], ARRAY_A);
657	if (is_array($my_query) && count($my_query) && ($Q_post = $my_query[0]) && isset($Q_post["post_type"]) && $Q_post["post_type"] == "GOTMLS_quarantine" && isset($Q_post["post_status"]) && $Q_post["post_status"] == "private") {
658	$clean_file = $Q_post["post_title"];
659	$GLOBALS["GOTMLS"]["tmp"]["file_contents"] = GOTMLS_decode($Q_post["post_content"]);

707	} else
708	die('<h3>Item NOT Found in Quarantine</h3>');
709	} else {
710	+ $my_query = $wpdb->get_results("SELECT * FROM `{$wpdb->prefix}posts` WHERE `post_type` = 'GOTMLS_quarantine' AND `post_status` = 'private' ORDER BY `post_date_gmt` DESC", ARRAY_A);
711	if (is_array($my_query) && count($my_query)) {
712	$Q_Page .= '<p id="quarantine_buttons" style="display: none;"><input id="repair_button" type="submit" value="Restore selected files" class="button-primary" style="background-color: #0C0;" onclick="return confirm(\'Are you sure you want to overwrite the previously cleaned files with the selected files in the Quarantine?\');" /></p><p><b>The following items have been found to contain malicious code, they have been cleaned, and the original infected file contents have been saved here in the Quarantine. The code is safe here and you do not need to do anything further with these files.</b></p>
713	<ul name="found_Quarantine" id="found_Quarantine" class="GOTMLS_plugin known" style="background-color: #ccc; padding: 0;"><h3 style="margin: 8px 12px;">'.(count($my_query)>1?'<input type="checkbox" onchange="checkAllFiles(this.checked); document.getElementById(\'quarantine_buttons\').style.display = \'block\';"> '.sprintf(__("Check all %d",'gotmls'),count($my_query)):"").__(" Items in Quarantine",'gotmls').'<span class="GOTMLS_date">'.__("Quarantined",'gotmls').'</span><span class="GOTMLS_date">'.__("Date Infected",'gotmls').'</span></h3>';

720	if (GOTMLS_file_put_contents($post_a["post_title"], GOTMLS_decode($post_a["post_content"]))) {
721	$post_a["post_modified_gmt"] = date("Y-m-d H:i:s");
722	$image = "checked";
723	+ $wpdb->query("UPDATE `{$wpdb->prefix}posts` SET `post_status` = 'pending' WHERE `post_type` = 'GOTMLS_quarantine' AND `post_status` = 'private' AND `ID` = ".$post_a["ID"]);
724	}
725	}
726	$Q_Page .= '

752	$GOTMLS_dir_at_depth = array();
753	$GOTMLS_dirs_at_depth = array();
754	$GLOBAL_STRING = array("REQUEST" => "&","SERVER" => "&","FILES" => "&");
755	+ if (isset($_GET) && is_array($_GET))
756	+ foreach ($_GET as $req => $val)
757	+ $GLOBAL_STRING["REQUEST"] .= "$req=".(is_array($val)?print_r($val,1):$val)."&";
758	+ if (isset($_POST) && is_array($_POST))
759	+ foreach ($_POST as $req => $val)
760	$GLOBAL_STRING["REQUEST"] .= "$req=".(is_array($val)?print_r($val,1):$val)."&";
761	if (isset($_SERVER) && is_array($_SERVER))
762	foreach ($_SERVER as $req => $val)

906	if (is_array($check_threats)) {
907	$path = str_replace("//", "/", "/".str_replace("\\", "/", substr($file, strlen(ABSPATH))));
908	if (substr($file, 0, strlen(ABSPATH)) == ABSPATH && isset($check_threats[GOTMLS_wp_version]["$path"])) {
909	+ if (($check_threats[GOTMLS_wp_version]["$path"] != md5($GLOBALS["GOTMLS"]["tmp"]["file_contents"])."O".strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"])) && ($source = GOTMLS_get_URL(GOTMLS_get_corefile_URL("$path", $check_threats[GOTMLS_wp_version]["$path"]))) && ($check_threats[GOTMLS_wp_version]["$path"] == md5($source)."O".strlen($source))) {
910	$GLOBALS["GOTMLS"]["tmp"]["new_contents"] = $source;
911	$len = strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]);
912	if (strlen($source) < $len)

1034	// $threat_link = GOTMLS_error_link($GLOBALS["GOTMLS"]["tmp"]["file_contents"], $real_file);
1035	$className = "errors";
1036	}
1037	+ if (isset($_GET["debug"]) && $_GET["debug"] == "scan")
1038	+ echo "\n<li>Found: ".count($GLOBALS["GOTMLS"]["tmp"]["threats_found"]);
1039	if (count($GLOBALS["GOTMLS"]["tmp"]["threats_found"])) {
1040	$threat_link = $lt.'a target="GOTMLS_iFrame" href="'.admin_url('admin-ajax.php?action=GOTMLS_scan&'.GOTMLS_set_nonce(__FUNCTION__."687").'&mt='.$GLOBALS["GOTMLS"]["tmp"]["mt"].'&GOTMLS_scan='.$clean_file.preg_replace('/\&(GOTMLS_scan\|mt\|GOTMLS_mt\|action)=/', '&last_\1=', isset($_SERVER["QUERY_STRING"])&&strlen($_SERVER["QUERY_STRING"])?"&".$_SERVER["QUERY_STRING"]:"")).'" id="list_'.$clean_file.'" onclick="loadIframe(\''.str_replace("\"", """, $lt.'div style="float: left; white-space: nowrap;"'.$gt.GOTMLS_strip4java(__("Examine File",'gotmls')).' ... '.$lt.'/div'.$gt.$lt.'div style="overflow: hidden; position: relative; height: 20px;"'.$gt.$lt.'div style="position: absolute; right: 0px; text-align: right; width: 9000px;"'.$gt.GOTMLS_htmlspecialchars(GOTMLS_strip4java($file), ENT_NOQUOTES)).$lt.'/div'.$gt.$lt.'/div'.$gt.'\');" class="GOTMLS_plugin"'.$gt;
1041	if ($className == "errors") {

1053	$GLOBALS["GOTMLS"]["tmp"]["file_contents"] = "";
1054	} elseif ($className == 'wp_core') {
1055	$path = str_replace("//", "/", "/".str_replace("\\", "/", substr($file, strlen(ABSPATH))));
1056	+ if (substr($file, 0, strlen(ABSPATH)) == ABSPATH && isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"][GOTMLS_wp_version]["$path"]) && ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"][GOTMLS_wp_version]["$path"] != md5($GLOBALS["GOTMLS"]["tmp"]["file_contents"])."O".strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"])) && ($source = GOTMLS_get_URL(GOTMLS_get_corefile_URL("$path", $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"][GOTMLS_wp_version]["$path"]))) && ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"][GOTMLS_wp_version]["$path"] == md5($source)."O".strlen($source)))
1057	$GLOBALS["GOTMLS"]["tmp"]["new_contents"] = $source;
1058	else
1059	$GLOBALS["GOTMLS"]["tmp"]["file_contents"] = "";

1354	$fileNameJS = GOTMLS_strip4java(str_replace("db_scan", "Database", str_replace("db_scan=", "Database Query ", isset($GLOBALS["GOTMLS"]["log"]["scan"]["dir"])?str_replace(dirname($GLOBALS["GOTMLS"]["log"]["scan"]["dir"]), "...", $fileName):$fileName)));
1355	$fileName64 = GOTMLS_encode($fileName);
1356	$li_js = "/-->"."/";
1357	+ $imageF = explode(".", $imageFile.".");
1358	if ($className != "scanned")
1359	+ $li_js .= "\n$className++;\ndivx=document.getElementById('found_$className');\nif (divx) {\n\tvar newli = document.createElement('li');\n\tnewli.innerHTML='<img src=\"".GOTMLS_strip4java(GOTMLS_images_path.$imageFile).".gif\" height=16 width=16 alt=\"".$GOTMLS_image_alt[$imageF[0]]."\" style=\"float: left;\" id=\"$imageFile"."_$fileName64\">".GOTMLS_strip4java($link, true).$fileNameJS.($link?"</a>';\n\tdivx.display='block":"")."';\n\tdivx.appendChild(newli);\n}";
1360	if ($className == "errors")
1361	$li_js .= "\ndivx=document.getElementById('wait_$fileName64');\nif (divx) {\n\tdivx.src='".GOTMLS_images_path."blocked.gif';\n\tdirerrors++;\n}";
1362	elseif (is_file($fileName))

index.php CHANGED Viewed

	@@ -8,7 +8,7 @@ Author URI: http://wordpress.ieonly.com/category/my-plugins/anti-malware/
8	Contributors: scheeeli, gotmls
9	Donate link: https://gotmls.net/donate/
10	Description: This Anti-Virus/Anti-Malware plugin searches for Malware and other Virus like threats and vulnerabilities on your server and helps you remove them. It's always growing and changing to adapt to new threats so let me know if it's not working for you.
11	- Version: 4.19.69
12	*/
13	if (isset($_SERVER["DOCUMENT_ROOT"]) && ($SCRIPT_FILE = str_replace($_SERVER["DOCUMENT_ROOT"], "", (isset($_SERVER["SCRIPT_FILENAME"])?$_SERVER["SCRIPT_FILENAME"]:(isset($_SERVER["SCRIPT_NAME"])?$_SERVER["SCRIPT_NAME"]:"")))) && strlen($SCRIPT_FILE) > strlen("/".basename(__FILE__)) && substr(__FILE__, -1 * strlen($SCRIPT_FILE)) == substr($SCRIPT_FILE, -1 * strlen(__FILE__)) \|\| !(function_exists("add_action") && function_exists("load_plugin_textdomain")))
14	include(dirname(__FILE__)."/safe-load/index.php");
	@@ -39,12 +39,7 @@ load_plugin_textdomain('gotmls', false, basename(GOTMLS_plugin_path).'/languages
39	require_once(GOTMLS_plugin_path.'images/index.php');
40
41	function GOTMLS_install() {
42	- ~~global~~ ~~$wp_version;~~
43	- if (isset($wp_version) && ($wp_version))
44	- GOTMLS_define("GOTMLS_wp_version", $wp_version);
45	- else
46	- GOTMLS_define("GOTMLS_wp_version", "Unknown");
47	- if (version_compare(GOTMLS_wp_version, GOTMLS_require_version, "<"))
48	die(GOTMLS_require_version_LANGUAGE.", NOT version: ".GOTMLS_wp_version);
49	else
50	delete_option("GOTMLS_definitions_array");
	@@ -97,7 +92,7 @@ function GOTMLS_display_header($optional_box = "") {
97	global $current_user, $wpdb;
98	wp_get_current_user();
99	$GOTMLS_url_parts = explode('/', GOTMLS_siteurl);
100	- $Update_Definitions = array(GOTMLS_update_home.'definitions.js'.$GLOBALS["GOTMLS"]["tmp"]["Definition"]["Updates"].'&~~ver=~~'.~~GOTMLS_Version~~.'&~~wp=~~'.~~GOTMLS_wp_version.'&'.~~GOTMLS_set_nonce(__FUNCTION__."108").'&d='.ur1encode(GOTMLS_siteurl));
101	if (isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["auto_UPDATE_definitions"]) && $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["auto_UPDATE_definitions"])
102	array_unshift($Update_Definitions, admin_url('admin-ajax.php?action=GOTMLS_load_update&'.GOTMLS_set_nonce(__FUNCTION__."109").'&UPDATE_definitions_array=1'));
103	else
	@@ -490,7 +485,7 @@ function GOTMLS_Firewall_Options() {
490	$admin_notice .= $lt.'hr /'.$gt;
491	if ($GOTMLS_nonce_found && isset($_POST["GOTMLS_admin_username"]) && ($current_user->user_login != trim($_POST["GOTMLS_admin_username"])) && strlen(trim($_POST["GOTMLS_admin_username"])) && preg_match('/^\s[a-z_0-9\@\.\-]{3,}\s$/i', $_POST["GOTMLS_admin_username"])) {
492	if ($wpdb->update($wpdb->users, array("user_login" => trim($_POST["GOTMLS_admin_username"])), array("user_login" => $current_user->user_login))) {
493	- $wpdb->query("UPDATE `{$~~table_prefix~~}sitemeta` SET `meta_value` = REPLACE(`meta_value`, 's:5:\"admin\";', 's:".strlen(trim($_POST["GOTMLS_admin_username"])).":\"".trim($_POST["GOTMLS_admin_username"])."\";') WHERE `meta_key` = 'site_admins' AND `meta_value` like '%s:5:\"admin\";%'");
494	$admin_notice .= $lt.'div class="updated"'.$gt.sprintf(__("You username has been change to %s. Don't forget to use your new username when you login again.",'gotmls'), $_POST["GOTMLS_admin_username"]).$lt.'/div'.$gt;
495	} else
496	$admin_notice .= $lt.'div class="error"'.$gt.sprintf(__("SQL Error changing username: %s. Please try again later.",'gotmls'), $wpdb->last_error).$lt.'/div'.$gt;
	@@ -536,7 +531,7 @@ function GOTMLS_get_registrant($you) {
536	if (isset($you["user_email"]) && strlen($you["user_email"]) == 32) {
537	if ($you["user_email"] == md5($current_user->user_email))
538	$registrant = $current_user->user_email;
539	- elseif (!($registrant = $wpdb->get_var("SELECT `user_nicename` FROM `$wpdb->users` WHERE MD5(`user_email`) = '".$you["user_email"]~~."'"~~)))
540	$registrant = GOTMLS_siteurl;
541	} else
542	$registrant = GOTMLS_siteurl;
	@@ -562,7 +557,7 @@ function GOTMLS_ajax_load_update() {
562	$GOTMLS_definitions_versions[$threat_level] = $definition_version[0];
563	asort($GOTMLS_definitions_versions);
564	if (isset($_REQUEST["UPDATE_definitions_array"]) && strlen($_REQUEST["UPDATE_definitions_array"])) {
565	- $DEF_url = 'http:'.GOTMLS_update_home.'definitions.php?~~ver=~~'.~~GOTMLS_Version~~.'&~~wp=~~'.~~GOTMLS_wp_version.'&'.~~GOTMLS_set_nonce(__FUNCTION__."870").'&d='.ur1encode(GOTMLS_siteurl);
566	if (strlen($_REQUEST["UPDATE_definitions_array"]) > 1 && $GOTMLS_nonce_found) {
567	$GOTnew_definitions = maybe_unserialize(GOTMLS_decode($_REQUEST["UPDATE_definitions_array"]));
568	if (is_array($GOTnew_definitions)) {
	@@ -634,7 +629,7 @@ function GOTMLS_ajax_load_update() {
634	$li = "<li style=\\\"color: #f00;\\\">You have not donated yet!</li>";
635	if (strlen($moreJS) == 0)
636	$moreJS = 'if (foundUpdates = document.getElementById("check_wp_core_div_NA"))
637	- foundUpdates.innerHTML = "<a ~~href~~=\'~~javascript:document.ppdform.submit();\~~' ~~onclick~~=\'~~document~~.~~ppdform~~.~~amount~~.~~value=32;\~~' style=\'color: #f00;\'>Donate $29+ now then enable Automatic Definition Updates to Scan for Core Files changes.</a>";';
638	$moreJS .= "\n\tif (foundUpdates = document.getElementById('pastDonations'))\n\tfoundUpdates.innerHTML = '$li';";
639	if ($GOTMLS_nonce_found)
640	@header("Content-type: text/javascript");
	@@ -808,7 +803,7 @@ function GOTMLS_settings() {
808	}
809	$QuickScan = $lt.((is_dir(dirname(__FILE__)."/../../../wp-includes") && is_dir(dirname(__FILE__)."/../../../wp-admin"))?'a href="'.admin_url("admin.php?page=GOTMLS-settings&scan_type=Quick+Scan&$GOTMLS_nonce_URL").'" class="button-primary" style="min-height: 22px; height: 22px; line-height: 13px; padding: 3px;">WP_Core</a':"!-- No wp-includes or wp-admin --").$gt;
810	foreach (array("Plugins", "Themes") as $ScanFolder)
811	- $QuickScan .= ' '.$lt.((is_dir(dirname(__FILE__)."/../../../wp-content/".strtolower($ScanFolder)))?'a href="'.admin_url("admin.php?page=GOTMLS-settings&scan_type=Quick+Scan&scan_only[]=wp-content/".strtolower($ScanFolder)."&$GOTMLS_nonce_URL")."\" class=\"button-primary\" style=\"min-height: 22px; height: 22px; line-height: 13px; padding: 3px;\"$gt$ScanFolder$lt/a":"!-- No $ScanFolder in wp-content --").$gt;
812	$scan_opts .= "\n$lt".'p'.$gt.$lt.'b'.$gt.__("Skip files with the following extensions:",'gotmls')."$lt/b$gt".(($default_exclude_ext!=implode(",", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"]))?" {$lt}a href=\"javascript:void(0);\" onclick=\"document.getElementById('exclude_ext').value = '$default_exclude_ext';\"{$gt}[Restore Defaults]$lt/a$gt":"").$lt.'/p'.$gt.'
813	'.$lt.'div style="padding: 0 30px;"'.$gt.$lt.'input type="text" placeholder="'.__("a comma separated list of file extentions to skip",'gotmls').'" name="exclude_ext" id="exclude_ext" value="'.implode(",", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"]).'" style="width: 100%;" /'."$gt$lt/div$gt$lt".'p'.$gt.$lt.'b'.$gt.__("Skip directories with the following names:",'gotmls')."$lt/b$gt$lt/p$gt$lt".'div style="padding: 0 30px;"'.$gt.$lt.'input type="text" placeholder="'.__("a folder name or comma separated list of folder names to skip",'gotmls').'" name="exclude_dir" value="'.implode(",", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_dir"]).'" style="width: 100%;" /'.$gt.$lt.'/div'.$gt.'
814	'.$lt.'table style="width: 100%" cellspacing="10"'.$gt.$lt.'tr'.$gt.$lt.'td nowrap valign="top" style="white-space: nowrap; width: 1px;"'.$gt.$lt.'b'.$gt.__("Automatically Update Definitions:",'gotmls').$lt."br$gt$lt/b$gt$lt/td$gt$lt".'td'.$gt.$lt.'div id="UPDATE_definitions_div"'.$gt.$lt.'br'.$gt.$lt.'span style="color: #C00;"'.$gt.__("This feature is only available to registered users who have donated at a certain level.",'gotmls')."$lt/span$gt$lt/div$gt$lt/td$gt$lt".'td align="right" valign="bottom"'.$gt.$lt.'input type="submit" id="save_settings" value="'.__("Save Settings",'gotmls').'" class="button-primary" onclick="document.getElementById(\'scan_type\').value=\'Save\';" /'."$gt$lt/td$gt$lt/tr$gt$lt/table$gt$lt/form$gt";
	@@ -1232,11 +1227,7 @@ if (isset($_REQUEST["eli"]) && ($_REQUEST["eli"] == "debug")) {
1232	}
1233
1234	function GOTMLS_init() {
1235	- ~~global~~ ~~$wp_version~~;
1236	- if (isset($wp_version) && ($wp_version))
1237	- GOTMLS_define("GOTMLS_wp_version", $wp_version);
1238	- else
1239	- GOTMLS_define("GOTMLS_wp_version", "Not Set");
1240	if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_what"]))
1241	$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_what"] = 2;
1242	if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_depth"]))
	@@ -1365,7 +1356,7 @@ function GOTMLS_ajax_fix() {
1365	if (isset($_REQUEST["GOTMLS_fix"]) && is_array($_REQUEST["GOTMLS_fix"]) && isset($_REQUEST["GOTMLS_fixing"]) && $_REQUEST["GOTMLS_fixing"]) {
1366	GOTMLS_update_scan_log(array("settings" => $GLOBALS["GOTMLS"]["tmp"]["settings_array"]));
1367	$callAlert = "clearTimeout(callAlert);\ncallAlert=setTimeout('alert_repaired(1)', 30000);";
1368	- $li_js = "\n<script type=\"text/javascript\">\nvar callAlert;\nfunction alert_repaired(failed) {\nclearTimeout(callAlert);\nif (failed)\nfilesFailed='the rest, try again to change more.';\nwindow.parent.check_for_donation('Fixed '+filesFixed+' files, failed to fix '+filesFailed);\n}\n$callAlert\nwindow.parent.showhide('GOTMLS_iFrame', true);\nfilesFixed=0;\nfilesFailed=0;\nfunction fixedFile(file) {\n filesFixed++;\nif (li_file = window.parent.document.getElementById('check_'+file))\n\tli_file.checked=false;\nif (li_file = window.parent.document.getElementById('list_'+file))\n\tli_file.className='GOTMLS_plugin';\nif (li_file = window.parent.document.getElementById('GOTMLS_quarantine_'+file)) {\n\tli_file.style.display='none';\n\tli_file.innerHTML='';\n\t}\n}\nfunction DeletedFile(file) {\n filesFixed++;\nif (li_file = window.parent.document.getElementById('check_'+file))\n\tli_file.checked=false;\nif (li_file = window.parent.document.getElementById('list_'+file)) {\n\tli_file.className='GOTMLS_plugin';\n\tif (true \|\| !isNaN(file)) {\n\t\tli_file = li_file.parentNode".(isset($_REQUEST["GOTMLS_fix"][0]) && is_numeric($_REQUEST["GOTMLS_fix"][0])?'.parentNode':'').";\n\t\tli_file.style.display='none';\n\t\tli_file.innerHTML='';\n}}}\nfunction failedFile(file) {\n filesFailed++;\nwindow.parent.document.getElementById('check_'+file).checked=false; \n}\n</script>\n<script type=\"text/javascript\">\n/<!--"."/";
1369	@set_time_limit($GLOBALS["GOTMLS"]["tmp"]['execution_time'] * 2);
1370	$HTML = explode("split-here-for-content", GOTMLS_html_tags(array("html" => array("body" => "split-here-for-content"))));
1371	echo $HTML[0];
	@@ -1579,6 +1570,7 @@ if (typeof window.parent.showhide === "function")
1579	}
1580	die('//END OF JavaScript');
1581	} elseif (file_exists($file)) {

1582	GOTMLS_scanfile($file);
1583	$fa = "";
1584	$function = 'GOTMLS_decode';


8	Contributors: scheeeli, gotmls
9	Donate link: https://gotmls.net/donate/
10	Description: This Anti-Virus/Anti-Malware plugin searches for Malware and other Virus like threats and vulnerabilities on your server and helps you remove them. It's always growing and changing to adapt to new threats so let me know if it's not working for you.
11	+ Version: 4.20.59
12	*/
13	if (isset($_SERVER["DOCUMENT_ROOT"]) && ($SCRIPT_FILE = str_replace($_SERVER["DOCUMENT_ROOT"], "", (isset($_SERVER["SCRIPT_FILENAME"])?$_SERVER["SCRIPT_FILENAME"]:(isset($_SERVER["SCRIPT_NAME"])?$_SERVER["SCRIPT_NAME"]:"")))) && strlen($SCRIPT_FILE) > strlen("/".basename(__FILE__)) && substr(__FILE__, -1 * strlen($SCRIPT_FILE)) == substr($SCRIPT_FILE, -1 * strlen(__FILE__)) \|\| !(function_exists("add_action") && function_exists("load_plugin_textdomain")))
14	include(dirname(__FILE__)."/safe-load/index.php");

39	require_once(GOTMLS_plugin_path.'images/index.php');
40
41	function GOTMLS_install() {
42	+ if (strpos(GOTMLS_get_version("URL"), '&wp=') && version_compare(GOTMLS_wp_version, GOTMLS_require_version, "<"))





43	die(GOTMLS_require_version_LANGUAGE.", NOT version: ".GOTMLS_wp_version);
44	else
45	delete_option("GOTMLS_definitions_array");

92	global $current_user, $wpdb;
93	wp_get_current_user();
94	$GOTMLS_url_parts = explode('/', GOTMLS_siteurl);
95	+ $Update_Definitions = array(GOTMLS_update_home.'definitions.js'.$GLOBALS["GOTMLS"]["tmp"]["Definition"]["Updates"].'&'.GOTMLS_get_version_URL.'&'.GOTMLS_set_nonce(__FUNCTION__."108").'&d='.ur1encode(GOTMLS_siteurl));
96	if (isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["auto_UPDATE_definitions"]) && $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["auto_UPDATE_definitions"])
97	array_unshift($Update_Definitions, admin_url('admin-ajax.php?action=GOTMLS_load_update&'.GOTMLS_set_nonce(__FUNCTION__."109").'&UPDATE_definitions_array=1'));
98	else

485	$admin_notice .= $lt.'hr /'.$gt;
486	if ($GOTMLS_nonce_found && isset($_POST["GOTMLS_admin_username"]) && ($current_user->user_login != trim($_POST["GOTMLS_admin_username"])) && strlen(trim($_POST["GOTMLS_admin_username"])) && preg_match('/^\s[a-z_0-9\@\.\-]{3,}\s$/i', $_POST["GOTMLS_admin_username"])) {
487	if ($wpdb->update($wpdb->users, array("user_login" => trim($_POST["GOTMLS_admin_username"])), array("user_login" => $current_user->user_login))) {
488	+ $wpdb->query("UPDATE `{$wpdb->prefix}sitemeta` SET `meta_value` = REPLACE(`meta_value`, 's:5:\"admin\";', 's:".strlen(trim($_POST["GOTMLS_admin_username"])).":\"".trim($_POST["GOTMLS_admin_username"])."\";') WHERE `meta_key` = 'site_admins' AND `meta_value` like '%s:5:\"admin\";%'");
489	$admin_notice .= $lt.'div class="updated"'.$gt.sprintf(__("You username has been change to %s. Don't forget to use your new username when you login again.",'gotmls'), $_POST["GOTMLS_admin_username"]).$lt.'/div'.$gt;
490	} else
491	$admin_notice .= $lt.'div class="error"'.$gt.sprintf(__("SQL Error changing username: %s. Please try again later.",'gotmls'), $wpdb->last_error).$lt.'/div'.$gt;

531	if (isset($you["user_email"]) && strlen($you["user_email"]) == 32) {
532	if ($you["user_email"] == md5($current_user->user_email))
533	$registrant = $current_user->user_email;
534	+ elseif (!($registrant = $wpdb->get_var($wpdb->prepare("SELECT `user_nicename` FROM `$wpdb->users` WHERE MD5(`user_email`) = %s", $you["user_email"]))))
535	$registrant = GOTMLS_siteurl;
536	} else
537	$registrant = GOTMLS_siteurl;

557	$GOTMLS_definitions_versions[$threat_level] = $definition_version[0];
558	asort($GOTMLS_definitions_versions);
559	if (isset($_REQUEST["UPDATE_definitions_array"]) && strlen($_REQUEST["UPDATE_definitions_array"])) {
560	+ $DEF_url = 'http:'.GOTMLS_update_home.'definitions.php?'.GOTMLS_get_version_URL.'&'.GOTMLS_set_nonce(__FUNCTION__."870").'&d='.ur1encode(GOTMLS_siteurl);
561	if (strlen($_REQUEST["UPDATE_definitions_array"]) > 1 && $GOTMLS_nonce_found) {
562	$GOTnew_definitions = maybe_unserialize(GOTMLS_decode($_REQUEST["UPDATE_definitions_array"]));
563	if (is_array($GOTnew_definitions)) {

629	$li = "<li style=\\\"color: #f00;\\\">You have not donated yet!</li>";
630	if (strlen($moreJS) == 0)
631	$moreJS = 'if (foundUpdates = document.getElementById("check_wp_core_div_NA"))
632	+ foundUpdates.innerHTML = "<a target=\'_blank\' href=\'https://gotmls.net/donate/?key='.GOTMLS_installation_key.'\' style=\'color: #f00;\'>Donate $29+ now then enable Automatic Definition Updates to Scan for Core Files changes.</a>";';
633	$moreJS .= "\n\tif (foundUpdates = document.getElementById('pastDonations'))\n\tfoundUpdates.innerHTML = '$li';";
634	if ($GOTMLS_nonce_found)
635	@header("Content-type: text/javascript");

803	}
804	$QuickScan = $lt.((is_dir(dirname(__FILE__)."/../../../wp-includes") && is_dir(dirname(__FILE__)."/../../../wp-admin"))?'a href="'.admin_url("admin.php?page=GOTMLS-settings&scan_type=Quick+Scan&$GOTMLS_nonce_URL").'" class="button-primary" style="min-height: 22px; height: 22px; line-height: 13px; padding: 3px;">WP_Core</a':"!-- No wp-includes or wp-admin --").$gt;
805	foreach (array("Plugins", "Themes") as $ScanFolder)
806	+ $QuickScan .= ' '.$lt.((is_dir(dirname(__FILE__)."/../../../wp-content/".strtolower($ScanFolder)))?'a href="'.admin_url("admin.php?page=GOTMLS-settings&scan_type=Quick+Scan&scan_only%5B%5D=wp-content/".strtolower($ScanFolder)."&$GOTMLS_nonce_URL")."\" class=\"button-primary\" style=\"min-height: 22px; height: 22px; line-height: 13px; padding: 3px;\"$gt$ScanFolder$lt/a":"!-- No $ScanFolder in wp-content --").$gt;
807	$scan_opts .= "\n$lt".'p'.$gt.$lt.'b'.$gt.__("Skip files with the following extensions:",'gotmls')."$lt/b$gt".(($default_exclude_ext!=implode(",", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"]))?" {$lt}a href=\"javascript:void(0);\" onclick=\"document.getElementById('exclude_ext').value = '$default_exclude_ext';\"{$gt}[Restore Defaults]$lt/a$gt":"").$lt.'/p'.$gt.'
808	'.$lt.'div style="padding: 0 30px;"'.$gt.$lt.'input type="text" placeholder="'.__("a comma separated list of file extentions to skip",'gotmls').'" name="exclude_ext" id="exclude_ext" value="'.implode(",", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"]).'" style="width: 100%;" /'."$gt$lt/div$gt$lt".'p'.$gt.$lt.'b'.$gt.__("Skip directories with the following names:",'gotmls')."$lt/b$gt$lt/p$gt$lt".'div style="padding: 0 30px;"'.$gt.$lt.'input type="text" placeholder="'.__("a folder name or comma separated list of folder names to skip",'gotmls').'" name="exclude_dir" value="'.implode(",", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_dir"]).'" style="width: 100%;" /'.$gt.$lt.'/div'.$gt.'
809	'.$lt.'table style="width: 100%" cellspacing="10"'.$gt.$lt.'tr'.$gt.$lt.'td nowrap valign="top" style="white-space: nowrap; width: 1px;"'.$gt.$lt.'b'.$gt.__("Automatically Update Definitions:",'gotmls').$lt."br$gt$lt/b$gt$lt/td$gt$lt".'td'.$gt.$lt.'div id="UPDATE_definitions_div"'.$gt.$lt.'br'.$gt.$lt.'span style="color: #C00;"'.$gt.__("This feature is only available to registered users who have donated at a certain level.",'gotmls')."$lt/span$gt$lt/div$gt$lt/td$gt$lt".'td align="right" valign="bottom"'.$gt.$lt.'input type="submit" id="save_settings" value="'.__("Save Settings",'gotmls').'" class="button-primary" onclick="document.getElementById(\'scan_type\').value=\'Save\';" /'."$gt$lt/td$gt$lt/tr$gt$lt/table$gt$lt/form$gt";

1227	}
1228
1229	function GOTMLS_init() {
1230	+ GOTMLS_define("GOTMLS_get_version_URL", GOTMLS_get_version("URL"));




1231	if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_what"]))
1232	$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_what"] = 2;
1233	if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_depth"]))

1356	if (isset($_REQUEST["GOTMLS_fix"]) && is_array($_REQUEST["GOTMLS_fix"]) && isset($_REQUEST["GOTMLS_fixing"]) && $_REQUEST["GOTMLS_fixing"]) {
1357	GOTMLS_update_scan_log(array("settings" => $GLOBALS["GOTMLS"]["tmp"]["settings_array"]));
1358	$callAlert = "clearTimeout(callAlert);\ncallAlert=setTimeout('alert_repaired(1)', 30000);";
1359	+ $li_js = "\n<script type=\"text/javascript\">\nscanned = 0;\nvar callAlert;\nfunction alert_repaired(failed) {\nclearTimeout(callAlert);\nif (failed)\nfilesFailed='the rest, try again to change more.';\nwindow.parent.check_for_donation('Fixed '+filesFixed+' files, failed to fix '+filesFailed);\n}\n$callAlert\nwindow.parent.showhide('GOTMLS_iFrame', true);\nfilesFixed=0;\nfilesFailed=0;\nfunction fixedFile(file) {\n filesFixed++;\nif (li_file = window.parent.document.getElementById('check_'+file))\n\tli_file.checked=false;\nif (li_file = window.parent.document.getElementById('list_'+file))\n\tli_file.className='GOTMLS_plugin';\nif (li_file = window.parent.document.getElementById('GOTMLS_quarantine_'+file)) {\n\tli_file.style.display='none';\n\tli_file.innerHTML='';\n\t}\n}\nfunction DeletedFile(file) {\n filesFixed++;\nif (li_file = window.parent.document.getElementById('check_'+file))\n\tli_file.checked=false;\nif (li_file = window.parent.document.getElementById('list_'+file)) {\n\tli_file.className='GOTMLS_plugin';\n\tif (true \|\| !isNaN(file)) {\n\t\tli_file = li_file.parentNode".(isset($_REQUEST["GOTMLS_fix"][0]) && is_numeric($_REQUEST["GOTMLS_fix"][0])?'.parentNode':'').";\n\t\tli_file.style.display='none';\n\t\tli_file.innerHTML='';\n}}}\nfunction failedFile(file) {\n filesFailed++;\nwindow.parent.document.getElementById('check_'+file).checked=false; \n}\n</script>\n<script type=\"text/javascript\">\n/<!--"."/";
1360	@set_time_limit($GLOBALS["GOTMLS"]["tmp"]['execution_time'] * 2);
1361	$HTML = explode("split-here-for-content", GOTMLS_html_tags(array("html" => array("body" => "split-here-for-content"))));
1362	echo $HTML[0];

1570	}
1571	die('//END OF JavaScript');
1572	} elseif (file_exists($file)) {
1573	+ echo "<html>\n<head>\n<title>Scan File: ".htmlspecialchars($file)."</title>\n</head>\n<body>";
1574	GOTMLS_scanfile($file);
1575	$fa = "";
1576	$function = 'GOTMLS_decode';

readme.txt CHANGED Viewed

	@@ -5,10 +5,10 @@ Author URI: http://wordpress.ieonly.com/category/my-plugins/anti-malware/
5	Contributors: scheeeli, gotmls
6	Donate link: https://gotmls.net/donate/
7	Tags: security, firewall, anti-malware, scanner, automatic, repair, remove, malware, virus, threat, hacked, malicious, infection, timthumb, exploit, block, brute-force, wp-login, patch, antimalware, revslider, Revolution Slider
8	- Version: 4.19.69
9	- Stable tag: 4.19.69
10	Requires at least: 3.3
11	- Tested up to: 5.4.1
12
13	This Anti-Malware scanner searches for Malware, Viruses, and other security threats and vulnerabilities on your server and it helps you fix them.
14
	@@ -92,6 +92,11 @@ sucuri.net caches their scan results and will not refresh the scan until you cli
92
93	== Changelog ==
94





95	= 4.19.69 =
96	* Fixed a JavaScript error caused by a new French translation.
97	* Checked code for compatibility with WordPress 5.4.1.
	@@ -400,6 +405,9 @@ sucuri.net caches their scan results and will not refresh the scan until you cli
400
401	== Upgrade Notice ==
402



403	= 4.19.69 =
404	Fixed a JavaScript error caused by a new French translation and checked code for compatibility with WordPress 5.4.1.
405


5	Contributors: scheeeli, gotmls
6	Donate link: https://gotmls.net/donate/
7	Tags: security, firewall, anti-malware, scanner, automatic, repair, remove, malware, virus, threat, hacked, malicious, infection, timthumb, exploit, block, brute-force, wp-login, patch, antimalware, revslider, Revolution Slider
8	+ Version: 4.20.59
9	+ Stable tag: 4.20.59
10	Requires at least: 3.3
11	+ Tested up to: 5.7.2
12
13	This Anti-Malware scanner searches for Malware, Viruses, and other security threats and vulnerabilities on your server and it helps you fix them.
14

92
93	== Changelog ==
94
95	+ = 4.20.59 =
96	+ * Various minor bug fixes.
97	+ * Added Core Files Definitions for ClassicPress.
98	+ * Tweaked code for better compatibility with WordPress 5.7.2 and ClassicPress 1.2.0.
99	+
100	= 4.19.69 =
101	* Fixed a JavaScript error caused by a new French translation.
102	* Checked code for compatibility with WordPress 5.4.1.

405
406	== Upgrade Notice ==
407
408	+ = 4.20.59 =
409	+ Various minor bug fixes, added Core Files Definitions for ClassicPress, and tweaked code for better compatibility with WordPress 5.7.2 and ClassicPress 1.2.0.
410	+
411	= 4.19.69 =
412	Fixed a JavaScript error caused by a new French translation and checked code for compatibility with WordPress 5.4.1.
413

Anti-Malware Security and Brute-Force Firewall - Version 4.20.59

Version Description

Release Info

Code changes from version 4.19.69 to 4.20.59