Version Description
- Fixed XSS vulnerability by removing unsanitized QUERY_STRING.
- Cleaned up Quarantine code, removing legacy functions and adding more detailed info.
- Fixed undefined variable notice and checked code for compatibility with WordPress 5.9.2.
Download this release
Release Info
| Developer | scheeeli |
| Plugin |  Anti-Malware Security and Brute-Force Firewall |
| Version | 4.20.96 |
| Comparing to | |
| See all releases | |
Code changes from version 4.20.95 to 4.20.96
- images/index.php +138 -85
- index.php +56 -96
- readme.txt +11 -3
- safe-load/wp-login.php +2 -0
images/index.php
CHANGED
|
@@ -16,7 +16,7 @@ GOTMLS_define("GOTMLS_plugin_path", substr(dirname(__FILE__), 0, strlen(dirname(
|
|
| 16 |
//if (is_file(GOTMLS_plugin_path.$file) && ($contents = @file_get_contents(GOTMLS_plugin_path.$file)) && preg_match('/\nversion:\s*([0-9\.]+)/i', $contents, $match))
|
| 17 |
// GOTMLS_define("GOTMLS_Version", $match[1]);
|
| 18 |
//else
|
| 19 |
-
GOTMLS_define("GOTMLS_Version", '4.20.
|
| 20 |
GOTMLS_define("GOTMLS_require_version", "3.3");
|
| 21 |
if (!function_exists("__")) {
|
| 22 |
function __($text, $domain = "gotmls") {
|
|
@@ -211,7 +211,7 @@ GOTMLS_define("GOTMLS_update_home", "//updates.gotmls.net/".GOTMLS_installation_
|
|
| 211 |
function GOTMLS_get_corefile_URL($path, $hash) {
|
| 212 |
if (strpos($URL = GOTMLS_get_version("URL"), '&cp='))
|
| 213 |
//$hash != md5($contents)."O".strlen($contents)
|
| 214 |
-
return 'http:'.GOTMLS_update_home.'cp_core.php?'.$URL.'&f='.GOTMLS_encode($path)."&h=$hash&ts=".
|
| 215 |
else
|
| 216 |
return "http://core.svn.wordpress.org/tags/".GOTMLS_wp_version."$path";
|
| 217 |
}
|
|
@@ -286,7 +286,7 @@ function GOTMLS_fileperms($file) {
|
|
| 286 |
}
|
| 287 |
|
| 288 |
function GOTMLS_file_details($file) {
|
| 289 |
-
return '<div id="file_details_'.md5($file).'" class="shadowed-box rounded-corners" style="display: none; position: absolute; left: 8px; top: 29px; background-color: #ccc; border: medium solid #C00; box-shadow: -3px 3px 3px #666; border-radius: 10px; padding: 10px;"><b>File Details: '.GOTMLS_htmlspecialchars(basename($file)).'</b><br />in: '.dirname(realpath($file)).'<br />size: '.filesize(realpath($file)).' ( '.ceil(strlen(GOTMLS_htmlspecialchars($GLOBALS["GOTMLS"]["tmp"]["file_contents"]))/1024).' KB )<br />encoding: '.(isset($GLOBALS["GOTMLS"]["tmp"]["encoding"])?$GLOBALS["GOTMLS"]["tmp"]["encoding"]:(function_exists("mb_detect_encoding")?mb_detect_encoding($GLOBALS["GOTMLS"]["tmp"]["file_contents"]):"Unknown")).'<br />permissions: '.GOTMLS_fileperms(realpath($file)).'<br />Owner/Group: '.fileowner(realpath($file)).'/'.filegroup(realpath($file)).' (you are: '.getmyuid().'/'.getmygid().')<br />modified:'.
|
| 290 |
}
|
| 291 |
|
| 292 |
function GOTMLS_admin_url($url = '') {
|
|
@@ -302,7 +302,7 @@ function GOTMLS_close_button($box_id, $margin = '6px') {
|
|
| 302 |
}
|
| 303 |
|
| 304 |
function GOTMLS_get_styles($pre_style = '<style>') {
|
| 305 |
-
$head_nonce = GOTMLS_set_nonce(__FUNCTION__."
|
| 306 |
return $pre_style.'
|
| 307 |
span.GOTMLS_date {float: right; width: 130px; white-space: nowrap;}
|
| 308 |
.GOTMLS_page {float: left; border-radius: 10px; padding: 0 5px;}
|
|
@@ -328,7 +328,7 @@ iframe {border: 0;}
|
|
| 328 |
.GOTMLS h2 {margin: 0 0 10px;}
|
| 329 |
.postbox {margin-right: 10px; line-height: 1.4; font-size: 13px;}
|
| 330 |
#pastDonations li {list-style: none;}
|
| 331 |
-
#quarantine_buttons {
|
| 332 |
#quarantine_buttons input.button-primary {margin-right: 20px;}
|
| 333 |
#reclean_buttons {
|
| 334 |
color: #a00;
|
|
@@ -552,22 +552,55 @@ function GOTMLS_get_header($optional_box = "") {
|
|
| 552 |
return GOTMLS_get_styles($pre_style).'<div id="main-page-title"><h1 style="vertical-align: middle;">Anti-Malware from GOTMLS.NET</h1></div>';
|
| 553 |
}
|
| 554 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 555 |
function GOTMLS_get_quarantine($only = false) {
|
| 556 |
global $wpdb, $post;
|
| 557 |
if (is_numeric($only))
|
| 558 |
return get_post($only, ARRAY_A);
|
| 559 |
elseif ($only)
|
| 560 |
-
return $wpdb->get_var("SELECT COUNT(*) FROM `$wpdb->posts` WHERE `post_type` = 'GOTMLS_quarantine' AND `post_status`
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 561 |
else
|
| 562 |
-
$args
|
| 563 |
-
if (isset($_POST["paged"]) && is_numeric($_POST["paged"]))
|
| 564 |
-
$args["paged"] = (INT) $_POST["paged"];
|
| 565 |
$my_query = new WP_Query($args);
|
| 566 |
-
$Q_Paged = '<form method="POST" name="GOTMLS_Form_page"><div style="float: left;">Page:</div>';
|
| 567 |
-
$Q_Page = '
|
| 568 |
-
<form method="POST" action="'.admin_url('admin-ajax.php?'.GOTMLS_set_nonce(__FUNCTION__."645")).(isset($_SERVER["QUERY_STRING"])&&strlen($_SERVER["QUERY_STRING"])?"&".$_SERVER["QUERY_STRING"]:"").'" target="GOTMLS_iFrame" name="GOTMLS_Form_clean"><input type="hidden" id="GOTMLS_fixing" name="GOTMLS_fixing" value="1"><input type="hidden" name="action" value="GOTMLS_fix">';
|
| 569 |
if ($my_query->have_posts()) {
|
| 570 |
-
$Q_Page
|
| 571 |
<p id="reclean_buttons" style="display: none;"><input id="reclean_button" type="submit" value="'.__("Re-clean re-infected files",'gotmls').'" class="button-primary" onclick="checkAllFiles(false); setvalAllFiles(1); loadIframe(\'Reinfected File Recleaning Results\');" /><b>'.__("The items highlighted in red have been found to be re-infected. The malicious code has returned and needs to be cleaned again.",'gotmls').'</b></p>
|
| 572 |
<ul name="found_Quarantine" id="found_Quarantine" class="GOTMLS_plugin known" style="background-color: #ccc; padding: 0;"><h3 style="margin: 8px 12px;">'.($my_query->post_count>1?'<input type="checkbox" onchange="checkAllFiles(this.checked); document.getElementById(\'quarantine_buttons\').style.display = \'block\';"> '.sprintf(__("Check all %d",'gotmls'),$my_query->post_count):"").__(" Items in Quarantine",'gotmls').'<span class="GOTMLS_date">'.__("Quarantined",'gotmls').'</span><span class="GOTMLS_date">'.__("Date Infected",'gotmls').'</span></h3>';
|
| 573 |
$root_path = implode(GOTMLS_slash(), array_slice(GOTMLS_explode_dir(__FILE__), 0, (2 + intval($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"])) * -1));
|
|
@@ -603,19 +636,13 @@ function GOTMLS_get_quarantine($only = false) {
|
|
| 603 |
}
|
| 604 |
}
|
| 605 |
$Q_Page .= '
|
| 606 |
-
<li id="GOTMLS_quarantine_'.((INT) $post->ID).'" class="GOTMLS_quarantine_item" onmouseover="this.style.fontWeight=\'bold\';" onmouseout="this.style.fontWeight=\'normal\';"><span class="GOTMLS_date">'.GOTMLS_error_link(__("View Quarantine Record",'gotmls'), $post->ID, $threat).$post->post_date_gmt.'</a></span><span class="GOTMLS_date">'.GOTMLS_htmlspecialchars($post->post_modified_gmt).'</span><input type="checkbox" name="GOTMLS_fix[]" value="'.$action.'" /><img src="'.GOTMLS_images_path.$gif.'" height=16 width=16 alt="Q">'.$link.GOTMLS_htmlspecialchars(str_replace($root_path, "...", $post->post_title))."</a></li>\n";
|
| 607 |
-
}
|
| 608 |
-
$Q_Page .= "\n</ul>";
|
| 609 |
-
for ($p = 1; $p <= $my_query->max_num_pages; $p++) {
|
| 610 |
-
$Q_Paged .= '<input class="GOTMLS_page" type="submit" value="'.$p.'"'.((isset($_POST["paged"]) && $_POST["paged"] == $p) || (!isset($_POST["paged"]) && 1 == $p)?" DISABLED":"").' name="paged">';
|
| 611 |
}
|
|
|
|
| 612 |
} else
|
| 613 |
-
$Q_Page
|
| 614 |
wp_reset_query();
|
| 615 |
-
|
| 616 |
-
if (($trashed = $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->posts WHERE `post_type` = 'GOTMLS_quarantine' AND `post_status` != 'private'")) > 1)
|
| 617 |
-
$return = '<a href="'.admin_url('admin-ajax.php?action=GOTMLS_empty_trash&'.GOTMLS_set_nonce(__FUNCTION__."720")).'" id="empty_trash_link" style="float: right;" target="GOTMLS_statusFrame">['.sprintf(__("Purge %s Deleted Quarantine records (%s restored) from the Trash",'gotmls'), $trashed, $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->posts WHERE `post_type` = 'GOTMLS_quarantine' AND `post_status` = 'pending'"))."]</a>$return";
|
| 618 |
-
return $return;
|
| 619 |
}
|
| 620 |
|
| 621 |
function GOTMLS_box($bTitle, $bContents, $bType = "postbox") {
|
|
@@ -632,44 +659,49 @@ function GOTMLS_box($bTitle, $bContents, $bType = "postbox") {
|
|
| 632 |
</div>';
|
| 633 |
}
|
| 634 |
|
| 635 |
-
|
| 636 |
-
|
| 637 |
-
|
| 638 |
-
|
| 639 |
-
|
| 640 |
-
|
| 641 |
-
|
| 642 |
-
|
| 643 |
-
|
| 644 |
-
|
| 645 |
-
|
| 646 |
-
|
| 647 |
-
|
| 648 |
-
|
| 649 |
-
|
| 650 |
-
|
| 651 |
-
|
| 652 |
-
|
| 653 |
-
|
| 654 |
-
|
| 655 |
-
|
| 656 |
-
|
| 657 |
-
|
| 658 |
-
|
| 659 |
-
|
| 660 |
-
|
| 661 |
-
|
| 662 |
-
|
| 663 |
-
|
| 664 |
-
|
| 665 |
-
|
| 666 |
-
|
| 667 |
-
|
| 668 |
-
|
| 669 |
-
|
| 670 |
-
|
| 671 |
-
|
| 672 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 673 |
function select_text_range(ta_id, start, end) {
|
| 674 |
var textBox = document.getElementById(ta_id);
|
| 675 |
var scrolledText = "";
|
|
@@ -690,13 +722,37 @@ function select_text_range(ta_id, start, end) {
|
|
| 690 |
} else
|
| 691 |
alert("The highlighting function does not work in your browser");
|
| 692 |
}
|
| 693 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 694 |
} else
|
| 695 |
die('<h3>Item NOT Found in Quarantine</h3>');
|
| 696 |
} else {
|
| 697 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 698 |
if (is_array($my_query) && count($my_query)) {
|
| 699 |
-
$Q_Page
|
| 700 |
<ul name="found_Quarantine" id="found_Quarantine" class="GOTMLS_plugin known" style="background-color: #ccc; padding: 0;"><h3 style="margin: 8px 12px;">'.(count($my_query)>1?'<input type="checkbox" onchange="checkAllFiles(this.checked); document.getElementById(\'quarantine_buttons\').style.display = \'block\';"> '.sprintf(__("Check all %d",'gotmls'),count($my_query)):"").__(" Items in Quarantine",'gotmls').'<span class="GOTMLS_date">'.__("Quarantined",'gotmls').'</span><span class="GOTMLS_date">'.__("Date Infected",'gotmls').'</span></h3>';
|
| 701 |
$root_path = implode(GOTMLS_slash(), array_slice(GOTMLS_explode_dir(__FILE__), 0, (2 + intval($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"])) * -1));
|
| 702 |
foreach ($my_query as $post_a) {
|
|
@@ -705,22 +761,18 @@ function select_text_range(ta_id, start, end) {
|
|
| 705 |
if (isset($_REQUEST["id"]) && is_array($_REQUEST["id"]) && in_array($post_a["ID"], $_REQUEST["id"])) {
|
| 706 |
$restored = " read-only disabled";
|
| 707 |
if (GOTMLS_file_put_contents($post_a["post_title"], GOTMLS_decode($post_a["post_content"]))) {
|
| 708 |
-
$post_a["post_modified_gmt"] =
|
| 709 |
$image = "checked";
|
| 710 |
-
$wpdb->query($wpdb->prepare("UPDATE `{$wpdb->prefix}posts` SET `post_status` = 'pending' WHERE `post_type` = 'GOTMLS_quarantine' AND `
|
| 711 |
}
|
| 712 |
}
|
| 713 |
$Q_Page .= '
|
| 714 |
-
<li id="GOTMLS_quarantine_'.$post_a["ID"].'" class="GOTMLS_quarantine_item"><span class="GOTMLS_date">'.$post_a["post_date_gmt"].'</span><span class="GOTMLS_date">'.$post_a["post_modified_gmt"].'</span><input'.$restored.' type="checkbox" name="id[]" value="'.$post_a["ID"].'" id="GOTMLS_quarantine_check_'.$post_a["ID"].'" onchange="document.getElementById(\'quarantine_buttons\').style.display = \'block\';" /><img src="'.$image.'.gif" height=16 width=16 alt="Q"><a class="GOTMLS_plugin '.$restored.$post_a["ping_status"].'" target="_blank" href="?page=GOTMLS_View_Quarantine&id='.$post_a["ID"].'&'.GOTMLS_set_nonce(__FUNCTION__."
|
| 715 |
-
}
|
| 716 |
-
$Q_Page .= "\n</ul>";
|
| 717 |
-
for ($p = 1; $p <= 0; $p++) {
|
| 718 |
-
$Q_Paged .= '<input class="GOTMLS_page" type="submit" value="'.$p.'"'.((isset($_POST["paged"]) && $_POST["paged"] == $p) || (!isset($_POST["paged"]) && 1 == $p)?" DISABLED":"").' onclick="document.getElementById(\'GOTMLS_paged\').value = \''.$p.'\';">';
|
| 719 |
}
|
|
|
|
| 720 |
} else
|
| 721 |
-
$Q_Page
|
| 722 |
-
|
| 723 |
-
die(GOTMLS_html_tags(array("html" => array("body" => GOTMLS_get_header().GOTMLS_box(__("View Quarantine",'gotmls'), "$return")))));
|
| 724 |
}
|
| 725 |
} catch (Exception $e) {
|
| 726 |
die('Caught exception: '.GOTMLS_htmlspecialchars($e->getMessage())."\n");
|
|
@@ -1031,7 +1083,7 @@ function GOTMLS_scanfile($file) {
|
|
| 1031 |
if (isset($_GET["debug"]) && $_GET["debug"] == "scan")
|
| 1032 |
echo "\n<li>Found: ".count($GLOBALS["GOTMLS"]["tmp"]["threats_found"]);
|
| 1033 |
if (count($GLOBALS["GOTMLS"]["tmp"]["threats_found"])) {
|
| 1034 |
-
$threat_link = $lt.'a target="GOTMLS_iFrame" href="'.admin_url('admin-ajax.php?action=GOTMLS_scan&'.GOTMLS_set_nonce(__FUNCTION__."
|
| 1035 |
if ($className == "errors") {
|
| 1036 |
$GLOBALS["GOTMLS"]["tmp"]["debug_fix"]="errors";
|
| 1037 |
$threat_link = GOTMLS_error_link($GLOBALS["GOTMLS"]["tmp"]["file_contents"], $file);
|
|
@@ -1149,7 +1201,7 @@ function GOTMLS_db_scan($id = 0) {
|
|
| 1149 |
}
|
| 1150 |
return $li_js;
|
| 1151 |
} else {
|
| 1152 |
-
return admin_url('admin-ajax.php?'.GOTMLS_set_nonce(__FUNCTION__."
|
| 1153 |
}
|
| 1154 |
} elseif (($Q_post = GOTMLS_get_quarantine($ids[0])) && isset($Q_post["post_content"])) {
|
| 1155 |
$path = $Q_post["post_type"].' ID: '.$Q_post["ID"];
|
|
@@ -1203,7 +1255,7 @@ function GOTMLS_db_scan($id = 0) {
|
|
| 1203 |
}
|
| 1204 |
return $li_js;
|
| 1205 |
} else {
|
| 1206 |
-
return admin_url('admin-ajax.php?'.GOTMLS_set_nonce(__FUNCTION__."
|
| 1207 |
}
|
| 1208 |
} else
|
| 1209 |
die(GOTMLS_html_tags(array("html" => array("body" => __("This record no longer exists.",'gotmls')."<br />\n<script type=\"text/javascript\">\nwindow.parent.showhide('GOTMLS_iFrame', true);\n</script>"))));
|
|
@@ -1411,21 +1463,21 @@ function GOTMLS_write_quarantine($file, $className) {
|
|
| 1411 |
$insert["comment_count"] = strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]);
|
| 1412 |
$file = $file["post_type"].':'.$file["ID"].':"'.$file["post_title"].'"';
|
| 1413 |
} elseif (isset($file["option_id"]) && is_numeric($file["option_id"])) {
|
| 1414 |
-
$insert["post_modified"] =
|
| 1415 |
-
$insert["post_modified_gmt"] =
|
| 1416 |
$insert["comment_count"] = strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]);
|
| 1417 |
$file = $wpdb->options.':'.$file["option_id"].':"'.$file["option_name"].'"';
|
| 1418 |
}
|
| 1419 |
$insert["post_title"] = $file;
|
| 1420 |
-
$insert["post_date"] =
|
| 1421 |
$insert["post_date_gmt"] = $insert["post_date"];
|
| 1422 |
if (is_file($file)) {
|
| 1423 |
if (@filemtime($file))
|
| 1424 |
-
$insert["post_modified"] =
|
| 1425 |
else
|
| 1426 |
$insert["post_modified"] = $insert["post_date"];
|
| 1427 |
if (@filectime($file))
|
| 1428 |
-
$insert["post_modified_gmt"] =
|
| 1429 |
else
|
| 1430 |
$insert["post_modified_gmt"] = $insert["post_date"];
|
| 1431 |
if (!($insert["comment_count"] = @filesize($file)))
|
|
@@ -1561,7 +1613,7 @@ function GOTMLS_sexagesimal($timestamp = 0) {
|
|
| 1561 |
elseif ($timestamp && strtotime($timestamp))
|
| 1562 |
$date = date("y-m-d-H-i", strtotime($timestamp));
|
| 1563 |
else
|
| 1564 |
-
$date =
|
| 1565 |
foreach (explode("-", $date) as $bit)
|
| 1566 |
$date .= (intval($bit)>35?chr(ord("a")+intval($bit)-36):(intval($bit)>9?chr(ord("A")+intval($bit)-10):substr('0'.$bit, -1)));
|
| 1567 |
return substr($date, -5);
|
|
@@ -1591,11 +1643,12 @@ function GOTMLS_error_link($errorTXT, $file = "", $class = "errors") {
|
|
| 1591 |
$js_file = GOTMLS_strip4java(GOTMLS_htmlspecialchars($wpdb->get_var($wpdb->prepare("SELECT CONCAT(`post_type`, `ID`, ': ', `post_title`) FROM `$wpdb->posts` WHERE `ID` = %s", (INT) $ids[0])), ENT_NOQUOTES));
|
| 1592 |
else
|
| 1593 |
$js_file = GOTMLS_strip4java(GOTMLS_htmlspecialchars($file, ENT_NOQUOTES));
|
|
|
|
| 1594 |
if (count($ids) == 2 && is_numeric($ids[0])) {
|
| 1595 |
$encoded_file = (INT) $file;
|
| 1596 |
-
$onclick = 'loadIframe(\''.str_replace("\"", """, '<div style="float: left; white-space: nowrap;">'.GOTMLS_strip4java(__("Examine Quarantined Content",'gotmls')).' ... </div><div style="overflow: hidden; position: relative; height: 20px;"><div style="position: absolute; right: 0px; text-align: right; width: 9000px;">'.$js_file).'</div></div>\');" href="'.admin_url('admin-ajax.php?action=GOTMLS_scan&'.
|
| 1597 |
} elseif ($file)
|
| 1598 |
-
$onclick = 'loadIframe(\''.str_replace("\"", """, '<div style="float: left; white-space: nowrap;">'.GOTMLS_strip4java(__("Examine Current Content",'gotmls')).' ... </div><div style="overflow: hidden; position: relative; height: 20px;"><div style="position: absolute; right: 0px; text-align: right; width: 9000px;">'.$js_file).'</div></div>\');" href="'.admin_url('admin-ajax.php?action=GOTMLS_scan&'.
|
| 1599 |
else
|
| 1600 |
$onclick = 'return false;';
|
| 1601 |
return "<a id=\"list_$encoded_file\" title=\"$errorTXT\" target=\"GOTMLS_iFrame\" onclick=\"$onclick\" class=\"GOTMLS_plugin $class\">";
|
| 16 |
//if (is_file(GOTMLS_plugin_path.$file) && ($contents = @file_get_contents(GOTMLS_plugin_path.$file)) && preg_match('/\nversion:\s*([0-9\.]+)/i', $contents, $match))
|
| 17 |
// GOTMLS_define("GOTMLS_Version", $match[1]);
|
| 18 |
//else
|
| 19 |
+
GOTMLS_define("GOTMLS_Version", '4.20.96');
|
| 20 |
GOTMLS_define("GOTMLS_require_version", "3.3");
|
| 21 |
if (!function_exists("__")) {
|
| 22 |
function __($text, $domain = "gotmls") {
|
| 211 |
function GOTMLS_get_corefile_URL($path, $hash) {
|
| 212 |
if (strpos($URL = GOTMLS_get_version("URL"), '&cp='))
|
| 213 |
//$hash != md5($contents)."O".strlen($contents)
|
| 214 |
+
return 'http:'.GOTMLS_update_home.'cp_core.php?'.$URL.'&f='.GOTMLS_encode($path)."&h=$hash&ts=".gmdate("YmdHis").'&d='.urlencode(GOTMLS_siteurl);
|
| 215 |
else
|
| 216 |
return "http://core.svn.wordpress.org/tags/".GOTMLS_wp_version."$path";
|
| 217 |
}
|
| 286 |
}
|
| 287 |
|
| 288 |
function GOTMLS_file_details($file) {
|
| 289 |
+
return '<div id="file_details_'.md5($file).'" class="shadowed-box rounded-corners" style="display: none; position: absolute; left: 8px; top: 29px; background-color: #ccc; border: medium solid #C00; box-shadow: -3px 3px 3px #666; border-radius: 10px; padding: 10px;"><b>File Details: '.GOTMLS_htmlspecialchars(basename($file)).'</b><br />in: '.dirname(realpath($file)).'<br />size: '.filesize(realpath($file)).' ( '.ceil(strlen(GOTMLS_htmlspecialchars($GLOBALS["GOTMLS"]["tmp"]["file_contents"]))/1024).' KB )<br />encoding: '.(isset($GLOBALS["GOTMLS"]["tmp"]["encoding"])?$GLOBALS["GOTMLS"]["tmp"]["encoding"]:(function_exists("mb_detect_encoding")?mb_detect_encoding($GLOBALS["GOTMLS"]["tmp"]["file_contents"]):"Unknown")).'<br />permissions: '.GOTMLS_fileperms(realpath($file)).'<br />Owner/Group: '.fileowner(realpath($file)).'/'.filegroup(realpath($file)).' (you are: '.getmyuid().'/'.getmygid().')<br />modified:'.gmdate(" Y-m-d H:i:s ", filemtime(realpath($file))).'<br />changed:'.gmdate(" Y-m-d H:i:s ", filectime(realpath($file))).'</div>';
|
| 290 |
}
|
| 291 |
|
| 292 |
function GOTMLS_admin_url($url = '') {
|
| 302 |
}
|
| 303 |
|
| 304 |
function GOTMLS_get_styles($pre_style = '<style>') {
|
| 305 |
+
$head_nonce = GOTMLS_set_nonce(__FUNCTION__."305");
|
| 306 |
return $pre_style.'
|
| 307 |
span.GOTMLS_date {float: right; width: 130px; white-space: nowrap;}
|
| 308 |
.GOTMLS_page {float: left; border-radius: 10px; padding: 0 5px;}
|
| 328 |
.GOTMLS h2 {margin: 0 0 10px;}
|
| 329 |
.postbox {margin-right: 10px; line-height: 1.4; font-size: 13px;}
|
| 330 |
#pastDonations li {list-style: none;}
|
| 331 |
+
#quarantine_buttons {margin: 0px; padding: 0px;}
|
| 332 |
#quarantine_buttons input.button-primary {margin-right: 20px;}
|
| 333 |
#reclean_buttons {
|
| 334 |
color: #a00;
|
| 552 |
return GOTMLS_get_styles($pre_style).'<div id="main-page-title"><h1 style="vertical-align: middle;">Anti-Malware from GOTMLS.NET</h1></div>';
|
| 553 |
}
|
| 554 |
|
| 555 |
+
function GOTMLS_get_pagination($count, $wrap = "") {
|
| 556 |
+
$Q_Paged = "";
|
| 557 |
+
if (isset($_REQUEST["paged"]) && is_numeric($_REQUEST["paged"])) {
|
| 558 |
+
if ((INT) $count < (INT) $_REQUEST["paged"])
|
| 559 |
+
$GLOBALS["GOTMLS"]["Quarantine"]["paged"] = (INT) $count;
|
| 560 |
+
else
|
| 561 |
+
$GLOBALS["GOTMLS"]["Quarantine"]["paged"] = (INT) $_REQUEST["paged"];
|
| 562 |
+
} else
|
| 563 |
+
$GLOBALS["GOTMLS"]["Quarantine"]["paged"] = 1;
|
| 564 |
+
for ($p = 1; $p <= $count; $p++) {
|
| 565 |
+
$Q_Paged .= '<input class="GOTMLS_page" type="submit" value="'.$p.'"'.((isset($GLOBALS["GOTMLS"]["Quarantine"]["paged"]) && $GLOBALS["GOTMLS"]["Quarantine"]["paged"] == $p) || (!isset($GLOBALS["GOTMLS"]["Quarantine"]["paged"]) && 1 == $p)?" DISABLED":"").' name="paged">';
|
| 566 |
+
}
|
| 567 |
+
if ($Q_Paged) {
|
| 568 |
+
foreach ($_GET as $name => $value) {
|
| 569 |
+
if (substr($name, 0, 10) != 'paged') {
|
| 570 |
+
if (is_array($value)) {
|
| 571 |
+
foreach ($value as $val)
|
| 572 |
+
$Q_Paged .= '<input type="hidden" name="'.GOTMLS_htmlspecialchars($name).'[]" value="'.GOTMLS_htmlspecialchars($val).'">';
|
| 573 |
+
} else
|
| 574 |
+
$Q_Paged .= '<input type="hidden" name="'.GOTMLS_htmlspecialchars($name).'" value="'.GOTMLS_htmlspecialchars($value).'">';
|
| 575 |
+
}
|
| 576 |
+
}
|
| 577 |
+
$Q_Paged = '<form method="GET" name="GOTMLS_Form_page"><div style="float: left;">Page:</div>'."$Q_Paged\n</form><br style=\"clear: left;\" />\n";
|
| 578 |
+
}
|
| 579 |
+
if ($wrap)
|
| 580 |
+
return "$Q_Paged<!-- p = $p , count = $count -->$wrap$Q_Paged";
|
| 581 |
+
else
|
| 582 |
+
return $Q_Paged;
|
| 583 |
+
}
|
| 584 |
+
|
| 585 |
function GOTMLS_get_quarantine($only = false) {
|
| 586 |
global $wpdb, $post;
|
| 587 |
if (is_numeric($only))
|
| 588 |
return get_post($only, ARRAY_A);
|
| 589 |
elseif ($only)
|
| 590 |
+
return $wpdb->get_var("SELECT COUNT(*) FROM `$wpdb->posts` WHERE `post_type` = 'GOTMLS_quarantine' AND `post_status` != 'trash'");
|
| 591 |
+
else
|
| 592 |
+
$args = array("orderby" => 'date', "post_type" => 'GOTMLS_quarantine', "post_status" => array('pending', 'draft', 'private'));
|
| 593 |
+
if (isset($_REQUEST["post_status"]))
|
| 594 |
+
$args["post_status"] = $_REQUEST["post_status"];
|
| 595 |
+
if (isset($_REQUEST["paged"]) && is_numeric($_REQUEST["paged"]))
|
| 596 |
+
$args["paged"] = (INT) $_REQUEST["paged"];
|
| 597 |
+
if (isset($_REQUEST["posts_per_page"]) && is_numeric($_REQUEST["posts_per_page"]) && ($_REQUEST["posts_per_page"]))
|
| 598 |
+
$args["posts_per_page"] = (INT) $_REQUEST["posts_per_page"];
|
| 599 |
else
|
| 600 |
+
$args["posts_per_page"] = 200;
|
|
|
|
|
|
|
| 601 |
$my_query = new WP_Query($args);
|
|
|
|
|
|
|
|
|
|
| 602 |
if ($my_query->have_posts()) {
|
| 603 |
+
$Q_Page = '<form method="POST" action="'.admin_url('admin-ajax.php'/*.(isset($_SERVER["QUERY_STRING"])&&strlen($_SERVER["QUERY_STRING"])?"?".$_SERVER["QUERY_STRING"]:"")*/).'" target="GOTMLS_iFrame" name="GOTMLS_Form_clean"><input type="hidden" id="GOTMLS_fixing" name="GOTMLS_fixing" value="1"><input type="hidden" name="'.str_replace('=', '" value="', GOTMLS_set_nonce(__FUNCTION__."603")).'"><input type="hidden" name="action" value="GOTMLS_fix"><p id="quarantine_buttons" style="display: none;"><input id="repair_button" type="submit" value="'.__("Restore selected files from quarantine records",'gotmls').'" class="button-primary" onclick="if (confirm(\''.__("Are you sure you want to overwrite the previously cleaned files with the selected files in the Quarantine?",'gotmls').'\')) { setvalAllFiles(1); loadIframe(\'File Restoration Results\'); } else return false;" /><input id="delete_button" type="submit" class="button-primary" value="'.__("Delete selected quarantine records",'gotmls').'" onclick="if (confirm(\''.__("Are you sure you want to permanently delete the selected files in the Quarantine?",'gotmls').'\')) { setvalAllFiles(2); loadIframe(\'File Deletion Results\'); } else return false;" /></p><p><b>'.__("The following items highlighted in yellow had been found to contain malicious code, they have been cleaned and the malicious contents have been removed. A record of the infection has been saved here in the Quarantine for your review and could help with any future investigations. The code is safe here and you do not need to do anything further with these files.",'gotmls').'</b></p>
|
| 604 |
<p id="reclean_buttons" style="display: none;"><input id="reclean_button" type="submit" value="'.__("Re-clean re-infected files",'gotmls').'" class="button-primary" onclick="checkAllFiles(false); setvalAllFiles(1); loadIframe(\'Reinfected File Recleaning Results\');" /><b>'.__("The items highlighted in red have been found to be re-infected. The malicious code has returned and needs to be cleaned again.",'gotmls').'</b></p>
|
| 605 |
<ul name="found_Quarantine" id="found_Quarantine" class="GOTMLS_plugin known" style="background-color: #ccc; padding: 0;"><h3 style="margin: 8px 12px;">'.($my_query->post_count>1?'<input type="checkbox" onchange="checkAllFiles(this.checked); document.getElementById(\'quarantine_buttons\').style.display = \'block\';"> '.sprintf(__("Check all %d",'gotmls'),$my_query->post_count):"").__(" Items in Quarantine",'gotmls').'<span class="GOTMLS_date">'.__("Quarantined",'gotmls').'</span><span class="GOTMLS_date">'.__("Date Infected",'gotmls').'</span></h3>';
|
| 606 |
$root_path = implode(GOTMLS_slash(), array_slice(GOTMLS_explode_dir(__FILE__), 0, (2 + intval($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"])) * -1));
|
| 636 |
}
|
| 637 |
}
|
| 638 |
$Q_Page .= '
|
| 639 |
+
<li id="GOTMLS_quarantine_'.((INT) $post->ID).'" class="GOTMLS_quarantine_item" onmouseover="this.style.fontWeight=\'bold\';" onmouseout="this.style.fontWeight=\'normal\';"><span class="GOTMLS_date">'.GOTMLS_error_link(__("View Quarantine Record",'gotmls'), $post->ID, $threat).$post->post_date_gmt.'</a></span><span class="GOTMLS_date">'.GOTMLS_htmlspecialchars($post->post_modified_gmt).'</span><input type="checkbox" name="GOTMLS_fix[]" value="'.$action.'" /><img src="'.GOTMLS_images_path.$gif.'" height=16 width=16 alt="Q">'.$link.GOTMLS_htmlspecialchars(str_replace($root_path, "...", $post->post_title)).((isset($_REQUEST["GOTMLS_debug"]) && is_file($post->post_title))?' (mod:'.gmdate("Y-m-d H:i:s", filemtime($post->post_title)).' chgn:'.gmdate("Y-m-d H:i:s", filectime($post->post_title)).' '.filesize($post->post_title).' bytes)':"")."</a></li>\n";
|
|
|
|
|
|
|
|
|
|
|
|
|
| 640 |
}
|
| 641 |
+
$Q_Page = GOTMLS_get_pagination($my_query->max_num_pages, "$Q_Page\n</ul>\n</form>");
|
| 642 |
} else
|
| 643 |
+
$Q_Page = '<h3>'.__("No Items in Quarantine",'gotmls').'</h3>';
|
| 644 |
wp_reset_query();
|
| 645 |
+
return $Q_Page;
|
|
|
|
|
|
|
|
|
|
| 646 |
}
|
| 647 |
|
| 648 |
function GOTMLS_box($bTitle, $bContents, $bType = "postbox") {
|
| 659 |
</div>';
|
| 660 |
}
|
| 661 |
|
| 662 |
+
function GOTMLS_view_details($Q_post, $pretext = "") {
|
| 663 |
+
$gt = ">"; // This local variable never changes
|
| 664 |
+
$lt = "<"; // This local variable never changes
|
| 665 |
+
$title = __("View Details:",'gotmls');
|
| 666 |
+
$clean_file = $Q_post["post_title"];
|
| 667 |
+
$size = strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]);
|
| 668 |
+
if (!(function_exists("mb_detect_encoding") && ($encoding = mb_detect_encoding($GLOBALS["GOTMLS"]["tmp"]["file_contents"]))))
|
| 669 |
+
$encoding = "UTF-8";
|
| 670 |
+
mb_internal_encoding($encoding);
|
| 671 |
+
mb_regex_encoding($encoding);
|
| 672 |
+
$GLOBALS["GOTMLS"]["tmp"]["file_contents"] = mb_ereg_replace("\r", "", $GLOBALS["GOTMLS"]["tmp"]["file_contents"]);
|
| 673 |
+
$fa = "";
|
| 674 |
+
if (isset($Q_post["post_excerpt"]) && strlen($Q_post["post_excerpt"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["threats_found"] = @unserialize(GOTMLS_decode($Q_post["post_excerpt"])))) {
|
| 675 |
+
$f = 1;
|
| 676 |
+
foreach ($GLOBALS["GOTMLS"]["tmp"]["threats_found"] as $threats_found => $threats_name) {
|
| 677 |
+
$ends = explode("-", "$threats_found--", 3);
|
| 678 |
+
if (strlen($ends[0]) > 0 && strlen($ends[1]) > 0 && is_numeric($ends[1]) && is_numeric($ends[0])) {
|
| 679 |
+
if ($ends[1] < $ends[0])
|
| 680 |
+
$ends = array_reverse($ends);
|
| 681 |
+
$fa .= $lt.'a title="'.GOTMLS_htmlspecialchars($threats_name).'" href="javascript:select_text_range(\'ta_file\', '.$ends[0].', '.$ends[1].');"'.$gt.'['.$f++."]$lt/a$gt ";
|
| 682 |
+
} else {
|
| 683 |
+
if (is_numeric($threats_found)) {
|
| 684 |
+
$threats_found = $threats_name;
|
| 685 |
+
$threats_name = $f;
|
| 686 |
+
}
|
| 687 |
+
$fpos = 0;
|
| 688 |
+
$flen = 0;
|
| 689 |
+
$potential_threat = mb_ereg_replace("\r", "", $threats_found);
|
| 690 |
+
while (($fpos = strpos($GLOBALS["GOTMLS"]["tmp"]["file_contents"], ($potential_threat), $flen + $fpos)) !== false) {
|
| 691 |
+
$flen = strlen($potential_threat);
|
| 692 |
+
$fa .= $lt.'a title="'.GOTMLS_htmlspecialchars($threats_name).'" href="javascript:select_text_range(\'ta_file\', '.($fpos).', '.($fpos + $flen).');"'.$gt.'['.$f++."]$lt/a$gt ";
|
| 693 |
+
}
|
| 694 |
+
}
|
| 695 |
+
}
|
| 696 |
+
} else
|
| 697 |
+
$fa = strlen($Q_post["post_excerpt"])."No Threats Found ";
|
| 698 |
+
$encoded_file_contents = GOTMLS_htmlentities($GLOBALS["GOTMLS"]["tmp"]["file_contents"], ENT_COMPAT, $encoding);
|
| 699 |
+
$encoding = $GLOBALS["GOTMLS"]["tmp"]["encoding"];
|
| 700 |
+
die(GOTMLS_html_tags(array("html" => array("head" => array("title" => "$title $clean_file"), "body" => GOTMLS_js_text_range().$pretext.$lt.'div id="fileperms" class="shadowed-box rounded-corners" style="display: none; position: absolute; left: 8px; top: 29px; background-color: #ccc; border: medium solid #C00; box-shadow: -3px 3px 3px #666; border-radius: 10px; padding: 10px;"'."$gt{$lt}b$gt$title$lt/b$gt{$lt}br /$gt\nencoding: $encoding{$lt}br /$gt\nsize: $size bytes{$lt}br /$gt\ninfected:".$Q_post["post_modified_gmt"].$lt.'br /'.$gt.'quarantined:'.$Q_post["post_date_gmt"].$lt.'/div'.$gt.$lt.'div style="overflow: auto;"'.$gt.$lt.'span onmouseover="document.getElementById(\'fileperms\').style.display=\'block\';" onmouseout="document.getElementById(\'fileperms\').style.display=\'none\';"'.$gt."$title$lt/span$gt ( $fa)$lt/div$gt$lt/td$gt$lt/tr$gt{$lt}tr$gt{$lt}td style=\"height: 100%\"$gt{$lt}textarea id=\"ta_file\" style=\"width: 100%; height: 100%\"$gt$encoded_file_contents$lt/textarea$gt$lt/td$gt$lt/tr$gt$lt/table$gt"))));
|
| 701 |
+
}
|
| 702 |
+
|
| 703 |
+
function GOTMLS_js_text_range($posttext = "") {
|
| 704 |
+
return '<script type="text/javascript">
|
| 705 |
function select_text_range(ta_id, start, end) {
|
| 706 |
var textBox = document.getElementById(ta_id);
|
| 707 |
var scrolledText = "";
|
| 722 |
} else
|
| 723 |
alert("The highlighting function does not work in your browser");
|
| 724 |
}
|
| 725 |
+
if (typeof window.parent.showhide === "function")
|
| 726 |
+
window.parent.showhide("GOTMLS_iFrame", true);
|
| 727 |
+
</script><table style="top: 0px; left: 0px; width: 100%; height: 100%; position: absolute;"><tr><td style="width: 100%">'.$posttext;
|
| 728 |
+
}
|
| 729 |
+
|
| 730 |
+
if ((isset($_SERVER["DOCUMENT_ROOT"]) && ($SCRIPT_FILE = str_replace($_SERVER["DOCUMENT_ROOT"], "", (isset($_SERVER["SCRIPT_FILENAME"])?$_SERVER["SCRIPT_FILENAME"]:(isset($_SERVER["SCRIPT_NAME"])?$_SERVER["SCRIPT_NAME"]:"")))) && strlen($SCRIPT_FILE) > strlen("/".basename(__FILE__)) && substr(__FILE__, -1 * strlen($SCRIPT_FILE)) == substr($SCRIPT_FILE, -1 * strlen(__FILE__)))) {
|
| 731 |
+
if (isset($_REQUEST["page"]) && str_replace('-', '_', $_REQUEST["page"]) == "GOTMLS_View_Quarantine" && isset($_REQUEST["GOTMLS_mt"]) && strlen($_REQUEST["GOTMLS_mt"]) == 32 && isset($GLOBALS["GOTMLS"]["tmp"]["nonce"][$_REQUEST["GOTMLS_mt"]])) {
|
| 732 |
+
$return = GOTMLS_htmlspecialchars(print_r( array("nonce"=>$GLOBALS["GOTMLS"]["tmp"]["nonce"][$_REQUEST["GOTMLS_mt"]],"mt"=>$_REQUEST["GOTMLS_mt"]),1));
|
| 733 |
+
try {
|
| 734 |
+
$wpdb->prefix = $table_prefix;
|
| 735 |
+
if (isset($_REQUEST["id"]) && is_numeric($_REQUEST["id"])) {
|
| 736 |
+
$my_query = $wpdb->get_results($wpdb->prepare("SELECT * FROM `{$wpdb->prefix}posts` WHERE `post_type` = 'GOTMLS_quarantine' AND `ID` = %s", (INT) $_REQUEST["id"]), ARRAY_A);
|
| 737 |
+
if (is_array($my_query) && isset($my_query[0]["post_type"]) && strtolower($my_query[0]["post_type"]) == "gotmls_quarantine") {
|
| 738 |
+
$GLOBALS["GOTMLS"]["tmp"]["file_contents"] = GOTMLS_decode($my_query[0]["post_content"]);
|
| 739 |
+
GOTMLS_view_details($my_query[0], '<form style="margin: 0;" method="post" action="?'.GOTMLS_set_nonce(__FUNCTION__."754").'&page=GOTMLS_View_Quarantine" onsubmit="return confirm(\''.GOTMLS_strip4java(__("Are you sure you want to restore this record from the quarantine?",'gotmls')).'\');"><input type="hidden" name="id[]" value="'.$my_query[0]["ID"].'"><input type="submit" value="Restore from Quarantine" style="display: none; background-color: #0C0; float: right;"></form>');
|
| 740 |
} else
|
| 741 |
die('<h3>Item NOT Found in Quarantine</h3>');
|
| 742 |
} else {
|
| 743 |
+
if (!isset($_REQUEST["not_in"]))
|
| 744 |
+
$_REQUEST["not_in"] = "trash";
|
| 745 |
+
$GLOBALS["GOTMLS"]["Quarantine"]["SQL"] = $wpdb->prepare("FROM `{$wpdb->prefix}posts` WHERE `post_type` = 'GOTMLS_quarantine' AND `post_status` != %s ORDER BY `post_date_gmt` DESC", $_REQUEST["not_in"]);
|
| 746 |
+
$GLOBALS["GOTMLS"]["Quarantine"]["Count"] = $wpdb->get_var("SELECT COUNT(*) ".$GLOBALS["GOTMLS"]["Quarantine"]["SQL"]);
|
| 747 |
+
if (isset($_REQUEST["posts_per_page"]) && is_numeric($_REQUEST["posts_per_page"]) && ($_REQUEST["posts_per_page"]))
|
| 748 |
+
$GLOBALS["GOTMLS"]["Quarantine"]["posts_per_page"] = (INT) $_REQUEST["posts_per_page"];
|
| 749 |
+
else
|
| 750 |
+
$GLOBALS["GOTMLS"]["Quarantine"]["posts_per_page"] = 200;
|
| 751 |
+
$paged = GOTMLS_get_pagination(ceil($GLOBALS["GOTMLS"]["Quarantine"]["Count"] / $GLOBALS["GOTMLS"]["Quarantine"]["posts_per_page"]));
|
| 752 |
+
$GLOBALS["GOTMLS"]["Quarantine"]["SQL"] .= $wpdb->prepare(" LIMIT %d,%d", (INT) (($GLOBALS["GOTMLS"]["Quarantine"]["paged"] - 1) * $GLOBALS["GOTMLS"]["Quarantine"]["posts_per_page"]), (INT) $GLOBALS["GOTMLS"]["Quarantine"]["posts_per_page"]);
|
| 753 |
+
$my_query = $wpdb->get_results("SELECT * ".$GLOBALS["GOTMLS"]["Quarantine"]["SQL"], ARRAY_A);
|
| 754 |
if (is_array($my_query) && count($my_query)) {
|
| 755 |
+
$Q_Page = $paged.'<form method="POST" action="?page=GOTMLS_View_Quarantine'/*.(isset($_SERVER["QUERY_STRING"])&&strlen($_SERVER["QUERY_STRING"])?"&".$_SERVER["QUERY_STRING"]:"")*/.'" name="GOTMLS_Form_clean"><input type="hidden" name="'.str_replace('=', '" value="', GOTMLS_set_nonce(__FUNCTION__."770")).'"><p id="quarantine_buttons" style="display: none;"><input id="repair_button" type="submit" value="Restore selected files" class="button-primary" style="background-color: #0C0;" onclick="return confirm(\'Are you sure you want to overwrite the previously cleaned files with the selected files in the Quarantine?\');" /></p><p><b>The following items have been found to contain malicious code, they have been cleaned, and the original infected file contents have been saved here in the Quarantine. The code is safe here and you do not need to do anything further with these files.</b></p>
|
| 756 |
<ul name="found_Quarantine" id="found_Quarantine" class="GOTMLS_plugin known" style="background-color: #ccc; padding: 0;"><h3 style="margin: 8px 12px;">'.(count($my_query)>1?'<input type="checkbox" onchange="checkAllFiles(this.checked); document.getElementById(\'quarantine_buttons\').style.display = \'block\';"> '.sprintf(__("Check all %d",'gotmls'),count($my_query)):"").__(" Items in Quarantine",'gotmls').'<span class="GOTMLS_date">'.__("Quarantined",'gotmls').'</span><span class="GOTMLS_date">'.__("Date Infected",'gotmls').'</span></h3>';
|
| 757 |
$root_path = implode(GOTMLS_slash(), array_slice(GOTMLS_explode_dir(__FILE__), 0, (2 + intval($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"])) * -1));
|
| 758 |
foreach ($my_query as $post_a) {
|
| 761 |
if (isset($_REQUEST["id"]) && is_array($_REQUEST["id"]) && in_array($post_a["ID"], $_REQUEST["id"])) {
|
| 762 |
$restored = " read-only disabled";
|
| 763 |
if (GOTMLS_file_put_contents($post_a["post_title"], GOTMLS_decode($post_a["post_content"]))) {
|
| 764 |
+
$post_a["post_modified_gmt"] = gmdate("Y-m-d H:i:s");
|
| 765 |
$image = "checked";
|
| 766 |
+
$wpdb->query($wpdb->prepare("UPDATE `{$wpdb->prefix}posts` SET `post_status` = 'pending' WHERE `post_type` = 'GOTMLS_quarantine' AND `ID` = %s", (INT) $post_a["ID"]));
|
| 767 |
}
|
| 768 |
}
|
| 769 |
$Q_Page .= '
|
| 770 |
+
<li id="GOTMLS_quarantine_'.$post_a["ID"].'" class="GOTMLS_quarantine_item"><span class="GOTMLS_date">'.$post_a["post_date_gmt"].'</span><span class="GOTMLS_date">'.$post_a["post_modified_gmt"].'</span><input'.$restored.' type="checkbox" name="id[]" value="'.$post_a["ID"].'" id="GOTMLS_quarantine_check_'.$post_a["ID"].'" onchange="document.getElementById(\'quarantine_buttons\').style.display = \'block\';" /><img src="'.$image.'.gif" height=16 width=16 alt="Q"><a class="GOTMLS_plugin '.$restored.$post_a["ping_status"].'" target="_blank" href="?page=GOTMLS_View_Quarantine&id='.$post_a["ID"].'&'.GOTMLS_set_nonce(__FUNCTION__."785").'" title="View Quarantined File">'.str_replace($root_path, "...", $post_a["post_title"])."</a></li>\n";
|
|
|
|
|
|
|
|
|
|
|
|
|
| 771 |
}
|
| 772 |
+
$Q_Page .= "\n</ul>\n</form>$paged";
|
| 773 |
} else
|
| 774 |
+
$Q_Page = '<h3>'.__("No Items in Quarantine",'gotmls').'</h3>';
|
| 775 |
+
die(GOTMLS_html_tags(array("html" => array("body" => GOTMLS_get_header().GOTMLS_box(__("View Quarantine",'gotmls'), $Q_Page)))));
|
|
|
|
| 776 |
}
|
| 777 |
} catch (Exception $e) {
|
| 778 |
die('Caught exception: '.GOTMLS_htmlspecialchars($e->getMessage())."\n");
|
| 1083 |
if (isset($_GET["debug"]) && $_GET["debug"] == "scan")
|
| 1084 |
echo "\n<li>Found: ".count($GLOBALS["GOTMLS"]["tmp"]["threats_found"]);
|
| 1085 |
if (count($GLOBALS["GOTMLS"]["tmp"]["threats_found"])) {
|
| 1086 |
+
$threat_link = $lt.'a target="GOTMLS_iFrame" href="'.admin_url('admin-ajax.php?action=GOTMLS_scan&'.GOTMLS_set_nonce(__FUNCTION__."1101").'&mt='.$GLOBALS["GOTMLS"]["tmp"]["mt"].'&GOTMLS_scan='.$clean_file/*.preg_replace('/\&(GOTMLS_scan|mt|GOTMLS_mt|action)=/', '&last_\1=', isset($_SERVER["QUERY_STRING"])&&strlen($_SERVER["QUERY_STRING"])?"&".$_SERVER["QUERY_STRING"]:"")*/).'" id="list_'.$clean_file.'" onclick="loadIframe(\''.str_replace("\"", """, $lt.'div style="float: left; white-space: nowrap;"'.$gt.GOTMLS_strip4java(__("Examine File",'gotmls')).' ... '.$lt.'/div'.$gt.$lt.'div style="overflow: hidden; position: relative; height: 20px;"'.$gt.$lt.'div style="position: absolute; right: 0px; text-align: right; width: 9000px;"'.$gt.GOTMLS_htmlspecialchars(GOTMLS_strip4java($file), ENT_NOQUOTES))."$lt/div$gt$lt/div$gt');\" class=\"GOTMLS_plugin\"$gt";
|
| 1087 |
if ($className == "errors") {
|
| 1088 |
$GLOBALS["GOTMLS"]["tmp"]["debug_fix"]="errors";
|
| 1089 |
$threat_link = GOTMLS_error_link($GLOBALS["GOTMLS"]["tmp"]["file_contents"], $file);
|
| 1201 |
}
|
| 1202 |
return $li_js;
|
| 1203 |
} else {
|
| 1204 |
+
return '<form style="margin: 0;" method="post" action="'.admin_url('admin-ajax.php?'.GOTMLS_set_nonce(__FUNCTION__."1219")).'" onsubmit="return confirm(\''.__("Are you sure you want to delete this option?",'gotmls').'\');"><input type="hidden" name="GOTMLS_fixing" value="2"><input type="hidden" name="action" value="GOTMLS_fix"><input type="submit" value="Delete this Option" style="float: right;"><input type="hidden" name="GOTMLS_fix[]" value="'.$encoded_id.'"></form><div id="fileperms" class="shadowed-box rounded-corners" style="display: none; position: absolute; left: 8px; top: 29px; background-color: #ccc; border: medium solid #C00; box-shadow: -3px 3px 3px #666; border-radius: 10px; padding: 10px;"><b>Record Details</b><br />encoding: '.(function_exists("mb_detect_encoding")?mb_detect_encoding($GLOBALS["GOTMLS"]["tmp"]["file_contents"]):"Unknown").'<br />size: '.strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]).' bytes</div><div style="overflow: auto;"><span onmouseover="document.getElementById(\'fileperms\').style.display=\'block\';" onmouseout="document.getElementById(\'fileperms\').style.display=\'none\';">'.__("Record Details:",'gotmls').'</span> ('.$fa.' )</div></td></tr><tr><td style="height: 100%"><textarea id="ta_file" style="width: 100%; height: 100%">'.GOTMLS_htmlentities(str_replace("\r", "", $GLOBALS["GOTMLS"]["tmp"]["file_contents"])).'</textarea></td></tr></table>';
|
| 1205 |
}
|
| 1206 |
} elseif (($Q_post = GOTMLS_get_quarantine($ids[0])) && isset($Q_post["post_content"])) {
|
| 1207 |
$path = $Q_post["post_type"].' ID: '.$Q_post["ID"];
|
| 1255 |
}
|
| 1256 |
return $li_js;
|
| 1257 |
} else {
|
| 1258 |
+
return '<form style="margin: 0;" method="post" action="'.admin_url('admin-ajax.php?'.GOTMLS_set_nonce(__FUNCTION__."1273")).($Q_post["post_type"]=="revision"?'" onsubmit="return confirm(\''.__("Are you sure you want to delete this revision?",'gotmls').'\');"><input type="hidden" name="GOTMLS_fixing" value="2"><input type="hidden" name="action" value="GOTMLS_fix"><input type="submit" value="Delete this revision" style="float: right;"><input type="hidden" name="GOTMLS_fix[]" value="'.$encoded_id:"").'"></form><div id="fileperms" class="shadowed-box rounded-corners" style="display: none; position: absolute; left: 8px; top: 29px; background-color: #ccc; border: medium solid #C00; box-shadow: -3px 3px 3px #666; border-radius: 10px; padding: 10px;"><b>Record Details</b><br />encoding: '.(function_exists("mb_detect_encoding")?mb_detect_encoding($GLOBALS["GOTMLS"]["tmp"]["file_contents"]):"Unknown").'<br />size: '.strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]).' bytes<br />last_modified:'.$Q_post["post_modified_gmt"].'<br />post_type:'.$Q_post["post_type"].'<br />author:'.$Q_post["post_author"].'<br />status:'.$Q_post["post_status"].'</div><div style="overflow: auto;"><span onmouseover="document.getElementById(\'fileperms\').style.display=\'block\';" onmouseout="document.getElementById(\'fileperms\').style.display=\'none\';">'.__("Record Details:",'gotmls').'</span> ('.$fa.' )</div></td></tr><tr><td style="height: 100%"><textarea id="ta_file" style="width: 100%; height: 100%">'.GOTMLS_htmlentities(str_replace("\r", "", $GLOBALS["GOTMLS"]["tmp"]["file_contents"])).'</textarea></td></tr></table>';
|
| 1259 |
}
|
| 1260 |
} else
|
| 1261 |
die(GOTMLS_html_tags(array("html" => array("body" => __("This record no longer exists.",'gotmls')."<br />\n<script type=\"text/javascript\">\nwindow.parent.showhide('GOTMLS_iFrame', true);\n</script>"))));
|
| 1463 |
$insert["comment_count"] = strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]);
|
| 1464 |
$file = $file["post_type"].':'.$file["ID"].':"'.$file["post_title"].'"';
|
| 1465 |
} elseif (isset($file["option_id"]) && is_numeric($file["option_id"])) {
|
| 1466 |
+
$insert["post_modified"] = gmdate("Y-m-d H:i:s");
|
| 1467 |
+
$insert["post_modified_gmt"] = gmdate("Y-m-d H:i:s");
|
| 1468 |
$insert["comment_count"] = strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]);
|
| 1469 |
$file = $wpdb->options.':'.$file["option_id"].':"'.$file["option_name"].'"';
|
| 1470 |
}
|
| 1471 |
$insert["post_title"] = $file;
|
| 1472 |
+
$insert["post_date"] = gmdate("Y-m-d H:i:s");
|
| 1473 |
$insert["post_date_gmt"] = $insert["post_date"];
|
| 1474 |
if (is_file($file)) {
|
| 1475 |
if (@filemtime($file))
|
| 1476 |
+
$insert["post_modified"] = gmdate("Y-m-d H:i:s", filemtime($file));
|
| 1477 |
else
|
| 1478 |
$insert["post_modified"] = $insert["post_date"];
|
| 1479 |
if (@filectime($file))
|
| 1480 |
+
$insert["post_modified_gmt"] = gmdate("Y-m-d H:i:s", filectime($file));
|
| 1481 |
else
|
| 1482 |
$insert["post_modified_gmt"] = $insert["post_date"];
|
| 1483 |
if (!($insert["comment_count"] = @filesize($file)))
|
| 1613 |
elseif ($timestamp && strtotime($timestamp))
|
| 1614 |
$date = date("y-m-d-H-i", strtotime($timestamp));
|
| 1615 |
else
|
| 1616 |
+
$date = gmdate("y-m-d-H-i", time());
|
| 1617 |
foreach (explode("-", $date) as $bit)
|
| 1618 |
$date .= (intval($bit)>35?chr(ord("a")+intval($bit)-36):(intval($bit)>9?chr(ord("A")+intval($bit)-10):substr('0'.$bit, -1)));
|
| 1619 |
return substr($date, -5);
|
| 1643 |
$js_file = GOTMLS_strip4java(GOTMLS_htmlspecialchars($wpdb->get_var($wpdb->prepare("SELECT CONCAT(`post_type`, `ID`, ': ', `post_title`) FROM `$wpdb->posts` WHERE `ID` = %s", (INT) $ids[0])), ENT_NOQUOTES));
|
| 1644 |
else
|
| 1645 |
$js_file = GOTMLS_strip4java(GOTMLS_htmlspecialchars($file, ENT_NOQUOTES));
|
| 1646 |
+
$nonce_url = GOTMLS_set_nonce(__FUNCTION__."1661");
|
| 1647 |
if (count($ids) == 2 && is_numeric($ids[0])) {
|
| 1648 |
$encoded_file = (INT) $file;
|
| 1649 |
+
$onclick = 'loadIframe(\''.str_replace("\"", """, '<div style="float: left; white-space: nowrap;">'.GOTMLS_strip4java(__("Examine Quarantined Content",'gotmls')).' ... </div><div style="overflow: hidden; position: relative; height: 20px;"><div style="position: absolute; right: 0px; text-align: right; width: 9000px;">'.$js_file).'</div></div>\');" href="'.admin_url('admin-ajax.php?action=GOTMLS_scan&'.$nonce_url.'&mt='.$GLOBALS["GOTMLS"]["tmp"]["mt"].'&GOTMLS_scan='.$encoded_file);
|
| 1650 |
} elseif ($file)
|
| 1651 |
+
$onclick = 'loadIframe(\''.str_replace("\"", """, '<div style="float: left; white-space: nowrap;">'.GOTMLS_strip4java(__("Examine Current Content",'gotmls')).' ... </div><div style="overflow: hidden; position: relative; height: 20px;"><div style="position: absolute; right: 0px; text-align: right; width: 9000px;">'.$js_file).'</div></div>\');" href="'.admin_url('admin-ajax.php?action=GOTMLS_scan&'.$nonce_url.'&mt='.$GLOBALS["GOTMLS"]["tmp"]["mt"].'&GOTMLS_scan='.$encoded_file/*.preg_replace('/\&(GOTMLS_scan|mt|GOTMLS_mt|action)=/', '&last_\1=', isset($_SERVER["QUERY_STRING"])&&strlen($_SERVER["QUERY_STRING"])?"&".$_SERVER["QUERY_STRING"]:"")*/);
|
| 1652 |
else
|
| 1653 |
$onclick = 'return false;';
|
| 1654 |
return "<a id=\"list_$encoded_file\" title=\"$errorTXT\" target=\"GOTMLS_iFrame\" onclick=\"$onclick\" class=\"GOTMLS_plugin $class\">";
|
index.php
CHANGED
|
@@ -8,7 +8,7 @@ Author URI: http://wordpress.ieonly.com/category/my-plugins/anti-malware/
|
|
| 8 |
Contributors: scheeeli, gotmls
|
| 9 |
Donate link: https://gotmls.net/donate/
|
| 10 |
Description: This Anti-Virus/Anti-Malware plugin searches for Malware and other Virus like threats and vulnerabilities on your server and helps you remove them. It's always growing and changing to adapt to new threats so let me know if it's not working for you.
|
| 11 |
-
Version: 4.20.
|
| 12 |
*/
|
| 13 |
if (isset($_SERVER["DOCUMENT_ROOT"]) && ($SCRIPT_FILE = str_replace($_SERVER["DOCUMENT_ROOT"], "", (isset($_SERVER["SCRIPT_FILENAME"])?$_SERVER["SCRIPT_FILENAME"]:(isset($_SERVER["SCRIPT_NAME"])?$_SERVER["SCRIPT_NAME"]:"")))) && strlen($SCRIPT_FILE) > strlen("/".basename(__FILE__)) && substr(__FILE__, -1 * strlen($SCRIPT_FILE)) == substr($SCRIPT_FILE, -1 * strlen(__FILE__)) || !(function_exists("add_action") && function_exists("load_plugin_textdomain")))
|
| 14 |
include(dirname(__FILE__)."/safe-load/index.php");
|
|
@@ -91,10 +91,11 @@ add_action('admin_enqueue_scripts', 'GOTMLS_enqueue_scripts');
|
|
| 91 |
function GOTMLS_display_header($optional_box = "") {
|
| 92 |
global $current_user, $wpdb;
|
| 93 |
wp_get_current_user();
|
|
|
|
| 94 |
$GOTMLS_url_parts = explode('/', GOTMLS_siteurl);
|
| 95 |
-
$Update_Definitions = array(GOTMLS_update_home.'definitions.js'.$GLOBALS["GOTMLS"]["tmp"]["Definition"]["Updates"].'&'.GOTMLS_get_version_URL.'&'.
|
| 96 |
if (isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["auto_UPDATE_definitions"]) && $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["auto_UPDATE_definitions"])
|
| 97 |
-
array_unshift($Update_Definitions, admin_url('admin-ajax.php?action=GOTMLS_load_update&'.
|
| 98 |
else
|
| 99 |
$Update_Definitions[] = str_replace("//", "//www.", $Update_Definitions[0]);
|
| 100 |
$Update_Link = '<div style="text-align: center;"><a href="';
|
|
@@ -122,7 +123,6 @@ function GOTMLS_display_header($optional_box = "") {
|
|
| 122 |
$isRegistered = GOTMLS_get_registrant($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["you"]);
|
| 123 |
} else
|
| 124 |
$reg_email_key = "";
|
| 125 |
-
$head_nonce = GOTMLS_set_nonce(__FUNCTION__."131");
|
| 126 |
echo GOTMLS_get_header().'
|
| 127 |
<div id="admin-page-container">
|
| 128 |
<div id="GOTMLS-right-sidebar" style="width: 300px;" class="metabox-holder">
|
|
@@ -309,7 +309,7 @@ function GOTMLS_get_scanlog() {
|
|
| 309 |
$LastScan .= " and has not finish";
|
| 310 |
} else
|
| 311 |
$LastScan .= " failed to started";
|
| 312 |
-
$LastScan .= '<a href="'.GOTMLS_script_URI.'&GOTMLS_cl='.$row["mt"].'&'.GOTMLS_set_nonce(__FUNCTION__."
|
| 313 |
}
|
| 314 |
$LastScan .= '</ul>';
|
| 315 |
} else
|
|
@@ -340,9 +340,17 @@ function GOTMLS_get_whitelists() {
|
|
| 340 |
return "$Q_Page\n";
|
| 341 |
}
|
| 342 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 343 |
function GOTMLS_ajax_View_Quarantine() {
|
| 344 |
GOTMLS_ajax_load_update();
|
| 345 |
-
die(GOTMLS_html_tags(array("html" => array("body" => GOTMLS_get_header().GOTMLS_box(__("View Quarantine",'gotmls'), GOTMLS_get_quarantine())))));
|
| 346 |
}
|
| 347 |
|
| 348 |
function GOTMLS_View_Quarantine() {
|
|
@@ -350,7 +358,7 @@ function GOTMLS_View_Quarantine() {
|
|
| 350 |
$echo = GOTMLS_box($Q_Page = __("White-lists",'gotmls'), GOTMLS_get_whitelists());
|
| 351 |
if (!isset($_GET['Whitelists']))
|
| 352 |
$echo .= "\n<script>\nshowhide('inside_".md5($Q_Page)."');\n</script>\n";
|
| 353 |
-
$echo .= GOTMLS_box(__("View Quarantine",'gotmls'), GOTMLS_get_quarantine());
|
| 354 |
GOTMLS_display_header();
|
| 355 |
echo "$echo\n</div></div></div>";
|
| 356 |
}
|
|
@@ -408,7 +416,8 @@ function GOTMLS_Firewall_Options() {
|
|
| 408 |
else
|
| 409 |
$errdiv = "<div class='error'>".__('Unable to find Apache on this server, this patch work on Apache servers!','gotmls')."</div>";
|
| 410 |
}
|
| 411 |
-
$
|
|
|
|
| 412 |
$patch_found = false;
|
| 413 |
$head = str_replace(array('|<Files[^>]+', '(.+?)', '\\s*(', '\\s*)*|is'), array("<Files ", "$deny\n", "\n", "\n"), $find);
|
| 414 |
$htaccess = "";
|
|
@@ -478,12 +487,12 @@ function GOTMLS_Firewall_Options() {
|
|
| 478 |
else
|
| 479 |
$save_action = "\n{$lt}div onclick=\"this.style.display='none';\" style='position: relative; top: -40px; margin: 0 300px 0 130px;' class='updated'$gt\nSave Failed!$lt/div$gt\n";
|
| 480 |
}
|
| 481 |
-
$sec_opts = $lt.'form method="POST" name="GOTMLS_Form_firewall"'.$gt.$lt.'input type="hidden" id="fw_opt" name="GOTMLS_firewall_option" value="traversal"'.$gt.$lt.'input type="hidden" name="GOTMLS_firewall_value" id="fw_val" value="0"'.$gt.$
|
| 482 |
if (isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["firewall"]) && array($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["firewall"]))
|
| 483 |
foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["firewall"] as $TP => $VA)
|
| 484 |
if (is_array($VA) && count($VA) > 3 && strlen($VA[1]) && strlen($VA[2]))
|
| 485 |
$sec_opts .= $lt.'div style="padding: 0 30px;"'.$gt.$lt.'input type="submit" style="float: right;" value="'.(isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["firewall"]["$TP"]) && $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["firewall"]["$TP"]?"Enable Protection\" onclick=\"setFirewall('$TP', 0);\"$gt$lt".'p'.$gt.$lt.'img src="'.GOTMLS_images_path.'threat.gif"'.$gt.$lt."b$gt$VA[1] (Currently Disabled)":"Disable Protection\" onclick=\"setFirewall('$TP', 1);\"$gt$lt".'p'.$gt.$lt.'img src="'.GOTMLS_images_path.'checked.gif"'.$gt.$lt."b$gt$VA[1] (Automatically Enabled)")."$lt/b$gt$lt/p$gt$VA[2]$lt/div$gt$lt".'hr /'.$gt;
|
| 486 |
-
$sec_opts .= "$lt/form$gt\n$patch_action\n$lt".'form method="POST" name="GOTMLS_Form_patch"'.$gt.$lt.'div style="padding: 0 30px;"'.$gt.$
|
| 487 |
$admin_notice = "";
|
| 488 |
if ($current_user->user_login == "admin") {
|
| 489 |
$admin_notice .= $lt.'hr /'.$gt;
|
|
@@ -496,7 +505,7 @@ function GOTMLS_Firewall_Options() {
|
|
| 496 |
} else {
|
| 497 |
if (isset($_POST["GOTMLS_admin_username"]))
|
| 498 |
$admin_notice .= $lt.'div class="updated"'.$gt.sprintf(__("Your new username must be at least 3 characters and can only contain "%s". Please try again.",'gotmls'), "a-z0-9_.-@").$lt.'/div'.$gt;
|
| 499 |
-
$admin_notice .= $lt.'form method="POST" name="GOTMLS_Form_admin"'.$gt.$lt.'div style="float: right;"'.$gt.$lt.'div style="float: left;"'.$gt.__("Change your username:",'gotmls').$lt.'/div'.$gt.$
|
| 500 |
}
|
| 501 |
}
|
| 502 |
if ($GOTMLS_nonce_found && isset($_POST["GOTMLS_wpfirewall_action"])) {
|
|
@@ -515,7 +524,7 @@ function GOTMLS_Firewall_Options() {
|
|
| 515 |
$end = "$lt/div$gt$lt/form$gt\n{$lt}hr /$gt";
|
| 516 |
$img = 'threat.gif"';
|
| 517 |
$button = $lt.'input type="submit" onclick="document.getElementById(\'GOTMLS_wpfirewall_action\').value=\'exclude_terms\';" value="'.__("Disable this Rule",'gotmls').'"'.$gt;
|
| 518 |
-
$wpfirewall_action = $lt.'form method="POST" name="GOTMLS_Form_wpfirewall2"'.$gt.$lt.'div style="float: right;"'.$gt.$lt.'input type="hidden" name="GOTMLS_wpfirewall_action" id="GOTMLS_wpfirewall_action" value=""'.$gt.$
|
| 519 |
if (isset($_SERVER["REMOTE_ADDR"])) {
|
| 520 |
if (is_array($ips = maybe_unserialize(get_option("WP_firewall_whitelisted_ip", "not Array!"))) && in_array($_SERVER["REMOTE_ADDR"], $ips))
|
| 521 |
$wpfirewall_action = str_replace(array($img, $end), array('question.gif"', __(" However, your current IP has been Whitelisted so you could probably keep this rule enabled if you really want to.",'gotmls').$end), $wpfirewall_action);
|
|
@@ -561,7 +570,7 @@ function GOTMLS_ajax_load_update() {
|
|
| 561 |
$GOTMLS_definitions_versions[$threat_level] = $definition_version[0];
|
| 562 |
asort($GOTMLS_definitions_versions);
|
| 563 |
if (isset($_REQUEST["UPDATE_definitions_array"]) && strlen($_REQUEST["UPDATE_definitions_array"])) {
|
| 564 |
-
$DEF_url = 'http:'.GOTMLS_update_home.'definitions.php?'.GOTMLS_get_version_URL.'&'.GOTMLS_set_nonce(__FUNCTION__."
|
| 565 |
if (strlen($_REQUEST["UPDATE_definitions_array"]) > 1 && $GOTMLS_nonce_found) {
|
| 566 |
$GOTnew_definitions = maybe_unserialize(GOTMLS_decode($_REQUEST["UPDATE_definitions_array"]));
|
| 567 |
if (is_array($GOTnew_definitions)) {
|
|
@@ -751,7 +760,7 @@ function GOTMLS_settings() {
|
|
| 751 |
if (isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["auto_UPDATE_definitions"]) && strlen(trim(" ".$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["auto_UPDATE_definitions"])))
|
| 752 |
$scan_optjs .= "\nfunction auto_UPDATE_check() {\n\tif (auto_UPdef_check = document.getElementById('auto_UPDATE_definitions_".$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["auto_UPDATE_definitions"]."'))\n\t\tauto_UPdef_check.checked = true;\n}\nif (window.addEventListener)\n\twindow.addEventListener('load', auto_UPDATE_check)\nelse\n\tdocument.attachEvent('onload', auto_UPDATE_check);\n";
|
| 753 |
$scan_optjs .= "$lt/script$gt";
|
| 754 |
-
$GOTMLS_nonce_URL = GOTMLS_set_nonce(__FUNCTION__."
|
| 755 |
$scan_opts = "\n$lt".'form method="POST" id="GOTMLS_Form" name="GOTMLS_Form"'.$gt.$lt.'input type="hidden" name="'.str_replace('=', '" value="', $GOTMLS_nonce_URL).'"'.$gt.$lt.'input type="hidden" name="scan_type" id="scan_type" value="Complete Scan" /'.$gt.$lt.'div style="float: right;"'.$gt.$lt.'input type="submit" id="complete_scan" value="'.__("Run Complete Scan",'gotmls').'" class="button-primary" onclick="document.getElementById(\'scan_type\').value=\'Complete Scan\';" /'.$gt.$lt.'/div'.$gt.'
|
| 756 |
'.$lt.'div style="float: left;"'.$gt.$lt.'p'.$gt.$lt.'b'.$gt.__("What to look for:",'gotmls').$lt.'/b'.$gt.$lt.'a title="'.__("Check for all threat types, if any of these are in red or otherwise unavailable then please download the latest definition updates.",'gotmls').'"'.$gt.$lt.'span class="dashicons dashicons-editor-help"'.$gt.$lt.'/span'.$gt.$lt.'/a'.$gt.$lt.'/p'.$gt.'
|
| 757 |
'.$lt.'div style="padding: 0 30px;"'.$gt;
|
|
@@ -1000,9 +1009,19 @@ var startTime = 0;
|
|
| 1000 |
if ($check != "potential")
|
| 1001 |
$GLOBALS["GOTMLS"]["log"]["settings"]["check"][] = $check;
|
| 1002 |
}
|
| 1003 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1004 |
foreach ($_POST as $name => $value) {
|
| 1005 |
-
if (substr($name, 0, 10) != 'GOTMLS_fix') {
|
| 1006 |
if (is_array($value)) {
|
| 1007 |
foreach ($value as $val)
|
| 1008 |
echo $lt.'input type="hidden" name="'.GOTMLS_htmlspecialchars($name).'[]" value="'.GOTMLS_htmlspecialchars($val).'"'.$gt;
|
|
@@ -1062,7 +1081,7 @@ var startTime = 0;
|
|
| 1062 |
else
|
| 1063 |
$DB_scan_JS = "";
|
| 1064 |
GOTMLS_flush('script');
|
| 1065 |
-
echo "/*--{$gt}*"."/\nvar scriptSRC = '".admin_url('admin-ajax.php?action=GOTMLS_scan&'.GOTMLS_set_nonce(__FUNCTION__."
|
| 1066 |
var scanfilesI = 0;
|
| 1067 |
var stopScanning;
|
| 1068 |
var gotStuckOn = "";
|
|
@@ -1362,7 +1381,7 @@ function GOTMLS_ajax_position() {
|
|
| 1362 |
} else
|
| 1363 |
die("\n//Position Error: No new position to save!\n");
|
| 1364 |
update_option("GOTMLS_settings_array", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]);
|
| 1365 |
-
die(GOTMLS_html_tags(array("html" => array("body" => GOTMLS_htmlentities($_GET["GOTMLS_msg"]).' '.__("saved.",'gotmls').(implode($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"]) == implode($GLOBALS["GOTMLS"]["tmp"]["default"]["msg_position"])?"":' <a href="'.admin_url('admin-ajax.php?action=GOTMLS_position&'.GOTMLS_set_nonce(__FUNCTION__."
|
| 1366 |
} else
|
| 1367 |
die(GOTMLS_Invalid_Nonce("\n//Position Error: ")."\n");
|
| 1368 |
}
|
|
@@ -1378,15 +1397,16 @@ function GOTMLS_validate_position($vector, $position) {
|
|
| 1378 |
function GOTMLS_ajax_empty_trash() {
|
| 1379 |
global $wpdb;
|
| 1380 |
$gl = '><';
|
| 1381 |
-
|
| 1382 |
-
|
|
|
|
| 1383 |
$wpdb->query("REPAIR TABLE $wpdb->posts");
|
| 1384 |
-
$trashmsg = __("
|
| 1385 |
} else
|
| 1386 |
$trashmsg = __("Failed to empty the trash.",'gotmls');
|
| 1387 |
} else
|
| 1388 |
$trashmsg = GOTMLS_Invalid_Nonce("");
|
| 1389 |
-
$properties = array("html" => $gl.'head'.$gl."script type='text/javascript'>\nif (curDiv = window.parent.
|
| 1390 |
die(GOTMLS_html_tags(array("html" => array("body" => $trashmsg)), $properties));
|
| 1391 |
}
|
| 1392 |
|
|
@@ -1428,7 +1448,7 @@ function GOTMLS_ajax_fix() {
|
|
| 1428 |
GOTMLS_update_scan_log(array("scan" => array("dir" => count($_REQUEST["GOTMLS_fix"])." Files", "start" => time())));
|
| 1429 |
foreach ($_REQUEST["GOTMLS_fix"] as $clean_file) {
|
| 1430 |
if (is_numeric($clean_file)) {
|
| 1431 |
-
if (($Q_post = GOTMLS_get_quarantine($clean_file)) && isset($Q_post["post_type"]) && strtolower($Q_post["post_type"]) == "gotmls_quarantine" && isset($Q_post["post_status"])
|
| 1432 |
$path = $Q_post["post_title"];
|
| 1433 |
if ($_REQUEST["GOTMLS_fixing"] > 1) {
|
| 1434 |
echo "<li>Removing $path ... ";
|
|
@@ -1502,7 +1522,7 @@ function GOTMLS_ajax_fix() {
|
|
| 1502 |
GOTMLS_update_scan_log(array("scan" => array("finish" => time(), "type" => "Automatic Fix")));
|
| 1503 |
}
|
| 1504 |
}
|
| 1505 |
-
$nonce = GOTMLS_set_nonce(__FUNCTION__."
|
| 1506 |
die('<div id="check_site_warning" style="background-color: #F00;">'.sprintf(__("Because some changes were made we need to check to make sure it did not break your site. If this stays Red and the frame below does not load please <a %s>revert the changes</a> made during this automated fix process.",'gotmls'), 'href="'.GOTMLS_images_path.'?page=GOTMLS_View_Quarantine&'.$nonce.'"').' <span style="color: #F00;">'.__("Never mind, it worked!",'gotmls').'</span></div><br /><iframe id="test_frame" name="test_frame" src="'.admin_url('admin-ajax.php?action=GOTMLS_View_Quarantine&check_site=1&'.$nonce).'" style="width: 100%; height: 200px"></iframe>'.$li_js."/*-->*"."/\nalert_repaired(0);\n</script>\n$HTML[1]");
|
| 1507 |
} else
|
| 1508 |
die(GOTMLS_html_tags(array("html" => array("body" => "<script type=\"text/javascript\">\nwindow.parent.showhide('GOTMLS_iFrame', true);\nalert('".__("Nothing Selected to be Changed!",'gotmls')."');\n</script>".__("Done!",'gotmls')))));
|
|
@@ -1514,78 +1534,22 @@ function GOTMLS_ajax_scan() {
|
|
| 1514 |
if (GOTMLS_get_nonce()) {
|
| 1515 |
@error_reporting(0);
|
| 1516 |
if (isset($_GET["GOTMLS_scan"])) {
|
| 1517 |
-
$script_form =
|
| 1518 |
-
function select_text_range(ta_id, start, end) {
|
| 1519 |
-
var textBox = document.getElementById(ta_id);
|
| 1520 |
-
var scrolledText = "";
|
| 1521 |
-
scrolledText = textBox.value.substring(0, end);
|
| 1522 |
-
textBox.focus();
|
| 1523 |
-
if (textBox.setSelectionRange) {
|
| 1524 |
-
scrolledText = textBox.value.substring(end);
|
| 1525 |
-
textBox.value = textBox.value.substring(0, end);
|
| 1526 |
-
textBox.scrollTop = textBox.scrollHeight;
|
| 1527 |
-
textBox.value = textBox.value + scrolledText;
|
| 1528 |
-
textBox.setSelectionRange(start, end);
|
| 1529 |
-
} else if (textBox.createTextRange) {
|
| 1530 |
-
var range = textBox.createTextRange();
|
| 1531 |
-
range.collapse(true);
|
| 1532 |
-
range.moveStart("character", start);
|
| 1533 |
-
range.moveEnd("character", end);
|
| 1534 |
-
range.select();
|
| 1535 |
-
} else
|
| 1536 |
-
alert("The highlighting function does not work in your browser");
|
| 1537 |
-
}
|
| 1538 |
-
if (typeof window.parent.showhide === "function")
|
| 1539 |
-
window.parent.showhide("GOTMLS_iFrame", true);
|
| 1540 |
-
</script><table style="top: 0px; left: 0px; width: 100%; height: 100%; position: absolute;"><tr><td style="width: 100%"><form style="margin: 0;" method="post" action="';
|
| 1541 |
@set_time_limit($GLOBALS["GOTMLS"]["tmp"]['execution_time'] - 5);
|
| 1542 |
if (is_numeric($_GET["GOTMLS_scan"])) {
|
| 1543 |
-
if (($Q_post = GOTMLS_get_quarantine((INT) $_GET["GOTMLS_scan"])) && isset($Q_post["post_type"]) && $Q_post["post_type"]
|
| 1544 |
-
////////// posts table (quarantine)
|
| 1545 |
-
$clean_file = $Q_post["post_title"];
|
| 1546 |
$GLOBALS["GOTMLS"]["tmp"]["file_contents"] = GOTMLS_decode($Q_post["post_content"]);
|
| 1547 |
-
$
|
| 1548 |
-
$function = 'GOTMLS_decode';
|
| 1549 |
-
if (isset($_GET[$function]) && is_array($_GET[$function])) {
|
| 1550 |
-
foreach ($_GET[$function] as $decode) {
|
| 1551 |
-
$fa .= " NO-".GOTMLS_htmlspecialchars($decode);
|
| 1552 |
-
}
|
| 1553 |
-
} elseif (isset($Q_post["post_excerpt"]) && strlen($Q_post["post_excerpt"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["threats_found"] = @maybe_unserialize(GOTMLS_decode($Q_post["post_excerpt"])))) {
|
| 1554 |
-
$f = 1;
|
| 1555 |
-
//print_r(array("excerpt:"=>$GLOBALS["GOTMLS"]["tmp"]["threats_found"]));
|
| 1556 |
-
foreach ($GLOBALS["GOTMLS"]["tmp"]["threats_found"] as $threats_found => $threats_name) {
|
| 1557 |
-
list($start, $end, $junk) = explode("-", "$threats_found--", 3);
|
| 1558 |
-
if (strlen($end) > 0 && is_numeric($start) && is_numeric($end)) {
|
| 1559 |
-
if ($start < $end)
|
| 1560 |
-
$fa .= ' <a title="'.GOTMLS_htmlspecialchars($threats_name).'" href="javascript:select_text_range(\'ta_file\', '.$start.', '.$end.');">['.$f++.']</a>';
|
| 1561 |
-
else
|
| 1562 |
-
$fa .= ' <a title="'.GOTMLS_htmlspecialchars($threats_name).'" href="javascript:select_text_range(\'ta_file\', '.$end.', '.$start.');">['.$f++.']</a>';
|
| 1563 |
-
} else {
|
| 1564 |
-
if (is_numeric($threats_found)) {
|
| 1565 |
-
$threats_found = $threats_name;
|
| 1566 |
-
$threats_name = $f;
|
| 1567 |
-
}
|
| 1568 |
-
$fpos = 0;
|
| 1569 |
-
$flen = 0;
|
| 1570 |
-
$potential_threat = str_replace("\r", "", $threats_found);
|
| 1571 |
-
while (($fpos = strpos(str_replace("\r", "", $GLOBALS["GOTMLS"]["tmp"]["file_contents"]), ($potential_threat), $flen + $fpos)) !== false) {
|
| 1572 |
-
$flen = strlen($potential_threat);
|
| 1573 |
-
$fa .= ' <a title="'.GOTMLS_htmlspecialchars($threats_name).'" href="javascript:select_text_range(\'ta_file\', '.($fpos).', '.($fpos + $flen).');">['.$f++.']</a>';
|
| 1574 |
-
}
|
| 1575 |
-
}
|
| 1576 |
-
}
|
| 1577 |
-
} //else echo "excerpt:".$Q_post["post_excerpt"];
|
| 1578 |
-
die("\n$script_form".admin_url('admin-ajax.php?'.GOTMLS_set_nonce(__FUNCTION__."1779")).'" onsubmit="return confirm(\''.__("Are you sure you want to delete the record of this file from the quarantine?",'gotmls').'\');"><input type="hidden" name="GOTMLS_fix[]" value="'.$Q_post["ID"].'"><input type="hidden" name="GOTMLS_fixing" value="2"><input type="hidden" name="action" value="GOTMLS_fix"><input type="submit" value="DELETE from Quarantine" style="background-color: #C00; float: right;"></form><div id="fileperms" class="shadowed-box rounded-corners" style="display: none; position: absolute; left: 8px; top: 29px; background-color: #ccc; border: medium solid #C00; box-shadow: -3px 3px 3px #666; border-radius: 10px; padding: 10px;"><b>File Details</b><br />size: '.strlen(GOTMLS_htmlspecialchars($GLOBALS["GOTMLS"]["tmp"]["file_contents"])).' bytes<br />infected:'.$Q_post["post_modified_gmt"].'<br />encoding: '.(isset($GLOBALS["GOTMLS"]["tmp"]["encoding"])?$GLOBALS["GOTMLS"]["tmp"]["encoding"]:(function_exists("mb_detect_encoding")?mb_detect_encoding($GLOBALS["GOTMLS"]["tmp"]["file_contents"]):"Unknown")).'<br />quarantined:'.$Q_post["post_date_gmt"].'</div><div style="overflow: auto;"><span onmouseover="document.getElementById(\'fileperms\').style.display=\'block\';" onmouseout="document.getElementById(\'fileperms\').style.display=\'none\';">'.__("File Details:",'gotmls').'</span> ('.$fa.' )</div></td></tr><tr><td style="height: 100%"><textarea id="ta_file" style="width: 100%; height: 100%">'.GOTMLS_htmlentities(str_replace("\r", "", $GLOBALS["GOTMLS"]["tmp"]["file_contents"])).'</textarea></td></tr></table>');
|
| 1579 |
} else
|
| 1580 |
die(GOTMLS_html_tags(array("html" => array("body" => __("This record no longer exists in the quarantine.",'gotmls')."<br />\n<script type=\"text/javascript\">\nif (typeof window.parent.showhide === 'function') window.parent.showhide('GOTMLS_iFrame', true);\n</script>"))));
|
| 1581 |
} elseif (substr($_GET["GOTMLS_scan"]."1234567", 0, 7) == "db_scan") {
|
| 1582 |
@header("Content-type: text/javascript");
|
| 1583 |
if (isset($_GET["GOTMLS_only_file"])) {
|
| 1584 |
if (strlen($_GET["GOTMLS_only_file"])) {
|
| 1585 |
-
echo '//re-db_scan: '.md5($_GET["GOTMLS_only_file"]).
|
| 1586 |
die(GOTMLS_db_scan().'//END OF JavaScript');
|
| 1587 |
} else {
|
| 1588 |
-
echo '//re-db_scan: all'.
|
| 1589 |
if (isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["db_scan"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["db_scan"])) {
|
| 1590 |
foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["db_scan"] as $file => $regx) {
|
| 1591 |
$path = "db_scan=$file";
|
|
@@ -1595,7 +1559,7 @@ if (typeof window.parent.showhide === "function")
|
|
| 1595 |
die(GOTMLS_return_threat("dir", "question", "db_scan").GOTMLS_update_status(__("Re-Starting Database Scan ...",'gotmls'))."/*-->*"."/\nscanNextDir(-1);\n/*<!--*"."/");
|
| 1596 |
}
|
| 1597 |
} else {
|
| 1598 |
-
echo '//db_scan: '.
|
| 1599 |
die(GOTMLS_db_scan().'//END OF JavaScript');
|
| 1600 |
}
|
| 1601 |
} else {
|
|
@@ -1606,10 +1570,10 @@ if (typeof window.parent.showhide === "function")
|
|
| 1606 |
@header("Content-type: text/javascript");
|
| 1607 |
if (isset($_GET["GOTMLS_only_file"])) {
|
| 1608 |
if (strlen($_GET["GOTMLS_only_file"])) {
|
| 1609 |
-
echo '//encoded re-db_scan: '.md5($_GET["GOTMLS_only_file"]).
|
| 1610 |
die(GOTMLS_db_scan().'//END OF JavaScript');
|
| 1611 |
} else {
|
| 1612 |
-
echo '//encoded re-db_scan: all'.
|
| 1613 |
if (isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["db_scan"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["db_scan"])) {
|
| 1614 |
foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["db_scan"] as $file => $regx) {
|
| 1615 |
$path = "db_scan=$file";
|
|
@@ -1619,7 +1583,7 @@ if (typeof window.parent.showhide === "function")
|
|
| 1619 |
echo GOTMLS_return_threat("dir", "question", "db_scan").GOTMLS_update_status(__("Re-Starting Encoded Database Scan ...",'gotmls'))."/*-->*"."/\nscanNextDir(-1);\n/*<!--*"."/";
|
| 1620 |
}
|
| 1621 |
} else {
|
| 1622 |
-
echo '//encoded db_scan: but no GOTMLS_only_file'.
|
| 1623 |
die(GOTMLS_db_scan().'//END OF JavaScript');
|
| 1624 |
}
|
| 1625 |
} elseif (is_dir($file)) {
|
|
@@ -1638,12 +1602,8 @@ if (typeof window.parent.showhide === "function")
|
|
| 1638 |
echo "<html>\n<head>\n<title>Scan File: ".htmlspecialchars($file)."</title>\n</head>\n<body>";
|
| 1639 |
GOTMLS_scanfile($file);
|
| 1640 |
$fa = "";
|
| 1641 |
-
$
|
| 1642 |
-
if (isset($
|
| 1643 |
-
foreach ($_GET[$function] as $decode) {
|
| 1644 |
-
$fa .= " NO-".GOTMLS_htmlspecialchars($decode);
|
| 1645 |
-
}
|
| 1646 |
-
} elseif (isset($GLOBALS["GOTMLS"]["tmp"]["threats_found"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["threats_found"]) && count($GLOBALS["GOTMLS"]["tmp"]["threats_found"])) {
|
| 1647 |
$f = 1;
|
| 1648 |
foreach ($GLOBALS["GOTMLS"]["tmp"]["threats_found"] as $threats_found => $threats_name) {
|
| 1649 |
list($start, $end, $junk) = explode("-", "$threats_found--", 3);
|
|
@@ -1654,7 +1614,7 @@ if (typeof window.parent.showhide === "function")
|
|
| 1654 |
}
|
| 1655 |
} else
|
| 1656 |
$fa = " No Threats Found";
|
| 1657 |
-
die("\n$script_form".admin_url('admin-ajax.php
|
| 1658 |
} else
|
| 1659 |
die(GOTMLS_html_tags(array("html" => array("body" => sprintf(__("The file %s does not exist, it must have already been deleted.",'gotmls'), GOTMLS_htmlspecialchars($file))."<script type=\"text/javascript\">\nif (typeof window.parent.showhide === 'function') window.parent.showhide('GOTMLS_iFrame', true);\n</script>"))));
|
| 1660 |
}
|
| 8 |
Contributors: scheeeli, gotmls
|
| 9 |
Donate link: https://gotmls.net/donate/
|
| 10 |
Description: This Anti-Virus/Anti-Malware plugin searches for Malware and other Virus like threats and vulnerabilities on your server and helps you remove them. It's always growing and changing to adapt to new threats so let me know if it's not working for you.
|
| 11 |
+
Version: 4.20.96
|
| 12 |
*/
|
| 13 |
if (isset($_SERVER["DOCUMENT_ROOT"]) && ($SCRIPT_FILE = str_replace($_SERVER["DOCUMENT_ROOT"], "", (isset($_SERVER["SCRIPT_FILENAME"])?$_SERVER["SCRIPT_FILENAME"]:(isset($_SERVER["SCRIPT_NAME"])?$_SERVER["SCRIPT_NAME"]:"")))) && strlen($SCRIPT_FILE) > strlen("/".basename(__FILE__)) && substr(__FILE__, -1 * strlen($SCRIPT_FILE)) == substr($SCRIPT_FILE, -1 * strlen(__FILE__)) || !(function_exists("add_action") && function_exists("load_plugin_textdomain")))
|
| 14 |
include(dirname(__FILE__)."/safe-load/index.php");
|
| 91 |
function GOTMLS_display_header($optional_box = "") {
|
| 92 |
global $current_user, $wpdb;
|
| 93 |
wp_get_current_user();
|
| 94 |
+
$head_nonce = GOTMLS_set_nonce(__FUNCTION__."95");
|
| 95 |
$GOTMLS_url_parts = explode('/', GOTMLS_siteurl);
|
| 96 |
+
$Update_Definitions = array(GOTMLS_update_home.'definitions.js'.$GLOBALS["GOTMLS"]["tmp"]["Definition"]["Updates"].'&'.GOTMLS_get_version_URL.'&'.$head_nonce.'&d='.ur1encode(GOTMLS_siteurl));
|
| 97 |
if (isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["auto_UPDATE_definitions"]) && $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["auto_UPDATE_definitions"])
|
| 98 |
+
array_unshift($Update_Definitions, admin_url('admin-ajax.php?action=GOTMLS_load_update&'.$head_nonce.'&UPDATE_definitions_array=1'));
|
| 99 |
else
|
| 100 |
$Update_Definitions[] = str_replace("//", "//www.", $Update_Definitions[0]);
|
| 101 |
$Update_Link = '<div style="text-align: center;"><a href="';
|
| 123 |
$isRegistered = GOTMLS_get_registrant($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["you"]);
|
| 124 |
} else
|
| 125 |
$reg_email_key = "";
|
|
|
|
| 126 |
echo GOTMLS_get_header().'
|
| 127 |
<div id="admin-page-container">
|
| 128 |
<div id="GOTMLS-right-sidebar" style="width: 300px;" class="metabox-holder">
|
| 309 |
$LastScan .= " and has not finish";
|
| 310 |
} else
|
| 311 |
$LastScan .= " failed to started";
|
| 312 |
+
$LastScan .= '<a href="'.GOTMLS_script_URI.'&GOTMLS_cl='.$row["mt"].'&'.GOTMLS_set_nonce(__FUNCTION__."313").'">[clear history below this entry]</a></li>';
|
| 313 |
}
|
| 314 |
$LastScan .= '</ul>';
|
| 315 |
} else
|
| 340 |
return "$Q_Page\n";
|
| 341 |
}
|
| 342 |
|
| 343 |
+
function GOTMLS_Quarantine_Trash() {
|
| 344 |
+
global $wpdb;
|
| 345 |
+
$Q_Page = '<div id="empty_trash_link" style="float: right;"><form method="post" onsubmit="if (curDiv = document.getElementById(\'empty_trash_link\')) curDiv.style.display = \'none\';" target="GOTMLS_statusFrame" action="'.admin_url('admin-ajax.php?action=GOTMLS_empty_trash&'.GOTMLS_set_nonce(__FUNCTION__."346")).'">';
|
| 346 |
+
if (($trashed = $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->posts WHERE `post_type` = 'GOTMLS_quarantine' AND `post_status` = 'trash'")) > 1)
|
| 347 |
+
$Q_Page .= '<input class="primary" style="float: right;" type="submit" value="RESTORE" name="alter"><input class="primary" style="color: red; float: right;" type="submit" value="DELETE" name="alter"><span style="float: right; margin: 3px;">'.sprintf(__("%d Quarantine Records in the Trash",'gotmls'), (INT) $trashed)."</span>";
|
| 348 |
+
return "$Q_Page</form></div>\n";
|
| 349 |
+
}
|
| 350 |
+
|
| 351 |
function GOTMLS_ajax_View_Quarantine() {
|
| 352 |
GOTMLS_ajax_load_update();
|
| 353 |
+
die(GOTMLS_html_tags(array("html" => array("body" => GOTMLS_get_header().GOTMLS_box(GOTMLS_Quarantine_Trash().__("View Quarantine",'gotmls'), GOTMLS_get_quarantine())))));
|
| 354 |
}
|
| 355 |
|
| 356 |
function GOTMLS_View_Quarantine() {
|
| 358 |
$echo = GOTMLS_box($Q_Page = __("White-lists",'gotmls'), GOTMLS_get_whitelists());
|
| 359 |
if (!isset($_GET['Whitelists']))
|
| 360 |
$echo .= "\n<script>\nshowhide('inside_".md5($Q_Page)."');\n</script>\n";
|
| 361 |
+
$echo .= GOTMLS_box(GOTMLS_Quarantine_Trash().__("View Quarantine",'gotmls'), GOTMLS_get_quarantine());
|
| 362 |
GOTMLS_display_header();
|
| 363 |
echo "$echo\n</div></div></div>";
|
| 364 |
}
|
| 416 |
else
|
| 417 |
$errdiv = "<div class='error'>".__('Unable to find Apache on this server, this patch work on Apache servers!','gotmls')."</div>";
|
| 418 |
}
|
| 419 |
+
$Firewall_nonce = $lt.'input type="hidden" name="'.str_replace('=', '" value="', GOTMLS_set_nonce(__FUNCTION__."420")).'"'.$gt;
|
| 420 |
+
$patch_action = $lt.'form method="POST" name="GOTMLS_Form_XMLRPC_patch"'.$gt.$Firewall_nonce.$lt.'script'.$gt."\nfunction setFirewall(opt, val) {\n\tif (autoUpdateDownloadGIF = document.getElementById('fw_opt'))\n\t\tautoUpdateDownloadGIF.value = opt;\n\tif (autoUpdateDownloadGIF = document.getElementById('fw_val'))\n\t\tautoUpdateDownloadGIF.value = val;\n}\nfunction testComplete() {\nif (autoUpdateDownloadGIF = document.getElementById('autoUpdateDownload'))\n\tdonationAmount = autoUpdateDownloadGIF.src.replace(/^.+\?/,'');\nif ((autoUpdateDownloadGIF.src == donationAmount) || donationAmount=='0') {\n\tif (patch_searching_div = document.getElementById('GOTMLS_XMLRPC_patch_searching')) {\n\t\tif (autoUpdateDownloadGIF.src == donationAmount)\n\t\t\tpatch_searching_div.innerHTML = '<span style=\"color: #F00;\">".GOTMLS_strip4java(__("You must register and donate to use this feature!",'gotmls'))."</span>';\n\t\telse\n\t\t\tpatch_searching_div.innerHTML = '<span style=\"color: #F00;\">".GOTMLS_strip4java(__("This feature is available to those who have donated!",'gotmls'))."</span>';\n\t}\n} else {\n\tshowhide('GOTMLS_XMLRPC_patch_searching');\n\tshowhide('GOTMLS_XMLRPC_patch_button', true);\n}\n}\nwindow.onload=testComplete;\n$lt/script$gt$lt".'div style="padding: 0 30px;"'.$gt.$lt.'input type="hidden" name="GOTMLS_XMLRPC_patching" value="';
|
| 421 |
$patch_found = false;
|
| 422 |
$head = str_replace(array('|<Files[^>]+', '(.+?)', '\\s*(', '\\s*)*|is'), array("<Files ", "$deny\n", "\n", "\n"), $find);
|
| 423 |
$htaccess = "";
|
| 487 |
else
|
| 488 |
$save_action = "\n{$lt}div onclick=\"this.style.display='none';\" style='position: relative; top: -40px; margin: 0 300px 0 130px;' class='updated'$gt\nSave Failed!$lt/div$gt\n";
|
| 489 |
}
|
| 490 |
+
$sec_opts = $lt.'form method="POST" name="GOTMLS_Form_firewall"'.$gt.$lt.'input type="hidden" id="fw_opt" name="GOTMLS_firewall_option" value="traversal"'.$gt.$lt.'input type="hidden" name="GOTMLS_firewall_value" id="fw_val" value="0"'.$gt.$Firewall_nonce;
|
| 491 |
if (isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["firewall"]) && array($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["firewall"]))
|
| 492 |
foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["firewall"] as $TP => $VA)
|
| 493 |
if (is_array($VA) && count($VA) > 3 && strlen($VA[1]) && strlen($VA[2]))
|
| 494 |
$sec_opts .= $lt.'div style="padding: 0 30px;"'.$gt.$lt.'input type="submit" style="float: right;" value="'.(isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["firewall"]["$TP"]) && $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["firewall"]["$TP"]?"Enable Protection\" onclick=\"setFirewall('$TP', 0);\"$gt$lt".'p'.$gt.$lt.'img src="'.GOTMLS_images_path.'threat.gif"'.$gt.$lt."b$gt$VA[1] (Currently Disabled)":"Disable Protection\" onclick=\"setFirewall('$TP', 1);\"$gt$lt".'p'.$gt.$lt.'img src="'.GOTMLS_images_path.'checked.gif"'.$gt.$lt."b$gt$VA[1] (Automatically Enabled)")."$lt/b$gt$lt/p$gt$VA[2]$lt/div$gt$lt".'hr /'.$gt;
|
| 495 |
+
$sec_opts .= "$lt/form$gt\n$patch_action\n$lt".'form method="POST" name="GOTMLS_Form_patch"'.$gt.$lt.'div style="padding: 0 30px;"'.$gt.$Firewall_nonce.$lt.'input type="submit" value="'.$patch_attr[$patch_status]["action"].'" style="float: right;'.($patch_status?'"'.$gt:' display: none;" id="GOTMLS_patch_button"'.$gt.$lt.'div id="GOTMLS_patch_searching" style="float: right;"'.$gt.__("Checking for session compatibility ...",'gotmls').' '.$lt.'img src="'.GOTMLS_images_path.'wait.gif" height=16 width=16 alt="Wait..." /'.$gt.$lt.'/div'.$gt).$lt.'input type="hidden" name="GOTMLS_patching" value="1"'.$gt.$lt.'p'.$gt.$lt.'img src="'.GOTMLS_images_path.$patch_attr[$patch_status]["icon"].'.gif"'.$gt.$lt.'b'.$gt.'Brute-force Protection '.$patch_attr[$patch_status]["status"].$lt.'/b'.$gt.$lt.'/p'.$gt.$patch_attr[$patch_status]["language"].__(" For more information on Brute-Force attack prevention and the WordPress wp-login-php file ",'gotmls').' '.$lt.'a target="_blank" href="'.GOTMLS_plugin_home.'tag/wp-login-php/"'.$gt.__("read my blog",'gotmls')."$lt/a$gt.$lt/div$gt$lt/form$gt\n$lt"."script type='text/javascript'$gt\nfunction search_patch_onload() {\n\tstopCheckingSession = checkupdateserver('".admin_url('admin-ajax.php?action=GOTMLS_log_session')."', 'GOTMLS_patch_searching');\n}\nif (window.addEventListener)\n\twindow.addEventListener('load', search_patch_onload)\nelse\n\tdocument.attachEvent('onload', search_patch_onload);\n$lt/script$gt";
|
| 496 |
$admin_notice = "";
|
| 497 |
if ($current_user->user_login == "admin") {
|
| 498 |
$admin_notice .= $lt.'hr /'.$gt;
|
| 505 |
} else {
|
| 506 |
if (isset($_POST["GOTMLS_admin_username"]))
|
| 507 |
$admin_notice .= $lt.'div class="updated"'.$gt.sprintf(__("Your new username must be at least 3 characters and can only contain "%s". Please try again.",'gotmls'), "a-z0-9_.-@").$lt.'/div'.$gt;
|
| 508 |
+
$admin_notice .= $lt.'form method="POST" name="GOTMLS_Form_admin"'.$gt.$lt.'div style="float: right;"'.$gt.$lt.'div style="float: left;"'.$gt.__("Change your username:",'gotmls').$lt.'/div'.$gt.$Firewall_nonce.$lt.'input style="float: left;" type="text" id="GOTMLS_admin_username" name="GOTMLS_admin_username" size="6" value="'.$current_user->user_login.'"'.$gt.$lt.'input style="float: left;" type="submit" value="Change"'.$gt.$lt.'/div'.$gt.$lt.'div style="padding: 0 30px;"'.$gt.$lt.'p'.$gt.$lt.'img src="'.GOTMLS_images_path.'threat.gif"'.$gt.$lt.'b'.$gt.'Admin Notice'.$lt.'/b'.$gt.$lt.'/p'.$gt.__("Your username is \"admin\", this is the most commonly guessed username by hackers and brute-force scripts. It is highly recommended that you change your username immediately.",'gotmls').$lt.'/div'.$gt.$lt.'/form'.$gt;
|
| 509 |
}
|
| 510 |
}
|
| 511 |
if ($GOTMLS_nonce_found && isset($_POST["GOTMLS_wpfirewall_action"])) {
|
| 524 |
$end = "$lt/div$gt$lt/form$gt\n{$lt}hr /$gt";
|
| 525 |
$img = 'threat.gif"';
|
| 526 |
$button = $lt.'input type="submit" onclick="document.getElementById(\'GOTMLS_wpfirewall_action\').value=\'exclude_terms\';" value="'.__("Disable this Rule",'gotmls').'"'.$gt;
|
| 527 |
+
$wpfirewall_action = $lt.'form method="POST" name="GOTMLS_Form_wpfirewall2"'.$gt.$lt.'div style="float: right;"'.$gt.$lt.'input type="hidden" name="GOTMLS_wpfirewall_action" id="GOTMLS_wpfirewall_action" value=""'.$gt.$Firewall_nonce.$button.$lt.'/div'.$gt.$lt.'div style="padding: 0 30px;"'.$gt.$lt.'p'.$gt.$lt.'img src="'.GOTMLS_images_path.$img.$gt.$lt.'b'.$gt."WP Firewall 2 (Conflicting Firewall Rule)$lt/b$gt$lt/p$gt".__("The Conflicting Firewall Rule (WP_firewall_exclude_terms) activated by the WP Firewall 2 plugin has been shown to interfere with the Definition Updates and WP Core File Scans in my Anti-Malware plugin. I recommend that you disable this rule in the WP Firewall 2 plugin.",'gotmls').$end;
|
| 528 |
if (isset($_SERVER["REMOTE_ADDR"])) {
|
| 529 |
if (is_array($ips = maybe_unserialize(get_option("WP_firewall_whitelisted_ip", "not Array!"))) && in_array($_SERVER["REMOTE_ADDR"], $ips))
|
| 530 |
$wpfirewall_action = str_replace(array($img, $end), array('question.gif"', __(" However, your current IP has been Whitelisted so you could probably keep this rule enabled if you really want to.",'gotmls').$end), $wpfirewall_action);
|
| 570 |
$GOTMLS_definitions_versions[$threat_level] = $definition_version[0];
|
| 571 |
asort($GOTMLS_definitions_versions);
|
| 572 |
if (isset($_REQUEST["UPDATE_definitions_array"]) && strlen($_REQUEST["UPDATE_definitions_array"])) {
|
| 573 |
+
$DEF_url = 'http:'.GOTMLS_update_home.'definitions.php?'.GOTMLS_get_version_URL.'&'.GOTMLS_set_nonce(__FUNCTION__."574").'&d='.ur1encode(GOTMLS_siteurl);
|
| 574 |
if (strlen($_REQUEST["UPDATE_definitions_array"]) > 1 && $GOTMLS_nonce_found) {
|
| 575 |
$GOTnew_definitions = maybe_unserialize(GOTMLS_decode($_REQUEST["UPDATE_definitions_array"]));
|
| 576 |
if (is_array($GOTnew_definitions)) {
|
| 760 |
if (isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["auto_UPDATE_definitions"]) && strlen(trim(" ".$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["auto_UPDATE_definitions"])))
|
| 761 |
$scan_optjs .= "\nfunction auto_UPDATE_check() {\n\tif (auto_UPdef_check = document.getElementById('auto_UPDATE_definitions_".$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["auto_UPDATE_definitions"]."'))\n\t\tauto_UPdef_check.checked = true;\n}\nif (window.addEventListener)\n\twindow.addEventListener('load', auto_UPDATE_check)\nelse\n\tdocument.attachEvent('onload', auto_UPDATE_check);\n";
|
| 762 |
$scan_optjs .= "$lt/script$gt";
|
| 763 |
+
$GOTMLS_nonce_URL = GOTMLS_set_nonce(__FUNCTION__."790");
|
| 764 |
$scan_opts = "\n$lt".'form method="POST" id="GOTMLS_Form" name="GOTMLS_Form"'.$gt.$lt.'input type="hidden" name="'.str_replace('=', '" value="', $GOTMLS_nonce_URL).'"'.$gt.$lt.'input type="hidden" name="scan_type" id="scan_type" value="Complete Scan" /'.$gt.$lt.'div style="float: right;"'.$gt.$lt.'input type="submit" id="complete_scan" value="'.__("Run Complete Scan",'gotmls').'" class="button-primary" onclick="document.getElementById(\'scan_type\').value=\'Complete Scan\';" /'.$gt.$lt.'/div'.$gt.'
|
| 765 |
'.$lt.'div style="float: left;"'.$gt.$lt.'p'.$gt.$lt.'b'.$gt.__("What to look for:",'gotmls').$lt.'/b'.$gt.$lt.'a title="'.__("Check for all threat types, if any of these are in red or otherwise unavailable then please download the latest definition updates.",'gotmls').'"'.$gt.$lt.'span class="dashicons dashicons-editor-help"'.$gt.$lt.'/span'.$gt.$lt.'/a'.$gt.$lt.'/p'.$gt.'
|
| 766 |
'.$lt.'div style="padding: 0 30px;"'.$gt;
|
| 1009 |
if ($check != "potential")
|
| 1010 |
$GLOBALS["GOTMLS"]["log"]["settings"]["check"][] = $check;
|
| 1011 |
}
|
| 1012 |
+
$_SERVER_QUERY_STRING = "?";
|
| 1013 |
+
foreach ($_GET as $name => $value) {
|
| 1014 |
+
if (substr($name, 0, 10) != 'GOTMLS_fix' && $name != 'GOTMLS_mt') {
|
| 1015 |
+
if (is_array($value)) {
|
| 1016 |
+
foreach ($value as $val)
|
| 1017 |
+
$_SERVER_QUERY_STRING .= urlencode($name).'[]='.urlencode($val).'&';
|
| 1018 |
+
} else
|
| 1019 |
+
$_SERVER_QUERY_STRING .= urlencode($name).'='.urlencode($value).'&';
|
| 1020 |
+
}
|
| 1021 |
+
}
|
| 1022 |
+
echo "\n$lt".'form method="POST" action="'.admin_url("admin-ajax.php$_SERVER_QUERY_STRING"/*.(isset($_SERVER["QUERY_STRING"])&&strlen($_SERVER["QUERY_STRING"])?"?".$_SERVER["QUERY_STRING"]:"")*/).'" target="GOTMLS_iFrame" name="GOTMLS_Form_clean"'.$gt.$lt.'input type="hidden" name="'.str_replace('=', '" value="', GOTMLS_set_nonce(__FUNCTION__."1049")).'"'.$gt.$lt.'input type="hidden" name="action" value="GOTMLS_fix"'.$gt.$lt.'input type="hidden" id="GOTMLS_fixing" name="GOTMLS_fixing" value="1"'.$gt;
|
| 1023 |
foreach ($_POST as $name => $value) {
|
| 1024 |
+
if (substr($name, 0, 10) != 'GOTMLS_fix' && $name != 'GOTMLS_mt') {
|
| 1025 |
if (is_array($value)) {
|
| 1026 |
foreach ($value as $val)
|
| 1027 |
echo $lt.'input type="hidden" name="'.GOTMLS_htmlspecialchars($name).'[]" value="'.GOTMLS_htmlspecialchars($val).'"'.$gt;
|
| 1081 |
else
|
| 1082 |
$DB_scan_JS = "";
|
| 1083 |
GOTMLS_flush('script');
|
| 1084 |
+
echo "/*--{$gt}*"."/\nvar scriptSRC = '".admin_url('admin-ajax.php?action=GOTMLS_scan&'.GOTMLS_set_nonce(__FUNCTION__."1110").'&mt='.$GLOBALS["GOTMLS"]["tmp"]["mt"]./*preg_replace('/\&(GOTMLS_scan|mt|GOTMLS_mt|action)=/', '&last_\1=', isset($_SERVER["QUERY_STRING"])&&strlen($_SERVER["QUERY_STRING"])?"&".$_SERVER["QUERY_STRING"]:"").*/'&GOTMLS_scan=')."';\nvar scanfilesArKeys = new Array('".implode("','", array_keys($GLOBALS["GOTMLS"]["tmp"]["scanfiles"]))."'$DB_scan_JS);\nvar scanfilesArNames = new Array('Scanning ".implode("','Scanning ", $GLOBALS["GOTMLS"]["tmp"]["scanfiles"])."'".str_replace("db_scan", "Starting Database Scan ...", $DB_scan_JS).");".'
|
| 1085 |
var scanfilesI = 0;
|
| 1086 |
var stopScanning;
|
| 1087 |
var gotStuckOn = "";
|
| 1381 |
} else
|
| 1382 |
die("\n//Position Error: No new position to save!\n");
|
| 1383 |
update_option("GOTMLS_settings_array", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]);
|
| 1384 |
+
die(GOTMLS_html_tags(array("html" => array("body" => GOTMLS_htmlentities($_GET["GOTMLS_msg"]).' '.__("saved.",'gotmls').(implode($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"]) == implode($GLOBALS["GOTMLS"]["tmp"]["default"]["msg_position"])?"":' <a href="'.admin_url('admin-ajax.php?action=GOTMLS_position&'.GOTMLS_set_nonce(__FUNCTION__."1448").'&GOTMLS_msg='.urlencode($GLOBALS["GOTMLS_msg"])).'">['.$GLOBALS["GOTMLS_msg"].']</a>'))), $properties));
|
| 1385 |
} else
|
| 1386 |
die(GOTMLS_Invalid_Nonce("\n//Position Error: ")."\n");
|
| 1387 |
}
|
| 1397 |
function GOTMLS_ajax_empty_trash() {
|
| 1398 |
global $wpdb;
|
| 1399 |
$gl = '><';
|
| 1400 |
+
$action = array("RESTORE" => "UPDATE $wpdb->posts SET `post_status` = 'private'", "DELETE" => "DELETE FROM $wpdb->posts");
|
| 1401 |
+
if (GOTMLS_get_nonce() && isset($_REQUEST["alter"]) && isset($action[$_REQUEST["alter"]])) {
|
| 1402 |
+
if ($trashed = $wpdb->query($action[$_REQUEST["alter"]]." WHERE `post_type` = 'GOTMLS_quarantine' AND `post_status` = 'trash'")) {
|
| 1403 |
$wpdb->query("REPAIR TABLE $wpdb->posts");
|
| 1404 |
+
$trashmsg = sprintf(__("%s %d item from the quarantine trash.",'gotmls'), strtoupper(GOTMLS_sanitize($_REQUEST["alter"])."d"), (INT) $trashed);
|
| 1405 |
} else
|
| 1406 |
$trashmsg = __("Failed to empty the trash.",'gotmls');
|
| 1407 |
} else
|
| 1408 |
$trashmsg = GOTMLS_Invalid_Nonce("");
|
| 1409 |
+
$properties = array("html" => $gl.'head'.$gl."script type='text/javascript'>\nalert('".GOTMLS_strip4java($trashmsg)."');\nif (curDiv = window.parent)\n\tcurDiv.location.reload(false);\nelse\n\twindow.opener.location.reload(false);</script$gl/head", "body" => 'style="margin: 0; padding: 0;"');
|
| 1410 |
die(GOTMLS_html_tags(array("html" => array("body" => $trashmsg)), $properties));
|
| 1411 |
}
|
| 1412 |
|
| 1448 |
GOTMLS_update_scan_log(array("scan" => array("dir" => count($_REQUEST["GOTMLS_fix"])." Files", "start" => time())));
|
| 1449 |
foreach ($_REQUEST["GOTMLS_fix"] as $clean_file) {
|
| 1450 |
if (is_numeric($clean_file)) {
|
| 1451 |
+
if (($Q_post = GOTMLS_get_quarantine($clean_file)) && isset($Q_post["post_type"]) && strtolower($Q_post["post_type"]) == "gotmls_quarantine" && isset($Q_post["post_status"])) {
|
| 1452 |
$path = $Q_post["post_title"];
|
| 1453 |
if ($_REQUEST["GOTMLS_fixing"] > 1) {
|
| 1454 |
echo "<li>Removing $path ... ";
|
| 1522 |
GOTMLS_update_scan_log(array("scan" => array("finish" => time(), "type" => "Automatic Fix")));
|
| 1523 |
}
|
| 1524 |
}
|
| 1525 |
+
$nonce = GOTMLS_set_nonce(__FUNCTION__."1588");
|
| 1526 |
die('<div id="check_site_warning" style="background-color: #F00;">'.sprintf(__("Because some changes were made we need to check to make sure it did not break your site. If this stays Red and the frame below does not load please <a %s>revert the changes</a> made during this automated fix process.",'gotmls'), 'href="'.GOTMLS_images_path.'?page=GOTMLS_View_Quarantine&'.$nonce.'"').' <span style="color: #F00;">'.__("Never mind, it worked!",'gotmls').'</span></div><br /><iframe id="test_frame" name="test_frame" src="'.admin_url('admin-ajax.php?action=GOTMLS_View_Quarantine&check_site=1&'.$nonce).'" style="width: 100%; height: 200px"></iframe>'.$li_js."/*-->*"."/\nalert_repaired(0);\n</script>\n$HTML[1]");
|
| 1527 |
} else
|
| 1528 |
die(GOTMLS_html_tags(array("html" => array("body" => "<script type=\"text/javascript\">\nwindow.parent.showhide('GOTMLS_iFrame', true);\nalert('".__("Nothing Selected to be Changed!",'gotmls')."');\n</script>".__("Done!",'gotmls')))));
|
| 1534 |
if (GOTMLS_get_nonce()) {
|
| 1535 |
@error_reporting(0);
|
| 1536 |
if (isset($_GET["GOTMLS_scan"])) {
|
| 1537 |
+
$script_form = GOTMLS_js_text_range();
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1538 |
@set_time_limit($GLOBALS["GOTMLS"]["tmp"]['execution_time'] - 5);
|
| 1539 |
if (is_numeric($_GET["GOTMLS_scan"])) {
|
| 1540 |
+
if (($Q_post = GOTMLS_get_quarantine((INT) $_GET["GOTMLS_scan"])) && isset($Q_post["post_type"]) && strtolower($Q_post["post_type"]) == "gotmls_quarantine") {
|
|
|
|
|
|
|
| 1541 |
$GLOBALS["GOTMLS"]["tmp"]["file_contents"] = GOTMLS_decode($Q_post["post_content"]);
|
| 1542 |
+
GOTMLS_view_details($Q_post, '<form style="margin: 0;" method="post" action="'.admin_url('admin-ajax.php?'.GOTMLS_set_nonce(__FUNCTION__."1605")).'" onsubmit="return confirm(\''.__("Are you sure you want to delete the record of this file from the quarantine?",'gotmls').'\');"><input type="hidden" name="GOTMLS_fix[]" value="'.$Q_post["ID"].'"><input type="hidden" name="GOTMLS_fixing" value="2"><input type="hidden" name="action" value="GOTMLS_fix"><input type="submit" value="DELETE from Quarantine" style="display: none; background-color: #C00; float: right;"></form>');
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1543 |
} else
|
| 1544 |
die(GOTMLS_html_tags(array("html" => array("body" => __("This record no longer exists in the quarantine.",'gotmls')."<br />\n<script type=\"text/javascript\">\nif (typeof window.parent.showhide === 'function') window.parent.showhide('GOTMLS_iFrame', true);\n</script>"))));
|
| 1545 |
} elseif (substr($_GET["GOTMLS_scan"]."1234567", 0, 7) == "db_scan") {
|
| 1546 |
@header("Content-type: text/javascript");
|
| 1547 |
if (isset($_GET["GOTMLS_only_file"])) {
|
| 1548 |
if (strlen($_GET["GOTMLS_only_file"])) {
|
| 1549 |
+
echo '//re-db_scan: '.md5($_GET["GOTMLS_only_file"]).gmdate(" Y-m-d H:i:s\n");
|
| 1550 |
die(GOTMLS_db_scan().'//END OF JavaScript');
|
| 1551 |
} else {
|
| 1552 |
+
echo '//re-db_scan: all'.gmdate(" Y-m-d H:i:s\n");
|
| 1553 |
if (isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["db_scan"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["db_scan"])) {
|
| 1554 |
foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["db_scan"] as $file => $regx) {
|
| 1555 |
$path = "db_scan=$file";
|
| 1559 |
die(GOTMLS_return_threat("dir", "question", "db_scan").GOTMLS_update_status(__("Re-Starting Database Scan ...",'gotmls'))."/*-->*"."/\nscanNextDir(-1);\n/*<!--*"."/");
|
| 1560 |
}
|
| 1561 |
} else {
|
| 1562 |
+
echo '//db_scan: '.gmdate("Y-m-d H:i:s\n");
|
| 1563 |
die(GOTMLS_db_scan().'//END OF JavaScript');
|
| 1564 |
}
|
| 1565 |
} else {
|
| 1570 |
@header("Content-type: text/javascript");
|
| 1571 |
if (isset($_GET["GOTMLS_only_file"])) {
|
| 1572 |
if (strlen($_GET["GOTMLS_only_file"])) {
|
| 1573 |
+
echo '//encoded re-db_scan: '.md5($_GET["GOTMLS_only_file"]).gmdate(" Y-m-d H:i:s\n");
|
| 1574 |
die(GOTMLS_db_scan().'//END OF JavaScript');
|
| 1575 |
} else {
|
| 1576 |
+
echo '//encoded re-db_scan: all'.gmdate(" Y-m-d H:i:s\n");
|
| 1577 |
if (isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["db_scan"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["db_scan"])) {
|
| 1578 |
foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["db_scan"] as $file => $regx) {
|
| 1579 |
$path = "db_scan=$file";
|
| 1583 |
echo GOTMLS_return_threat("dir", "question", "db_scan").GOTMLS_update_status(__("Re-Starting Encoded Database Scan ...",'gotmls'))."/*-->*"."/\nscanNextDir(-1);\n/*<!--*"."/";
|
| 1584 |
}
|
| 1585 |
} else {
|
| 1586 |
+
echo '//encoded db_scan: but no GOTMLS_only_file'.gmdate("Y-m-d H:i:s\n");
|
| 1587 |
die(GOTMLS_db_scan().'//END OF JavaScript');
|
| 1588 |
}
|
| 1589 |
} elseif (is_dir($file)) {
|
| 1602 |
echo "<html>\n<head>\n<title>Scan File: ".htmlspecialchars($file)."</title>\n</head>\n<body>";
|
| 1603 |
GOTMLS_scanfile($file);
|
| 1604 |
$fa = "";
|
| 1605 |
+
$f = 0;
|
| 1606 |
+
if (isset($GLOBALS["GOTMLS"]["tmp"]["threats_found"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["threats_found"]) && count($GLOBALS["GOTMLS"]["tmp"]["threats_found"])) {
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1607 |
$f = 1;
|
| 1608 |
foreach ($GLOBALS["GOTMLS"]["tmp"]["threats_found"] as $threats_found => $threats_name) {
|
| 1609 |
list($start, $end, $junk) = explode("-", "$threats_found--", 3);
|
| 1614 |
}
|
| 1615 |
} else
|
| 1616 |
$fa = " No Threats Found";
|
| 1617 |
+
die("\n$script_form".'<form style="margin: 0;'.(($f==0)?" display: none;":"").'" method="post" action="'.admin_url('admin-ajax.php').'" onsubmit="return confirm(\''.__("Are you sure this file is not infected and you want to ignore it in future scans?",'gotmls').'\');"><input type="hidden" name="'.str_replace('=', '" value="', GOTMLS_set_nonce(__FUNCTION__."1680")).'"><input type="hidden" name="GOTMLS_whitelist" value="'.GOTMLS_encode($file).'"><input type="hidden" name="action" value="GOTMLS_whitelist"><input type="hidden" name="GOTMLS_chksum" value="'.md5($GLOBALS["GOTMLS"]["tmp"]["file_contents"]).'O'.GOTMLS_installation_key.'"><input type="submit" value="Whitelist this file" style="float: right;"></form>'.GOTMLS_file_details($file).'<div style="overflow: auto;"><span onmouseover="document.getElementById(\'file_details_'.md5($file).'\').style.display=\'block\';" onmouseout="document.getElementById(\'file_details_'.md5($file).'\').style.display=\'none\';">'.__("Potential threats in file:",'gotmls').'</span> ('.$fa.' )</div></td></tr><tr><td style="height: 100%"><textarea id="ta_file" style="width: 100%; height: 100%">'.GOTMLS_htmlentities(str_replace("\r", "", $GLOBALS["GOTMLS"]["tmp"]["file_contents"])).'</textarea></td></tr></table>');
|
| 1618 |
} else
|
| 1619 |
die(GOTMLS_html_tags(array("html" => array("body" => sprintf(__("The file %s does not exist, it must have already been deleted.",'gotmls'), GOTMLS_htmlspecialchars($file))."<script type=\"text/javascript\">\nif (typeof window.parent.showhide === 'function') window.parent.showhide('GOTMLS_iFrame', true);\n</script>"))));
|
| 1620 |
}
|
readme.txt
CHANGED
|
@@ -5,10 +5,10 @@ Author URI: http://wordpress.ieonly.com/category/my-plugins/anti-malware/
|
|
| 5 |
Contributors: scheeeli, gotmls
|
| 6 |
Donate link: https://gotmls.net/donate/
|
| 7 |
Tags: security, firewall, anti-malware, scanner, automatic, repair, remove, malware, virus, threat, hacked, malicious, infection, timthumb, exploit, block, brute-force, wp-login, patch, antimalware, revslider, Revolution Slider
|
| 8 |
-
Version: 4.20.
|
| 9 |
-
Stable tag: 4.20.
|
| 10 |
Requires at least: 3.3
|
| 11 |
-
Tested up to: 5.9
|
| 12 |
|
| 13 |
This Anti-Malware scanner searches for Malware, Viruses, and other security threats and vulnerabilities on your server and it helps you fix them.
|
| 14 |
|
|
@@ -93,6 +93,11 @@ sucuri.net caches their scan results and will not refresh the scan until you cli
|
|
| 93 |
|
| 94 |
== Changelog ==
|
| 95 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 96 |
= 4.20.95 =
|
| 97 |
* Added more sanitization and validation to all user data entered for better security.
|
| 98 |
* checked code for compatibility with WordPress 5.9.
|
|
@@ -380,6 +385,9 @@ sucuri.net caches their scan results and will not refresh the scan until you cli
|
|
| 380 |
|
| 381 |
== Upgrade Notice ==
|
| 382 |
|
|
|
|
|
|
|
|
|
|
| 383 |
= 4.20.95 =
|
| 384 |
Added more sanitization and validation to all user data entered for better security and checked code for compatibility with WordPress 5.9.
|
| 385 |
|
| 5 |
Contributors: scheeeli, gotmls
|
| 6 |
Donate link: https://gotmls.net/donate/
|
| 7 |
Tags: security, firewall, anti-malware, scanner, automatic, repair, remove, malware, virus, threat, hacked, malicious, infection, timthumb, exploit, block, brute-force, wp-login, patch, antimalware, revslider, Revolution Slider
|
| 8 |
+
Version: 4.20.96
|
| 9 |
+
Stable tag: 4.20.96
|
| 10 |
Requires at least: 3.3
|
| 11 |
+
Tested up to: 5.9.2
|
| 12 |
|
| 13 |
This Anti-Malware scanner searches for Malware, Viruses, and other security threats and vulnerabilities on your server and it helps you fix them.
|
| 14 |
|
| 93 |
|
| 94 |
== Changelog ==
|
| 95 |
|
| 96 |
+
= 4.20.96 =
|
| 97 |
+
* Fixed XSS vulnerability by removing unsanitized QUERY_STRING.
|
| 98 |
+
* Cleaned up Quarantine code, removing legacy functions and adding more detailed info.
|
| 99 |
+
* Fixed undefined variable notice and checked code for compatibility with WordPress 5.9.2.
|
| 100 |
+
|
| 101 |
= 4.20.95 =
|
| 102 |
* Added more sanitization and validation to all user data entered for better security.
|
| 103 |
* checked code for compatibility with WordPress 5.9.
|
| 385 |
|
| 386 |
== Upgrade Notice ==
|
| 387 |
|
| 388 |
+
= 4.20.96 =
|
| 389 |
+
Fixed XSS vulnerability by removing unsanitized QUERY_STRING, cleaned up Quarantine code, and checked code for compatibility with WordPress 5.9.2.
|
| 390 |
+
|
| 391 |
= 4.20.95 =
|
| 392 |
Added more sanitization and validation to all user data entered for better security and checked code for compatibility with WordPress 5.9.
|
| 393 |
|
safe-load/wp-login.php
CHANGED
|
@@ -6,6 +6,8 @@
|
|
| 6 |
|
| 7 |
if (!defined("GOTMLS_REQUEST_METHOD"))
|
| 8 |
define("GOTMLS_REQUEST_METHOD", (isset($_SERVER["REQUEST_METHOD"])?strtoupper($_SERVER["REQUEST_METHOD"]):"none"));
|
|
|
|
|
|
|
| 9 |
if ((GOTMLS_REQUEST_METHOD == "POST") && isset($_POST["log"]) && isset($_POST["pwd"]) && isset($_POST["session_id"]) && isset($_POST["sess".$_POST["session_id"]]) && is_numeric($_POST["sess".$_POST["session_id"]])) {
|
| 10 |
$sess = round($_POST["sess".$_POST["session_id"]] / 60000);
|
| 11 |
$time = round(time() / 60);
|
| 6 |
|
| 7 |
if (!defined("GOTMLS_REQUEST_METHOD"))
|
| 8 |
define("GOTMLS_REQUEST_METHOD", (isset($_SERVER["REQUEST_METHOD"])?strtoupper($_SERVER["REQUEST_METHOD"]):"none"));
|
| 9 |
+
if (!(isset($GLOBALS["GOTMLS"]) && is_array($GLOBALS["GOTMLS"])))
|
| 10 |
+
$GLOBALS["GOTMLS"] = array();
|
| 11 |
if ((GOTMLS_REQUEST_METHOD == "POST") && isset($_POST["log"]) && isset($_POST["pwd"]) && isset($_POST["session_id"]) && isset($_POST["sess".$_POST["session_id"]]) && is_numeric($_POST["sess".$_POST["session_id"]])) {
|
| 12 |
$sess = round($_POST["sess".$_POST["session_id"]] / 60000);
|
| 13 |
$time = round(time() / 60);
|
