Anti-Malware Security and Brute-Force Firewall

Version Description

Updated code with various minor improvements to efficiency and compatibility.
Checked code for compatibility with WordPress 6.0.

Release Info

Developer	scheeeli
Plugin	Anti-Malware Security and Brute-Force Firewall
Version	4.21.74
Comparing to
See all releases

Code changes from version 4.20.96 to 4.21.74

Files changed (3) hide show

images/index.php +176 -57
index.php +27 -26
readme.txt +12 -4

images/index.php CHANGED Viewed

	@@ -16,7 +16,7 @@ GOTMLS_define("GOTMLS_plugin_path", substr(dirname(__FILE__), 0, strlen(dirname(
16	//if (is_file(GOTMLS_plugin_path.$file) && ($contents = @file_get_contents(GOTMLS_plugin_path.$file)) && preg_match('/\nversion:\s*([0-9\.]+)/i', $contents, $match))
17	// GOTMLS_define("GOTMLS_Version", $match[1]);
18	//else
19	- GOTMLS_define("GOTMLS_Version", '4.20.96');
20	GOTMLS_define("GOTMLS_require_version", "3.3");
21	if (!function_exists("__")) {
22	function __($text, $domain = "gotmls") {
	@@ -211,7 +211,7 @@ GOTMLS_define("GOTMLS_update_home", "//updates.gotmls.net/".GOTMLS_installation_
211	function GOTMLS_get_corefile_URL($path, $hash) {
212	if (strpos($URL = GOTMLS_get_version("URL"), '&cp='))
213	//$hash != md5($contents)."O".strlen($contents)
214	- return 'http:'.GOTMLS_update_home.'cp_core.php?'.$URL.'&f='.GOTMLS_encode($path)."&h=$hash&ts=".gmdate("YmdHis").'&d='.~~urlencode~~(GOTMLS_siteurl);
215	else
216	return "http://core.svn.wordpress.org/tags/".GOTMLS_wp_version."$path";
217	}
	@@ -235,9 +235,9 @@ function GOTMLS_set_nonce($context = "NULL") {
235	if (!isset($GLOBALS["GOTMLS"]["tmp"]["nonce"][$transient_name])) {
236	$GLOBALS["GOTMLS"]["tmp"]["nonce"][$transient_name] = $hour;
237	if (!GOTMLS_update_option('nonce', $GLOBALS["GOTMLS"]["tmp"]["nonce"]))
238	- return (GOTMLS_sanitize($context)."=DB-err:".~~urlencode~~(preg_replace('/[\r\n]+/', " ", print_r($GLOBALS["GOTMLS"]["tmp"]["nonce"],1).$wpdb->last_error)));
239	}
240	- return 'GOTMLS_mt='.~~urlencode~~($transient_name);
241	}}
242
243	if (!function_exists("GOTMLS_get_nonce")) {
	@@ -289,12 +289,16 @@ function GOTMLS_file_details($file) {
289	return '<div id="file_details_'.md5($file).'" class="shadowed-box rounded-corners" style="display: none; position: absolute; left: 8px; top: 29px; background-color: #ccc; border: medium solid #C00; box-shadow: -3px 3px 3px #666; border-radius: 10px; padding: 10px;"><b>File Details: '.GOTMLS_htmlspecialchars(basename($file)).'</b><br />in: '.dirname(realpath($file)).'<br />size: '.filesize(realpath($file)).' ( '.ceil(strlen(GOTMLS_htmlspecialchars($GLOBALS["GOTMLS"]["tmp"]["file_contents"]))/1024).' KB )<br />encoding: '.(isset($GLOBALS["GOTMLS"]["tmp"]["encoding"])?$GLOBALS["GOTMLS"]["tmp"]["encoding"]:(function_exists("mb_detect_encoding")?mb_detect_encoding($GLOBALS["GOTMLS"]["tmp"]["file_contents"]):"Unknown")).'<br />permissions: '.GOTMLS_fileperms(realpath($file)).'<br />Owner/Group: '.fileowner(realpath($file)).'/'.filegroup(realpath($file)).' (you are: '.getmyuid().'/'.getmygid().')<br />modified:'.gmdate(" Y-m-d H:i:s ", filemtime(realpath($file))).'<br />changed:'.gmdate(" Y-m-d H:i:s ", filectime(realpath($file))).'</div>';
290	}
291
292	- function GOTMLS_admin_url($url = '') {
293	if (function_exists("admin_url"))
294	- return admin_url($~~url~~);
295	else {
296	- return "../../../../wp-admin~~/$url~~";
297	}




298	}
299
300	function GOTMLS_close_button($box_id, $margin = '6px') {
	@@ -445,17 +449,30 @@ function loadIframe(title) {
445	function cancelserver(divid) {
446	document.getElementById(divid).innerHTML = "<div class=\'error\'>'.GOTMLS_strip4java(__("No response from server!",'gotmls')).'</div>";
447	}
448	- ~~function~~ ~~checkupdateserver(server,~~ ~~divid)~~ {


















449	var updatescript = document.createElement("script");
450	updatescript.setAttribute("src", server);
451	- divx = document.getElementById(~~divid~~);
452	- if (divx) {
453	divx.appendChild(updatescript);
454	- if (~~arguments~~[2])
455	- return setTimeout("stopCheckingDefinitions = checkupdateserver(\'"+arguments[2]+"\',\'"+divid+"\')",15000);
456	- else
457	- return setTimeout("cancelserver(\'"+divid+"\')",'.(((INT) $GLOBALS["GOTMLS"]["tmp"]['execution_time'])+1).'000+3000);
458	- }
459	}
460	var IE = document.all?true:false;
461	//if (!IE) document.addEventListener("mousemove", getMouseXY);
	@@ -511,7 +528,7 @@ function releaseDiv() {
511	corner.style.width="90%";
512	corner.style.height="20px";
513	}
514	- document.getElementById("GOTMLS_statusFrame").src = "'.GOTMLS_admin_url('~~admin-ajax.php?action=~~GOTMLS_position&'.$head_nonce.'&GOTMLS_x=').'"+curDiv.style.left+"&GOTMLS_y="+curDiv.style.top;
515	offsetX=0;
516	offsetY=0;
517	}
	@@ -530,7 +547,7 @@ function releaseCorner() {
530	corner.style.width="20px";
531	corner.style.height="20px";
532	}
533	- document.getElementById("GOTMLS_statusFrame").src = "'.GOTMLS_admin_url('~~admin-ajax.php?action=~~GOTMLS_position&'.$head_nonce.'&GOTMLS_w=').'"+curDiv.style.width+"&GOTMLS_h="+curDiv.style.height;
534	offsetW=0;
535	offsetH=0;
536	}
	@@ -552,6 +569,18 @@ function GOTMLS_get_header($optional_box = "") {
552	return GOTMLS_get_styles($pre_style).'<div id="main-page-title"><h1 style="vertical-align: middle;">Anti-Malware from GOTMLS.NET</h1></div>';
553	}
554












555	function GOTMLS_get_pagination($count, $wrap = "") {
556	$Q_Paged = "";
557	if (isset($_REQUEST["paged"]) && is_numeric($_REQUEST["paged"])) {
	@@ -602,7 +631,7 @@ function GOTMLS_get_quarantine($only = false) {
602	if ($my_query->have_posts()) {
603	$Q_Page = '<form method="POST" action="'.admin_url('admin-ajax.php'/.(isset($_SERVER["QUERY_STRING"])&&strlen($_SERVER["QUERY_STRING"])?"?".$_SERVER["QUERY_STRING"]:"")/).'" target="GOTMLS_iFrame" name="GOTMLS_Form_clean"><input type="hidden" id="GOTMLS_fixing" name="GOTMLS_fixing" value="1"><input type="hidden" name="'.str_replace('=', '" value="', GOTMLS_set_nonce(__FUNCTION__."603")).'"><input type="hidden" name="action" value="GOTMLS_fix"><p id="quarantine_buttons" style="display: none;"><input id="repair_button" type="submit" value="'.__("Restore selected files from quarantine records",'gotmls').'" class="button-primary" onclick="if (confirm(\''.__("Are you sure you want to overwrite the previously cleaned files with the selected files in the Quarantine?",'gotmls').'\')) { setvalAllFiles(1); loadIframe(\'File Restoration Results\'); } else return false;" /><input id="delete_button" type="submit" class="button-primary" value="'.__("Delete selected quarantine records",'gotmls').'" onclick="if (confirm(\''.__("Are you sure you want to permanently delete the selected files in the Quarantine?",'gotmls').'\')) { setvalAllFiles(2); loadIframe(\'File Deletion Results\'); } else return false;" /></p><p><b>'.__("The following items highlighted in yellow had been found to contain malicious code, they have been cleaned and the malicious contents have been removed. A record of the infection has been saved here in the Quarantine for your review and could help with any future investigations. The code is safe here and you do not need to do anything further with these files.",'gotmls').'</b></p>
604	<p id="reclean_buttons" style="display: none;"><input id="reclean_button" type="submit" value="'.__("Re-clean re-infected files",'gotmls').'" class="button-primary" onclick="checkAllFiles(false); setvalAllFiles(1); loadIframe(\'Reinfected File Recleaning Results\');" /><b>'.__("The items highlighted in red have been found to be re-infected. The malicious code has returned and needs to be cleaned again.",'gotmls').'</b></p>
605	- <ul name="found_Quarantine" id="found_Quarantine" class="GOTMLS_plugin known" style="background-color: #ccc; padding: 0;"><h3 style="margin: 8px 12px;">'.($my_query->post_count>1?'<input type="checkbox" onchange="checkAllFiles(this.checked); document.getElementById(\'quarantine_buttons\').style.display = \'block\';"> '.sprintf(__("Check all %d",'gotmls'),$my_query->post_count):"").__(" Items in Quarantine",'gotmls').'<span class="GOTMLS_date">'.__("Quarantined",'gotmls').'</span><span class="GOTMLS_date">'.__("Date Infected",'gotmls').'</span></h3>';
606	$root_path = implode(GOTMLS_slash(), array_slice(GOTMLS_explode_dir(__FILE__), 0, (2 + intval($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"])) * -1));
607	while ($my_query->have_posts()) {
608	$my_query->the_post();
	@@ -610,6 +639,7 @@ function GOTMLS_get_quarantine($only = false) {
610	$threat = 'potential';
611	$action = $post->ID.'" id="check_'.$post->ID.'" onchange="document.getElementById(\'quarantine_buttons\').style.display = \'block\';';
612	$link = GOTMLS_error_link(__("The current/live file is missing or deleted",'gotmls'), $post->ID, $threat);

613	if (is_file($post->post_title)) {
614	GOTMLS_scanfile($post->post_title);
615	if (count($GLOBALS["GOTMLS"]["tmp"]["threats_found"])) {
	@@ -629,14 +659,14 @@ function GOTMLS_get_quarantine($only = false) {
629	} else {
630	$link = '<a target="_blank" href="';
631	if ("revision" == $postdb[0])
632	- $link .= admin_url('revision.php?revision='.~~urlencode~~($postdb[1]))."\" title=\"View this revision";
633	else
634	- $link .= admin_url('post.php?action=edit&post='.~~urlencode~~((INT) $postdb[1]))."\" title=\"View current ".GOTMLS_htmlspecialchars($postdb[0]);
635	$link .= "\" id=\"list_edit_".((INT) $postdb[1])."\" class=\"GOTMLS_plugin $threat\">";
636	}
637	}
638	$Q_Page .= '
639	- <li id="GOTMLS_quarantine_'.((INT) $post->ID).'" class="GOTMLS_quarantine_item" onmouseover="this.style.fontWeight=\'bold\';" onmouseout="this.style.fontWeight=\'normal\';"><span class="GOTMLS_date">'.GOTMLS_error_link(__("View Quarantine Record",'gotmls'), $post->ID, $threat).$post->post_date_gmt.'</a></span><span class="GOTMLS_date">'.GOTMLS_htmlspecialchars($post->post_modified_gmt).~~'</span><input type="checkbox" name="GOTMLS_fix[]" value="'.$action.'" /><img src="'.GOTMLS_images_path.$gif.'" height=16 width=16 alt="Q">'.$link.GOTMLS_htmlspecialchars~~(~~str_replace~~(~~$root_path, "...", $post->post_title)).((~~isset($_REQUEST["GOTMLS_debug"]) && is_file($post->post_title))?' ~~(mod:~~'.gmdate("Y-m-d H:i:s", filemtime($post->post_title)).' ~~chgn:~~'.gmdate("Y-m-d H:i:s", filectime($post->post_title)).' '.filesize($post->post_title).' bytes)':"")."</a></li>\n";
640	}
641	$Q_Page = GOTMLS_get_pagination($my_query->max_num_pages, "$Q_Page\n</ul>\n</form>");
642	} else
	@@ -659,6 +689,68 @@ function GOTMLS_box($bTitle, $bContents, $bType = "postbox") {
659	</div>';
660	}
661






























































662	function GOTMLS_view_details($Q_post, $pretext = "") {
663	$gt = ">"; // This local variable never changes
664	$lt = "<"; // This local variable never changes
	@@ -670,38 +762,63 @@ function GOTMLS_view_details($Q_post, $pretext = "") {
670	mb_internal_encoding($encoding);
671	mb_regex_encoding($encoding);
672	$GLOBALS["GOTMLS"]["tmp"]["file_contents"] = mb_ereg_replace("\r", "", $GLOBALS["GOTMLS"]["tmp"]["file_contents"]);
673	- $fa = "";
674	- if (isset($Q_post["post_excerpt"]) && strlen($Q_post["post_excerpt"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["threats_found"] = @unserialize(GOTMLS_decode($Q_post["post_excerpt"])))) {
675	- $f = 1;
676	- foreach ($GLOBALS["GOTMLS"]["tmp"]["threats_found"] as $threats_found => $threats_name) {
677	- $ends = explode("-", "$threats_found--", 3);
678	- if (strlen($ends[0]) > 0 && strlen($ends[1]) > 0 && is_numeric($ends[1]) && is_numeric($ends[0])) {
679	- if ($ends[1] < $ends[0])
680	- $ends = array_reverse($ends);
681	- $fa .= $lt.'a title="'.GOTMLS_htmlspecialchars($threats_name).'" href="javascript:select_text_range(\'ta_file\', '.$ends[0].', '.$ends[1].');"'.$gt.'['.$f++."]$lt/a$gt ";
682	- } else {
683	- if (is_numeric($threats_found)) {
684	- $threats_found = $threats_name;
685	- $threats_name = $f;
686	- }
687	- $fpos = 0;
688	- $flen = 0;
689	- $potential_threat = mb_ereg_replace("\r", "", $threats_found);
690	- while (($fpos = strpos($GLOBALS["GOTMLS"]["tmp"]["file_contents"], ($potential_threat), $flen + $fpos)) !== false) {
691	- $flen = strlen($potential_threat);
692	- $fa .= $lt.'a title="'.GOTMLS_htmlspecialchars($threats_name).'" href="javascript:select_text_range(\'ta_file\', '.($fpos).', '.($fpos + $flen).');"'.$gt.'['.$f++."]$lt/a$gt ";
693	- }
694	- }
695	- }
696	- } else
697	- $fa = strlen($Q_post["post_excerpt"])."No Threats Found ";
698	$encoded_file_contents = GOTMLS_htmlentities($GLOBALS["GOTMLS"]["tmp"]["file_contents"], ENT_COMPAT, $encoding);
699	$encoding = $GLOBALS["GOTMLS"]["tmp"]["encoding"];
700	- die(GOTMLS_html_tags(array("html" => array("head" => array("title" => "$title $clean_file"), "body" => GOTMLS_js_text_range().$pretext.$lt.'div id="fileperms" class="shadowed-box rounded-corners" style="display: none; position: absolute; left: 8px; top: 29px; background-color: #ccc; border: medium solid #C00; box-shadow: -3px 3px 3px #666; border-radius: 10px; padding: 10px;"'."$gt{$lt}b$gt$title$lt/b$gt{$lt}br /$gt\nencoding: $encoding{$lt}br /$gt\nsize: $size bytes{$lt}br /$gt\ninfected:".$Q_post["post_modified_gmt"].$lt.'br /'.$gt.'quarantined:'.$Q_post["post_date_gmt"].$lt.'/div'.$gt.$lt.'div style="overflow: auto;"'.$gt.$lt.'span onmouseover="document.getElementById(\'fileperms\').style.display=\'block\';" onmouseout="document.getElementById(\'fileperms\').style.display=\'none\';"'.$gt."$title$lt/span$gt ( $fa)$lt/div$gt$lt/td$gt$lt/tr$gt{$lt}tr$gt{$lt}td style=\"height: 100%\"$gt{$lt}textarea id=\"ta_file\" style=\"width: 100%; height: 100%\"$gt$encoded_file_contents$lt/textarea$gt$lt/td$gt$lt/tr$gt$lt/table$gt"))));

















































701	}
702
703	function GOTMLS_js_text_range($posttext = "") {
704	- return '~~<script type="text/javascript">~~
705	function select_text_range(ta_id, start, end) {
706	var textBox = document.getElementById(ta_id);
707	var scrolledText = "";
	@@ -724,7 +841,7 @@ function select_text_range(ta_id, start, end) {
724	}
725	if (typeof window.parent.showhide === "function")
726	window.parent.showhide("GOTMLS_iFrame", true);
727	- ~~</script><table style="top: 0px; left: 0px; width: 100%; height: 100%; position: absolute;"><tr><td style="width: 100%">~~'.$posttext;
728	}
729
730	if ((isset($_SERVER["DOCUMENT_ROOT"]) && ($SCRIPT_FILE = str_replace($_SERVER["DOCUMENT_ROOT"], "", (isset($_SERVER["SCRIPT_FILENAME"])?$_SERVER["SCRIPT_FILENAME"]:(isset($_SERVER["SCRIPT_NAME"])?$_SERVER["SCRIPT_NAME"]:"")))) && strlen($SCRIPT_FILE) > strlen("/".basename(__FILE__)) && substr(__FILE__, -1 * strlen($SCRIPT_FILE)) == substr($SCRIPT_FILE, -1 * strlen(__FILE__)))) {
	@@ -984,7 +1101,7 @@ function GOTMLS_check_threat($check_threats, $file='UNKNOWN') {
984	}
985	}
986	}
987	- } elseif (strlen($check_threats) && isset($_GET['eli']) && ~~substr~~($check_threats~~, 0, 1~~) ~~== '/'~~)
988	GOTMLS_preg_match_all($check_threats, $check_threats);
989	if (isset($_SESSION["GOTMLS_debug"])) {
990	$file_time = round(microtime(true) - $GLOBALS["GOTMLS"]["log"]["scan"]["last_threat"], 5);
	@@ -1080,10 +1197,10 @@ function GOTMLS_scanfile($file) {
1080	// $threat_link = GOTMLS_error_link($GLOBALS["GOTMLS"]["tmp"]["file_contents"], $real_file);
1081	$className = "errors";
1082	}
1083	- if (isset($_GET["~~debug~~"]) && $_GET["~~debug~~"] == "scan")
1084	echo "\n<li>Found: ".count($GLOBALS["GOTMLS"]["tmp"]["threats_found"]);
1085	if (count($GLOBALS["GOTMLS"]["tmp"]["threats_found"])) {
1086	- $threat_link = $lt.'a target="GOTMLS_iFrame" href="'.~~admin_url~~('~~admin-ajax.php?action=~~GOTMLS_scan&'.GOTMLS_set_nonce(__FUNCTION__."1101").'&mt='.$GLOBALS["GOTMLS"]["tmp"]["mt"].'&GOTMLS_scan='.$clean_file~~/.preg_replace('/\&(GOTMLS_scan\|mt\|GOTMLS_mt\|action~~)~~=/', '&last_\1=', isset($_SERVER["QUERY_STRING"])&&strlen($_SERVER["QUERY_STRING"])?"&".$_SERVER["QUERY_STRING"]:"")/)~~.'" id="list_'.$clean_file.'" onclick="loadIframe(\''.str_replace("\"", """, $lt.'div style="float: left; white-space: nowrap;"'.$gt.GOTMLS_strip4java(__("Examine File",'gotmls')).' ... '.$lt.'/div'.$gt.$lt.'div style="overflow: hidden; position: relative; height: 20px;"'.$gt.$lt.'div style="position: absolute; right: 0px; text-align: right; width: 9000px;"'.$gt.GOTMLS_htmlspecialchars(GOTMLS_strip4java($file), ENT_NOQUOTES))."$lt/div$gt$lt/div$gt');\" class=\"GOTMLS_plugin\"$gt";
1087	if ($className == "errors") {
1088	$GLOBALS["GOTMLS"]["tmp"]["debug_fix"]="errors";
1089	$threat_link = GOTMLS_error_link($GLOBALS["GOTMLS"]["tmp"]["file_contents"], $file);
	@@ -1442,14 +1559,16 @@ function GOTMLS_html_tags($tags, $inner = array()) {
1442	$html = "";
1443	$gt = ">"; // This local variable never changes
1444	if (!is_array($tags))
1445	- ~~return~~ $~~html~~;
1446	foreach ($tags as $tag => $contents) {
1447	- ~~$html~~ .= (~~$tag=="html"?"<!DOCTYPE html$gt":"")."<$tag".~~(~~isset(~~$~~inner[$~~tag])~~?" ".$inner[$tag]:""~~)~~.$gt;~~

1448	if (is_array($contents))
1449	$html .= GOTMLS_html_tags($contents, $inner);
1450	else
1451	$html .= $contents;
1452	- $~~html~~ .= ~~"</$~~tag~~$gt";~~

1453	}
1454	return $html;
1455	}
	@@ -1646,9 +1765,9 @@ function GOTMLS_error_link($errorTXT, $file = "", $class = "errors") {
1646	$nonce_url = GOTMLS_set_nonce(__FUNCTION__."1661");
1647	if (count($ids) == 2 && is_numeric($ids[0])) {
1648	$encoded_file = (INT) $file;
1649	- $onclick = 'loadIframe(\''.str_replace("\"", """, '<div style="float: left; white-space: nowrap;">'.GOTMLS_strip4java(__("Examine Quarantined Content",'gotmls')).' ... </div><div style="overflow: hidden; position: relative; height: 20px;"><div style="position: absolute; right: 0px; text-align: right; width: 9000px;">'.$js_file).'</div></div>\');" href="'.~~admin_url~~('~~admin-ajax.php?action=~~GOTMLS_scan&'.$nonce_url.'&mt='.$GLOBALS["GOTMLS"]["tmp"]["mt"].'&GOTMLS_scan='.$encoded_file);
1650	} elseif ($file)
1651	- $onclick = 'loadIframe(\''.str_replace("\"", """, '<div style="float: left; white-space: nowrap;">'.GOTMLS_strip4java(__("Examine Current Content",'gotmls')).' ... </div><div style="overflow: hidden; position: relative; height: 20px;"><div style="position: absolute; right: 0px; text-align: right; width: 9000px;">'.$js_file).'</div></div>\');" href="'.~~admin_url~~('~~admin-ajax.php?action=~~GOTMLS_scan&'.$nonce_url.'&mt='.$GLOBALS["GOTMLS"]["tmp"]["mt"].'&GOTMLS_scan='.$encoded_file~~/.preg_replace('/\&(GOTMLS_scan\|mt\|GOTMLS_mt\|action~~)~~=/', '&last_\1=', isset($_SERVER["QUERY_STRING"])&&strlen($_SERVER["QUERY_STRING"])?"&".$_SERVER["QUERY_STRING"]:"")/)~~;
1652	else
1653	$onclick = 'return false;';
1654	return "<a id=\"list_$encoded_file\" title=\"$errorTXT\" target=\"GOTMLS_iFrame\" onclick=\"$onclick\" class=\"GOTMLS_plugin $class\">";


16	//if (is_file(GOTMLS_plugin_path.$file) && ($contents = @file_get_contents(GOTMLS_plugin_path.$file)) && preg_match('/\nversion:\s*([0-9\.]+)/i', $contents, $match))
17	// GOTMLS_define("GOTMLS_Version", $match[1]);
18	//else
19	+ GOTMLS_define("GOTMLS_Version", '4.21.74');
20	GOTMLS_define("GOTMLS_require_version", "3.3");
21	if (!function_exists("__")) {
22	function __($text, $domain = "gotmls") {

211	function GOTMLS_get_corefile_URL($path, $hash) {
212	if (strpos($URL = GOTMLS_get_version("URL"), '&cp='))
213	//$hash != md5($contents)."O".strlen($contents)
214	+ return 'http:'.GOTMLS_update_home.'cp_core.php?'.$URL.'&f='.GOTMLS_encode($path)."&h=$hash&ts=".gmdate("YmdHis").'&d='.rawurlencode(GOTMLS_siteurl);
215	else
216	return "http://core.svn.wordpress.org/tags/".GOTMLS_wp_version."$path";
217	}

235	if (!isset($GLOBALS["GOTMLS"]["tmp"]["nonce"][$transient_name])) {
236	$GLOBALS["GOTMLS"]["tmp"]["nonce"][$transient_name] = $hour;
237	if (!GOTMLS_update_option('nonce', $GLOBALS["GOTMLS"]["tmp"]["nonce"]))
238	+ return (GOTMLS_sanitize($context)."=DB-err:".rawurlencode(preg_replace('/[\r\n]+/', " ", print_r($GLOBALS["GOTMLS"]["tmp"]["nonce"],1).$wpdb->last_error)));
239	}
240	+ return 'GOTMLS_mt='.rawurlencode($transient_name);
241	}}
242
243	if (!function_exists("GOTMLS_get_nonce")) {

289	return '<div id="file_details_'.md5($file).'" class="shadowed-box rounded-corners" style="display: none; position: absolute; left: 8px; top: 29px; background-color: #ccc; border: medium solid #C00; box-shadow: -3px 3px 3px #666; border-radius: 10px; padding: 10px;"><b>File Details: '.GOTMLS_htmlspecialchars(basename($file)).'</b><br />in: '.dirname(realpath($file)).'<br />size: '.filesize(realpath($file)).' ( '.ceil(strlen(GOTMLS_htmlspecialchars($GLOBALS["GOTMLS"]["tmp"]["file_contents"]))/1024).' KB )<br />encoding: '.(isset($GLOBALS["GOTMLS"]["tmp"]["encoding"])?$GLOBALS["GOTMLS"]["tmp"]["encoding"]:(function_exists("mb_detect_encoding")?mb_detect_encoding($GLOBALS["GOTMLS"]["tmp"]["file_contents"]):"Unknown")).'<br />permissions: '.GOTMLS_fileperms(realpath($file)).'<br />Owner/Group: '.fileowner(realpath($file)).'/'.filegroup(realpath($file)).' (you are: '.getmyuid().'/'.getmygid().')<br />modified:'.gmdate(" Y-m-d H:i:s ", filemtime(realpath($file))).'<br />changed:'.gmdate(" Y-m-d H:i:s ", filectime(realpath($file))).'</div>';
290	}
291
292	+ function GOTMLS_admin_url($action, $url = '') {
293	if (function_exists("admin_url"))
294	+ $return = admin_url("admin-ajax.php?action=".rawurldecode($action));
295	else {
296	+ $return = "../../../../wp-admin/admin-ajax.php?action=".rawurldecode($action);
297	}
298	+ foreach (array('eli', 'GOTMLS_debug') as $pass_on)
299	+ if (isset($_GET["$pass_on"]))
300	+ $return .= "&$pass_on=".rawurldecode($_GET["$pass_on"]);
301	+ return "$return&$url";
302	}
303
304	function GOTMLS_close_button($box_id, $margin = '6px') {

449	function cancelserver(divid) {
450	document.getElementById(divid).innerHTML = "<div class=\'error\'>'.GOTMLS_strip4java(__("No response from server!",'gotmls')).'</div>";
451	}
452	+ var stopCheckingDefinitions = 0;
453	+ function checkPrimaryUpdateServer() {
454	+ var updatescript = document.createElement("script");
455	+ updatescript.setAttribute("src", pri_addr);
456	+ if (divx = document.getElementById("Definition_Updates"))
457	+ divx.appendChild(updatescript);
458	+ return setTimeout(function() {stopCheckingDefinitions = checkAlternateUpdateServer();}, 15000);
459	+ }
460	+ function checkAlternateUpdateServer() {
461	+ var updatescript = document.createElement("script");
462	+ if (arguments[0])
463	+ updatescript.setAttribute("src", alt_addr+arguments[0]);
464	+ else
465	+ updatescript.setAttribute("src", alt_addr);
466	+ if (divx = document.getElementById("Definition_Updates"))
467	+ divx.appendChild(updatescript);
468	+ return setTimeout(function() {stopCheckingDefinitions = cancelserver("Definition_Updates");}, 15000);
469	+ }
470	+ function checkupdateserver(server) {
471	var updatescript = document.createElement("script");
472	updatescript.setAttribute("src", server);
473	+ if (divx = document.getElementById("GOTMLS_patch_searching"))

474	divx.appendChild(updatescript);
475	+ return setTimeout(function() {cancelserver("GOTMLS_patch_searching");}, '.(((INT) $GLOBALS["GOTMLS"]["tmp"]['execution_time'])+1).'000+3000);




476	}
477	var IE = document.all?true:false;
478	//if (!IE) document.addEventListener("mousemove", getMouseXY);

528	corner.style.width="90%";
529	corner.style.height="20px";
530	}
531	+ document.getElementById("GOTMLS_statusFrame").src = "'.GOTMLS_admin_url('GOTMLS_position', $head_nonce.'&GOTMLS_x=').'"+curDiv.style.left+"&GOTMLS_y="+curDiv.style.top;
532	offsetX=0;
533	offsetY=0;
534	}

547	corner.style.width="20px";
548	corner.style.height="20px";
549	}
550	+ document.getElementById("GOTMLS_statusFrame").src = "'.GOTMLS_admin_url('GOTMLS_position', $head_nonce.'&GOTMLS_w=').'"+curDiv.style.width+"&GOTMLS_h="+curDiv.style.height;
551	offsetW=0;
552	offsetH=0;
553	}

569	return GOTMLS_get_styles($pre_style).'<div id="main-page-title"><h1 style="vertical-align: middle;">Anti-Malware from GOTMLS.NET</h1></div>';
570	}
571
572	+ function GOTMLS_object_to_array($obj) {
573	+ if (is_object($obj))
574	+ $obj = (array) $obj;
575	+ $new = array();
576	+ if (is_array($obj)) {
577	+ foreach ($obj as $key => $val)
578	+ $new[$key] = GOTMLS_object_to_array($val);
579	+ } else
580	+ $new = $obj;
581	+ return $new;
582	+ }
583	+
584	function GOTMLS_get_pagination($count, $wrap = "") {
585	$Q_Paged = "";
586	if (isset($_REQUEST["paged"]) && is_numeric($_REQUEST["paged"])) {

631	if ($my_query->have_posts()) {
632	$Q_Page = '<form method="POST" action="'.admin_url('admin-ajax.php'/.(isset($_SERVER["QUERY_STRING"])&&strlen($_SERVER["QUERY_STRING"])?"?".$_SERVER["QUERY_STRING"]:"")/).'" target="GOTMLS_iFrame" name="GOTMLS_Form_clean"><input type="hidden" id="GOTMLS_fixing" name="GOTMLS_fixing" value="1"><input type="hidden" name="'.str_replace('=', '" value="', GOTMLS_set_nonce(__FUNCTION__."603")).'"><input type="hidden" name="action" value="GOTMLS_fix"><p id="quarantine_buttons" style="display: none;"><input id="repair_button" type="submit" value="'.__("Restore selected files from quarantine records",'gotmls').'" class="button-primary" onclick="if (confirm(\''.__("Are you sure you want to overwrite the previously cleaned files with the selected files in the Quarantine?",'gotmls').'\')) { setvalAllFiles(1); loadIframe(\'File Restoration Results\'); } else return false;" /><input id="delete_button" type="submit" class="button-primary" value="'.__("Delete selected quarantine records",'gotmls').'" onclick="if (confirm(\''.__("Are you sure you want to permanently delete the selected files in the Quarantine?",'gotmls').'\')) { setvalAllFiles(2); loadIframe(\'File Deletion Results\'); } else return false;" /></p><p><b>'.__("The following items highlighted in yellow had been found to contain malicious code, they have been cleaned and the malicious contents have been removed. A record of the infection has been saved here in the Quarantine for your review and could help with any future investigations. The code is safe here and you do not need to do anything further with these files.",'gotmls').'</b></p>
633	<p id="reclean_buttons" style="display: none;"><input id="reclean_button" type="submit" value="'.__("Re-clean re-infected files",'gotmls').'" class="button-primary" onclick="checkAllFiles(false); setvalAllFiles(1); loadIframe(\'Reinfected File Recleaning Results\');" /><b>'.__("The items highlighted in red have been found to be re-infected. The malicious code has returned and needs to be cleaned again.",'gotmls').'</b></p>
634	+ <ul name="found_Quarantine" id="found_Quarantine" class="GOTMLS_plugin known" style="background-color: #ccc; padding: 0;"><h3 style="margin: 8px 12px;">'.($my_query->post_count>1?'<input type="checkbox" onchange="checkAllFiles(this.checked); document.getElementById(\'quarantine_buttons\').style.display = \'block\';"> '.sprintf(__("Check all %d",'gotmls'),$my_query->post_count):"").__(" Items in Quarantine",'gotmls').'<span class="GOTMLS_date">'.__("Quarantined",'gotmls').'</span><span class="GOTMLS_date">'.__("Date Infected",'gotmls').((isset($_REQUEST["GOTMLS_debug"]))?'</span><span class="GOTMLS_date">'.__("Date Modified",'gotmls').'</span><span class="GOTMLS_date">'.__("Date Changed",'gotmls').'</span><span class="GOTMLS_date">'.__("File Size",'gotmls').'</span><span class="GOTMLS_date">'.__("Threat Found",'gotmls'):"").'</span></h3>';
635	$root_path = implode(GOTMLS_slash(), array_slice(GOTMLS_explode_dir(__FILE__), 0, (2 + intval($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"])) * -1));
636	while ($my_query->have_posts()) {
637	$my_query->the_post();

639	$threat = 'potential';
640	$action = $post->ID.'" id="check_'.$post->ID.'" onchange="document.getElementById(\'quarantine_buttons\').style.display = \'block\';';
641	$link = GOTMLS_error_link(__("The current/live file is missing or deleted",'gotmls'), $post->ID, $threat);
642	+ $fa = GOTMLS_threats_found_meta(GOTMLS_object_to_array($post));
643	if (is_file($post->post_title)) {
644	GOTMLS_scanfile($post->post_title);
645	if (count($GLOBALS["GOTMLS"]["tmp"]["threats_found"])) {

659	} else {
660	$link = '<a target="_blank" href="';
661	if ("revision" == $postdb[0])
662	+ $link .= admin_url('revision.php?revision='.rawurlencode($postdb[1]))."\" title=\"View this revision";
663	else
664	+ $link .= admin_url('post.php?action=edit&post='.rawurlencode((INT) $postdb[1]))."\" title=\"View current ".GOTMLS_htmlspecialchars($postdb[0]);
665	$link .= "\" id=\"list_edit_".((INT) $postdb[1])."\" class=\"GOTMLS_plugin $threat\">";
666	}
667	}
668	$Q_Page .= '
669	+ <li id="GOTMLS_quarantine_'.((INT) $post->ID).'" class="GOTMLS_quarantine_item" onmouseover="this.style.fontWeight=\'bold\';" onmouseout="this.style.fontWeight=\'normal\';"><span class="GOTMLS_date">'.GOTMLS_error_link(__("View Quarantine Record",'gotmls'), $post->ID, $threat).$post->post_date_gmt.'</a></span><span class="GOTMLS_date">'.GOTMLS_htmlspecialchars($post->post_modified_gmt).((isset($_REQUEST["GOTMLS_debug"]) && is_file($post->post_title))?'</span><span class="GOTMLS_date">'.gmdate("Y-m-d H:i:s", filemtime($post->post_title)).'</span><span class="GOTMLS_date">'.gmdate("Y-m-d H:i:s", filectime($post->post_title)).'</span><span class="GOTMLS_date">('.filesize($post->post_title).' bytes)</span><span class="GOTMLS_date">( '.$fa.')':"").'</span><input type="checkbox" name="GOTMLS_fix[]" value="'.$action.'" /><img src="'.GOTMLS_images_path.$gif.'" height=16 width=16 alt="Q">'.$link.GOTMLS_htmlspecialchars(str_replace($root_path, "...", $post->post_title))."</a></li>\n";
670	}
671	$Q_Page = GOTMLS_get_pagination($my_query->max_num_pages, "$Q_Page\n</ul>\n</form>");
672	} else

689	</div>';
690	}
691
692	+ function GOTMLS_threats_ver($threats_name) {
693	+ foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"] as $threat_level => $Threats)
694	+ if (is_array($Threats) && isset($Threats["$threats_name"][0]) && strlen($Threats["$threats_name"][0]) == 5)
695	+ return $Threats["$threats_name"][0];
696	+ return $threats_name;
697	+ }
698	+
699	+ function GOTMLS_threats_found_meta($Q_post = array()) {
700	+ global $wpdb, $table_prefix;
701	+ $gt = ">"; // This local variable never changes
702	+ $lt = "<"; // This local variable never changes
703	+ $SQL = "SELECT `meta_value` AS `Threat`, COUNT(*) AS `Found` FROM `{$wpdb->prefix}postmeta` WHERE `meta_key` = 'GOTMLS_threats_found'";
704	+ if (isset($Q_post["ID"]) && is_numeric($pID = $Q_post["ID"]) && ($pID > 0))
705	+ $SQL = $wpdb->prepare("$SQL AND post_id = %s", (INT) $pID);
706	+ else
707	+ $pID = 0;
708	+ $my_query = $wpdb->get_results("$SQL GROUP BY `meta_value`", ARRAY_A);
709	+ $fa = "";
710	+ if (is_array($my_query) && count($my_query)) {
711	+ $f = 1;
712	+ foreach ($my_query as $rec) {
713	+ if (isset($rec["Threat"]) && is_array($Threat = maybe_unserialize($rec["Threat"])) && isset($Threat["DefVer"]) && isset($Threat["SubPos"])) {
714	+ $ends = explode("-", $Threat["SubPos"]."--", 3);
715	+ if (strlen($ends[0]) > 0 && strlen($ends[1]) > 0 && is_numeric($ends[1]) && is_numeric($ends[0])) {
716	+ if ($ends[1] < $ends[0])
717	+ $ends = array_reverse($ends);
718	+ $fa .= $lt.'a title="'.GOTMLS_htmlspecialchars($Threat["DefVer"]).'" href="javascript:select_text_range(\'ta_file\', '.$ends[0].', '.$ends[1].');"'.$gt.'['.$f++."]$lt/a$gt ";
719	+ }
720	+ }
721	+ }
722	+ } else {
723	+ if (isset($Q_post["post_excerpt"]) && strlen($Q_post["post_excerpt"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["threats_found"] = @unserialize(GOTMLS_decode($Q_post["post_excerpt"])))) {
724	+ $f = 1;
725	+ // $fa .= "threats_found: ".count($GLOBALS["GOTMLS"]["tmp"]["threats_found"]);
726	+ foreach ($GLOBALS["GOTMLS"]["tmp"]["threats_found"] as $threats_found => $threats_name) {
727	+ $ends = explode("-", "$threats_found--", 3);
728	+ if (strlen($ends[0]) > 0 && strlen($ends[1]) > 0 && is_numeric($ends[1]) && is_numeric($ends[0])) {
729	+ if ($ends[1] < $ends[0])
730	+ $ends = array_reverse($ends);
731	+ $fa .= $lt.'a title="'.GOTMLS_htmlspecialchars($threats_name).'" href="javascript:select_text_range(\'ta_file\', '.$ends[0].', '.$ends[1].');"'.$gt.'['.$f++."]$lt/a$gt ";
732	+ add_post_meta($pID, 'GOTMLS_threats_found', array("SubPos" => $ends[0]."-".$ends[1], "DefVer" => GOTMLS_threats_ver($threats_name)));
733	+ } else {
734	+ if (is_numeric($threats_found)) {
735	+ $threats_found = $threats_name;
736	+ $threats_name = $f;
737	+ }
738	+ $fpos = 0;
739	+ $flen = 0;
740	+ $potential_threat = mb_ereg_replace("\r", "", $threats_found);
741	+ while (($fpos = strpos($GLOBALS["GOTMLS"]["tmp"]["file_contents"], ($potential_threat), $flen + $fpos)) !== false) {
742	+ $flen = strlen($potential_threat);
743	+ $fa .= $lt.'a title="'.GOTMLS_htmlspecialchars($threats_name).'" href="javascript:select_text_range(\'ta_file\', '.($fpos).', '.($fpos + $flen).');"'.$gt.'['.$f++."]$lt/a$gt ";
744	+ add_post_meta($pID, 'GOTMLS_threats_found', serialize(array("SubPos" => $fpos."-".($fpos + $flen), "DefVer" => GOTMLS_threats_ver($threats_name))));
745	+ }
746	+ }
747	+ }
748	+ } else
749	+ $fa = strlen($Q_post["post_excerpt"])."No Threats Found ";
750	+ }
751	+ return $fa;
752	+ }
753	+
754	function GOTMLS_view_details($Q_post, $pretext = "") {
755	$gt = ">"; // This local variable never changes
756	$lt = "<"; // This local variable never changes

762	mb_internal_encoding($encoding);
763	mb_regex_encoding($encoding);
764	$GLOBALS["GOTMLS"]["tmp"]["file_contents"] = mb_ereg_replace("\r", "", $GLOBALS["GOTMLS"]["tmp"]["file_contents"]);
765	+ $fa = GOTMLS_threats_found_meta($Q_post);
























766	$encoded_file_contents = GOTMLS_htmlentities($GLOBALS["GOTMLS"]["tmp"]["file_contents"], ENT_COMPAT, $encoding);
767	$encoding = $GLOBALS["GOTMLS"]["tmp"]["encoding"];
768	+ die(GOTMLS_html_tags(array(
769	+ "html" => array(
770	+ "head" => array(
771	+ "title" => "$title $clean_file",
772	+ "script" => GOTMLS_js_text_range()
773	+ ),
774	+ "body" => array(
775	+ "table" => array(
776	+ "tr" => array(
777	+ "td" => "$pretext".
778	+ GOTMLS_html_tags(array(
779	+ "div" => array(
780	+ "b" => "$title",
781	+ "br id='encoding' /" => "encoding: $encoding",
782	+ "br id='size' /" => "size: $size bytes",
783	+ "br id='infected' /" => 'infected:'.$Q_post["post_modified_gmt"],
784	+ "br id='quarantined' /" => 'quarantined:'.$Q_post["post_date_gmt"]
785	+ )
786	+ ), array(
787	+ 'div' => 'id="fileperms" class="shadowed-box rounded-corners" style="display: none; position: absolute; left: 8px; top: 29px; background-color: #ccc; border: medium solid #C00; box-shadow: -3px 3px 3px #666; border-radius: 10px; padding: 10px;"'
788	+ )
789	+ ).
790	+ GOTMLS_html_tags(array(
791	+ "div" => $lt.'span onmouseover="document.getElementById(\'fileperms\').style.display=\'block\';" onmouseout="document.getElementById(\'fileperms\').style.display=\'none\';"'."$gt$title$lt/span$gt( $fa)"
792	+
793	+ ), array(
794	+ 'div' => 'style="overflow: auto;"'
795	+ )
796	+ )
797	+ ),
798	+ GOTMLS_html_tags(array(
799	+ "tr" => array(
800	+ "td" => array(
801	+ "textarea" => "$encoded_file_contents"
802	+ )
803	+ )
804	+ ), array(
805	+ 'td' => 'style="height: 100%; padding: 5px 5px 0 0;"',
806	+ 'textarea' => 'id="ta_file" style="width: 100%; height: 100%"'
807	+ )
808	+ )
809	+ )
810	+ )
811	+ )
812	+ ), array(
813	+ 'script' => 'type="text/javascript"',
814	+ 'table' => 'style="top: 0px; left: 0px; width: 100%; height: 100%; position: absolute;"',
815	+ 'td' => 'style="width: 100%"'
816	+ )
817	+ ));
818	}
819
820	function GOTMLS_js_text_range($posttext = "") {
821	+ return '
822	function select_text_range(ta_id, start, end) {
823	var textBox = document.getElementById(ta_id);
824	var scrolledText = "";

841	}
842	if (typeof window.parent.showhide === "function")
843	window.parent.showhide("GOTMLS_iFrame", true);
844	+ '.$posttext;
845	}
846
847	if ((isset($_SERVER["DOCUMENT_ROOT"]) && ($SCRIPT_FILE = str_replace($_SERVER["DOCUMENT_ROOT"], "", (isset($_SERVER["SCRIPT_FILENAME"])?$_SERVER["SCRIPT_FILENAME"]:(isset($_SERVER["SCRIPT_NAME"])?$_SERVER["SCRIPT_NAME"]:"")))) && strlen($SCRIPT_FILE) > strlen("/".basename(__FILE__)) && substr(__FILE__, -1 * strlen($SCRIPT_FILE)) == substr($SCRIPT_FILE, -1 * strlen(__FILE__)))) {

1101	}
1102	}
1103	}
1104	+ } elseif (strlen($check_threats) && isset($_GET['eli']) && GOTMLS_verify_regex($check_threats))
1105	GOTMLS_preg_match_all($check_threats, $check_threats);
1106	if (isset($_SESSION["GOTMLS_debug"])) {
1107	$file_time = round(microtime(true) - $GLOBALS["GOTMLS"]["log"]["scan"]["last_threat"], 5);

1197	// $threat_link = GOTMLS_error_link($GLOBALS["GOTMLS"]["tmp"]["file_contents"], $real_file);
1198	$className = "errors";
1199	}
1200	+ if (isset($_GET["GOTMLS_debug"]) && $_GET["GOTMLS_debug"] == "scan")
1201	echo "\n<li>Found: ".count($GLOBALS["GOTMLS"]["tmp"]["threats_found"]);
1202	if (count($GLOBALS["GOTMLS"]["tmp"]["threats_found"])) {
1203	+ $threat_link = $lt.'a target="GOTMLS_iFrame" href="'.GOTMLS_admin_url('GOTMLS_scan', GOTMLS_set_nonce(__FUNCTION__."1101").'&mt='.$GLOBALS["GOTMLS"]["tmp"]["mt"].'&GOTMLS_scan='.$clean_file).'" id="list_'.$clean_file.'" onclick="loadIframe(\''.str_replace("\"", """, $lt.'div style="float: left; white-space: nowrap;"'.$gt.GOTMLS_strip4java(__("Examine File",'gotmls')).' ... '.$lt.'/div'.$gt.$lt.'div style="overflow: hidden; position: relative; height: 20px;"'.$gt.$lt.'div style="position: absolute; right: 0px; text-align: right; width: 9000px;"'.$gt.GOTMLS_htmlspecialchars(GOTMLS_strip4java($file), ENT_NOQUOTES))."$lt/div$gt$lt/div$gt');\" class=\"GOTMLS_plugin\"$gt";
1204	if ($className == "errors") {
1205	$GLOBALS["GOTMLS"]["tmp"]["debug_fix"]="errors";
1206	$threat_link = GOTMLS_error_link($GLOBALS["GOTMLS"]["tmp"]["file_contents"], $file);

1559	$html = "";
1560	$gt = ">"; // This local variable never changes
1561	if (!is_array($tags))
1562	+ $tags = array($tags => (is_array($inner)?(isset($inner["contents"])?$inner["contents"]:""):$inner));
1563	foreach ($tags as $tag => $contents) {
1564	+ if (!is_numeric($tag))
1565	+ $html .= ($tag=="html"?"<!DOCTYPE html$gt":"")."<$tag".(isset($inner[$tag])?" ".$inner[$tag]:"").$gt;
1566	if (is_array($contents))
1567	$html .= GOTMLS_html_tags($contents, $inner);
1568	else
1569	$html .= $contents;
1570	+ if ((!is_numeric($tag)) && substr($tag, -1) != '/')
1571	+ $html .= "</$tag$gt";
1572	}
1573	return $html;
1574	}

1765	$nonce_url = GOTMLS_set_nonce(__FUNCTION__."1661");
1766	if (count($ids) == 2 && is_numeric($ids[0])) {
1767	$encoded_file = (INT) $file;
1768	+ $onclick = 'loadIframe(\''.str_replace("\"", """, '<div style="float: left; white-space: nowrap;">'.GOTMLS_strip4java(__("Examine Quarantined Content",'gotmls')).' ... </div><div style="overflow: hidden; position: relative; height: 20px;"><div style="position: absolute; right: 0px; text-align: right; width: 9000px;">'.$js_file).'</div></div>\');" href="'.GOTMLS_admin_url('GOTMLS_scan', $nonce_url.'&mt='.$GLOBALS["GOTMLS"]["tmp"]["mt"].'&GOTMLS_scan='.$encoded_file);
1769	} elseif ($file)
1770	+ $onclick = 'loadIframe(\''.str_replace("\"", """, '<div style="float: left; white-space: nowrap;">'.GOTMLS_strip4java(__("Examine Current Content",'gotmls')).' ... </div><div style="overflow: hidden; position: relative; height: 20px;"><div style="position: absolute; right: 0px; text-align: right; width: 9000px;">'.$js_file).'</div></div>\');" href="'.GOTMLS_admin_url('GOTMLS_scan', $nonce_url.'&mt='.$GLOBALS["GOTMLS"]["tmp"]["mt"].'&GOTMLS_scan='.$encoded_file);
1771	else
1772	$onclick = 'return false;';
1773	return "<a id=\"list_$encoded_file\" title=\"$errorTXT\" target=\"GOTMLS_iFrame\" onclick=\"$onclick\" class=\"GOTMLS_plugin $class\">";

index.php CHANGED Viewed

	@@ -8,7 +8,7 @@ Author URI: http://wordpress.ieonly.com/category/my-plugins/anti-malware/
8	Contributors: scheeeli, gotmls
9	Donate link: https://gotmls.net/donate/
10	Description: This Anti-Virus/Anti-Malware plugin searches for Malware and other Virus like threats and vulnerabilities on your server and helps you remove them. It's always growing and changing to adapt to new threats so let me know if it's not working for you.
11	- Version: 4.20.96
12	*/
13	if (isset($_SERVER["DOCUMENT_ROOT"]) && ($SCRIPT_FILE = str_replace($_SERVER["DOCUMENT_ROOT"], "", (isset($_SERVER["SCRIPT_FILENAME"])?$_SERVER["SCRIPT_FILENAME"]:(isset($_SERVER["SCRIPT_NAME"])?$_SERVER["SCRIPT_NAME"]:"")))) && strlen($SCRIPT_FILE) > strlen("/".basename(__FILE__)) && substr(__FILE__, -1 * strlen($SCRIPT_FILE)) == substr($SCRIPT_FILE, -1 * strlen(__FILE__)) \|\| !(function_exists("add_action") && function_exists("load_plugin_textdomain")))
14	include(dirname(__FILE__)."/safe-load/index.php");
	@@ -18,7 +18,7 @@ else
18	* / /\ GOTMLS Main Plugin File
19	* / /:/ @package GOTMLS
20	* /__/::\
21	- Copyright \__\/\:\__ © 2012-~~2021~~ Eli Scheetz (email: eli@gotmls.net)
22	* \ \:\/\
23	* \__\::/ This program is free software; you can redistribute it
24	* ___ /__/:/ and/or modify it under the terms of the GNU General Public
	@@ -40,7 +40,7 @@ require_once(GOTMLS_plugin_path.'images/index.php');
40
41	function GOTMLS_install() {
42	if (strpos(GOTMLS_get_version("URL"), '&wp=') && version_compare(GOTMLS_wp_version, GOTMLS_require_version, "<"))
43	- die(GOTMLS_require_version_LANGUAGE.", NOT version: ".GOTMLS_wp_version);
44	else
45	delete_option("GOTMLS_definitions_array");
46	}
	@@ -71,7 +71,7 @@ function GOTMLS_admin_add_help_tab() {
71	$screen->add_help_tab(array(
72	'id' => "GOTMLS_Getting_Started",
73	'title' => __("Getting Started", 'gotmls'),
74	- 'content' => '<p>'.__("Make sure the Definition Updates are current and Run a Complete Scan.").'</p><p>'.sprintf(__("If Known Threats are found and displayed in red then there will be a button to '%s'. If only Potentional Threats are found then there is no automatic fix because those are probably not malicious."), GOTMLS_Automatically_Fix_LANGUAGE).'</p><p>'.__("A backup of the original infected files are placed in the Quarantine in case you need to restore them or just want to look at them later. You can delete these files if you don't want to save more.").'</p>'
75	));
76	$FAQMarker = '== Frequently Asked Questions ==';
77	if (is_file(dirname(__FILE__).'/readme.txt') && ($readme = explode($FAQMarker, @file_get_contents(dirname(__FILE__).'/readme.txt').$FAQMarker)) && strlen($readme[1]) && ($readme = explode("==", $readme[1]."==")) && strlen($readme[0])) {
	@@ -95,9 +95,9 @@ function GOTMLS_display_header($optional_box = "") {
95	$GOTMLS_url_parts = explode('/', GOTMLS_siteurl);
96	$Update_Definitions = array(GOTMLS_update_home.'definitions.js'.$GLOBALS["GOTMLS"]["tmp"]["Definition"]["Updates"].'&'.GOTMLS_get_version_URL.'&'.$head_nonce.'&d='.ur1encode(GOTMLS_siteurl));
97	if (isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["auto_UPDATE_definitions"]) && $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["auto_UPDATE_definitions"])
98	- array_unshift($Update_Definitions, ~~admin_url~~('~~admin-ajax.php?action=~~GOTMLS_load_update&'.$head_nonce.'&UPDATE_definitions_array=1'));
99	else
100	- $Update_Definitions[] = ~~str_replace~~(~~"//"~~, ~~"//www~~.~~", $Update_Definitions[0]~~);
101	$Update_Link = '<div style="text-align: center;"><a href="';
102	$new_version = "";
103	$file = basename(GOTMLS_plugin_path).'/index.php';
	@@ -127,7 +127,7 @@ function GOTMLS_display_header($optional_box = "") {
127	<div id="admin-page-container">
128	<div id="GOTMLS-right-sidebar" style="width: 300px;" class="metabox-holder">
129	'.GOTMLS_box(__("Updates & Registration",'gotmls'), "<ul>$php_version<li>".(function_exists('classicpress_version')?"ClassicPress: <span class='GOTMLS_date' title='CP: ".classicpress_version()."\nWP: ".GOTMLS_wp_version."'>".preg_replace( '#[+-].*$#', '', classicpress_version()):"WordPress: <span class='GOTMLS_date'>".GOTMLS_wp_version)."</span></li>\n<li>Plugin: <span class='GOTMLS_date'>".GOTMLS_Version.'</span></li>
130	- <li><div id="GOTMLS_Key" style="margin: 0;'.((!$defLatest && !$isRegistered)?' display: none;">Key: <span style="float: right;">'.GOTMLS_installation_key.'</span></div><div style="':'">Key: <span style="float: right;" onclick="showhide(\'autoUpdateForm\', true); showhide(\'registerKeyForm\', true); showhide(\'clear_updates\', true); getElementById(\'registerFormMessage\').innerHTML = \'<p>You can change your registered email here if you want.</p>\';">'.GOTMLS_installation_key.'</span></div><div style="display: none;').'"><form method="POST" action="'.admin_url('admin-ajax.php?'.$head_nonce).'" target="GOTMLS_iFrame" name="GOTMLS_Form_lognewkey"><input type="hidden" name="GOTMLS_installation_key" value="'.GOTMLS_installation_key.'"><input type="hidden" name="action" value="GOTMLS_lognewkey"><span style="color: #F00;" id="GOTMLS_No_Key">No Key! <input type="submit" style="float: right;" value="'.__("Get FREE Key!",'gotmls').'" class="button-primary" onclick="showhide(\'GOTMLS_No_Key\');showhide(\'GOTMLS_Key\', true);check_for_updates(~~\'Definition_Updates\'~~);" /></span></form></div></li>
131	<li>Definitions: <span id="GOTMLS_definitions_date" class="GOTMLS_date">'.$GLOBALS["GOTMLS"]["tmp"]["Definition"]["Latest"].'</span></li></ul>
132	<form id="updateform" method="post" name="updateform" action="'.str_replace("GOTMLS_mt=", "GOTMLS_last_mt=", GOTMLS_script_URI).'&'.$head_nonce.'">
133	<img style="display: none; float: left; margin-right: 4px;" src="'.GOTMLS_images_path.'checked.gif" height=16 width=16 alt="definitions updated" id="autoUpdateDownload" onclick="showhide(\'autoUpdateForm\', true); showhide(\'registerKeyForm\', true); showhide(\'clear_updates\', true); getElementById(\'registerFormMessage\').innerHTML = \'<p>You can change your registered email here if you want.</p>\';">
	@@ -157,10 +157,11 @@ function GOTMLS_display_header($optional_box = "") {
157	<input style="width: 100%;" id="installation_key" type="text" name="installation_key" value="'.GOTMLS_installation_key.'" readonly /><input id="old_key" type="hidden" name="old_key" value="'.md5($GOTMLS_url_parts[2]).'" /></div>
158	<input style="width: 100%;" id="wp-submit" type="submit" name="wp-submit" value="Register Now!" /></form></div>'.(false && $isRegistered?'Registered to: '.$isRegistered:"").$Update_Link, "stuffbox").'
159	<script type="text/javascript">

160	var alt_addr = "'.$Update_Definitions[1].'";
161	- function check_for_updates(~~update_type~~) {
162	- showhide(~~update_type~~, true);
163	- stopCheckingDefinitions = ~~checkupdateserver~~(~~"'.$Update_Definitions[0].'", update_type, alt_addr~~);
164	}
165	function updates_complete(chk) {
166	if (auto_img = document.getElementById("autoUpdateDownload")) {
	@@ -192,7 +193,7 @@ function GOTMLS_display_header($optional_box = "") {
192	} else {
193	document.getElementById("Definition_Updates").innerHTML = \'<img src="'.GOTMLS_images_path.'wait.gif">'.GOTMLS_strip4java(__("Submitting Registration ...",'gotmls')).'\';
194	showhide("Definition_Updates", true);
195	- setTimeout(\'stopCheckingDefinitions = ~~checkupdateserver~~(~~"'.$Update_Definitions[0].'", "Definition_Updates", "'.$Update_Definitions[1].'"~~)\', 11000);
196	showhide("registerKeyForm");
197	return true;
198	}
	@@ -204,7 +205,7 @@ function GOTMLS_display_header($optional_box = "") {
204	'.$GLOBALS["GOTMLS"]["tmp"]["onLoad"].'
205	}
206	if ('.($defLatest+strlen($isRegistered)).')
207	- check_for_updates(~~"Definition_Updates"~~);
208	/* else
209	showhide("registerKeyForm", true);*/
210	if (divNAtext)
	@@ -227,7 +228,7 @@ function GOTMLS_display_header($optional_box = "") {
227	<li><img src="//gravatar.com/avatar/8151cac22b3fc543d099241fd573d176?s=16" border="0" alt="Developer site:"><b><a target="_blank" href="http://wordpress.ieonly.com/category/my-plugins/anti-malware/">Eli\'s Blog</a></b></li>
228	<li><img src="https://s.gravatar.com/avatar/7530906968df6594bfbe934ddc117f58?s=16" border="0" alt="mail:"><b><a target="_blank" href="mailto:eli@gotmls.net">Email Eli</a></b></li>
229	</ul>
230	- <a target="_blank" href="https://www.google.com/transparencyreport/safebrowsing/diagnostic/index.html#url='.~~urlencode~~(GOTMLS_siteurl).'">Google Safe Browsing Diagnostic</a>', "stuffbox").//GOTMLS_box(__("Last Scan Status",'gotmls'), GOTMLS_scan_log(), "stuffbox").
231	$optional_box.'</div>';
232	if (isset($GLOBALS["GOTMLS"]["tmp"]["stuffbox"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["stuffbox"])) {
233	echo '
	@@ -257,7 +258,7 @@ function stuffbox_showhide(id) {
257	}
258	}
259	if (getWindowWidth(780) == 780)
260	- setTimeout("stuffbox_showhide(\'inside_'.$md5.'\')", 200);
261	</script>';
262	}
263	echo '
	@@ -342,7 +343,7 @@ function GOTMLS_get_whitelists() {
342
343	function GOTMLS_Quarantine_Trash() {
344	global $wpdb;
345	- $Q_Page = '<div id="empty_trash_link" style="float: right;"><form method="post" onsubmit="if (curDiv = document.getElementById(\'empty_trash_link\')) curDiv.style.display = \'none\';" target="GOTMLS_statusFrame" action="'.~~admin_url~~('~~admin-ajax.php?action=~~GOTMLS_empty_trash&'.GOTMLS_set_nonce(__FUNCTION__."346")).'">';
346	if (($trashed = $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->posts WHERE `post_type` = 'GOTMLS_quarantine' AND `post_status` = 'trash'")) > 1)
347	$Q_Page .= '<input class="primary" style="float: right;" type="submit" value="RESTORE" name="alter"><input class="primary" style="color: red; float: right;" type="submit" value="DELETE" name="alter"><span style="float: right; margin: 3px;">'.sprintf(__("%d Quarantine Records in the Trash",'gotmls'), (INT) $trashed)."</span>";
348	return "$Q_Page</form></div>\n";
	@@ -492,7 +493,7 @@ function GOTMLS_Firewall_Options() {
492	foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["firewall"] as $TP => $VA)
493	if (is_array($VA) && count($VA) > 3 && strlen($VA[1]) && strlen($VA[2]))
494	$sec_opts .= $lt.'div style="padding: 0 30px;"'.$gt.$lt.'input type="submit" style="float: right;" value="'.(isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["firewall"]["$TP"]) && $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["firewall"]["$TP"]?"Enable Protection\" onclick=\"setFirewall('$TP', 0);\"$gt$lt".'p'.$gt.$lt.'img src="'.GOTMLS_images_path.'threat.gif"'.$gt.$lt."b$gt$VA[1] (Currently Disabled)":"Disable Protection\" onclick=\"setFirewall('$TP', 1);\"$gt$lt".'p'.$gt.$lt.'img src="'.GOTMLS_images_path.'checked.gif"'.$gt.$lt."b$gt$VA[1] (Automatically Enabled)")."$lt/b$gt$lt/p$gt$VA[2]$lt/div$gt$lt".'hr /'.$gt;
495	- $sec_opts .= "$lt/form$gt\n$patch_action\n$lt".'form method="POST" name="GOTMLS_Form_patch"'.$gt.$lt.'div style="padding: 0 30px;"'.$gt.$Firewall_nonce.$lt.'input type="submit" value="'.$patch_attr[$patch_status]["action"].'" style="float: right;'.($patch_status?'"'.$gt:' display: none;" id="GOTMLS_patch_button"'.$gt.$lt.'div id="GOTMLS_patch_searching" style="float: right;"'.$gt.__("Checking for session compatibility ...",'gotmls').' '.$lt.'img src="'.GOTMLS_images_path.'wait.gif" height=16 width=16 alt="Wait..." /'.$gt.$lt.'/div'.$gt).$lt.'input type="hidden" name="GOTMLS_patching" value="1"'.$gt.$lt.'p'.$gt.$lt.'img src="'.GOTMLS_images_path.$patch_attr[$patch_status]["icon"].'.gif"'.$gt.$lt.'b'.$gt.'Brute-force Protection '.$patch_attr[$patch_status]["status"].$lt.'/b'.$gt.$lt.'/p'.$gt.$patch_attr[$patch_status]["language"].__(" For more information on Brute-Force attack prevention and the WordPress wp-login-php file ",'gotmls').' '.$lt.'a target="_blank" href="'.GOTMLS_plugin_home.'tag/wp-login-php/"'.$gt.__("read my blog",'gotmls')."$lt/a$gt.$lt/div$gt$lt/form$gt\n$lt"."script type='text/javascript'$gt\nfunction search_patch_onload() {\n\tstopCheckingSession = checkupdateserver('".~~admin_url~~('~~admin-ajax.php?action=~~GOTMLS_log_session')."'~~, 'GOTMLS_patch_searching'~~);\n}\nif (window.addEventListener)\n\twindow.addEventListener('load', search_patch_onload)\nelse\n\tdocument.attachEvent('onload', search_patch_onload);\n$lt/script$gt";
496	$admin_notice = "";
497	if ($current_user->user_login == "admin") {
498	$admin_notice .= $lt.'hr /'.$gt;
	@@ -607,9 +608,9 @@ function GOTMLS_ajax_load_update() {
607	$GLOBALS["GOTMLS"]["tmp"]["onLoad"] .= "updates_complete('New Definitions Automatically Installed :-)');";
608	}
609	$finJS .= "\nif (divNAtext)\n\tloadGOTMLS();\nelse\n\tdivNAtext = setTimeout('loadGOTMLS()', 4000);";
610	- $finJS .= "\nif (typeof stopCheckingDefinitions !== 'undefined')\n\tclearTimeout(stopCheckingDefinitions);";
611	} else
612	- $innerHTML = "<li style=\\\"color: #f00\\\"><a title='report error' href='#' onclick=\\\"stopCheckingDefinitions = ~~checkupdateserver~~(~~alt_addr+~~'&error=".GOTMLS_encode(serialize(array("get_URL"=>$GLOBALS["GOTMLS"]["get_URL"])))."'~~, 'Definition_Updates'~~);\\\">Automatic Update Connection Failed!</a></li>";
613	if (isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["backdoor"]))
614	unset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["backdoor"]);
615	} else
	@@ -1014,12 +1015,12 @@ var startTime = 0;
1014	if (substr($name, 0, 10) != 'GOTMLS_fix' && $name != 'GOTMLS_mt') {
1015	if (is_array($value)) {
1016	foreach ($value as $val)
1017	- $_SERVER_QUERY_STRING .= ~~urlencode~~($name).'[]='.~~urlencode~~($val).'&';
1018	} else
1019	- $_SERVER_QUERY_STRING .= ~~urlencode~~($name).'='.~~urlencode~~($value).'&';
1020	}
1021	}
1022	- echo "\n$lt".'form method="POST" action="'.admin_url("admin-ajax.php$_SERVER_QUERY_STRING"~~/.(isset($_SERVER["QUERY_STRING"]~~)~~&&strlen($_SERVER["QUERY_STRING"])?"?".$_SERVER["QUERY_STRING"]:"")/)~~.'" target="GOTMLS_iFrame" name="GOTMLS_Form_clean"'.$gt.$lt.'input type="hidden" name="'.str_replace('=', '" value="', GOTMLS_set_nonce(__FUNCTION__."1049")).'"'.$gt.$lt.'input type="hidden" name="action" value="GOTMLS_fix"'.$gt.$lt.'input type="hidden" id="GOTMLS_fixing" name="GOTMLS_fixing" value="1"'.$gt;
1023	foreach ($_POST as $name => $value) {
1024	if (substr($name, 0, 10) != 'GOTMLS_fix' && $name != 'GOTMLS_mt') {
1025	if (is_array($value)) {
	@@ -1081,7 +1082,7 @@ var startTime = 0;
1081	else
1082	$DB_scan_JS = "";
1083	GOTMLS_flush('script');
1084	- echo "/--{$gt}"."/\nvar scriptSRC = '".~~admin_url~~('~~admin-ajax.php?action=~~GOTMLS_scan&'.GOTMLS_set_nonce(__FUNCTION__."1110").'&mt='.$GLOBALS["GOTMLS"]["tmp"]["mt"]~~./preg_replace(~~'~~/\&(GOTMLS_scan\|mt\|GOTMLS_mt\|action)=/', '~~&~~last_\1=', isset($_SERVER["QUERY_STRING"])&&strlen($_SERVER["QUERY_STRING"])?"&".$_SERVER["QUERY_STRING"]:"")./'&~~GOTMLS_scan=')."';\nvar scanfilesArKeys = new Array('".implode("','", array_keys($GLOBALS["GOTMLS"]["tmp"]["scanfiles"]))."'$DB_scan_JS);\nvar scanfilesArNames = new Array('Scanning ".implode("','Scanning ", $GLOBALS["GOTMLS"]["tmp"]["scanfiles"])."'".str_replace("db_scan", "Starting Database Scan ...", $DB_scan_JS).");".'
1085	var scanfilesI = 0;
1086	var stopScanning;
1087	var gotStuckOn = "";
	@@ -1349,7 +1350,7 @@ function GOTMLS_ajax_log_session() {
1349	if (isset($_GET["SESSION"]) && is_numeric($_GET["SESSION"]) && $_GET["SESSION"] > 0)
1350	die("/* GOTMLS SESSION FAIL */\nif('undefined' != typeof stopCheckingSession && stopCheckingSession)\n\tclearTimeout(stopCheckingSession);\ndocument.getElementById('GOTMLS_patch_searching').innerHTML = '<div class=\"error\">".GOTMLS_strip4java(__("Your Server could not start a Session!",'gotmls'))."</div>';");
1351	else
1352	- die("/* GOTMLS SESSION TEST */\nif('undefined' != typeof stopCheckingSession && stopCheckingSession)\n\tclearTimeout(stopCheckingSession);\nstopCheckingSession = checkupdateserver('".GOTMLS_script_URI."&SESSION=1'~~, 'GOTMLS_patch_searching'~~);");
1353	}
1354	}
1355
	@@ -1381,7 +1382,7 @@ function GOTMLS_ajax_position() {
1381	} else
1382	die("\n//Position Error: No new position to save!\n");
1383	update_option("GOTMLS_settings_array", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]);
1384	- die(GOTMLS_html_tags(array("html" => array("body" => GOTMLS_htmlentities($_GET["GOTMLS_msg"]).' '.__("saved.",'gotmls').(implode($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"]) == implode($GLOBALS["GOTMLS"]["tmp"]["default"]["msg_position"])?"":' <a href="'.~~admin_url~~('~~admin-ajax.php?action=~~GOTMLS_position&'.GOTMLS_set_nonce(__FUNCTION__."1448").'&GOTMLS_msg='.~~urlencode~~($GLOBALS["GOTMLS_msg"])).'">['.$GLOBALS["GOTMLS_msg"].']</a>'))), $properties));
1385	} else
1386	die(GOTMLS_Invalid_Nonce("\n//Position Error: ")."\n");
1387	}
	@@ -1523,7 +1524,7 @@ function GOTMLS_ajax_fix() {
1523	}
1524	}
1525	$nonce = GOTMLS_set_nonce(__FUNCTION__."1588");
1526	- die('<div id="check_site_warning" style="background-color: #F00;">'.sprintf(__("Because some changes were made we need to check to make sure it did not break your site. If this stays Red and the frame below does not load please <a %s>revert the changes</a> made during this automated fix process.",'gotmls'), 'href="'.GOTMLS_images_path.'?page=GOTMLS_View_Quarantine&'.$nonce.'"').' <span style="color: #F00;">'.__("Never mind, it worked!",'gotmls').'</span></div><br /><iframe id="test_frame" name="test_frame" src="'.~~admin_url~~('~~admin-ajax.php?action=~~GOTMLS_View_Quarantine&check_site=1&'.$nonce).'" style="width: 100%; height: 200px"></iframe>'.$li_js."/-->"."/\nalert_repaired(0);\n</script>\n$HTML[1]");
1527	} else
1528	die(GOTMLS_html_tags(array("html" => array("body" => "<script type=\"text/javascript\">\nwindow.parent.showhide('GOTMLS_iFrame', true);\nalert('".__("Nothing Selected to be Changed!",'gotmls')."');\n</script>".__("Done!",'gotmls')))));
1529	} else
	@@ -1534,7 +1535,7 @@ function GOTMLS_ajax_scan() {
1534	if (GOTMLS_get_nonce()) {
1535	@error_reporting(0);
1536	if (isset($_GET["GOTMLS_scan"])) {
1537	- $script_form = GOTMLS_js_text_range();
1538	@set_time_limit($GLOBALS["GOTMLS"]["tmp"]['execution_time'] - 5);
1539	if (is_numeric($_GET["GOTMLS_scan"])) {
1540	if (($Q_post = GOTMLS_get_quarantine((INT) $_GET["GOTMLS_scan"])) && isset($Q_post["post_type"]) && strtolower($Q_post["post_type"]) == "gotmls_quarantine") {


8	Contributors: scheeeli, gotmls
9	Donate link: https://gotmls.net/donate/
10	Description: This Anti-Virus/Anti-Malware plugin searches for Malware and other Virus like threats and vulnerabilities on your server and helps you remove them. It's always growing and changing to adapt to new threats so let me know if it's not working for you.
11	+ Version: 4.21.74
12	*/
13	if (isset($_SERVER["DOCUMENT_ROOT"]) && ($SCRIPT_FILE = str_replace($_SERVER["DOCUMENT_ROOT"], "", (isset($_SERVER["SCRIPT_FILENAME"])?$_SERVER["SCRIPT_FILENAME"]:(isset($_SERVER["SCRIPT_NAME"])?$_SERVER["SCRIPT_NAME"]:"")))) && strlen($SCRIPT_FILE) > strlen("/".basename(__FILE__)) && substr(__FILE__, -1 * strlen($SCRIPT_FILE)) == substr($SCRIPT_FILE, -1 * strlen(__FILE__)) \|\| !(function_exists("add_action") && function_exists("load_plugin_textdomain")))
14	include(dirname(__FILE__)."/safe-load/index.php");

18	* / /\ GOTMLS Main Plugin File
19	* / /:/ @package GOTMLS
20	* /__/::\
21	+ Copyright \__\/\:\__ © 2012-2022 Eli Scheetz (email: eli@gotmls.net)
22	* \ \:\/\
23	* \__\::/ This program is free software; you can redistribute it
24	* ___ /__/:/ and/or modify it under the terms of the GNU General Public

40
41	function GOTMLS_install() {
42	if (strpos(GOTMLS_get_version("URL"), '&wp=') && version_compare(GOTMLS_wp_version, GOTMLS_require_version, "<"))
43	+ die(GOTMLS_htmlspecialchars(GOTMLS_require_version_LANGUAGE.", NOT version: ".GOTMLS_wp_version));
44	else
45	delete_option("GOTMLS_definitions_array");
46	}

71	$screen->add_help_tab(array(
72	'id' => "GOTMLS_Getting_Started",
73	'title' => __("Getting Started", 'gotmls'),
74	+ 'content' => '<p>'.__("Make sure the Definition Updates are current and Run a Complete Scan.", 'gotmls').'</p><p>'.sprintf(__("If Known Threats are found and displayed in red then there will be a button to '%s'. If only Potentional Threats are found then there is no automatic fix because those are probably not malicious.", 'gotmls'), GOTMLS_Automatically_Fix_LANGUAGE).'</p><p>'.__("A backup of the original infected files are placed in the Quarantine in case you need to restore them or just want to look at them later. You can delete these files if you don't want to save more.", 'gotmls').'</p>'
75	));
76	$FAQMarker = '== Frequently Asked Questions ==';
77	if (is_file(dirname(__FILE__).'/readme.txt') && ($readme = explode($FAQMarker, @file_get_contents(dirname(__FILE__).'/readme.txt').$FAQMarker)) && strlen($readme[1]) && ($readme = explode("==", $readme[1]."==")) && strlen($readme[0])) {

95	$GOTMLS_url_parts = explode('/', GOTMLS_siteurl);
96	$Update_Definitions = array(GOTMLS_update_home.'definitions.js'.$GLOBALS["GOTMLS"]["tmp"]["Definition"]["Updates"].'&'.GOTMLS_get_version_URL.'&'.$head_nonce.'&d='.ur1encode(GOTMLS_siteurl));
97	if (isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["auto_UPDATE_definitions"]) && $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["auto_UPDATE_definitions"])
98	+ array_unshift($Update_Definitions, GOTMLS_admin_url('GOTMLS_load_update', $head_nonce.'&UPDATE_definitions_array=1'));
99	else
100	+ $Update_Definitions[] = GOTMLS_admin_url('GOTMLS_load_update', $head_nonce.'&UPDATE_definitions_array=1');
101	$Update_Link = '<div style="text-align: center;"><a href="';
102	$new_version = "";
103	$file = basename(GOTMLS_plugin_path).'/index.php';

127	<div id="admin-page-container">
128	<div id="GOTMLS-right-sidebar" style="width: 300px;" class="metabox-holder">
129	'.GOTMLS_box(__("Updates & Registration",'gotmls'), "<ul>$php_version<li>".(function_exists('classicpress_version')?"ClassicPress: <span class='GOTMLS_date' title='CP: ".classicpress_version()."\nWP: ".GOTMLS_wp_version."'>".preg_replace( '#[+-].*$#', '', classicpress_version()):"WordPress: <span class='GOTMLS_date'>".GOTMLS_wp_version)."</span></li>\n<li>Plugin: <span class='GOTMLS_date'>".GOTMLS_Version.'</span></li>
130	+ <li><div id="GOTMLS_Key" style="margin: 0;'.((!$defLatest && !$isRegistered)?' display: none;">Key: <span style="float: right;">'.GOTMLS_installation_key.'</span></div><div style="':'">Key: <span style="float: right;" onclick="showhide(\'autoUpdateForm\', true); showhide(\'registerKeyForm\', true); showhide(\'clear_updates\', true); getElementById(\'registerFormMessage\').innerHTML = \'<p>You can change your registered email here if you want.</p>\';">'.GOTMLS_installation_key.'</span></div><div style="display: none;').'"><form method="POST" action="'.admin_url('admin-ajax.php?'.$head_nonce).'" target="GOTMLS_iFrame" name="GOTMLS_Form_lognewkey"><input type="hidden" name="GOTMLS_installation_key" value="'.GOTMLS_installation_key.'"><input type="hidden" name="action" value="GOTMLS_lognewkey"><span style="color: #F00;" id="GOTMLS_No_Key">No Key! <input type="submit" style="float: right;" value="'.__("Get FREE Key!",'gotmls').'" class="button-primary" onclick="showhide(\'GOTMLS_No_Key\');showhide(\'GOTMLS_Key\', true);check_for_updates();" /></span></form></div></li>
131	<li>Definitions: <span id="GOTMLS_definitions_date" class="GOTMLS_date">'.$GLOBALS["GOTMLS"]["tmp"]["Definition"]["Latest"].'</span></li></ul>
132	<form id="updateform" method="post" name="updateform" action="'.str_replace("GOTMLS_mt=", "GOTMLS_last_mt=", GOTMLS_script_URI).'&'.$head_nonce.'">
133	<img style="display: none; float: left; margin-right: 4px;" src="'.GOTMLS_images_path.'checked.gif" height=16 width=16 alt="definitions updated" id="autoUpdateDownload" onclick="showhide(\'autoUpdateForm\', true); showhide(\'registerKeyForm\', true); showhide(\'clear_updates\', true); getElementById(\'registerFormMessage\').innerHTML = \'<p>You can change your registered email here if you want.</p>\';">

157	<input style="width: 100%;" id="installation_key" type="text" name="installation_key" value="'.GOTMLS_installation_key.'" readonly /><input id="old_key" type="hidden" name="old_key" value="'.md5($GOTMLS_url_parts[2]).'" /></div>
158	<input style="width: 100%;" id="wp-submit" type="submit" name="wp-submit" value="Register Now!" /></form></div>'.(false && $isRegistered?'Registered to: '.$isRegistered:"").$Update_Link, "stuffbox").'
159	<script type="text/javascript">
160	+ var pri_addr = "'.$Update_Definitions[0].'";
161	var alt_addr = "'.$Update_Definitions[1].'";
162	+ function check_for_updates() {
163	+ showhide("Definition_Updates", true);
164	+ stopCheckingDefinitions = checkPrimaryUpdateServer();
165	}
166	function updates_complete(chk) {
167	if (auto_img = document.getElementById("autoUpdateDownload")) {

193	} else {
194	document.getElementById("Definition_Updates").innerHTML = \'<img src="'.GOTMLS_images_path.'wait.gif">'.GOTMLS_strip4java(__("Submitting Registration ...",'gotmls')).'\';
195	showhide("Definition_Updates", true);
196	+ setTimeout(function() {stopCheckingDefinitions = checkPrimaryUpdateServer();}, 11000);
197	showhide("registerKeyForm");
198	return true;
199	}

205	'.$GLOBALS["GOTMLS"]["tmp"]["onLoad"].'
206	}
207	if ('.($defLatest+strlen($isRegistered)).')
208	+ check_for_updates();
209	/* else
210	showhide("registerKeyForm", true);*/
211	if (divNAtext)

228	<li><img src="//gravatar.com/avatar/8151cac22b3fc543d099241fd573d176?s=16" border="0" alt="Developer site:"><b><a target="_blank" href="http://wordpress.ieonly.com/category/my-plugins/anti-malware/">Eli\'s Blog</a></b></li>
229	<li><img src="https://s.gravatar.com/avatar/7530906968df6594bfbe934ddc117f58?s=16" border="0" alt="mail:"><b><a target="_blank" href="mailto:eli@gotmls.net">Email Eli</a></b></li>
230	</ul>
231	+ <a target="_blank" href="https://www.google.com/transparencyreport/safebrowsing/diagnostic/index.html#url='.rawurlencode(GOTMLS_siteurl).'">Google Safe Browsing Diagnostic</a>', "stuffbox").//GOTMLS_box(__("Last Scan Status",'gotmls'), GOTMLS_scan_log(), "stuffbox").
232	$optional_box.'</div>';
233	if (isset($GLOBALS["GOTMLS"]["tmp"]["stuffbox"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["stuffbox"])) {
234	echo '

258	}
259	}
260	if (getWindowWidth(780) == 780)
261	+ setTimeout(function() {stuffbox_showhide("inside_'.$md5.'");}, 200);
262	</script>';
263	}
264	echo '

343
344	function GOTMLS_Quarantine_Trash() {
345	global $wpdb;
346	+ $Q_Page = '<div id="empty_trash_link" style="float: right;"><form method="post" onsubmit="if (curDiv = document.getElementById(\'empty_trash_link\')) curDiv.style.display = \'none\';" target="GOTMLS_statusFrame" action="'.GOTMLS_admin_url('GOTMLS_empty_trash', GOTMLS_set_nonce(__FUNCTION__."346")).'">';
347	if (($trashed = $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->posts WHERE `post_type` = 'GOTMLS_quarantine' AND `post_status` = 'trash'")) > 1)
348	$Q_Page .= '<input class="primary" style="float: right;" type="submit" value="RESTORE" name="alter"><input class="primary" style="color: red; float: right;" type="submit" value="DELETE" name="alter"><span style="float: right; margin: 3px;">'.sprintf(__("%d Quarantine Records in the Trash",'gotmls'), (INT) $trashed)."</span>";
349	return "$Q_Page</form></div>\n";

493	foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["firewall"] as $TP => $VA)
494	if (is_array($VA) && count($VA) > 3 && strlen($VA[1]) && strlen($VA[2]))
495	$sec_opts .= $lt.'div style="padding: 0 30px;"'.$gt.$lt.'input type="submit" style="float: right;" value="'.(isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["firewall"]["$TP"]) && $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["firewall"]["$TP"]?"Enable Protection\" onclick=\"setFirewall('$TP', 0);\"$gt$lt".'p'.$gt.$lt.'img src="'.GOTMLS_images_path.'threat.gif"'.$gt.$lt."b$gt$VA[1] (Currently Disabled)":"Disable Protection\" onclick=\"setFirewall('$TP', 1);\"$gt$lt".'p'.$gt.$lt.'img src="'.GOTMLS_images_path.'checked.gif"'.$gt.$lt."b$gt$VA[1] (Automatically Enabled)")."$lt/b$gt$lt/p$gt$VA[2]$lt/div$gt$lt".'hr /'.$gt;
496	+ $sec_opts .= "$lt/form$gt\n$patch_action\n$lt".'form method="POST" name="GOTMLS_Form_patch"'.$gt.$lt.'div style="padding: 0 30px;"'.$gt.$Firewall_nonce.$lt.'input type="submit" value="'.$patch_attr[$patch_status]["action"].'" style="float: right;'.($patch_status?'"'.$gt:' display: none;" id="GOTMLS_patch_button"'.$gt.$lt.'div id="GOTMLS_patch_searching" style="float: right;"'.$gt.__("Checking for session compatibility ...",'gotmls').' '.$lt.'img src="'.GOTMLS_images_path.'wait.gif" height=16 width=16 alt="Wait..." /'.$gt.$lt.'/div'.$gt).$lt.'input type="hidden" name="GOTMLS_patching" value="1"'.$gt.$lt.'p'.$gt.$lt.'img src="'.GOTMLS_images_path.$patch_attr[$patch_status]["icon"].'.gif"'.$gt.$lt.'b'.$gt.'Brute-force Protection '.$patch_attr[$patch_status]["status"].$lt.'/b'.$gt.$lt.'/p'.$gt.$patch_attr[$patch_status]["language"].__(" For more information on Brute-Force attack prevention and the WordPress wp-login-php file ",'gotmls').' '.$lt.'a target="_blank" href="'.GOTMLS_plugin_home.'tag/wp-login-php/"'.$gt.__("read my blog",'gotmls')."$lt/a$gt.$lt/div$gt$lt/form$gt\n$lt"."script type='text/javascript'$gt\nfunction search_patch_onload() {\n\tstopCheckingSession = checkupdateserver('".GOTMLS_admin_url('GOTMLS_log_session')."');\n}\nif (window.addEventListener)\n\twindow.addEventListener('load', search_patch_onload)\nelse\n\tdocument.attachEvent('onload', search_patch_onload);\n$lt/script$gt";
497	$admin_notice = "";
498	if ($current_user->user_login == "admin") {
499	$admin_notice .= $lt.'hr /'.$gt;

608	$GLOBALS["GOTMLS"]["tmp"]["onLoad"] .= "updates_complete('New Definitions Automatically Installed :-)');";
609	}
610	$finJS .= "\nif (divNAtext)\n\tloadGOTMLS();\nelse\n\tdivNAtext = setTimeout('loadGOTMLS()', 4000);";
611	+ $finJS .= "\nif (typeof stopCheckingDefinitions !== 'undefined' && stopCheckingDefinitions)\n\tclearTimeout(stopCheckingDefinitions);";
612	} else
613	+ $innerHTML = "<li style=\\\"color: #f00\\\"><a title='report error' href='#' onclick=\\\"stopCheckingDefinitions = checkAlternateUpdateServer('&error=".GOTMLS_encode(serialize(array("get_URL"=>$GLOBALS["GOTMLS"]["get_URL"])))."');\\\">Automatic Update Connection Failed!</a></li>";
614	if (isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["backdoor"]))
615	unset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["backdoor"]);
616	} else

1015	if (substr($name, 0, 10) != 'GOTMLS_fix' && $name != 'GOTMLS_mt') {
1016	if (is_array($value)) {
1017	foreach ($value as $val)
1018	+ $_SERVER_QUERY_STRING .= rawurlencode($name).'[]='.rawurlencode($val).'&';
1019	} else
1020	+ $_SERVER_QUERY_STRING .= rawurlencode($name).'='.rawurlencode($value).'&';
1021	}
1022	}
1023	+ echo "\n$lt".'form method="POST" action="'.admin_url("admin-ajax.php$_SERVER_QUERY_STRING").'" target="GOTMLS_iFrame" name="GOTMLS_Form_clean"'.$gt.$lt.'input type="hidden" name="'.str_replace('=', '" value="', GOTMLS_set_nonce(__FUNCTION__."1049")).'"'.$gt.$lt.'input type="hidden" name="action" value="GOTMLS_fix"'.$gt.$lt.'input type="hidden" id="GOTMLS_fixing" name="GOTMLS_fixing" value="1"'.$gt;
1024	foreach ($_POST as $name => $value) {
1025	if (substr($name, 0, 10) != 'GOTMLS_fix' && $name != 'GOTMLS_mt') {
1026	if (is_array($value)) {

1082	else
1083	$DB_scan_JS = "";
1084	GOTMLS_flush('script');
1085	+ echo "/--{$gt}"."/\nvar scriptSRC = '".GOTMLS_admin_url('GOTMLS_scan', GOTMLS_set_nonce(__FUNCTION__."1110").'&mt='.$GLOBALS["GOTMLS"]["tmp"]["mt"].'&GOTMLS_scan=')."';\nvar scanfilesArKeys = new Array('".implode("','", array_keys($GLOBALS["GOTMLS"]["tmp"]["scanfiles"]))."'$DB_scan_JS);\nvar scanfilesArNames = new Array('Scanning ".implode("','Scanning ", $GLOBALS["GOTMLS"]["tmp"]["scanfiles"])."'".str_replace("db_scan", "Starting Database Scan ...", $DB_scan_JS).");".'
1086	var scanfilesI = 0;
1087	var stopScanning;
1088	var gotStuckOn = "";

1350	if (isset($_GET["SESSION"]) && is_numeric($_GET["SESSION"]) && $_GET["SESSION"] > 0)
1351	die("/* GOTMLS SESSION FAIL */\nif('undefined' != typeof stopCheckingSession && stopCheckingSession)\n\tclearTimeout(stopCheckingSession);\ndocument.getElementById('GOTMLS_patch_searching').innerHTML = '<div class=\"error\">".GOTMLS_strip4java(__("Your Server could not start a Session!",'gotmls'))."</div>';");
1352	else
1353	+ die("/* GOTMLS SESSION TEST */\nif('undefined' != typeof stopCheckingSession && stopCheckingSession)\n\tclearTimeout(stopCheckingSession);\nstopCheckingSession = checkupdateserver('".GOTMLS_script_URI."&SESSION=1');");
1354	}
1355	}
1356

1382	} else
1383	die("\n//Position Error: No new position to save!\n");
1384	update_option("GOTMLS_settings_array", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]);
1385	+ die(GOTMLS_html_tags(array("html" => array("body" => GOTMLS_htmlentities($_GET["GOTMLS_msg"]).' '.__("saved.",'gotmls').(implode($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"]) == implode($GLOBALS["GOTMLS"]["tmp"]["default"]["msg_position"])?"":' <a href="'.GOTMLS_admin_url('GOTMLS_position', GOTMLS_set_nonce(__FUNCTION__."1448").'&GOTMLS_msg='.rawurlencode($GLOBALS["GOTMLS_msg"])).'">['.$GLOBALS["GOTMLS_msg"].']</a>'))), $properties));
1386	} else
1387	die(GOTMLS_Invalid_Nonce("\n//Position Error: ")."\n");
1388	}

1524	}
1525	}
1526	$nonce = GOTMLS_set_nonce(__FUNCTION__."1588");
1527	+ die('<div id="check_site_warning" style="background-color: #F00;">'.sprintf(__("Because some changes were made we need to check to make sure it did not break your site. If this stays Red and the frame below does not load please <a %s>revert the changes</a> made during this automated fix process.",'gotmls'), 'href="'.GOTMLS_images_path.'?page=GOTMLS_View_Quarantine&'.$nonce.'"').' <span style="color: #F00;">'.__("Never mind, it worked!",'gotmls').'</span></div><br /><iframe id="test_frame" name="test_frame" src="'.GOTMLS_admin_url('GOTMLS_View_Quarantine', 'check_site=1&'.$nonce).'" style="width: 100%; height: 200px"></iframe>'.$li_js."/-->"."/\nalert_repaired(0);\n</script>\n$HTML[1]");
1528	} else
1529	die(GOTMLS_html_tags(array("html" => array("body" => "<script type=\"text/javascript\">\nwindow.parent.showhide('GOTMLS_iFrame', true);\nalert('".__("Nothing Selected to be Changed!",'gotmls')."');\n</script>".__("Done!",'gotmls')))));
1530	} else

1535	if (GOTMLS_get_nonce()) {
1536	@error_reporting(0);
1537	if (isset($_GET["GOTMLS_scan"])) {
1538	+ $script_form = GOTMLS_html_tags(array("script" => GOTMLS_js_text_range())).'<table style="top: 0px; left: 0px; width: 100%; height: 100%; position: absolute;"><tr><td style="width: 100%">';
1539	@set_time_limit($GLOBALS["GOTMLS"]["tmp"]['execution_time'] - 5);
1540	if (is_numeric($_GET["GOTMLS_scan"])) {
1541	if (($Q_post = GOTMLS_get_quarantine((INT) $_GET["GOTMLS_scan"])) && isset($Q_post["post_type"]) && strtolower($Q_post["post_type"]) == "gotmls_quarantine") {

readme.txt CHANGED Viewed

	@@ -5,10 +5,10 @@ Author URI: http://wordpress.ieonly.com/category/my-plugins/anti-malware/
5	Contributors: scheeeli, gotmls
6	Donate link: https://gotmls.net/donate/
7	Tags: security, firewall, anti-malware, scanner, automatic, repair, remove, malware, virus, threat, hacked, malicious, infection, timthumb, exploit, block, brute-force, wp-login, patch, antimalware, revslider, Revolution Slider
8	- Version: 4.20.96
9	- Stable tag: 4.20.96
10	Requires at least: 3.3
11	- Tested up to: 5.~~9.2~~
12
13	This Anti-Malware scanner searches for Malware, Viruses, and other security threats and vulnerabilities on your server and it helps you fix them.
14
	@@ -37,7 +37,8 @@ NOTICE: This plugin make call to GOTMLS.NET to check for updates not unlike what
37	* Jelena Kovacevic and Andrew Kurtis of webhostinghub.com for providing the Spanish translation.
38	* Marcelo Guernieri for the Brazilian Portuguese translation.
39	* Umut Can Alparslan for the Turkish translation.
40	- * Micha Cassola for the German translation.

41
42	== Installation ==
43
	@@ -93,6 +94,10 @@ sucuri.net caches their scan results and will not refresh the scan until you cli
93
94	== Changelog ==
95




96	= 4.20.96 =
97	* Fixed XSS vulnerability by removing unsanitized QUERY_STRING.
98	* Cleaned up Quarantine code, removing legacy functions and adding more detailed info.
	@@ -385,6 +390,9 @@ sucuri.net caches their scan results and will not refresh the scan until you cli
385
386	== Upgrade Notice ==
387



388	= 4.20.96 =
389	Fixed XSS vulnerability by removing unsanitized QUERY_STRING, cleaned up Quarantine code, and checked code for compatibility with WordPress 5.9.2.
390


5	Contributors: scheeeli, gotmls
6	Donate link: https://gotmls.net/donate/
7	Tags: security, firewall, anti-malware, scanner, automatic, repair, remove, malware, virus, threat, hacked, malicious, infection, timthumb, exploit, block, brute-force, wp-login, patch, antimalware, revslider, Revolution Slider
8	+ Version: 4.21.74
9	+ Stable tag: 4.21.74
10	Requires at least: 3.3
11	+ Tested up to: 6.0
12
13	This Anti-Malware scanner searches for Malware, Viruses, and other security threats and vulnerabilities on your server and it helps you fix them.
14

37	* Jelena Kovacevic and Andrew Kurtis of webhostinghub.com for providing the Spanish translation.
38	* Marcelo Guernieri for the Brazilian Portuguese translation.
39	* Umut Can Alparslan for the Turkish translation.
40	+ * [Micha Cassola](https://profiles.wordpress.org/michacassola/) for the German translation.
41	+ * [Robi Erwin Setiawan](https://profiles.wordpress.org/situstarget/) for the Indonesian translation.
42
43	== Installation ==
44

94
95	== Changelog ==
96
97	+ = 4.21.74 =
98	+ * Updated code with various minor improvements to efficiency and compatibility.
99	+ * Checked code for compatibility with WordPress 6.0.
100	+
101	= 4.20.96 =
102	* Fixed XSS vulnerability by removing unsanitized QUERY_STRING.
103	* Cleaned up Quarantine code, removing legacy functions and adding more detailed info.

390
391	== Upgrade Notice ==
392
393	+ = 4.21.74 =
394	+ Updated code with various minor improvements to efficiency and compatibility with WordPress 6.0.
395	+
396	= 4.20.96 =
397	Fixed XSS vulnerability by removing unsanitized QUERY_STRING, cleaned up Quarantine code, and checked code for compatibility with WordPress 5.9.2.
398

Anti-Malware Security and Brute-Force Firewall - Version 4.21.74

Version Description

Release Info

Code changes from version 4.20.96 to 4.21.74