Anti-Malware Security and Brute-Force Firewall

Version Description

Fixed XSS vulnerability on debug URLs introduced in the last release, thanks Erwan Le Rousseau.
Updated code with other various minor improvements bug fixed.
Checked code for compatibility with WordPress 6.0.1 and ClassicPress 1.4.2.

Release Info

Developer	scheeeli
Plugin	Anti-Malware Security and Brute-Force Firewall
Version	4.21.83
Comparing to
See all releases

Code changes from version 4.21.74 to 4.21.83

Files changed (5) hide show

images/index.php +131 -107
index.php +5 -5
readme.txt +11 -3
safe-load/index.php +13 -10
safe-load/wp-settings.php +74 -4

images/index.php CHANGED Viewed

	@@ -4,48 +4,52 @@
4	* @package GOTMLS
5	*/
6
7	- if (!function_exists("GOTMLS_define")) {
8	function GOTMLS_define($DEF, $val) {
9	if (!defined($DEF))
10	define($DEF, $val);
11	- }}
12
13	$file = basename(__FILE__);
14	GOTMLS_define("GOTMLS_local_images_path", substr(__FILE__, 0, strlen(__FILE__) - strlen($file)));
15	GOTMLS_define("GOTMLS_plugin_path", substr(dirname(__FILE__), 0, strlen(dirname(__FILE__)) - strlen(basename(dirname(__FILE__)))));
16	- ~~//if~~ (~~is_file(GOTMLS_plugin_path.$file)~~ ~~&& ($contents = @file_get_contents(GOTMLS_plugin_path.$file)) && preg_match(~~'~~/\nversion:\s*([0-9\.]+)/i~~'~~, $contents, $match~~))
17	- // GOTMLS_define("GOTMLS_Version", $match[1]);
18	- //else
19	- GOTMLS_define("GOTMLS_Version", '4.21.74');
20	GOTMLS_define("GOTMLS_require_version", "3.3");

21	if (!function_exists("__")) {
22	function __($text, $domain = "gotmls") {
23	return $text;
24	}}
25









26	function GOTMLS_get_version($which = "") {
27	global $wp_version;
28	- if (function_exists('classicpress_version')) {
29	- ~~GOTMLS_define~~("GOTMLS_wp_version", classicpress_version());
30	- $~~URL~~ = ~~'ver='.GOTMLS_Version.'&cp='.GOTMLS_wp_version;~~
31	- } ~~else~~ {
32	- if (~~isset~~($~~wp_version~~) && ($~~wp_version~~))
33	- $match = array("GOTMLS_wp_version", "w", "~~$wp_version~~");
34	- ~~elseif~~ (~~!(is_file(GOTMLS_plugin_path.$file) && ($contents = @file_get_contents(GOTMLS_plugin_path.$file)) && preg_match('/\n\$(c\|w)p_version\s=\s[\'~~"~~]([0-9\.]+)/i'~~, $~~contents, $~~match)))
35	- $match = array("GOTMLS_wp_version", "w", "Unknown");
36	- GOTMLS_define($match[0], $match[2]);
37	- $URL = 'ver='.GOTMLS_Version.'&'.$match[1].'p='.GOTMLS_wp_version;
38	- }
39	if ($which == "URL")
40	- return ~~$URL~~;
41	else
42	return GOTMLS_wp_version;
43	}
44
45	- function GOTMLS_htmlentities($TXT, $flags = ENT_COMPAT, $encoding = "~~UTF-8~~") {
46	$prelen = strlen($TXT);
47	if ($prelen == 0)
48	return "";


49	$encoded = htmlentities($TXT, $flags, $encoding);
50	if (strlen($encoded) == 0) {
51	$encoding = "ISO-8859-1";
	@@ -57,10 +61,12 @@ function GOTMLS_htmlentities($TXT, $flags = ENT_COMPAT, $encoding = "UTF-8") {
57	return $encoded;
58	}
59
60	- function GOTMLS_htmlspecialchars($TXT, $flags = ENT_COMPAT, $encoding = "~~UTF-8~~") {
61	$prelen = strlen($TXT);
62	if ($prelen == 0)
63	return "";


64	$encoded = htmlspecialchars($TXT, $flags, $encoding);
65	if (strlen($encoded) == 0) {
66	$encoding = "ISO-8859-1";
	@@ -72,6 +78,17 @@ function GOTMLS_htmlspecialchars($TXT, $flags = ENT_COMPAT, $encoding = "UTF-8")
72	return $encoded;
73	}
74











75	$bad = array("eval", "preg_replace", "auth_pass");
76	$GLOBALS["GOTMLS"] = array(
77	"MT" => microtime(true),
	@@ -86,13 +103,14 @@ $GLOBALS["GOTMLS"] = array(
86	"default" => array("msg_position" => array("80px", "40px", "400px", "600px")),
87	"Definition" => array("Default" => "CCIGG"),
88	"definitions_array" => array(
89	- "potential"=>array(
90	- $bad[0]=>array("CCIGG", "/[^a-z_\\/'\"]".$bad[0]."\$.+\$+\\s*;/i"),
91	- $bad[1]." /e"=>array("CCIGG", "/".$bad[1]."[\\s\$]+(['\"])([\\!\\/\\#\\\|\\@\\%\\^\\\\~]).+?\\2[imsx]e[imsx]\\1\\s*,[^,]+,[^\$]+[\\);\\s]+/i"),
92	- $bad[2]=>array("CCIGG", "/\\\$".$bad[2]."\\s*=.+;/i"),
93	- "function add_action wp_enqueue_script json2"=>array("CCIGG", "/json2\\.min\\.js/i"),
94	- "Tagged Code"=>array("CCIGG", "/\\#(\\w+)\\#.+?\\#\\/\\1\\#/is"),
95	- "protected by copyright"=>array("CCIGG", "/\\/\\* This file is protected by copyright law and provided under license. Reverse engineering of this file is strictly prohibited. \\*\\//i")),

96	)
97	)
98	);
	@@ -113,8 +131,17 @@ else
113	$GLOBALS["GOTMLS"]["tmp"]["protocol"] = "http:";
114	GOTMLS_define("GOTMLS_script_URI", preg_replace('/\&(last_)?mt=[0-9\.]+/i', '', str_replace('&', '&', GOTMLS_htmlspecialchars($_SERVER["REQUEST_URI"], ENT_QUOTES))).'&mt='.$GLOBALS["GOTMLS"]["tmp"]["mt"]);
115	GOTMLS_define("GOTMLS_plugin_home", "https://gotmls.net/");










116
117	- if (!function_exists("GOTMLS_encode")) {
118	function GOTMLS_encode($unencoded_string) {
119	if (function_exists("base64_encode"))
120	$encoded_string = base64_encode($unencoded_string);
	@@ -124,9 +151,8 @@ function GOTMLS_encode($unencoded_string) {
124	$encoded_string = "Cannot encode: $unencoded_string function_exists: ";
125	$encoded_array = explode("=", $encoded_string."=");
126	return strtr($encoded_array[0], "+/0", "-_=").(count($encoded_array)-1);
127	- }}
128
129	- if (!function_exists("GOTMLS_decode")) {
130	function GOTMLS_decode($encoded_string) {
131	$tail = 0;
132	if (strlen($encoded_string) > 1 && is_numeric(substr($encoded_string, -1)) && substr($encoded_string, -1) > 0)
	@@ -140,27 +166,7 @@ function GOTMLS_decode($encoded_string) {
140	return mb_convert_encoding($encoded_string, "UTF-8", "BASE64");
141	else
142	return "Cannot decode: $encoded_string";
143	- }}
144	-
145	- GOTMLS_define("GOTMLS_Failed_to_list_LANGUAGE", __("Failed to list files in directory!",'gotmls'));
146	- GOTMLS_define("GOTMLS_Run_Quick_Scan_LANGUAGE", __("Quick Scan",'gotmls'));
147	- GOTMLS_define("GOTMLS_View_Quarantine_LANGUAGE", __("View Quarantine",'gotmls'));
148	- GOTMLS_define("GOTMLS_View_Scan_Log_LANGUAGE", __("View Scan History",'gotmls'));
149	- GOTMLS_define("GOTMLS_require_version_LANGUAGE", sprintf(__("This Plugin requires WordPress version %s or higher",'gotmls'), GOTMLS_require_version));
150	- GOTMLS_define("GOTMLS_Scan_Settings_LANGUAGE", __("Scan Settings",'gotmls'));
151	- GOTMLS_define("GOTMLS_Loading_LANGUAGE", __("Loading, Please Wait ...",'gotmls'));
152	- GOTMLS_define("GOTMLS_Automatically_Fix_LANGUAGE", __("Automatically Fix SELECTED Files Now",'gotmls'));
153	-
154	- if (function_exists("plugins_url"))
155	- GOTMLS_define("GOTMLS_images_path", plugins_url('/', __FILE__));
156	- elseif (function_exists("plugin_dir_url"))
157	- GOTMLS_define("GOTMLS_images_path", plugin_dir_url(__FILE__));
158	- elseif (isset($_SERVER["DOCUMENT_ROOT"]) && ($_SERVER["DOCUMENT_ROOT"]) && strlen($_SERVER["DOCUMENT_ROOT"]) < __FILE__ && substr(__FILE__, 0, strlen($_SERVER["DOCUMENT_ROOT"])) == $_SERVER["DOCUMENT_ROOT"])
159	- GOTMLS_define("GOTMLS_images_path", substr(dirname(__FILE__), strlen($_SERVER["DOCUMENT_ROOT"])).'/');
160	- elseif (isset($_SERVER["SCRIPT_FILENAME"]) && isset($_SERVER["DOCUMENT_ROOT"]) && ($_SERVER["DOCUMENT_ROOT"]) && strlen($_SERVER["DOCUMENT_ROOT"]) < strlen($_SERVER["SCRIPT_FILENAME"]) && substr($_SERVER["SCRIPT_FILENAME"], 0, strlen($_SERVER["DOCUMENT_ROOT"])) == $_SERVER["DOCUMENT_ROOT"])
161	- GOTMLS_define("GOTMLS_images_path", substr(dirname($_SERVER["SCRIPT_FILENAME"]), strlen($_SERVER["DOCUMENT_ROOT"])).'/');
162	- else
163	- GOTMLS_define("GOTMLS_images_path", "/wp-content/plugins/gotmls/images/");
164
165	function GOTMLS_user_can() {
166	if (is_multisite())
	@@ -173,17 +179,6 @@ function GOTMLS_user_can() {
173	return false;
174	}
175
176	- if (!defined("ABSPATH")) {
177	- define("ABSPATH", dirname(dirname(__FILE__)).'/safe-load/');
178	- $root_path = dirname(ABSPATH);
179	- while (strlen($root_path) > 1 && !is_file($root_path."/wp-config.php"))
180	- $root_path = dirname($root_path);
181	- if (is_file($root_path."/wp-config.php"))
182	- include_once($root_path."/wp-config.php");
183	- else
184	- die("No wp-config!");
185	- }
186	-
187	function GOTMLS_update_option($index, $value = array()) {
188	return update_option('GOTMLS_'.$index.'_blob', GOTMLS_encode(serialize($value)));
189	}
	@@ -208,6 +203,7 @@ if (!(isset($GLOBALS["GOTMLS"]["log"]["settings"]) && is_array($GLOBALS["GOTMLS"
208	$GLOBALS["GOTMLS"]["log"]["settings"] = $GLOBALS["GOTMLS"]["tmp"]["settings_array"];
209	GOTMLS_define("GOTMLS_installation_key", md5(GOTMLS_siteurl));
210	GOTMLS_define("GOTMLS_update_home", "//updates.gotmls.net/".GOTMLS_installation_key."/");

211	function GOTMLS_get_corefile_URL($path, $hash) {
212	if (strpos($URL = GOTMLS_get_version("URL"), '&cp='))
213	//$hash != md5($contents)."O".strlen($contents)
	@@ -215,12 +211,11 @@ function GOTMLS_get_corefile_URL($path, $hash) {
215	else
216	return "http://core.svn.wordpress.org/tags/".GOTMLS_wp_version."$path";
217	}
218	- ~~if (!function_exists("GOTMLS_Invalid_Nonce")) {~~
219	function GOTMLS_Invalid_Nonce($pre = "//Error: ") {
220	return $pre.__("Invalid or expired Nonce Token!",'gotmls').(isset($_REQUEST["GOTMLS_mt"])?(" (".GOTMLS_htmlspecialchars($_REQUEST["GOTMLS_mt"]).((strlen($_REQUEST["GOTMLS_mt"]) == 32)?(isset($GLOBALS["GOTMLS"]["tmp"]["nonce"][$_REQUEST["GOTMLS_mt"]])?GOTMLS_htmlspecialchars($GLOBALS["GOTMLS"]["tmp"]["nonce"][$_REQUEST["GOTMLS_mt"]]):" !found)"):" !len[".strlen($_REQUEST["GOTMLS_mt"])."])")):" (GOTMLS_mt !set)").__("Refresh and try again?",'gotmls');
221	- }}
222
223	- if (!function_exists("GOTMLS_set_nonce")) {
224	function GOTMLS_set_nonce($context = "NULL") {
225	$hour = (int) round(round($GLOBALS["GOTMLS"]["tmp"]["mt"]/60)/60);
226	$transient_name = md5(substr(number_format(microtime(true), 9, '-', '/'), 6).GOTMLS_installation_key.GOTMLS_plugin_path);
	@@ -238,9 +233,8 @@ function GOTMLS_set_nonce($context = "NULL") {
238	return (GOTMLS_sanitize($context)."=DB-err:".rawurlencode(preg_replace('/[\r\n]+/', " ", print_r($GLOBALS["GOTMLS"]["tmp"]["nonce"],1).$wpdb->last_error)));
239	}
240	return 'GOTMLS_mt='.rawurlencode($transient_name);
241	- }}
242
243	- if (!function_exists("GOTMLS_get_nonce")) {
244	function GOTMLS_get_nonce() {
245	if (isset($_REQUEST["GOTMLS_mt"])) {
246	if (is_array($_REQUEST["GOTMLS_mt"])) {
	@@ -254,7 +248,7 @@ function GOTMLS_get_nonce() {
254	return "";
255	} else
256	return false;
257	- }}
258
259	function GOTMLS_fileperms($file) {
260	if ($prm = @fileperms($file)) {
	@@ -289,16 +283,29 @@ function GOTMLS_file_details($file) {
289	return '<div id="file_details_'.md5($file).'" class="shadowed-box rounded-corners" style="display: none; position: absolute; left: 8px; top: 29px; background-color: #ccc; border: medium solid #C00; box-shadow: -3px 3px 3px #666; border-radius: 10px; padding: 10px;"><b>File Details: '.GOTMLS_htmlspecialchars(basename($file)).'</b><br />in: '.dirname(realpath($file)).'<br />size: '.filesize(realpath($file)).' ( '.ceil(strlen(GOTMLS_htmlspecialchars($GLOBALS["GOTMLS"]["tmp"]["file_contents"]))/1024).' KB )<br />encoding: '.(isset($GLOBALS["GOTMLS"]["tmp"]["encoding"])?$GLOBALS["GOTMLS"]["tmp"]["encoding"]:(function_exists("mb_detect_encoding")?mb_detect_encoding($GLOBALS["GOTMLS"]["tmp"]["file_contents"]):"Unknown")).'<br />permissions: '.GOTMLS_fileperms(realpath($file)).'<br />Owner/Group: '.fileowner(realpath($file)).'/'.filegroup(realpath($file)).' (you are: '.getmyuid().'/'.getmygid().')<br />modified:'.gmdate(" Y-m-d H:i:s ", filemtime(realpath($file))).'<br />changed:'.gmdate(" Y-m-d H:i:s ", filectime(realpath($file))).'</div>';
290	}
291
292	- function ~~GOTMLS_admin_url~~($~~action, $~~url ~~= ''~~) {
293	- if (~~function_exists(~~"~~admin_url~~"))
294	- $return ~~= admin_url(~~"~~admin-ajax.php?action=~~"~~.rawurldecode($action))~~;
295	- ~~else~~ {
296	- $~~return~~ = ~~"../../../../wp-admin/admin-ajax.php?action=".rawurldecode~~($~~action~~);








297	}





298	foreach (array('eli', 'GOTMLS_debug') as $pass_on)
299	if (isset($_GET["$pass_on"]))
300	- $return .= "&$pass_on=".~~rawurldecode~~($_GET["$pass_on"]);
301	- return "$return&$url";
302	}
303
304	function GOTMLS_close_button($box_id, $margin = '6px') {
	@@ -710,7 +717,7 @@ function GOTMLS_threats_found_meta($Q_post = array()) {
710	if (is_array($my_query) && count($my_query)) {
711	$f = 1;
712	foreach ($my_query as $rec) {
713	- if (isset($rec["Threat"]) && is_array($Threat = ~~maybe_unserialize~~($rec["Threat"])) && isset($Threat["DefVer"]) && isset($Threat["SubPos"])) {
714	$ends = explode("-", $Threat["SubPos"]."--", 3);
715	if (strlen($ends[0]) > 0 && strlen($ends[1]) > 0 && is_numeric($ends[1]) && is_numeric($ends[0])) {
716	if ($ends[1] < $ends[0])
	@@ -729,7 +736,8 @@ function GOTMLS_threats_found_meta($Q_post = array()) {
729	if ($ends[1] < $ends[0])
730	$ends = array_reverse($ends);
731	$fa .= $lt.'a title="'.GOTMLS_htmlspecialchars($threats_name).'" href="javascript:select_text_range(\'ta_file\', '.$ends[0].', '.$ends[1].');"'.$gt.'['.$f++."]$lt/a$gt ";
732	- ~~add_post_meta($pID,~~ ~~'GOTMLS_threats_found', array~~("~~SubPos~~" ~~=> $ends[0]."-".$ends[1], "DefVer" => GOTMLS_threats_ver($threats_name~~)));

733	} else {
734	if (is_numeric($threats_found)) {
735	$threats_found = $threats_name;
	@@ -741,7 +749,8 @@ function GOTMLS_threats_found_meta($Q_post = array()) {
741	while (($fpos = strpos($GLOBALS["GOTMLS"]["tmp"]["file_contents"], ($potential_threat), $flen + $fpos)) !== false) {
742	$flen = strlen($potential_threat);
743	$fa .= $lt.'a title="'.GOTMLS_htmlspecialchars($threats_name).'" href="javascript:select_text_range(\'ta_file\', '.($fpos).', '.($fpos + $flen).');"'.$gt.'['.$f++."]$lt/a$gt ";
744	- ~~add_post_meta($pID,~~ ~~'GOTMLS_threats_found', serialize~~(~~array~~("~~SubPos~~" ~~=> $fpos."-".($fpos + $flen~~)~~, "DefVer" => GOTMLS_threats_ver($threats_name~~)~~)));~~

745	}
746	}
747	}
	@@ -869,7 +878,7 @@ if ((isset($_SERVER["DOCUMENT_ROOT"]) && ($SCRIPT_FILE = str_replace($_SERVER["D
869	$GLOBALS["GOTMLS"]["Quarantine"]["SQL"] .= $wpdb->prepare(" LIMIT %d,%d", (INT) (($GLOBALS["GOTMLS"]["Quarantine"]["paged"] - 1) * $GLOBALS["GOTMLS"]["Quarantine"]["posts_per_page"]), (INT) $GLOBALS["GOTMLS"]["Quarantine"]["posts_per_page"]);
870	$my_query = $wpdb->get_results("SELECT * ".$GLOBALS["GOTMLS"]["Quarantine"]["SQL"], ARRAY_A);
871	if (is_array($my_query) && count($my_query)) {
872	- $Q_Page = $paged.'<form method="POST" action="?page=GOTMLS_View_Quarantine~~'/.(isset($_SERVER[~~"~~QUERY_STRING"])&&strlen($_SERVER["QUERY_STRING"])?"&".$_SERVER["QUERY_STRING"]:"")/.'"~~ name="GOTMLS_Form_clean"><input type="hidden" name="'.str_replace('=', '" value="', GOTMLS_set_nonce(__FUNCTION__."~~770~~")).'"><p id="quarantine_buttons" style="display: none;"><input id="repair_button" type="submit" value="Restore selected files" class="button-primary" style="background-color: #0C0;" onclick="return confirm(\'Are you sure you want to overwrite the previously cleaned files with the selected files in the Quarantine?\');" /></p><p><b>The following items have been found to contain malicious code, they have been cleaned, and the original infected file contents have been saved here in the Quarantine. The code is safe here and you do not need to do anything further with these files.</b></p>
873	<ul name="found_Quarantine" id="found_Quarantine" class="GOTMLS_plugin known" style="background-color: #ccc; padding: 0;"><h3 style="margin: 8px 12px;">'.(count($my_query)>1?'<input type="checkbox" onchange="checkAllFiles(this.checked); document.getElementById(\'quarantine_buttons\').style.display = \'block\';"> '.sprintf(__("Check all %d",'gotmls'),count($my_query)):"").__(" Items in Quarantine",'gotmls').'<span class="GOTMLS_date">'.__("Quarantined",'gotmls').'</span><span class="GOTMLS_date">'.__("Date Infected",'gotmls').'</span></h3>';
874	$root_path = implode(GOTMLS_slash(), array_slice(GOTMLS_explode_dir(__FILE__), 0, (2 + intval($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"])) * -1));
875	foreach ($my_query as $post_a) {
	@@ -1018,8 +1027,8 @@ function GOTMLS_loaded() {
1018	$GLOBALS["GOTMLS"]["tmp"]["HeadersError"] = '<div class="error">'.sprintf(__('<b>Headers already sent</b> in %1$s on line %2$s.<br />This is not a good sign, it may just be a poorly written plugin but Headers should not have been sent at this point.<br />Check the code in the above mentioned file to fix this problem.','gotmls'), $filename, $linenum).'</div>';
1019	} elseif (isset($_GET["SESSION"]) && !session_id()) {
1020	@session_start();
1021	- if (session_id() && $_GET["SESSION"] == "GOTMLS_debug" && !isset($_SESSION["GOTMLS_debug"]))
1022	- $_SESSION["GOTMLS_debug"]=array();
1023	}
1024	}
1025	add_action("plugins_loaded", "GOTMLS_loaded");
	@@ -1035,7 +1044,7 @@ function GOTMLS_get_ext($filename) {
1035	}
1036
1037	function GOTMLS_preg_match_all($threat_definition, $threat_name) {
1038	- if (@preg_match_all($threat_definition, $GLOBALS["GOTMLS"]["tmp"]["file_contents"], $threats_found)) {
1039	$start = -1;
1040	if (!@preg_match_all($threat_definition, $GLOBALS["GOTMLS"]["tmp"]["new_contents"], $threat_found)) {
1041	$new_contents = $GLOBALS["GOTMLS"]["tmp"]["new_contents"];
	@@ -1053,16 +1062,25 @@ function GOTMLS_preg_match_all($threat_definition, $threat_name) {
1053	$GLOBALS["GOTMLS"]["tmp"]["new_contents"] = $new_contents;
1054	return count($GLOBALS["GOTMLS"]["tmp"]["threats_found"]);
1055	} else
1056	- return ~~false~~;








1057	}
1058
1059	function GOTMLS_check_threat($check_threats, $file='UNKNOWN') {
1060	$GLOBALS["GOTMLS"]["tmp"]["threats_found"] = array();
1061	$GLOBALS["GOTMLS"]["log"]["scan"]["last_threat"] = microtime(true);

1062	if (is_array($check_threats)) {
1063	$path = str_replace("//", "/", "/".str_replace("\\", "/", substr($file, strlen(ABSPATH))));
1064	if (substr($file, 0, strlen(ABSPATH)) == ABSPATH && isset($check_threats[GOTMLS_wp_version]["$path"])) {
1065	- if (($check_threats[GOTMLS_wp_version]["$path"] != ~~md5(~~$~~GLOBALS["GOTMLS"]["tmp"]["file_contents"]~~)~~."O".strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]))~~ && ($source = GOTMLS_get_URL(GOTMLS_get_corefile_URL("$path", $check_threats[GOTMLS_wp_version]["$path"]))) && ($check_threats[GOTMLS_wp_version]["$path"] == md5($source)."O".strlen($source))) {
1066	$GLOBALS["GOTMLS"]["tmp"]["new_contents"] = $source;
1067	$len = strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]);
1068	if (strlen($source) < $len)
	@@ -1078,39 +1096,45 @@ function GOTMLS_check_threat($check_threats, $file='UNKNOWN') {
1078	} else {
1079	foreach ($check_threats as $threat_name=>$threat_definitions) {
1080	$GLOBALS["GOTMLS"]["log"]["scan"]["last_threat"] = microtime(true);
1081	- if (is_array($threat_definitions) && count($threat_definitions) > 1 && strlen(array_shift($threat_definitions)) == 5 && (!(isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"]) && in_array($threat_name, $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"]))))
1082	- while ($threat_definition = array_shift($threat_definitions))
1083	- GOTMLS_preg_match_all($threat_definition, $threat_name);
1084	- if (~~isset~~($~~_SESSION["GOTMLS_debug"]~~)) {
1085	- $~~_SESSION~~["~~GOTMLS_debug~~"]["~~threat_name~~"] = $~~threat_name~~;
1086	- ~~$file_time = round(microtime(true) - $GLOBALS["GOTMLS"]["log"]["scan"]["last_threat"], 5);~~
1087	- if (isset($~~_GET~~["GOTMLS_debug"]) ~~&& is_numeric($_GET["GOTMLS_debug"]~~) ~~&& $file_time > $_GET["GOTMLS_debug"])~~
1088	- ~~echo~~ "~~\n//~~GOTMLS_debug ~~$file_time~~ $threat_name $~~file\n~~";
1089	- if (~~isset~~($~~_SESSION~~["~~GOTMLS_debug~~"][~~$_SESSION[~~"~~GOTMLS_debug~~"]["~~threat_name~~"]]["~~total~~"]))
1090	- $~~_SESSION~~["GOTMLS_debug"][$~~_SESSION~~["GOTMLS_debug"]["~~threat_name~~"]~~]["total"] += $file_time;~~
1091	- ~~else~~
1092	- $~~_SESSION~~["~~GOTMLS_debug~~"][~~$_SESSION~~["~~GOTMLS_debug~~"]["~~threat_name~~"]]["~~total~~"] ~~= $file_time;~~
1093	- ~~if (isset(~~$_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["~~count~~"]))
1094	- $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["~~count~~"] ~~++;~~
1095	- ~~else~~
1096	- ~~$_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["count"] = 1;~~
1097	- ~~if (!isset(~~$_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["~~least~~"]) \|\| $file_time ~~< $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["least"])~~
1098	- $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["~~least~~"] ~~= $file_time;~~
1099	- ~~if (!isset(~~$_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["~~most~~"]~~) \|\| $file_time > $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["most"])~~
1100	- ~~$_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["most"] = $file_time;~~






1101	}
1102	}
1103	}
1104	} elseif (strlen($check_threats) && isset($_GET['eli']) && GOTMLS_verify_regex($check_threats))
1105	GOTMLS_preg_match_all($check_threats, $check_threats);
1106	if (isset($_SESSION["GOTMLS_debug"])) {
1107	- $file_time = ~~round~~(microtime(true) - $GLOBALS["GOTMLS"]["log"]["scan"]["last_threat"]~~, 5~~);
1108	if (isset($_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_level"]]["total"]))
1109	- $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_level"]]["total"] += $file_time;
1110	else
1111	$_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_level"]]["total"] = $file_time;
1112	if (isset($_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_level"]]["count"]))
1113	- $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_level"]]["count"] ++;
1114	else
1115	$_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_level"]]["count"] = 1;
1116	if (!isset($_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_level"]]["least"]) \|\| $file_time < $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_level"]]["least"])


4	* @package GOTMLS
5	*/
6

7	function GOTMLS_define($DEF, $val) {
8	if (!defined($DEF))
9	define($DEF, $val);
10	+ }
11
12	$file = basename(__FILE__);
13	GOTMLS_define("GOTMLS_local_images_path", substr(__FILE__, 0, strlen(__FILE__) - strlen($file)));
14	GOTMLS_define("GOTMLS_plugin_path", substr(dirname(__FILE__), 0, strlen(dirname(__FILE__)) - strlen(basename(dirname(__FILE__)))));
15	+ GOTMLS_define("GOTMLS_Version", '4.21.83');



16	GOTMLS_define("GOTMLS_require_version", "3.3");
17	+
18	if (!function_exists("__")) {
19	function __($text, $domain = "gotmls") {
20	return $text;
21	}}
22
23	+ GOTMLS_define("GOTMLS_Failed_to_list_LANGUAGE", __("Failed to list files in directory!",'gotmls'));
24	+ GOTMLS_define("GOTMLS_Run_Quick_Scan_LANGUAGE", __("Quick Scan",'gotmls'));
25	+ GOTMLS_define("GOTMLS_View_Quarantine_LANGUAGE", __("View Quarantine",'gotmls'));
26	+ GOTMLS_define("GOTMLS_View_Scan_Log_LANGUAGE", __("View Scan History",'gotmls'));
27	+ GOTMLS_define("GOTMLS_require_version_LANGUAGE", sprintf(__("This Plugin requires WordPress version %s or higher",'gotmls'), GOTMLS_require_version));
28	+ GOTMLS_define("GOTMLS_Scan_Settings_LANGUAGE", __("Scan Settings",'gotmls'));
29	+ GOTMLS_define("GOTMLS_Loading_LANGUAGE", __("Loading, Please Wait ...",'gotmls'));
30	+ GOTMLS_define("GOTMLS_Automatically_Fix_LANGUAGE", __("Automatically Fix SELECTED Files Now",'gotmls'));
31	+
32	function GOTMLS_get_version($which = "") {
33	global $wp_version;
34	+ if (function_exists('classicpress_version'))
35	+ $match = array("GOTMLS_wp_version", "c", classicpress_version());
36	+ elseif (isset($wp_version) && ($wp_version))
37	+ $match = array("GOTMLS_wp_version", "w", "$wp_version");
38	+ elseif (!(is_file($file = ABSPATH."wp-includes/version.php") && ($contents = @file_get_contents($file)) && preg_match('/\n\$(c\|w)p_version\s=\s[\'"]([0-9\.]+)/i', $contents, $match)))
39	+ $match = array("GOTMLS_wp_version", "w", "Unknown");
40	+ GOTMLS_define("GOTMLS_wp_version", $match[2]);




41	if ($which == "URL")
42	+ return 'ver='.GOTMLS_Version.'&'.$match[1].'p='.GOTMLS_wp_version;
43	else
44	return GOTMLS_wp_version;
45	}
46
47	+ function GOTMLS_htmlentities($TXT, $flags = ENT_COMPAT, $encoding = "ASCII") {
48	$prelen = strlen($TXT);
49	if ($prelen == 0)
50	return "";
51	+ if ($encoding == "ASCII")
52	+ $encoding = "UTF-8";
53	$encoded = htmlentities($TXT, $flags, $encoding);
54	if (strlen($encoded) == 0) {
55	$encoding = "ISO-8859-1";

61	return $encoded;
62	}
63
64	+ function GOTMLS_htmlspecialchars($TXT, $flags = ENT_COMPAT, $encoding = "ASCII") {
65	$prelen = strlen($TXT);
66	if ($prelen == 0)
67	return "";
68	+ if ($encoding == "ASCII")
69	+ $encoding = "UTF-8";
70	$encoded = htmlspecialchars($TXT, $flags, $encoding);
71	if (strlen($encoded) == 0) {
72	$encoding = "ISO-8859-1";

78	return $encoded;
79	}
80
81	+ if (!defined("ABSPATH")) {
82	+ define("ABSPATH", dirname(dirname(__FILE__)).'/safe-load/');
83	+ $root_path = dirname(ABSPATH);
84	+ while (strlen($root_path) > 1 && !is_file($root_path."/wp-config.php"))
85	+ $root_path = dirname($root_path);
86	+ if (is_file($root_path."/wp-config.php"))
87	+ include_once($root_path."/wp-config.php");
88	+ else
89	+ die("No wp-config!");
90	+ }
91	+
92	$bad = array("eval", "preg_replace", "auth_pass");
93	$GLOBALS["GOTMLS"] = array(
94	"MT" => microtime(true),

103	"default" => array("msg_position" => array("80px", "40px", "400px", "600px")),
104	"Definition" => array("Default" => "CCIGG"),
105	"definitions_array" => array(
106	+ "potential" => array(
107	+ $bad[0] => array("CCIGG", "/[^a-z_\\/'\"]".$bad[0]."\$.+\$+\\s*;/i"),
108	+ $bad[1]." /e" => array("CCIGG", "/".$bad[1]."[\\s\$]+(['\"])([\\!\\/\\#\\\|\\@\\%\\^\\\\~]).+?\\2[imsx]e[imsx]\\1\\s*,[^,]+,[^\$]+[\\);\\s]+/i"),
109	+ $bad[2] => array("CCIGG", "/\\\$".$bad[2]."\\s*=.+;/i"),
110	+ "function add_action wp_enqueue_script json2" => array("CCIGG", "/json2\\.min\\.js/i"),
111	+ "Tagged Code" => array("CCIGG", "/\\#(\\w+)\\#.+?\\#\\/\\1\\#/is"),
112	+ "protected by copyright" => array("CCIGG", "/\\/\\* This file is protected by copyright law and provided under license. Reverse engineering of this file is strictly prohibited. \\*\\//i")
113	+ )
114	)
115	)
116	);

131	$GLOBALS["GOTMLS"]["tmp"]["protocol"] = "http:";
132	GOTMLS_define("GOTMLS_script_URI", preg_replace('/\&(last_)?mt=[0-9\.]+/i', '', str_replace('&', '&', GOTMLS_htmlspecialchars($_SERVER["REQUEST_URI"], ENT_QUOTES))).'&mt='.$GLOBALS["GOTMLS"]["tmp"]["mt"]);
133	GOTMLS_define("GOTMLS_plugin_home", "https://gotmls.net/");
134	+ if (function_exists("plugins_url"))
135	+ GOTMLS_define("GOTMLS_images_path", plugins_url('/', __FILE__));
136	+ elseif (function_exists("plugin_dir_url"))
137	+ GOTMLS_define("GOTMLS_images_path", plugin_dir_url(__FILE__));
138	+ elseif (isset($_SERVER["DOCUMENT_ROOT"]) && ($_SERVER["DOCUMENT_ROOT"]) && strlen($_SERVER["DOCUMENT_ROOT"]) < __FILE__ && substr(__FILE__, 0, strlen($_SERVER["DOCUMENT_ROOT"])) == $_SERVER["DOCUMENT_ROOT"])
139	+ GOTMLS_define("GOTMLS_images_path", substr(dirname(__FILE__), strlen($_SERVER["DOCUMENT_ROOT"])).'/');
140	+ elseif (isset($_SERVER["SCRIPT_FILENAME"]) && isset($_SERVER["DOCUMENT_ROOT"]) && ($_SERVER["DOCUMENT_ROOT"]) && strlen($_SERVER["DOCUMENT_ROOT"]) < strlen($_SERVER["SCRIPT_FILENAME"]) && substr($_SERVER["SCRIPT_FILENAME"], 0, strlen($_SERVER["DOCUMENT_ROOT"])) == $_SERVER["DOCUMENT_ROOT"])
141	+ GOTMLS_define("GOTMLS_images_path", substr(dirname($_SERVER["SCRIPT_FILENAME"]), strlen($_SERVER["DOCUMENT_ROOT"])).'/');
142	+ else
143	+ GOTMLS_define("GOTMLS_images_path", "/wp-content/plugins/gotmls/images/");
144

145	function GOTMLS_encode($unencoded_string) {
146	if (function_exists("base64_encode"))
147	$encoded_string = base64_encode($unencoded_string);

151	$encoded_string = "Cannot encode: $unencoded_string function_exists: ";
152	$encoded_array = explode("=", $encoded_string."=");
153	return strtr($encoded_array[0], "+/0", "-_=").(count($encoded_array)-1);
154	+ }
155

156	function GOTMLS_decode($encoded_string) {
157	$tail = 0;
158	if (strlen($encoded_string) > 1 && is_numeric(substr($encoded_string, -1)) && substr($encoded_string, -1) > 0)

166	return mb_convert_encoding($encoded_string, "UTF-8", "BASE64");
167	else
168	return "Cannot decode: $encoded_string";
169	+ }




















170
171	function GOTMLS_user_can() {
172	if (is_multisite())

179	return false;
180	}
181











182	function GOTMLS_update_option($index, $value = array()) {
183	return update_option('GOTMLS_'.$index.'_blob', GOTMLS_encode(serialize($value)));
184	}

203	$GLOBALS["GOTMLS"]["log"]["settings"] = $GLOBALS["GOTMLS"]["tmp"]["settings_array"];
204	GOTMLS_define("GOTMLS_installation_key", md5(GOTMLS_siteurl));
205	GOTMLS_define("GOTMLS_update_home", "//updates.gotmls.net/".GOTMLS_installation_key."/");
206	+
207	function GOTMLS_get_corefile_URL($path, $hash) {
208	if (strpos($URL = GOTMLS_get_version("URL"), '&cp='))
209	//$hash != md5($contents)."O".strlen($contents)

211	else
212	return "http://core.svn.wordpress.org/tags/".GOTMLS_wp_version."$path";
213	}
214	+
215	function GOTMLS_Invalid_Nonce($pre = "//Error: ") {
216	return $pre.__("Invalid or expired Nonce Token!",'gotmls').(isset($_REQUEST["GOTMLS_mt"])?(" (".GOTMLS_htmlspecialchars($_REQUEST["GOTMLS_mt"]).((strlen($_REQUEST["GOTMLS_mt"]) == 32)?(isset($GLOBALS["GOTMLS"]["tmp"]["nonce"][$_REQUEST["GOTMLS_mt"]])?GOTMLS_htmlspecialchars($GLOBALS["GOTMLS"]["tmp"]["nonce"][$_REQUEST["GOTMLS_mt"]]):" !found)"):" !len[".strlen($_REQUEST["GOTMLS_mt"])."])")):" (GOTMLS_mt !set)").__("Refresh and try again?",'gotmls');
217	+ }
218

219	function GOTMLS_set_nonce($context = "NULL") {
220	$hour = (int) round(round($GLOBALS["GOTMLS"]["tmp"]["mt"]/60)/60);
221	$transient_name = md5(substr(number_format(microtime(true), 9, '-', '/'), 6).GOTMLS_installation_key.GOTMLS_plugin_path);

233	return (GOTMLS_sanitize($context)."=DB-err:".rawurlencode(preg_replace('/[\r\n]+/', " ", print_r($GLOBALS["GOTMLS"]["tmp"]["nonce"],1).$wpdb->last_error)));
234	}
235	return 'GOTMLS_mt='.rawurlencode($transient_name);
236	+ }
237

238	function GOTMLS_get_nonce() {
239	if (isset($_REQUEST["GOTMLS_mt"])) {
240	if (is_array($_REQUEST["GOTMLS_mt"])) {

248	return "";
249	} else
250	return false;
251	+ }
252
253	function GOTMLS_fileperms($file) {
254	if ($prm = @fileperms($file)) {

283	return '<div id="file_details_'.md5($file).'" class="shadowed-box rounded-corners" style="display: none; position: absolute; left: 8px; top: 29px; background-color: #ccc; border: medium solid #C00; box-shadow: -3px 3px 3px #666; border-radius: 10px; padding: 10px;"><b>File Details: '.GOTMLS_htmlspecialchars(basename($file)).'</b><br />in: '.dirname(realpath($file)).'<br />size: '.filesize(realpath($file)).' ( '.ceil(strlen(GOTMLS_htmlspecialchars($GLOBALS["GOTMLS"]["tmp"]["file_contents"]))/1024).' KB )<br />encoding: '.(isset($GLOBALS["GOTMLS"]["tmp"]["encoding"])?$GLOBALS["GOTMLS"]["tmp"]["encoding"]:(function_exists("mb_detect_encoding")?mb_detect_encoding($GLOBALS["GOTMLS"]["tmp"]["file_contents"]):"Unknown")).'<br />permissions: '.GOTMLS_fileperms(realpath($file)).'<br />Owner/Group: '.fileowner(realpath($file)).'/'.filegroup(realpath($file)).' (you are: '.getmyuid().'/'.getmygid().')<br />modified:'.gmdate(" Y-m-d H:i:s ", filemtime(realpath($file))).'<br />changed:'.gmdate(" Y-m-d H:i:s ", filectime(realpath($file))).'</div>';
284	}
285
286	+ function GOTMLS_esc_url($url) {
287	+ if ("" === trim($url))
288	+ return "";
289	+ $original_url = $url;
290	+ $url = str_replace(' ', '%20', ltrim($url));
291	+ $url = preg_replace('\|[^a-z0-9-~+_.?#=!&;,/:%@$\\|*\'()\[\]\\x80-\\xff]\|i', '', $url);
292	+ $url = wp_kses_normalize_entities($url);
293	+ $url = str_replace('&', '&', $url);
294	+ $url = str_replace("'", ''', $url);
295	+ if ((false !== strpos($url, '[')) \|\| (false !== strpos($url, ']'))) {
296	+ $end_dirty = preg_replace('/^([fhtps]+\:)?\/\/([^\@]+\@)*[^\/]++/i', '', $url);
297	+ $end_clean = str_replace(array('[', ']'), array('%5B', '%5D'), $end_dirty);
298	+ $url = str_replace($end_dirty, $end_clean, $url);
299	}
300	+ return $url;
301	+ }
302	+
303	+ function GOTMLS_admin_url($action, $url = '') {
304	+ $return = admin_url("admin-ajax.php?action=$action");
305	foreach (array('eli', 'GOTMLS_debug') as $pass_on)
306	if (isset($_GET["$pass_on"]))
307	+ $return .= "&$pass_on=".GOTMLS_esc_url($_GET["$pass_on"]);
308	+ return ("$return&$url");
309	}
310
311	function GOTMLS_close_button($box_id, $margin = '6px') {

717	if (is_array($my_query) && count($my_query)) {
718	$f = 1;
719	foreach ($my_query as $rec) {
720	+ if (isset($rec["Threat"]) && is_string($rec["Threat"]) && is_array($Threat = @unserialize($rec["Threat"])) && isset($Threat["DefVer"]) && isset($Threat["SubPos"])) {
721	$ends = explode("-", $Threat["SubPos"]."--", 3);
722	if (strlen($ends[0]) > 0 && strlen($ends[1]) > 0 && is_numeric($ends[1]) && is_numeric($ends[0])) {
723	if ($ends[1] < $ends[0])

736	if ($ends[1] < $ends[0])
737	$ends = array_reverse($ends);
738	$fa .= $lt.'a title="'.GOTMLS_htmlspecialchars($threats_name).'" href="javascript:select_text_range(\'ta_file\', '.$ends[0].', '.$ends[1].');"'.$gt.'['.$f++."]$lt/a$gt ";
739	+ if (function_exists("add_post_meta"))
740	+ add_post_meta($pID, 'GOTMLS_threats_found', array("SubPos" => $ends[0]."-".$ends[1], "DefVer" => GOTMLS_threats_ver($threats_name)));
741	} else {
742	if (is_numeric($threats_found)) {
743	$threats_found = $threats_name;

749	while (($fpos = strpos($GLOBALS["GOTMLS"]["tmp"]["file_contents"], ($potential_threat), $flen + $fpos)) !== false) {
750	$flen = strlen($potential_threat);
751	$fa .= $lt.'a title="'.GOTMLS_htmlspecialchars($threats_name).'" href="javascript:select_text_range(\'ta_file\', '.($fpos).', '.($fpos + $flen).');"'.$gt.'['.$f++."]$lt/a$gt ";
752	+ if (function_exists("add_post_meta"))
753	+ add_post_meta($pID, 'GOTMLS_threats_found', serialize(array("SubPos" => $fpos."-".($fpos + $flen), "DefVer" => GOTMLS_threats_ver($threats_name))));
754	}
755	}
756	}

878	$GLOBALS["GOTMLS"]["Quarantine"]["SQL"] .= $wpdb->prepare(" LIMIT %d,%d", (INT) (($GLOBALS["GOTMLS"]["Quarantine"]["paged"] - 1) * $GLOBALS["GOTMLS"]["Quarantine"]["posts_per_page"]), (INT) $GLOBALS["GOTMLS"]["Quarantine"]["posts_per_page"]);
879	$my_query = $wpdb->get_results("SELECT * ".$GLOBALS["GOTMLS"]["Quarantine"]["SQL"], ARRAY_A);
880	if (is_array($my_query) && count($my_query)) {
881	+ $Q_Page = $paged.'<form method="POST" action="?page=GOTMLS_View_Quarantine" name="GOTMLS_Form_clean"><input type="hidden" name="'.str_replace('=', '" value="', GOTMLS_set_nonce(__FUNCTION__."888")).'"><p id="quarantine_buttons" style="display: none;"><input id="repair_button" type="submit" value="Restore selected files" class="button-primary" style="background-color: #0C0;" onclick="return confirm(\'Are you sure you want to overwrite the previously cleaned files with the selected files in the Quarantine?\');" /></p><p><b>The following items have been found to contain malicious code, they have been cleaned, and the original infected file contents have been saved here in the Quarantine. The code is safe here and you do not need to do anything further with these files.</b></p>
882	<ul name="found_Quarantine" id="found_Quarantine" class="GOTMLS_plugin known" style="background-color: #ccc; padding: 0;"><h3 style="margin: 8px 12px;">'.(count($my_query)>1?'<input type="checkbox" onchange="checkAllFiles(this.checked); document.getElementById(\'quarantine_buttons\').style.display = \'block\';"> '.sprintf(__("Check all %d",'gotmls'),count($my_query)):"").__(" Items in Quarantine",'gotmls').'<span class="GOTMLS_date">'.__("Quarantined",'gotmls').'</span><span class="GOTMLS_date">'.__("Date Infected",'gotmls').'</span></h3>';
883	$root_path = implode(GOTMLS_slash(), array_slice(GOTMLS_explode_dir(__FILE__), 0, (2 + intval($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"])) * -1));
884	foreach ($my_query as $post_a) {

1027	$GLOBALS["GOTMLS"]["tmp"]["HeadersError"] = '<div class="error">'.sprintf(__('<b>Headers already sent</b> in %1$s on line %2$s.<br />This is not a good sign, it may just be a poorly written plugin but Headers should not have been sent at this point.<br />Check the code in the above mentioned file to fix this problem.','gotmls'), $filename, $linenum).'</div>';
1028	} elseif (isset($_GET["SESSION"]) && !session_id()) {
1029	@session_start();
1030	+ if (session_id() && $_GET["SESSION"] == "GOTMLS_debug" && ((isset($_GET["GOTMLS_debug"]) && "SESSION" == $_GET["GOTMLS_debug"]) \|\| !isset($_SESSION["GOTMLS_debug"])))
1031	+ $_SESSION["GOTMLS_debug"] = array();
1032	}
1033	}
1034	add_action("plugins_loaded", "GOTMLS_loaded");

1044	}
1045
1046	function GOTMLS_preg_match_all($threat_definition, $threat_name) {
1047	+ if ($match = @preg_match_all($threat_definition, $GLOBALS["GOTMLS"]["tmp"]["file_contents"], $threats_found)) {
1048	$start = -1;
1049	if (!@preg_match_all($threat_definition, $GLOBALS["GOTMLS"]["tmp"]["new_contents"], $threat_found)) {
1050	$new_contents = $GLOBALS["GOTMLS"]["tmp"]["new_contents"];

1062	$GLOBALS["GOTMLS"]["tmp"]["new_contents"] = $new_contents;
1063	return count($GLOBALS["GOTMLS"]["tmp"]["threats_found"]);
1064	} else
1065	+ return $match;
1066	+ }
1067	+
1068	+ function GOTMLS_preg_last_pcre_error() {
1069	+ $DC = array('PREG_NO_ERROR', 'PREG_INTERNAL_ERROR', 'PREG_BACKTRACK_LIMIT_ERROR', 'PREG_RECURSION_LIMIT_ERROR', 'PREG_BAD_UTF8_ERROR', 'PREG_BAD_UTF8_OFFSET_ERROR');
1070	+ if (function_exists("preg_last_error") && ($key = (INT) preg_last_error()) && isset($DC[$key]))
1071	+ return $DC[$key];
1072	+ else
1073	+ return "";
1074	}
1075
1076	function GOTMLS_check_threat($check_threats, $file='UNKNOWN') {
1077	$GLOBALS["GOTMLS"]["tmp"]["threats_found"] = array();
1078	$GLOBALS["GOTMLS"]["log"]["scan"]["last_threat"] = microtime(true);
1079	+ $filekey = md5($GLOBALS["GOTMLS"]["tmp"]["file_contents"])."O".strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]);
1080	if (is_array($check_threats)) {
1081	$path = str_replace("//", "/", "/".str_replace("\\", "/", substr($file, strlen(ABSPATH))));
1082	if (substr($file, 0, strlen(ABSPATH)) == ABSPATH && isset($check_threats[GOTMLS_wp_version]["$path"])) {
1083	+ if (($check_threats[GOTMLS_wp_version]["$path"] != $filekey) && ($source = GOTMLS_get_URL(GOTMLS_get_corefile_URL("$path", $check_threats[GOTMLS_wp_version]["$path"]))) && ($check_threats[GOTMLS_wp_version]["$path"] == md5($source)."O".strlen($source))) {
1084	$GLOBALS["GOTMLS"]["tmp"]["new_contents"] = $source;
1085	$len = strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]);
1086	if (strlen($source) < $len)

1096	} else {
1097	foreach ($check_threats as $threat_name=>$threat_definitions) {
1098	$GLOBALS["GOTMLS"]["log"]["scan"]["last_threat"] = microtime(true);
1099	+ if (is_array($threat_definitions) && count($threat_definitions) > 1 && strlen($def_ver = array_shift($threat_definitions)) == 5 && (!(isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"]) && in_array($threat_name, $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"])))) {
1100	+ while ($threat_definition = array_shift($threat_definitions)) {
1101	+ $found = GOTMLS_preg_match_all($threat_definition, $threat_name);
1102	+ if ($found===false && ($err = GOTMLS_preg_last_pcre_error()))
1103	+ $GLOBALS["GOTMLS"]["tmp"]["errors"]["$def_ver"]["$filekey"] = $err;
1104	+ }
1105	+ if (isset($_SESSION["GOTMLS_debug"])) {
1106	+ $_SESSION["GOTMLS_debug"]["threat_name"] = "$threat_name ($def_ver)";
1107	+ $file_time = sprintf('%f', (microtime(true) - $GLOBALS["GOTMLS"]["log"]["scan"]["last_threat"]));
1108	+ if (isset($_GET["GOTMLS_debug"]) && is_numeric($_GET["GOTMLS_debug"]) && $file_time > $_GET["GOTMLS_debug"])
1109	+ echo "\n//GOTMLS_debug $file_time $threat_name $file\n";
1110	+ if (isset($GLOBALS["GOTMLS"]["tmp"]["errors"]["$def_ver"]["$filekey"]))
1111	+ $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["errors"]["$filekey"] = $GLOBALS["GOTMLS"]["tmp"]["errors"]["$def_ver"]["$filekey"];
1112	+ if (isset($_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["total"]))
1113	+ $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["total"] = sprintf('%f', $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["total"] + $file_time);
1114	+ else
1115	+ $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["total"] = $file_time;
1116	+ if (isset($_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["count"]))
1117	+ $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["count"]++;
1118	+ else
1119	+ $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["count"] = 1;
1120	+ if (!isset($_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["least"]) \|\| $file_time < $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["least"])
1121	+ $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["least"] = $file_time;
1122	+ if (!isset($_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["most"]) \|\| $file_time > $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["most"])
1123	+ $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["most"] = $file_time;
1124	+ }
1125	}
1126	}
1127	}
1128	} elseif (strlen($check_threats) && isset($_GET['eli']) && GOTMLS_verify_regex($check_threats))
1129	GOTMLS_preg_match_all($check_threats, $check_threats);
1130	if (isset($_SESSION["GOTMLS_debug"])) {
1131	+ $file_time = sprintf('%f', (microtime(true) - $GLOBALS["GOTMLS"]["log"]["scan"]["last_threat"]));
1132	if (isset($_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_level"]]["total"]))
1133	+ $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_level"]]["total"] = sprintf('%f', $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_level"]]["total"] + $file_time);
1134	else
1135	$_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_level"]]["total"] = $file_time;
1136	if (isset($_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_level"]]["count"]))
1137	+ $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_level"]]["count"]++;
1138	else
1139	$_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_level"]]["count"] = 1;
1140	if (!isset($_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_level"]]["least"]) \|\| $file_time < $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_level"]]["least"])

index.php CHANGED Viewed

	@@ -8,7 +8,7 @@ Author URI: http://wordpress.ieonly.com/category/my-plugins/anti-malware/
8	Contributors: scheeeli, gotmls
9	Donate link: https://gotmls.net/donate/
10	Description: This Anti-Virus/Anti-Malware plugin searches for Malware and other Virus like threats and vulnerabilities on your server and helps you remove them. It's always growing and changing to adapt to new threats so let me know if it's not working for you.
11	- Version: 4.21.74
12	*/
13	if (isset($_SERVER["DOCUMENT_ROOT"]) && ($SCRIPT_FILE = str_replace($_SERVER["DOCUMENT_ROOT"], "", (isset($_SERVER["SCRIPT_FILENAME"])?$_SERVER["SCRIPT_FILENAME"]:(isset($_SERVER["SCRIPT_NAME"])?$_SERVER["SCRIPT_NAME"]:"")))) && strlen($SCRIPT_FILE) > strlen("/".basename(__FILE__)) && substr(__FILE__, -1 * strlen($SCRIPT_FILE)) == substr($SCRIPT_FILE, -1 * strlen(__FILE__)) \|\| !(function_exists("add_action") && function_exists("load_plugin_textdomain")))
14	include(dirname(__FILE__)."/safe-load/index.php");
	@@ -607,7 +607,7 @@ function GOTMLS_ajax_load_update() {
607	$GLOBALS["GOTMLS"]["tmp"]["definitions_array"] = $GOTnew_definitions;
608	$GLOBALS["GOTMLS"]["tmp"]["onLoad"] .= "updates_complete('New Definitions Automatically Installed :-)');";
609	}
610	- $finJS .= "\nif (divNAtext)\n\tloadGOTMLS();\nelse\n\tdivNAtext = setTimeout('loadGOTMLS()', 4000);";
611	$finJS .= "\nif (typeof stopCheckingDefinitions !== 'undefined' && stopCheckingDefinitions)\n\tclearTimeout(stopCheckingDefinitions);";
612	} else
613	$innerHTML = "<li style=\\\"color: #f00\\\"><a title='report error' href='#' onclick=\\\"stopCheckingDefinitions = checkAlternateUpdateServer('&error=".GOTMLS_encode(serialize(array("get_URL"=>$GLOBALS["GOTMLS"]["get_URL"])))."');\\\">Automatic Update Connection Failed!</a></li>";
	@@ -1160,7 +1160,7 @@ if (defined("GOTMLS_REQUEST_METHOD"))
1160	function GOTMLS_ajax_logintime() {
1161	@header("Content-type: text/javascript");
1162	$sess = (false && isset($_GET["GOTMLS_sess"]) && is_numeric($_GET["GOTMLS_sess"])) ? GOTMLS_htmlspecialchars($_GET["sess"]) : time();
1163	- die(((isset($GLOBALS["GOTMLS"]["tmp"]["HeadersError"]) && $GLOBALS["GOTMLS"]["tmp"]["HeadersError"])?"\n//Header Error: ".GOTMLS_strip4java(GOTMLS_htmlspecialchars($GLOBALS["GOTMLS"]["tmp"]["HeadersError"])):"")."\nvar GOTMLS_login_offset = new Date();\nvar GOTMLS_login_offset_start = GOTMLS_login_offset.getTime() - ".$sess."000;\nfunction set_offset_id() {\n\tGOTMLS_login_offset = new Date();\n\tif (form_login = document.getElementById('offset_id'))\n\t\tform_login.value = GOTMLS_login_offset.getTime() - GOTMLS_login_offset_start;\n\tsetTimeout(set_offset_id, 15673);\n}\nset_offset_id();");
1164	}
1165
1166	function GOTMLS_ajax_lognewkey() {
	@@ -1382,7 +1382,7 @@ function GOTMLS_ajax_position() {
1382	} else
1383	die("\n//Position Error: No new position to save!\n");
1384	update_option("GOTMLS_settings_array", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]);
1385	- die(GOTMLS_html_tags(array("html" => array("body" => GOTMLS_htmlentities($_GET["GOTMLS_msg"]).' '.__("saved.",'gotmls').(implode($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"]) == implode($GLOBALS["GOTMLS"]["tmp"]["default"]["msg_position"])?"":' <a href="'.GOTMLS_admin_url('GOTMLS_position', GOTMLS_set_nonce(__FUNCTION__."1448").'&GOTMLS_msg='.~~rawurlencode~~($GLOBALS["GOTMLS_msg"])).'">['.$GLOBALS["GOTMLS_msg"].']</a>'))), $properties));
1386	} else
1387	die(GOTMLS_Invalid_Nonce("\n//Position Error: ")."\n");
1388	}
	@@ -1441,7 +1441,7 @@ function GOTMLS_ajax_fix() {
1441	$_POST["GOTMLS_fix"] = array($_POST["GOTMLS_fix"]);
1442	if (isset($_REQUEST["GOTMLS_fix"]) && is_array($_REQUEST["GOTMLS_fix"]) && isset($_REQUEST["GOTMLS_fixing"]) && $_REQUEST["GOTMLS_fixing"]) {
1443	GOTMLS_update_scan_log(array("settings" => $GLOBALS["GOTMLS"]["tmp"]["settings_array"]));
1444	- $callAlert = "clearTimeout(callAlert);\ncallAlert=setTimeout('alert_repaired(1)', 30000);";
1445	$li_js = "\n<script type=\"text/javascript\">\nscanned = 0;\nvar callAlert;\nfunction alert_repaired(failed) {\nclearTimeout(callAlert);\nif (failed)\nfilesFailed='the rest, try again to change more.';\nwindow.parent.check_for_donation('Fixed '+filesFixed+' files, failed to fix '+filesFailed);\n}\n$callAlert\nwindow.parent.showhide('GOTMLS_iFrame', true);\nfilesFixed=0;\nfilesFailed=0;\nfunction fixedFile(file) {\n filesFixed++;\nif (li_file = window.parent.document.getElementById('check_'+file))\n\tli_file.checked=false;\nif (li_file = window.parent.document.getElementById('list_'+file))\n\tli_file.className='GOTMLS_plugin';\nif (li_file = window.parent.document.getElementById('GOTMLS_quarantine_'+file)) {\n\tli_file.style.display='none';\n\tli_file.innerHTML='';\n\t}\n}\nfunction DeletedFile(file) {\n filesFixed++;\nif (li_file = window.parent.document.getElementById('check_'+file))\n\tli_file.checked=false;\nif (li_file = window.parent.document.getElementById('list_'+file)) {\n\tli_file.className='GOTMLS_plugin';\n\tif (true \|\| !isNaN(file)) {\n\t\tli_file = li_file.parentNode".(isset($_REQUEST["GOTMLS_fix"][0]) && is_numeric($_REQUEST["GOTMLS_fix"][0])?'.parentNode':'').";\n\t\tli_file.style.display='none';\n\t\tli_file.innerHTML='';\n}}}\nfunction failedFile(file) {\n filesFailed++;\nwindow.parent.document.getElementById('check_'+file).checked=false; \n}\n</script>\n<script type=\"text/javascript\">\n/<!--"."/";
1446	@set_time_limit($GLOBALS["GOTMLS"]["tmp"]['execution_time'] * 2);
1447	$HTML = explode("split-here-for-content", GOTMLS_html_tags(array("html" => array("body" => "split-here-for-content"))));


8	Contributors: scheeeli, gotmls
9	Donate link: https://gotmls.net/donate/
10	Description: This Anti-Virus/Anti-Malware plugin searches for Malware and other Virus like threats and vulnerabilities on your server and helps you remove them. It's always growing and changing to adapt to new threats so let me know if it's not working for you.
11	+ Version: 4.21.83
12	*/
13	if (isset($_SERVER["DOCUMENT_ROOT"]) && ($SCRIPT_FILE = str_replace($_SERVER["DOCUMENT_ROOT"], "", (isset($_SERVER["SCRIPT_FILENAME"])?$_SERVER["SCRIPT_FILENAME"]:(isset($_SERVER["SCRIPT_NAME"])?$_SERVER["SCRIPT_NAME"]:"")))) && strlen($SCRIPT_FILE) > strlen("/".basename(__FILE__)) && substr(__FILE__, -1 * strlen($SCRIPT_FILE)) == substr($SCRIPT_FILE, -1 * strlen(__FILE__)) \|\| !(function_exists("add_action") && function_exists("load_plugin_textdomain")))
14	include(dirname(__FILE__)."/safe-load/index.php");

607	$GLOBALS["GOTMLS"]["tmp"]["definitions_array"] = $GOTnew_definitions;
608	$GLOBALS["GOTMLS"]["tmp"]["onLoad"] .= "updates_complete('New Definitions Automatically Installed :-)');";
609	}
610	+ $finJS .= "\nif (divNAtext)\n\tloadGOTMLS();\nelse\n\tdivNAtext = setTimeout(function() {loadGOTMLS();}, 4000);";
611	$finJS .= "\nif (typeof stopCheckingDefinitions !== 'undefined' && stopCheckingDefinitions)\n\tclearTimeout(stopCheckingDefinitions);";
612	} else
613	$innerHTML = "<li style=\\\"color: #f00\\\"><a title='report error' href='#' onclick=\\\"stopCheckingDefinitions = checkAlternateUpdateServer('&error=".GOTMLS_encode(serialize(array("get_URL"=>$GLOBALS["GOTMLS"]["get_URL"])))."');\\\">Automatic Update Connection Failed!</a></li>";

1160	function GOTMLS_ajax_logintime() {
1161	@header("Content-type: text/javascript");
1162	$sess = (false && isset($_GET["GOTMLS_sess"]) && is_numeric($_GET["GOTMLS_sess"])) ? GOTMLS_htmlspecialchars($_GET["sess"]) : time();
1163	+ die(((isset($GLOBALS["GOTMLS"]["tmp"]["HeadersError"]) && $GLOBALS["GOTMLS"]["tmp"]["HeadersError"])?"\n//Header Error: ".GOTMLS_strip4java(GOTMLS_htmlspecialchars($GLOBALS["GOTMLS"]["tmp"]["HeadersError"])):"")."\nvar GOTMLS_login_offset = new Date();\nvar GOTMLS_login_offset_start = GOTMLS_login_offset.getTime() - ".$sess."000;\nfunction set_offset_id() {\n\tGOTMLS_login_offset = new Date();\n\tif (form_login = document.getElementById('offset_id'))\n\t\tform_login.value = GOTMLS_login_offset.getTime() - GOTMLS_login_offset_start;\n\tsetTimeout(function() {set_offset_id();}, 15673);\n}\nset_offset_id();");
1164	}
1165
1166	function GOTMLS_ajax_lognewkey() {

1382	} else
1383	die("\n//Position Error: No new position to save!\n");
1384	update_option("GOTMLS_settings_array", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]);
1385	+ die(GOTMLS_html_tags(array("html" => array("body" => GOTMLS_htmlentities($_GET["GOTMLS_msg"]).' '.__("saved.",'gotmls').(implode($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"]) == implode($GLOBALS["GOTMLS"]["tmp"]["default"]["msg_position"])?"":' <a href="'.GOTMLS_admin_url('GOTMLS_position', GOTMLS_set_nonce(__FUNCTION__."1448").'&GOTMLS_msg='.GOTMLS_esc_url($GLOBALS["GOTMLS_msg"])).'">['.$GLOBALS["GOTMLS_msg"].']</a>'))), $properties));
1386	} else
1387	die(GOTMLS_Invalid_Nonce("\n//Position Error: ")."\n");
1388	}

1441	$_POST["GOTMLS_fix"] = array($_POST["GOTMLS_fix"]);
1442	if (isset($_REQUEST["GOTMLS_fix"]) && is_array($_REQUEST["GOTMLS_fix"]) && isset($_REQUEST["GOTMLS_fixing"]) && $_REQUEST["GOTMLS_fixing"]) {
1443	GOTMLS_update_scan_log(array("settings" => $GLOBALS["GOTMLS"]["tmp"]["settings_array"]));
1444	+ $callAlert = "clearTimeout(callAlert);\ncallAlert=setTimeout(function() {alert_repaired(1);}, 30000);";
1445	$li_js = "\n<script type=\"text/javascript\">\nscanned = 0;\nvar callAlert;\nfunction alert_repaired(failed) {\nclearTimeout(callAlert);\nif (failed)\nfilesFailed='the rest, try again to change more.';\nwindow.parent.check_for_donation('Fixed '+filesFixed+' files, failed to fix '+filesFailed);\n}\n$callAlert\nwindow.parent.showhide('GOTMLS_iFrame', true);\nfilesFixed=0;\nfilesFailed=0;\nfunction fixedFile(file) {\n filesFixed++;\nif (li_file = window.parent.document.getElementById('check_'+file))\n\tli_file.checked=false;\nif (li_file = window.parent.document.getElementById('list_'+file))\n\tli_file.className='GOTMLS_plugin';\nif (li_file = window.parent.document.getElementById('GOTMLS_quarantine_'+file)) {\n\tli_file.style.display='none';\n\tli_file.innerHTML='';\n\t}\n}\nfunction DeletedFile(file) {\n filesFixed++;\nif (li_file = window.parent.document.getElementById('check_'+file))\n\tli_file.checked=false;\nif (li_file = window.parent.document.getElementById('list_'+file)) {\n\tli_file.className='GOTMLS_plugin';\n\tif (true \|\| !isNaN(file)) {\n\t\tli_file = li_file.parentNode".(isset($_REQUEST["GOTMLS_fix"][0]) && is_numeric($_REQUEST["GOTMLS_fix"][0])?'.parentNode':'').";\n\t\tli_file.style.display='none';\n\t\tli_file.innerHTML='';\n}}}\nfunction failedFile(file) {\n filesFailed++;\nwindow.parent.document.getElementById('check_'+file).checked=false; \n}\n</script>\n<script type=\"text/javascript\">\n/<!--"."/";
1446	@set_time_limit($GLOBALS["GOTMLS"]["tmp"]['execution_time'] * 2);
1447	$HTML = explode("split-here-for-content", GOTMLS_html_tags(array("html" => array("body" => "split-here-for-content"))));

readme.txt CHANGED Viewed

	@@ -5,10 +5,10 @@ Author URI: http://wordpress.ieonly.com/category/my-plugins/anti-malware/
5	Contributors: scheeeli, gotmls
6	Donate link: https://gotmls.net/donate/
7	Tags: security, firewall, anti-malware, scanner, automatic, repair, remove, malware, virus, threat, hacked, malicious, infection, timthumb, exploit, block, brute-force, wp-login, patch, antimalware, revslider, Revolution Slider
8	- Version: 4.21.74
9	- Stable tag: 4.21.74
10	Requires at least: 3.3
11	- Tested up to: 6.0
12
13	This Anti-Malware scanner searches for Malware, Viruses, and other security threats and vulnerabilities on your server and it helps you fix them.
14
	@@ -94,6 +94,11 @@ sucuri.net caches their scan results and will not refresh the scan until you cli
94
95	== Changelog ==
96





97	= 4.21.74 =
98	* Updated code with various minor improvements to efficiency and compatibility.
99	* Checked code for compatibility with WordPress 6.0.
	@@ -390,6 +395,9 @@ sucuri.net caches their scan results and will not refresh the scan until you cli
390
391	== Upgrade Notice ==
392



393	= 4.21.74 =
394	Updated code with various minor improvements to efficiency and compatibility with WordPress 6.0.
395


5	Contributors: scheeeli, gotmls
6	Donate link: https://gotmls.net/donate/
7	Tags: security, firewall, anti-malware, scanner, automatic, repair, remove, malware, virus, threat, hacked, malicious, infection, timthumb, exploit, block, brute-force, wp-login, patch, antimalware, revslider, Revolution Slider
8	+ Version: 4.21.83
9	+ Stable tag: 4.21.83
10	Requires at least: 3.3
11	+ Tested up to: 6.0.1
12
13	This Anti-Malware scanner searches for Malware, Viruses, and other security threats and vulnerabilities on your server and it helps you fix them.
14

94
95	== Changelog ==
96
97	+ = 4.21.83 =
98	+ * Fixed XSS vulnerability on debug URLs introduced in the last release, thanks Erwan Le Rousseau.
99	+ * Updated code with other various minor improvements bug fixed.
100	+ * Checked code for compatibility with WordPress 6.0.1 and ClassicPress 1.4.2.
101	+
102	= 4.21.74 =
103	* Updated code with various minor improvements to efficiency and compatibility.
104	* Checked code for compatibility with WordPress 6.0.

395
396	== Upgrade Notice ==
397
398	+ = 4.21.83 =
399	+ Fixed XSS vulnerability, plus other minor improvements and compatibility with WordPress 6.0.1 and ClassicPress 1.4.2.
400	+
401	= 4.21.74 =
402	Updated code with various minor improvements to efficiency and compatibility with WordPress 6.0.
403

safe-load/index.php CHANGED Viewed

@@ -5,17 +5,20 @@
             */
             if (!(isset($GLOBALS["GOTMLS"]["detected_attacks"]) && $GLOBALS["GOTMLS"]["detected_attacks"])) {
-            -
            	$file = (isset($_SERVER["SCRIPT_FILENAME"])?$_SERVER["SCRIPT_FILENAME"]:__FILE__);
-            -
            	$GLOBALS["GOTMLS"]["detected_attacks"] = '&attack[]='.strtolower((isset($_SERVER["DOCUMENT_ROOT"]) && strlen($_SERVER["DOCUMENT_ROOT"]) < strlen($file))?substr($file, strlen($_SERVER["DOCUMENT_ROOT"])):basename($file));
+            }
             foreach (array("REMOTE_ADDR", "HTTP_HOST", "REQUEST_URI", "HTTP_REFERER", "HTTP_USER_AGENT") as $var)
-            -
            	$GLOBALS["GOTMLS"]["detected_attacks"] .= (isset($_SERVER[$var])?"&SERVER_$var=".urlencode($_SERVER[$var]):"");
             foreach (array("log", "session_id") as $var)
-            -
            	$GLOBALS["GOTMLS"]["detected_attacks"] .= (isset($_POST[$var])?"&POST_$var=".urlencode($_POST[$var]).(isset($_POST["sess".$_POST[$var]])?"&TIME=".time()."&POST_sess$var=".urlencode($_POST["sess".$_POST[$var]]):""):"");
-            -
            $ver = "Unknown";
-            -
            if ($file = str_replace(basename(dirname(__FILE__)), basename(__FILE__), dirname(__FILE__)))
-            -
            	if (is_file($file) && $contents = @file_get_contents($file))
-            -
            		if (preg_match('/\nversion:\s*([0-9\.]+)/i', $contents, $match))
-            -
            			$ver = $match[1];
             header("location: https://safe-load.gotmls.net/report.php?ver=$ver".$GLOBALS["GOTMLS"]["detected_attacks"]);
-            -
            die();


5	*/
6
7	if (!(isset($GLOBALS["GOTMLS"]["detected_attacks"]) && $GLOBALS["GOTMLS"]["detected_attacks"])) {
8	+ $file = (isset($_SERVER["SCRIPT_FILENAME"]) ? $_SERVER["SCRIPT_FILENAME"] : __FILE__);
9	+ $GLOBALS["GOTMLS"]["detected_attacks"] = '&attack[]='.strtolower((isset($_SERVER["DOCUMENT_ROOT"]) && strlen($_SERVER["DOCUMENT_ROOT"]) < strlen($file)) ? substr($file, strlen($_SERVER["DOCUMENT_ROOT"])) : basename($file));
10	}
11	+
12	foreach (array("REMOTE_ADDR", "HTTP_HOST", "REQUEST_URI", "HTTP_REFERER", "HTTP_USER_AGENT") as $var)
13	+ $GLOBALS["GOTMLS"]["detected_attacks"] .= (isset($_SERVER[$var]) ? "&SERVER_$var=".urlencode($_SERVER[$var]) : "");
14	+
15	foreach (array("log", "session_id") as $var)
16	+ $GLOBALS["GOTMLS"]["detected_attacks"] .= (isset($_POST[$var]) ? "&POST_$var=".urlencode($_POST[$var]).(isset($_POST["sess".$_POST[$var]]) ? "&TIME=".time()."&POST_sess$var=".urlencode($_POST["sess".$_POST[$var]]) : "") : "");
17	+
18	+ if (is_file($file = str_replace(basename(dirname(__FILE__)), basename(__FILE__), dirname(__FILE__))) && ($contents = @file_get_contents($file)) && preg_match('/\nversion:\s*([0-9\.]+)/i', $contents, $match))
19	+ $ver = $match[1];
20	+ else
21	+ $ver = "Unknown";
22	+
23	header("location: https://safe-load.gotmls.net/report.php?ver=$ver".$GLOBALS["GOTMLS"]["detected_attacks"]);
24	+ die();

safe-load/wp-settings.php CHANGED Viewed

@@ -134,7 +134,6 @@ if (!function_exists("delete_option")) {
             function delete_option($index) {
             	global $wpdb, $table_prefix;
             	$wpdb->delete($table_prefix."options", array( 'option_name' => "'$index'"));
-            -
            //	echo "<li>del:".$index."<li>qry:".$wpdb->last_query."<li>err:".$wpdb->last_error;
             }}
             if (!function_exists("update_option")) {
@@ -142,9 +141,7 @@ function update_option($index, $value = "") {
             	global $wpdb, $table_prefix;
             	if (is_array($value))
             		$value = serialize($value);
-            -
            //	$value = mysqli_real_escape_string($wpdb, $value);
             	$return = $wpdb->update($table_prefix."options", array('option_value' => $value), array('option_name' => $index));
-            -
            //	echo "<li>upd:".$index."<li>qry:".$wpdb->last_query."<li>err:".$wpdb->last_error;
             	return $return;
             }}
@@ -157,5 +154,78 @@ function get_option($index, $value = array()) {
             		return unserialize($return);
             	else
             		return $return;
-            -
            //	echo $wpdb->func_call."<li>get:".$index."<li>qry:$qry;/".$wpdb->last_query."<li>err:".$wpdb->last_error;
             }}


134	function delete_option($index) {
135	global $wpdb, $table_prefix;
136	$wpdb->delete($table_prefix."options", array( 'option_name' => "'$index'"));

137	}}
138
139	if (!function_exists("update_option")) {

141	global $wpdb, $table_prefix;
142	if (is_array($value))
143	$value = serialize($value);

144	$return = $wpdb->update($table_prefix."options", array('option_value' => $value), array('option_name' => $index));

145	return $return;
146	}}
147

154	return unserialize($return);
155	else
156	return $return;
157	+ }}
158	+
159	+ if (!function_exists("admin_url")) {
160	+ function admin_url($path = '') {
161	+ $url = get_option('siteurl').'wp-admin/';
162	+ if ($path && is_string($path))
163	+ $url .= ltrim($path, '/');
164	+ return $url;
165	+ }}
166	+
167	+ if (!function_exists("_deep_replace")) {
168	+ function _deep_replace( $search, $subject ) {
169	+ $subject = (string) $subject;
170	+
171	+ $count = 1;
172	+ while ( $count ) {
173	+ $subject = str_replace( $search, '', $subject, $count );
174	+ }
175	+
176	+ return $subject;
177	+ }}
178	+
179	+ if (!function_exists("valid_unicode")) {
180	+ function valid_unicode( $i ) {
181	+ return ( 0x9 == $i \|\| 0xa == $i \|\| 0xd == $i \|\|
182	+ ( 0x20 <= $i && $i <= 0xd7ff ) \|\|
183	+ ( 0xe000 <= $i && $i <= 0xfffd ) \|\|
184	+ ( 0x10000 <= $i && $i <= 0x10ffff ) );
185	+ }}
186	+
187	+ if (!function_exists("wp_kses_normalize_entities2")) {
188	+ function wp_kses_normalize_entities2( $matches ) {
189	+ if ( empty( $matches[1] ) ) {
190	+ return '';
191	+ }
192	+
193	+ $i = $matches[1];
194	+ if ( valid_unicode( $i ) ) {
195	+ $i = str_pad( ltrim( $i, '0' ), 3, '0', STR_PAD_LEFT );
196	+ $i = "&#$i;";
197	+ } else {
198	+ $i = "&#$i;";
199	+ }
200	+
201	+ return $i;
202	+ }}
203	+
204	+ if (!function_exists("wp_kses_normalize_entities3")) {
205	+ function wp_kses_normalize_entities3( $matches ) {
206	+ if ( empty( $matches[1] ) ) {
207	+ return '';
208	+ }
209	+
210	+ $hexchars = $matches[1];
211	+ return ( ! valid_unicode( hexdec( $hexchars ) ) ) ? "&#x$hexchars;" : '&#x' . ltrim( $hexchars, '0' ) . ';';
212	+ }}
213	+
214	+ if (!function_exists("wp_kses_named_entities")) {
215	+ function wp_kses_named_entities($matches) {
216	+ global $allowedentitynames;
217	+ if (empty($matches[1]))
218	+ return '';
219	+ $i = $matches[1];
220	+ return (is_array($allowedentitynames) && in_array($i, $allowedentitynames, true)) ? "&$i;" : "&$i;";
221	+ }}
222	+
223	+ if (!function_exists("wp_kses_normalize_entities")) {
224	+ function wp_kses_normalize_entities($string) {
225	+ // Disarm all entities by converting & to &
226	+ $string = str_replace( '&', '&', $string );
227	+ $string = preg_replace_callback( '/&([A-Za-z]{2,8}[0-9]{0,2});/', 'wp_kses_named_entities', $string );
228	+ $string = preg_replace_callback( '/&#(0*[0-9]{1,7});/', 'wp_kses_normalize_entities2', $string );
229	+ $string = preg_replace_callback( '/&#[Xx](0*[0-9A-Fa-f]{1,6});/', 'wp_kses_normalize_entities3', $string );
230	+ return $string;
231	}}

Anti-Malware Security and Brute-Force Firewall - Version 4.21.83

Version Description

Release Info

Code changes from version 4.21.74 to 4.21.83