MalCare WordPress Security Plugin – Malware Scanner, Cleaner, Security Firewall - Version 4.52

Version Description

Download this release

Release Info

Developer ritesh.soni36
Plugin Icon 128x128 MalCare WordPress Security Plugin – Malware Scanner, Cleaner, Security Firewall
Version 4.52
Comparing to
See all releases

Code changes from version 4.51 to 4.52

Files changed (11) hide show
  1. callback/wings/db.php +19 -3
  2. callback/wings/fs.php +18 -0
  3. callback/wings/fs_write.php +3 -3
  4. callback/wings/info.php +0 -1
  5. callback/wings/misc.php +0 -8
  6. info.php +1 -1
  7. malcare.php +4 -5
  8. protect/fw/fw.php +1 -10
  9. protect/wp/protect.php +2 -78
  10. readme.txt +3 -5
  11. wp_site_info.php +0 -6
callback/wings/db.php CHANGED
@@ -15,6 +15,7 @@ class BVDBCallback extends BVCallbackBase {
15
  $this->db = $callback_handler->db;
16
  $this->account = $callback_handler->account;
17
  $this->siteinfo = $callback_handler->siteinfo;
 
18
  }
19
 
20
  public function getLastID($pkeys, $end_row) {
@@ -42,9 +43,7 @@ class BVDBCallback extends BVCallbackBase {
42
  $data = array();
43
  $data["offset"] = $offset;
44
  $data["size"] = $srows;
45
- $serialized_rows = serialize($rows);
46
- $data['md5'] = md5($serialized_rows);
47
- $data['length'] = strlen($serialized_rows);
48
  array_push($tinfo, $data);
49
  if (!empty($pkeys) && $srows > 0) {
50
  $end_row = end($rows);
@@ -70,6 +69,23 @@ class BVDBCallback extends BVCallbackBase {
70
  $params = $request->params;
71
  $stream_init_info = BVStream::startStream($this->account, $request);
72
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
73
  if (array_key_exists('stream', $stream_init_info)) {
74
  $this->stream = $stream_init_info['stream'];
75
  switch ($request->method) {
15
  $this->db = $callback_handler->db;
16
  $this->account = $callback_handler->account;
17
  $this->siteinfo = $callback_handler->siteinfo;
18
+ $this->bvinfo = $callback_handler->bvinfo;
19
  }
20
 
21
  public function getLastID($pkeys, $end_row) {
43
  $data = array();
44
  $data["offset"] = $offset;
45
  $data["size"] = $srows;
46
+ $data["md5"] = md5(serialize($rows));
 
 
47
  array_push($tinfo, $data);
48
  if (!empty($pkeys) && $srows > 0) {
49
  $end_row = end($rows);
69
  $params = $request->params;
70
  $stream_init_info = BVStream::startStream($this->account, $request);
71
 
72
+ if($this->bvinfo->canSetCWBranding()) {
73
+ $bv_table = $params['table'];
74
+ if (!empty($bv_table)) {
75
+ $allowed = false;
76
+ foreach(BVDBCallback::$bvTables as $table) {
77
+ if ($bv_table == $table || $bv_table == $db->getBVTable($table)) {
78
+ $allowed = true;
79
+ break;
80
+ }
81
+ }
82
+ if (!$allowed) {
83
+ return $stream_init_info;
84
+ }
85
+ }
86
+ }
87
+
88
+
89
  if (array_key_exists('stream', $stream_init_info)) {
90
  $this->stream = $stream_init_info['stream'];
91
  switch ($request->method) {
callback/wings/fs.php CHANGED
@@ -12,6 +12,7 @@ class BVFSCallback extends BVCallbackBase {
12
 
13
  public function __construct($callback_handler) {
14
  $this->account = $callback_handler->account;
 
15
  }
16
 
17
  function fileStat($relfile, $md5 = false) {
@@ -246,6 +247,23 @@ class BVFSCallback extends BVCallbackBase {
246
  $params = $request->params;
247
  $stream_init_info = BVStream::startStream($this->account, $request);
248
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
249
  if (array_key_exists('stream', $stream_init_info)) {
250
  $this->stream = $stream_init_info['stream'];
251
  switch ($request->method) {
12
 
13
  public function __construct($callback_handler) {
14
  $this->account = $callback_handler->account;
15
+ $this->bvinfo = $callback_handler->bvinfo;
16
  }
17
 
18
  function fileStat($relfile, $md5 = false) {
247
  $params = $request->params;
248
  $stream_init_info = BVStream::startStream($this->account, $request);
249
 
250
+ if($this->bvinfo->canSetCWBranding()) {
251
+ if(array_key_exists('initdir', $params)) {
252
+ return $stream_init_info;
253
+ }
254
+
255
+ if (array_key_exists('files', $params)) {
256
+ $files = $params['files'];
257
+
258
+ foreach($files as $file) {
259
+ if (!in_array($file, BVFSCallback::$cwAllowedFiles)) {
260
+ return $stream_init_info;
261
+ }
262
+ }
263
+ }
264
+ }
265
+
266
+
267
  if (array_key_exists('stream', $stream_init_info)) {
268
  $this->stream = $stream_init_info['stream'];
269
  switch ($request->method) {
callback/wings/fs_write.php CHANGED
@@ -35,7 +35,7 @@ class BVFSWriteCallback extends BVCallbackBase {
35
  return $result;
36
  }
37
 
38
- public function makeDirs($dirs, $permissions = 0777, $recursive = true) {
39
  $result = array();
40
 
41
  foreach($dirs as $dir) {
@@ -53,7 +53,7 @@ class BVFSWriteCallback extends BVCallbackBase {
53
 
54
  } else {
55
 
56
- $dir_result['status'] = mkdir($dir, $permissions, $recursive);
57
  if ($dir_result['status'] === false) {
58
  $dir_result['error'] = "MKDIR_FAILED";
59
  }
@@ -411,7 +411,7 @@ class BVFSWriteCallback extends BVCallbackBase {
411
  $resp = $this->doChmod($params['pathinfos']);
412
  break;
413
  case "mkdr":
414
- $resp = $this->makeDirs($params['dirs'], $params['permissions'], $params['recursive']);
415
  break;
416
  case "rmdr":
417
  $resp = $this->removeDirs($params['dirs']);
35
  return $result;
36
  }
37
 
38
+ public function makeDirs($dirs) {
39
  $result = array();
40
 
41
  foreach($dirs as $dir) {
53
 
54
  } else {
55
 
56
+ $dir_result['status'] = mkdir($dir);
57
  if ($dir_result['status'] === false) {
58
  $dir_result['error'] = "MKDIR_FAILED";
59
  }
411
  $resp = $this->doChmod($params['pathinfos']);
412
  break;
413
  case "mkdr":
414
+ $resp = $this->makeDirs($params['dirs']);
415
  break;
416
  case "rmdr":
417
  $resp = $this->removeDirs($params['dirs']);
callback/wings/info.php CHANGED
@@ -129,7 +129,6 @@ class BVInfoCallback extends BVCallbackBase {
129
  'dbprefix' => $db->dbprefix(),
130
  'wpmu' => $siteinfo->isMultisite(),
131
  'mainsite' => $siteinfo->isMainSite(),
132
- 'main_site_id' => $siteinfo->getMainSiteId(),
133
  'name' => get_bloginfo('name'),
134
  'siteurl' => $siteinfo->siteurl(),
135
  'homeurl' => $siteinfo->homeurl(),
129
  'dbprefix' => $db->dbprefix(),
130
  'wpmu' => $siteinfo->isMultisite(),
131
  'mainsite' => $siteinfo->isMainSite(),
 
132
  'name' => get_bloginfo('name'),
133
  'siteurl' => $siteinfo->siteurl(),
134
  'homeurl' => $siteinfo->homeurl(),
callback/wings/misc.php CHANGED
@@ -8,14 +8,12 @@ class BVMiscCallback extends BVCallbackBase {
8
  public $bvinfo;
9
  public $siteinfo;
10
  public $account;
11
- public $bvapi;
12
 
13
  public function __construct($callback_handler) {
14
  $this->settings = $callback_handler->settings;
15
  $this->siteinfo = $callback_handler->siteinfo;
16
  $this->account = $callback_handler->account;
17
  $this->bvinfo = new MCInfo($callback_handler->settings);
18
- $this->bvapi = new MCWPAPI($callback_handler->settings);
19
  }
20
 
21
  public function refreshPluginUpdates() {
@@ -55,12 +53,6 @@ class BVMiscCallback extends BVCallbackBase {
55
  $resp = array_merge($resp, $this->account->info());
56
  $resp = array_merge($resp, $this->bvinfo->info());
57
  break;
58
- case "pngbv":
59
- $info = array();
60
- $this->siteinfo->basic($info);
61
- $this->bvapi->pingbv('/bvapi/pingbv', $info);
62
- $resp = array("status" => true);
63
- break;
64
  case "enablebadge":
65
  $option = $bvinfo->badgeinfo;
66
  $badgeinfo = array();
8
  public $bvinfo;
9
  public $siteinfo;
10
  public $account;
 
11
 
12
  public function __construct($callback_handler) {
13
  $this->settings = $callback_handler->settings;
14
  $this->siteinfo = $callback_handler->siteinfo;
15
  $this->account = $callback_handler->account;
16
  $this->bvinfo = new MCInfo($callback_handler->settings);
 
17
  }
18
 
19
  public function refreshPluginUpdates() {
53
  $resp = array_merge($resp, $this->account->info());
54
  $resp = array_merge($resp, $this->bvinfo->info());
55
  break;
 
 
 
 
 
 
56
  case "enablebadge":
57
  $option = $bvinfo->badgeinfo;
58
  $badgeinfo = array();
info.php CHANGED
@@ -9,7 +9,7 @@ if (!class_exists('MCInfo')) :
9
  public $badgeinfo = 'mcbadge';
10
  public $ip_header_option = 'mcipheader';
11
  public $brand_option = 'mcbrand';
12
- public $version = '4.51';
13
  public $webpage = 'https://www.malcare.com';
14
  public $appurl = 'https://app.malcare.com';
15
  public $slug = 'malcare-security/malcare.php';
9
  public $badgeinfo = 'mcbadge';
10
  public $ip_header_option = 'mcipheader';
11
  public $brand_option = 'mcbrand';
12
+ public $version = '4.52';
13
  public $webpage = 'https://www.malcare.com';
14
  public $appurl = 'https://app.malcare.com';
15
  public $slug = 'malcare-security/malcare.php';
malcare.php CHANGED
@@ -5,7 +5,7 @@ Plugin URI: https://www.malcare.com
5
  Description: MalCare Security - Free Malware Scanner, Protection & Security for WordPress
6
  Author: MalCare Security
7
  Author URI: https://www.malcare.com
8
- Version: 4.51
9
  Network: True
10
  */
11
 
@@ -136,10 +136,9 @@ if ((array_key_exists('bvplugname', $_REQUEST)) && ($_REQUEST['bvplugname'] == "
136
  $response->terminate($resp);
137
  }
138
  } else {
139
- require_once dirname( __FILE__ ) . '/protect/wp/protect.php';
140
- $bvprotect = new BVProtect($bvdb, $bvsettings);
141
- $bvprotect->init();
142
- if ($bvinfo->isProtectModuleEnabled() && !(defined( 'WP_CLI' ) && WP_CLI)) {
143
  $bvprotect->run();
144
  }
145
 
5
  Description: MalCare Security - Free Malware Scanner, Protection & Security for WordPress
6
  Author: MalCare Security
7
  Author URI: https://www.malcare.com
8
+ Version: 4.52
9
  Network: True
10
  */
11
 
136
  $response->terminate($resp);
137
  }
138
  } else {
139
+ if ($bvinfo->isProtectModuleEnabled()) {
140
+ require_once dirname( __FILE__ ) . '/protect/wp/protect.php';
141
+ $bvprotect = new BVProtect($bvdb, $bvsettings);
 
142
  $bvprotect->run();
143
  }
144
 
protect/fw/fw.php CHANGED
@@ -202,14 +202,6 @@ class BVFW {
202
  return false;
203
  }
204
 
205
- public function canLogValue($key) {
206
- $skip_keys = array('password' => true, 'passwd' => true, 'pwd' => true);
207
- if (isset($skip_keys[$key])) {
208
- return false;
209
- }
210
- return true;
211
- }
212
-
213
  public function execute() {
214
  if ($this->config->canProfileReqInfo()) {
215
  $result = array();
@@ -266,7 +258,6 @@ class BVFW {
266
  $result = array();
267
  if (is_array($params)) {
268
  foreach ($params as $key => $value) {
269
- $original_key = $key;
270
  $key = $prefix . $key;
271
  if (is_array($value)) {
272
  $result = $result + $this->profileRequestInfo($value, $debug, $key . '[', $obraces + 1);
@@ -275,7 +266,7 @@ class BVFW {
275
  $result[$key] = array();
276
  $valsize = $this->getLength($value);
277
  $result[$key]["size"] = $valsize;
278
- if ($debug === true && $valsize < 256 && $this->canLogValue($original_key)) {
279
  $result[$key]["value"] = $value;
280
  continue;
281
  }
202
  return false;
203
  }
204
 
 
 
 
 
 
 
 
 
205
  public function execute() {
206
  if ($this->config->canProfileReqInfo()) {
207
  $result = array();
258
  $result = array();
259
  if (is_array($params)) {
260
  foreach ($params as $key => $value) {
 
261
  $key = $prefix . $key;
262
  if (is_array($value)) {
263
  $result = $result + $this->profileRequestInfo($value, $debug, $key . '[', $obraces + 1);
266
  $result[$key] = array();
267
  $valsize = $this->getLength($value);
268
  $result[$key]["size"] = $valsize;
269
+ if ($debug === true && $valsize < 256) {
270
  $result[$key]["value"] = $value;
271
  continue;
272
  }
protect/wp/protect.php CHANGED
@@ -20,10 +20,6 @@ class BVProtect {
20
  $this->db = $db;
21
  }
22
 
23
- public function init() {
24
- add_action('clear_pt_config', array($this, 'uninstall'));
25
- }
26
-
27
  public function run() {
28
  $bvipstore = new BVIPStore($this->db);
29
  $bvipstore->init();
@@ -59,6 +55,8 @@ class BVProtect {
59
  }
60
  }
61
 
 
 
62
  $lpConfHash = array_key_exists('lp', $config) ? $config['lp'] : array();
63
  $lp = new BVWPLP($this->db, $this->settings, $ip, $bvipstore, $lpConfHash);
64
  if ($lp->isActive()) {
@@ -71,81 +69,7 @@ class BVProtect {
71
  $this->db->dropBVTable(BVFWConfig::$requests_table);
72
  $this->db->dropBVTable(BVWPLPConfig::$requests_table);
73
  $this->settings->deleteOption('bvptplug');
74
- $this->remove_wp_prepend();
75
- $this->remove_php_prepend();
76
- $this->remove_mcdata();
77
  return true;
78
  }
79
-
80
- private function remove_wp_prepend() {
81
- $wp_conf_paths = array(ABSPATH . "wp-config.php", ABSPATH . "../wp-config.php");
82
- if (file_exists($wp_conf_paths[0])) {
83
- $fname = $wp_conf_paths[0];
84
- } elseif (file_exists($wp_conf_paths[1])) {
85
- $fname = $wp_conf_paths[1];
86
- } else {
87
- return;
88
- }
89
-
90
- $content = file_get_contents($fname);
91
- if ($content) {
92
- $pattern = "@include '" . ABSPATH . "malcare-waf.php" . "';";
93
- $modified_content = str_replace($pattern, "", $content);
94
- if ($content !== $modified_content) {
95
- file_put_contents($fname, $modified_content);
96
- }
97
- }
98
- }
99
-
100
- private function remove_php_prepend() {
101
- $this->remove_htaccess_prepend();
102
- $this->remove_userini_prepend();
103
- }
104
-
105
- private function remove_prepend($fname, $pattern) {
106
- if (!file_exists($fname)) return;
107
-
108
- $content = file_get_contents($fname);
109
- if ($content) {
110
- $modified_content = preg_replace($pattern, "", $content);
111
- if ($content !== $modified_content) {
112
- file_put_contents($fname, $modified_content);
113
- }
114
- }
115
- }
116
-
117
- private function remove_htaccess_prepend() {
118
- $pattern = "/# MalCare WAF(.|\n)*# END MalCare WAF/i";
119
- $this->remove_prepend(ABSPATH . ".htaccess", $pattern);
120
- }
121
-
122
- private function remove_userini_prepend() {
123
- $pattern = "/; MalCare WAF(.|\n)*; END MalCare WAF/i";
124
- $this->remove_prepend(ABSPATH . ".user.ini", $pattern);
125
- }
126
-
127
- private function remove_mcdata() {
128
- $this->rrmdir($this->get_contdir() . "mc_data");
129
- }
130
-
131
- private function rrmdir($dir) {
132
- if (is_dir($dir)) {
133
- $objects = scandir($dir);
134
- foreach ($objects as $object) {
135
- if ($object != "." && $object != "..") {
136
- if (is_dir($dir . "/" . $object) && !is_link($dir . "/" . $object)) {
137
- rrmdir($dir . "/" . $object);
138
- } else {
139
- unlink($dir . "/" . $object);
140
- }
141
- }
142
- }
143
- rmdir($dir);
144
- }
145
- }
146
-
147
- public function get_contdir() {
148
- return defined('WP_CONTENT_DIR') ? WP_CONTENT_DIR . "/" : ABSPATH . "wp-content/";
149
- }
150
  }
151
  endif;
20
  $this->db = $db;
21
  }
22
 
 
 
 
 
23
  public function run() {
24
  $bvipstore = new BVIPStore($this->db);
25
  $bvipstore->init();
55
  }
56
  }
57
 
58
+ add_action('clear_pt_config', array($this, 'uninstall'));
59
+
60
  $lpConfHash = array_key_exists('lp', $config) ? $config['lp'] : array();
61
  $lp = new BVWPLP($this->db, $this->settings, $ip, $bvipstore, $lpConfHash);
62
  if ($lp->isActive()) {
69
  $this->db->dropBVTable(BVFWConfig::$requests_table);
70
  $this->db->dropBVTable(BVWPLPConfig::$requests_table);
71
  $this->settings->deleteOption('bvptplug');
 
 
 
72
  return true;
73
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
74
  }
75
  endif;
readme.txt CHANGED
@@ -6,7 +6,7 @@ Donate link: https://www.malcare.com
6
  Requires at least: 4.0
7
  Tested up to: 5.6
8
  Requires PHP: 5.4.0
9
- Stable tag: 4.51
10
  License: GPLv2 or later
11
  License URI: [http://www.gnu.org/licenses/gpl-2.0.html](http://www.gnu.org/licenses/gpl-2.0.html)
12
 
@@ -397,10 +397,8 @@ These are available on our website: [Terms of Service](https://www.malcare.com/t
397
  8. MalCare’s Uptime Monitoring notifies if a website goes down so that you can handle the situation before starting to lose visitors.
398
 
399
  == CHANGELOG ==
400
- = 4.51 =
401
- * Removed files and db access check
402
- * On uninstall remove prepend configuration
403
- * minor bug fixes
404
 
405
  = 4.4 =
406
  * Disabling deactivate for botprotection accounts
6
  Requires at least: 4.0
7
  Tested up to: 5.6
8
  Requires PHP: 5.4.0
9
+ Stable tag: 4.52
10
  License: GPLv2 or later
11
  License URI: [http://www.gnu.org/licenses/gpl-2.0.html](http://www.gnu.org/licenses/gpl-2.0.html)
12
 
397
  8. MalCare’s Uptime Monitoring notifies if a website goes down so that you can handle the situation before starting to lose visitors.
398
 
399
  == CHANGELOG ==
400
+ = 4.52=
401
+ * Bug fix
 
 
402
 
403
  = 4.4 =
404
  * Disabling deactivate for botprotection accounts
wp_site_info.php CHANGED
@@ -39,12 +39,6 @@ class MCWPSiteInfo {
39
  return is_main_site();
40
  }
41
 
42
- public function getMainSiteId() {
43
- if (!function_exists('get_main_site_id'))
44
- return 0;
45
- return get_main_site_id();
46
- }
47
-
48
  public function info() {
49
  $info = array();
50
  $this->basic($info);
39
  return is_main_site();
40
  }
41
 
 
 
 
 
 
 
42
  public function info() {
43
  $info = array();
44
  $this->basic($info);