Timthumb Vulnerability Scanner - Version 1.43

Version Description

Download this release

Release Info

Developer peterebutler
Plugin Icon wp plugin Timthumb Vulnerability Scanner
Version 1.43
Comparing to
See all releases

Code changes from version 1.42 to 1.43

cg-tvs-admin-panel-display.php CHANGED
@@ -1,6 +1,6 @@
1
  <div class="wrap">
2
  <h2>Timthumb Scanner</h2>
3
- <div style="width:65%;float:left">
4
  <div class="postbox metabox-holder" >
5
  <h3 class="hndle">1. Scan</h3>
6
  <form action="" method="post">
1
  <div class="wrap">
2
  <h2>Timthumb Scanner</h2>
3
+ <div style="width:65%;min-width:500px;float:left">
4
  <div class="postbox metabox-holder" >
5
  <h3 class="hndle">1. Scan</h3>
6
  <form action="" method="post">
cg-tvs-admin-panel.php DELETED
@@ -1,43 +0,0 @@
1
- <div class="wrap">
2
- <h2>Timthumb Scanner</h2>
3
- <div class="postbox metabox-holder" style="float:right;width:300px;padding-top:0px">
4
- <h3 class="hndle" style="text-align:center"><a href="http://codegarage.com/"><img src="<?php echo WP_PLUGIN_URL; ?>/<?php echo basename( dirname( __FILE__ ) ); ?>/locker_logo.png"></a></h3>
5
- <div class="inside">
6
- <p><strong>Tired of worrying about your WordPress sites?</strong></p>
7
- <p><a href="http://codegarage.com" target="_blank" >Locker</a> from <a href="http://codegarage.com/" target="_blank" >Code Garage</a> provides rock solid daily backups and hack monitoring and cleanup (for malicious code and vulnerabilities like this one), as well as personal, one on one support when you need it. Plans start at $15/month for 10 sites.</p>
8
- <p style="text-align:center;padding-top:15px;"><a href="http://codegarage.com/" target="_blank" class="button-primary">Click here to learn more</a></p>
9
- </div>
10
- </div>
11
- <div style="margin-right:320px;">
12
- <h4>What's going on here?</h4>
13
- <p>Here's how this works: When you click "Scan", we'll gather a list of all the files in your wp-content directory, and then we'll scan all of the php files looking for the timthumb script. If we find it, we'll scan it to make sure it's at least version 2 - which is the version that fixed the vulnerability. You'll be notified here of any files that need to be updated.</p>
14
- <form action="tools.php?page=cg-timthumb-scanner" method="post">
15
- <input type="hidden" name="cg-action" value="scan">
16
- <button class="button-secondary">Scan!</button>
17
- </form>
18
- <?php if ( get_option( 'cg_tvs_last_checked' ) ): ?>
19
- <h4>What now?</h4>
20
- <p>We've now scanned all your themes and plugins, and any instances of the timthumb script are listed below. Problem files (timthumb scripts that are older than version 2.0) are in the "Vulnerable" list, and safe files (Newer than 2.0) are listed in the "Safe" list. "Vulnerable" files can be upgraded to the latest version of timthumb by clicking the "Fix" button next to each file.</p>
21
- <table class="form-table">
22
- <tr>
23
- <th scope="row">Last Scanned:</th>
24
- <td><?php echo get_option( 'cg_tvs_last_checked' ); ?></td>
25
- </tr>
26
- <tr>
27
- <th scope="row">Vulnerable Timthumb Files:</th>
28
- <td><?php echo $vulnerable_list_html; ?></td>
29
- </tr>
30
- <?php if(count($vulnerable_files)>1): ?>
31
- <tr>
32
- <th scope="row"></th>
33
- <td><a href="<?php echo wp_nonce_url( 'tools.php?page=cg-timthumb-scanner&cg-action=fixall', 'fix_all_timthumb_files'); ?>" onclick="return confirm('Are you sure you want to fix ALL of the found files? This can't easily be undone. I'd suggest you make a backup of your wp-content directory before proceeding.')" class="button" style="margin-left:23px;">Fix All <?php echo count($vulnerable_files); ?> Vulnerable Files</a> <strong>Warning:</strong> Make sure you want ALL of the files fixed!</td>
34
- </tr>
35
- <?php endif; ?>
36
- <tr>
37
- <th scope="row">Safe Timthumb Files:</th>
38
- <td><?php echo $safe_list_html; ?></td>
39
- </tr>
40
- </table>
41
- <?php endif; ?>
42
- </div>
43
- </div>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
class-cg-tvs-plugin.php CHANGED
@@ -28,6 +28,7 @@ class CG_TVS_Plugin{
28
  }else{
29
  $this->script_latest_version = '2.8.2';
30
  $this->script_safe_version = '2.8.2';
 
31
  $this->last_version_check = 0;
32
 
33
  $this->script_instances = array();
@@ -69,8 +70,12 @@ class CG_TVS_Plugin{
69
  $this->show_message('Updated script information request failed.');
70
  }else{
71
  $response = $ixr_client->getResponse();
72
- $this->script_latest_version = $response['latest_version'];
73
- $this->script_safe_version = $response['safe_version'];
 
 
 
 
74
  }
75
  $this->last_version_check = time();
76
  }
@@ -91,9 +96,9 @@ class CG_TVS_Plugin{
91
  function get_version_float($version){
92
  // Convert version string into a float
93
  $version_parts = explode('.', $version);
94
- $version = $version_parts[0].'.';
95
  for( $position = 1; $position<count($version_parts); ++$position ){
96
- $version .= $version_parts[$position];
97
  }
98
 
99
  return floatval($version);
@@ -261,4 +266,4 @@ class CG_TVS_Plugin{
261
  include_once 'cg-tvs-admin-panel-display.php';
262
  }
263
 
264
- }
28
  }else{
29
  $this->script_latest_version = '2.8.2';
30
  $this->script_safe_version = '2.8.2';
31
+
32
  $this->last_version_check = 0;
33
 
34
  $this->script_instances = array();
70
  $this->show_message('Updated script information request failed.');
71
  }else{
72
  $response = $ixr_client->getResponse();
73
+ if($this->get_version_float($response['latest_version'])>0){
74
+ $this->script_latest_version = $response['latest_version'];
75
+ }
76
+ if($this->get_version_float($response['safe_version'])>0){
77
+ $this->script_safe_version = $response['safe_version'];
78
+ }
79
  }
80
  $this->last_version_check = time();
81
  }
96
  function get_version_float($version){
97
  // Convert version string into a float
98
  $version_parts = explode('.', $version);
99
+ $version = intval($version_parts[0]).'.';
100
  for( $position = 1; $position<count($version_parts); ++$position ){
101
+ $version .= intval($version_parts[$position]);
102
  }
103
 
104
  return floatval($version);
266
  include_once 'cg-tvs-admin-panel-display.php';
267
  }
268
 
269
+ }
timthumb-vulnerability-scanner.php CHANGED
@@ -4,7 +4,7 @@ Plugin Name: TimThumb Vulnerability Scanner
4
  Plugin URI: http://codegarage.com/blog/2011/09/wordpress-timthumb-vulnerability-scanner-plugin-1.4/
5
  Description: Keep your instances of Timthumb up to date and free from vulnerabilities simply. Bonus - checks for obvious signs of compromised sites.
6
  Author: Peter Butler
7
- Version: 1.42
8
  Author URI: http://codegarage.com/
9
  */
10
 
4
  Plugin URI: http://codegarage.com/blog/2011/09/wordpress-timthumb-vulnerability-scanner-plugin-1.4/
5
  Description: Keep your instances of Timthumb up to date and free from vulnerabilities simply. Bonus - checks for obvious signs of compromised sites.
6
  Author: Peter Butler
7
+ Version: 1.43
8
  Author URI: http://codegarage.com/
9
  */
10