Acunetix WP Security - Version 3.1.0

Version Description

Download this release

Release Info

Developer Acunetix
Plugin Icon wp plugin Acunetix WP Security
Version 3.1.0
Comparing to
See all releases

Code changes from version 3.0.7 to 3.1.0

Files changed (14) hide show
  1. images/close-button.png +0 -0
  2. images/rss.png +0 -0
  3. inc/admin/plugin_options.php +64 -0
  4. inc/admin/pwtool.php +19 -11
  5. inc/admin/scanner.php +12 -8
  6. inc/admin/support.php +55 -2
  7. js/md5.js +200 -200
  8. libs/functions.php +85 -69
  9. libs/wpssUtil.php +56 -8
  10. libs/wsd.php +835 -802
  11. readme.txt +7 -2
  12. screenshot-1.jpg +0 -0
  13. screenshot-2.jpg +0 -0
  14. securityscan.php +46 -46
images/close-button.png ADDED
Binary file
images/rss.png ADDED
Binary file
inc/admin/plugin_options.php ADDED
@@ -0,0 +1,64 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ function mrt_sub4(){
3
+
4
+ mrt_wpss_menu_head('Plugin options');
5
+
6
+ ?>
7
+
8
+ <div class="metabox-holder">
9
+ <div class="postbox" style="width: 60%;">
10
+ <h3 class="hndle"><span><?php echo __('Plugin options');?></span></h3>
11
+ <div class="inside">
12
+ <p></p>
13
+ <?php
14
+ //# 10/04/2011
15
+ $_checked = false;
16
+ if ($_SERVER['REQUEST_METHOD'] == 'POST')
17
+ {
18
+ if($_POST['show_rss_widget'] == 'on'){
19
+ update_option('WSD-RSS-WGT-DISPLAY', 'yes');
20
+ $_checked = true;
21
+ }
22
+ else {
23
+ update_option('WSD-RSS-WGT-DISPLAY', 'no');
24
+ $_checked = false;
25
+ }
26
+ }
27
+ $wsdRssWidgetVisible = get_option('WSD-RSS-WGT-DISPLAY');
28
+ if (empty($wsdRssWidgetVisible) || $wsdRssWidgetVisible=='yes') {
29
+ add_option('WSD-RSS-WGT-DISPLAY', 'yes');
30
+ $_checked = true;
31
+ }
32
+ else {
33
+ if (strtolower($wsdRssWidgetVisible) == 'no') {
34
+ $_checked = false;
35
+ }
36
+ }
37
+ //@++
38
+ ?>
39
+ <div class="acx-section-box">
40
+
41
+ <form id="plugin_options_form" method="post">
42
+ <div>
43
+ <input type="checkbox" name="show_rss_widget" id="show_rss_widget" <?php echo ($_checked ? 'checked="checked"' : '');?> />
44
+ <label for="show_rss_widget"><?php echo __("Show the WebsiteDefender News dashboard widget");?></label>
45
+ </div>
46
+
47
+ <div>
48
+ <p style="margin-top: 25px">
49
+ <input type="submit" class="button-primary" value="<?php echo __('Update');?>"/>
50
+ </p>
51
+ </div>
52
+ </form>
53
+
54
+ </div>
55
+ <p></p>
56
+ </div>
57
+ </div>
58
+ </div>
59
+
60
+
61
+ <?php
62
+ mrt_wpss_menu_footer();
63
+
64
+ } ?>
inc/admin/pwtool.php CHANGED
@@ -5,10 +5,11 @@ function mrt_sub1(){
5
 
6
  ?>
7
 
8
- <div style="height:299px">
9
- <?php
10
- echo "<br /><strong>Password Strength Tool</strong>";
11
- ?>
 
12
  <table id="wsd_pwdtool">
13
  <tr valign="top">
14
  <td>
@@ -27,13 +28,20 @@ echo "<br /><strong>Password Strength Tool</strong>";
27
  </td>
28
  </tr>
29
  </table>
30
-
31
- <br /><hr align="left" size="2" width="612px" />
32
- <?php
33
- echo "<br /><br /><strong>Strong Password Generator</strong><br />";
34
- echo "Strong Password: " . '<span style="color:#f00;">' . make_password(15) . "</span>";
35
- ?>
36
- </div>
 
 
 
 
 
 
 
37
 
38
  <?php
39
  mrt_wpss_menu_footer();
5
 
6
  ?>
7
 
8
+ <div class="metabox-holder">
9
+ <div class="postbox" style="width: 60%;">
10
+ <h3 class="hndle"><span><?php echo __('Password Strength Tool');?></span></h3>
11
+ <div class="inside">
12
+ <p></p>
13
  <table id="wsd_pwdtool">
14
  <tr valign="top">
15
  <td>
28
  </td>
29
  </tr>
30
  </table>
31
+ <p></p>
32
+ </div>
33
+ </div>
34
+ </div>
35
+
36
+ <div>
37
+ <?php
38
+ echo "<br /><strong>Strong Password Generator</strong><br />";
39
+ echo "Strong Password: " . '<span style="color:#f00;">' . make_password(15) . "</span>";
40
+ ?>
41
+ </div>
42
+ <br/><br/>
43
+ <p style="margin-top: 75px;"></p>
44
+ <hr align="left" size="2" width="612px" />
45
 
46
  <?php
47
  mrt_wpss_menu_footer();
inc/admin/scanner.php CHANGED
@@ -3,13 +3,17 @@ function mrt_sub0(){
3
 
4
  mrt_wpss_menu_head('WP - Security Scan');?>
5
 
6
- <div>
7
- <table id="wsd_permissions_table" width="100%" border="0" cellspacing="0" cellpadding="3" style="text-align:center;">
8
- <thead>
9
- <th style="border:0px;"><b>Name</b></th>
10
- <th style="border:0px;"><b>File/Dir</b></th>
11
- <th style="border:0px;"><b>Needed Chmod</b></th>
12
- <th style="border:0px;"><b>Current Chmod</b></th>
 
 
 
 
13
  </thead>
14
  <tbody>
15
  <?php
@@ -27,7 +31,7 @@ mrt_wpss_menu_head('WP - Security Scan');?>
27
  </tbody>
28
  </table>
29
 
30
- </div>
31
  <?php
32
  mrt_wpss_menu_footer();
33
  } ?>
3
 
4
  mrt_wpss_menu_head('WP - Security Scan');?>
5
 
6
+ <div class="metabox-holder">
7
+ <div class="postbox">
8
+ <h3 class="hndle"><span><?php echo __('Directory Info');?></span></h3>
9
+ <div class="inside">
10
+ <table id="wsd_permissions_table" width="100%" border="0" cellspacing="0" cellpadding="3"
11
+ style="text-align:center; border: solid 1px #333;">
12
+ <thead style="background: #333;">
13
+ <th style="border:0px; padding: 4px 4px;"><strong style="color: #f5f5f5">Name</strong></th>
14
+ <th style="border:0px; padding: 4px 4px;"><strong style="color: #f5f5f5">File/Dir</strong></th>
15
+ <th style="border:0px; padding: 4px 4px;"><strong style="color: #f5f5f5">Needed Chmod</strong></th>
16
+ <th style="border:0px; padding: 4px 4px;"><strong style="color: #f5f5f5">Current Chmod</strong></th>
17
  </thead>
18
  <tbody>
19
  <?php
31
  </tbody>
32
  </table>
33
 
34
+ </div></div></div>
35
  <?php
36
  mrt_wpss_menu_footer();
37
  } ?>
inc/admin/support.php CHANGED
@@ -2,7 +2,7 @@
2
  function mrt_sub2()
3
  {
4
  mrt_wpss_menu_head('WP - Security Support');
5
- ?>
6
  <div>
7
  <br/>
8
  <p>Under Construction...</p>
@@ -14,7 +14,60 @@ function mrt_sub2()
14
  <strong>Backup early, backup often!</strong>
15
  <br /><br /><br /><br /><br />
16
  </div>
17
-
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
18
  <?php
19
  mrt_wpss_menu_footer();
20
  }
2
  function mrt_sub2()
3
  {
4
  mrt_wpss_menu_head('WP - Security Support');
5
+ ?><?php /*
6
  <div>
7
  <br/>
8
  <p>Under Construction...</p>
14
  <strong>Backup early, backup often!</strong>
15
  <br /><br /><br /><br /><br />
16
  </div>
17
+ */?>
18
+
19
+ <div class="metabox-holder">
20
+ <div class="postbox">
21
+ <h3 class="hndle"><span><?php echo __('About WebsiteDefender');?></span></h3>
22
+ <div class="inside">
23
+ <p><?php echo __('A secure website, free from malware, where your customers can feel safe is vital to your online success.
24
+ Unfortunately, the number of web hacking attacks has risen dramatically. Website security is an absolute must.
25
+ If you do not protect your website, hackers can gain access to your website, modify your web content, install malware
26
+ and have your site banned from Google. They could modify scripts and gain access to your customer data and their credit card details…');?></p>
27
+
28
+ <p><?php echo __('WebsiteDefender is an online service that monitors your website for hacker activity, audits the security
29
+ of your web site and gives you easy to understand solutions to keep your website safe. With WebsiteDefender you can:');?></p>
30
+
31
+ <ul class="wsd_info_list">
32
+ <li><?php echo __('Detect Malware present on your website');?></li>
33
+ <li><?php echo __('Audit your web site for security issues');?></li>
34
+ <li><?php echo __('Avoid getting blacklisted by Google');?></li>
35
+ <li><?php echo __('Keep your web site content &amp; data safe');?></li>
36
+ <li><?php echo __('Get alerted to suspicious hacker activity');?></li>
37
+ </ul>
38
+
39
+ <p><?php echo __('All via an easy-to-understand web based dashboard which gives step by step solutions!
40
+ Sign up for your FREE account <a href="admin.php?page=wp-security-scan/securityscan.php">here</a>.');?></p>
41
+ </div>
42
+ </div>
43
+ </div>
44
+
45
+
46
+ <div class="metabox-holder">
47
+ <div class="postbox">
48
+ <h3 class="hndle"><span><?php echo __('Get Involved!');?></span></h3>
49
+ <div class="inside">
50
+ <p></p>
51
+ <ul class="wsd_info_list">
52
+ <li>
53
+ <span><a href="http://www.websitedefender.com/forums/" target="_blank"><?php echo __('WebsiteDefender forums');?></a></span>
54
+ </li>
55
+ <li>
56
+ <span><a href="http://www.websitedefender.com/blog/" target="_blank"><?php echo __('WebsiteDefender blog');?></a></span>
57
+ </li>
58
+ <li>
59
+ <span><a href="http://twitter.com/#!/websitedefender" target="_blank"><?php echo __('WebsiteDefender on Twitter');?></a></span>
60
+ </li>
61
+ <li>
62
+ <span><a href="http://www.facebook.com/WebsiteDefender" target="_blank"><?php echo __('WebsiteDefender on Facebook');?></a></span>
63
+ </li>
64
+ </ul>
65
+ <p></p>
66
+ </div>
67
+ </div>
68
+ </div>
69
+
70
+
71
  <?php
72
  mrt_wpss_menu_footer();
73
  }
js/md5.js CHANGED
@@ -1,201 +1,201 @@
1
- var wsdMD5 = function (string)
2
- {
3
-
4
- function RotateLeft(lValue, iShiftBits) {
5
- return (lValue<<iShiftBits) | (lValue>>>(32-iShiftBits));
6
- }
7
-
8
- function AddUnsigned(lX,lY) {
9
- var lX4,lY4,lX8,lY8,lResult;
10
- lX8 = (lX & 0x80000000);
11
- lY8 = (lY & 0x80000000);
12
- lX4 = (lX & 0x40000000);
13
- lY4 = (lY & 0x40000000);
14
- lResult = (lX & 0x3FFFFFFF)+(lY & 0x3FFFFFFF);
15
- if (lX4 & lY4) {
16
- return (lResult ^ 0x80000000 ^ lX8 ^ lY8);
17
- }
18
- if (lX4 | lY4) {
19
- if (lResult & 0x40000000) {
20
- return (lResult ^ 0xC0000000 ^ lX8 ^ lY8);
21
- } else {
22
- return (lResult ^ 0x40000000 ^ lX8 ^ lY8);
23
- }
24
- } else {
25
- return (lResult ^ lX8 ^ lY8);
26
- }
27
- }
28
-
29
- function F(x,y,z) { return (x & y) | ((~x) & z); }
30
- function G(x,y,z) { return (x & z) | (y & (~z)); }
31
- function H(x,y,z) { return (x ^ y ^ z); }
32
- function I(x,y,z) { return (y ^ (x | (~z))); }
33
-
34
- function FF(a,b,c,d,x,s,ac) {
35
- a = AddUnsigned(a, AddUnsigned(AddUnsigned(F(b, c, d), x), ac));
36
- return AddUnsigned(RotateLeft(a, s), b);
37
- };
38
-
39
- function GG(a,b,c,d,x,s,ac) {
40
- a = AddUnsigned(a, AddUnsigned(AddUnsigned(G(b, c, d), x), ac));
41
- return AddUnsigned(RotateLeft(a, s), b);
42
- };
43
-
44
- function HH(a,b,c,d,x,s,ac) {
45
- a = AddUnsigned(a, AddUnsigned(AddUnsigned(H(b, c, d), x), ac));
46
- return AddUnsigned(RotateLeft(a, s), b);
47
- };
48
-
49
- function II(a,b,c,d,x,s,ac) {
50
- a = AddUnsigned(a, AddUnsigned(AddUnsigned(I(b, c, d), x), ac));
51
- return AddUnsigned(RotateLeft(a, s), b);
52
- };
53
-
54
- function ConvertToWordArray(string) {
55
- var lWordCount;
56
- var lMessageLength = string.length;
57
- var lNumberOfWords_temp1=lMessageLength + 8;
58
- var lNumberOfWords_temp2=(lNumberOfWords_temp1-(lNumberOfWords_temp1 % 64))/64;
59
- var lNumberOfWords = (lNumberOfWords_temp2+1)*16;
60
- var lWordArray=Array(lNumberOfWords-1);
61
- var lBytePosition = 0;
62
- var lByteCount = 0;
63
- while ( lByteCount < lMessageLength ) {
64
- lWordCount = (lByteCount-(lByteCount % 4))/4;
65
- lBytePosition = (lByteCount % 4)*8;
66
- lWordArray[lWordCount] = (lWordArray[lWordCount] | (string.charCodeAt(lByteCount)<<lBytePosition));
67
- lByteCount++;
68
- }
69
- lWordCount = (lByteCount-(lByteCount % 4))/4;
70
- lBytePosition = (lByteCount % 4)*8;
71
- lWordArray[lWordCount] = lWordArray[lWordCount] | (0x80<<lBytePosition);
72
- lWordArray[lNumberOfWords-2] = lMessageLength<<3;
73
- lWordArray[lNumberOfWords-1] = lMessageLength>>>29;
74
- return lWordArray;
75
- };
76
-
77
- function WordToHex(lValue) {
78
- var WordToHexValue="",WordToHexValue_temp="",lByte,lCount;
79
- for (lCount = 0;lCount<=3;lCount++) {
80
- lByte = (lValue>>>(lCount*8)) & 255;
81
- WordToHexValue_temp = "0" + lByte.toString(16);
82
- WordToHexValue = WordToHexValue + WordToHexValue_temp.substr(WordToHexValue_temp.length-2,2);
83
- }
84
- return WordToHexValue;
85
- };
86
-
87
- function Utf8Encode(string) {
88
- string = string.replace(/\r\n/g,"\n");
89
- var utftext = "";
90
-
91
- for (var n = 0; n < string.length; n++) {
92
-
93
- var c = string.charCodeAt(n);
94
-
95
- if (c < 128) {
96
- utftext += String.fromCharCode(c);
97
- }
98
- else if((c > 127) && (c < 2048)) {
99
- utftext += String.fromCharCode((c >> 6) | 192);
100
- utftext += String.fromCharCode((c & 63) | 128);
101
- }
102
- else {
103
- utftext += String.fromCharCode((c >> 12) | 224);
104
- utftext += String.fromCharCode(((c >> 6) & 63) | 128);
105
- utftext += String.fromCharCode((c & 63) | 128);
106
- }
107
-
108
- }
109
-
110
- return utftext;
111
- };
112
-
113
- var x=Array();
114
- var k,AA,BB,CC,DD,a,b,c,d;
115
- var S11=7, S12=12, S13=17, S14=22;
116
- var S21=5, S22=9 , S23=14, S24=20;
117
- var S31=4, S32=11, S33=16, S34=23;
118
- var S41=6, S42=10, S43=15, S44=21;
119
-
120
- string = Utf8Encode(string);
121
-
122
- x = ConvertToWordArray(string);
123
-
124
- a = 0x67452301; b = 0xEFCDAB89; c = 0x98BADCFE; d = 0x10325476;
125
-
126
- for (k=0;k<x.length;k+=16) {
127
- AA=a; BB=b; CC=c; DD=d;
128
- a=FF(a,b,c,d,x[k+0], S11,0xD76AA478);
129
- d=FF(d,a,b,c,x[k+1], S12,0xE8C7B756);
130
- c=FF(c,d,a,b,x[k+2], S13,0x242070DB);
131
- b=FF(b,c,d,a,x[k+3], S14,0xC1BDCEEE);
132
- a=FF(a,b,c,d,x[k+4], S11,0xF57C0FAF);
133
- d=FF(d,a,b,c,x[k+5], S12,0x4787C62A);
134
- c=FF(c,d,a,b,x[k+6], S13,0xA8304613);
135
- b=FF(b,c,d,a,x[k+7], S14,0xFD469501);
136
- a=FF(a,b,c,d,x[k+8], S11,0x698098D8);
137
- d=FF(d,a,b,c,x[k+9], S12,0x8B44F7AF);
138
- c=FF(c,d,a,b,x[k+10],S13,0xFFFF5BB1);
139
- b=FF(b,c,d,a,x[k+11],S14,0x895CD7BE);
140
- a=FF(a,b,c,d,x[k+12],S11,0x6B901122);
141
- d=FF(d,a,b,c,x[k+13],S12,0xFD987193);
142
- c=FF(c,d,a,b,x[k+14],S13,0xA679438E);
143
- b=FF(b,c,d,a,x[k+15],S14,0x49B40821);
144
- a=GG(a,b,c,d,x[k+1], S21,0xF61E2562);
145
- d=GG(d,a,b,c,x[k+6], S22,0xC040B340);
146
- c=GG(c,d,a,b,x[k+11],S23,0x265E5A51);
147
- b=GG(b,c,d,a,x[k+0], S24,0xE9B6C7AA);
148
- a=GG(a,b,c,d,x[k+5], S21,0xD62F105D);
149
- d=GG(d,a,b,c,x[k+10],S22,0x2441453);
150
- c=GG(c,d,a,b,x[k+15],S23,0xD8A1E681);
151
- b=GG(b,c,d,a,x[k+4], S24,0xE7D3FBC8);
152
- a=GG(a,b,c,d,x[k+9], S21,0x21E1CDE6);
153
- d=GG(d,a,b,c,x[k+14],S22,0xC33707D6);
154
- c=GG(c,d,a,b,x[k+3], S23,0xF4D50D87);
155
- b=GG(b,c,d,a,x[k+8], S24,0x455A14ED);
156
- a=GG(a,b,c,d,x[k+13],S21,0xA9E3E905);
157
- d=GG(d,a,b,c,x[k+2], S22,0xFCEFA3F8);
158
- c=GG(c,d,a,b,x[k+7], S23,0x676F02D9);
159
- b=GG(b,c,d,a,x[k+12],S24,0x8D2A4C8A);
160
- a=HH(a,b,c,d,x[k+5], S31,0xFFFA3942);
161
- d=HH(d,a,b,c,x[k+8], S32,0x8771F681);
162
- c=HH(c,d,a,b,x[k+11],S33,0x6D9D6122);
163
- b=HH(b,c,d,a,x[k+14],S34,0xFDE5380C);
164
- a=HH(a,b,c,d,x[k+1], S31,0xA4BEEA44);
165
- d=HH(d,a,b,c,x[k+4], S32,0x4BDECFA9);
166
- c=HH(c,d,a,b,x[k+7], S33,0xF6BB4B60);
167
- b=HH(b,c,d,a,x[k+10],S34,0xBEBFBC70);
168
- a=HH(a,b,c,d,x[k+13],S31,0x289B7EC6);
169
- d=HH(d,a,b,c,x[k+0], S32,0xEAA127FA);
170
- c=HH(c,d,a,b,x[k+3], S33,0xD4EF3085);
171
- b=HH(b,c,d,a,x[k+6], S34,0x4881D05);
172
- a=HH(a,b,c,d,x[k+9], S31,0xD9D4D039);
173
- d=HH(d,a,b,c,x[k+12],S32,0xE6DB99E5);
174
- c=HH(c,d,a,b,x[k+15],S33,0x1FA27CF8);
175
- b=HH(b,c,d,a,x[k+2], S34,0xC4AC5665);
176
- a=II(a,b,c,d,x[k+0], S41,0xF4292244);
177
- d=II(d,a,b,c,x[k+7], S42,0x432AFF97);
178
- c=II(c,d,a,b,x[k+14],S43,0xAB9423A7);
179
- b=II(b,c,d,a,x[k+5], S44,0xFC93A039);
180
- a=II(a,b,c,d,x[k+12],S41,0x655B59C3);
181
- d=II(d,a,b,c,x[k+3], S42,0x8F0CCC92);
182
- c=II(c,d,a,b,x[k+10],S43,0xFFEFF47D);
183
- b=II(b,c,d,a,x[k+1], S44,0x85845DD1);
184
- a=II(a,b,c,d,x[k+8], S41,0x6FA87E4F);
185
- d=II(d,a,b,c,x[k+15],S42,0xFE2CE6E0);
186
- c=II(c,d,a,b,x[k+6], S43,0xA3014314);
187
- b=II(b,c,d,a,x[k+13],S44,0x4E0811A1);
188
- a=II(a,b,c,d,x[k+4], S41,0xF7537E82);
189
- d=II(d,a,b,c,x[k+11],S42,0xBD3AF235);
190
- c=II(c,d,a,b,x[k+2], S43,0x2AD7D2BB);
191
- b=II(b,c,d,a,x[k+9], S44,0xEB86D391);
192
- a=AddUnsigned(a,AA);
193
- b=AddUnsigned(b,BB);
194
- c=AddUnsigned(c,CC);
195
- d=AddUnsigned(d,DD);
196
- }
197
-
198
- var temp = WordToHex(a)+WordToHex(b)+WordToHex(c)+WordToHex(d);
199
-
200
- return temp.toLowerCase();
201
  };
1
+ var wsdMD5 = function (string)
2
+ {
3
+
4
+ function RotateLeft(lValue, iShiftBits) {
5
+ return (lValue<<iShiftBits) | (lValue>>>(32-iShiftBits));
6
+ }
7
+
8
+ function AddUnsigned(lX,lY) {
9
+ var lX4,lY4,lX8,lY8,lResult;
10
+ lX8 = (lX & 0x80000000);
11
+ lY8 = (lY & 0x80000000);
12
+ lX4 = (lX & 0x40000000);
13
+ lY4 = (lY & 0x40000000);
14
+ lResult = (lX & 0x3FFFFFFF)+(lY & 0x3FFFFFFF);
15
+ if (lX4 & lY4) {
16
+ return (lResult ^ 0x80000000 ^ lX8 ^ lY8);
17
+ }
18
+ if (lX4 | lY4) {
19
+ if (lResult & 0x40000000) {
20
+ return (lResult ^ 0xC0000000 ^ lX8 ^ lY8);
21
+ } else {
22
+ return (lResult ^ 0x40000000 ^ lX8 ^ lY8);
23
+ }
24
+ } else {
25
+ return (lResult ^ lX8 ^ lY8);
26
+ }
27
+ }
28
+
29
+ function F(x,y,z) { return (x & y) | ((~x) & z); }
30
+ function G(x,y,z) { return (x & z) | (y & (~z)); }
31
+ function H(x,y,z) { return (x ^ y ^ z); }
32
+ function I(x,y,z) { return (y ^ (x | (~z))); }
33
+
34
+ function FF(a,b,c,d,x,s,ac) {
35
+ a = AddUnsigned(a, AddUnsigned(AddUnsigned(F(b, c, d), x), ac));
36
+ return AddUnsigned(RotateLeft(a, s), b);
37
+ };
38
+
39
+ function GG(a,b,c,d,x,s,ac) {
40
+ a = AddUnsigned(a, AddUnsigned(AddUnsigned(G(b, c, d), x), ac));
41
+ return AddUnsigned(RotateLeft(a, s), b);
42
+ };
43
+
44
+ function HH(a,b,c,d,x,s,ac) {
45
+ a = AddUnsigned(a, AddUnsigned(AddUnsigned(H(b, c, d), x), ac));
46
+ return AddUnsigned(RotateLeft(a, s), b);
47
+ };
48
+
49
+ function II(a,b,c,d,x,s,ac) {
50
+ a = AddUnsigned(a, AddUnsigned(AddUnsigned(I(b, c, d), x), ac));
51
+ return AddUnsigned(RotateLeft(a, s), b);
52
+ };
53
+
54
+ function ConvertToWordArray(string) {
55
+ var lWordCount;
56
+ var lMessageLength = string.length;
57
+ var lNumberOfWords_temp1=lMessageLength + 8;
58
+ var lNumberOfWords_temp2=(lNumberOfWords_temp1-(lNumberOfWords_temp1 % 64))/64;
59
+ var lNumberOfWords = (lNumberOfWords_temp2+1)*16;
60
+ var lWordArray=Array(lNumberOfWords-1);
61
+ var lBytePosition = 0;
62
+ var lByteCount = 0;
63
+ while ( lByteCount < lMessageLength ) {
64
+ lWordCount = (lByteCount-(lByteCount % 4))/4;
65
+ lBytePosition = (lByteCount % 4)*8;
66
+ lWordArray[lWordCount] = (lWordArray[lWordCount] | (string.charCodeAt(lByteCount)<<lBytePosition));
67
+ lByteCount++;
68
+ }
69
+ lWordCount = (lByteCount-(lByteCount % 4))/4;
70
+ lBytePosition = (lByteCount % 4)*8;
71
+ lWordArray[lWordCount] = lWordArray[lWordCount] | (0x80<<lBytePosition);
72
+ lWordArray[lNumberOfWords-2] = lMessageLength<<3;
73
+ lWordArray[lNumberOfWords-1] = lMessageLength>>>29;
74
+ return lWordArray;
75
+ };
76
+
77
+ function WordToHex(lValue) {
78
+ var WordToHexValue="",WordToHexValue_temp="",lByte,lCount;
79
+ for (lCount = 0;lCount<=3;lCount++) {
80
+ lByte = (lValue>>>(lCount*8)) & 255;
81
+ WordToHexValue_temp = "0" + lByte.toString(16);
82
+ WordToHexValue = WordToHexValue + WordToHexValue_temp.substr(WordToHexValue_temp.length-2,2);
83
+ }
84
+ return WordToHexValue;
85
+ };
86
+
87
+ function Utf8Encode(string) {
88
+ string = string.replace(/\r\n/g,"\n");
89
+ var utftext = "";
90
+
91
+ for (var n = 0; n < string.length; n++) {
92
+
93
+ var c = string.charCodeAt(n);
94
+
95
+ if (c < 128) {
96
+ utftext += String.fromCharCode(c);
97
+ }
98
+ else if((c > 127) && (c < 2048)) {
99
+ utftext += String.fromCharCode((c >> 6) | 192);
100
+ utftext += String.fromCharCode((c & 63) | 128);
101
+ }
102
+ else {
103
+ utftext += String.fromCharCode((c >> 12) | 224);
104
+ utftext += String.fromCharCode(((c >> 6) & 63) | 128);
105
+ utftext += String.fromCharCode((c & 63) | 128);
106
+ }
107
+
108
+ }
109
+
110
+ return utftext;
111
+ };
112
+
113
+ var x=Array();
114
+ var k,AA,BB,CC,DD,a,b,c,d;
115
+ var S11=7, S12=12, S13=17, S14=22;
116
+ var S21=5, S22=9 , S23=14, S24=20;
117
+ var S31=4, S32=11, S33=16, S34=23;
118
+ var S41=6, S42=10, S43=15, S44=21;
119
+
120
+ string = Utf8Encode(string);
121
+
122
+ x = ConvertToWordArray(string);
123
+
124
+ a = 0x67452301; b = 0xEFCDAB89; c = 0x98BADCFE; d = 0x10325476;
125
+
126
+ for (k=0;k<x.length;k+=16) {
127
+ AA=a; BB=b; CC=c; DD=d;
128
+ a=FF(a,b,c,d,x[k+0], S11,0xD76AA478);
129
+ d=FF(d,a,b,c,x[k+1], S12,0xE8C7B756);
130
+ c=FF(c,d,a,b,x[k+2], S13,0x242070DB);
131
+ b=FF(b,c,d,a,x[k+3], S14,0xC1BDCEEE);
132
+ a=FF(a,b,c,d,x[k+4], S11,0xF57C0FAF);
133
+ d=FF(d,a,b,c,x[k+5], S12,0x4787C62A);
134
+ c=FF(c,d,a,b,x[k+6], S13,0xA8304613);
135
+ b=FF(b,c,d,a,x[k+7], S14,0xFD469501);
136
+ a=FF(a,b,c,d,x[k+8], S11,0x698098D8);
137
+ d=FF(d,a,b,c,x[k+9], S12,0x8B44F7AF);
138
+ c=FF(c,d,a,b,x[k+10],S13,0xFFFF5BB1);
139
+ b=FF(b,c,d,a,x[k+11],S14,0x895CD7BE);
140
+ a=FF(a,b,c,d,x[k+12],S11,0x6B901122);
141
+ d=FF(d,a,b,c,x[k+13],S12,0xFD987193);
142
+ c=FF(c,d,a,b,x[k+14],S13,0xA679438E);
143
+ b=FF(b,c,d,a,x[k+15],S14,0x49B40821);
144
+ a=GG(a,b,c,d,x[k+1], S21,0xF61E2562);
145
+ d=GG(d,a,b,c,x[k+6], S22,0xC040B340);
146
+ c=GG(c,d,a,b,x[k+11],S23,0x265E5A51);
147
+ b=GG(b,c,d,a,x[k+0], S24,0xE9B6C7AA);
148
+ a=GG(a,b,c,d,x[k+5], S21,0xD62F105D);
149
+ d=GG(d,a,b,c,x[k+10],S22,0x2441453);
150
+ c=GG(c,d,a,b,x[k+15],S23,0xD8A1E681);
151
+ b=GG(b,c,d,a,x[k+4], S24,0xE7D3FBC8);
152
+ a=GG(a,b,c,d,x[k+9], S21,0x21E1CDE6);
153
+ d=GG(d,a,b,c,x[k+14],S22,0xC33707D6);
154
+ c=GG(c,d,a,b,x[k+3], S23,0xF4D50D87);
155
+ b=GG(b,c,d,a,x[k+8], S24,0x455A14ED);
156
+ a=GG(a,b,c,d,x[k+13],S21,0xA9E3E905);
157
+ d=GG(d,a,b,c,x[k+2], S22,0xFCEFA3F8);
158
+ c=GG(c,d,a,b,x[k+7], S23,0x676F02D9);
159
+ b=GG(b,c,d,a,x[k+12],S24,0x8D2A4C8A);
160
+ a=HH(a,b,c,d,x[k+5], S31,0xFFFA3942);
161
+ d=HH(d,a,b,c,x[k+8], S32,0x8771F681);
162
+ c=HH(c,d,a,b,x[k+11],S33,0x6D9D6122);
163
+ b=HH(b,c,d,a,x[k+14],S34,0xFDE5380C);
164
+ a=HH(a,b,c,d,x[k+1], S31,0xA4BEEA44);
165
+ d=HH(d,a,b,c,x[k+4], S32,0x4BDECFA9);
166
+ c=HH(c,d,a,b,x[k+7], S33,0xF6BB4B60);
167
+ b=HH(b,c,d,a,x[k+10],S34,0xBEBFBC70);
168
+ a=HH(a,b,c,d,x[k+13],S31,0x289B7EC6);
169
+ d=HH(d,a,b,c,x[k+0], S32,0xEAA127FA);
170
+ c=HH(c,d,a,b,x[k+3], S33,0xD4EF3085);
171
+ b=HH(b,c,d,a,x[k+6], S34,0x4881D05);
172
+ a=HH(a,b,c,d,x[k+9], S31,0xD9D4D039);
173
+ d=HH(d,a,b,c,x[k+12],S32,0xE6DB99E5);
174
+ c=HH(c,d,a,b,x[k+15],S33,0x1FA27CF8);
175
+ b=HH(b,c,d,a,x[k+2], S34,0xC4AC5665);
176
+ a=II(a,b,c,d,x[k+0], S41,0xF4292244);
177
+ d=II(d,a,b,c,x[k+7], S42,0x432AFF97);
178
+ c=II(c,d,a,b,x[k+14],S43,0xAB9423A7);
179
+ b=II(b,c,d,a,x[k+5], S44,0xFC93A039);
180
+ a=II(a,b,c,d,x[k+12],S41,0x655B59C3);
181
+ d=II(d,a,b,c,x[k+3], S42,0x8F0CCC92);
182
+ c=II(c,d,a,b,x[k+10],S43,0xFFEFF47D);
183
+ b=II(b,c,d,a,x[k+1], S44,0x85845DD1);
184
+ a=II(a,b,c,d,x[k+8], S41,0x6FA87E4F);
185
+ d=II(d,a,b,c,x[k+15],S42,0xFE2CE6E0);
186
+ c=II(c,d,a,b,x[k+6], S43,0xA3014314);
187
+ b=II(b,c,d,a,x[k+13],S44,0x4E0811A1);
188
+ a=II(a,b,c,d,x[k+4], S41,0xF7537E82);
189
+ d=II(d,a,b,c,x[k+11],S42,0xBD3AF235);
190
+ c=II(c,d,a,b,x[k+2], S43,0x2AD7D2BB);
191
+ b=II(b,c,d,a,x[k+9], S44,0xEB86D391);
192
+ a=AddUnsigned(a,AA);
193
+ b=AddUnsigned(b,BB);
194
+ c=AddUnsigned(c,CC);
195
+ d=AddUnsigned(d,DD);
196
+ }
197
+
198
+ var temp = WordToHex(a)+WordToHex(b)+WordToHex(c)+WordToHex(d);
199
+
200
+ return temp.toLowerCase();
201
  };
libs/functions.php CHANGED
@@ -37,7 +37,7 @@ function check_perms($name,$path,$perm)
37
  {
38
  clearstatcache();
39
  $configmod = substr(sprintf("%o", fileperms($path)), -4);
40
- $trcss = (($configmod != $perm) ? "background-color:#fd7a7a;" : "background-color:#91f587;");
41
  echo "<tr style=".$trcss.">";
42
  echo '<td style="border:0px;">' . $name . "</td>";
43
  echo '<td style="border:0px;">'. $path ."</td>";
@@ -51,7 +51,7 @@ function wsd_getFilePermissions($filePath)
51
  {
52
  clearstatcache();
53
  $res = @substr(sprintf("%o", fileperms($filePath)), -4);
54
-
55
  return (empty($res) ? '0' : $res);
56
  }
57
 
@@ -103,7 +103,12 @@ function mrt_get_serverinfo() {
103
 
104
  function mrt_check_table_prefix(){
105
  if($GLOBALS['table_prefix']=='wp_'){
106
- echo '<span style="color:#f00">Your table prefix should not be <i>wp_</i>. <a href="admin.php?page=database">Click here</a> to change it.</span><br />';
 
 
 
 
 
107
  }
108
  else { echo '<span class="scanpass">Your table prefix is not <i>wp_</i>.</span><br />'; }
109
  }
@@ -125,8 +130,8 @@ global $wp_version;
125
 
126
  function mrt_remove_wp_version()
127
  {
128
- function filter_generator( $gen, $type ) {
129
- switch ( $type ) {
130
  case 'html':
131
  $gen = '<meta name="generator" content="WordPress">';
132
  break;
@@ -145,24 +150,45 @@ function mrt_remove_wp_version()
145
  case 'comment':
146
  $gen = '<!-- generator="WordPress" -->';
147
  break;
148
- }
149
  return $gen;
150
  }
151
  foreach ( array( 'html', 'xhtml', 'atom', 'rss2', 'rdf', 'comment' ) as $type ) {
152
  add_filter( "get_the_generator_$type", 'filter_generator', 10, 2 );
153
  }
154
  }
 
 
 
 
 
 
 
 
 
 
 
155
 
156
- function mrt_check_version(){
157
- //echo "WordPress Version: ";
158
- global $wp_version;
159
- $mrt_wp_ver = ereg_replace("[^0-9]", "", $wp_version);
160
- while ($mrt_wp_ver > 10){
161
- $mrt_wp_ver = $mrt_wp_ver/10;
 
 
 
 
 
 
 
 
 
 
 
162
  }
163
- if ($mrt_wp_ver >= "2.8") $g2k5 = '<span class="scanpass"><strong>WordPress version: ' . $wp_version . '</strong> &nbsp;&nbsp;&nbsp; You have the latest stable version of WordPress.</span><br />';
164
- if ($mrt_wp_ver < "2.8") $g2k5 = '<span style="color:#f00"><strong>WordPress version: ' . $wp_version . '</strong> &nbsp;&nbsp;&nbsp; You need version 2.8.6. Please <a href="http://wordpress.org/download/">upgrade</a> immediately.</span><br />';
165
- echo $g2k5;
166
  }
167
 
168
 
@@ -201,31 +227,6 @@ function wsd_wpConfigCheckPermissions($wpConfigFilePath)
201
  */
202
  function wsd_getDbUserRights()
203
  {
204
- /*
205
- global $wpdb;
206
- $rights = $wpdb->get_results("SHOW GRANTS FOR '".DB_USER."'@'".DB_HOST."'", ARRAY_N);
207
- $rightsenough = $rightstomuch = false;
208
-
209
- foreach ($rights as $right) {
210
-
211
-
212
- if (ereg("ALTER(.*)(\*|`".str_replace("_", "\\\\_", DB_NAME)."`)\.(\*|`".DB_HOST."`) TO '".DB_USER."'@'".DB_HOST."'", $right[0]) || ereg("ALL PRIVILEGES ON (\*|`".str_replace("_", "\\\\_", DB_NAME)."`)\.(\*|`".DB_HOST."`) TO '".DB_USER."'@'".DB_HOST."'", $right[0])) {
213
- $rightsenough = $rightstomuch = true;
214
- break;
215
- }
216
- else {
217
- if (ereg("ALTER(.*)`".DB_NAME."`", $right[0])) {
218
- $rightsenough = true;
219
- break;
220
- }
221
- }
222
- }
223
-
224
- return array(
225
- 'rightsEnough' => $rightsenough,
226
- 'rightsTooMuch' => $rightstomuch,
227
- );
228
- */
229
  global $wpdb;
230
 
231
  $rightsenough = $rightstoomuch = false;
@@ -250,7 +251,7 @@ function wsd_getDbUserRights()
250
  if ('ALTER' == $_right) {
251
  $rightsenough = true;
252
  }
253
- if (in_array($_right, $tooManyRights)) {
254
  $numRights += 1;
255
  }
256
  }
@@ -262,7 +263,7 @@ function wsd_getDbUserRights()
262
  return array(
263
  'rightsEnough' => $rightsenough,
264
  'rightsTooMuch' => $rightstoomuch,
265
- );
266
  }
267
 
268
 
@@ -270,10 +271,10 @@ function wsd_getDbUserRights()
270
  * @public
271
  * @since v3.0.2
272
  * @revision $1 07/13/2011 $k
273
- *
274
  * Update the wp-config file to reflect the table prefix change.
275
  * The wp file must be writable for this operation to work!
276
- *
277
  * @param string $wsd_wpConfigFile The path to the wp-config file
278
  * @param string $newPrefix The new prefix to use instead of the old one
279
  * @return boolean
@@ -285,7 +286,7 @@ function wsd_updateWpConfigTablePrefix($wsd_wpConfigFile, $oldPrefix, $newPrefix
285
  {
286
  return -1;
287
  }
288
-
289
  if (!function_exists('file')) {
290
  return -1;
291
  }
@@ -308,7 +309,7 @@ function wsd_updateWpConfigTablePrefix($wsd_wpConfigFile, $oldPrefix, $newPrefix
308
  // Save wp-config file
309
  $result = file_put_contents($wsd_wpConfigFile, $fcontent);
310
  }
311
-
312
  return $result;
313
  }
314
 
@@ -322,7 +323,7 @@ function wsd_updateWpConfigTablePrefix($wsd_wpConfigFile, $oldPrefix, $newPrefix
322
  function wsd_getTablesToAlter()
323
  {
324
  global $wpdb;
325
-
326
  return $wpdb->get_results("SHOW TABLES LIKE '".$GLOBALS['table_prefix']."%'", ARRAY_N);
327
  }
328
 
@@ -330,7 +331,7 @@ function wsd_getTablesToAlter()
330
  * @public
331
  * @since v3.0.2
332
  * Rename tables from database
333
- * @global object $wpdb
334
  * @param array the list of tables to rename
335
  * @param string $currentPrefix the current prefix in use
336
  * @param string $newPrefix the new prefix to use
@@ -341,7 +342,7 @@ function wsd_renameTables($tables, $currentPrefix, $newPrefix)
341
  global $wpdb;
342
 
343
  $changedTables = array();
344
-
345
  foreach ($tables as $k=>$table)
346
  {
347
  $tableOldName = $table[0];
@@ -364,7 +365,7 @@ function wsd_renameTables($tables, $currentPrefix, $newPrefix)
364
  * @public
365
  * @since v3.0.2
366
  * @revision $1 07/13/2011 $k
367
- *
368
  * Rename some fields from options & usermeta tables in order to reflect the prefix change
369
  *
370
  * @global object $wpdb
@@ -378,11 +379,11 @@ function wsd_renameDbFields($oldPrefix,$newPrefix)
378
  * usermeta table
379
  * ===========================
380
  wp_*
381
-
382
  * options table
383
  * ===========================
384
  wp_user_roles
385
-
386
  */
387
  $str = '';
388
 
@@ -392,18 +393,18 @@ function wsd_renameDbFields($oldPrefix,$newPrefix)
392
 
393
  $query = 'update '.$newPrefix.'usermeta
394
  set meta_key = CONCAT(replace(left(meta_key, ' . strlen($oldPrefix) . "), '{$oldPrefix}', '{$newPrefix}'), SUBSTR(meta_key, " . (strlen($oldPrefix) + 1) . "))
395
- where
396
- meta_key in ('{$oldPrefix}autosave_draft_ids', '{$oldPrefix}capabilities', '{$oldPrefix}metaboxorder_post', '{$oldPrefix}user_level', '{$oldPrefix}usersettings',
397
  '{$oldPrefix}usersettingstime', '{$oldPrefix}user-settings', '{$oldPrefix}user-settings-time', '{$oldPrefix}dashboard_quick_press_last_post_id')";
398
 
399
  if (false === $wpdb->query($query)) {
400
  $str .= '<br/>Changing values in table <strong>'.$newPrefix.'usermeta</strong>: <font color="#ff0000">Failed</font>';
401
  }
402
-
403
  if (!empty($str)) {
404
  $str = '<div class="wsd_user_information"><p>Changing database prefix:</p><p>'.$str.'</p></div>';
405
  }
406
-
407
  return $str;
408
  }
409
 
@@ -421,7 +422,7 @@ function wsd_backupDatabase($tables = '*')
421
  {
422
  // cache
423
  $_tables = $tables;
424
-
425
  $link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
426
  if (!$link) {
427
  exit('Error: Cannot connect to db');
@@ -444,26 +445,26 @@ function wsd_backupDatabase($tables = '*')
444
  {
445
  $tables = is_array($tables) ? $tables : explode(',',$tables);
446
  }
447
-
448
  $return = 'CREATE DATABASE IF NOT EXISTS '.DB_NAME.";\n\n";
449
  $return .= 'USE '.DB_NAME.";\n\n";
450
-
451
  //cycle through
452
  foreach($tables as $table)
453
  {
454
  $result = mysql_query('SELECT * FROM '.$table);
455
  $num_fields = mysql_num_fields($result);
456
-
457
  $return.= 'DROP TABLE IF EXISTS '.$table.';';
458
  $row2 = mysql_fetch_row(mysql_query('SHOW CREATE TABLE '.$table));
459
  $return.= "\n\n".$row2[1].";\n\n";
460
-
461
- for ($i = 0; $i < $num_fields; $i++)
462
  {
463
  while($row = mysql_fetch_row($result))
464
  {
465
  $return.= 'INSERT INTO '.$table.' VALUES(';
466
- for($j=0; $j<$num_fields; $j++)
467
  {
468
  $row[$j] = addslashes($row[$j]);
469
  $row[$j] = ereg_replace("\n","\\n",$row[$j]);
@@ -475,11 +476,11 @@ function wsd_backupDatabase($tables = '*')
475
  }
476
  $return.="\n\n\n";
477
  }
478
-
479
  //save file
480
  $fname = 'bck-'.date("m-d-Y",time()).'-'.md5(uniqid(rand())).'.sql';
481
  $filePath = ABSPATH.PLUGINDIR .'/wp-security-scan/backups/'.$fname;
482
- $ret = file_put_contents($filePath, $return);
483
  if ($ret > 0) {
484
  return $fname;
485
  }
@@ -519,7 +520,7 @@ function wsd_getAvailableBackupFiles()
519
  $files = glob(ABSPATH. '/wp-content/plugins/wp-security-scan/backups/*.sql');
520
  if (empty($files)) { return array();}
521
  return array_map('basename', $files/*, array('.sql')*/);
522
-
523
  }
524
 
525
 
@@ -528,7 +529,7 @@ function wsd_getAvailableBackupFiles()
528
  * @since v3.0.2
529
  * Retrieve the content of the specified template file
530
  * from the inc/admin/templates directory
531
- *
532
  * @param string $fileName The name of the file to retrieve. Without the .php extension!
533
  * @param array $vars The list of variables to send to the template
534
  * @return string The file's content
@@ -537,7 +538,7 @@ function wsd_getTemplate($fileName, array $vars = array())
537
  {
538
  $file = ABSPATH.PLUGINDIR.'/wp-security-scan/inc/admin/templates/'.$fileName.'.php';
539
  if (!is_file($file)) { return ''; }
540
-
541
  $str = '';
542
  ob_start();
543
  if (!empty($vars)) {
@@ -546,7 +547,7 @@ function wsd_getTemplate($fileName, array $vars = array())
546
  include $file;
547
  $str = ob_get_contents();
548
  ob_end_clean();
549
-
550
  return $str;
551
  }
552
 
@@ -565,4 +566,19 @@ function wsd_eInfo($infoMessage, $alertType = 'notify')
565
  {
566
  return ('<p class="wsd_user_'.$alertType.'">'.$infoMessage.'</p>');
567
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
568
  ?>
37
  {
38
  clearstatcache();
39
  $configmod = substr(sprintf("%o", fileperms($path)), -4);
40
+ $trcss = (($configmod != $perm) ? "background-color:#F5E679;" : "");
41
  echo "<tr style=".$trcss.">";
42
  echo '<td style="border:0px;">' . $name . "</td>";
43
  echo '<td style="border:0px;">'. $path ."</td>";
51
  {
52
  clearstatcache();
53
  $res = @substr(sprintf("%o", fileperms($filePath)), -4);
54
+
55
  return (empty($res) ? '0' : $res);
56
  }
57
 
103
 
104
  function mrt_check_table_prefix(){
105
  if($GLOBALS['table_prefix']=='wp_'){
106
+ echo '<span style="color:#f00">
107
+ Your table prefix should not be <em>wp_</em>. Click <a href="admin.php?page=database">here</a> to change it.
108
+ Read more on why should change the prefix
109
+ <a href="http://www.websitedefender.com/wordpress-security/wordpress-blog-security-tables-prefix/"
110
+ title="Why should you change the default wp table prefix"
111
+ target="_blank">here</a>.</span><br />';
112
  }
113
  else { echo '<span class="scanpass">Your table prefix is not <i>wp_</i>.</span><br />'; }
114
  }
130
 
131
  function mrt_remove_wp_version()
132
  {
133
+ function filter_generator( $gen, $type ) {
134
+ switch ( $type ) {
135
  case 'html':
136
  $gen = '<meta name="generator" content="WordPress">';
137
  break;
150
  case 'comment':
151
  $gen = '<!-- generator="WordPress" -->';
152
  break;
153
+ }
154
  return $gen;
155
  }
156
  foreach ( array( 'html', 'xhtml', 'atom', 'rss2', 'rdf', 'comment' ) as $type ) {
157
  add_filter( "get_the_generator_$type", 'filter_generator', 10, 2 );
158
  }
159
  }
160
+ //@ update 10/03/2011
161
+ function mrt_check_version()
162
+ {
163
+ $c = get_site_transient( 'update_core' );
164
+ if ( is_object($c))
165
+ {
166
+ if (empty($c->updates))
167
+ {
168
+ echo '<span class="acx-icon-alert-success">'.__('You have the latest version of Wordpress.').'</span>';
169
+ return;
170
+ }
171
 
172
+ if (!empty($c->updates[0]))
173
+ {
174
+ $c = $c->updates[0];
175
+
176
+ if ( !isset($c->response) || 'latest' == $c->response ) {
177
+ echo '<span class="acx-icon-alert-success">'.__('You have the latest version of Wordpress.').'</span>';
178
+ return;
179
+ }
180
+
181
+ if ('upgrade' == $c->response)
182
+ {
183
+ $lv = $c->current;
184
+ $m = '<span class="acx-icon-alert-critical">'.sprintf('A new version of Wordpress <strong>(%s)</strong> is available. You should upgrade to the latest version.', $lv).'</span>';
185
+ echo __($m);
186
+ return;
187
+ }
188
+ }
189
  }
190
+
191
+ echo '<span class="acx-icon-alert-critical">'.__('An error has occurred while trying to retrieve the status of your Wordpress version.').'</span>';
 
192
  }
193
 
194
 
227
  */
228
  function wsd_getDbUserRights()
229
  {
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
230
  global $wpdb;
231
 
232
  $rightsenough = $rightstoomuch = false;
251
  if ('ALTER' == $_right) {
252
  $rightsenough = true;
253
  }
254
+ if (in_array($_right, $_tooManyRights)) {
255
  $numRights += 1;
256
  }
257
  }
263
  return array(
264
  'rightsEnough' => $rightsenough,
265
  'rightsTooMuch' => $rightstoomuch,
266
+ );
267
  }
268
 
269
 
271
  * @public
272
  * @since v3.0.2
273
  * @revision $1 07/13/2011 $k
274
+ *
275
  * Update the wp-config file to reflect the table prefix change.
276
  * The wp file must be writable for this operation to work!
277
+ *
278
  * @param string $wsd_wpConfigFile The path to the wp-config file
279
  * @param string $newPrefix The new prefix to use instead of the old one
280
  * @return boolean
286
  {
287
  return -1;
288
  }
289
+
290
  if (!function_exists('file')) {
291
  return -1;
292
  }
309
  // Save wp-config file
310
  $result = file_put_contents($wsd_wpConfigFile, $fcontent);
311
  }
312
+
313
  return $result;
314
  }
315
 
323
  function wsd_getTablesToAlter()
324
  {
325
  global $wpdb;
326
+
327
  return $wpdb->get_results("SHOW TABLES LIKE '".$GLOBALS['table_prefix']."%'", ARRAY_N);
328
  }
329
 
331
  * @public
332
  * @since v3.0.2
333
  * Rename tables from database
334
+ * @global object $wpdb
335
  * @param array the list of tables to rename
336
  * @param string $currentPrefix the current prefix in use
337
  * @param string $newPrefix the new prefix to use
342
  global $wpdb;
343
 
344
  $changedTables = array();
345
+
346
  foreach ($tables as $k=>$table)
347
  {
348
  $tableOldName = $table[0];
365
  * @public
366
  * @since v3.0.2
367
  * @revision $1 07/13/2011 $k
368
+ *
369
  * Rename some fields from options & usermeta tables in order to reflect the prefix change
370
  *
371
  * @global object $wpdb
379
  * usermeta table
380
  * ===========================
381
  wp_*
382
+
383
  * options table
384
  * ===========================
385
  wp_user_roles
386
+
387
  */
388
  $str = '';
389
 
393
 
394
  $query = 'update '.$newPrefix.'usermeta
395
  set meta_key = CONCAT(replace(left(meta_key, ' . strlen($oldPrefix) . "), '{$oldPrefix}', '{$newPrefix}'), SUBSTR(meta_key, " . (strlen($oldPrefix) + 1) . "))
396
+ where
397
+ meta_key in ('{$oldPrefix}autosave_draft_ids', '{$oldPrefix}capabilities', '{$oldPrefix}metaboxorder_post', '{$oldPrefix}user_level', '{$oldPrefix}usersettings',
398
  '{$oldPrefix}usersettingstime', '{$oldPrefix}user-settings', '{$oldPrefix}user-settings-time', '{$oldPrefix}dashboard_quick_press_last_post_id')";
399
 
400
  if (false === $wpdb->query($query)) {
401
  $str .= '<br/>Changing values in table <strong>'.$newPrefix.'usermeta</strong>: <font color="#ff0000">Failed</font>';
402
  }
403
+
404
  if (!empty($str)) {
405
  $str = '<div class="wsd_user_information"><p>Changing database prefix:</p><p>'.$str.'</p></div>';
406
  }
407
+
408
  return $str;
409
  }
410
 
422
  {
423
  // cache
424
  $_tables = $tables;
425
+
426
  $link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
427
  if (!$link) {
428
  exit('Error: Cannot connect to db');
445
  {
446
  $tables = is_array($tables) ? $tables : explode(',',$tables);
447
  }
448
+
449
  $return = 'CREATE DATABASE IF NOT EXISTS '.DB_NAME.";\n\n";
450
  $return .= 'USE '.DB_NAME.";\n\n";
451
+
452
  //cycle through
453
  foreach($tables as $table)
454
  {
455
  $result = mysql_query('SELECT * FROM '.$table);
456
  $num_fields = mysql_num_fields($result);
457
+
458
  $return.= 'DROP TABLE IF EXISTS '.$table.';';
459
  $row2 = mysql_fetch_row(mysql_query('SHOW CREATE TABLE '.$table));
460
  $return.= "\n\n".$row2[1].";\n\n";
461
+
462
+ for ($i = 0; $i < $num_fields; $i++)
463
  {
464
  while($row = mysql_fetch_row($result))
465
  {
466
  $return.= 'INSERT INTO '.$table.' VALUES(';
467
+ for($j=0; $j<$num_fields; $j++)
468
  {
469
  $row[$j] = addslashes($row[$j]);
470
  $row[$j] = ereg_replace("\n","\\n",$row[$j]);
476
  }
477
  $return.="\n\n\n";
478
  }
479
+
480
  //save file
481
  $fname = 'bck-'.date("m-d-Y",time()).'-'.md5(uniqid(rand())).'.sql';
482
  $filePath = ABSPATH.PLUGINDIR .'/wp-security-scan/backups/'.$fname;
483
+ $ret = file_put_contents($filePath, $return);
484
  if ($ret > 0) {
485
  return $fname;
486
  }
520
  $files = glob(ABSPATH. '/wp-content/plugins/wp-security-scan/backups/*.sql');
521
  if (empty($files)) { return array();}
522
  return array_map('basename', $files/*, array('.sql')*/);
523
+
524
  }
525
 
526
 
529
  * @since v3.0.2
530
  * Retrieve the content of the specified template file
531
  * from the inc/admin/templates directory
532
+ *
533
  * @param string $fileName The name of the file to retrieve. Without the .php extension!
534
  * @param array $vars The list of variables to send to the template
535
  * @return string The file's content
538
  {
539
  $file = ABSPATH.PLUGINDIR.'/wp-security-scan/inc/admin/templates/'.$fileName.'.php';
540
  if (!is_file($file)) { return ''; }
541
+
542
  $str = '';
543
  ob_start();
544
  if (!empty($vars)) {
547
  include $file;
548
  $str = ob_get_contents();
549
  ob_end_clean();
550
+
551
  return $str;
552
  }
553
 
566
  {
567
  return ('<p class="wsd_user_'.$alertType.'">'.$infoMessage.'</p>');
568
  }
569
+
570
+ /**
571
+ * @public
572
+ * @since v3.0.8
573
+ * Add the 'Settings' link to the plugin page
574
+ * @param array $links
575
+ * @return array
576
+ */
577
+ function wpss_admin_plugin_actions($links) {
578
+ $links[] = '<a href="admin.php?page=wp-security-scan/securityscan.php">'.__('Settings').'</a>';
579
+ return $links;
580
+ }
581
+
582
+
583
+
584
  ?>
libs/wpssUtil.php CHANGED
@@ -6,18 +6,31 @@
6
  */
7
  class wpssUtil
8
  {
 
 
9
  /**
10
  * @public
11
  * @static
12
- * @since v0.1
13
  * @global WPSS_WSD_BLOG_FEED
14
- *
15
  * Retrieve and display a list of links for an existing RSS feed, limiting the selection to the 5 most recent items.
16
- *
17
  * @return void
18
  */
19
  public static function displayDashboardWidget()
20
  {
 
 
 
 
 
 
 
 
 
 
 
 
 
 
21
  //@ flag
22
  $run = false;
23
 
@@ -92,6 +105,26 @@ class wpssUtil
92
  endforeach;
93
  }
94
  $out.= '</ul>';
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
95
  }
96
 
97
  // Update cache
@@ -106,14 +139,29 @@ class wpssUtil
106
  /**
107
  * @public
108
  * @static
109
- * @since v0.1
110
- *
111
  * Add the rss widget to dashboard
112
- *
113
  * @return void
114
  */
115
  public static function addDashboardWidget()
116
  {
117
- wp_add_dashboard_widget('acx_plugin_dashboard_widget', __('WebsiteDefender news and updates'), 'wpssUtil::displayDashboardWidget');
118
- }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
119
  }
6
  */
7
  class wpssUtil
8
  {
9
+ //@since v3.0.8
10
+ private static $_pluginID = 'acx_plugin_dashboard_widget';
11
  /**
12
  * @public
13
  * @static
 
14
  * @global WPSS_WSD_BLOG_FEED
 
15
  * Retrieve and display a list of links for an existing RSS feed, limiting the selection to the 5 most recent items.
 
16
  * @return void
17
  */
18
  public static function displayDashboardWidget()
19
  {
20
+ //@since v3.0.8
21
+ if ($_SERVER['REQUEST_METHOD'] == 'POST')
22
+ {
23
+ $opt = get_option('WSD-RSS-WGT-DISPLAY');
24
+ if (empty($opt)) {
25
+ add_option('WSD-RSS-WGT-DISPLAY', 'no');
26
+ }
27
+ else {
28
+ update_option('WSD-RSS-WGT-DISPLAY', 'no');
29
+ }
30
+ self::_hideDashboardWidget();
31
+ return;
32
+ }
33
+
34
  //@ flag
35
  $run = false;
36
 
105
  endforeach;
106
  }
107
  $out.= '</ul>';
108
+
109
+ $path = trailingslashit(get_option('siteurl')).'wp-content/plugins/wp-security-scan/';
110
+
111
+ $out .= '<div style="border-top: solid 1px #ccc; margin-top: 4px; padding: 2px 0;">';
112
+ $out .= '<p style="margin: 5px 0 0 0; padding: 0 0; line-height: normal; overflow: hidden;">';
113
+ $out .= '<a href="http://feeds.feedburner.com/Websitedefendercom"
114
+ style="float: left; display: block; width: 50%; text-align: right; margin-top: 0; margin-left: 30px;
115
+ padding-right: 22px; background: url('.$path.'images/rss.png) no-repeat right center;"
116
+ target="_blank">Follow us on RSS</a>';
117
+ $out .= '<a href="#" id="wsd_close_rss_widget"
118
+ style="float: right; display: block; width: 16px; height: 16px;
119
+ margin: 0 0; background: url('.$path.'images/close-button.png) no-repeat 0 0;"
120
+ title="Close widget"></a><form id="wsd_form" method="post"></form>';
121
+ $out .= '</p>';
122
+ $out .= '<script type="text/javascript">
123
+ document.getElementById("wsd_close_rss_widget").onclick = function(){
124
+ document.getElementById("wsd_form").submit();
125
+ };
126
+ </script>';
127
+ $out .= '</div>';
128
  }
129
 
130
  // Update cache
139
  /**
140
  * @public
141
  * @static
 
 
142
  * Add the rss widget to dashboard
 
143
  * @return void
144
  */
145
  public static function addDashboardWidget()
146
  {
147
+ // update 10/04/2011
148
+ $opt = get_option('WSD-RSS-WGT-DISPLAY');
149
+ if(strtolower($opt) == 'yes'):
150
+ wp_add_dashboard_widget(self::$_pluginID,
151
+ __('WebsiteDefender news and updates'),
152
+ 'wpssUtil::displayDashboardWidget');
153
+ endif;
154
+ }
155
+
156
+ /**
157
+ * Hide the dashboard rss widget
158
+ * @static
159
+ * @public
160
+ * @since v3.0.8
161
+ */
162
+ public static function _hideDashboardWidget()
163
+ {
164
+ echo '<script>document.getElementById("'.self::$_pluginID.'").style.display = "none";</script>';
165
+ }
166
+
167
  }
libs/wsd.php CHANGED
@@ -1,802 +1,835 @@
1
- <?php
2
- define("WSD_URL", "https://dashboard.websitedefender.com/");
3
- define("WSD_URL_RPC", WSD_URL . "jsrpc.php");
4
- define("WSD_URL_DOWN", WSD_URL . "download.php");
5
- define("WSD_SOURCE", 2);
6
- //error codes
7
- define('WSD_ERROR_LIMITATION' ,0x27);
8
- define('WSD_ERROR_WPP_SERVICE_DOWN' ,0x50);
9
- define('WSD_ERROR_WPP_ERROR_INVALID_URL' ,0x51);
10
- define('WSD_ERROR_WPP_URL_REGISTERED' ,0x52);
11
- define('WSD_WSD_ERROR_WPP_NEWUSR_PARAM' ,0x53);
12
- define('WSD_ERROR_WPP_INVALID_CAPTCHA' ,0x54);
13
- define('WSD_ERROR_WPP_USER_EXIST' ,0x55);
14
- define('WSD_ERROR_WPP_URL_EXIST' ,0x56);
15
- //http status
16
- define("HTTP_STATUS", 0);
17
- define("HTTP_HEADERS", 1);
18
- define("HTTP_BODY", 2);
19
- define("HTTP_CHUNK_HEADER", 3);
20
- define("HTTP_CHUNK_BODY", 4);
21
- //globals
22
- $GLOBALS['wsd_last_err'] = array('code'=>0, 'message'=>'');
23
-
24
- function wsd_site_url(){
25
- $url = get_option( 'siteurl' );
26
- return trailingslashit($url);
27
- }
28
-
29
- function wsd_parseUrl($url)
30
- {
31
- $result = parse_url($url);
32
- if($result === NULL) return array("error"=>"Invalid URL.");
33
- $result["error"] = NULL;
34
- if(!array_key_exists("port", $result)) $result["port"] = 80;
35
- if(!array_key_exists("scheme", $result)) $result["scheme"] = "http";
36
- if(!array_key_exists("query", $result)) $result["query"] = ""; else $result["query"] = "?" . $result["query"];
37
- if(array_key_exists("host", $result))
38
- {
39
- if(!array_key_exists("path", $result)) $result["path"] = "";
40
- }
41
- else
42
- {
43
- if(array_key_exists("path", $result))
44
- {
45
- $dirs = explode("/", $result["path"], 2);
46
- $result["host"] = $dirs[0];
47
- if(count($dirs)>1)
48
- $result["path"] = "/".$dirs[1];
49
- else
50
- $result["path"] = "/";
51
- }
52
- else return array("error"=>"Invalid URL (no host).");
53
- }
54
-
55
- if($result["host"] == "") return array("error"=>"Invalid URL (no host).");
56
-
57
- $scheme = "http";
58
- if(array_key_exists("scheme", $result)) $scheme = $result["scheme"];
59
-
60
- if((strcasecmp($scheme,"http")!=0) && (strcasecmp($scheme,"https")!=0)) return array("error"=>"Invalid URL (unknown scheme).");
61
-
62
- if(strcasecmp($scheme,"https")==0) $result["port"] = 443;
63
-
64
- $userPass = "";
65
- if(array_key_exists("user", $result) && array_key_exists("pass", $result))
66
- $userPass = $result["user"].":".$result["pass"]."@";
67
-
68
- $port = "";
69
- if(array_key_exists("port", $result)) $port = ":".$result["port"];
70
-
71
- $result["all"] = $scheme."://".$userPass.$result["host"].$port;
72
- return $result;
73
- }
74
-
75
- function wsd_httpRequest($verb, $url, $body="", $headers=array(), $timeout = 10)
76
- {
77
- $e = error_reporting(0);
78
-
79
- $result = array();
80
- $result["cookie"] = NULL;
81
- $result["body"] = "";
82
- $result["length"] = NULL;
83
- $result["error"] = NULL;
84
-
85
- $now = time();
86
- $url = wsd_parseUrl($url);
87
-
88
- if($url["error"] !== NULL) return $url;
89
-
90
- $scheme = $url["scheme"]=="https" ? "ssl://" : "";
91
-
92
- $fp = fsockopen($scheme.$url["host"], $url["port"] , $errno, $errstr, $timeout);
93
-
94
- if (!$fp)
95
- {
96
- if($scheme == "ssl://")
97
- {
98
- $fp = fsockopen($url["host"], 80 , $errno, $errstr, $timeout);
99
- if (!$fp)
100
- {
101
- error_reporting($e);
102
- return array("error"=>"Can't connect to server [$errno].");
103
- }
104
- }
105
- else
106
- {
107
- error_reporting($e);
108
- return array("error"=>"Can't connect to server [$errno].");
109
- }
110
- }
111
-
112
- $out = $verb." ".$url["path"].$url["query"]." HTTP/1.1\r\n";
113
- $out .= "Host: ". $url["host"] . "\r\n";
114
- $out .= "Connection: Close\r\n";
115
- $out .= "Accept-Encoding: identity\r\n";
116
- if($verb == "POST") $out .= "Content-Length: " . strlen($body) . "\r\n";
117
- foreach ($headers as $name => $value) $out .= $name .": " . $value . "\r\n";
118
- $out .= "\r\n";
119
- if($verb == "POST") $out .= $body;
120
- fwrite($fp, $out);
121
- fflush($fp);
122
-
123
- //print "<br>".str_replace("\r\n", "<br>", $out)."<br>";
124
-
125
- $status = HTTP_STATUS;
126
- $chunked = False;
127
- $lastChunk = "";
128
- $chunkLength = 0;
129
-
130
- while (!feof($fp))
131
- {
132
- $remaining = $timeout - (time() - $now);
133
- if($remaining < 0) return array("error"=>"Request timed out [1].");
134
-
135
- stream_set_timeout($fp, $remaining + 1);
136
- $data = fgets($fp, 4096);
137
- $info = stream_get_meta_data($fp);
138
-
139
- if ($info["timed_out"])
140
- {
141
- error_reporting($e);
142
- return array("error"=>"Request timed out [2].");
143
- }
144
-
145
- //print($data."<br>");
146
-
147
- if($status == HTTP_STATUS)
148
- {
149
- //TODO: check status for 200, error on rest, eventually work arround 302 303
150
- $resultStatus = trim($data);
151
- $status = HTTP_HEADERS;
152
- continue;
153
- }
154
-
155
- if($status == HTTP_HEADERS)
156
- {
157
- if($data == "\r\n")
158
- {
159
- if($chunked)
160
- $status = HTTP_CHUNK_HEADER;
161
- else
162
- $status = HTTP_BODY;
163
- continue;
164
- }
165
-
166
- $data = trim($data);
167
- $separator = strpos($data, ": ");
168
-
169
- if(($separator === False)||($separator == 0) || ($separator >= (strlen($data) -2)))
170
- return array("error"=>"Invalid HTTP response header.");
171
-
172
- $name = substr($data, 0, $separator);
173
- $value = substr($data, $separator + 2);
174
- if(strcasecmp("Set-Cookie", $name) == 0)
175
- {
176
- $result["cookie"] = $value;
177
- continue;
178
- }
179
- if(strcasecmp("Content-Length", $name) == 0)
180
- {
181
- $result["length"] = $value + 0;
182
- continue;
183
- }
184
- if((strcasecmp("Transfer-Encoding", $name) == 0) && (strpos($value, 'chunked') !== False) )
185
- {
186
- $chunked = True;
187
- continue;
188
- }
189
- continue;
190
- }
191
-
192
- if($status == HTTP_CHUNK_HEADER)
193
- {
194
- $data = trim($data);
195
- $sc = strpos($data, ';');
196
- if($sc !== False) $data = substr($data, 0, $sc);
197
- $chunkLength = hexdec($data);
198
- if($chunkLength == 0)
199
- break;
200
- $lastChunk = "";
201
- $status = HTTP_CHUNK_BODY;
202
- continue;
203
- }
204
-
205
- if($status == HTTP_CHUNK_BODY)
206
- {
207
- $lastChunk .= $data;
208
- if(strlen($lastChunk) >= $chunkLength)
209
- {
210
- $result["body"] .= substr($lastChunk, 0, $chunkLength);
211
- $status = HTTP_CHUNK_HEADER;
212
- }
213
- continue;
214
- }
215
-
216
- if($status == HTTP_BODY)
217
- {
218
- $result["body"] .= $data;
219
- if(($result["length"] !== NULL) && (strlen($result["body"]) >= $result["length"]))
220
- break;
221
- continue;
222
- }
223
- }
224
- fclose($fp);
225
-
226
- if(($result["length"] !== NULL) && (strlen($result["body"]) != $result["length"]))
227
- array("error"=>"Invalid HTTP body length.");
228
-
229
- error_reporting($e);
230
- return $result;
231
- }
232
-
233
- function wsd_jsonHttpRequest($url, $data, $timeout = 10)
234
- {
235
- $body = json_encode($data);
236
- $headers = array("Content-type" => "application/json");
237
-
238
- $cookie = '';
239
- $option_cookie = get_option("WSD-COOKIE");
240
- if($option_cookie !== False) $cookie = $option_cookie;
241
-
242
- $token = get_option("WSD-TOKEN");
243
- if($token !== False)
244
- {
245
- if($cookie != '') $cookie .= '; ';
246
- $cookie .= "token=".$token;
247
- }
248
-
249
- if($cookie != '')
250
- $headers["Cookie"] = $cookie;
251
-
252
- $result = wsd_httpRequest("POST", $url, $body, $headers, $timeout);
253
-
254
- if($result["cookie"] !== NULL)
255
- {
256
- if($option_cookie === False)
257
- add_option("WSD-COOKIE", $result["cookie"]);
258
- else
259
- update_option("WSD-COOKIE", $result["cookie"]);
260
- }
261
-
262
- if($result["error"] === NULL)
263
- {
264
- $decoded = json_decode($result["body"], true);
265
- if($decoded == NULL) $result["error"] = "Invalid JSON response.".$result["body"];
266
- $result["body"] = $decoded;
267
- }
268
- return $result;
269
- }
270
-
271
- function wsd_jsonRPC($url, $method, $params, $timeout = 10)
272
- {
273
- $GLOBALS['wsd_last_err'] = array('code'=>0, 'message'=>'');
274
- $id = rand(1,100);
275
-
276
- $token = get_option("WSD-TOKEN");
277
- if($token === False)
278
- $request = array("jsonrpc"=>"2.0", "id"=>$id, "method"=>$method, "params"=>$params);
279
- else
280
- $request = array("jsonrpc"=>"2.0", "id"=>$id, "method"=>$method, "params"=>$params, "token"=>$token);
281
-
282
- $response = wsd_jsonHttpRequest($url, $request, $timeout);
283
-
284
- //print("request:");print_r($request); print("<hr>"); print("response:");print_r($response); print("<hr>");
285
-
286
- if($response["error"] !== NULL)
287
- {
288
- $GLOBALS['wsd_last_err'] = array("code" => 0, "message" => $response["error"]);
289
- return NULL;
290
- }
291
-
292
- if((! array_key_exists("id", $response["body"])) || ($response["body"]["id"] != $id) )
293
- {
294
- $GLOBALS['wsd_last_err'] = array("code" => 0, "message" => "Invalid JSONRPC response [0]." . var_export($response, true));
295
- return NULL;
296
- }
297
-
298
- if( array_key_exists("token", $response["body"]))
299
- {
300
- if($token === False) add_option("WSD-TOKEN", $response["body"]['token']);
301
- else update_option("WSD-TOKEN", $response["body"]['token']);
302
- }
303
-
304
- if(array_key_exists("error", $response["body"]))
305
- {
306
- $GLOBALS['wsd_last_err'] = $response["body"]["error"];
307
- return NULL;
308
- }
309
-
310
- if(! array_key_exists("result", $response["body"]))
311
- {
312
- $GLOBALS['wsd_last_err'] = array("code" => 0, "message" => "Invalid JSONRPC response [1].");
313
- return NULL;
314
- }
315
-
316
- return $response["body"]["result"];
317
- }
318
-
319
- // ========================= RENDER UI ===========================================================
320
-
321
- function wsd_render_error($custom_message = null)
322
- {
323
- $html = '';
324
- if ($custom_message === NULL)
325
- $html = '<p class="wsd-error-summary">' . $GLOBALS['wsd_last_err']['message'];
326
- else
327
- $html = '<p class="wsd-error-summary">' . $custom_message;
328
- $html .= '<br /><span class="wsd-error-summary-detail">If the problem persists please continue at <a href="https://dashboard.websitedefender.com" target="_blank">Website Defender</a>.</span></p>';
329
- echo $html;
330
- }
331
-
332
- function wsd_render_agent_install_issues($message)
333
- {
334
- //echo "wsd_render_agent_install_issues<br>";
335
- $html = '<p class="wsd-error-summary">' . $message;
336
- $html .= '<br /><span class="wsd-error-summary-detail">It has to be installed manually from the <a href="https://dashboard.websitedefender.com" target="_blank">WebsiteDefender dashboard</a>.</span></p>';
337
- echo $html;
338
- }
339
-
340
- function wsd_render_user_login($error = '')
341
- {
342
- if($error !== '') wsd_render_error($error);
343
- ?>
344
-
345
- <?php if(!empty($error)) { ?>
346
- <div class="wsd-inside">
347
- <?php } ?>
348
-
349
- <p class="wsd-login-notice">Login here if you already have a WSD account.</p>
350
- <form action="" method="post" id="wsd_login_form" name="wsd_login_form">
351
- <div>
352
- <div class="wsd-login-section">
353
- <label for="wsd_login_form_email">Email:</label>
354
- <input type="text" name="wsd_login_form_email" id="wsd_login_form_email" value="<?php echo get_option("admin_email"); ?>" />
355
- </div>
356
- <div class="wsd-login-section">
357
- <label for="wsd_login_form_password">Password:</label>
358
- <input type="password" name="wsd_login_form_password" id="wsd_login_form_password" />
359
- </div>
360
- <input type="submit" name="wsd-login" id="wsd-login" value="Login">
361
- </div>
362
- </form>
363
-
364
- <?php if(!empty($error)) { ?>
365
- </div>
366
- <?php } ?>
367
-
368
- <?php
369
- }
370
-
371
- function wsd_render_new_user($error = '')
372
- {
373
- //print "wsd_render_new_user $error<br>";
374
-
375
- $form = wsd_jsonRPC(WSD_URL_RPC, "cPlugin.getfrm", wsd_site_url());
376
- if ($form === NULL)
377
- {
378
- wsd_render_error();
379
- return;
380
- }
381
- $recaptcha_publickey = $form['captcha'];
382
- if(empty($recaptcha_publickey))
383
- {
384
- wsd_render_error('Invalid server response.');
385
- return;
386
- }
387
-
388
- //intro text
389
- echo '<p class="wsd-inside" style="margin-top: 0px;">';
390
- _e('WebsiteDefender.com is based upon web application scanning technology from <a href="http://www.acunetix.com/" target="_blank">Acunetix</a>; a pioneer in website security. <a href="http://www.websitedefender.com" target="_blank">WebsiteDefender</a> requires no installation, no learning curve and no maintenance. Above all, there is no impact on site performance! WebsiteDefender regularly scans and monitors your WordPress website/blog effortlessly, efficient, easily and is available for Free! Start scanning your WordPress website/blog against malware and hackers, absolutely free!', FB_SWP_TEXTDOMAIN);
391
- echo "</p>";
392
-
393
- ?>
394
- <div class="wsd-inside">
395
- <?php
396
- wsd_render_user_login();
397
- ?>
398
-
399
- <h4><?php _e('Register here to use all the WebsiteDefender.com advanced features', FB_SWP_TEXTDOMAIN)?></h4>
400
- <p><?php _e('WebsiteDefender is an online service that protects your website from any hacker activity by monitoring and auditing the security of your website, giving you easy to understand solutions to keep your website safe, always! WebsiteDefender\'s enhanced WordPress Security Checks allow it to optimise any threats on a blog or site powered by WordPress.', FB_SWP_TEXTDOMAIN)?></p>
401
- <p><?php _e('<strong>With WebsiteDefender you can:</strong>', FB_SWP_TEXTDOMAIN)?></p>
402
- <ul class="wsd_commonList">
403
- <li><span>Detect Malware present on your website</span></li>
404
- <li><span>Audit your website for security issues</span></li>
405
- <li><span>Avoid getting blacklisted by Google</span></li>
406
- <li><span>Keep your website content and data safe</span></li>
407
- <li><span>Get alerted to suspicious hacker activity</span></li>
408
- </ul>
409
-
410
- <p><?php _e('WebsiteDefender.com does all this an more via an easy-to-understand web-based dashboard, which gives step by step solutions on how to make sure your website stays secure!', FB_SWP_TEXTDOMAIN)?></p>
411
-
412
- <h4><?php _e('Sign up for your FREE account here', FB_SWP_TEXTDOMAIN)?></h4>
413
-
414
- <?php
415
- if($error !== '') wsd_render_error($error);
416
- ?>
417
-
418
- <form action="#em" method="post" id="wsd_new_user_form" name="wsd_new_user_form">
419
- <div id="em" class="wsd-new-user-section">
420
- <label for="wsd_new_user_email">Email:</label>
421
- <input type="text" name="wsd_new_user_email" id="wsd_new_user_email" value="<?php echo get_option("admin_email"); ?>" />
422
- </div>
423
- <div class="wsd-new-user-section">
424
- <label for="wsd_new_user_name">Name:</label>
425
- <input type="text" name="wsd_new_user_name" id="wsd_new_user_name" value="<?php echo isset($_POST['wsd_new_user_name']) ? $_POST['wsd_new_user_name'] : '' ?>" />
426
- </div>
427
- <div class="wsd-new-user-section">
428
- <label for="wsd_new_user_surname">Surname:</label>
429
- <input type="text" name="wsd_new_user_surname" id="wsd_new_user_surname" value="<?php echo isset($_POST['wsd_new_user_surname']) ? $_POST['wsd_new_user_surname']: '' ?>" />
430
- </div>
431
- <div class="wsd-new-user-section">
432
- <label for="wsd_new_user_password">Password:</label>
433
- <input type="password" name="wsd_new_user_password" id="wsd_new_user_password"/>
434
- <label class="password-meter" style="background-color: rgb(238, 0, 0);">Too Short</label>
435
- </div>
436
- <div class="wsd-new-user-section">
437
- <label for="wsd_new_user_password_re">Retype Password:</label>
438
- <input type="password" name="wsd_new_user_password_re" id="wsd_new_user_password_re"/>
439
- </div>
440
- <div class="wsd-new-user-section">
441
- <?php
442
- echo wsd_recaptcha_get_html($recaptcha_publickey, NULL, true);
443
- ?>
444
- </div>
445
- <input type="submit" name="wsd-new-user" id="wsd-new-user" value="Register">
446
- </form>
447
- </div>
448
- <?php
449
- }
450
-
451
-
452
- function wsd_process_login()
453
- {
454
- $email = isset($_POST['wsd_login_form_email']) ? $_POST['wsd_login_form_email'] : null;
455
- $password = isset($_POST['wsd_login_form_password']) ? $password = $_POST['wsd_login_form_password'] : null;
456
-
457
- if (empty($email)) {
458
- wsd_render_user_login('Email address is required.');
459
- return;
460
- }
461
-
462
- if (empty($password)) {
463
- wsd_render_user_login('Password is required.');
464
- return;
465
- }
466
-
467
- // $password is received as MD5 hash
468
- $login = wsd_jsonRPC(WSD_URL_RPC, "cUser.login", array($email, $password));
469
-
470
- if ($login == NULL) {
471
- wsd_render_user_login('Invalid login');
472
- return;
473
- }
474
-
475
- $user = get_option("WSD-USER");
476
- if ($user === False)
477
- add_option("WSD-USER", $email);
478
- else
479
- update_option("WSD-USER", $email);
480
-
481
- wsd_add_or_process_target();
482
- }
483
-
484
- function wsd_render_add_target_id()
485
- {
486
- ?>
487
- <div class="wsd-inside">
488
- <?php if(!empty($error)) wsd_render_error($error); ?>
489
- <form action="" method="post" id="wsd_target_id_form" name="wsd_target_id_form">
490
- <label for="wsd_target_update_id"><?php echo __('Target ID');?>:</label>
491
- <input type="text" name="targetid" id="targetid" value="<?php echo get_option('WSD-TARGETID');?>"/>
492
- <input type="submit" name="wsd_update_target_id" value="<?php echo __('Update');?>" />
493
- </form>
494
- </div>
495
- <?php
496
- }
497
-
498
- function wsd_process_add_target_id()
499
- {
500
- //echo "wsd_process_add_target_id<br>";
501
- add_option('WSD-TARGETID', $_POST['targetid']);
502
- wsd_render_target_status();
503
- }
504
-
505
- function wsd_add_or_process_target()
506
- {
507
- //check if we already registered
508
- $targetid = get_option('WSD-TARGETID');
509
-
510
- if($targetid !== false)
511
- {
512
- wsd_render_target_status();
513
- return;
514
- }
515
- else
516
- {
517
- //check first is this url is already there
518
- $target = wsd_jsonRPC(WSD_URL_RPC, "cPlugin.urlstatus", wsd_site_url());
519
- if($target === NULL)
520
- {
521
- wsd_render_error();
522
- return;
523
- }
524
- if(array_key_exists('id', $target) && ($target['id'] != NULL))
525
- {
526
- if($targetid === False) add_option('WSD-TARGETID', $target['id']);
527
- else update_option('WSD-TARGETID', $target['id']);
528
- wsd_render_target_status();
529
- return;
530
- }
531
- }
532
-
533
- //the target was not there so we have to register a new one
534
- $newtarget = wsd_jsonRPC(WSD_URL_RPC, "cTargets.add", wsd_site_url());
535
- if($newtarget === NULL)
536
- {
537
- if($GLOBALS['wsd_last_err']['code'] == WSD_ERROR_LIMITATION)
538
- {
539
- wsd_render_error("This account reached the maximum number of targets.");
540
- return;
541
- }
542
- if($GLOBALS['wsd_last_err']['code'] == WSD_ERROR_WPP_URL_EXIST)
543
- {
544
- wsd_render_add_target_id();
545
- return;
546
- }
547
- print_r($GLOBALS['wsd_last_err']);
548
- return;
549
- }
550
-
551
- if(!array_key_exists("id", $newtarget))
552
- {
553
- wsd_render_error("Invalid WSD response received.");
554
- return;
555
- }
556
-
557
- delete_option('WSD-TARGETID');
558
- add_option('WSD-TARGETID', $newtarget['id']);
559
-
560
- //download agent
561
- $targetInstalError = '';
562
-
563
- $headers = array("a"=>"a");
564
- $option_cookie = get_option("WSD-COOKIE");
565
- if($option_cookie !== False) $headers["Cookie"] = $option_cookie;
566
-
567
- //print "<br>Downloading: ". WSD_URL_DOWN.'?id='.$newtarget['id'] ."#". print_r($headers, true). "<br>";
568
-
569
- $agent = wsd_httpRequest("GET", WSD_URL_DOWN.'?id='.$newtarget['id'], "", $headers);
570
-
571
- if($agent["error"] !== NULL)
572
- $targetInstalError = 'The WebsiteDefender Agent failed to install automatically [0x01].'; //can't download
573
- else
574
- {
575
- //try to copy the target
576
- $agentURL = $agent["sensor_url"];
577
- if(preg_match('/[a-f0-9]{40}.php/', $newtarget["sensor_url"], $matches))
578
- {
579
- $path = rtrim(ABSPATH, '/');
580
- $path .= '/'.$matches[0];
581
-
582
- $r = file_put_contents($path, $agent['body']);
583
- if(!$r) $targetInstalError = 'The WebsiteDefender Agent failed to install automatically [0x02].'; //can't save
584
- }
585
- else $targetInstalError = 'The WebsiteDefender Agent failed to install automatically [0x03].'; //other
586
- }
587
-
588
- //test the agent, this will triger agentless if agent not functioning
589
- $testTarget = wsd_jsonRPC(WSD_URL_RPC, "cTargets.agenttest", $newtarget['id']);
590
- $enbableTarget = wsd_jsonRPC(WSD_URL_RPC, "cTargets.enable", array($newtarget['id'], true));
591
-
592
- if($targetInstalError != '')wsd_render_agent_install_issues($targetInstalError);
593
-
594
- wsd_render_target_status();
595
- }
596
-
597
- function wsd_process_new_user_form()
598
- {
599
- //print "wsd_process_new_user_form<br>";
600
-
601
- $email = $_POST['wsd_new_user_email'];
602
- $name = $_POST['wsd_new_user_name'];
603
- $surname = $_POST['wsd_new_user_surname'];
604
- $password = $_POST['wsd_new_user_password'];
605
- $password_re = $_POST['wsd_new_user_password_re'];
606
-
607
- if (empty($email)) {
608
- wsd_render_new_user('Email is required.');
609
- return;
610
- }
611
- if (empty($name)) {
612
- wsd_render_new_user('Name is required.');
613
- return;
614
- }
615
- if (empty($surname)) {
616
- wsd_render_new_user('Surname is required.');
617
- return;
618
- }
619
- if (empty($password)) {
620
- wsd_render_new_user('Password is required.');
621
- return;
622
- }
623
- if ($password != $password_re) {
624
- wsd_render_new_user('Passwords do not match.');
625
- return;
626
- }
627
-
628
- $register = wsd_jsonRPC(WSD_URL_RPC, "cPlugin.register",
629
- array(
630
- array("challenge"=>$_POST['recaptcha_challenge_field'],
631
- "response"=>$_POST['recaptcha_response_field']),
632
- array(
633
- "url" => wsd_site_url(),
634
- "email" => $email,
635
- "name" => $name,
636
- "surname" => $surname,
637
- // the password comes from the client already as a hash
638
- "pass" => $password,
639
- "source" => WSD_SOURCE
640
- )
641
- ));
642
- if($register == NULL)
643
- {
644
- if($GLOBALS['wsd_last_err']['code'] == WSD_ERROR_WPP_INVALID_CAPTCHA)
645
- {
646
- wsd_render_new_user('Invalid captcha. Please try again.');
647
- return;
648
- }
649
- if($GLOBALS['wsd_last_err']['code'] == WSD_ERROR_WPP_USER_EXIST)
650
- {
651
- wsd_render_new_user("This user is already registered. To continue with this user, please use the login form above or register with a new user name.");
652
- return;
653
- }
654
- wsd_render_new_user('Registration failed! Please try again.');
655
- return;
656
- }
657
- $user = get_option("WSD-USER");
658
- if($user === False) add_option("WSD-USER", $email); else update_option("WSD-USER", $email);
659
- wsd_add_or_process_target();
660
- }
661
-
662
- function wsd_render_target_status()
663
- {
664
- #echo "wsd_render_target_status<br>";
665
- $user = get_option('WSD-USER');
666
- if((!is_string($user))||($user == "") ) $user = get_option("admin_email");
667
- $status = wsd_jsonRPC(WSD_URL_RPC, "cPlugin.status", array($user, get_option('WSD-TARGETID'), wsd_site_url()));
668
- if($status === NULL)
669
- {
670
- wsd_render_error();
671
- return;
672
- }
673
- if((!array_key_exists('active', $status)) || ($status['active'] !== 1))
674
- {
675
- //our target is not valid anymore
676
- delete_option('WSD-TARGETID');
677
- return False;
678
- }
679
-
680
- echo '<p class="wsd-inside">';
681
- echo 'Thank you for registering with WebsiteDefender. Please navigate to the <a target="_blank" href="https://dashboard.websitedefender.com/">WebsiteDefender dashboard</a> to see the alerts.';
682
- echo "</p>";
683
-
684
- $enabled = array_key_exists('enabled', $status) ? $status['enabled'] : null;
685
- $scanned = array_key_exists('scanned', $status) ? $status['scanned'] : null;
686
- $agentless = array_key_exists('agentless', $status) ? $status['agentless'] : null;
687
-
688
- if (!is_numeric($enabled) || !is_numeric($scanned) || !is_numeric($agentless))
689
- {
690
- wsd_render_error('Invalid server response.');
691
- return;
692
- }
693
- $enabled = intval($enabled);
694
- $scanned = intval($scanned);
695
- $agentless = intval($agentless);
696
- ?>
697
-
698
- <div id="wsd-target-status-holder" class="wsd-inside">
699
- <p class="wsd-target-status-title">
700
- Website status on Website Defender
701
- </p>
702
- <div class="wsd-target-status-section">
703
- <?php
704
- $statusText = 'NO';
705
- if ($enabled == 1) {
706
- $statusText = 'YES';
707
- }
708
- echo '<span class="wsd-target-status-section-label">Enabled: </span>',
709
- '<span class="wsd-target-status-section-', $enabled ? 'enabled' : 'disabled', '">', $statusText, '</span>';
710
- ?>
711
- </div>
712
- <div class="wsd-target-status-section">
713
- <?php
714
- $statusText = 'NO';
715
- if ($scanned == 1) {
716
- $statusText = 'YES';
717
- }
718
- echo '<span class="wsd-target-status-section-label">Scanned: </span>',
719
- '<span class="wsd-target-status-section-', $scanned ? 'enabled' : 'disabled', '">', $statusText, '</span>';
720
- ?>
721
- </div>
722
- <div class="wsd-target-status-section">
723
- <?php
724
- $statusText = 'UP';
725
- if ($agentless == 1) {
726
- $statusText = 'DOWN';
727
- }
728
- echo '<span class="wsd-target-status-section-label">Agent status: </span>',
729
- '<span class="wsd-target-status-section-', $agentless ? 'disabled' : 'enabled', '">', $statusText, '</span>';
730
- ?>
731
- </div>
732
- </div>
733
-
734
- <?php
735
-
736
- return True;
737
- }
738
-
739
- function wsd_render_main()
740
- {
741
- if(1==0)
742
- {
743
- delete_option('WSD-TARGETID');
744
- delete_option("WSD-COOKIE");
745
- delete_option("WSD-USER");
746
- return;
747
- }
748
-
749
- if(isset($_POST['wsd-new-user']))
750
- {
751
- wsd_process_new_user_form();
752
- return;
753
- }
754
-
755
- if(isset($_POST['wsd-login']))
756
- {
757
- wsd_process_login();
758
- return;
759
- }
760
-
761
- if(isset($_POST['wsd_update_target_id']))
762
- {
763
- wsd_process_add_target_id();
764
- return;
765
- }
766
-
767
- $targetid = get_option("WSD-TARGETID");
768
- if($targetid !== False)
769
- {
770
- wsd_render_target_status();
771
- return;
772
- }
773
-
774
- $hello = wsd_jsonRPC(WSD_URL_RPC, "cPlugin.hello", wsd_site_url());
775
-
776
- if($hello == NULL)
777
- {
778
- wsd_render_error();
779
- return;
780
- }
781
-
782
- if($hello == 'registered')
783
- {
784
- wsd_render_add_target_id();
785
- return;
786
- }
787
- elseif($hello == 'new')
788
- {
789
- //$user = get_option("WSD-USER"); if($user === FALSE)
790
- wsd_render_new_user();
791
- //else wsd_render_user_login();
792
- }
793
- else
794
- {
795
- wsd_render_error("Invalid server response.");
796
- return;
797
- }
798
- }
799
-
800
-
801
-
802
- ?>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ define("WSD_URL", "https://dashboard.websitedefender.com/");
3
+ define("WSD_URL_RPC", WSD_URL . "jsrpc.php");
4
+ define("WSD_URL_DOWN", WSD_URL . "download.php");
5
+ define("WSD_SOURCE", 2);
6
+ //error codes
7
+ define('WSD_ERROR_LIMITATION' ,0x27);
8
+ define('WSD_ERROR_WPP_SERVICE_DOWN' ,0x50);
9
+ define('WSD_ERROR_WPP_ERROR_INVALID_URL' ,0x51);
10
+ define('WSD_ERROR_WPP_URL_REGISTERED' ,0x52);
11
+ define('WSD_WSD_ERROR_WPP_NEWUSR_PARAM' ,0x53);
12
+ define('WSD_ERROR_WPP_INVALID_CAPTCHA' ,0x54);
13
+ define('WSD_ERROR_WPP_USER_EXIST' ,0x55);
14
+ define('WSD_ERROR_WPP_URL_EXIST' ,0x56);
15
+ //http status
16
+ define("HTTP_STATUS", 0);
17
+ define("HTTP_HEADERS", 1);
18
+ define("HTTP_BODY", 2);
19
+ define("HTTP_CHUNK_HEADER", 3);
20
+ define("HTTP_CHUNK_BODY", 4);
21
+ //globals
22
+ $GLOBALS['wsd_last_err'] = array('code'=>0, 'message'=>'');
23
+
24
+ function wsd_site_url(){
25
+ $url = get_option( 'siteurl' );
26
+ return trailingslashit($url);
27
+ }
28
+
29
+ function wsd_parseUrl($url)
30
+ {
31
+ $result = parse_url($url);
32
+ if($result === NULL) return array("error"=>"Invalid URL.");
33
+ $result["error"] = NULL;
34
+ if(!array_key_exists("port", $result)) $result["port"] = 80;
35
+ if(!array_key_exists("scheme", $result)) $result["scheme"] = "http";
36
+ if(!array_key_exists("query", $result)) $result["query"] = ""; else $result["query"] = "?" . $result["query"];
37
+ if(array_key_exists("host", $result))
38
+ {
39
+ if(!array_key_exists("path", $result)) $result["path"] = "";
40
+ }
41
+ else
42
+ {
43
+ if(array_key_exists("path", $result))
44
+ {
45
+ $dirs = explode("/", $result["path"], 2);
46
+ $result["host"] = $dirs[0];
47
+ if(count($dirs)>1)
48
+ $result["path"] = "/".$dirs[1];
49
+ else
50
+ $result["path"] = "/";
51
+ }
52
+ else return array("error"=>"Invalid URL (no host).");
53
+ }
54
+
55
+ if($result["host"] == "") return array("error"=>"Invalid URL (no host).");
56
+
57
+ $scheme = "http";
58
+ if(array_key_exists("scheme", $result)) $scheme = $result["scheme"];
59
+
60
+ if((strcasecmp($scheme,"http")!=0) && (strcasecmp($scheme,"https")!=0)) return array("error"=>"Invalid URL (unknown scheme).");
61
+
62
+ if(strcasecmp($scheme,"https")==0) $result["port"] = 443;
63
+
64
+ $userPass = "";
65
+ if(array_key_exists("user", $result) && array_key_exists("pass", $result))
66
+ $userPass = $result["user"].":".$result["pass"]."@";
67
+
68
+ $port = "";
69
+ if(array_key_exists("port", $result)) $port = ":".$result["port"];
70
+
71
+ $result["all"] = $scheme."://".$userPass.$result["host"].$port;
72
+ return $result;
73
+ }
74
+
75
+ function wsd_httpRequest($verb, $url, $body="", $headers=array(), $timeout = 10)
76
+ {
77
+ $e = error_reporting(0);
78
+
79
+ $result = array();
80
+ $result["cookie"] = NULL;
81
+ $result["body"] = "";
82
+ $result["length"] = NULL;
83
+ $result["error"] = NULL;
84
+
85
+ $now = time();
86
+ $url = wsd_parseUrl($url);
87
+
88
+ if($url["error"] !== NULL) return $url;
89
+
90
+ $scheme = $url["scheme"]=="https" ? "ssl://" : "";
91
+
92
+ $fp = fsockopen($scheme.$url["host"], $url["port"] , $errno, $errstr, $timeout);
93
+
94
+ if (!$fp)
95
+ {
96
+ if($scheme == "ssl://")
97
+ {
98
+ $fp = fsockopen($url["host"], 80 , $errno, $errstr, $timeout);
99
+ if (!$fp)
100
+ {
101
+ error_reporting($e);
102
+ return array("error"=>"Can't connect to server [$errno].");
103
+ }
104
+ }
105
+ else
106
+ {
107
+ error_reporting($e);
108
+ return array("error"=>"Can't connect to server [$errno].");
109
+ }
110
+ }
111
+
112
+ $out = $verb." ".$url["path"].$url["query"]." HTTP/1.1\r\n";
113
+ $out .= "Host: ". $url["host"] . "\r\n";
114
+ $out .= "Connection: Close\r\n";
115
+ $out .= "Accept-Encoding: identity\r\n";
116
+ if($verb == "POST") $out .= "Content-Length: " . strlen($body) . "\r\n";
117
+ foreach ($headers as $name => $value) $out .= $name .": " . $value . "\r\n";
118
+ $out .= "\r\n";
119
+ if($verb == "POST") $out .= $body;
120
+ fwrite($fp, $out);
121
+ fflush($fp);
122
+
123
+ //print "<br>".str_replace("\r\n", "<br>", $out)."<br>";
124
+
125
+ $status = HTTP_STATUS;
126
+ $chunked = False;
127
+ $lastChunk = "";
128
+ $chunkLength = 0;
129
+
130
+ while (!feof($fp))
131
+ {
132
+ $remaining = $timeout - (time() - $now);
133
+ if($remaining < 0) return array("error"=>"Request timed out [1].");
134
+
135
+ stream_set_timeout($fp, $remaining + 1);
136
+ $data = fgets($fp, 4096);
137
+ $info = stream_get_meta_data($fp);
138
+
139
+ if ($info["timed_out"])
140
+ {
141
+ error_reporting($e);
142
+ return array("error"=>"Request timed out [2].");
143
+ }
144
+
145
+ //print($data."<br>");
146
+
147
+ if($status == HTTP_STATUS)
148
+ {
149
+ //TODO: check status for 200, error on rest, eventually work arround 302 303
150
+ $resultStatus = trim($data);
151
+ $status = HTTP_HEADERS;
152
+ continue;
153
+ }
154
+
155
+ if($status == HTTP_HEADERS)
156
+ {
157
+ if($data == "\r\n")
158
+ {
159
+ if($chunked)
160
+ $status = HTTP_CHUNK_HEADER;
161
+ else
162
+ $status = HTTP_BODY;
163
+ continue;
164
+ }
165
+
166
+ $data = trim($data);
167
+ $separator = strpos($data, ": ");
168
+
169
+ if(($separator === False)||($separator == 0) || ($separator >= (strlen($data) -2)))
170
+ return array("error"=>"Invalid HTTP response header.");
171
+
172
+ $name = substr($data, 0, $separator);
173
+ $value = substr($data, $separator + 2);
174
+ if(strcasecmp("Set-Cookie", $name) == 0)
175
+ {
176
+ $result["cookie"] = $value;
177
+ continue;
178
+ }
179
+ if(strcasecmp("Content-Length", $name) == 0)
180
+ {
181
+ $result["length"] = $value + 0;
182
+ continue;
183
+ }
184
+ if((strcasecmp("Transfer-Encoding", $name) == 0) && (strpos($value, 'chunked') !== False) )
185
+ {
186
+ $chunked = True;
187
+ continue;
188
+ }
189
+ continue;
190
+ }
191
+
192
+ if($status == HTTP_CHUNK_HEADER)
193
+ {
194
+ $data = trim($data);
195
+ $sc = strpos($data, ';');
196
+ if($sc !== False) $data = substr($data, 0, $sc);
197
+ $chunkLength = hexdec($data);
198
+ if($chunkLength == 0)
199
+ break;
200
+ $lastChunk = "";
201
+ $status = HTTP_CHUNK_BODY;
202
+ continue;
203
+ }
204
+
205
+ if($status == HTTP_CHUNK_BODY)
206
+ {
207
+ $lastChunk .= $data;
208
+ if(strlen($lastChunk) >= $chunkLength)
209
+ {
210
+ $result["body"] .= substr($lastChunk, 0, $chunkLength);
211
+ $status = HTTP_CHUNK_HEADER;
212
+ }
213
+ continue;
214
+ }
215
+
216
+ if($status == HTTP_BODY)
217
+ {
218
+ $result["body"] .= $data;
219
+ if(($result["length"] !== NULL) && (strlen($result["body"]) >= $result["length"]))
220
+ break;
221
+ continue;
222
+ }
223
+ }
224
+ fclose($fp);
225
+
226
+ if(($result["length"] !== NULL) && (strlen($result["body"]) != $result["length"]))
227
+ array("error"=>"Invalid HTTP body length.");
228
+
229
+ error_reporting($e);
230
+ return $result;
231
+ }
232
+
233
+ function wsd_jsonHttpRequest($url, $data, $timeout = 10)
234
+ {
235
+ $body = json_encode($data);
236
+ $headers = array("Content-type" => "application/json");
237
+
238
+ $cookie = '';
239
+ $option_cookie = get_option("WSD-COOKIE");
240
+ if($option_cookie !== False) $cookie = $option_cookie;
241
+
242
+ $token = get_option("WSD-TOKEN");
243
+ if($token !== False)
244
+ {
245
+ if($cookie != '') $cookie .= '; ';
246
+ $cookie .= "token=".$token;
247
+ }
248
+
249
+ if($cookie != '')
250
+ $headers["Cookie"] = $cookie;
251
+
252
+ $result = wsd_httpRequest("POST", $url, $body, $headers, $timeout);
253
+
254
+ if($result["cookie"] !== NULL)
255
+ {
256
+ if($option_cookie === False)
257
+ add_option("WSD-COOKIE", $result["cookie"]);
258
+ else
259
+ update_option("WSD-COOKIE", $result["cookie"]);
260
+ }
261
+
262
+ if($result["error"] === NULL)
263
+ {
264
+ $decoded = json_decode($result["body"], true);
265
+ if($decoded == NULL) $result["error"] = "Invalid JSON response.".$result["body"];
266
+ $result["body"] = $decoded;
267
+ }
268
+ return $result;
269
+ }
270
+
271
+ function wsd_jsonRPC($url, $method, $params, $timeout = 10)
272
+ {
273
+ $GLOBALS['wsd_last_err'] = array('code'=>0, 'message'=>'');
274
+ $id = rand(1,100);
275
+
276
+ $token = get_option("WSD-TOKEN");
277
+ if($token === False)
278
+ $request = array("jsonrpc"=>"2.0", "id"=>$id, "method"=>$method, "params"=>$params);
279
+ else
280
+ $request = array("jsonrpc"=>"2.0", "id"=>$id, "method"=>$method, "params"=>$params, "token"=>$token);
281
+
282
+ $response = wsd_jsonHttpRequest($url, $request, $timeout);
283
+
284
+ //print("request:");print_r($request); print("<hr>"); print("response:");print_r($response); print("<hr>");
285
+
286
+ if($response["error"] !== NULL)
287
+ {
288
+ $GLOBALS['wsd_last_err'] = array("code" => 0, "message" => $response["error"]);
289
+ return NULL;
290
+ }
291
+
292
+ if((! array_key_exists("id", $response["body"])) || ($response["body"]["id"] != $id) )
293
+ {
294
+ $GLOBALS['wsd_last_err'] = array("code" => 0, "message" => "Invalid JSONRPC response [0]." . var_export($response, true));
295
+ return NULL;
296
+ }
297
+
298
+ if( array_key_exists("token", $response["body"]))
299
+ {
300
+ if($token === False) add_option("WSD-TOKEN", $response["body"]['token']);
301
+ else update_option("WSD-TOKEN", $response["body"]['token']);
302
+ }
303
+
304
+ if(array_key_exists("error", $response["body"]))
305
+ {
306
+ $GLOBALS['wsd_last_err'] = $response["body"]["error"];
307
+ return NULL;
308
+ }
309
+
310
+ if(! array_key_exists("result", $response["body"]))
311
+ {
312
+ $GLOBALS['wsd_last_err'] = array("code" => 0, "message" => "Invalid JSONRPC response [1].");
313
+ return NULL;
314
+ }
315
+
316
+ return $response["body"]["result"];
317
+ }
318
+
319
+ // ========================= RENDER UI ===========================================================
320
+
321
+ function wsd_render_error($custom_message = null)
322
+ {
323
+ $html = '';
324
+ if ($custom_message === NULL)
325
+ $html = '<p class="wsd-error-summary">' . $GLOBALS['wsd_last_err']['message'];
326
+ else
327
+ $html = '<p class="wsd-error-summary">' . $custom_message;
328
+ $html .= '<br /><span class="wsd-error-summary-detail">If the problem persists please continue at <a href="https://dashboard.websitedefender.com" target="_blank">Website Defender</a>.</span></p>';
329
+ echo $html;
330
+ }
331
+
332
+ function wsd_render_agent_install_issues($message)
333
+ {
334
+ //echo "wsd_render_agent_install_issues<br>";
335
+ $html = '<p class="wsd-error-summary">' . $message;
336
+ $html .= '<br /><span class="wsd-error-summary-detail">It has to be installed manually from the <a href="https://dashboard.websitedefender.com" target="_blank">WebsiteDefender dashboard</a>.</span></p>';
337
+ echo $html;
338
+ }
339
+
340
+ function wsd_render_user_login($error = '')
341
+ {
342
+ if($error !== '') wsd_render_error($error);
343
+ ?>
344
+
345
+ <?php if(!empty($error)) { ?>
346
+ <div class="wsd-inside">
347
+ <?php } ?>
348
+
349
+ <p class="wsd-login-notice">Login here if you already have a WSD account.</p>
350
+ <form action="" method="post" id="wsd_login_form" name="wsd_login_form">
351
+ <div>
352
+ <div class="wsd-login-section">
353
+ <label for="wsd_login_form_email">Email:</label>
354
+ <input type="text" name="wsd_login_form_email" id="wsd_login_form_email" value="<?php echo get_option("admin_email"); ?>" />
355
+ </div>
356
+ <div class="wsd-login-section">
357
+ <label for="wsd_login_form_password">Password:</label>
358
+ <input type="password" name="wsd_login_form_password" id="wsd_login_form_password" />
359
+ </div>
360
+ <input type="submit" name="wsd-login" id="wsd-login" value="Login">
361
+ </div>
362
+ </form>
363
+
364
+ <?php if(!empty($error)) { ?>
365
+ </div>
366
+ <?php } ?>
367
+
368
+ <?php
369
+ }
370
+
371
+ function wsd_render_new_user($error = '')
372
+ {
373
+ //print "wsd_render_new_user $error<br>";
374
+
375
+ $form = wsd_jsonRPC(WSD_URL_RPC, "cPlugin.getfrm", wsd_site_url());
376
+ if ($form === NULL)
377
+ {
378
+ wsd_render_error();
379
+ return;
380
+ }
381
+ $recaptcha_publickey = $form['captcha'];
382
+ if(empty($recaptcha_publickey))
383
+ {
384
+ wsd_render_error('Invalid server response.');
385
+ return;
386
+ }
387
+
388
+ //intro text
389
+ echo '<p class="wsd-inside" style="margin-top: 0px;">';
390
+ _e('WebsiteDefender.com is based upon web application scanning technology from <a href="http://www.acunetix.com/" target="_blank">Acunetix</a>; a pioneer in website security. <a href="http://www.websitedefender.com" target="_blank">WebsiteDefender</a> requires no installation, no learning curve and no maintenance. Above all, there is no impact on site performance! WebsiteDefender regularly scans and monitors your WordPress website/blog effortlessly, efficient, easily and is available for Free! Start scanning your WordPress website/blog against malware and hackers, absolutely free!', FB_SWP_TEXTDOMAIN);
391
+ echo "</p>";
392
+
393
+ ?>
394
+ <div class="wsd-inside">
395
+ <?php
396
+ wsd_render_user_login();
397
+ ?>
398
+
399
+ <h4><?php _e('Register here to use all the WebsiteDefender.com advanced features', FB_SWP_TEXTDOMAIN)?></h4>
400
+ <p><?php _e('WebsiteDefender is an online service that protects your website from any hacker activity by monitoring and auditing the security of your website, giving you easy to understand solutions to keep your website safe, always! WebsiteDefender\'s enhanced WordPress Security Checks allow it to optimise any threats on a blog or site powered by WordPress.', FB_SWP_TEXTDOMAIN)?></p>
401
+ <p><?php _e('<strong>With WebsiteDefender you can:</strong>', FB_SWP_TEXTDOMAIN)?></p>
402
+ <ul class="wsd_commonList">
403
+ <li><span>Detect Malware present on your website</span></li>
404
+ <li><span>Audit your website for security issues</span></li>
405
+ <li><span>Avoid getting blacklisted by Google</span></li>
406
+ <li><span>Keep your website content and data safe</span></li>
407
+ <li><span>Get alerted to suspicious hacker activity</span></li>
408
+ </ul>
409
+
410
+ <p><?php _e('WebsiteDefender.com does all this an more via an easy-to-understand web-based dashboard, which gives step by step solutions on how to make sure your website stays secure!', FB_SWP_TEXTDOMAIN)?></p>
411
+
412
+ <h4><?php _e('Sign up for your FREE account here', FB_SWP_TEXTDOMAIN)?></h4>
413
+
414
+ <?php
415
+ if($error !== '') wsd_render_error($error);
416
+ ?>
417
+
418
+ <form action="#em" method="post" id="wsd_new_user_form" name="wsd_new_user_form">
419
+ <div id="em" class="wsd-new-user-section">
420
+ <label for="wsd_new_user_email">Email:</label>
421
+ <input type="text" name="wsd_new_user_email" id="wsd_new_user_email" value="<?php echo get_option("admin_email"); ?>" />
422
+ </div>
423
+ <div class="wsd-new-user-section">
424
+ <label for="wsd_new_user_name">Name:</label>
425
+ <input type="text" name="wsd_new_user_name" id="wsd_new_user_name" value="<?php echo isset($_POST['wsd_new_user_name']) ? $_POST['wsd_new_user_name'] : '' ?>" />
426
+ </div>
427
+ <div class="wsd-new-user-section">
428
+ <label for="wsd_new_user_surname">Surname:</label>
429
+ <input type="text" name="wsd_new_user_surname" id="wsd_new_user_surname" value="<?php echo isset($_POST['wsd_new_user_surname']) ? $_POST['wsd_new_user_surname']: '' ?>" />
430
+ </div>
431
+ <div class="wsd-new-user-section">
432
+ <label for="wsd_new_user_password">Password:</label>
433
+ <input type="password" name="wsd_new_user_password" id="wsd_new_user_password"/>
434
+ <label class="password-meter" style="background-color: rgb(238, 0, 0);">Too Short</label>
435
+ </div>
436
+ <div class="wsd-new-user-section">
437
+ <label for="wsd_new_user_password_re">Retype Password:</label>
438
+ <input type="password" name="wsd_new_user_password_re" id="wsd_new_user_password_re"/>
439
+ </div>
440
+ <div class="wsd-new-user-section">
441
+ <?php
442
+ echo wsd_recaptcha_get_html($recaptcha_publickey, NULL, true);
443
+ ?>
444
+ </div>
445
+ <input type="submit" name="wsd-new-user" id="wsd-new-user" value="Register">
446
+ </form>
447
+ </div>
448
+ <?php
449
+ }
450
+
451
+
452
+ function wsd_process_login()
453
+ {
454
+ $email = isset($_POST['wsd_login_form_email']) ? $_POST['wsd_login_form_email'] : null;
455
+ $password = isset($_POST['wsd_login_form_password']) ? $password = $_POST['wsd_login_form_password'] : null;
456
+
457
+ if (empty($email)) {
458
+ wsd_render_user_login('Email address is required.');
459
+ return;
460
+ }
461
+
462
+ if (empty($password)) {
463
+ wsd_render_user_login('Password is required.');
464
+ return;
465
+ }
466
+
467
+ // $password is received as MD5 hash
468
+ $login = wsd_jsonRPC(WSD_URL_RPC, "cUser.login", array($email, $password));
469
+
470
+ if ($login == NULL) {
471
+ wsd_render_user_login('Invalid login');
472
+ return;
473
+ }
474
+
475
+ $user = get_option("WSD-USER");
476
+ if ($user === False)
477
+ add_option("WSD-USER", $email);
478
+ else
479
+ update_option("WSD-USER", $email);
480
+
481
+ wsd_add_or_process_target();
482
+ }
483
+
484
+ function wsd_render_add_target_id()
485
+ {
486
+ ?>
487
+ <div class="wsd-inside">
488
+ <?php if(!empty($error)) wsd_render_error($error); ?>
489
+ <form action="" method="post" id="wsd_target_id_form" name="wsd_target_id_form">
490
+ <?php
491
+ $emailAddress = get_option('WSD-USER');
492
+ if(empty($emailAddress)){
493
+ $emailAddress = get_option('admin_email');
494
+ }
495
+ ?>
496
+ <p>
497
+ <label><?php echo __('WebsiteDefender email account');?>:</label>
498
+ <br/>
499
+ <input type="text" name="wpss_user_email" id="wpss_user_email" style="width: 200px;" value="<?php echo $emailAddress;?>"/>
500
+ </p>
501
+ <p>
502
+ <label for="wsd_target_update_id"><?php echo __('Target ID');?>:</label>
503
+ <br/>
504
+ <input type="text" name="targetid" id="targetid" value="<?php echo get_option('WSD-TARGETID');?>"/>
505
+ <br/><br/>
506
+ <input type="submit" name="wsd_update_target_id" value="<?php echo __('Update');?>" />
507
+ </p>
508
+ </form>
509
+ <div class="wsd_user_information">
510
+ <p style="margin: 0 0;">
511
+ <?php
512
+ echo __('To get the WebsiteDefender target ID of your website, login to the
513
+ <a href="https://dashboard.websitedefender.com/" target="_blank">WebsiteDefender dashboard</a>
514
+ and from the <code>Website Settings</code> navigate to the <code>Status</code> tab. The Target ID
515
+ can be found under the <code>Scan Status</code> section.');
516
+ ?>
517
+ </p>
518
+ </div>
519
+ </div>
520
+ <?php
521
+ }
522
+
523
+ function wsd_process_add_target_id()
524
+ {
525
+ //echo "process_add_target_id<br>";
526
+ if(! empty($_POST['targetid'])){
527
+ add_option('WSD-TARGETID', $_POST['targetid']);
528
+ }
529
+ if( ! empty($_POST['wpss_user_email'])){
530
+ add_option('WSD-USER', $_POST['wpss_user_email']);
531
+ }
532
+ wsd_render_target_status();
533
+ }
534
+
535
+ function wsd_add_or_process_target()
536
+ {
537
+ //check if we already registered
538
+ $targetid = get_option('WSD-TARGETID');
539
+
540
+ if($targetid !== false)
541
+ {
542
+ wsd_render_target_status();
543
+ return;
544
+ }
545
+ else
546
+ {
547
+ //check first is this url is already there
548
+ $target = wsd_jsonRPC(WSD_URL_RPC, "cPlugin.urlstatus", wsd_site_url());
549
+ if($target === NULL)
550
+ {
551
+ wsd_render_error();
552
+ return;
553
+ }
554
+ if(array_key_exists('id', $target) && ($target['id'] != NULL))
555
+ {
556
+ if($targetid === False) add_option('WSD-TARGETID', $target['id']);
557
+ else update_option('WSD-TARGETID', $target['id']);
558
+ wsd_render_target_status();
559
+ return;
560
+ }
561
+ }
562
+
563
+ //the target was not there so we have to register a new one
564
+ $newtarget = wsd_jsonRPC(WSD_URL_RPC, "cTargets.add", wsd_site_url());
565
+ if($newtarget === NULL)
566
+ {
567
+ if($GLOBALS['wsd_last_err']['code'] == WSD_ERROR_LIMITATION)
568
+ {
569
+ wsd_render_error("This account reached the maximum number of targets.");
570
+ return;
571
+ }
572
+ if($GLOBALS['wsd_last_err']['code'] == WSD_ERROR_WPP_URL_EXIST)
573
+ {
574
+ wsd_render_add_target_id();
575
+ return;
576
+ }
577
+ print_r($GLOBALS['wsd_last_err']);
578
+ return;
579
+ }
580
+
581
+ if(!array_key_exists("id", $newtarget))
582
+ {
583
+ wsd_render_error("Invalid WSD response received.");
584
+ return;
585
+ }
586
+
587
+ delete_option('WSD-TARGETID');
588
+ add_option('WSD-TARGETID', $newtarget['id']);
589
+
590
+ //download agent
591
+ $targetInstalError = '';
592
+
593
+ $headers = array("a"=>"a");
594
+ $option_cookie = get_option("WSD-COOKIE");
595
+ if($option_cookie !== False) $headers["Cookie"] = $option_cookie;
596
+
597
+ //print "<br>Downloading: ". WSD_URL_DOWN.'?id='.$newtarget['id'] ."#". print_r($headers, true). "<br>";
598
+
599
+ $agent = wsd_httpRequest("GET", WSD_URL_DOWN.'?id='.$newtarget['id'], "", $headers);
600
+
601
+ if($agent["error"] !== NULL)
602
+ $targetInstalError = 'The WebsiteDefender Agent failed to install automatically [0x01].'; //can't download
603
+ else
604
+ {
605
+ //try to copy the target
606
+ $agentURL = $agent["sensor_url"];
607
+ if(preg_match('/[a-f0-9]{40}.php/', $newtarget["sensor_url"], $matches))
608
+ {
609
+ $path = rtrim(ABSPATH, '/');
610
+ $path .= '/'.$matches[0];
611
+
612
+ $r = file_put_contents($path, $agent['body']);
613
+ if(!$r) $targetInstalError = 'The WebsiteDefender Agent failed to install automatically [0x02].'; //can't save
614
+ }
615
+ else $targetInstalError = 'The WebsiteDefender Agent failed to install automatically [0x03].'; //other
616
+ }
617
+
618
+ //test the agent, this will triger agentless if agent not functioning
619
+ $testTarget = wsd_jsonRPC(WSD_URL_RPC, "cTargets.agenttest", $newtarget['id']);
620
+ $enbableTarget = wsd_jsonRPC(WSD_URL_RPC, "cTargets.enable", array($newtarget['id'], true));
621
+
622
+ if($targetInstalError != '')wsd_render_agent_install_issues($targetInstalError);
623
+
624
+ wsd_render_target_status();
625
+ }
626
+
627
+ function wsd_process_new_user_form()
628
+ {
629
+ //print "wsd_process_new_user_form<br>";
630
+
631
+ $email = $_POST['wsd_new_user_email'];
632
+ $name = $_POST['wsd_new_user_name'];
633
+ $surname = $_POST['wsd_new_user_surname'];
634
+ $password = $_POST['wsd_new_user_password'];
635
+ $password_re = $_POST['wsd_new_user_password_re'];
636
+
637
+ if (empty($email)) {
638
+ wsd_render_new_user('Email is required.');
639
+ return;
640
+ }
641
+ if (empty($name)) {
642
+ wsd_render_new_user('Name is required.');
643
+ return;
644
+ }
645
+ if (empty($surname)) {
646
+ wsd_render_new_user('Surname is required.');
647
+ return;
648
+ }
649
+ if (empty($password)) {
650
+ wsd_render_new_user('Password is required.');
651
+ return;
652
+ }
653
+ if ($password != $password_re) {
654
+ wsd_render_new_user('Passwords do not match.');
655
+ return;
656
+ }
657
+
658
+ $register = wsd_jsonRPC(WSD_URL_RPC, "cPlugin.register",
659
+ array(
660
+ array("challenge"=>$_POST['recaptcha_challenge_field'],
661
+ "response"=>$_POST['recaptcha_response_field']),
662
+ array(
663
+ "url" => wsd_site_url(),
664
+ "email" => $email,
665
+ "name" => $name,
666
+ "surname" => $surname,
667
+ // the password comes from the client already as a hash
668
+ "pass" => $password,
669
+ "source" => WSD_SOURCE
670
+ )
671
+ ));
672
+ if($register == NULL)
673
+ {
674
+ if($GLOBALS['wsd_last_err']['code'] == WSD_ERROR_WPP_INVALID_CAPTCHA)
675
+ {
676
+ wsd_render_new_user('Invalid captcha. Please try again.');
677
+ return;
678
+ }
679
+ if($GLOBALS['wsd_last_err']['code'] == WSD_ERROR_WPP_USER_EXIST)
680
+ {
681
+ wsd_render_new_user("This user is already registered. To continue with this user, please use the login form above or register with a new user name.");
682
+ return;
683
+ }
684
+ wsd_render_new_user('Registration failed! Please try again.');
685
+ return;
686
+ }
687
+ $user = get_option("WSD-USER");
688
+ if($user === False) add_option("WSD-USER", $email); else update_option("WSD-USER", $email);
689
+ wsd_add_or_process_target();
690
+ }
691
+
692
+ function wsd_render_target_status()
693
+ {
694
+ #echo "wsd_render_target_status<br>";
695
+ $user = get_option('WSD-USER');
696
+ if((!is_string($user))||($user == "") ) $user = get_option("admin_email");
697
+ $status = wsd_jsonRPC(WSD_URL_RPC, "cPlugin.status", array($user, get_option('WSD-TARGETID'), wsd_site_url()));
698
+ if($status === NULL)
699
+ {
700
+ return;
701
+ }
702
+ if((!array_key_exists('active', $status)) || ($status['active'] !== 1))
703
+ {
704
+ //our target is not valid anymore
705
+ delete_option('WSD-TARGETID');
706
+
707
+ // Display the add target id form
708
+ // update: sept 20
709
+ wsd_render_add_target_id();
710
+ wsd_render_error('Invalid Target ID!');
711
+ return false;
712
+ }
713
+
714
+ echo '<p class="wsd-inside">';
715
+ echo 'Thank you for registering with WebsiteDefender. Please navigate to the <a target="_blank" href="https://dashboard.websitedefender.com/">WebsiteDefender dashboard</a> to see the alerts.';
716
+ echo "</p>";
717
+
718
+ $enabled = array_key_exists('enabled', $status) ? $status['enabled'] : null;
719
+ $scanned = array_key_exists('scanned', $status) ? $status['scanned'] : null;
720
+ $agentless = array_key_exists('agentless', $status) ? $status['agentless'] : null;
721
+
722
+ if (!is_numeric($enabled) || !is_numeric($scanned) || !is_numeric($agentless))
723
+ {
724
+ wsd_render_error('Invalid server response.');
725
+ return;
726
+ }
727
+ $enabled = intval($enabled);
728
+ $scanned = intval($scanned);
729
+ $agentless = intval($agentless);
730
+ ?>
731
+
732
+ <div id="wsd-target-status-holder" class="wsd-inside">
733
+ <p class="wsd-target-status-title">
734
+ Website status on Website Defender
735
+ </p>
736
+ <div class="wsd-target-status-section">
737
+ <?php
738
+ $statusText = 'NO';
739
+ if ($enabled == 1) {
740
+ $statusText = 'YES';
741
+ }
742
+ echo '<span class="wsd-target-status-section-label">Enabled: </span>',
743
+ '<span class="wsd-target-status-section-', $enabled ? 'enabled' : 'disabled', '">', $statusText, '</span>';
744
+ ?>
745
+ </div>
746
+ <div class="wsd-target-status-section">
747
+ <?php
748
+ $statusText = 'NO';
749
+ if ($scanned == 1) {
750
+ $statusText = 'YES';
751
+ }
752
+ echo '<span class="wsd-target-status-section-label">Scanned: </span>',
753
+ '<span class="wsd-target-status-section-', $scanned ? 'enabled' : 'disabled', '">', $statusText, '</span>';
754
+ ?>
755
+ </div>
756
+ <div class="wsd-target-status-section">
757
+ <?php
758
+ $statusText = 'UP';
759
+ if ($agentless == 1) {
760
+ $statusText = 'DOWN';
761
+ }
762
+ echo '<span class="wsd-target-status-section-label">Agent status: </span>',
763
+ '<span class="wsd-target-status-section-', $agentless ? 'disabled' : 'enabled', '">', $statusText, '</span>';
764
+ ?>
765
+ </div>
766
+ </div>
767
+
768
+ <?php
769
+
770
+ return True;
771
+ }
772
+
773
+ function wsd_render_main()
774
+ {
775
+ if(1==0)
776
+ {
777
+ delete_option('WSD-TARGETID');
778
+ delete_option("WSD-COOKIE");
779
+ delete_option("WSD-USER");
780
+ return;
781
+ }
782
+
783
+ if(isset($_POST['wsd-new-user']))
784
+ {
785
+ wsd_process_new_user_form();
786
+ return;
787
+ }
788
+
789
+ if(isset($_POST['wsd-login']))
790
+ {
791
+ wsd_process_login();
792
+ return;
793
+ }
794
+
795
+ if(isset($_POST['wsd_update_target_id']))
796
+ {
797
+ wsd_process_add_target_id();
798
+ return;
799
+ }
800
+
801
+ $targetid = get_option("WSD-TARGETID");
802
+ if($targetid !== False)
803
+ {
804
+ wsd_render_target_status();
805
+ return;
806
+ }
807
+
808
+ $hello = wsd_jsonRPC(WSD_URL_RPC, "cPlugin.hello", wsd_site_url());
809
+
810
+ if($hello == NULL)
811
+ {
812
+ // update sept 20
813
+ wsd_render_new_user();
814
+ return;
815
+ }
816
+
817
+ if($hello == 'registered')
818
+ {
819
+ wsd_render_add_target_id();
820
+ return;
821
+ }
822
+ elseif($hello == 'new')
823
+ {
824
+ //$user = get_option("WSD-USER"); if($user === FALSE)
825
+ wsd_render_new_user();
826
+ //else wsd_render_user_login();
827
+ }
828
+ else
829
+ {
830
+ wsd_render_error("Invalid server response.");
831
+ return;
832
+ }
833
+ }
834
+
835
+ ?>
readme.txt CHANGED
@@ -6,7 +6,7 @@ plugins, private, protection, tracking, wordpress
6
  Requires at least: 3.0
7
  Tested up to: 3.2.1
8
  Stable tag: trunk
9
-
10
  Scans your WordPress installation for security vulnerabilities.
11
 
12
  == Description ==
@@ -41,6 +41,11 @@ For more information on the WP Security Scan and other WordPress security news,
41
 
42
  == Changelog ==
43
 
 
 
 
 
 
44
  = v3.0.7 =
45
  * BugFix: The bug reported about ALTER rights retrieval has been addressed
46
  * Update: Code cleanup
@@ -69,7 +74,7 @@ For more information on the WP Security Scan and other WordPress security news,
69
  * Feature: Included more documentation / links for a number of features
70
  * Feature: Prevent blog owner from changing table prefix if the wp-config.php file is not writable
71
  * Update: Updated several error messages text (user friendly)
72
- * Update: major code cleanup
73
  * Bugfix: Fixed a number of bugs in the database tables rename utility
74
 
75
  = v3.0.1 (03/24/2011) =
6
  Requires at least: 3.0
7
  Tested up to: 3.2.1
8
  Stable tag: trunk
9
+
10
  Scans your WordPress installation for security vulnerabilities.
11
 
12
  == Description ==
41
 
42
  == Changelog ==
43
 
44
+ = v3.0.8 =
45
+ * New feature: Option to open / close WebsiteDefender dashboard widget
46
+ * Update: More help resource links
47
+ * Update: Internal code updates
48
+
49
  = v3.0.7 =
50
  * BugFix: The bug reported about ALTER rights retrieval has been addressed
51
  * Update: Code cleanup
74
  * Feature: Included more documentation / links for a number of features
75
  * Feature: Prevent blog owner from changing table prefix if the wp-config.php file is not writable
76
  * Update: Updated several error messages text (user friendly)
77
+ * Update: major code cleanup
78
  * Bugfix: Fixed a number of bugs in the database tables rename utility
79
 
80
  = v3.0.1 (03/24/2011) =
screenshot-1.jpg CHANGED
Binary file
screenshot-2.jpg CHANGED
Binary file
securityscan.php CHANGED
@@ -5,7 +5,7 @@ Plugin URI: http://www.websitedefender.com/news/free-wordpress-security-scan-plu
5
 
6
  Description: Perform security scan of WordPress installation.
7
  Author: WebsiteDefender
8
- Version: 3.0.7
9
  Author URI: http://www.websitedefender.com/
10
  */
11
  /*
@@ -14,6 +14,9 @@ Author URI: http://www.websitedefender.com/
14
  * $rev #3 08/05/2011 {c}
15
  * $rev #4 08/26/2011 {c}
16
  * $rev #5 09/12/2011 {c}
 
 
 
17
  */
18
  /*
19
  Copyright (C) 2008-2010 Acunetix / http://www.websitedefender.com/
@@ -46,12 +49,8 @@ if ( ! defined('WP_PLUGIN_DIR')) {
46
  define( 'WP_PLUGIN_DIR', WP_CONTENT_DIR . '/plugins' );
47
  }
48
 
 
49
 
50
- //! #r4# @see http://wordpress.org/support/topic/update-to-306-breaks-wp-321
51
- @require_once(ABSPATH.'wp-includes/pluggable.php');
52
-
53
-
54
- //## $rev #1, #2, #3 {c}$
55
  if(!function_exists('json_encode') || !class_exists('Services_JSON')) {
56
  @require_once(WP_PLUGIN_DIR . "/wp-security-scan/libs/json.php");
57
  }
@@ -66,6 +65,7 @@ require_once(WP_PLUGIN_DIR . "/wp-security-scan/libs/wsd.php");
66
  require_once(WP_PLUGIN_DIR . "/wp-security-scan/inc/admin/security.php");
67
  require_once(WP_PLUGIN_DIR . "/wp-security-scan/inc/admin/scanner.php");
68
  require_once(WP_PLUGIN_DIR . "/wp-security-scan/inc/admin/pwtool.php");
 
69
  require_once(WP_PLUGIN_DIR . "/wp-security-scan/inc/admin/db.php");
70
  require_once(WP_PLUGIN_DIR . "/wp-security-scan/inc/admin/support.php");
71
  require_once(WP_PLUGIN_DIR . "/wp-security-scan/inc/admin/templates/header.php");
@@ -104,7 +104,6 @@ if (! in_array($plugin1.'/'.$plugin1.'.php', apply_filters('active_plugins', get
104
  add_action('wp_dashboard_setup', "wpssUtil::addDashboardWidget");
105
  }
106
  unset($plugin1,$plugin2);
107
-
108
  //@===
109
 
110
  function mrt_wpss_admin_init(){
@@ -119,14 +118,18 @@ remove_action('wp_head', 'wp_generator');
119
  function add_men_pg() {
120
  if (function_exists('add_menu_page'))
121
  {
122
- add_menu_page('Security', 'Security', 'edit_pages', __FILE__, 'mrt_opt_mng_pg', WP_PLUGIN_URL.'/wp-security-scan/images/wsd-logo-small.png');
123
  add_submenu_page(__FILE__, 'Scanner', 'Scanner', 'edit_pages', 'scanner', 'mrt_sub0');
124
  add_submenu_page(__FILE__, 'Password Tool', 'Password Tool', 'edit_pages', 'passwordtool', 'mrt_sub1');
125
  add_submenu_page(__FILE__, 'Database', 'Database', 'edit_pages', 'database', 'mrt_sub3');
 
126
  add_submenu_page(__FILE__, 'Support', 'Support', 'edit_pages', 'support', 'mrt_sub2');
127
  }
128
  }
129
 
 
 
 
130
 
131
 
132
  function wpss_admin_head() {
@@ -171,54 +174,51 @@ function get_plugins_url($path = '', $plugin = '') {
171
  }
172
 
173
  function wpss_mrt_meta_box()
174
- {
175
  ?>
176
  <div id="wsd-initial-scan" class="wsd-inside">
177
- <div class="wsd-initial-scan-section">
178
- <?php mrt_check_version();?>
179
- </div>
180
 
181
- <div class="wsd-initial-scan-section">
182
- <?php mrt_check_table_prefix();?>
183
- </div>
184
 
185
- <div class="wsd-initial-scan-section">
186
- <?php mrt_version_removal();?>
187
- </div>
188
 
189
- <div class="wsd-initial-scan-section">
190
- <?php mrt_errorsoff();?>
191
- </div>
192
  <?php
193
- global $wpdb;
194
-
195
- echo '<div class="scanpass">WP ID META tag removed form WordPress core</div>';
196
-
197
- echo '<div class="wsd-initial-scan-section">';
198
- $name = $wpdb->get_var("SELECT user_login FROM $wpdb->users WHERE user_login='admin'");
199
- if ($name == "admin") {
200
- echo '<a href="http://www.websitedefender.com/wordpress-security/change-wordpress-admin-username" title="Change WordPress Admin username" target="_blank"><font color="red">"admin" user exists.</font></a>';
201
- }
202
- else { echo '<span class="scanpass">No user "admin".</span>'; }
203
- echo '</div>';
204
-
205
- echo '<div class="wsd-initial-scan-section">';
206
- if (file_exists('.htaccess')) {
207
- echo '<span class="scanpass">.htaccess exists in wp-admin/</span>';
208
- }
209
- else { echo '<span style="color:#f00;">The file .htaccess does not exist in wp-admin/.</span>'; }
210
- echo '</div>';
211
-
212
- ?>
213
-
214
- <div class="mrt_wpss_note">
215
- <em>**WP Security Scan plugin <strong>must</strong> remain active for security features to persist**</em>
216
- </div>
 
 
 
 
 
217
  </div>
218
  <?php
219
  }
220
 
221
-
222
  function wpss_mrt_meta_box2()
223
  {
224
  ?>
5
 
6
  Description: Perform security scan of WordPress installation.
7
  Author: WebsiteDefender
8
+ Version: 3.0.8
9
  Author URI: http://www.websitedefender.com/
10
  */
11
  /*
14
  * $rev #3 08/05/2011 {c}
15
  * $rev #4 08/26/2011 {c}
16
  * $rev #5 09/12/2011 {c}
17
+ * $rev #6 09/20/2011 {c}
18
+ * $rev #7 09/30/2011 {c}
19
+ * $rev #8 10/03/2011 {c}
20
  */
21
  /*
22
  Copyright (C) 2008-2010 Acunetix / http://www.websitedefender.com/
49
  define( 'WP_PLUGIN_DIR', WP_CONTENT_DIR . '/plugins' );
50
  }
51
 
52
+ delete_option('wsd_feed_data');
53
 
 
 
 
 
 
54
  if(!function_exists('json_encode') || !class_exists('Services_JSON')) {
55
  @require_once(WP_PLUGIN_DIR . "/wp-security-scan/libs/json.php");
56
  }
65
  require_once(WP_PLUGIN_DIR . "/wp-security-scan/inc/admin/security.php");
66
  require_once(WP_PLUGIN_DIR . "/wp-security-scan/inc/admin/scanner.php");
67
  require_once(WP_PLUGIN_DIR . "/wp-security-scan/inc/admin/pwtool.php");
68
+ require_once(WP_PLUGIN_DIR . "/wp-security-scan/inc/admin/plugin_options.php");
69
  require_once(WP_PLUGIN_DIR . "/wp-security-scan/inc/admin/db.php");
70
  require_once(WP_PLUGIN_DIR . "/wp-security-scan/inc/admin/support.php");
71
  require_once(WP_PLUGIN_DIR . "/wp-security-scan/inc/admin/templates/header.php");
104
  add_action('wp_dashboard_setup', "wpssUtil::addDashboardWidget");
105
  }
106
  unset($plugin1,$plugin2);
 
107
  //@===
108
 
109
  function mrt_wpss_admin_init(){
118
  function add_men_pg() {
119
  if (function_exists('add_menu_page'))
120
  {
121
+ add_menu_page('WSD security', 'WSD security', 'edit_pages', __FILE__, 'mrt_opt_mng_pg', WP_PLUGIN_URL.'/wp-security-scan/images/wsd-logo-small.png');
122
  add_submenu_page(__FILE__, 'Scanner', 'Scanner', 'edit_pages', 'scanner', 'mrt_sub0');
123
  add_submenu_page(__FILE__, 'Password Tool', 'Password Tool', 'edit_pages', 'passwordtool', 'mrt_sub1');
124
  add_submenu_page(__FILE__, 'Database', 'Database', 'edit_pages', 'database', 'mrt_sub3');
125
+ add_submenu_page(__FILE__, 'Options', 'Options', 'edit_pages', 'plugin_options', 'mrt_sub4');
126
  add_submenu_page(__FILE__, 'Support', 'Support', 'edit_pages', 'support', 'mrt_sub2');
127
  }
128
  }
129
 
130
+ //## @since v3.0.8
131
+ //Display the "Settings" menu on plug-in page
132
+ add_filter( 'plugin_action_links_'.plugin_basename(__FILE__), 'wpss_admin_plugin_actions', -10);
133
 
134
 
135
  function wpss_admin_head() {
174
  }
175
 
176
  function wpss_mrt_meta_box()
177
+ {
178
  ?>
179
  <div id="wsd-initial-scan" class="wsd-inside">
180
+ <div class="wsd-initial-scan-section"><?php mrt_check_version();?></div>
 
 
181
 
182
+ <div class="wsd-initial-scan-section"><?php mrt_check_table_prefix();?></div>
 
 
183
 
184
+ <div class="wsd-initial-scan-section"><?php mrt_version_removal();?></div>
 
 
185
 
186
+ <div class="wsd-initial-scan-section"><?php mrt_errorsoff();?></div>
 
 
187
  <?php
188
+ global $wpdb;
189
+
190
+ echo '<div class="scanpass">WP ID META tag removed form WordPress core</div>';
191
+
192
+ echo '<div class="wsd-initial-scan-section">';
193
+ $name = $wpdb->get_var("SELECT user_login FROM $wpdb->users WHERE user_login='admin'");
194
+ if ($name == "admin") {
195
+ echo '<font color="red">"admin" user exists.</font>';
196
+ }
197
+ else { echo '<span class="scanpass">No user "admin".</span>'; }
198
+ echo '</div>';
199
+
200
+ echo '<div class="wsd-initial-scan-section">';
201
+ if (file_exists('.htaccess')) {
202
+ echo '<span class="scanpass">.htaccess file found in wp-admin/</span>';
203
+ }
204
+ else { echo '<span style="color:#f00;">
205
+ The file .htaccess does not exist in the wp-admin section.
206
+ Read more why you should have a .htaccess file in the WP-admin area
207
+ <a href="http://www.websitedefender.com/wordpress-security/htaccess-files-wordpress-security/"
208
+ title="Why you should have a .htaccess file in the WP-admin area" target="_blank">here</a>.
209
+ </span>'; }
210
+ echo '</div>';
211
+
212
+ ?>
213
+
214
+ <div class="mrt_wpss_note">
215
+ <em>**WP Security Scan plugin <strong>must</strong> remain active for security features to persist**</em>
216
+ </div>
217
  </div>
218
  <?php
219
  }
220
 
221
+
222
  function wpss_mrt_meta_box2()
223
  {
224
  ?>