PluginProbe ʕ •ᴥ•ʔ
Anti-Malware Security and Brute-Force Firewall / 4.17.69
Anti-Malware Security and Brute-Force Firewall v4.17.69
4.23.90 trunk 1.2.03.23 1.3.02.15 3.07.06 4.14.47 4.15.16 4.16.17 4.17.28 4.17.29 4.17.44 4.17.57 4.17.58 4.17.68 4.17.69 4.18.52 4.18.62 4.18.63 4.18.69 4.18.71 4.18.74 4.18.76 4.19.44 4.19.50 4.19.68 4.19.69 4.20.59 4.20.72 4.20.92 4.20.93 4.20.94 4.20.95 4.20.96 4.21.74 4.21.83 4.21.84 4.21.85 4.21.86 4.21.87 4.21.88 4.21.89 4.21.90 4.21.91 4.21.92 4.21.93 4.21.94 4.21.95 4.21.96 4.23.56 4.23.57 4.23.67 4.23.68 4.23.69 4.23.71 4.23.73 4.23.77 4.23.81 4.23.83 4.23.85 4.23.87 4.23.88 4.23.89
gotmls / index.php
gotmls Last commit date
images 7 years ago languages 7 years ago safe-load 7 years ago index.php 7 years ago readme.txt 7 years ago
index.php
1799 lines
1 <?php
2 /*
3 Plugin Name: Anti-Malware Security and Brute-Force Firewall
4 Plugin URI: http://gotmls.net/
5 Author: Eli Scheetz
6 Text Domain: gotmls
7 Author URI: http://wordpress.ieonly.com/category/my-plugins/anti-malware/
8 Contributors: scheeeli, gotmls
9 Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
10 Description: This Anti-Virus/Anti-Malware plugin searches for Malware and other Virus like threats and vulnerabilities on your server and helps you remove them. It's always growing and changing to adapt to new threats so let me know if it's not working for you.
11 Version: 4.17.69
12 */
13 if (isset($_SERVER["DOCUMENT_ROOT"]) && ($SCRIPT_FILE = str_replace($_SERVER["DOCUMENT_ROOT"], "", isset($_SERVER["SCRIPT_FILENAME"])?$_SERVER["SCRIPT_FILENAME"]:isset($_SERVER["SCRIPT_NAME"])?$_SERVER["SCRIPT_NAME"]:"")) && strlen($SCRIPT_FILE) > strlen("/".basename(__FILE__)) && substr(__FILE__, -1 * strlen($SCRIPT_FILE)) == substr($SCRIPT_FILE, -1 * strlen(__FILE__)))
14 include(dirname(__FILE__)."/safe-load/index.php");
15 else
16 require_once(dirname(__FILE__)."/images/index.php");
17 /* ___
18 * / /\ GOTMLS Main Plugin File
19 * / /:/ @package GOTMLS
20 * /__/::\
21 Copyright \__\/\:\__ © 2012-2018 Eli Scheetz (email: eli@gotmls.net)
22 * \ \:\/\
23 * \__\::/ This program is free software; you can redistribute it
24 * ___ /__/:/ and/or modify it under the terms of the GNU General Public
25 * /__/\ _\__\/ License as published by the Free Software Foundation;
26 * \ \:\ / /\ either version 2 of the License, or (at your option) any
27 * ___\ \:\ /:/ later version.
28 * / /\\ \:\/:/
29 / /:/ \ \::/ This program is distributed in the hope that it will be useful,
30 / /:/_ \__\/ but WITHOUT ANY WARRANTY; without even the implied warranty
31 /__/:/ /\__ of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
32 \ \:\/:/ /\ See the GNU General Public License for more details.
33 \ \::/ /:/
34 \ \:\/:/ You should have received a copy of the GNU General Public License
35 * \ \::/ with this program; if not, write to the Free Software Foundation,
36 * \__\/ Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
37
38 load_plugin_textdomain('gotmls', false, basename(GOTMLS_plugin_path).'/languages');
39 require_once(GOTMLS_plugin_path.'images/index.php');
40
41 function GOTMLS_install() {
42 global $wp_version;
43 if (version_compare($wp_version, GOTMLS_require_version, "<"))
44 die(GOTMLS_require_version_LANGUAGE);
45 }
46 register_activation_hook(__FILE__, "GOTMLS_install");
47
48 function GOTMLS_user_can() {
49 if (is_multisite())
50 $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"] = "manage_network";
51 elseif (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"]) || $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"] == "manage_network")
52 $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"] = "activate_plugins";
53 if (current_user_can($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"]))
54 return true;
55 else
56 return false;
57 }
58
59 function GOTMLS_menu() {
60 $GOTMLS_Full_plugin_logo_URL = GOTMLS_images_path.'GOTMLS-16x16.gif';
61 $base_page = "GOTMLS-settings";
62 $base_function = "GOTMLS_settings";
63 $pluginTitle = "Anti-Malware";
64 $pageTitle = "$pluginTitle ".GOTMLS_Scan_Settings_LANGUAGE;
65 if (GOTMLS_user_can()) {
66 $my_admin_page = add_menu_page($pageTitle, $pluginTitle, $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"], $base_page, $base_function, $GOTMLS_Full_plugin_logo_URL);
67 add_action('load-'.$my_admin_page, 'GOTMLS_admin_add_help_tab');
68 add_submenu_page($base_page, "$pluginTitle ".GOTMLS_Scan_Settings_LANGUAGE, GOTMLS_Scan_Settings_LANGUAGE, $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"], $base_page, $base_function);
69 add_submenu_page($base_page, "$pluginTitle Firewall Options", "Firewall Options", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"], "GOTMLS-Firewall-Options", "GOTMLS_Firewall_Options");
70 add_submenu_page($base_page, "$pluginTitle ".GOTMLS_View_Quarantine_LANGUAGE, GOTMLS_View_Quarantine_LANGUAGE.(($Qs = GOTMLS_get_quarantine(true))?' <span class="awaiting-mod count-'.$Qs.'"><span class="awaiting-mod">'.$Qs.'</span></span>':""), $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"], "GOTMLS-View-Quarantine", "GOTMLS_View_Quarantine");
71 }
72 }
73
74 function GOTMLS_admin_add_help_tab() {
75 $screen = get_current_screen();
76 $screen->add_help_tab(array(
77 'id' => "GOTMLS_Getting_Started",
78 'title' => __("Getting Started", 'gotmls'),
79 'content' => '<p>'.__("Make sure the Definition Updates are current and Run a Complete Scan.").'</p><p>'.sprintf(__("If Known Threats are found and displayed in red then there will be a button to '%s'. If only Potentional Threats are found then there is no automatic fix because those are probably not malicious."), GOTMLS_Automatically_Fix_LANGUAGE).'</p><p>'.__("A backup of the original infected files are placed in the Quarantine in case you need to restore them or just want to look at them later. You can delete these files if you don't want to save more.").'</p>'
80 ));
81 $FAQMarker = '== Frequently Asked Questions ==';
82 if (is_file(dirname(__FILE__).'/readme.txt') && ($readme = explode($FAQMarker, @file_get_contents(dirname(__FILE__).'/readme.txt').$FAQMarker)) && strlen($readme[1]) && ($readme = explode("==", $readme[1]."==")) && strlen($readme[0])) {
83 $screen->add_help_tab(array(
84 'id' => "GOTMLS_FAQs",
85 'title' => __("FAQs", 'gotmls'),
86 'content' => '<p>'.preg_replace('/\[(.+?)\]\((.+?)\)/', "<a target=\"_blank\" href=\"\\2\">\\1</a>", preg_replace('/[\r\n]+= /', "</p><b>", preg_replace('/ =[\r\n]+/', "</b><p>", $readme[0]))).'</p>'
87 ));
88 }
89 }
90
91 function GOTMLS_close_button($box_id, $margin = '6px') {
92 return '<a href="javascript:void(0);" style="float: right; color: #F00; overflow: hidden; width: 20px; height: 20px; text-decoration: none; margin: '.$margin.'" onclick="showhide(\''.$box_id.'\');"><span class="dashicons dashicons-dismiss"></span>X</a>';
93 }
94
95 function GOTMLS_enqueue_scripts() {
96 wp_enqueue_style('dashicons');
97 }
98 add_action('admin_enqueue_scripts', 'GOTMLS_enqueue_scripts');
99
100 function GOTMLS_display_header($optional_box = "") {
101 global $wp_version, $current_user, $wpdb;
102 wp_get_current_user();
103 $GOTMLS_url_parts = explode('/', GOTMLS_siteurl);
104 if (isset($_GET["check_site"]) && $_GET["check_site"])
105 echo '<div id="check_site" style="z-index: 1234567;"><img src="'.GOTMLS_images_path.'checked.gif" height=16 width=16 alt="&#x2714;"> '.__("Tested your site. It appears we didn't break anything",'gotmls').' ;-)</div><script type="text/javascript">window.parent.document.getElementById("check_site_warning").style.backgroundColor=\'#0C0\';</script><li>Please <a target="_blank" href="https://wordpress.org/support/view/plugin-reviews/gotmls#postform">write a "Five-Star" Review</a> on WordPress.org if you like this plugin.</li><style>#footer, #GOTMLS-metabox-container, #GOTMLS-right-sidebar, #admin-page-container, #wpadminbar, #adminmenuback, #adminmenuwrap, #adminmenu, .error, .updated, .update-nag {display: none !important;} #wpbody-content {padding-bottom: 0;} #wpbody, html.wp-toolbar {padding-top: 0 !important;} #wpcontent, #footer {margin-left: 5px !important;}';
106 else
107 echo '<style>#GOTMLS-right-sidebar {float: right; margin-right: 0px;}';
108 $Update_Definitions = array(GOTMLS_update_home.'definitions.js'.$GLOBALS["GOTMLS"]["tmp"]["Definition"]["Updates"].'&ver='.GOTMLS_Version.'&wp='.$wp_version.'&'.GOTMLS_set_nonce(__FUNCTION__."108").'&d='.ur1encode(GOTMLS_siteurl));
109 if (isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["auto_UPDATE_definitions"]) && $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["auto_UPDATE_definitions"])
110 array_unshift($Update_Definitions, admin_url('admin-ajax.php?action=GOTMLS_auto_update&'.GOTMLS_set_nonce(__FUNCTION__."109").'&UPDATE_definitions_array=1'));
111 else
112 $Update_Definitions[] = str_replace("//", "//www.", $Update_Definitions[0]);
113 $Update_Link = '<div style="text-align: center;"><a href="';
114 $new_version = "";
115 $file = basename(GOTMLS_plugin_path).'/index.php';
116 $current = get_site_transient("update_plugins");
117 if (isset($current->response[$file]->new_version) && version_compare(GOTMLS_Version, $current->response[$file]->new_version, "<")) {
118 $new_version = sprintf(__("Upgrade to %s now!",'gotmls'), $current->response[$file]->new_version).'<br /><br />';
119 $Update_Link .= wp_nonce_url(self_admin_url('update.php?action=upgrade-plugin&plugin=').$file, 'upgrade-plugin_'.$file);
120 }
121 $Update_Link .= "\">$new_version</a></div>";
122 $defLatest = (is_numeric($Latest = preg_replace('/[^0-9]/', "", GOTMLS_sexagesimal($GLOBALS["GOTMLS"]["tmp"]["Definition"]["Latest"]))) && is_numeric($Default = preg_replace('/[^0-9]/', "", GOTMLS_sexagesimal($GLOBALS["GOTMLS"]["tmp"]["Definition"]["Default"]))) && $Latest > $Default)?1:0;
123 if (is_array($keys = maybe_unserialize(get_option('GOTMLS_Installation_Keys', array()))) && array_key_exists(GOTMLS_installation_key, $keys))
124 $isRegistered = $keys[GOTMLS_installation_key];
125 else
126 $isRegistered = "";
127 $Update_Div ='<div id="findUpdates" style="display: none;"><center>'.__("Searching for updates ...",'gotmls').'<br /><img src="'.GOTMLS_images_path.'wait.gif" height=16 width=16 alt="Wait..." /><br /><input type="button" value="Cancel" onclick="cancelserver(\'findUpdates\');" /></center></div>';
128 $php_version = "<li>PHP: <span class='GOTMLS_date'>".phpversion()."</span></li>\n";
129 if (isset($_SERVER["SERVER_SOFTWARE"]) && preg_match('/Apache\/([0-9\.]+)/i', $_SERVER["SERVER_SOFTWARE"], $GLOBALS["GOTMLS"]["tmp"]["apache"]) && count($GLOBALS["GOTMLS"]["tmp"]["apache"]) > 1)
130 $php_version .= "<li>Apache: <span class='GOTMLS_date'>".$GLOBALS["GOTMLS"]["tmp"]["apache"][1]."</span></li>\n";
131 elseif (isset($_SERVER["SERVER_SOFTWARE"]) && strlen($_SERVER["SERVER_SOFTWARE"]))
132 $php_version .= "<li>".$_SERVER["SERVER_SOFTWARE"]."</li>\n";
133 if ((isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["you"]["user_email"]) && strlen($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["you"]["user_email"]) == 32)) {
134 $reg_email_key = $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["you"]["user_email"];
135 $isRegistered = GOTMLS_get_registrant($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["you"]);
136 } else
137 $reg_email_key = "";
138 $head_nonce = GOTMLS_set_nonce(__FUNCTION__."141");
139 echo '
140 span.GOTMLS_date {float: right; width: 130px; white-space: nowrap;}
141 .GOTMLS_page {float: left; border-radius: 10px; padding: 0 5px;}
142 .GOTMLS_quarantine_item {margin: 4px 12px;}
143 .rounded-corners {margin: 10px; border-radius: 10px; -moz-border-radius: 10px; -webkit-border-radius: 10px; border: 1px solid #000;}
144 .shadowed-box {box-shadow: -3px 3px 3px #666; -moz-box-shadow: -3px 3px 3px #666; -webkit-box-shadow: -3px 3px 3px #666;}
145 .sidebar-box {background-color: #CCC;}
146 .GOTMLS-scanlog li a {display: none;}
147 .GOTMLS-scanlog li:hover a {display: block;}
148 .GOTMLS-sidebar-links {list-style: none;}
149 .GOTMLS-sidebar-links li img {margin: 3px; height: 16px; vertical-align: middle;}
150 .GOTMLS-sidebar-links li {margin-bottom: 0 !important;}
151 .popup-box {background-color: #FFC; display: none; position: absolute; left: 0px; z-index: 10;}
152 .shadowed-text {text-shadow: #00F -1px 1px 1px;}
153 .sub-option {float: left; margin: 3px 5px;}
154 .inside p {margin: 10px;}
155 .GOTMLS_li, .GOTMLS_plugin li {list-style: none;}
156 .GOTMLS_plugin {margin: 5px; background: #cfc; border: 1px solid #0C0; padding: 0 5px; border-radius: 3px;}
157 .GOTMLS_plugin.known, .GOTMLS_plugin.backdoor, .GOTMLS_plugin.htaccess, .GOTMLS_plugin.timthumb, .GOTMLS_plugin.errors {background: #f99; border: 1px solid #f00;}
158 .GOTMLS_plugin.potential, .GOTMLS_plugin.wp_core, .GOTMLS_plugin.skipdirs, .GOTMLS_plugin.skipped {background: #ffc; border: 1px solid #fc6;}
159 .GOTMLS ul li {margin-left: 12px;}
160 .GOTMLS h2 {margin: 0 0 10px;}
161 .postbox {margin-right: 10px;}
162 #pastDonations li {list-style: none;}
163 #quarantine_buttons {position: absolute; right: 0px; top: -54px; margin: 0px; padding: 0px;}
164 #quarantine_buttons input.button-primary {margin-right: 20px;}
165 #delete_button {
166 background-color: #C33;
167 color: #FFF;
168 background-image: linear-gradient(to bottom, #C22, #933);
169 border-color: #933 #933 #900;
170 box-shadow: 0 1px 0 rgba(230, 120, 120, 0.5) inset;
171 text-decoration: none; text-shadow: 0 1px 0 rgba(0, 0, 0, 0.1);
172 margin-top: 10px;
173 }
174 #main-page-title {
175 background: url("'.$GLOBALS["GOTMLS"]["tmp"]["protocol"].'//gravatar.com/avatar/5feb789dd3a292d563fea3b885f786d6?s=64") no-repeat scroll 0 0 transparent;
176 height: 64px;
177 line-height: 58px;
178 margin: 10px 0 0 0;
179 max-width: 600px;
180 padding: 0 110px 0 84px;
181 }
182 #main-page-title h1 {
183 background: url("'.$GLOBALS["GOTMLS"]["tmp"]["protocol"].'//gravatar.com/avatar/8151cac22b3fc543d099241fd573d176?s=64") no-repeat scroll top right transparent;
184 height: 64px;
185 line-height: 32px;
186 margin: 0;
187 padding: 0 84px 0 0;
188 display: table-cell;
189 text-align: center;
190 vertical-align: middle;
191 }
192 </style>
193 <div id="div_file" class="shadowed-box rounded-corners sidebar-box" style="padding: 0; display: none; position: fixed; top: '.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][1].'; left: '.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][0].'; width: '.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][3].'; height: '.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][2].'; border: solid #c00; z-index: 112358;"><table style="width: 100%; height: 100%;" cellspacing="0" cellpadding="0"><tr><td style="border-bottom: 1px solid #EEE; height: 32px;" colspan="2">'.GOTMLS_close_button("div_file").'<h3 onmousedown="grabDiv();" onmouseup="releaseDiv();" id="windowTitle" style="cursor: move; border-bottom: 0px none; z-index: 2345677; position: absolute; left: 0px; top: 0px; margin: 0px; padding: 6px; width: 90%; height: 20px;">'.GOTMLS_Loading_LANGUAGE.'</h3></td></tr><tr><td colspan="2" style="height: 100%"><div style="width: 100%; height: 100%; position: relative; padding: 0; margin: 0;" class="inside"><br /><br /><center><img src="'.GOTMLS_images_path.'wait.gif" height=16 width=16 alt="..."> '.GOTMLS_Loading_LANGUAGE.'<br /><br /><input type="button" onclick="showhide(\'GOTMLS_iFrame\', true);" value="'.__("If this is taking too long, click here.",'gotmls').'" class="button-primary" /></center><iframe id="GOTMLS_iFrame" name="GOTMLS_iFrame" style="top: 0px; left: 0px; position: absolute; width: 100%; height: 100%; background-color: #CCC;"></iframe></td></tr><tr><td style="height: 20px;"><iframe id="GOTMLS_statusFrame" name="GOTMLS_statusFrame" style="width: 100%; height: 20px; background-color: #CCC;"></iframe></div></td><td style="height: 20px; width: 20px;"><h3 id="cornerGrab" onmousedown="grabCorner();" onmouseup="releaseCorner();" style="cursor: move; height: 24px; width: 24px; margin: 0; padding: 0; z-index: 2345678; overflow: hidden; position: absolute; right: 0px; bottom: 0px;"><span class="dashicons dashicons-editor-expand"></span>&#8690;</h3></td></tr></table></div>
194 <script type="text/javascript">
195 function showhide(id) {
196 divx = document.getElementById(id);
197 if (divx) {
198 if (divx.style.display == "none" || arguments[1]) {
199 divx.style.display = "block";
200 divx.parentNode.className = (divx.parentNode.className+"close").replace(/close/gi,"");
201 return true;
202 } else {
203 divx.style.display = "none";
204 return false;
205 }
206 }
207 }
208 function checkAllFiles(check) {
209 var checkboxes = new Array();
210 checkboxes = document["GOTMLS_Form_clean"].getElementsByTagName("input");
211 for (var i=0; i<checkboxes.length; i++)
212 if (checkboxes[i].type == "checkbox")
213 checkboxes[i].checked = check;
214 }
215 function setvalAllFiles(val) {
216 var checkboxes = document.getElementById("GOTMLS_fixing");
217 if (checkboxes)
218 checkboxes.value = val;
219 }
220 function getWindowWidth(min) {
221 if (typeof window.innerWidth != "undefined" && window.innerWidth > min)
222 min = window.innerWidth;
223 else if (typeof document.documentElement != "undefined" && typeof document.documentElement.clientWidth != "undefined" && document.documentElement.clientWidth > min)
224 min = document.documentElement.clientWidth;
225 else if (typeof document.getElementsByTagName("body")[0].clientWidth != "undefined" && document.getElementsByTagName("body")[0].clientWidth > min)
226 min = document.getElementsByTagName("body")[0].clientWidth;
227 return min;
228 }
229 function getWindowHeight(min) {
230 if (typeof window.innerHeight != "undefined" && window.innerHeight > min)
231 min = window.innerHeight;
232 else if (typeof document.documentElement != "undefined" && typeof document.documentElement.clientHeight != "undefined" && document.documentElement.clientHeight > min)
233 min = document.documentElement.clientHeight;
234 else if (typeof document.getElementsByTagName("body")[0].clientHeight != "undefined" && document.getElementsByTagName("body")[0].clientHeight > min)
235 min = document.getElementsByTagName("body")[0].clientHeight;
236 return min;
237 }
238 function loadIframe(title) {
239 showhide("GOTMLS_iFrame", true);
240 showhide("GOTMLS_iFrame");
241 document.getElementById("windowTitle").innerHTML = title;
242 if (curDiv) {
243 windowW = getWindowWidth(200);
244 windowH = getWindowHeight(200);
245 if (windowW > 200)
246 windowW -= 30;
247 if (windowH > 200)
248 windowH -= 20;
249 if (px2num(curDiv.style.width) > windowW) {
250 curDiv.style.width = windowW + "px";
251 curDiv.style.left = "0px";
252 } else if ((px2num(curDiv.style.left) + px2num(curDiv.style.width)) > windowW) {
253 curDiv.style.left = (windowW - px2num(curDiv.style.width)) + "px";
254 }
255 if (px2num(curDiv.style.height) > windowH) {
256 curDiv.style.height = windowH + "px";
257 curDiv.style.top = "0px";
258 } else if ((px2num(curDiv.style.top) + px2num(curDiv.style.height)) > windowH) {
259 curDiv.style.top = (windowH - px2num(curDiv.style.height)) + "px";
260 }
261 if (px2num(curDiv.style.left) < 0)
262 curDiv.style.left = "0px";
263 if (px2num(curDiv.style.top)< 0)
264 curDiv.style.top = "0px";
265 }
266 showhide("div_file", true);
267 if (IE)
268 curDiv.scrollIntoView(true);
269 }
270 function cancelserver(divid) {
271 document.getElementById(divid).innerHTML = "<div class=\'error\'>'. __("No response from server!",'gotmls').'</div>";
272 }
273 function checkupdateserver(server, divid) {
274 var updatescript = document.createElement("script");
275 updatescript.setAttribute("src", server);
276 divx = document.getElementById(divid);
277 if (divx) {
278 divx.appendChild(updatescript);
279 if (arguments[2])
280 return setTimeout("stopCheckingDefinitions = checkupdateserver(\'"+arguments[2]+"\',\'"+divid+"\')",15000);
281 else
282 return setTimeout("cancelserver(\'"+divid+"\')",'.($GLOBALS["GOTMLS"]["tmp"]['execution_time']+1).'000+3000);
283 }
284 }
285 var IE = document.all?true:false;
286 if (!IE) document.captureEvents(Event.MOUSEMOVE)
287 document.onmousemove = getMouseXY;
288 var offsetX = 0;
289 var offsetY = 0;
290 var offsetW = 0;
291 var offsetH = 0;
292 var curX = 0;
293 var curY = 0;
294 var curDiv;
295 function getMouseXY(e) {
296 if (IE) { // grab the mouse pos if browser is IE
297 curX = event.clientX + document.body.scrollLeft;
298 curY = event.clientY + document.body.scrollTop;
299 } else { // grab the mouse pos if browser is Not IE
300 curX = e.pageX - document.body.scrollLeft;
301 curY = e.pageY - document.body.scrollTop;
302 }
303 if (curX < 0) {curX = 0;}
304 if (curY < 0) {curY = 0;}
305 if (offsetX && curX > 10) {curDiv.style.left = (curX - offsetX)+"px";}
306 if (offsetY && (curY - offsetY) > 0) {curDiv.style.top = (curY - offsetY)+"px";}
307 if (offsetW && (curX - offsetW) > 360) {curDiv.style.width = (curX - offsetW)+"px";}
308 if (offsetH && (curY - offsetH) > 200) {curDiv.style.height = (curY - offsetH)+"px";}
309 return true;
310 }
311 function px2num(px) {
312 return parseInt(px.substring(0, px.length - 2), 10);
313 }
314 function setDiv(DivID) {
315 if (curDiv = document.getElementById(DivID)) {
316 if (IE)
317 curDiv.style.position = "absolute";
318 curDiv.style.left = "'.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][0].'";
319 curDiv.style.top = "'.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][1].'";
320 curDiv.style.height = "'.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][2].'";
321 curDiv.style.width = "'.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][3].'";
322 }
323 }
324 function grabDiv() {
325 corner = document.getElementById("windowTitle");
326 if (corner) {
327 corner.style.width="100%";
328 corner.style.height="100%";
329 }
330 offsetX=curX-px2num(curDiv.style.left);
331 offsetY=curY-px2num(curDiv.style.top);
332 }
333 function releaseDiv() {
334 corner = document.getElementById("windowTitle");
335 if (corner) {
336 corner.style.width="90%";
337 corner.style.height="20px";
338 }
339 document.getElementById("GOTMLS_statusFrame").src = "'.admin_url('admin-ajax.php?action=GOTMLS_position&'.$head_nonce.'&GOTMLS_x=').'"+curDiv.style.left+"&GOTMLS_y="+curDiv.style.top;
340 offsetX=0;
341 offsetY=0;
342 }
343 function grabCorner() {
344 corner = document.getElementById("cornerGrab");
345 if (corner) {
346 corner.style.width="100%";
347 corner.style.height="100%";
348 }
349 offsetW=curX-px2num(curDiv.style.width);
350 offsetH=curY-px2num(curDiv.style.height);
351 }
352 function releaseCorner() {
353 corner = document.getElementById("cornerGrab");
354 if (corner) {
355 corner.style.width="20px";
356 corner.style.height="20px";
357 }
358 document.getElementById("GOTMLS_statusFrame").src = "'.admin_url('admin-ajax.php?action=GOTMLS_position&'.$head_nonce.'&GOTMLS_w=').'"+curDiv.style.width+"&GOTMLS_h="+curDiv.style.height;
359 offsetW=0;
360 offsetH=0;
361 }
362 setDiv("div_file");
363 </script>
364 <div id="main-page-title"><h1 style="vertical-align: middle;">Anti-Malware from&nbsp;GOTMLS.NET</h1></div>
365 <div id="admin-page-container">
366 <div id="GOTMLS-right-sidebar" style="width: 300px;" class="metabox-holder">
367 '.GOTMLS_box(__("Updates & Registration",'gotmls'), "<ul>$php_version<li>WordPress: <span class='GOTMLS_date'>$wp_version</span></li>\n<li>Plugin: <span class='GOTMLS_date'>".GOTMLS_Version.'</span></li>
368 <li><div id="GOTMLS_Key" style="margin: 0;'.((!$defLatest && !$isRegistered)?' display: none;">Key: <span style="float: right;">'.GOTMLS_installation_key.'</span></div><div style="':'">Key: <span style="float: right;">'.GOTMLS_installation_key.'</span></div><div style="display: none;').'"><form method="POST" action="'.admin_url('admin-ajax.php?'.$head_nonce).'" target="GOTMLS_iFrame" name="GOTMLS_Form_lognewkey"><input type="hidden" name="GOTMLS_installation_key" value="'.GOTMLS_installation_key.'"><input type="hidden" name="action" value="GOTMLS_lognewkey"><span style="color: #F00;" id="GOTMLS_No_Key">No Key! <input type="submit" style="float: right;" value="'.__("Get FREE Key!",'gotmls').'" class="button-primary" onclick="showhide(\'GOTMLS_No_Key\');showhide(\'GOTMLS_Key\', true);check_for_updates(\'Definition_Updates\');" /></span></form></div></li>
369 <li>Definitions: <span id="GOTMLS_definitions_date" class="GOTMLS_date">'.$GLOBALS["GOTMLS"]["tmp"]["Definition"]["Latest"].'</span></li></ul>
370 <form id="updateform" method="post" name="updateform" action="'.str_replace("GOTMLS_mt=", "GOTMLS_last_mt=", GOTMLS_script_URI).'&'.$head_nonce.'">
371 <img style="display: none; float: left; margin-right: 4px;" src="'.GOTMLS_images_path.'checked.gif" height=16 width=16 alt="definitions updated" id="autoUpdateDownload" onclick="showhide(\'autoUpdateForm\', true); showhide(\'registerKeyForm\', true); showhide(\'clear_updates\', true); getElementById(\'registerFormMessage\').innerHTML = \'<p>You can change your registered email here if you want.</p>\';">
372 '.str_replace('findUpdates', 'Definition_Updates', $Update_Div).'
373 <div id="autoUpdateForm" style="display: none;">
374 <input type="submit" style="width: 100%;" name="auto_update" value="'.__("Download new definitions!",'gotmls').'">
375 </div>
376 </form>
377 <form id="clearupdateform" method="post" name="updateform" action="'.str_replace("GOTMLS_mt=", "GOTMLS_last_mt=", GOTMLS_script_URI).'&'.$head_nonce.'">
378 <input name="UPDATE_definitions_array" value="D" type="hidden">
379 <input type="submit" style="display: none; width: 100%; color: #ff0; background-color: #c33" id="clear_updates" value="'.__("Delete ALL definitions!",'gotmls').'">
380 </form>
381 <div id="registerKeyForm" style="display: none;"><span id="registerFormMessage" style="color: #F00">'.__("<p>Get instant access to definition updates.</p>",'gotmls').'</span><p>
382 '.__("If you have not already registered your Key then register now using the form below.<br />* All registration fields are required<br />** I will NOT share your information.",'gotmls').'</p>
383 <form id="registerform" onsubmit="return sinupFormValidate(this);" action="'.GOTMLS_plugin_home.'wp-login.php?action=register" method="post" name="registerform" target="GOTMLS_iFrame"><input type="hidden" name="redirect_to" id="register_redirect_to" value="/donate/"><input type="hidden" name="user_login" id="register_user_login" value=""><input type="hidden" name="old_user_email" id="old_user_email" value="'.$reg_email_key.'">
384 <div>'.__("Your Full Name:",'gotmls').'</div>
385 <div style="float: left; width: 50%;"><input style="width: 100%;" id="first_name" type="text" name="first_name" value="'.$current_user->user_firstname.'" /></div>
386 <div style="float: left; width: 50%;"><input style="width: 100%;" id="last_name" type="text" name="last_name" value="'.$current_user->user_lastname.'" /></div>
387 <div style="clear: left; width: 100%;">
388 <div>'.__("A password will be e-mailed to this address:",'gotmls').'</div>
389 <input style="width: 100%;" id="user_email" type="text" name="user_email" value="'.$current_user->user_email.'" /></div>
390 <div>
391 <div>'.__("Your WordPress Site URL:",'gotmls').'</div>
392 <input style="width: 100%;" id="user_url" type="text" name="user_url" value="'.GOTMLS_siteurl.'" readonly /></div>
393 <div>
394 <div>'.__("Plugin Installation Key:",'gotmls').'</div>
395 <input style="width: 100%;" id="installation_key" type="text" name="installation_key" value="'.GOTMLS_installation_key.'" readonly /><input id="old_key" type="hidden" name="old_key" value="'.md5($GOTMLS_url_parts[2]).'" /></div>
396 <input style="width: 100%;" id="wp-submit" type="submit" name="wp-submit" value="Register Now!" /></form></div>'.(false && $isRegistered?'Registered to: '.$isRegistered:"").$Update_Link, "stuffbox").'
397 <script type="text/javascript">
398 var alt_addr = "'.$Update_Definitions[1].'";
399 function check_for_updates(update_type) {
400 showhide(update_type, true);
401 stopCheckingDefinitions = checkupdateserver("'.$Update_Definitions[0].'", update_type, alt_addr);
402 }
403 function updates_complete(chk) {
404 if (auto_img = document.getElementById("autoUpdateDownload")) {
405 auto_img.style.display="block";
406 check_for_donation(chk);
407 }
408 }
409 function check_for_donation(chk) {
410 if (document.getElementById("autoUpdateDownload").src.replace(/^.+\?/,"")=="0")
411 if (chk.substr(0, 8) != "Changed " || chk.substr(8, 1) != "0")
412 chk += "\\n\\n'.__("Please make a donation for the use of this wonderful feature!",'gotmls').'";
413 alert(chk);
414 }
415 function sinupFormValidate(form) {
416 var error = "";
417 if(form["first_name"].value == "")
418 error += "'.__("First Name is a required field!",'gotmls').'\n";
419 if(form["last_name"].value == "")
420 error += "'.__("Last Name is a required field!",'gotmls').'\n";
421 if(form["user_email"].value == "")
422 error += "'.__("Email Address is a required field!",'gotmls').'\n";
423 else {
424 if (uem = document.getElementById("register_user_login"))
425 uem.value = form["user_email"].value;
426 if (uem = document.getElementById("register_redirect_to"))
427 uem.value = "/donate/?email="+form["user_email"].value.replace("@", "%40");
428 }
429 if(form["user_url"].value == "")
430 error += "'.__("Your WordPress Site URL is a required field!",'gotmls').'\n";
431 if(form["installation_key"].value == "")
432 error += "'.__("Plugin Installation Key is a required field!",'gotmls').'\n";
433 if(error != "") {
434 alert(error);
435 return false;
436 } else {
437 document.getElementById("Definition_Updates").innerHTML = \'<img src="'.GOTMLS_images_path.'wait.gif">'.__("Submitting Registration ...",'gotmls').'\';
438 showhide("Definition_Updates", true);
439 setTimeout(\'stopCheckingDefinitions = checkupdateserver("'.$Update_Definitions[0].'", "Definition_Updates", "'.$Update_Definitions[1].'")\', 3000);
440 showhide("registerKeyForm");
441 return true;
442 }
443 }
444 var divNAtext = false;
445 function loadGOTMLS() {
446 clearTimeout(divNAtext);
447 setDivNAtext();
448 '.$GLOBALS["GOTMLS"]["tmp"]["onLoad"].'
449 }
450 if ('.($defLatest+strlen($isRegistered)).')
451 check_for_updates("Definition_Updates");
452 /* else
453 showhide("registerKeyForm", true);*/
454 if (divNAtext)
455 loadGOTMLS();
456 else
457 divNAtext=true;
458 </script>
459 '.GOTMLS_box(__("Resources & Links",'gotmls'), '
460 <div id="pastDonations"></div>
461 <form name="ppdform" id="ppdform" action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank">
462 <input type="hidden" name="cmd" value="_s-xclick">
463 <input type="hidden" name="hosted_button_id" value="NKANR75NUL9WY">
464 <input type="hidden" name="on0" value="Contribution Level">
465 <center>
466 <input type="radio" name="os0" value="Basic">$15
467 <input type="radio" name="os0" value="Full" checked>$29
468 <input type="radio" name="os0" value="Double">$52
469 <input type="radio" name="os0" value="Elite">$100
470 <input type="radio" name="os0" value="Ninja">$200
471 </center>
472 <input type="hidden" name="currency_code" value="USD">
473 <img alt="" border="0" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1">
474 <input type="hidden" name="no_shipping" value="1">
475 <input type="hidden" name="no_note" value="1">
476 <input type="hidden" name="tax" value="0">
477 <input type="hidden" name="lc" value="US">
478 <input type="hidden" name="item_name" value="Donation to Eli\'s Anti-Malware Plugin">
479 <input type="hidden" name="item_number" value="GOTMLS-key-'.GOTMLS_installation_key.'">
480 <input type="hidden" name="custom" value="key-'.GOTMLS_installation_key.'">
481 <input type="hidden" name="notify_url" value="'.GOTMLS_plugin_home.GOTMLS_installation_key.'/ipn">
482 <input type="hidden" name="page_style" value="GOTMLS">
483 <input type="hidden" name="return" value="'.GOTMLS_plugin_home.'donate/?donation-source=paid">
484 <input type="hidden" name="cancel_return" value="'.GOTMLS_plugin_home.'donate/?donation-source=cancel">
485 <input type="image" id="pp_button" src="'.GOTMLS_images_path.'btn_donateCC_WIDE.gif" border="0" name="submitc" alt="'.__("Make a Donation with PayPal",'gotmls').'">
486 <div>
487 <ul class="GOTMLS-sidebar-links">
488 <li style="float: right;"><b>on <a target="_blank" href="https://profiles.wordpress.org/scheeeli#content-plugins">WordPress.org</a></b><ul class="GOTMLS-sidebar-links">
489 <li><a target="_blank" href="https://wordpress.org/plugins/gotmls/faq/">Plugin FAQs</a></li>
490 <li><a target="_blank" href="https://wordpress.org/support/plugin/gotmls">Forum Posts</a></li>
491 <li><a target="_blank" href="https://wordpress.org/support/view/plugin-reviews/gotmls">Plugin Reviews</a></li>
492 </ul></li>
493 <li><img src="//gravatar.com/avatar/5feb789dd3a292d563fea3b885f786d6?s=16" border="0" alt="Plugin site:"><b><a target="_blank" href="'.GOTMLS_plugin_home.'">GOTMLS.NET</a></b></li>
494 <li><img src="//gravatar.com/avatar/8151cac22b3fc543d099241fd573d176?s=16" border="0" alt="Developer site:"><b><a target="_blank" href="http://wordpress.ieonly.com/category/my-plugins/anti-malware/">Eli\'s Blog</a></b></li>
495 <li><img src="https://ssl.gstatic.com/ui/v1/icons/mail/favicon.ico" border="0" alt="mail:"><b><a target="_blank" href="mailto:eli@gotmls.net">Email Eli</a></b></li>
496 <li><iframe allowtransparency="true" frameborder="0" scrolling="no" src="https://platform.twitter.com/widgets/follow_button.html?screen_name=GOTMLS&amp;show_count=false" style="width:125px; height:20px;"></iframe></li>
497 </ul>
498 </div>
499 </form>
500 <a target="_blank" href="https://www.google.com/transparencyreport/safebrowsing/diagnostic/index.html#url='.urlencode(GOTMLS_siteurl).'">Google Safe Browsing Diagnostic</a>', "stuffbox").//GOTMLS_box(__("Last Scan Status",'gotmls'), GOTMLS_scan_log(), "stuffbox").
501 $optional_box.'
502 </div>';
503 if (isset($GLOBALS["GOTMLS"]["tmp"]["stuffbox"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["stuffbox"])) {
504 echo '
505 <script type="text/javascript">
506 function stuffbox_showhide(id) {
507 divx = document.getElementById(id);
508 if (divx) {
509 if (divx.style.display == "none" || arguments[1]) {';
510 $else = '
511 if (divx = document.getElementById("GOTMLS-right-sidebar"))
512 divx.style.width = "30px";
513 if (divx = document.getElementById("GOTMLS-main-section"))
514 divx.style.marginRight = "30px";';
515 foreach ($GLOBALS["GOTMLS"]["tmp"]["stuffbox"] as $md5 => $bTitle) {
516 echo "\nif (divx = document.getElementById('inside_$md5'))\n\tdivx.style.display = 'block';\nif (divx = document.getElementById('title_$md5'))\n\tdivx.innerHTML = '".GOTMLS_strip4java($bTitle, true)."';";
517 $else .= "\nif (divx = document.getElementById('inside_$md5'))\n\tdivx.style.display = 'none';\nif (divx = document.getElementById('title_$md5'))\n\tdivx.innerHTML = '".substr($bTitle, 0, 1)."';";
518 }
519 echo '
520 if (divx = document.getElementById("GOTMLS-right-sidebar"))
521 divx.style.width = "300px";
522 if (divx = document.getElementById("GOTMLS-main-section"))
523 divx.style.marginRight = "300px";
524 return true;
525 } else {'.$else.'
526 return false;
527 }
528 }
529 }
530 if (getWindowWidth(780) == 780)
531 setTimeout("stuffbox_showhide(\'inside_'.$md5.'\')", 200);
532 </script>';
533 }
534 echo '
535 <div id="GOTMLS-main-section" style="margin-right: 300px;">
536 <div class="metabox-holder GOTMLS" style="width: 100%;" id="GOTMLS-metabox-container">';
537 }
538
539 function GOTMLS_box($bTitle, $bContents, $bType = "postbox") {
540 $md5 = md5($bTitle);
541 if (isset($GLOBALS["GOTMLS"]["tmp"]["$bType"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["$bType"]))
542 $GLOBALS["GOTMLS"]["tmp"]["$bType"]["$md5"] = "$bTitle";
543 else
544 $GLOBALS["GOTMLS"]["tmp"]["$bType"] = array("$md5"=>"$bTitle");
545 return '
546 <div id="box_'.$md5.'" class="'.$bType.'"><h3 title="Click to toggle" onclick="if (typeof '.$bType.'_showhide == \'function\'){'.$bType.'_showhide(\'inside_'.$md5.'\');}else{showhide(\'inside_'.$md5.'\');}" style="cursor: pointer;" class="hndle"><span id="title_'.$md5.'">'.$bTitle.'</span></h3>
547 <div id="inside_'.$md5.'" class="inside">
548 '.$bContents.'
549 </div>
550 </div>';
551 }
552
553 function GOTMLS_get_scanlog() {
554 global $wpdb;
555 $LastScan = '';
556 if (isset($_GET["GOTMLS_cl"]) && GOTMLS_get_nonce()) {
557 $SQL = $wpdb->prepare("DELETE FROM `$wpdb->options` WHERE option_name LIKE %s AND substring_index(option_name, '/', -1) < %s", 'GOTMLS_scan_log/%', $_GET["GOTMLS_cl"]);
558 if ($cleared = $wpdb->query($SQL))
559 $LastScan .= sprintf(__("Cleared %s records from this log.",'gotmls'), $cleared);
560 // else $LastScan .= $wpdb->last_error."<li>$SQL</li>";
561 }
562 $SQL = "SELECT substring_index(option_name, '/', -1) AS `mt`, option_name, option_value FROM `$wpdb->options` WHERE option_name LIKE 'GOTMLS_scan_log/%' ORDER BY mt DESC";
563 if ($rs = $wpdb->get_results($SQL, ARRAY_A)) {
564 $units = array("seconds"=>60,"minutes"=>60,"hours"=>24,"days"=>365,"years"=>10);
565 $LastScan .= '<ul class="GOTMLS-scanlog GOTMLS-sidebar-links">';
566 foreach ($rs as $row) {
567 $LastScan .= "\n<li>";
568 $GOTMLS_scan_log = (isset($row["option_name"])?get_option($row["option_name"], array()):array());
569 if (isset($GOTMLS_scan_log["scan"]["type"]) && strlen($GOTMLS_scan_log["scan"]["type"]))
570 $LastScan .= htmlentities($GOTMLS_scan_log["scan"]["type"]);
571 else
572 $LastScan .= "Unknown scan type";
573 if (isset($GOTMLS_scan_log["scan"]["dir"]) && is_dir($GOTMLS_scan_log["scan"]["dir"]))
574 $LastScan .= " of ".basename($GOTMLS_scan_log["scan"]["dir"]);
575 if (isset($GOTMLS_scan_log["scan"]["start"]) && is_numeric($GOTMLS_scan_log["scan"]["start"])) {
576 $time = (time() - $GOTMLS_scan_log["scan"]["start"]);
577 $ukeys = array_keys($units);
578 for ($unit = $ukeys[0], $key=0; (isset($units[$ukeys[$key]]) && $key < (count($ukeys) - 1) && $time >= $units[$ukeys[$key]]); $unit = $ukeys[++$key])
579 $time = floor($time/$units[$ukeys[$key]]);
580 if (1 == $time)
581 $unit = substr($unit, 0, -1);
582 $LastScan .= " started $time $unit ago";
583 if (isset($GOTMLS_scan_log["scan"]["finish"]) && is_numeric($GOTMLS_scan_log["scan"]["finish"]) && ($GOTMLS_scan_log["scan"]["finish"] >= $GOTMLS_scan_log["scan"]["start"])) {
584 $time = ($GOTMLS_scan_log["scan"]["finish"] - $GOTMLS_scan_log["scan"]["start"]);
585 for ($unit = $ukeys[0], $key=0; (isset($units[$ukeys[$key]]) && $key < (count($ukeys) - 1) && $time >= $units[$ukeys[$key]]); $unit = $ukeys[++$key])
586 $time = floor($time/$units[$ukeys[$key]]);
587 if (1 == $time)
588 $unit = substr($unit, 0, -1);
589 if ($time)
590 $LastScan .= " and ran for $time $unit";
591 else
592 $LastScan = str_replace("started", "ran", $LastScan);
593 } else
594 $LastScan .= " and has not finish";
595 } else
596 $LastScan .= " failed to started";
597 $LastScan .= '<a href="'.GOTMLS_script_URI.'&GOTMLS_cl='.$row["mt"].'&'.GOTMLS_set_nonce(__FUNCTION__."600").'">[clear log below this entry]</a></li>';
598 }
599 $LastScan .= '</ul>';
600 } else
601 $LastScan .= '<h3>'.__("No Scans have been logged",'gotmls').'</h3>';
602 return "$LastScan\n";
603 }
604
605 function GOTMLS_get_whitelists() {
606 $Q_Page = '';
607 if (isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"])) {
608 $Q_Page .= '<ul name="found_Quarantine" id="found_Quarantine" class="GOTMLS_plugin known" style="background-color: #ccc; padding: 0;"><h3>'.__("Globally White-listed files",'gotmls').'<span class="GOTMLS_date">'.__("# of patterns",'gotmls').'</span><span class="GOTMLS_date">'.__("Date Updated",'gotmls').'</span></h3>';
609 foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"] as $file => $non_threats) {
610 if (isset($non_threats[0])) {
611 $updated = GOTMLS_sexagesimal($non_threats[0]);
612 unset($non_threats[0]);
613 } else
614 $updated = "Unknown";
615 $Q_Page .= '<li style="margin: 4px 12px;"><span class="GOTMLS_date">'.count($non_threats).'</span><span class="GOTMLS_date">'.$updated."</span>$file</li>\n";
616 }
617 if (isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"])) {
618 $Q_Page .= '<h3>'.__("WordPress Core files",'gotmls').'<span class="GOTMLS_date">'.__("# of files",'gotmls').'</span></h3>';
619 foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"] as $ver => $files) {
620 $Q_Page .= '<li style="margin: 4px 12px;"><span class="GOTMLS_date">'.count($files)."</span>Version $ver</li>\n";
621 }
622 }
623 $Q_Page .= "</ul>";
624 }
625 return "$Q_Page\n";
626 }
627
628 function GOTMLS_get_quarantine($only = false) {
629 global $wpdb, $post;
630 if (is_numeric($only))
631 return get_post($only, ARRAY_A);
632 elseif ($only)
633 return $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->posts WHERE `post_type` = 'GOTMLS_quarantine' AND `post_status` = 'private'");
634 else
635 $args = array('posts_per_page' => (isset($_GET['posts_per_page'])&&is_numeric($_GET['posts_per_page'])&&$_GET['posts_per_page']>0?$_GET['posts_per_page']:200), 'orderby' => 'date', 'post_type' => 'GOTMLS_quarantine', "post_status" => "private");
636 if (isset($_POST["paged"]))
637 $args["paged"] = $_POST["paged"];
638 $my_query = new WP_Query($args);
639 $Q_Paged = '<form method="POST" name="GOTMLS_Form_page"><input type="hidden" id="GOTMLS_paged" name="paged" value="1"><div style="float: left;">Page:</div>';
640 $Q_Page = '
641 <form method="POST" action="'.admin_url('admin-ajax.php?'.GOTMLS_set_nonce(__FUNCTION__."700")).(isset($_SERVER["QUERY_STRING"])&&strlen($_SERVER["QUERY_STRING"])?"&".$_SERVER["QUERY_STRING"]:"").'" target="GOTMLS_iFrame" name="GOTMLS_Form_clean"><input type="hidden" id="GOTMLS_fixing" name="GOTMLS_fixing" value="1"><input type="hidden" name="action" value="GOTMLS_fix">';
642 if ($my_query->have_posts()) {
643 $Q_Page .= '<p id="quarantine_buttons" style="display: none;"><input id="repair_button" type="submit" value="'.__("Restore selected files",'gotmls').'" class="button-primary" onclick="if (confirm(\''.__("Are you sure you want to overwrite the previously cleaned files with the selected files in the Quarantine?",'gotmls').'\')) { setvalAllFiles(1); loadIframe(\'File Restoration Results\'); } else return false;" /><input id="delete_button" type="submit" class="button-primary" value="'.__("Delete selected files",'gotmls').'" onclick="if (confirm(\''.__("Are you sure you want to permanently delete the selected files in the Quarantine?",'gotmls').'\')) { setvalAllFiles(2); loadIframe(\'File Deletion Results\'); } else return false;" /></p><p><b>'.__("The following items have been found to contain malicious code, they have been cleaned, and the original infected file contents have been saved here in the Quarantine. The code is safe here and you do not need to do anything further with these files.",'gotmls').'</b></p>
644 <ul name="found_Quarantine" id="found_Quarantine" class="GOTMLS_plugin known" style="background-color: #ccc; padding: 0;"><h3 style="margin: 8px 12px;">'.($my_query->post_count>1?'<input type="checkbox" onchange="checkAllFiles(this.checked); document.getElementById(\'quarantine_buttons\').style.display = \'block\';"> '.sprintf(__("Check all %d",'gotmls'),$my_query->post_count):"").__(" Items in Quarantine",'gotmls').'<span class="GOTMLS_date">'.__("Quarantined",'gotmls').'</span><span class="GOTMLS_date">'.__("Date Infected",'gotmls').'</span></h3>';
645 $root_path = implode(GOTMLS_slash(), array_slice(GOTMLS_explode_dir(__FILE__), 0, (2 + intval($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"])) * -1));
646 while ($my_query->have_posts()) {
647 $my_query->the_post();
648 $Q_Page .= '
649 <li id="GOTMLS_quarantine_'.$post->ID.'" class="GOTMLS_quarantine_item"><span class="GOTMLS_date">'.$post->post_date_gmt.'</span><span class="GOTMLS_date">'.$post->post_modified_gmt.'</span><input type="checkbox" name="GOTMLS_fix[]" value="'.$post->ID.'" id="check_'.$post->ID.'" onchange="document.getElementById(\'quarantine_buttons\').style.display = \'block\';" /><img src="'.GOTMLS_images_path.'blocked.gif" height=16 width=16 alt="Q">'.GOTMLS_error_link(__("View Quarantined File",'gotmls'), $post->ID).str_replace($root_path, "...", $post->post_title)."</a></li>\n";
650 }
651 $Q_Page .= "\n</ul>";
652 for ($p = 1; $p <= $my_query->max_num_pages; $p++) {
653 $Q_Paged .= '<input class="GOTMLS_page" type="submit" value="'.$p.'"'.((isset($_POST["paged"]) && $_POST["paged"] == $p) || (!isset($_POST["paged"]) && 1 == $p)?" DISABLED":"").' onclick="document.getElementById(\'GOTMLS_paged\').value = \''.$p.'\';">';
654 }
655 } else
656 $Q_Page .= '<h3>'.__("No Items in Quarantine",'gotmls').'</h3>';
657 wp_reset_query();
658 $return = "$Q_Paged\n</form><br style=\"clear: left;\" />\n$Q_Page\n</form>\n$Q_Paged\n</form><br style=\"clear: left;\" />\n";
659 if (($trashed = $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->posts WHERE `post_type` = 'GOTMLS_quarantine' AND `post_status` != 'private'")) > 1)
660 $return = '<a href="'.admin_url('admin-ajax.php?action=GOTMLS_empty_trash&'.GOTMLS_set_nonce(__FUNCTION__."720")).'" id="empty_trash_link" style="float: right;" target="GOTMLS_statusFrame">['.sprintf(__("Clear %s Deleted Files from the Trash",'gotmls'), $trashed)."]</a>$return";
661 return $return;
662 }
663
664 function GOTMLS_View_Quarantine() {
665 GOTMLS_update_definitions();
666 $echo = GOTMLS_box($Q_Page = __("White-lists",'gotmls'), GOTMLS_get_whitelists());
667 if (!isset($_GET['Whitelists']))
668 $echo .= "\n<script>\nshowhide('inside_".md5($Q_Page)."');\n</script>\n";
669 $echo .= GOTMLS_box($Q_Page = __("Quarantine",'gotmls'), GOTMLS_get_quarantine());
670 GOTMLS_display_header();
671 echo $echo."\n</div></div></div>";
672 }
673
674 function GOTMLS_Firewall_Options() {
675 global $current_user, $wpdb, $table_prefix;
676 GOTMLS_update_definitions();
677 GOTMLS_display_header();
678 $GOTMLS_nonce_found = GOTMLS_get_nonce();
679 $gt = ">";
680 $lt = "<";
681 $save_action = "";
682 $patch_attr = array(
683 array(
684 "icon" => "blocked",
685 "language" => __("Your WordPress Login page is susceptible to a brute-force attack (just like any other login page). These types of attacks are becoming more prevalent these days and can sometimes cause your server to become slow or unresponsive, even if the attacks do not succeed in gaining access to your site. Applying this patch will block access to the WordPress Login page whenever this type of attack is detected."),
686 "status" => 'Not Installed',
687 "action" => 'Install Patch'
688 ),
689 array(
690 "language" => __("Your WordPress site has the current version of my brute-force Login protection installed."),
691 "action" => 'Uninstall Patch',
692 "status" => 'Enabled',
693 "icon" => "checked"
694 ),
695 array(
696 "language" => __("Your WordPress Login page has the old version of my brute-force protection installed. Upgrade this patch to improve the protection on the WordPress Login page and preserve the integrity of your WordPress core files."),
697 "action" => 'Upgrade Patch',
698 "status" => 'Out of Date',
699 "icon" => "threat"
700 )
701 );
702 $find = '|<Files[^>]+xmlrpc.php>(.+?)</Files>\s*(# END GOTMLS Patch to Block XMLRPC Access\s*)*|is';
703 $deny = "\n<IfModule !mod_authz_core.c>\norder deny,allow\ndeny from all";
704 $allow = "";
705 if (isset($_SERVER["REMOTE_ADDR"])) {
706 $deny .= "\nallow from ".$_SERVER["REMOTE_ADDR"];
707 $allow .= " ".$_SERVER["REMOTE_ADDR"];
708 }
709 if (isset($_SERVER["SERVER_ADDR"])) {
710 $deny .= "\nallow from ".$_SERVER["SERVER_ADDR"];
711 $allow .= " ".$_SERVER["SERVER_ADDR"];
712 }
713 $deny .= "\n</IfModule>\n<IfModule mod_authz_core.c>\nRequire";
714 if (strlen(trim($allow)) > 0)
715 $deny .= " ip$allow";
716 else
717 $deny .= " all denied";
718 $deny .= "\n</IfModule>";
719 if (count($GLOBALS["GOTMLS"]["tmp"]["apache"]) > 1)
720 $errdiv = "<!-- ".$GLOBALS["GOTMLS"]["tmp"]["apache"][0]." -->";
721 else
722 $errdiv = "<div class='error'>Unable to read Apache Version, this patch may not work!</div>";
723 $patch_action = $lt.'form method="POST" name="GOTMLS_Form_XMLRPC_patch"'.$gt.$lt.'input type="hidden" name="'.str_replace('=', '" value="', GOTMLS_set_nonce(__FUNCTION__."1159")).'"'.$gt.$lt.'script'.$gt."\nfunction setFirewall(opt, val) {\n\tif (autoUpdateDownloadGIF = document.getElementById('fw_opt'))\n\t\tautoUpdateDownloadGIF.value = opt;\n\tif (autoUpdateDownloadGIF = document.getElementById('fw_val'))\n\t\tautoUpdateDownloadGIF.value = val;\n}\nfunction testComplete() {\nif (autoUpdateDownloadGIF = document.getElementById('autoUpdateDownload'))\n\tdonationAmount = autoUpdateDownloadGIF.src.replace(/^.+\?/,'');\nif ((autoUpdateDownloadGIF.src == donationAmount) || donationAmount=='0') {\n\tif (patch_searching_div = document.getElementById('GOTMLS_XMLRPC_patch_searching')) {\n\t\tif (autoUpdateDownloadGIF.src == donationAmount)\n\t\t\tpatch_searching_div.innerHTML = '<span style=\"color: #F00;\">".__("You must register and donate to use this feature!",'gotmls')."</span>';\n\t\telse\n\t\t\tpatch_searching_div.innerHTML = '<span style=\"color: #F00;\">".__("This feature is available to those who have donated!",'gotmls')."</span>';\n\t}\n} else {\n\tshowhide('GOTMLS_XMLRPC_patch_searching');\n\tshowhide('GOTMLS_XMLRPC_patch_button', true);\n}\n}\nwindow.onload=testComplete;\n$lt/script$gt$lt".'div style="padding: 0 30px;"'.$gt.$lt.'input type="hidden" name="GOTMLS_XMLRPC_patching" value="';
724 $patch_found = false;
725 $head = str_replace(array('|<Files[^>]+', '(.+?)', '\\s*(', '\\s*)*|is'), array("<Files ", "$deny\n", "\n", "\n"), $find);
726 $htaccess = "";
727 if (is_file(ABSPATH.'.htaccess'))
728 if (($htaccess = @file_get_contents(ABSPATH.'.htaccess')) && strlen($htaccess))
729 $patch_found = preg_match($find, $htaccess);
730 if ($patch_found) {
731 $errdiv = "";
732 if ($GOTMLS_nonce_found && isset($_POST["GOTMLS_XMLRPC_patching"]) && ($_POST["GOTMLS_XMLRPC_patching"] < 0) && GOTMLS_file_put_contents(ABSPATH.'.htaccess', preg_replace($find, "", $htaccess)))
733 $patch_action .= '1"'.$gt.$lt.'input style="float: right;" type="submit" value="Block XMLRPC Access" /'.$gt.$lt.'p'.$gt.$lt.'img src="'.GOTMLS_images_path.'question.gif"'.$gt.$lt.'b'.$gt.'Block XMLRPC Access (Now Allowing Access';
734 elseif ($GOTMLS_nonce_found && isset($_POST["GOTMLS_XMLRPC_patching"]) && ($_POST["GOTMLS_XMLRPC_patching"] < 0))
735 $patch_action .= '-1"'.$gt.$lt.'input style="float: right;" type="submit" value="Unblock XMLRPC Access" /'.$gt.$lt.'p'.$gt.$lt.'img src="'.GOTMLS_images_path.'threat.gif"'.$gt.$lt.'b'.$gt.'Block XMLRPC Access (Still Blocking: '.sprintf(__("Failed to remove XMLRPC Protection [.htaccess %s]",'gotmls'),(is_readable(ABSPATH.'.htaccess')?'read-'.(is_writable(ABSPATH.'.htaccess')?'write?':'only!'):"unreadable!").": ".strlen($htaccess).GOTMLS_fileperms(ABSPATH.'.htaccess'));
736 else
737 $patch_action .= '-1"'.$gt.$lt.'input style="float: right;" type="submit" value="Unblock XMLRPC Access" /'.$gt.$lt.'p'.$gt.$lt.'img src="'.GOTMLS_images_path.'checked.gif"'.$gt.$lt.'b'.$gt.'Block XMLRPC Access (Currently Blocked';
738 } else {
739 if ($GOTMLS_nonce_found && isset($_POST["GOTMLS_XMLRPC_patching"]) && ($_POST["GOTMLS_XMLRPC_patching"] > 0) && GOTMLS_file_put_contents(ABSPATH.'.htaccess', "$head$htaccess")) {
740 $patch_action .= '-1"'.$gt.$lt.'input style="float: right;" type="submit" value="Unblock XMLRPC Access" /'.$gt.$lt.'p'.$gt.$lt.'img src="'.GOTMLS_images_path.'checked.gif"'.$gt.$lt.'b'.$gt.'Block XMLRPC Access (Now Blocked';
741 $errdiv = "";
742 } elseif ($GOTMLS_nonce_found && isset($_POST["GOTMLS_XMLRPC_patching"]) && ($_POST["GOTMLS_XMLRPC_patching"] > 0))
743 $patch_action .= '1"'.$gt.$lt.'input style="float: right;" type="submit" value="Block XMLRPC Access" /'.$gt.$lt.'p'.$gt.$lt.'img src="'.GOTMLS_images_path.'threat.gif"'.$gt.$lt.'b'.$gt.'Block XMLRPC Access (Still Allowing Access: '.sprintf(__("Failed to install XMLRPC Protection [.htaccess %s]",'gotmls'),(is_readable(ABSPATH.'.htaccess')?'read-'.(is_writable(ABSPATH.'.htaccess')?'write?':'only!'):"unreadable!").": ".strlen($htaccess).GOTMLS_fileperms(ABSPATH.'.htaccess'));
744 else
745 $patch_action .= '1"'.$gt.$lt.'input style="float: right;" type="submit" value="Block XMLRPC Access" /'.$gt.$lt.'p'.$gt.$lt.'img src="'.GOTMLS_images_path.'question.gif"'.$gt.$lt.'b'.$gt.'Block XMLRPC Access (Currently Allowing Access';
746 }
747 $patch_action .= ")$errdiv$lt/b$gt$lt/p$gt".__("Most WordPress sites do not use the XMLRPC features and hack attempts on the xmlrpc.php file are more common then ever before. Even if there are no vulnerabilities for hackers to exploit, these attempts can cause slowness or downtime similar to a DDoS attack. This patch automatically blocks all external access to the xmlrpc.php file.",'gotmls').$lt.'/div'.$gt.$lt.'/form'.$gt.$lt.'hr /'.$gt;
748 $patch_status = 0;
749 $patch_found = -1;
750 $find = "#if\s*\(([^\&]+\&\&)?\s*file_exists\((.+?)(safe-load|wp-login)\.php'\)\)\s*require(_once)?\((.+?)(safe-load|wp-login)\.php'\);#";
751 $head = str_replace(array('#', '\\(', '\\)', '(_once)?', ')\\.', '\\s*', '(.+?)(', '|', '([^\\&]+\\&\\&)?'), array(' ', '(', ')', '_once', '.', ' ', '\''.dirname(__FILE__).'/', '/', '!in_array($_SERVER["REMOTE_ADDR"], array("'.$_SERVER["REMOTE_ADDR"].'")) &&'), $find);
752 if (is_file(ABSPATH.'../wp-config.php') && !is_file(ABSPATH.'wp-config.php'))
753 $wp_config = '../wp-config.php';
754 else
755 $wp_config = 'wp-config.php';
756 if (is_file(ABSPATH.$wp_config)) {
757 if (($config = @file_get_contents(ABSPATH.$wp_config)) && strlen($config)) {
758 if ($patch_found = preg_match($find, $config)) {
759 if (strpos($config, substr($head, strpos($head, "file_exists")))) {
760 if ($GOTMLS_nonce_found && isset($_POST["GOTMLS_patching"]) && GOTMLS_file_put_contents(ABSPATH.$wp_config, preg_replace('#'.$lt.'\?[ph\s]+(//.*\s*)*\?'.$gt.'#i', "", preg_replace($find, "", $config))))
761 $patch_action .= $lt.'div class="error"'.$gt.__("Removed Brute-Force Protection",'gotmls').$lt.'/div'.$gt;
762 else
763 $patch_status = 1;
764 } else {
765 if ($GOTMLS_nonce_found && isset($_POST["GOTMLS_patching"]) && GOTMLS_file_put_contents(ABSPATH.$wp_config, preg_replace($find, "$head", $config))) {
766 $patch_action .= $lt.'div class="updated"'.$gt.__("Upgraded Brute-Force Protection",'gotmls').$lt.'/div'.$gt;
767 $patch_status = 1;
768 } else
769 $patch_status = 2;
770 }
771 } elseif ($GOTMLS_nonce_found && isset($_POST["GOTMLS_patching"]) && strlen($config) && ($patch_found == 0) && GOTMLS_file_put_contents(ABSPATH.$wp_config, "$lt?php$head// Load Brute-Force Protection by GOTMLS.NET before the WordPress bootstrap. ?$gt$config")) {
772 $patch_action .= $lt.'div class="updated"'.$gt.__("Installed Brute-Force Protection",'gotmls').$lt.'/div'.$gt;
773 $patch_status = 1;
774 } elseif ($GOTMLS_nonce_found && isset($_POST["GOTMLS_patching"]))
775 $patch_action .= $lt.'div class="updated"'.$gt.sprintf(__("Failed to install Brute-Force Protection (wp-config.php %s)",'gotmls'),(is_readable(ABSPATH.$wp_config)?'read-'.(is_writable(ABSPATH.$wp_config)?'write':'only'):"unreadable").": ".strlen($config).GOTMLS_fileperms(ABSPATH.$wp_config)).$lt.'/div'.$gt;
776 } else
777 $patch_action .= $lt.'div class="error"'.$gt.__("wp-config.php Not Readable!",'gotmls').$lt.'/div'.$gt;
778 } else
779 $patch_action .= $lt.'div class="error"'.$gt.__("wp-config.php Not Found!",'gotmls').$lt.'/div'.$gt;
780 if ($GOTMLS_nonce_found && file_exists(ABSPATH.'wp-login.php') && ($login = @file_get_contents(ABSPATH.'wp-login.php')) && strlen($login) && (preg_match($find, $login))) {
781 if (isset($_POST["GOTMLS_patching"]) && ($source = GOTMLS_get_URL("http://core.svn.wordpress.org/tags/".$wp_version.'/wp-login.php')) && (strlen($source) > 500) && GOTMLS_file_put_contents(ABSPATH.'wp-login.php', $source))
782 $patch_action .= $lt.'div class="updated"'.$gt.__("Removed Old Brute-Force Login Patch",'gotmls').$lt.'/div'.$gt;
783 else
784 $patch_status = 2;
785 }
786 if ($GOTMLS_nonce_found && isset($_POST["GOTMLS_firewall_option"]) && strlen($_POST["GOTMLS_firewall_option"]) && isset($_POST["GOTMLS_firewall_value"]) && strlen($_POST["GOTMLS_firewall_value"])) {
787 $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["firewall"][$_POST["GOTMLS_firewall_option"]] = $_POST["GOTMLS_firewall_value"];
788 if (update_option("GOTMLS_settings_array", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]))
789 $save_action = "\n{$lt}div onclick=\"this.style.display='none';\" style='position: relative; top: -40px; margin: 0 300px 0 130px;' class='updated'$gt\nSettings Saved!$lt/div$gt\n";
790 else
791 $save_action = "\n{$lt}div onclick=\"this.style.display='none';\" style='position: relative; top: -40px; margin: 0 300px 0 130px;' class='updated'$gt\nSave Failed!$lt/div$gt\n";
792 }
793 $sec_opts = $lt.'form method="POST" name="GOTMLS_Form_firewall"'.$gt.$lt.'input type="hidden" id="fw_opt" name="GOTMLS_firewall_option" value="traversal"'.$gt.$lt.'input type="hidden" name="GOTMLS_firewall_value" id="fw_val" value="0"'.$gt.$lt.'input type="hidden" name="'.str_replace('=', '" value="', GOTMLS_set_nonce(__FUNCTION__."805")).'"'.$gt;
794 if (isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["firewall"]) && array($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["firewall"]))
795 foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["firewall"] as $TP => $VA)
796 if (is_array($VA) && count($VA) > 3 && strlen($VA[1]) && strlen($VA[2]))
797 $sec_opts .= $lt.'div style="padding: 0 30px;"'.$gt.$lt.'input type="submit" style="float: right;" value="'.(isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["firewall"]["$TP"]) && $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["firewall"]["$TP"]?"Enable Protection\" onclick=\"setFirewall('$TP', 0);\"$gt$lt".'p'.$gt.$lt.'img src="'.GOTMLS_images_path.'threat.gif"'.$gt.$lt."b$gt$VA[1] (Currently Disabled)":"Disable Protection\" onclick=\"setFirewall('$TP', 1);\"$gt$lt".'p'.$gt.$lt.'img src="'.GOTMLS_images_path.'checked.gif"'.$gt.$lt."b$gt$VA[1] (Automatically Enabled)")."$lt/b$gt$lt/p$gt$VA[2]$lt/div$gt$lt".'hr /'.$gt;
798 $sec_opts .= "$lt/form$gt\n$patch_action\n$lt".'form method="POST" name="GOTMLS_Form_patch"'.$gt.$lt.'div style="padding: 0 30px;"'.$gt.$lt.'input type="hidden" name="'.str_replace('=', '" value="', GOTMLS_set_nonce(__FUNCTION__."807")).'"'.$gt.$lt.'input type="submit" value="'.$patch_attr[$patch_status]["action"].'" style="float: right;'.($patch_status?'"'.$gt:' display: none;" id="GOTMLS_patch_button"'.$gt.$lt.'div id="GOTMLS_patch_searching" style="float: right;"'.$gt.__("Checking for session compatibility ...",'gotmls').' '.$lt.'img src="'.GOTMLS_images_path.'wait.gif" height=16 width=16 alt="Wait..." /'.$gt.$lt.'/div'.$gt).$lt.'input type="hidden" name="GOTMLS_patching" value="1"'.$gt.$lt.'p'.$gt.$lt.'img src="'.GOTMLS_images_path.$patch_attr[$patch_status]["icon"].'.gif"'.$gt.$lt.'b'.$gt.'Brute-force Protection '.$patch_attr[$patch_status]["status"].$lt.'/b'.$gt.$lt.'/p'.$gt.$patch_attr[$patch_status]["language"].__(" For more information on Brute-Force attack prevention and the WordPress wp-login-php file ",'gotmls').' '.$lt.'a target="_blank" href="http://gotmls.net/tag/wp-login-php/"'.$gt.__("read my blog",'gotmls')."$lt/a$gt.$lt/div$gt$lt/form$gt\n$lt"."script type='text/javascript'$gt\nfunction search_patch_onload() {\n\tstopCheckingSession = checkupdateserver('".GOTMLS_images_path."gotmls.js?SESSION=0', 'GOTMLS_patch_searching');\n}\nif (window.addEventListener)\n\twindow.addEventListener('load', search_patch_onload)\nelse\n\tdocument.attachEvent('onload', search_patch_onload);\n$lt/script$gt";
799 $admin_notice = "";
800 if ($current_user->user_login == "admin") {
801 $admin_notice .= $lt.'hr /'.$gt;
802 if ($GOTMLS_nonce_found && isset($_POST["GOTMLS_admin_username"]) && ($current_user->user_login != trim($_POST["GOTMLS_admin_username"])) && strlen(trim($_POST["GOTMLS_admin_username"])) && preg_match('/^\s*[a-z_0-9\@\.\-]{3,}\s*$/i', $_POST["GOTMLS_admin_username"])) {
803 if ($wpdb->update($wpdb->users, array("user_login" => trim($_POST["GOTMLS_admin_username"])), array("user_login" => $current_user->user_login))) {
804 $wpdb->query("UPDATE `{$table_prefix}sitemeta` SET `meta_value` = REPLACE(`meta_value`, 's:5:\"admin\";', 's:".strlen(trim($_POST["GOTMLS_admin_username"])).":\"".trim($_POST["GOTMLS_admin_username"])."\";') WHERE `meta_key` = 'site_admins' AND `meta_value` like '%s:5:\"admin\";%'");
805 $admin_notice .= $lt.'div class="updated"'.$gt.sprintf(__("You username has been change to %s. Don't forget to use your new username when you login again.",'gotmls'), $_POST["GOTMLS_admin_username"]).$lt.'/div'.$gt;
806 } else
807 $admin_notice .= $lt.'div class="error"'.$gt.sprintf(__("SQL Error changing username: %s. Please try again later.",'gotmls'), $wpdb->last_error).$lt.'/div'.$gt;
808 } else {
809 if (isset($_POST["GOTMLS_admin_username"]))
810 $admin_notice .= $lt.'div class="updated"'.$gt.sprintf(__("Your new username must be at least 3 characters and can only contain &quot;%s&quot;. Please try again.",'gotmls'), "a-z0-9_.-@").$lt.'/div'.$gt;
811 $admin_notice .= $lt.'form method="POST" name="GOTMLS_Form_admin"'.$gt.$lt.'div style="float: right;"'.$gt.$lt.'div style="float: left;"'.$gt.__("Change your username:",'gotmls').$lt.'/div'.$gt.$lt.'input type="hidden" name="'.str_replace('=', '" value="', GOTMLS_set_nonce(__FUNCTION__."1235")).'"'.$gt.$lt.'input style="float: left;" type="text" id="GOTMLS_admin_username" name="GOTMLS_admin_username" size="6" value="'.$current_user->user_login.'"'.$gt.$lt.'input style="float: left;" type="submit" value="Change"'.$gt.$lt.'/div'.$gt.$lt.'div style="padding: 0 30px;"'.$gt.$lt.'p'.$gt.$lt.'img src="'.GOTMLS_images_path.'threat.gif"'.$gt.$lt.'b'.$gt.'Admin Notice'.$lt.'/b'.$gt.$lt.'/p'.$gt.__("Your username is \"admin\", this is the most commonly guessed username by hackers and brute-force scripts. It is highly recommended that you change your username immediately.",'gotmls').$lt.'/div'.$gt.$lt.'/form'.$gt;
812 }
813 }
814 if ($GOTMLS_nonce_found && isset($_POST["GOTMLS_wpfirewall_action"])) {
815 if ($_POST["GOTMLS_wpfirewall_action"] == "exclude_terms")
816 update_option("WP_firewall_exclude_terms", "");
817 elseif ($_POST["GOTMLS_wpfirewall_action"] == "whitelisted_ip" && isset($_SERVER["REMOTE_ADDR"])) {
818 $ips = maybe_unserialize(get_option("WP_firewall_whitelisted_ip", "not Array!"));
819 if (is_array($ips))
820 $ips = array_merge($ips, array($_SERVER["REMOTE_ADDR"]));
821 else
822 $ips = array($_SERVER["REMOTE_ADDR"]);
823 update_option("WP_firewall_whitelisted_ip", serialize($ips));
824 }
825 }
826 if (get_option("WP_firewall_exclude_terms", "Not Found!") == "allow") {
827 $end = "$lt/div$gt$lt/form$gt\n{$lt}hr /$gt";
828 $img = 'threat.gif"';
829 $button = $lt.'input type="submit" onclick="document.getElementById(\'GOTMLS_wpfirewall_action\').value=\'exclude_terms\';" value="'.__("Disable this Rule",'gotmls').'"'.$gt;
830 $wpfirewall_action = $lt.'form method="POST" name="GOTMLS_Form_wpfirewall2"'.$gt.$lt.'div style="float: right;"'.$gt.$lt.'input type="hidden" name="GOTMLS_wpfirewall_action" id="GOTMLS_wpfirewall_action" value=""'.$gt.$lt.'input type="hidden" name="'.str_replace('=', '" value="', GOTMLS_set_nonce(__FUNCTION__."1223")).'"'.$gt.$button.$lt.'/div'.$gt.$lt.'div style="padding: 0 30px;"'.$gt.$lt.'p'.$gt.$lt.'img src="'.GOTMLS_images_path.$img.$gt.$lt.'b'.$gt."WP Firewall 2 (Conflicting Firewall Rule)$lt/b$gt$lt/p$gt".__("The Conflicting Firewall Rule (WP_firewall_exclude_terms) activated by the WP Firewall 2 plugin has been shown to interfere with the Definition Updates and WP Core File Scans in my Anti-Malware plugin. I recommend that you disable this rule in the WP Firewall 2 plugin.",'gotmls').$end;
831 if (isset($_SERVER["REMOTE_ADDR"])) {
832 if (is_array($ips = maybe_unserialize(get_option("WP_firewall_whitelisted_ip", "not Array!"))) && in_array($_SERVER["REMOTE_ADDR"], $ips))
833 $wpfirewall_action = str_replace(array($img, $end), array('question.gif"', __(" However, your current IP has been Whitelisted so you could probably keep this rule enabled if you really want to.",'gotmls').$end), $wpfirewall_action);
834 else
835 $wpfirewall_action = str_replace(array($button, $end), array($button.$lt."br /$gt$lt".'input type="submit" onclick="document.getElementById(\'GOTMLS_wpfirewall_action\').value=\'whitelisted_ip\';" value="'.__("Whitelist your IP",'gotmls').'"'.$gt, __(" However, if you would like to keep this rule enabled you should at least Whitelist your IP.",'gotmls').$end), $wpfirewall_action);
836 }
837 $sec_opts = $wpfirewall_action.$sec_opts;
838 }
839 echo GOTMLS_box(__("Firewall Options",'gotmls'), $save_action.$sec_opts.$admin_notice)."\n</div></div></div>";
840 }
841
842 function GOTMLS_get_registrant($you) {
843 global $current_user, $wpdb;
844 wp_get_current_user();
845 if (isset($you["you"]))
846 $you = $you["you"];
847 if (isset($you["user_email"]) && strlen($you["user_email"]) == 32) {
848 if ($you["user_email"] == md5($current_user->user_email))
849 $registrant = $current_user->user_email;
850 elseif (!($registrant = $wpdb->get_var("SELECT `user_nicename` FROM `$wpdb->users` WHERE MD5(`user_email`) = '".$you["user_email"]."'")))
851 $registrant = GOTMLS_siteurl;
852 } else
853 $registrant = GOTMLS_siteurl;
854 return $registrant;
855 }
856
857 function GOTMLS_update_definitions() {
858 global $wp_version, $wpdb;
859 $GOTMLS_definitions_versions = array();
860 $user_info = array();
861 $saved = false;
862 $moreJS = "";
863 $finJS = "\n}";
864 $form = 'registerKeyForm';
865 $innerHTML = "<li style=\\\"color: #f00\\\">Your Installation Key could not be confirmed!</li>";
866 $autoUpJS = '<span style="color: #C00;">This new feature is currently only available to registered users who have donated above the default level.</span><br />';
867 foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"] as $threat_level=>$definition_names)
868 foreach ($definition_names as $definition_name=>$definition_version)
869 if (is_array($definition_version) && isset($definition_version[0]) && strlen($definition_version[0]) == 5)
870 if (!isset($GOTMLS_definitions_versions[$threat_level]) || $definition_version[0] > $GOTMLS_definitions_versions[$threat_level])
871 $GOTMLS_definitions_versions[$threat_level] = $definition_version[0];
872 asort($GOTMLS_definitions_versions);
873 if (isset($_REQUEST["UPDATE_definitions_array"]) && strlen($_REQUEST["UPDATE_definitions_array"]) && GOTMLS_get_nonce()) {
874 if (strlen($_REQUEST["UPDATE_definitions_array"]) > 1) {
875 $GOTnew_definitions = maybe_unserialize(GOTMLS_decode($_REQUEST["UPDATE_definitions_array"]));
876 if (is_array($GOTnew_definitions)) {
877 $form = 'autoUpdateDownload';
878 $GLOBALS["GOTMLS"]["tmp"]["onLoad"] .= "updates_complete('Downloaded Definitions');";
879 }
880 } elseif ($_REQUEST["UPDATE_definitions_array"] == "D") {
881 $GLOBALS["GOTMLS"]["tmp"]["definitions_array"] = array();
882 $GOTnew_definitions = array();
883 } elseif (($DEF = GOTMLS_get_URL('http:'.GOTMLS_update_home.'definitions.php?ver='.GOTMLS_Version.'&wp='.$wp_version.'&'.GOTMLS_set_nonce(__FUNCTION__."870").'&d='.ur1encode(GOTMLS_siteurl))) && is_array($GOTnew_definitions = maybe_unserialize(GOTMLS_decode($DEF))) && count($GOTnew_definitions)) {
884 // $moreJS .= "\n//".count($GOTnew_definitions["you"]).'http:'.GOTMLS_update_home.'definitions.php?ver='.GOTMLS_Version.'&wp='.$wp_version.'&'.GOTMLS_set_nonce(__FUNCTION__."870").'&d='.ur1encode(GOTMLS_siteurl)."\n";
885 if (isset($GOTnew_definitions["you"]["user_email"]) && strlen($GOTnew_definitions["you"]["user_email"]) == 32) {
886 $toInfo = GOTMLS_get_registrant($GOTnew_definitions["you"]);
887 $innerHTML = "<li style=\\\"color: #0C0\\\">Your Installation Key is Registered to:<br /> $toInfo</li>";
888 $form = 'autoUpdateForm';
889 if (isset($GOTnew_definitions["you"]["user_donations"]) && isset($GOTnew_definitions["you"]["user_donation_total"]) && isset($GOTnew_definitions["you"]["user_donation_freshness"])) {
890 $user_donations_src = $GOTnew_definitions["you"]["user_donations"];
891 if ($GOTnew_definitions["you"]["user_donation_total"] > 27.99) {
892 $autoUpJS = '<input type="radio" id="auto_UPDATE_definitions_1" name="UPDATE_definitions_array" value="1">Yes | <input type="radio" id="auto_UPDATE_definitions_0" name="UPDATE_definitions_array" value="0" checked>No <input type="hidden" name="UPDATE_definitions_checkbox" value="UPDATE_definitions_array">';
893 $moreJS = 'if (foundUpdates = document.getElementById("check_wp_core_div_NA"))
894 foundUpdates.innerHTML = "<a href=\'javascript:document.updateform.submit();\' onclick=\'document.updateform.UPDATE_definitions_array.value=1;\' style=\'color: #f00;\'>Set Definition Updates to Automatically Download to activate this feature.</a>";';
895 }
896 if ($user_donations_src > 0 && $GOTnew_definitions["you"]["user_donation_total"] > 0)
897 $li = "<li> You have made $user_donations_src donation".($user_donations_src?'s totalling':' for').' $'.$GOTnew_definitions["you"]["user_donation_total"].".</li><!-- ".$GOTnew_definitions["you"]["user_donation_freshness"]." -->";
898 }
899 } else
900 $innerHTML = "<li style=\\\"color: #f00\\\">Your Installation Key is not registered!</li>";
901 //unset($GOTnew_definitions["you"]);
902 asort($GOTnew_definitions);
903 if (serialize($GOTnew_definitions) == serialize($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]))
904 unset($GOTnew_definitions);
905 else {
906 $debug = substr(serialize($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]), 0, 9)." ".md5(serialize($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]))." ".strlen(serialize($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]))." ".substr(serialize($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]), -9)." = ".substr(serialize($GOTnew_definitions), 0, 9)." ".md5(serialize($GOTnew_definitions))." ".strlen(serialize($GOTnew_definitions)." ".substr(serialize($GOTnew_definitions), -9));
907 $GLOBALS["GOTMLS"]["tmp"]["definitions_array"] = $GOTnew_definitions;
908 $GLOBALS["GOTMLS"]["tmp"]["onLoad"] .= "updates_complete('New Definitions Automatically Installed :-)');";
909 }
910 $finJS .= "\nif (divNAtext)\n\tloadGOTMLS();\nelse\n\tdivNAtext = setTimeout('loadGOTMLS()', 4000);";
911 $finJS .= "\nif (typeof stopCheckingDefinitions !== 'undefined')\n\tclearTimeout(stopCheckingDefinitions);";
912 } else
913 $innerHTML = "<li style=\\\"color: #f00\\\"><a title='report error' href='#' onclick=\\\"stopCheckingDefinitions = checkupdateserver(alt_addr+'&error=".GOTMLS_encode(serialize(array("get_URL"=>$GLOBALS["GOTMLS"]["get_URL"])))."', 'Definition_Updates');\\\">Automatic Update Connection Failed!</a></li>";
914 } else
915 $innerHTML = "<li style=\\\"color: #f00\\\">".GOTMLS_Invalid_Nonce("Nonce Error")."</li>";
916 if (isset($GOTnew_definitions) && is_array($GOTnew_definitions)) {
917 $GLOBALS["GOTMLS"]["tmp"]["definitions_array"] = GOTMLS_array_replace($GLOBALS["GOTMLS"]["tmp"]["definitions_array"], $GOTnew_definitions);
918 if (file_exists(GOTMLS_plugin_path.'definitions_update.txt'))
919 @unlink(GOTMLS_plugin_path.'definitions_update.txt');
920 $saved = GOTMLS_update_option('definitions', $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]);
921 $_REQUEST["check"] = array();
922 foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"] as $threat_level=>$definition_names) {
923 if ($threat_level != "potential")
924 $_REQUEST["check"][] = $threat_level;
925 foreach ($definition_names as $definition_name=>$definition_version)
926 if (is_array($definition_version) && isset($definition_version[0]) && strlen($definition_version[0]) == 5)
927 if (!isset($GOTMLS_definitions_versions[$threat_level]) || $definition_version[0] > $GOTMLS_definitions_versions[$threat_level])
928 $GOTMLS_definitions_versions[$threat_level] = $definition_version[0];
929 }
930 $GLOBALS["GOTMLS"]["log"]["settings"]["check"] = $_REQUEST["check"];
931 $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"] = $_REQUEST["check"];
932 asort($GOTMLS_definitions_versions);
933 $autoUpJS .= '<span style="color: #0C0;">(Newest Definition Updates Installed.)</span>';
934 } elseif ($form != 'registerKeyForm') {
935 $form = 'autoUpdateDownload';
936 $autoUpJS .= '<span style="color: #0C0;">(No newer Definition Updates are available at this time.)</span>';
937 $innerHTML .= "<li style=\\\"color: #0C0\\\">No Newer Definition Updates Available.</li>";
938 }
939 if (isset($_SERVER["SCRIPT_FILENAME"]) && preg_match('/\/admin-ajax\.php/i', $_SERVER["SCRIPT_FILENAME"]) && isset($_REQUEST["action"]) && $_REQUEST["action"] == "GOTMLS_auto_update") {
940 if (!$user_donations_src)
941 $li = "<li style=\\\"color: #f00;\\\">You have not donated yet!</li>";
942 if (strlen($moreJS) == 0)
943 $moreJS = 'if (foundUpdates = document.getElementById("check_wp_core_div_NA"))
944 foundUpdates.innerHTML = "<a href=\'javascript:document.ppdform.submit();\' onclick=\'document.ppdform.amount.value=32;\' style=\'color: #f00;\'>Donate $29+ now then enable Automatic Definition Updates to Scan for Core Files changes.</a>";';
945 $moreJS .= "\n\tif (foundUpdates = document.getElementById('pastDonations'))\n\tfoundUpdates.innerHTML = '$li';";
946 @header("Content-type: text/javascript");
947 if (is_array($GOTMLS_definitions_versions) && count($GOTMLS_definitions_versions) && (strlen($new_ver = trim(array_pop($GOTMLS_definitions_versions))) == 5) && $saved) {
948 $innerHTML .= "<li style=\\\"color: #0C0\\\">New Definition Updates Installed.</li>";
949 $finJS .= "\nif (foundUpdates = document.getElementById('GOTMLS_definitions_date')) foundUpdates.innerHTML = '$new_ver';";
950 } elseif (is_array($GOTnew_definitions) && count($GOTnew_definitions))
951 $finJS .= "\nalert('Definition update $new_ver could not be saved because update_option Failed! $debug');";
952 if (isset($_REQUEST["UPDATE_core"]) && ($_REQUEST["UPDATE_core"] == $wp_version) && isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"][$wp_version])) {
953 foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"][$_REQUEST["UPDATE_core"]] as $file => $md5) {
954 if (is_file(ABSPATH.$file)) {
955 $GLOBALS["GOTMLS"]["tmp"]["file_contents"] = file_get_contents(ABSPATH.$file);
956 if (GOTMLS_check_threat($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"], ABSPATH.$file)) {
957 if (isset($GLOBALS["GOTMLS"]["tmp"]["new_contents"]) && isset($_REQUEST["UPDATE_restore"]) && (md5($GLOBALS["GOTMLS"]["tmp"]["new_contents"])."O".strlen($GLOBALS["GOTMLS"]["tmp"]["new_contents"]) == $_REQUEST["UPDATE_restore"]))
958 $autoUpJS .= "<li>Core File Restored: $file</li>";
959 else
960 $autoUpJS .= "<li>Core File MODIFIED: $file (".md5($GLOBALS["GOTMLS"]["tmp"]["file_contents"])."O".strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"])." => $md5)</li>";
961 }
962 } else
963 $autoUpJS .= "<li>Core File MISSING: $file</li>";
964 }
965 $autoUpJS .= '<div class="update">Definition update: '.$_REQUEST["UPDATE_core"].' checked '.count($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"][$_REQUEST["UPDATE_core"]]).' core files!</div>';
966 }
967 die('//<![CDATA[
968 var inc_form = "";
969 if (foundUpdates = document.getElementById("autoUpdateDownload"))
970 foundUpdates.src += "?'.$user_donations_src.'";
971 if (foundUpdates = document.getElementById("registerKeyForm"))
972 foundUpdates.style.display = "none";
973 if (foundUpdates = document.getElementById("'.$form.'"))
974 foundUpdates.style.display = "block";
975 if (foundUpdates = document.getElementById("Definition_Updates"))
976 foundUpdates.innerHTML = "<ul class=\\"sidebar-links\\">'.$innerHTML.'</ul>"+inc_form;
977 function setDivNAtext() {
978 var foundUpdates;
979 '.$moreJS.$finJS.'
980 if (foundUpdates = document.getElementById("UPDATE_definitions_div"))
981 foundUpdates.innerHTML = \''.$autoUpJS.'\';
982 //]]>');
983 }
984 $GLOBALS["GOTMLS"]["tmp"]["Definition"]["Updates"] = '?div=Definition_Updates';
985 foreach ($GOTMLS_definitions_versions as $definition_name=>$GLOBALS["GOTMLS"]["tmp"]["Definition"]["Latest"])
986 $GLOBALS["GOTMLS"]["tmp"]["Definition"]["Updates"] .= "&def[$definition_name]=".$GLOBALS["GOTMLS"]["tmp"]["Definition"]["Latest"];
987 if (isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["you"]["user_email"]) && strlen($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["you"]["user_email"]) == 32)
988 $GLOBALS["GOTMLS"]["tmp"]["Definition"]["Updates"] .= "&def[you]=".$GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["you"]["user_email"];
989 }
990 add_action('wp_ajax_GOTMLS_auto_update', 'GOTMLS_update_definitions');
991
992 function GOTMLS_settings() {
993 global $wpdb, $wp_version, $GOTMLS_dirs_at_depth, $GOTMLS_dir_at_depth;
994 $GOTMLS_scan_groups = array();
995 $gt = ">";
996 $lt = "<";
997 GOTMLS_update_definitions();
998 if (($GOTMLS_nonce_found = GOTMLS_get_nonce()) && isset($_REQUEST["check"]) && is_array($_REQUEST["check"]))
999 $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"] = $_REQUEST["check"];
1000 /* $threat_names = array_keys($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"]);
1001 foreach ($threat_names as $threat_name) {
1002 if (isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"][$threat_name]) && is_array($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"][$threat_name]) && count($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"][$threat_name]) > 1) {
1003 if ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"][$threat_name][0] > $GOTMLS_definitions_version)
1004 $GOTMLS_definitions_version = $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"][$threat_name][0];
1005 if (!(count($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"]) && in_array($threat_name, $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"]))) {
1006 $GLOBALS["GOTMLS"]["tmp"]["threat_levels"][$threat_name] = count($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"][$threat_name]);
1007 if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"]) && $GLOBALS["GOTMLS"]["tmp"]["threat_levels"][$threat_name] > 2)
1008 $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"] = "known";
1009 }
1010 }
1011 }*/
1012 if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"])) {
1013 $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"] = $GLOBALS["GOTMLS"]["tmp"]["threat_levels"];
1014 update_option("GOTMLS_settings_array", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]);
1015 }
1016 $dirs = GOTMLS_explode_dir(__FILE__);
1017 for ($SL=0;$SL<intval($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"]);$SL++)
1018 $GOTMLS_scan_groups[] = $lt.'b'.$gt.implode(GOTMLS_slash(), array_slice($dirs, -1 * (3 + $SL), 1)).$lt.'/b'.$gt;
1019 if (isset($_POST["exclude_ext"])) {
1020 if (strlen(trim(str_replace(",","",$_POST["exclude_ext"]).' ')) > 0)
1021 $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"] = preg_split('/[\s]*([,]+[\s]*)+/', trim(str_replace('.', ',', htmlentities($_POST["exclude_ext"]))), -1, PREG_SPLIT_NO_EMPTY);
1022 else
1023 $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"] = array();
1024 }
1025 $default_exclude_ext = str_replace(",gotmls", "", implode(",", $GLOBALS["GOTMLS"]["tmp"]["skip_ext"]));
1026 $GLOBALS["GOTMLS"]["tmp"]["skip_ext"] = $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"];
1027 if (isset($_POST["UPDATE_definitions_checkbox"])) {
1028 if (isset($_POST[$_POST["UPDATE_definitions_checkbox"]]) && strlen(trim(" ".$_POST[$_POST["UPDATE_definitions_checkbox"]])))
1029 $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["auto_UPDATE_definitions"] = $_POST[$_POST["UPDATE_definitions_checkbox"]];
1030 else
1031 $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["auto_UPDATE_definitions"] = "";
1032 }
1033 if (isset($_POST["exclude_dir"])) {
1034 if (strlen(trim(str_replace(",","",$_POST["exclude_dir"]).' ')) > 0)
1035 $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_dir"] = preg_split('/[\s]*([,]+[\s]*)+/', trim(htmlentities($_POST["exclude_dir"])), -1, PREG_SPLIT_NO_EMPTY);
1036 else
1037 $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_dir"] = array();
1038 for ($d=0; $d<count($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_dir"]); $d++)
1039 if (dirname($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_dir"][$d]) != ".")
1040 $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_dir"][$d] = str_replace("\\", "", str_replace("/", "", str_replace(dirname($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_dir"][$d]), "", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_dir"][$d])));
1041 }
1042 $GLOBALS["GOTMLS"]["tmp"]["skip_dirs"] = array_merge($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_dir"], $GLOBALS["GOTMLS"]["tmp"]["skip_dirs"]);
1043 if (isset($_POST["scan_what"]) && is_numeric($_POST["scan_what"]) && $_POST["scan_what"] != $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_what"])
1044 $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_what"] = $_POST["scan_what"];
1045 if (isset($_POST["check_custom"]) && $_POST["check_custom"] != $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check_custom"])
1046 $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check_custom"] = stripslashes($_POST["check_custom"]);
1047 if (isset($_POST["scan_depth"]) && is_numeric($_POST["scan_depth"]) && $_POST["scan_depth"] != $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_depth"])
1048 $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_depth"] = $_POST["scan_depth"];
1049 /* if (isset($_POST['check_htaccess']) && is_numeric($_POST['check_htaccess']) && $_POST['check_htaccess'] != $GLOBALS["GOTMLS"]["tmp"]["settings_array"]['check_htaccess'])
1050 $GLOBALS["GOTMLS"]["tmp"]["settings_array"]['check_htaccess'] = $_POST['check_htaccess'];
1051 if (isset($_POST['check_timthumb']) && is_numeric($_POST['check_timthumb']) && $_POST['check_timthumb'] != $GLOBALS["GOTMLS"]["tmp"]["settings_array"]['check_timthumb'])
1052 $GLOBALS["GOTMLS"]["tmp"]["settings_array"]['check_timthumb'] = $_POST['check_timthumb'];
1053 if (isset($_POST['check_wp_core']) && is_numeric($_POST['check_wp_core']) && $_POST['check_wp_core'] != $GLOBALS["GOTMLS"]["tmp"]["settings_array"]['check_wp_core'])
1054 $GLOBALS["GOTMLS"]["tmp"]["settings_array"]['check_wp_core'] = $_POST['check_wp_core'];
1055 if (isset($_POST['check_known']) && is_numeric($_POST['check_known']) && $_POST['check_known'] != $GLOBALS["GOTMLS"]["tmp"]["settings_array"]['check_known'])
1056 $GLOBALS["GOTMLS"]["tmp"]["settings_array"]['check_known'] = $_POST['check_known'];
1057 if (isset($_POST['check_potential']) && is_numeric($_POST['check_potential']) && $_POST['check_potential'] != $GLOBALS["GOTMLS"]["tmp"]["settings_array"]['check_potential'])
1058 $GLOBALS["GOTMLS"]["tmp"]["settings_array"]['check_potential'] = $_POST['check_potential'];*/
1059 if (isset($_POST['skip_quarantine']) && $_POST['skip_quarantine'])
1060 $GLOBALS["GOTMLS"]["tmp"]["settings_array"]['skip_quarantine'] = $_POST['skip_quarantine'];
1061 elseif (isset($_POST["exclude_ext"]))
1062 $GLOBALS["GOTMLS"]["tmp"]["settings_array"]['skip_quarantine'] = 0;
1063 GOTMLS_update_scan_log(array("settings" => $GLOBALS["GOTMLS"]["tmp"]["settings_array"]));
1064 $scan_whatopts = '';
1065 $scan_optjs = "\n{$lt}script type=\"text/javascript\"$gt\nfunction showOnly(what) {\n";
1066 foreach ($GOTMLS_scan_groups as $mg => $GOTMLS_scan_group) {
1067 $scan_optjs .= "document.getElementById('only$mg').style.display = 'none';\n";
1068 $scan_whatopts = "\n$lt/div$gt\n$lt/div$gt\n$scan_whatopts";
1069 $dir = implode(GOTMLS_slash(), array_slice($dirs, 0, -1 * (2 + $mg)));
1070 $files = GOTMLS_getfiles($dir);
1071 if (is_array($files))
1072 foreach ($files as $file)
1073 if (is_dir(GOTMLS_trailingslashit($dir).$file))
1074 $scan_whatopts = $lt.'input type="checkbox" name="scan_only[]" value="'.htmlentities($file).'" /'.$gt.htmlentities($file).$lt.'br /'.$gt.$scan_whatopts;
1075 $scan_whatopts = "\n$lt".'div style="padding: 4px 30px;" id="scan_group_div_'.$mg.'"'.$gt.$lt.'input type="radio" name="scan_what" id="not-only'.$mg.'" value="'.$mg.'"'.($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_what"]==$mg?' checked':'').' /'.$gt.$lt.'a style="text-decoration: none;" href="#scan_what" onclick="showOnly(\''.$mg.'\');document.getElementById(\'not-only'.$mg.'\').checked=true;"'."$gt$GOTMLS_scan_group$lt/a$gt{$lt}br /$gt\n$lt".'div class="rounded-corners" style="position: absolute; display: none; background-color: #CCF; margin: 0; padding: 10px; z-index: 10;" id="only'.$mg.'"'.$gt.$lt.'div style="padding-bottom: 6px;"'.$gt.GOTMLS_close_button('only'.$mg, 0).$lt.'b'.$gt.str_replace(" ", "&nbsp;", __("Only Scan These Folders:",'gotmls')).$lt.'/b'.$gt.$lt.'/div'.$gt.$scan_whatopts;
1076 }
1077 $scan_optjs .= "document.getElementById('only'+what).style.display = 'block';\n}";
1078 if (isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["auto_UPDATE_definitions"]) && strlen(trim(" ".$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["auto_UPDATE_definitions"])))
1079 $scan_optjs .= "\nfunction auto_UPDATE_check() {\n\tif (auto_UPdef_check = document.getElementById('auto_UPDATE_definitions_".$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["auto_UPDATE_definitions"]."'))\n\t\tauto_UPdef_check.checked = true;\n}\nif (window.addEventListener)\n\twindow.addEventListener('load', auto_UPDATE_check)\nelse\n\tdocument.attachEvent('onload', auto_UPDATE_check);\n";
1080 $scan_optjs .= "$lt/script$gt";
1081 $GOTMLS_nonce_URL = GOTMLS_set_nonce(__FUNCTION__."853");
1082 $scan_opts = "\n$lt".'form method="POST" name="GOTMLS_Form"'.$gt.$lt.'input type="hidden" name="'.str_replace('=', '" value="', $GOTMLS_nonce_URL).'"'.$gt.$lt.'input type="hidden" name="scan_type" id="scan_type" value="Complete Scan" /'.$gt.$lt.'div style="float: right;"'.$gt.$lt.'input type="submit" id="complete_scan" value="'.__("Run Complete Scan",'gotmls').'" class="button-primary" onclick="document.getElementById(\'scan_type\').value=\'Complete Scan\';" /'.$gt.$lt.'/div'.$gt.'
1083 '.$lt.'div style="float: left;"'.$gt.$lt.'p'.$gt.$lt.'b'.$gt.__("What to look for:",'gotmls').$lt.'/b'.$gt.$lt.'/p'.$gt.'
1084 '.$lt.'div style="padding: 0 30px;"'.$gt;
1085 $cInput = '"'.$gt.$lt.'input';
1086 $pCheck = "$cInput checked";
1087 $kCheck = "";
1088 foreach ($GLOBALS["GOTMLS"]["tmp"]["threat_levels"] as $threat_level_name=>$threat_level) {
1089 $scan_opts .= $lt.'div id="check_'.$threat_level.'_div" style="padding: 0; position: relative;';
1090 if (($threat_level != "wp_core" && isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"][$threat_level])) || isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"][$threat_level]["$wp_version"])) {
1091 if ($threat_level != "potential" && in_array($threat_level,$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"])) {
1092 $pCheck = " display: none;$cInput";
1093 $scan_opts .= "$cInput checked";
1094 } elseif ($threat_level == "potential")
1095 $scan_opts .= $pCheck;
1096 else
1097 $scan_opts .= $cInput;
1098 if ($threat_level != "potential")
1099 $kCheck .= ",'$threat_level'";
1100 $scan_opts .= ' type="checkbox" onchange="pCheck(this);" name="check[]" id="check_'.$threat_level.'_Yes" value="'.$threat_level.'" /'.$gt.' '.$lt.'a style="text-decoration: none;" href="#check_'.$threat_level.'_div_0" onclick="document.getElementById(\'check_'.$threat_level.'_Yes\').checked=true;pCheck(document.getElementById(\'check_'.$threat_level.'_Yes\'));showhide(\'dont_check_'.$threat_level.'\');"'."$gt{$lt}b$gt$threat_level_name$lt/b$gt$lt/a$gt\n";
1101 if (isset($_GET["SESSION"])) {
1102 if (isset($_SESSION["GOTMLS_debug"][$threat_level]))
1103 $lt.'div style="float: right;"'.$gt.print_r($_SESSION["GOTMLS_debug"][$threat_level],1)."$lt/div$gt";
1104 $scan_opts .= "\n$lt".'div style="padding: 0 20px; position: relative; top: -18px; display: none;" id="dont_check_'.$threat_level.'"'.$gt.$lt.'a class="rounded-corners" style="position: absolute; left: 0; margin: 0; padding: 0 4px; text-decoration: none; color: #C00; background-color: #FCC; border: solid #F00 1px;" href="#check_'.$threat_level.'_div_0" onclick="showhide(\'dont_check_'.$threat_level.'\');"'.$gt.'X'.$lt.'/a'.$gt;
1105 foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"][$threat_level] as $threat_name => $threat_regex)
1106 $scan_opts .= $lt."br /$gt\n$lt".'input type="checkbox" name="dont_check[]" value="'.htmlspecialchars($threat_name).'"'.(in_array($threat_name, $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"])?' checked /'.$gt.$lt.'script'.$gt.'showhide("dont_check_'.$threat_level.'", true);'.$lt.'/script'.$gt:' /'.$gt).(isset($_SESSION["GOTMLS_debug"][$threat_name])?$lt.'div style="float: right;"'.$gt.print_r($_SESSION["GOTMLS_debug"][$threat_name],1)."$lt/div$gt":"").$threat_name;
1107 $scan_opts .= "\n$lt/div$gt";
1108 }
1109 } else
1110 $scan_opts .= $lt.'a title="'.__("Download Definition Updates to Use this feature",'gotmls').'"'.$gt.$lt.'img src="'.GOTMLS_images_path.'blocked.gif" height=16 width=16 alt="X"'.$gt.$lt.'b'.$gt.'&nbsp; '.$threat_level_name.$lt.'/b'.$gt.$lt.'br /'.$gt.$lt.'div style="padding: 14px;" id="check_'.$threat_level.'_div_NA"'.$gt.$lt.'span style="color: #F00"'.$gt.__("Download the new definitions (Right sidebar) to activate this feature.",'gotmls')."$lt/span$gt$lt/div$gt";
1111 $scan_opts .= "\n$lt/div$gt";
1112 }
1113 $scan_opts .= $lt.'/div'.$gt.$lt.'/div'.$gt.'
1114 '.$lt.'div style="float: left;"'.$gt.$lt.'p'.$gt.$lt.'b'.$gt.__("What to scan:",'gotmls').$lt.'/b'.$gt.$lt.'/p'.$gt.$scan_whatopts.$scan_optjs.$lt.'/div'.$gt.'
1115 '.$lt.'div style="float: left;" id="scanwhatfolder"'.$gt.$lt.'/div'.$gt.'
1116 '.$lt.'div style="float: left;"'.$gt.$lt.'p'.$gt.$lt.'b'.$gt.__("Scan Depth:",'gotmls').$lt.'/b'.$gt.$lt.'/p'.$gt.'
1117 '.$lt.'div style="padding: 0 30px;"'.$gt.$lt.'input type="text" value="'.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_depth"].'" name="scan_depth" size="5"'.$gt.$lt.'br /'.$gt.__("how far to drill down",'gotmls').$lt.'br /'.$gt.'('.__("-1 is infinite depth",'gotmls').')'.$lt.'/div'.$gt.$lt.'/div'.$gt.$lt.'br style="clear: left;"'.$gt;
1118 if (isset($_GET["SESSION"]) && isset($_SESSION["GOTMLS_debug"]['total'])) {$scan_opts .= $lt.'div style="float: right;"'.$gt.print_r($_SESSION["GOTMLS_debug"]['total'],1)."$lt/div$gt"; unset($_SESSION["GOTMLS_debug"]);}
1119 if (isset($_GET["eli"])) {//still testing this option
1120 $scan_opts .= "\n$lt".'div style="padding: 10px;"'.$gt.$lt.'p'.$gt.$lt.'b'.$gt.__("Custom RegExp:",'gotmls').$lt.'/b'.$gt.' ('.__("For very advanced users only. Do not use this without talking to Eli first. If used incorrectly you could easily break your site.",'gotmls').')'.$lt.'/p'.$gt.$lt.'input type="text" name="check_custom" style="width: 100%;" value="'.htmlspecialchars($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check_custom"]).'" /'."$gt$lt/div$gt\n";
1121 }
1122 $QuickScan = $lt.((is_dir(dirname(__FILE__)."/../../../wp-includes") && is_dir(dirname(__FILE__)."/../../../wp-admin"))?'a href="'.admin_url("admin.php?page=GOTMLS-settings&scan_type=Quick+Scan&$GOTMLS_nonce_URL").'" class="button-primary" style="height: 22px; line-height: 13px; padding: 3px;">WP_Core</a':"!-- No wp-includes or wp-admin --").$gt;
1123 foreach (array("Plugins", "Themes") as $ScanFolder)
1124 $QuickScan .= '&nbsp;'.$lt.((is_dir(dirname(__FILE__)."/../../../wp-content/".strtolower($ScanFolder)))?'a href="'.admin_url("admin.php?page=GOTMLS-settings&scan_type=Quick+Scan&scan_only[]=wp-content/".strtolower($ScanFolder)."&$GOTMLS_nonce_URL")."\" class=\"button-primary\" style=\"height: 22px; line-height: 13px; padding: 3px;\"$gt$ScanFolder$lt/a":"!-- No $ScanFolder in wp-content --").$gt;
1125 $scan_opts .= "\n$lt".'p'.$gt.$lt.'b'.$gt.__("Skip files with the following extensions:",'gotmls')."$lt/b$gt".(($default_exclude_ext!=implode(",", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"]))?" {$lt}a href=\"javascript:void(0);\" onclick=\"document.getElementById('exclude_ext').value = '$default_exclude_ext';\"{$gt}[Restore Defaults]$lt/a$gt":"").$lt.'/p'.$gt.'
1126 '.$lt.'div style="padding: 0 30px;"'.$gt.$lt.'input type="text" placeholder="'.__("a comma separated list of file extentions to skip",'gotmls').'" name="exclude_ext" id="exclude_ext" value="'.implode(",", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"]).'" style="width: 100%;" /'."$gt$lt/div$gt$lt".'p'.$gt.$lt.'b'.$gt.__("Skip directories with the following names:",'gotmls')."$lt/b$gt$lt/p$gt$lt".'div style="padding: 0 30px;"'.$gt.$lt.'input type="text" placeholder="'.__("a folder name or comma separated list of folder names to skip",'gotmls').'" name="exclude_dir" value="'.implode(",", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_dir"]).'" style="width: 100%;" /'.$gt.$lt.'/div'.$gt.'
1127 '.$lt.'table style="width: 100%" cellspacing="10"'.$gt.$lt.'tr'.$gt.$lt.'td nowrap valign="top" style="white-space: nowrap; width: 1px;"'.$gt.$lt.'b'.$gt.__("Automatically Update Definitions:",'gotmls').$lt."br$gt$lt/b$gt$lt/td$gt$lt".'td'.$gt.$lt.'div id="UPDATE_definitions_div"'.$gt.$lt.'br'.$gt.$lt.'span style="color: #C00;"'.$gt.__("This feature is only available to registered users who have donated at a certain level.",'gotmls')."$lt/span$gt$lt/div$gt$lt/td$gt$lt".'td align="right" valign="bottom"'.$gt.$lt.'input type="submit" id="save_settings" value="'.__("Save Settings",'gotmls').'" class="button-primary" onclick="document.getElementById(\'scan_type\').value=\'Save\';" /'."$gt$lt/td$gt$lt/tr$gt$lt/table$gt$lt/form$gt";
1128 $title_tagline = $lt."li$gt Site Title: ".htmlspecialchars($wpdb->get_var("SELECT `option_value` FROM `$wpdb->options` WHERE `option_name` = 'blogname'"));
1129 $title_tagline .= "$lt/li$gt$lt"."li$gt Tagline: ".htmlspecialchars($wpdb->get_var("SELECT `option_value` FROM `$wpdb->options` WHERE `option_name` = 'blogdescription'"));
1130 if (preg_match('/h[\@a]ck[3e]d.*by/is', $title_tagline))
1131 echo $lt.'div class="error"'.$gt.sprintf(__("Your Site Title or Tagline suggests that you may have been hacked ...%sThis could impact the indexing of your site and may even lead to blacklisting. You can change those options on the %sGeneral Settings$lt/a$gt page.",'gotmls'), "$title_tagline$lt/li$gt", $lt.'a href="'.admin_url("options-general.php").'"'.$gt)."$lt/div$gt";
1132 @ob_start();
1133 $OB_default_handlers = array("default output handler", "zlib output compression");
1134 $OB_handlers = @ob_list_handlers();
1135 if (is_array($OB_handlers) && count($OB_handlers))
1136 foreach ($OB_handlers as $OB_last_handler)
1137 if (!in_array($OB_last_handler, $OB_default_handlers))
1138 echo $lt.'div class="error"'.$gt.sprintf(__("Another Plugin or Theme is using '%s' to handle output buffers. <br />This prevents actively outputing the buffer on-the-fly and could severely degrade the performance of this (and many other) Plugins. <br />Consider disabling caching and compression plugins (at least during the scanning process).",'gotmls'), $OB_last_handler)."$lt/div$gt";
1139 GOTMLS_display_header();
1140 $scan_groups = array_merge(array(__("Scanned Files",'gotmls')=>"scanned",__("Selected Folders",'gotmls')=>"dirs",__("Scanned Folders",'gotmls')=>"dir",__("Skipped Folders",'gotmls')=>"skipdirs",__("Skipped Files",'gotmls')=>"skipped",__("Read/Write Errors",'gotmls')=>"errors",__("Quarantined Files",'gotmls')=>"bad"), $GLOBALS["GOTMLS"]["tmp"]["threat_levels"]);
1141 echo $lt.'script type="text/javascript">
1142 var percent = 0;
1143 function pCheck(chkb) {
1144 var kCheck = ['.trim($kCheck,",").'];
1145 chk = true;
1146 for (var i = 0; i < kCheck.length; i++) {
1147 var chkbox = document.getElementById("check_"+kCheck[i]+"_Yes");
1148 if (chkbox && chkb.id == "check_potential_Yes" && chkb.checked == false) {
1149 chk = false;
1150 chkbox.checked = true;
1151 } else if (chkbox && chkbox.checked) {
1152 chk = false;
1153 }
1154 }
1155 if (chkbox = document.getElementById("check_potential_Yes"))
1156 chkbox.checked = chk;
1157 if (chk) {
1158 document.getElementById("check_potential_div").style.display = "block";
1159 alert("If you do not select any other threat types, then only potential threats will be found and the automatic fix will not be available!");
1160 } else
1161 document.getElementById("check_potential_div").style.display = "none";
1162 }
1163 function changeFavicon(percent) {
1164 var oldLink = document.getElementById("wait_gif");
1165 if (oldLink) {
1166 if (percent >= 100) {
1167 document.getElementsByTagName("head")[0].removeChild(oldLink);
1168 var link = document.createElement("link");
1169 link.id = "wait_gif";
1170 link.type = "image/gif";
1171 link.rel = "shortcut icon";
1172 var threats = '.implode(" + ", array_merge($GLOBALS["GOTMLS"]["tmp"]["threat_levels"], array(__("Potential Threats",'gotmls')=>"errors",__("WP-Login Updates",'gotmls')=>"errors"))).';
1173 if (threats > 0) {
1174 if ((errors * 2) == threats)
1175 linkhref = "blocked";
1176 else
1177 linkhref = "threat";
1178 } else
1179 linkhref = "checked";
1180 link.href = "'.GOTMLS_images_path.'"+linkhref+".gif";
1181 document.getElementsByTagName("head")[0].appendChild(link);
1182 }
1183 } else {
1184 var icons = document.getElementsByTagName("link");
1185 var link = document.createElement("link");
1186 link.id = "wait_gif";
1187 link.type = "image/gif";
1188 link.rel = "shortcut icon";
1189 link.href = "'.GOTMLS_images_path.'wait.gif";
1190 // document.head.appendChild(link);
1191 document.getElementsByTagName("head")[0].appendChild(link);
1192 }
1193 }
1194 function update_status(title, time) {
1195 sdir = (dir+direrrors);
1196 if (arguments[2] >= 0 && arguments[2] <= 100)
1197 percent = arguments[2];
1198 else
1199 percent = Math.floor((sdir*100)/dirs);
1200 scan_state = "6F6";
1201 if (percent == 100) {
1202 showhide("pause_button", true);
1203 showhide("pause_button");
1204 title = "'.$lt.'b'.$gt.__("Scan Complete!",'gotmls').$lt.'/b'.$gt.'";
1205 } else
1206 scan_state = "99F";
1207 changeFavicon(percent);
1208 if (sdir) {
1209 if (arguments[2] >= 0 && arguments[2] <= 100)
1210 timeRemaining = Math.ceil(((time-startTime)*(100/percent))-(time-startTime));
1211 else
1212 timeRemaining = Math.ceil(((time-startTime)*(dirs/sdir))-(time-startTime));
1213 if (timeRemaining > 59)
1214 timeRemaining = Math.ceil(timeRemaining/60)+" Minute";
1215 else
1216 timeRemaining += " Second";
1217 if (timeRemaining.substr(0, 2) != "1 ")
1218 timeRemaining += "s";
1219 } else
1220 timeRemaining = "Calculating Time";
1221 timeElapsed = Math.ceil(time);
1222 if (timeElapsed > 59)
1223 timeElapsed = Math.floor(timeElapsed/60)+" Minute";
1224 else
1225 timeElapsed += " Second";
1226 if (timeElapsed.substr(0, 2) != "1 ")
1227 timeElapsed += "s";
1228 divHTML = \''.$lt.'div align="center" style="vertical-align: middle; background-color: #ccc; z-index: 3; height: 18px; width: 100%; border: solid #000 1px; position: relative; padding: 10px 0;"'.$gt.$lt.'div style="height: 18px; padding: 10px 0; position: absolute; top: 0px; left: 0px; background-color: #\'+scan_state+\'; width: \'+percent+\'%"'.$gt.$lt.'/div'.$gt.$lt.'div style="height: 32px; position: absolute; top: 3px; left: 10px; z-index: 5; line-height: 16px;" align="left"'.$gt.'\'+sdir+" Folder"+(sdir==1?"":"s")+" Checked'.$lt.'br /'.$gt.'"+timeElapsed+\' Elapsed'.$lt.'/div'.$gt.$lt.'div style="height: 38px; position: absolute; top: 0px; left: 0px; width: 100%; z-index: 5; line-height: 38px; font-size: 30px; text-align: center;"'.$gt.'\'+percent+\'%'.$lt.'/div'.$gt.$lt.'div style="height: 32px; position: absolute; top: 3px; right: 10px; z-index: 5; line-height: 16px;" align="right"'.$gt.'\'+(dirs-sdir)+" Folder"+((dirs-sdir)==1?"":"s")+" Remaining'.$lt.'br /'.$gt.'"+timeRemaining+" Remaining'.$lt.'/div'.$gt.$lt.'/div'.$gt.'";
1229 document.getElementById("status_bar").innerHTML = divHTML;
1230 document.getElementById("status_text").innerHTML = title;
1231 dis="none";
1232 divHTML = \''.$lt.'ul style="float: right; margin: 0 20px; text-align: right;"'.$gt.'\';
1233 /*'.$lt.'!--*'.'/';
1234 $MAX = 0;
1235 $vars = "var i, intrvl, direrrors=0";
1236 $fix_button_js = "";
1237 $found = "";
1238 $li_js = "return false;";
1239 if (isset($_REQUEST["scan_type"]) && $_REQUEST["scan_type"] == "Quick Scan") {
1240 $GLOBALS["GOTMLS"]["log"]["settings"]["check"] = array();
1241 foreach ($GLOBALS["GOTMLS"]["tmp"]["threat_levels"] as $check)
1242 if ($check != "potential")
1243 $GLOBALS["GOTMLS"]["log"]["settings"]["check"][] = $check;
1244 }
1245 foreach ($scan_groups as $scan_name => $scan_group) {
1246 if ($MAX++ == 6) {
1247 $quarantineCountOnly = GOTMLS_get_quarantine(true);
1248 $vars .= ", $scan_group=$quarantineCountOnly";
1249 echo "/*--{$gt}*"."/\n\tif ($scan_group > 0)\n\t\tscan_state = ' potential'; \n\telse\n\t\tscan_state = '';\n\tdivHTML += '</ul><ul style=\"text-align: left;\"><li class=\"GOTMLS_li\"><a href=\"admin.php?page=GOTMLS-View-Quarantine\" class=\"GOTMLS_plugin".("'+scan_state+'\" title=\"".GOTMLS_strip4java(GOTMLS_View_Quarantine_LANGUAGE))."\">'+$scan_group+'&nbsp;'+($scan_group==1?('$scan_name').slice(0,-1):'$scan_name')+'</a></li>';\n/*{$lt}!--*"."/";
1250 $found = "Found ";
1251 $fix_button_js = "\n\t\tdis='block';";
1252 } else {
1253 $vars .= ", $scan_group=0";
1254 if ($found && !in_array($scan_group, $GLOBALS["GOTMLS"]["log"]["settings"]["check"]))
1255 $potential_threat = ' potential" title="'.GOTMLS_strip4java(__("You are not currently scanning for this type of threat!",'gotmls'));
1256 else
1257 $potential_threat = "";
1258 echo "/*--{$gt}*"."/\n\tif ($scan_group > 0) {\n\t\tscan_state = ' href=\"#found_$scan_group\" onclick=\"$li_js showhide(\\'found_$scan_group\\', true);\" class=\"GOTMLS_plugin $scan_group\"';$fix_button_js".($MAX>6?"\n\tshowhide('found_$scan_group', true);":"")."\n\t} else\n\t\tscan_state = ' class=\"GOTMLS_plugin$potential_threat\"';\n\tdivHTML += '<li class=\"GOTMLS_li\"".(($found && $scan_group == "potential" && !in_array($scan_group, $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"]))?' style="display: none;"':"")."><a'+scan_state+'>$found'+$scan_group+'&nbsp;'+($scan_group==1?('$scan_name').slice(0,-1):'$scan_name')+'</a></li>';\n/*{$lt}!--*"."/";
1259 }
1260 $li_js = "";
1261 if ($MAX > 11)
1262 $fix_button_js = "";
1263 }
1264 $ScanSettings = $lt.'div style="float: right;"'.$gt.GOTMLS_Run_Quick_Scan_LANGUAGE.":&nbsp;$QuickScan$lt/div$gt".GOTMLS_Scan_Settings_LANGUAGE;
1265 echo "/*--{$gt}*".'/
1266 document.getElementById("status_counts").innerHTML = divHTML+"'.$lt.'/ul'.$gt.'";
1267 document.getElementById("fix_button").style.display = dis;
1268 }
1269 '.$vars.';
1270 function showOnly(what) {
1271 document.getElementById("only_what").innerHTML = document.getElementById("only"+what).innerHTML;
1272 }
1273 var startTime = 0;
1274 '.$lt.'/script'.$gt.GOTMLS_box($ScanSettings, $scan_opts);
1275 $Settings_Saved = "\n{$lt}div onclick=\"this.style.display='none';\" style='position: relative; top: -50px; margin: 0 300px 0 130px;' class='updated'$gt\nSettings Saved!$lt/div$gt\n";//script type='text/javascript'$gt\nalert('Settings Saved!');\n$lt/script$gt\n";
1276 if (isset($_REQUEST["scan_type"]) && $_REQUEST["scan_type"] == "Save") {
1277 if ($GOTMLS_nonce_found) {
1278 update_option('GOTMLS_settings_array', $GLOBALS["GOTMLS"]["tmp"]["settings_array"]);
1279 echo $Settings_Saved;
1280 } else
1281 echo GOTMLS_box(GOTMLS_Invalid_Nonce(""), __("Saving these settings requires a valid Nonce Token. No valid Nonce Token was found at this time, either because the token have expired or because the data was invalid. Please try re-submitting the form above.",'gotmls')."\n{$lt}script type='text/javascript'$gt\nalert('".GOTMLS_Invalid_Nonce("")."');\n$lt/script$gt\n");
1282 echo GOTMLS_box(__("Scan Logs",'gotmls'), GOTMLS_get_scanlog());
1283 } elseif (isset($_REQUEST["scan_what"]) && is_numeric($_REQUEST["scan_what"]) && ($_REQUEST["scan_what"] > -1)) {
1284 if ($GOTMLS_nonce_found) {
1285 update_option('GOTMLS_settings_array', $GLOBALS["GOTMLS"]["tmp"]["settings_array"]);
1286 $GLOBALS["GOTMLS"]["log"]["settings"]["check"] = array();
1287 GOTMLS_update_scan_log(array("settings" => $GLOBALS["GOTMLS"]["tmp"]["settings_array"]));
1288 echo $Settings_Saved;
1289 if (!isset($_REQUEST["scan_type"]))
1290 $_REQUEST["scan_type"] = "Complete Scan";
1291 elseif ($_REQUEST["scan_type"] == "Quick Scan") {
1292 $li_js = "\nfunction testComplete() {\n\tif (percent != 100)\n\t\talert('".__("The Quick Scan was unable to finish because of a shortage of memory or a problem accessing a file. Please try using the Complete Scan, it is slower but it will handle these errors better and continue scanning the rest of the files.",'gotmls')."');\n}\nwindow.onload=testComplete;\n$lt/script$gt\n$lt".'script type="text/javascript"'.$gt;
1293 $GLOBALS["GOTMLS"]["log"]["settings"]["check"] = array();
1294 foreach ($GLOBALS["GOTMLS"]["tmp"]["threat_levels"] as $check)
1295 if ($check != "potential")
1296 $GLOBALS["GOTMLS"]["log"]["settings"]["check"][] = $check;
1297 }
1298 echo "\n$lt".'form method="POST" action="'.admin_url('admin-ajax.php?'.GOTMLS_set_nonce(__FUNCTION__."1030")).(isset($_SERVER["QUERY_STRING"])&&strlen($_SERVER["QUERY_STRING"])?"&".htmlspecialchars($_SERVER["QUERY_STRING"]):"").'" target="GOTMLS_iFrame" name="GOTMLS_Form_clean"'.$gt.$lt.'input type="hidden" name="action" value="GOTMLS_fix"'.$gt.$lt.'input type="hidden" id="GOTMLS_fixing" name="GOTMLS_fixing" value="1"'.$gt;
1299 foreach ($_POST as $name => $value) {
1300 if (substr($name, 0, 10) != 'GOTMLS_fix') {
1301 if (is_array($value)) {
1302 foreach ($value as $val)
1303 echo $lt.'input type="hidden" name="'.$name.'[]" value="'.htmlspecialchars($val).'"'.$gt;
1304 } else
1305 echo $lt.'input type="hidden" name="'.$name.'" value="'.htmlspecialchars($value).'"'.$gt;
1306 }
1307 }
1308 echo "\n$lt".'script type="text/javascript"'.$gt.'showhide("inside_'.md5($ScanSettings).'");'.$lt.'/script'.$gt.GOTMLS_box(htmlspecialchars($_REQUEST["scan_type"]).' Status', $lt.'div id="status_text"'.$gt.$lt.'img src="'.GOTMLS_images_path.'wait.gif" height=16 width=16 alt="..."'.$gt.' '.GOTMLS_Loading_LANGUAGE.$lt.'/div'.$gt.$lt.'div id="status_bar"'.$gt.$lt.'/div'.$gt.$lt.'p id="pause_button" style="display: none; position: absolute; left: 0; text-align: center; margin-left: -30px; padding-left: 50%;"'.$gt.$lt.'input type="button" value="Pause" class="button-primary" onclick="pauseresume(this);" id="resume_button" /'.$gt.$lt.'/p'.$gt.$lt.'div id="status_counts"'.$gt.$lt.'/div'.$gt.$lt.'p id="fix_button" style="display: none; text-align: center;"'.$gt.$lt.'input id="repair_button" type="submit" value="'.GOTMLS_Automatically_Fix_LANGUAGE.'" class="button-primary" onclick="loadIframe(\'Examine Results\');" /'.$gt.$lt.'/p'.$gt);
1309 $scan_groups_UL = "";
1310 foreach ($scan_groups as $scan_name => $scan_group)
1311 $scan_groups_UL .= "\n{$lt}ul name=\"found_$scan_group\" id=\"found_$scan_group\" class=\"GOTMLS_plugin $scan_group\" style=\"background-color: #ccc; display: none; padding: 0;\"$gt{$lt}a class=\"rounded-corners\" name=\"link_$scan_group\" style=\"float: right; padding: 0 4px; margin: 5px 5px 0 30px; line-height: 16px; text-decoration: none; color: #C00; background-color: #FCC; border: solid #F00 1px;\" href=\"#found_top\" onclick=\"showhide('found_$scan_group');\"{$gt}X$lt/a$gt{$lt}h3$gt$scan_name$lt/h3$gt\n".($scan_group=='potential'?$lt.'p'.$gt.' &nbsp; * '.__("NOTE: These are probably not malicious scripts (but it's a good place to start looking <u>IF</u> your site is infected and no Known Threats were found).",'gotmls').$lt.'/p'.$gt:($scan_group=='wp_core'?$lt.'p'.$gt.' &nbsp; * '.sprintf(__("NOTE: We have detected changes to the WordPress Core files on your site. This could be an intentional modification or the malicious work of a hacker. We can restore these files to their original state to preserve the integrity of your original WordPress %s installation.",'gotmls'), $wp_version).' (for more info '.$lt.'a target="_blank" href="http://gotmls.net/tag/wp-core-files/"'.$gt.__("read my blog",'gotmls').$lt.'/a'.$gt.').'.$lt.'/p'.$gt:$lt.'br /'.$gt)).$lt.'/ul'.$gt;
1312 if (!($dir = implode(GOTMLS_slash(), array_slice($dirs, 0, -1 * (2 + $_REQUEST["scan_what"]))))) $dir = "/";
1313 GOTMLS_update_scan_log(array("scan" => array("dir" => $dir, "start" => time(), "type" => htmlentities($_REQUEST["scan_type"]))));
1314 echo GOTMLS_box($lt.'div style="float: right;"'.$gt.'&nbsp;('.$GLOBALS["GOTMLS"]["log"]["scan"]["dir"].")&nbsp;$lt/div$gt".__("Scan Details:",'gotmls'), $scan_groups_UL);
1315 $no_flush_LANGUAGE = __("Not flushing OB Handlers: %s",'gotmls');
1316 if (isset($_REQUEST["no_ob_end_flush"]))
1317 echo $lt.'div class="error"'.$gt.sprintf($no_flush_LANGUAGE, print_r(ob_list_handlers(), 1))."$lt/div$gt\n";
1318 elseif (is_array($OB_handlers) && count($OB_handlers)) {
1319 // $GOTMLS_OB_handlers = get_option("GOTMLS_OB_handlers", array());
1320 foreach (array_reverse($OB_handlers) as $OB_handler) {
1321 if (isset($GOTMLS_OB_handlers[$OB_handler]) && $GOTMLS_OB_handlers[$OB_handler] == "no_end_flush")
1322 echo $lt.'div class="error"'.$gt.sprintf($no_flush_LANGUAGE, $OB_handler)."$lt/div$gt\n";
1323 elseif (in_array($OB_handler, $OB_default_handlers)) {
1324 // $GOTMLS_OB_handlers[$OB_handler] = "no_end_flush";
1325 // update_option("GOTMLS_OB_handlers", $GOTMLS_OB_handlers);
1326 @ob_end_flush();
1327 // $GOTMLS_OB_handlers[$OB_handler] = "ob_end_flush";
1328 // update_option("GOTMLS_OB_handlers", $GOTMLS_OB_handlers);
1329 }
1330 }
1331 }
1332 @ob_start();
1333 echo "\n{$lt}script type=\"text/javascript\"$gt$li_js\n/*{$lt}!--*"."/";
1334 if (is_dir($dir)) {
1335 $GOTMLS_dirs_at_depth[0] = 1;
1336 $GOTMLS_dir_at_depth[0] = 0;
1337 if (isset($_REQUEST['scan_only']) && is_array($_REQUEST['scan_only'])) {
1338 $GOTMLS_dirs_at_depth[0] += (count($_REQUEST['scan_only']) - 1);
1339 foreach ($_REQUEST['scan_only'] as $only_dir)
1340 if (is_dir(GOTMLS_trailingslashit($dir).$only_dir))
1341 GOTMLS_readdir(GOTMLS_trailingslashit($dir).$only_dir);
1342 } else
1343 GOTMLS_readdir($dir);
1344 } else
1345 echo GOTMLS_return_threat("errors", "blocked", $dir, GOTMLS_error_link("Not a valid directory!"));
1346 if ($_REQUEST["scan_type"] == "Quick Scan")
1347 echo GOTMLS_update_status(__("Completed!",'gotmls'), 100);
1348 else {
1349 echo GOTMLS_update_status(__("Starting Scan ...",'gotmls'))."/*--{$gt}*"."/";
1350 echo "\nvar scriptSRC = '".admin_url('admin-ajax.php?action=GOTMLS_scan&'.GOTMLS_set_nonce(__FUNCTION__."1087").'&mt='.$GLOBALS["GOTMLS"]["tmp"]["mt"].preg_replace('/\&(GOTMLS_scan|mt|GOTMLS_mt|action)=/', '&last_\1=', isset($_SERVER["QUERY_STRING"])&&strlen($_SERVER["QUERY_STRING"])?"&".htmlspecialchars($_SERVER["QUERY_STRING"]):"").'&GOTMLS_scan=')."';\nvar scanfilesArKeys = new Array('".implode("','", array_keys($GLOBALS["GOTMLS"]["tmp"]["scanfiles"]))."');\nvar scanfilesArNames = new Array('Scanning ".implode("','Scanning ", $GLOBALS["GOTMLS"]["tmp"]["scanfiles"])."');".'
1351 var scanfilesI = 0;
1352 var stopScanning;
1353 var gotStuckOn = "";
1354 function scanNextDir(gotStuck) {
1355 clearTimeout(stopScanning);
1356 if (gotStuck > -1) {
1357 if (scanfilesArNames[gotStuck].substr(0, 3) != "Re-") {
1358 if (scanfilesArNames[gotStuck].substr(0, 9) == "Checking ") {
1359 scanfilesArNames.push(scanfilesArNames[gotStuck]);
1360 scanfilesArKeys.push(scanfilesArKeys[gotStuck]+"&GOTMLS_skip_file[]="+encodeURIComponent(scanfilesArNames[gotStuck].substr(9)));
1361 } else {
1362 scanfilesArNames.push("Re-"+scanfilesArNames[gotStuck]);
1363 scanfilesArKeys.push(scanfilesArKeys[gotStuck]+"&GOTMLS_only_file=");
1364 }
1365 } else {
1366 scanfilesArNames.push("Got Stuck "+scanfilesArNames[gotStuck]);
1367 scanfilesArKeys.push(scanfilesArKeys[gotStuck]+"&GOTMLS_skip_dir="+scanfilesArKeys[gotStuck]);
1368 }
1369 }
1370 if (document.getElementById("resume_button").value != "Pause") {
1371 stopScanning=setTimeout("scanNextDir(-1)", 1000);
1372 startTime++;
1373 }
1374 else if (scanfilesI < scanfilesArKeys.length) {
1375 document.getElementById("status_text").innerHTML = scanfilesArNames[scanfilesI];
1376 var newscript = document.createElement("script");
1377 newscript.setAttribute("src", scriptSRC+scanfilesArKeys[scanfilesI]);
1378 divx = document.getElementById("found_scanned");
1379 if (divx)
1380 divx.appendChild(newscript);
1381 stopScanning=setTimeout("scanNextDir("+(scanfilesI++)+")",'.$GLOBALS["GOTMLS"]["tmp"]['execution_time'].'000);
1382 }
1383 }
1384 startTime = ('.ceil(time()-$GLOBALS["GOTMLS"]["log"]["scan"]["start"]).'+3);
1385 stopScanning=setTimeout("scanNextDir(-1)",3000);
1386 function pauseresume(butt) {
1387 if (butt.value == "Resume")
1388 butt.value = "Pause";
1389 else
1390 butt.value = "Resume";
1391 }
1392 showhide("pause_button", true);'."\n/*{$lt}!--*"."/";
1393 }
1394 if (@ob_get_level()) {
1395 GOTMLS_flush('script');
1396 @ob_end_flush();
1397 }
1398 echo "/*--{$gt}*"."/\n$lt/script$gt";
1399 } else
1400 echo GOTMLS_box(GOTMLS_Invalid_Nonce(""), __("Starting a Complete Scan requires a valid Nonce Token. No valid Nonce Token was found at this time, either because the token have expired or because the data was invalid. Please try re-submitting the form above.",'gotmls')."\n{$lt}script type='text/javascript'$gt\nalert('".GOTMLS_Invalid_Nonce("")."');\n$lt/script$gt\n");
1401 } else
1402 echo GOTMLS_box(__("Scan Logs",'gotmls'), GOTMLS_get_scanlog());
1403 echo "\n$lt/div$gt$lt/div$gt$lt/div$gt";
1404 }
1405
1406 function GOTMLS_login_form($form_id = "loginform") {
1407 $sess = time();
1408 $ajaxURL = admin_url("admin-ajax.php?action=GOTMLS_logintime&GOTMLS_sess=");
1409 echo '<input type="hidden" name="sess_id" value="'.substr($sess, 4).'"><input type="hidden" id="offset_id" value="0" name="sess'.substr($sess, 4).'"><script type="text/javascript">'."\nvar GOTMLS_login_offset = new Date();\nvar GOTMLS_login_script = document.createElement('script');\nGOTMLS_login_script.src = '$ajaxURL'+GOTMLS_login_offset.getTime();\n\ndocument.head.appendChild(GOTMLS_login_script);\n</script>\n";//GOTMLS_login_script.onload = set_offset_id();
1410 }
1411 add_action("login_form", "GOTMLS_login_form");
1412
1413 function GOTMLS_ajax_logintime() {
1414 @header("Content-type: text/javascript");
1415 $sess = (false && isset($_GET["GOTMLS_sess"]) && is_numeric($_GET["GOTMLS_sess"])) ? htmlspecialchars($_GET["sess"]) : time();
1416 die("\n//Permission Error: User not authenticated!\nvar GOTMLS_login_offset = new Date();\nvar GOTMLS_login_offset_start = GOTMLS_login_offset.getTime() - ".$sess."000;\nfunction set_offset_id() {\n\tGOTMLS_login_offset = new Date();\n\tif (form_login = document.getElementById('offset_id'))\n\t\tform_login.value = GOTMLS_login_offset.getTime() - GOTMLS_login_offset_start;\n\tsetTimeout(set_offset_id, 15673);\n}\nset_offset_id();");
1417 }
1418 add_action('wp_ajax_nopriv_GOTMLS_logintime', 'GOTMLS_ajax_logintime');
1419 add_action('wp_ajax_GOTMLS_logintime', 'GOTMLS_ajax_logintime');
1420
1421 function GOTMLS_ajax_lognewkey() {
1422 @header("Content-type: text/javascript");
1423 if (GOTMLS_get_nonce()) {
1424 if (isset($_POST["GOTMLS_installation_key"]) && ($_POST["GOTMLS_installation_key"] == GOTMLS_installation_key)) {
1425 $keys = maybe_unserialize(get_option('GOTMLS_Installation_Keys', array()));
1426 if (is_array($keys)) {
1427 $count = count($keys);
1428 if (!array_key_exists(GOTMLS_installation_key, $keys))
1429 $keys = array_merge($keys, array(GOTMLS_installation_key => GOTMLS_siteurl));
1430 } else
1431 $keys = array(GOTMLS_installation_key => GOTMLS_siteurl);
1432 update_option("GOTMLS_Installation_Keys", serialize($keys));
1433 die("\n//$count~".count($keys));
1434 } else
1435 die("\n//0");
1436 } else
1437 die(GOTMLS_Invalid_Nonce("\n//Log New Key Error: ")."\n");
1438 }
1439 add_action('wp_ajax_GOTMLS_lognewkey', 'GOTMLS_ajax_lognewkey');
1440 add_action('wp_ajax_nopriv_GOTMLS_lognewkey', 'GOTMLS_ajax_nopriv');
1441
1442 function GOTMLS_set_plugin_action_links($links_array, $plugin_file) {
1443 if ($plugin_file == substr(str_replace("\\", "/", __FILE__), (-1 * strlen($plugin_file))) && strlen($plugin_file) > 10)
1444 $links_array = array_merge(array('<a href="'.admin_url('admin.php?page=GOTMLS-settings').'">'.GOTMLS_Scan_Settings_LANGUAGE.'</a>'), $links_array);
1445 return $links_array;
1446 }
1447 add_filter("plugin_action_links", "GOTMLS_set_plugin_action_links", 1, 2);
1448
1449 function GOTMLS_set_plugin_row_meta($links_array, $plugin_file) {
1450 if ($plugin_file == substr(str_replace("\\", "/", __FILE__), (-1 * strlen($plugin_file))) && strlen($plugin_file) > 10)
1451 $links_array = array_merge($links_array, array('<a target="_blank" href="http://gotmls.net/faqs/">FAQ</a>','<a target="_blank" href="http://gotmls.net/support/">Support</a>','<a target="_blank" href="https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE"><span style="font-size: 20px; height: 20px; width: 20px;" class="dashicons dashicons-heart"></span>Donate</a>'));
1452 return $links_array;
1453 }
1454 add_filter("plugin_row_meta", "GOTMLS_set_plugin_row_meta", 1, 2);
1455
1456 function GOTMLS_in_plugin_update_message($args) {
1457 $transient_name = 'GOTMLS_upgrade_notice_'.$args["Version"].'_'.$args["new_version"];
1458 if ((false === ($upgrade_notice = get_transient($transient_name))) && ($ret = GOTMLS_get_URL("https://plugins.svn.wordpress.org/gotmls/trunk/readme.txt"))) {
1459 $upgrade_notice = '';
1460 if ($match = preg_split('/==\s*Upgrade Notice\s*==\s+/i', $ret)) {
1461 if (preg_match('/\n+=\s*'.str_replace(".", "\\.", GOTMLS_Version).'\s*=\s+/is', $match[1]))
1462 $notice = (array) preg_split('/\n+=\s*'.str_replace(".", "\\.", GOTMLS_Version).'\s*=\s+/is', $match[1]);
1463 else
1464 $notice = (array) preg_split('/\n+=/is', $match[1]."\n=");
1465 $upgrade_notice .= '<div class="GOTMLS_upgrade_notice">'.preg_replace('/=\s*([\.0-9]+)\s*=\s*([^=]+)/i', '<li><b>${1}:</b> ${2}</li>', preg_replace('~\[([^\]]*)\]\(([^\)]*)\)~', '<a href="${2}">${1}</a>', $notice[0])).'</div>';
1466 set_transient($transient_name, $upgrade_notice, DAY_IN_SECONDS);
1467 }
1468 }
1469 echo $upgrade_notice;
1470 }
1471 add_action("in_plugin_update_message-gotmls/index.php", "GOTMLS_in_plugin_update_message");
1472
1473 function GOTMLS_init() {
1474 if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_what"]))
1475 $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_what"] = 2;
1476 if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_depth"]))
1477 $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_depth"] = -1;
1478 if (isset($_REQUEST["scan_type"]) && $_REQUEST["scan_type"] == "Quick Scan") {
1479 if (!isset($_REQUEST["scan_what"])) $_REQUEST["scan_what"] = 2;
1480 if (!isset($_REQUEST["scan_depth"]))
1481 $_REQUEST["scan_depth"] = 2;
1482 if (!isset($_REQUEST["scan_only"]))
1483 $_REQUEST["scan_only"] = array("","wp-includes","wp-admin");
1484 if ($_REQUEST["scan_only"] && !is_array($_REQUEST["scan_only"]))
1485 $_REQUEST["scan_only"] = array($_REQUEST["scan_only"]);
1486 }//$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check_custom"] = stripslashes($_POST["check_custom"]);
1487 if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check_custom"]))
1488 $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check_custom"] = "";
1489 if (isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"]) && is_numeric($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"]))
1490 $scan_level = intval($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"]);
1491 else
1492 $scan_level = count(explode('/', trailingslashit(GOTMLS_siteurl))) - 1;
1493 if (GOTMLS_get_nonce()) {
1494 if (isset($_REQUEST["dont_check"]) && is_array($_REQUEST["dont_check"]) && count($_REQUEST["dont_check"]))
1495 $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"] = $_REQUEST["dont_check"];
1496 elseif (isset($_POST["scan_type"]) || !(isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"])))
1497 $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"] = array();
1498 if (isset($_POST["scan_level"]) && is_numeric($_POST["scan_level"]))
1499 $scan_level = intval($_POST["scan_level"]);
1500 if (isset($scan_level) && is_numeric($scan_level))
1501 $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"] = intval($scan_level);
1502 }
1503 if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"]))
1504 $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"] = count(explode('/', trailingslashit(GOTMLS_siteurl))) - 1;
1505 }
1506 add_action("admin_init", "GOTMLS_init");
1507
1508 function GOTMLS_ajax_position() {
1509 if (GOTMLS_get_nonce()) {
1510 $GLOBALS["GOTMLS_msg"] = __("Default position",'gotmls');
1511 $properties = array("body" => 'style="margin: 0; padding: 0;"');
1512 if (isset($_GET["GOTMLS_msg"]) && $_GET["GOTMLS_msg"] == $GLOBALS["GOTMLS_msg"]) {
1513 $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"] = $GLOBALS["GOTMLS"]["tmp"]["default"]["msg_position"];
1514 $gl = '><';
1515 $properties["html"] = $gl.'head'.$gl.'script type="text/javascript">
1516 if (curDiv = window.parent.document.getElementById("div_file")) {
1517 curDiv.style.left = "'.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][0].'";
1518 curDiv.style.top = "'.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][1].'";
1519 curDiv.style.height = "'.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][2].'";
1520 curDiv.style.width = "'.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][3].'";
1521 }
1522 </script'.$gl.'/head';
1523 } elseif (isset($_GET["GOTMLS_x"]) || isset($_GET["GOTMLS_y"]) || isset($_GET["GOTMLS_h"]) || isset($_GET["GOTMLS_w"])) {
1524 if (isset($_GET["GOTMLS_x"]))
1525 $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][0] = $_GET["GOTMLS_x"];
1526 if (isset($_GET["GOTMLS_y"]))
1527 $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][1] = $_GET["GOTMLS_y"];
1528 if (isset($_GET["GOTMLS_h"]))
1529 $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][2] = $_GET["GOTMLS_h"];
1530 if (isset($_GET["GOTMLS_w"]))
1531 $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][3] = $_GET["GOTMLS_w"];
1532 $_GET["GOTMLS_msg"] = __("New position",'gotmls');
1533 } else
1534 die("\n//Position Error: No new position to save!\n");
1535 update_option("GOTMLS_settings_array", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]);
1536 die(GOTMLS_html_tags(array("html" => array("body" => htmlentities($_GET["GOTMLS_msg"]).' '.__("saved.",'gotmls').(implode($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"]) == implode($GLOBALS["GOTMLS"]["tmp"]["default"]["msg_position"])?"":' <a href="'.admin_url('admin-ajax.php?action=GOTMLS_position&'.GOTMLS_set_nonce(__FUNCTION__."1350").'&GOTMLS_msg='.urlencode($GLOBALS["GOTMLS_msg"])).'">['.$GLOBALS["GOTMLS_msg"].']</a>'))), $properties));
1537 } else
1538 die(GOTMLS_Invalid_Nonce("\n//Position Error: ")."\n");
1539 }
1540 add_action('wp_ajax_GOTMLS_position', 'GOTMLS_ajax_position');
1541
1542 function GOTMLS_ajax_empty_trash() {
1543 global $wpdb;
1544 $gl = '><';
1545 if (GOTMLS_get_nonce()) {
1546 if ($trashed = $wpdb->query("DELETE FROM $wpdb->posts WHERE `post_type` = 'GOTMLS_quarantine' AND `post_status` != 'private'")) {
1547 $wpdb->query("REPAIR TABLE $wpdb->posts");
1548 $trashmsg = __("Emptied $trashed item from the quarantine trash.",'gotmls');
1549 } else
1550 $trashmsg = __("Failed to empty the trash.",'gotmls');
1551 } else
1552 $trashmsg = GOTMLS_Invalid_Nonce("");
1553 $properties = array("html" => $gl.'head'.$gl."script type='text/javascript'>\nif (curDiv = window.parent.document.getElementById('empty_trash_link'))\n\tcurDiv.style.display = 'none';\nalert('$trashmsg');\n</script$gl/head", "body" => 'style="margin: 0; padding: 0;"');
1554 die(GOTMLS_html_tags(array("html" => array("body" => $trashmsg)), $properties));
1555 }
1556 add_action('wp_ajax_GOTMLS_empty_trash', 'GOTMLS_ajax_empty_trash');
1557
1558 function GOTMLS_ajax_whitelist() {
1559 if (GOTMLS_get_nonce()) {
1560 if (isset($_POST['GOTMLS_whitelist']) && isset($_POST['GOTMLS_chksum'])) {
1561 $file = GOTMLS_decode($_POST['GOTMLS_whitelist']);
1562 $chksum = explode("O", $_POST['GOTMLS_chksum']."O");
1563 if (strlen($chksum[0]) == 32 && strlen($chksum[1]) == 32 && is_file($file) && md5(@file_get_contents($file)) == $chksum[0]) {
1564 $filesize = @filesize($file);
1565 if (true) {
1566 if (!isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"][$file][0]))
1567 $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"][$file][0] = "A0002";
1568 $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"][$file][$chksum[0].'O'.$filesize] = "A0002";
1569 } else
1570 unset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"][$file]);
1571 GOTMLS_update_option("definitions", $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]);
1572 $body = "Added $file to Whitelist!<br />\n<iframe style='width: 90%; height: 250px; border: none;' src='".GOTMLS_plugin_home."whitelist.html?whitelist=".htmlspecialchars($_POST['GOTMLS_whitelist'])."&hash=$chksum[0]&size=$filesize&key=$chksum[1]'></iframe>";
1573 } else
1574 $body = "<li>Invalid Data!</li>";
1575 die(GOTMLS_html_tags(array("html" => array("body" => $body))));
1576 } else
1577 die("\n//Whitelist Error: Invalid checksum!\n");
1578 } else
1579 die(GOTMLS_Invalid_Nonce("\n//Whitelist Error: ")."\n");
1580 }
1581 add_action('wp_ajax_GOTMLS_whitelist', 'GOTMLS_ajax_whitelist');
1582
1583 function GOTMLS_ajax_fix() {
1584 if (GOTMLS_get_nonce()) {
1585 if (isset($_POST["GOTMLS_fix"]) && !is_array($_POST["GOTMLS_fix"]))
1586 $_POST["GOTMLS_fix"] = array($_POST["GOTMLS_fix"]);
1587 if (isset($_REQUEST["GOTMLS_fix"]) && is_array($_REQUEST["GOTMLS_fix"]) && isset($_REQUEST["GOTMLS_fixing"]) && $_REQUEST["GOTMLS_fixing"]) {
1588 GOTMLS_update_scan_log(array("settings" => $GLOBALS["GOTMLS"]["tmp"]["settings_array"]));
1589 $callAlert = "clearTimeout(callAlert);\ncallAlert=setTimeout('alert_repaired(1)', 30000);";
1590 $li_js = "\n<script type=\"text/javascript\">\nvar callAlert;\nfunction alert_repaired(failed) {\nclearTimeout(callAlert);\nif (failed)\nfilesFailed='the rest, try again to change more.';\nwindow.parent.check_for_donation('Changed '+filesFixed+' files, failed to change '+filesFailed);\n}\n$callAlert\nwindow.parent.showhide('GOTMLS_iFrame', true);\nfilesFixed=0;\nfilesFailed=0;\nfunction fixedFile(file) {\n filesFixed++;\nif (li_file = window.parent.document.getElementById('check_'+file))\n\tli_file.checked=false;\nif (li_file = window.parent.document.getElementById('list_'+file))\n\tli_file.className='GOTMLS_plugin';\nif (li_file = window.parent.document.getElementById('GOTMLS_quarantine_'+file)) {\n\tli_file.style.display='none';\n\tli_file.innerHTML='';\n\t}\n}\nfunction DeletedFile(file) {\n filesFixed++;\nif (li_file = window.parent.document.getElementById('check_'+file))\n\tli_file.checked=false;\nif (li_file = window.parent.document.getElementById('GOTMLS_quarantine_'+file)) {\n\tli_file.style.display='none';\n\tli_file.innerHTML='';\n\t}}\nfunction failedFile(file) {\n filesFailed++;\nwindow.parent.document.getElementById('check_'+file).checked=false; \n}\n</script>\n<script type=\"text/javascript\">\n/*<!--*"."/";
1591 @set_time_limit($GLOBALS["GOTMLS"]["tmp"]['execution_time'] * 2);
1592 $HTML = explode("split-here-for-content", GOTMLS_html_tags(array("html" => array("body" => "split-here-for-content"))));
1593 echo $HTML[0];
1594 GOTMLS_update_scan_log(array("scan" => array("dir" => count($_REQUEST["GOTMLS_fix"])." Files", "start" => time())));
1595 foreach ($_REQUEST["GOTMLS_fix"] as $clean_file) {
1596 if (is_numeric($clean_file)) {
1597 if (($Q_post = GOTMLS_get_quarantine($clean_file)) && isset($Q_post["post_type"]) && strtolower($Q_post["post_type"]) == "gotmls_quarantine" && isset($Q_post["post_status"]) && strtolower($Q_post["post_status"]) == "private") {
1598 $path = $Q_post["post_title"];
1599 if ($_REQUEST["GOTMLS_fixing"] > 1) {
1600 echo "<li>Removing $path ... ";
1601 $Q_post["post_status"] = "trash";
1602 if (wp_update_post($Q_post)) {
1603 echo __("Done!",'gotmls');
1604 $li_js .= "/*-->*"."/\nDeletedFile('$clean_file');\n/*<!--*"."/";
1605 } else {
1606 echo __("Failed to delete!",'gotmls');
1607 $li_js .= "/*-->*"."/\nfailedFile('$clean_file');\n/*<!--*"."/";
1608 }
1609 GOTMLS_update_scan_log(array("scan" => array("finish" => time(), "type" => "Removal from Quarantine")));
1610 } else {
1611 echo "<li>Restoring $path ... ";
1612 $Q_post["post_status"] = "pending";
1613 if (GOTMLS_file_put_contents($path, GOTMLS_decode($Q_post["post_content"])) && wp_update_post($Q_post)) {
1614 echo __("Complete!",'gotmls');
1615 $li_js .= "/*-->*"."/\nfixedFile('$clean_file');\n/*<!--*"."/";
1616 } else {
1617 echo __("Restore Failed!",'gotmls');
1618 $li_js .= "/*-->*"."/\nfailedFile('$clean_file');\n/*<!--*"."/";
1619 }
1620 GOTMLS_update_scan_log(array("scan" => array("finish" => time(), "type" => "Restoration from Quarantine")));
1621 }
1622 echo "</li>\n$li_js/*-->*"."/\n$callAlert\n</script>\n";
1623 $li_js = "<script type=\"text/javascript\">\n/*<!--*"."/";
1624 }//else print_r(array("i:$clean_file"=>$Q_post));
1625 } else {
1626 $path = realpath(GOTMLS_decode($clean_file));
1627 if (is_file($path)) {
1628 echo "<li>Fixing $path ... ";
1629 $li_js .= GOTMLS_scanfile($path);
1630 echo "</li>\n$li_js/*-->*"."/\n$callAlert\n//".$GLOBALS["GOTMLS"]["tmp"]["debug_fix"]."\n</script>\n";
1631 $li_js = "<script type=\"text/javascript\">\n/*<!--*"."/";
1632 } else
1633 echo "<li>".__("File ".htmlentities($path)." not found!",'gotmls')."</li>";
1634 GOTMLS_update_scan_log(array("scan" => array("finish" => time(), "type" => "Automatic Fix")));
1635 }
1636 }
1637 $nonce = GOTMLS_set_nonce(__FUNCTION__."1593");
1638 die('<div id="check_site_warning" style="background-color: #F00;">'.sprintf(__("Because some changes were made we need to check to make sure it did not break your site. If this stays Red and the frame below does not load please <a %s>revert the changes</a> made during this automated fix process.",'gotmls'), 'href="'.GOTMLS_images_path.'?page=GOTMLS-View-Quarantine&'.$nonce.'"').' <span style="color: #F00;">'.__("Never mind, it worked!",'gotmls').'</span></div><br /><iframe id="test_frame" name="test_frame" src="'.admin_url('admin.php?page=GOTMLS-settings&check_site=1&'.$nonce).'" style="width: 100%; height: 200px"></iframe>'.$li_js."/*-->*"."/\nalert_repaired(0);\n</script>\n$HTML[1]");
1639 } else
1640 die(GOTMLS_html_tags(array("html" => array("body" => "<script type=\"text/javascript\">\nwindow.parent.showhide('GOTMLS_iFrame', true);\nalert('".__("Nothing Selected to be Changed!",'gotmls')."');\n</script>".__("Done!",'gotmls')))));
1641 } else
1642 die(GOTMLS_html_tags(array("html" => array("body" => "<script type=\"text/javascript\">\nwindow.parent.showhide('GOTMLS_iFrame', true);\nalert('".GOTMLS_Invalid_Nonce("")."');\n</script>".__("Done!",'gotmls')))));
1643 }
1644 add_action('wp_ajax_GOTMLS_fix', 'GOTMLS_ajax_fix');
1645
1646 function GOTMLS_ajax_scan() {
1647 if (GOTMLS_get_nonce()) {
1648 @error_reporting(0);
1649 if (isset($_GET["GOTMLS_scan"])) {
1650 @set_time_limit($GLOBALS["GOTMLS"]["tmp"]['execution_time'] - 5);
1651 if (is_numeric($_GET["GOTMLS_scan"])) {
1652 if (($Q_post = GOTMLS_get_quarantine($_GET["GOTMLS_scan"])) && isset($Q_post["post_type"]) && $Q_post["post_type"] == "GOTMLS_quarantine" && isset($Q_post["post_status"]) && $Q_post["post_status"] == "private") {
1653 $clean_file = $Q_post["post_title"];
1654 $GLOBALS["GOTMLS"]["tmp"]["file_contents"] = GOTMLS_decode($Q_post["post_content"]);
1655 $fa = "";
1656 $function = 'GOTMLS_decode';
1657 if (isset($_GET[$function]) && is_array($_GET[$function])) {
1658 foreach ($_GET[$function] as $decode) {
1659 $fa .= " NO-$decode";
1660 }
1661 } elseif (isset($Q_post["post_excerpt"]) && strlen($Q_post["post_excerpt"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["threats_found"] = @maybe_unserialize(GOTMLS_decode($Q_post["post_excerpt"])))) {
1662 $f = 1;
1663 //print_r(array("excerpt:"=>$GLOBALS["GOTMLS"]["tmp"]["threats_found"]));
1664 foreach ($GLOBALS["GOTMLS"]["tmp"]["threats_found"] as $threats_found => $threats_name) {
1665 list($start, $end, $junk) = explode("-", "$threats_found--", 3);
1666 if (strlen($end) > 0 && is_numeric($start) && is_numeric($end)) {
1667 if ($start < $end)
1668 $fa .= ' <a title="'.htmlspecialchars($threats_name).'" href="javascript:select_text_range(\'ta_file\', '.$start.', '.$end.');">['.$f++.']</a>';
1669 else
1670 $fa .= ' <a title="'.htmlspecialchars($threats_name).'" href="javascript:select_text_range(\'ta_file\', '.$end.', '.$start.');">['.$f++.']</a>';
1671 } else {
1672 if (is_numeric($threats_found)) {
1673 $threats_found = $threats_name;
1674 $threats_name = $f;
1675 }
1676 $fpos = 0;
1677 $flen = 0;
1678 $potential_threat = str_replace("\r", "", $threats_found);
1679 while (($fpos = strpos(str_replace("\r", "", $GLOBALS["GOTMLS"]["tmp"]["file_contents"]), ($potential_threat), $flen + $fpos)) !== false) {
1680 $flen = strlen($potential_threat);
1681 $fa .= ' <a title="'.htmlspecialchars($threats_name).'" href="javascript:select_text_range(\'ta_file\', '.($fpos).', '.($fpos + $flen).');">['.$f++.']</a>';
1682 }
1683 }
1684 }
1685 } //else echo "excerpt:".$Q_post["post_excerpt"];
1686 // foreach ($decode_list as $decode => $regex) if (preg_match($regex.substr($GLOBALS["GOTMLS"]["tmp"]["default_ext"], 0, 1), $GLOBALS["GOTMLS"]["tmp"]["file_contents"])) $fa .= ' <a href="'.GOTMLS_script_URI.'&'.$function.'[]='.$decode.'">decode['.$decode.']</a>';
1687 die("\n".'<script type="text/javascript">
1688 function select_text_range(ta_id, start, end) {
1689 var textBox = document.getElementById(ta_id);
1690 var scrolledText = "";
1691 scrolledText = textBox.value.substring(0, end);
1692 textBox.focus();
1693 if (textBox.setSelectionRange) {
1694 scrolledText = textBox.value.substring(end);
1695 textBox.value = textBox.value.substring(0, end);
1696 textBox.scrollTop = textBox.scrollHeight;
1697 textBox.value = textBox.value + scrolledText;
1698 textBox.setSelectionRange(start, end);
1699 } else if (textBox.createTextRange) {
1700 var range = textBox.createTextRange();
1701 range.collapse(true);
1702 range.moveStart("character", start);
1703 range.moveEnd("character", end);
1704 range.select();
1705 } else
1706 alert("The highlighting function does not work in your browser");
1707 }
1708 window.parent.showhide("GOTMLS_iFrame", true);
1709 </script><table style="top: 0px; left: 0px; width: 100%; height: 100%; position: absolute;"><tr><td style="width: 100%"><form style="margin: 0;" method="post" action="'.admin_url('admin-ajax.php?'.GOTMLS_set_nonce(__FUNCTION__."1522")).'" onsubmit="return confirm(\''.__("Are you sure you want to delete this file from the quarantine?",'gotmls').'\');"><input type="hidden" name="GOTMLS_fix[]" value="'.$Q_post["ID"].'"><input type="hidden" name="GOTMLS_fixing" value="2"><input type="hidden" name="action" value="GOTMLS_fix"><input type="submit" value="DELETE from Quarantine" style="background-color: #C00; float: right;"></form><div id="fileperms" class="shadowed-box rounded-corners" style="display: none; position: absolute; left: 8px; top: 29px; background-color: #ccc; border: medium solid #C00; box-shadow: -3px 3px 3px #666; border-radius: 10px; padding: 10px;"><b>File Details</b><br />encoding: '.(function_exists("mb_detect_encoding")?mb_detect_encoding($GLOBALS["GOTMLS"]["tmp"]["file_contents"]):"Unknown").'<br />size: '.strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]).' bytes<br />infected:'.$Q_post["post_modified_gmt"].'<br />quarantined:'.$Q_post["post_date_gmt"].'</div><div style="overflow: auto;"><span onmouseover="document.getElementById(\'fileperms\').style.display=\'block\';" onmouseout="document.getElementById(\'fileperms\').style.display=\'none\';">'.__("File Details:",'gotmls').'</span> ('.$fa.' )</div></td></tr><tr><td style="height: 100%"><textarea id="ta_file" style="width: 100%; height: 100%">'.htmlentities(str_replace("\r", "", $GLOBALS["GOTMLS"]["tmp"]["file_contents"])).'</textarea></td></tr></table>');
1710 } else
1711 die(GOTMLS_html_tags(array("html" => array("body" => __("This file no longer exists in the quarantine.",'gotmls')."<br />\n<script type=\"text/javascript\">\nwindow.parent.showhide('GOTMLS_iFrame', true);\n</script>"))));
1712 } else {
1713 $file = GOTMLS_decode($_GET["GOTMLS_scan"]);
1714 if (is_dir($file)) {
1715 @error_reporting(0);
1716 @header("Content-type: text/javascript");
1717 if (isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"]))
1718 $GLOBALS["GOTMLS"]["tmp"]["skip_ext"] = $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"];
1719 @ob_start();
1720 echo GOTMLS_scandir($file);
1721 if (@ob_get_level()) {
1722 GOTMLS_flush();
1723 @ob_end_flush();
1724 }
1725 die('//END OF JavaScript');
1726 } else {
1727 if (!file_exists($file))
1728 die(GOTMLS_html_tags(array("html" => array("body" => sprintf(__("The file %s does not exist, it must have already been deleted.",'gotmls'), htmlspecialchars($file))."<script type=\"text/javascript\">\nwindow.parent.showhide('GOTMLS_iFrame', true);\n</script>"))));
1729 else {
1730 GOTMLS_scanfile($file);
1731 $fa = "";
1732 $function = 'GOTMLS_decode';
1733 if (isset($_GET[$function]) && is_array($_GET[$function])) {
1734 foreach ($_GET[$function] as $decode) {
1735 $fa .= " NO-$decode";
1736 }
1737 } elseif (isset($GLOBALS["GOTMLS"]["tmp"]["threats_found"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["threats_found"]) && count($GLOBALS["GOTMLS"]["tmp"]["threats_found"])) {
1738 $f = 1;
1739 foreach ($GLOBALS["GOTMLS"]["tmp"]["threats_found"] as $threats_found=>$threats_name) {
1740 list($start, $end, $junk) = explode("-", "$threats_found--", 3);
1741 if ($start > $end)
1742 $fa .= 'ERROR['.($f++).']: Threat_size{'.$threats_found.'} Content_size{'.strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]).'}';
1743 else
1744 $fa .= ' <a title="'.htmlspecialchars($threats_name).'" href="javascript:select_text_range(\'ta_file\', '.$start.', '.$end.');">['.$f++.']</a>';
1745 }
1746 } else
1747 $fa = " No Threats Found";
1748 // foreach ($decode_list as $decode => $regex) if (preg_match($regex.substr($GLOBALS["GOTMLS"]["tmp"]["default_ext"], 0, 1), $GLOBALS["GOTMLS"]["tmp"]["file_contents"])) $fa .= ' <a href="'.GOTMLS_script_URI.'&'.$function.'[]='.$decode.'">decode['.$decode.']</a>';
1749 die("\n".'<script type="text/javascript">
1750 function select_text_range(ta_id, start, end) {
1751 var textBox = document.getElementById(ta_id);
1752 var scrolledText = "";
1753 scrolledText = textBox.value.substring(0, end);
1754 textBox.focus();
1755 if (textBox.setSelectionRange) {
1756 scrolledText = textBox.value.substring(end);
1757 textBox.value = textBox.value.substring(0, end);
1758 textBox.scrollTop = textBox.scrollHeight;
1759 textBox.value = textBox.value + scrolledText;
1760 textBox.setSelectionRange(start, end);
1761 } else if (textBox.createTextRange) {
1762 var range = textBox.createTextRange();
1763 range.collapse(true);
1764 range.moveStart("character", start);
1765 range.moveEnd("character", end);
1766 range.select();
1767 } else
1768 alert("The highlighting function does not work in your browser");
1769 }
1770 window.parent.showhide("GOTMLS_iFrame", true);
1771 </script><table style="top: 0px; left: 0px; width: 100%; height: 100%; position: absolute;"><tr><td style="width: 100%"><form style="margin: 0;" method="post" action="'.admin_url('admin-ajax.php?'.GOTMLS_set_nonce(__FUNCTION__."1583")).'" onsubmit="return confirm(\''.__("Are you sure this file is not infected and you want to ignore it in future scans?",'gotmls').'\');"><input type="hidden" name="GOTMLS_whitelist" value="'.GOTMLS_encode($file).'"><input type="hidden" name="action" value="GOTMLS_whitelist"><input type="hidden" name="GOTMLS_chksum" value="'.md5($GLOBALS["GOTMLS"]["tmp"]["file_contents"]).'O'.GOTMLS_installation_key.'"><input type="submit" value="Whitelist this file" style="float: right;"></form><div id="fileperms" class="shadowed-box rounded-corners" style="display: none; position: absolute; left: 8px; top: 29px; background-color: #ccc; border: medium solid #C00; box-shadow: -3px 3px 3px #666; border-radius: 10px; padding: 10px;"><b>File Details: '.htmlspecialchars(basename($file)).'</b><br />in: '.dirname(realpath($file)).'<br />encoding: '.(function_exists("mb_detect_encoding")?mb_detect_encoding($GLOBALS["GOTMLS"]["tmp"]["file_contents"]):"Unknown").'<br />size: '.strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]).' ('.filesize(realpath($file)).'bytes)<br />permissions: '.GOTMLS_fileperms(realpath($file)).'<br />Owner/Group: '.fileowner(realpath($file)).'/'.filegroup(realpath($file)).' (you are: '.getmyuid().'/'.getmygid().')<br />modified:'.date(" Y-m-d H:i:s ", filemtime(realpath($file))).'<br />changed:'.date(" Y-m-d H:i:s ", filectime(realpath($file))).'</div><div style="overflow: auto;"><span onmouseover="document.getElementById(\'fileperms\').style.display=\'block\';" onmouseout="document.getElementById(\'fileperms\').style.display=\'none\';">'.__("Potential threats in file:",'gotmls').'</span> ('.$fa.' )</div></td></tr><tr><td style="height: 100%"><textarea id="ta_file" style="width: 100%; height: 100%">'.htmlentities(str_replace("\r", "", $GLOBALS["GOTMLS"]["tmp"]["file_contents"])).'</textarea></td></tr></table>');
1772 }
1773 }
1774 }
1775 } else
1776 die("\n//Directory Error: Nothing to scan!\n");
1777 } else {
1778 if (isset($_GET["GOTMLS_scan"]) && is_dir(GOTMLS_decode($_GET["GOTMLS_scan"])))
1779 @header("Content-type: text/javascript");
1780 die(GOTMLS_Invalid_Nonce("\n//Ajax Scan Error: ")."\n");
1781 }
1782 }
1783 add_action('wp_ajax_GOTMLS_scan', 'GOTMLS_ajax_scan');
1784
1785 function GOTMLS_ajax_nopriv() {
1786 die("\n//Permission Error: User not authenticated!\n");
1787 }
1788 add_action('wp_ajax_nopriv_GOTMLS_scan', 'GOTMLS_ajax_nopriv');
1789 add_action('wp_ajax_nopriv_GOTMLS_position', 'GOTMLS_ajax_nopriv');
1790 add_action('wp_ajax_nopriv_GOTMLS_fix', 'GOTMLS_ajax_nopriv');
1791 add_action('wp_ajax_nopriv_GOTMLS_whitelist', 'GOTMLS_ajax_nopriv');
1792 add_action('wp_ajax_nopriv_GOTMLS_empty_trash', 'GOTMLS_ajax_nopriv');
1793 add_action('wp_ajax_nopriv_GOTMLS_auto_update', 'GOTMLS_update_definitions');
1794
1795 add_action("plugins_loaded", "GOTMLS_loaded");
1796 add_action("admin_notices", "GOTMLS_admin_notices");
1797 add_action("admin_menu", "GOTMLS_menu");
1798 add_action("network_admin_menu", "GOTMLS_menu");
1799