PluginProbe ʕ •ᴥ•ʔ
Anti-Malware Security and Brute-Force Firewall / 4.23.56
Anti-Malware Security and Brute-Force Firewall v4.23.56
4.23.90 trunk 1.2.03.23 1.3.02.15 3.07.06 4.14.47 4.15.16 4.16.17 4.17.28 4.17.29 4.17.44 4.17.57 4.17.58 4.17.68 4.17.69 4.18.52 4.18.62 4.18.63 4.18.69 4.18.71 4.18.74 4.18.76 4.19.44 4.19.50 4.19.68 4.19.69 4.20.59 4.20.72 4.20.92 4.20.93 4.20.94 4.20.95 4.20.96 4.21.74 4.21.83 4.21.84 4.21.85 4.21.86 4.21.87 4.21.88 4.21.89 4.21.90 4.21.91 4.21.92 4.21.93 4.21.94 4.21.95 4.21.96 4.23.56 4.23.57 4.23.67 4.23.68 4.23.69 4.23.71 4.23.73 4.23.77 4.23.81 4.23.83 4.23.85 4.23.87 4.23.88 4.23.89
gotmls / images / index.php
gotmls / images Last commit date
.htaccess 11 years ago ELI-16x16.gif 14 years ago GOTMLS-16x16.gif 12 years ago blocked.gif 14 years ago btn_donateCC_WIDE.gif 13 years ago checked.gif 14 years ago index.php 2 years ago question.gif 13 years ago threat.gif 13 years ago wait.gif 14 years ago
index.php
2185 lines
1 <?php
2 /**
3 * GOTMLS Plugin Global Variables and Functions
4 * @package GOTMLS
5 */
6
7 function GOTMLS_define($DEF, $val) {
8 if (!defined($DEF))
9 define($DEF, $val);
10 }
11
12 function GOTMLS_safe_ip($ip) {
13 return preg_replace('/[^0-9\.\:a-f]/i', "", $ip);
14 }
15
16 $file = basename(__FILE__);
17 GOTMLS_define("GOTMLS_local_images_path", substr(__FILE__, 0, strlen(__FILE__) - strlen($file)));
18 GOTMLS_define("GOTMLS_plugin_path", substr(dirname(__FILE__), 0, strlen(dirname(__FILE__)) - strlen(basename(dirname(__FILE__)))));
19 GOTMLS_define("GOTMLS_Version", '4.23.56');
20 GOTMLS_define("GOTMLS_require_version", "3.3");
21 GOTMLS_define("GOTMLS_REMOTEADDR", substr(GOTMLS_safe_ip(isset($_SERVER["HTTP_X_FORWARDED_FOR"])?$_SERVER["HTTP_X_FORWARDED_FOR"]:(isset($_SERVER["REMOTE_ADDR"])?$_SERVER["REMOTE_ADDR"]:microtime(true))), 0, 40));
22
23 if (!function_exists("__")) {
24 function __($text, $domain = "gotmls") {
25 return $text;
26 }}
27
28 GOTMLS_define("GOTMLS_Failed_to_list_LANGUAGE", __("Failed to list files in directory!",'gotmls'));
29 GOTMLS_define("GOTMLS_Run_Quick_Scan_LANGUAGE", __("Quick Scan",'gotmls'));
30 GOTMLS_define("GOTMLS_View_Quarantine_LANGUAGE", __("View Quarantine",'gotmls'));
31 GOTMLS_define("GOTMLS_View_Scan_Log_LANGUAGE", __("View Scan History",'gotmls'));
32 GOTMLS_define("GOTMLS_require_version_LANGUAGE", sprintf(__("This Plugin requires WordPress version %s or higher",'gotmls'), GOTMLS_require_version));
33 GOTMLS_define("GOTMLS_Scan_Settings_LANGUAGE", __("Scan Settings",'gotmls'));
34 GOTMLS_define("GOTMLS_Loading_LANGUAGE", __("Loading, Please Wait ...",'gotmls'));
35 GOTMLS_define("GOTMLS_Automatically_Fix_LANGUAGE", __("Automatically Fix SELECTED Files Now",'gotmls'));
36 GOTMLS_define("GOTMLS_position_msg", __("Default position",'gotmls'));
37
38 function GOTMLS_get_version($which = "") {
39 global $wp_version, $cp_version;
40 if (function_exists('classicpress_version'))
41 $match = array("GOTMLS_wp_version", "c", classicpress_version());
42 elseif (isset($cp_version) && ($cp_version))
43 $match = array("GOTMLS_wp_version", "c", $cp_version);
44 elseif (isset($wp_version) && ($wp_version))
45 $match = array("GOTMLS_wp_version", "w", "$wp_version");
46 elseif (!(is_file($file = ABSPATH."wp-includes/version.php") && ($contents = @file_get_contents($file)) && preg_match('/\n\$(c|w)p_version\s*=\s*[\'"]([0-9\.]+)/i', $contents, $match)))
47 $match = array("GOTMLS_wp_version", "w", "Unknown");
48 GOTMLS_define("GOTMLS_wp_version", $match[2]);
49 if ($which == "URL")
50 return 'ver='.GOTMLS_Version.'&'.$match[1].'p='.GOTMLS_wp_version;
51 else
52 return GOTMLS_wp_version;
53 }
54
55 function GOTMLS_load_contents($TXT, $default_encoding = "UTF-8") {
56 $encoding = "UTF-8";
57 if (!(function_exists("mb_detect_encoding") && ($encoding = mb_detect_encoding($TXT, $GLOBALS["GOTMLS"]["tmp"]["default_encodings"])) && in_array($encoding, array(
58 'UCS-4',
59 'UCS-4LE',
60 'UTF-32',
61 'UTF-32BE',
62 'UTF-32LE',
63 'UTF-16',
64 'UTF-16BE',
65 'UTF-16LE',
66 'UTF-8',
67 'utf8',
68 'ASCII',
69 'US-ASCII',
70 'EUC-JP',
71 'eucJP',
72 'x-euc-jp',
73 'SJIS',
74 'eucJP-win',
75 'SJIS-win',
76 'CP932',
77 'MS932',
78 'Windows-31J',
79 'ISO-8859-1',
80 'ISO-8859-2',
81 'ISO-8859-3',
82 'ISO-8859-4',
83 'ISO-8859-5',
84 'ISO-8859-6',
85 'ISO-8859-7',
86 'ISO-8859-8',
87 'ISO-8859-9',
88 'ISO-8859-10',
89 'ISO-8859-13',
90 'ISO-8859-14',
91 'ISO-8859-15',
92 'ISO-8859-16',
93 'EUC-CN',
94 'EUC_CN',
95 'eucCN',
96 'gb2312',
97 'EUC-TW',
98 'EUC_TW',
99 'eucTW',
100 'BIG-5',
101 'CN-BIG5',
102 'BIG-FIVE',
103 'BIGFIVE',
104 'EUC-KR',
105 'EUC_KR',
106 'eucKR',
107 'KOI8-R',
108 'KOI8R')
109 ))) {
110 if (substr($encoding, 0, 7) == 'Windows')
111 $encoding = 'ISO-8859-1';
112 else
113 $encoding = $default_encoding;
114 }
115 $GLOBALS["GOTMLS"]["tmp"]["file_contents"] = $TXT;
116 if (function_exists("mb_internal_encoding"))
117 mb_internal_encoding($encoding);
118 if (function_exists("mb_regex_encoding"))
119 mb_regex_encoding($encoding);
120 $GLOBALS["GOTMLS"]["tmp"]["encoding"] = $encoding;
121 return strlen(GOTMLS_convert_r($TXT));
122 }
123
124 function GOTMLS_htmlentities($TXT, $flags = ENT_COMPAT, $encoding = "ASCII") {
125 $prelen = strlen($TXT);
126 if ($prelen == 0)
127 return "";
128 if ($encoding == "ASCII")
129 $encoding = "UTF-8";
130 $encoded = htmlentities($TXT, $flags, $encoding);
131 if (strlen($encoded) == 0) {
132 $encoding = "ISO-8859-1";
133 $encoded = htmlentities($TXT, $flags, $encoding);
134 }
135 if (strlen($encoded) == 0)
136 $encoded = __("Failed to encode HTML entities!",'gotmls');
137 return $encoded;
138 }
139
140 function GOTMLS_htmlspecialchars($TXT, $flags = ENT_COMPAT, $encoding = "ASCII") {
141 $prelen = strlen($TXT);
142 if ($prelen == 0)
143 return "";
144 if ($encoding == "ASCII")
145 $encoding = "UTF-8";
146 $encoded = htmlspecialchars($TXT, $flags, $encoding);
147 if (strlen($encoded) == 0) {
148 $encoding = "ISO-8859-1";
149 $encoded = htmlspecialchars($TXT, $flags, $encoding);
150 }
151 if (strlen($encoded) == 0)
152 $encoded = __("Failed to encode HTML characters!",'gotmls');
153 return $encoded;
154 }
155
156 function GOTMLS_convert_r($r_str) {
157 if (function_exists("mb_ereg_replace"))
158 return mb_ereg_replace("\r", "", $r_str);
159 else
160 return preg_replace('/\r/', "", $r_str);
161 }
162
163 function GOTMLS_error_div($error_str, $class = "error") {
164 return GOTMLS_html_tags(array('div' => $error_str), array('div' => "class=\"$class\""));
165 }
166
167 function GOTMLS_uckserialize($unsafe_serialized) {
168 if (!(is_array($unsafe_serialized)) && (is_array($safe_unserialized = @unserialize(preg_replace('/[oc]:\d+:".*?":(\d+):\{/is', 'a:\1:{', $unsafe_serialized)))))
169 return $safe_unserialized;
170 return $unsafe_serialized;
171 }
172
173 if (!defined("ABSPATH")) {
174 define("ABSPATH", dirname(dirname(__FILE__)).'/safe-load/');
175 $root_path = dirname(ABSPATH);
176 while (strlen($root_path) > 1 && !is_file($root_path."/wp-config.php"))
177 $root_path = dirname($root_path);
178 if (is_file($root_path."/wp-config.php"))
179 include_once($root_path."/wp-config.php");
180 else
181 die("No wp-config!");
182 }
183
184 $bad = array("eval", "preg_replace", "auth_pass");
185 $GLOBALS["GOTMLS"] = array(
186 "MT" => microtime(true),
187 "tmp"=>array("debug_fix"=>"", "HeadersError"=>"", "onLoad"=>"", "file_contents"=>"", "new_contents"=>"", "threats_found"=>array(),
188 "base_page" => "GOTMLS-settings",
189 "pluginTitle" => "Anti-Malware",
190 "default_encodings" => array('UTF-8', 'ISO-8859-1', 'windows-1252'),
191 "skip_dirs" => array(".", ".."), "scanfiles" => array(), "nonce"=>array(),
192 "mt" => ((isset($_REQUEST["mt"])&&strlen($_REQUEST["mt"])==32)?$_REQUEST["mt"]:md5(microtime(true))),
193 "threat_files" => array("htaccess"=>".htaccess","timthumb"=>"thumb.php"),
194 "threat_levels" => array(__("Database Injections",'gotmls')=>"db_scan",__("htaccess Threats",'gotmls')=>"htaccess",__("TimThumb Exploits",'gotmls')=>"timthumb",__("Known Threats",'gotmls')=>"known",__("Core File Changes",'gotmls')=>"wp_core",__("Potential Threats",'gotmls')=>"potential"),
195 "apache" => array(),
196 "skip_ext"=>array("png", "jpg", "jpeg", "gif", "bmp", "tif", "tiff", "psd", "svg", "webp", "doc", "docx", "ttf", "fla", "flv", "mov", "mp3", "pdf", "css", "pot", "po", "mo", "so", "exe", "zip", "7z", "gz", "rar"),
197 "execution_time" => 60,
198 "default" => array("msg_position" => array("80px", "40px", "400px", "600px")),
199 "Definition" => array("Default" => "CCIGG"),
200 "definitions_array" => array(
201 "potential" => array(
202 $bad[0] => array("CCIGG", "/[^a-z_\\/'\"]".$bad[0]."\\(.+\\)+\\s*;/i"),
203 $bad[1]." /e" => array("CCIGG", "/".$bad[1]."[\\s*\\(]+(['\"])([\\!\\/\\#\\|\\@\\%\\^\\*\\~]).+?\\2[imsx]*e[imsx]*\\1\\s*,[^,]+,[^\\)]+[\\);\\s]+/i"),
204 $bad[2] => array("CCIGG", "/\\\$".$bad[2]."\\s*=.+;/i"),
205 "function add_action wp_enqueue_script json2" => array("CCIGG", "/json2\\.min\\.js/i"),
206 "Tagged Code" => array("CCIGG", "/\\#(\\w+)\\#.+?\\#\\/\\1\\#/is"),
207 "protected by copyright" => array("CCIGG", "/\\/\\* This file is protected by copyright law and provided under license. Reverse engineering of this file is strictly prohibited. \\*\\//i")
208 )
209 )
210 )
211 );
212 if (isset($_SERVER["HTTP_HOST"]))
213 $SERVER_HTTP = 'HOST://'.GOTMLS_safe_domain($_SERVER["HTTP_HOST"]);
214 elseif (isset($_SERVER["SERVER_NAME"]))
215 $SERVER_HTTP = 'NAME://'.GOTMLS_safe_domain($_SERVER["SERVER_NAME"]);
216 elseif (isset($_SERVER["SERVER_ADDR"]))
217 $SERVER_HTTP = 'ADDR://'.GOTMLS_safe_ip($_SERVER["SERVER_ADDR"]);
218 else
219 $SERVER_HTTP = "NULL://not.anything.com";
220 if (isset($_SERVER["SERVER_PORT"]) && $_SERVER["SERVER_PORT"])
221 $SERVER_HTTP .= ":".GOTMLS_safe_ip($_SERVER["SERVER_PORT"]);
222 $SERVER_parts = explode(":", $SERVER_HTTP.":");
223 if ((isset($_SERVER["HTTPS"]) && ($_SERVER["HTTPS"] == "on" || $_SERVER["HTTPS"] == 1)) || (count($SERVER_parts) > 2 && $SERVER_parts[2] == "443"))
224 $GLOBALS["GOTMLS"]["tmp"]["protocol"] = "https:";
225 else
226 $GLOBALS["GOTMLS"]["tmp"]["protocol"] = "http:";
227 GOTMLS_define("GOTMLS_script_URI", preg_replace('/\&(last_)?mt=[0-9\.a-f]+/i', '', str_replace('&amp;', '&', GOTMLS_htmlspecialchars($_SERVER["REQUEST_URI"], ENT_QUOTES))).'&mt='.$GLOBALS["GOTMLS"]["tmp"]["mt"]);
228 GOTMLS_define("GOTMLS_plugin_home", "https://gotmls.net/");
229 if (function_exists("plugins_url"))
230 GOTMLS_define("GOTMLS_images_path", plugins_url('/', __FILE__));
231 elseif (function_exists("plugin_dir_url"))
232 GOTMLS_define("GOTMLS_images_path", plugin_dir_url(__FILE__));
233 elseif (isset($_SERVER["DOCUMENT_ROOT"]) && ($_SERVER["DOCUMENT_ROOT"]) && strlen($_SERVER["DOCUMENT_ROOT"]) < __FILE__ && substr(__FILE__, 0, strlen($_SERVER["DOCUMENT_ROOT"])) == $_SERVER["DOCUMENT_ROOT"])
234 GOTMLS_define("GOTMLS_images_path", substr(dirname(__FILE__), strlen($_SERVER["DOCUMENT_ROOT"])).'/');
235 elseif (isset($_SERVER["SCRIPT_FILENAME"]) && isset($_SERVER["DOCUMENT_ROOT"]) && ($_SERVER["DOCUMENT_ROOT"]) && strlen($_SERVER["DOCUMENT_ROOT"]) < strlen($_SERVER["SCRIPT_FILENAME"]) && substr($_SERVER["SCRIPT_FILENAME"], 0, strlen($_SERVER["DOCUMENT_ROOT"])) == $_SERVER["DOCUMENT_ROOT"])
236 GOTMLS_define("GOTMLS_images_path", substr(GOTMLS_safe_url(dirname($_SERVER["SCRIPT_FILENAME"])), strlen($_SERVER["DOCUMENT_ROOT"])).'/');
237 else
238 GOTMLS_define("GOTMLS_images_path", "/wp-content/plugins/gotmls/images/");
239
240 function GOTMLS_encode($unencoded_string, $post_encode = "") {
241 if (function_exists("base64_encode"))
242 $encoded_string = base64_encode($unencoded_string);
243 elseif (function_exists("mb_convert_encoding"))
244 $encoded_string = mb_convert_encoding($unencoded_string, "BASE64", "UTF-8");
245 else
246 $encoded_string = "Cannot encode: $unencoded_string function_exists: ";
247 $encoded_array = explode("=", $encoded_string."=");
248 $encoded_string = strtr($encoded_array[0], "+/0", "-_=").(count($encoded_array)-1);
249 if ($post_encode == "D")
250 $encoded_string = str_rot13($encoded_string).($post_encode);
251 return $encoded_string;
252 }
253
254 function GOTMLS_decode($encoded_string) {
255 if (strlen($encoded_string) > 1 && substr($encoded_string, -1) == "D")
256 $encoded_string = str_rot13(substr($encoded_string, 0, -1));
257 $tail = 0;
258 if (strlen($encoded_string) > 1 && is_numeric(substr($encoded_string, -1)) && substr($encoded_string, -1) > 0)
259 $tail = substr($encoded_string, -1) - 1;
260 else
261 $encoded_string .= "$tail";
262 $encoded_string = strtr(substr($encoded_string, 0, -1), "-_=", "+/0").str_repeat("=", $tail);
263 if (function_exists("base64_decode"))
264 return base64_decode($encoded_string, true);
265 elseif (function_exists("mb_convert_encoding"))
266 return mb_convert_encoding($encoded_string, "UTF-8", "BASE64");
267 else
268 return "Cannot decode: $encoded_string";
269 }
270
271 function GOTMLS_user_can() {
272 if (is_multisite())
273 $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"] = "manage_network";
274 elseif (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"]) || $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"] == "manage_network")
275 $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"] = "activate_plugins";
276 if (current_user_can($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"]))
277 return true;
278 else
279 return false;
280 }
281
282 function GOTMLS_update_option($index, $value = array()) {
283 return update_option('GOTMLS_'.$index.'_blob', GOTMLS_encode(serialize($value)));
284 }
285
286 function GOTMLS_get_option($index, $value = array()) {
287 if (is_array($tmp = get_option('GOTMLS_'.$index.'_array', array())) && count($tmp)) {
288 GOTMLS_update_option($index, $tmp);
289 delete_option('GOTMLS_'.$index.'_array');
290 } else
291 $tmp = $value;
292 return GOTMLS_uckserialize(GOTMLS_decode(get_option('GOTMLS_'.$index.'_blob', GOTMLS_encode(serialize($tmp)))));
293 }
294
295 $GOTMLS_chmod_file = (0644);
296 $GOTMLS_chmod_dir = (0755);
297 $GLOBALS["GOTMLS"]["tmp"]["nonce"] = GOTMLS_get_option('nonce', array());
298 $GLOBALS["GOTMLS"]["tmp"]["settings_array"] = get_option('GOTMLS_settings_array', array());
299 $GLOBALS["GOTMLS"]["tmp"]["definitions_array"] = GOTMLS_get_option('definitions', $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]);
300 GOTMLS_define("GOTMLS_siteurl", rtrim(get_option("siteurl", $GLOBALS["GOTMLS"]["tmp"]["protocol"].$SERVER_parts[1].((count($SERVER_parts) > 2 && ($SERVER_parts[2] == '80' || $SERVER_parts[2] == '443'))?"":":".$SERVER_parts[2])."/"), '\\/'));
301 GOTMLS_load_scanlog($GLOBALS["GOTMLS"]["tmp"]["mt"]);
302 if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"]))
303 $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"] = $GLOBALS["GOTMLS"]["tmp"]["threat_levels"];
304 if (!(isset($GLOBALS["GOTMLS"]["scan"]["log"]["settings"]) && is_array($GLOBALS["GOTMLS"]["scan"]["log"]["settings"])))
305 $GLOBALS["GOTMLS"]["scan"]["log"]["settings"] = $GLOBALS["GOTMLS"]["tmp"]["settings_array"];
306 GOTMLS_define("GOTMLS_installation_key", md5(GOTMLS_siteurl));
307 GOTMLS_define("GOTMLS_update_home", "//updates.gotmls.net/".GOTMLS_installation_key."/");
308
309 function GOTMLS_get_corefile_URL($path, $hash) {
310 if (strpos($URL = GOTMLS_get_version("URL"), '&cp='))
311 //$hash != md5($contents)."O".strlen($contents)
312 return 'http:'.GOTMLS_update_home.'cp_core.php?'.$URL.'&f='.GOTMLS_encode($path)."&h=$hash&ts=".gmdate("YmdHis").'&d='.rawurlencode(GOTMLS_siteurl);
313 else
314 return "http://core.svn.wordpress.org/tags/".GOTMLS_wp_version."$path";
315 }
316
317 function GOTMLS_Invalid_Nonce($pre = "//Error: ") {
318 return $pre.__("Invalid or expired Nonce Token!",'gotmls').(isset($_REQUEST["GOTMLS_mt"])?(" (".GOTMLS_htmlspecialchars($_REQUEST["GOTMLS_mt"]).((strlen($_REQUEST["GOTMLS_mt"]) == 32)?(isset($GLOBALS["GOTMLS"]["tmp"]["nonce"][$_REQUEST["GOTMLS_mt"]]["hour"])?GOTMLS_htmlspecialchars($GLOBALS["GOTMLS"]["tmp"]["nonce"][$_REQUEST["GOTMLS_mt"]]["hour"]):" !found)"):" !len[".strlen($_REQUEST["GOTMLS_mt"])."])")):" (GOTMLS_mt !set)").__("Refresh and try again?",'gotmls');
319 }
320
321 function GOTMLS_set_nonce($context = "NULL") {
322 $hour = (int) round(round($GLOBALS["GOTMLS"]["MT"]/60)/60);
323 $uid = GOTMLS_get_current_user_id(GOTMLS_REMOTEADDR);
324 $transient_name = md5(substr(number_format(microtime(true), 9, '-', '/'), 6).GOTMLS_installation_key.GOTMLS_plugin_path.$context.$uid);
325 if (isset($GLOBALS["GOTMLS"]["tmp"]["nonce"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["nonce"])) {
326 foreach ($GLOBALS["GOTMLS"]["tmp"]["nonce"] as $nonce_key => $token) {
327 if ((!(is_array($token) && isset($token["hour"]) && is_numeric($token["hour"]))) || (($token["hour"] > $hour) || (($token["hour"] + 24) < $hour)))
328 unset($GLOBALS["GOTMLS"]["tmp"]["nonce"][$nonce_key]);
329 elseif (is_array($token) && isset($token["hour"]) && isset($token["user"]) && isset($token["context"]) && ($token["hour"] == $hour) && ($token["user"] == $uid) && ($token["context"] == $context))
330 $transient_name = $nonce_key;
331 }
332 }
333 if (!isset($GLOBALS["GOTMLS"]["tmp"]["nonce"][$transient_name])) {
334 $GLOBALS["GOTMLS"]["tmp"]["nonce"][$transient_name] = array("hour" => $hour, "user" => $uid, "context" => $context);
335 if (!GOTMLS_update_option('nonce', $GLOBALS["GOTMLS"]["tmp"]["nonce"]))
336 return (GOTMLS_sanitize($context)."=DB-err:".rawurlencode(preg_replace('/[\r\n]+/', " ", print_r($GLOBALS["GOTMLS"]["tmp"]["nonce"],1).$wpdb->last_error)));
337 }
338 return 'GOTMLS_mt='.rawurlencode($transient_name);
339 }
340
341 function GOTMLS_get_nonce($context = "") {
342 $return = false;
343 if (isset($_REQUEST["GOTMLS_mt"])) {
344 $uid = GOTMLS_get_current_user_id(GOTMLS_REMOTEADDR);
345 if (isset($_POST["GOTMLS_mt"]) && (strlen($_POST["GOTMLS_mt"]) == 32) && isset($GLOBALS["GOTMLS"]["tmp"]["nonce"][$_POST["GOTMLS_mt"]]))
346 $token = $GLOBALS["GOTMLS"]["tmp"]["nonce"][$_POST["GOTMLS_mt"]];
347 elseif (isset($_GET["GOTMLS_mt"]) && (strlen($_GET["GOTMLS_mt"]) == 32) && isset($GLOBALS["GOTMLS"]["tmp"]["nonce"][$_GET["GOTMLS_mt"]]))
348 $token = $GLOBALS["GOTMLS"]["tmp"]["nonce"][$_GET["GOTMLS_mt"]];
349 if (is_array($token) && isset($token["hour"]) && isset($token["user"]) && isset($token["context"])) {
350 if (strlen($context) && ($context != $token["context"]))
351 $return = null;
352 elseif ($uid == $token["user"])
353 $return = (INT) $token["hour"];
354 else
355 $return = 0;
356 } else
357 $return = "";
358 }
359 return $return;
360 }
361
362 function GOTMLS_fileperms($file) {
363 if ($prm = @fileperms($file)) {
364 if (($prm & 0xC000) == 0xC000)
365 $ret = "s";
366 elseif (($prm & 0xA000) == 0xA000)
367 $ret = "l";
368 elseif (($prm & 0x8000) == 0x8000)
369 $ret = "-";
370 elseif (($prm & 0x6000) == 0x6000)
371 $ret = "b";
372 elseif (($prm & 0x4000) == 0x4000)
373 $ret = "d";
374 elseif (($prm & 0x2000) == 0x2000)
375 $ret = "c";
376 elseif (($prm & 0x1000) == 0x1000)
377 $ret = "p";
378 else
379 $ret = "u";
380 $ret .= (($prm & 0x0100)?"r":"-").(($prm & 0x0080)?"w":"-");
381 $ret .= (($prm & 0x0040)?(($prm & 0x0800)?"s":"x" ):(($prm & 0x0800)?"S":"-"));
382 $ret .= (($prm & 0x0020)?"r":"-").(($prm & 0x0010)?"w":"-");
383 $ret .= (($prm & 0x0008)?(($prm & 0x0400)?"s":"x" ):(($prm & 0x0400)?"S":"-"));
384 $ret .= (($prm & 0x0004)?"r":"-").(($prm & 0x0002)?"w":"-");
385 $ret .= (($prm & 0x0001)?(($prm & 0x0200)?"t":"x" ):(($prm & 0x0200)?"T":"-"));
386 return $ret;
387 } else
388 return "stat failed!";
389 }
390
391 function GOTMLS_file_details($file) {
392 return '<div id="file_details_'.md5($file).'" class="shadowed-box rounded-corners" style="display: none; position: absolute; left: 8px; top: 29px; background-color: #ccc; border: medium solid #C00; box-shadow: -3px 3px 3px #666; border-radius: 10px; padding: 10px;"><b>File Details: '.GOTMLS_htmlspecialchars(basename($file)).'</b><br />in: '.dirname(realpath($file)).'<br />size: '.filesize(realpath($file)).' ( '.ceil(strlen(GOTMLS_htmlspecialchars($GLOBALS["GOTMLS"]["tmp"]["file_contents"]))/1024).' KB )<br />encoding: '.(isset($GLOBALS["GOTMLS"]["tmp"]["encoding"])?$GLOBALS["GOTMLS"]["tmp"]["encoding"]:(function_exists("mb_detect_encoding")?mb_detect_encoding($GLOBALS["GOTMLS"]["tmp"]["file_contents"]):"Unknown")).'<br />permissions: '.GOTMLS_fileperms(realpath($file)).'<br />Owner/Group: '.fileowner(realpath($file)).'/'.filegroup(realpath($file)).' (you are: '.getmyuid().'/'.getmygid().')<br />modified:'.gmdate(" Y-m-d H:i:s ", filemtime(realpath($file))).'<br />changed:'.gmdate(" Y-m-d H:i:s ", filectime(realpath($file))).'</div>';
393 }
394
395 function GOTMLS_esc_url($url) {
396 if ("" === trim($url))
397 return "";
398 $original_url = $url;
399 $url = str_replace(' ', '%20', ltrim($url));
400 $url = preg_replace('|[^a-z0-9-~+_.?#=!&;,/:%@$\|*\'()\[\]\\x80-\\xff]|i', '', $url);
401 $url = wp_kses_normalize_entities($url);
402 $url = str_replace('&amp;', '&#038;', $url);
403 $url = str_replace("'", '&#039;', $url);
404 if ((false !== strpos($url, '[')) || (false !== strpos($url, ']'))) {
405 $end_dirty = preg_replace('/^([fhtps]+\:)?\/\/([^\@]+\@)*[^\/]++/i', '', $url);
406 $end_clean = str_replace(array('[', ']'), array('%5B', '%5D'), $end_dirty);
407 $url = str_replace($end_dirty, $end_clean, $url);
408 }
409 return $url;
410 }
411
412 function GOTMLS_admin_url($action, $url = '') {
413 $return = admin_url("admin-ajax.php?action=$action");
414 foreach (array('eli', 'GOTMLS_debug') as $pass_on)
415 if (isset($_GET["$pass_on"]))
416 $return .= "&$pass_on=".GOTMLS_esc_url($_GET["$pass_on"]);
417 return ("$return&$url");
418 }
419
420 function GOTMLS_close_button($box_id, $margin = '6px') {
421 return '<a href="javascript:void(0);" style="float: right; color: #F00; overflow: hidden; width: 20px; height: 20px; text-decoration: none; margin: '.$margin.'" onclick="showhide(\''.$box_id.'\');"><span class="dashicons dashicons-dismiss"></span>X</a>';
422 }
423
424 function GOTMLS_get_styles($pre_style = '<style>') {
425 $head_nonce = GOTMLS_set_nonce(__FUNCTION__."316");
426 return $pre_style.'
427 span.GOTMLS_date {float: right; width: 130px; white-space: nowrap;}
428 .GOTMLS_page {float: left; border-radius: 10px; padding: 0 5px;}
429 .GOTMLS_quarantine_item {margin: 4px 12px;}
430 .rounded-corners {margin: 10px; border-radius: 10px; -moz-border-radius: 10px; -webkit-border-radius: 10px; border: 1px solid #000;}
431 .shadowed-box {box-shadow: -3px 3px 3px #666; -moz-box-shadow: -3px 3px 3px #666; -webkit-box-shadow: -3px 3px 3px #666;}
432 .sidebar-box {background-color: #CCC;}
433 iframe {border: 0;}
434 .GOTMLS-scanlog li a {display: none;}
435 .GOTMLS-scanlog li:hover a {display: block;}
436 .GOTMLS-sidebar-links {list-style: none;}
437 .GOTMLS-sidebar-links li img {margin: 3px; height: 16px; vertical-align: middle;}
438 .GOTMLS-sidebar-links li {margin-bottom: 0 !important;}
439 .popup-box {background-color: #FFC; display: none; position: absolute; left: 0px; z-index: 10;}
440 .shadowed-text {text-shadow: #00F -1px 1px 1px;}
441 .sub-option {float: left; margin: 3px 5px;}
442 .inside {margin: 10px; position: relative;}
443 .GOTMLS_li, .GOTMLS_plugin li {list-style: none;}
444 .GOTMLS_plugin {margin: 5px; background: #cfc; border: 1px solid #0C0; padding: 0 5px; border-radius: 3px;}
445 .GOTMLS_plugin.known, .GOTMLS_plugin.db_scan, .GOTMLS_plugin.htaccess, .GOTMLS_plugin.timthumb, .GOTMLS_plugin.errors {background: #f99; border: 1px solid #f00;}
446 .GOTMLS_plugin.potential, .GOTMLS_plugin.wp_core, .GOTMLS_plugin.skipdirs, .GOTMLS_plugin.skipped {background: #ffc; border: 1px solid #fc6;}
447 .GOTMLS ul li {margin-left: 12px;}
448 .GOTMLS h2 {margin: 0 0 10px;}
449 .postbox {margin-right: 10px; line-height: 1.4; font-size: 13px;}
450 #pastDonations li {list-style: none;}
451 #quarantine_buttons {margin: 0px; padding: 0px;}
452 #quarantine_buttons input.button-primary {margin-right: 20px;}
453 #reclean_buttons {
454 color: #a00;
455 min-height: 32px;
456 border-top: solid 2px black;
457 padding-top: 10px;
458 }
459 #reclean_buttons input.button-primary {float: right;}
460 #delete_button {
461 background-color: #C33;
462 color: #FFF;
463 background-image: linear-gradient(to bottom, #C22, #933);
464 border-color: #933 #933 #900;
465 box-shadow: 0 1px 0 rgba(230, 120, 120, 0.5) inset;
466 text-decoration: none; text-shadow: 0 1px 0 rgba(0, 0, 0, 0.1);
467 margin-top: 10px;
468 }
469 #main-page-title {
470 background: url("https://secure.gravatar.com/avatar/5feb789dd3a292d563fea3b885f786d6?s=64") no-repeat scroll 0 0 transparent;
471 height: 64px;
472 line-height: 58px;
473 margin: 10px 0 0 0;
474 max-width: 600px;
475 padding: 0 110px 0 84px;
476 }
477 #main-page-title h1 {
478 background: url("https://secure.gravatar.com/avatar/8151cac22b3fc543d099241fd573d176?s=64") no-repeat scroll top right transparent;
479 height: 64px;
480 line-height: 32px;
481 margin: 0;
482 padding: 0 84px 0 0;
483 display: table-cell;
484 text-align: center;
485 vertical-align: middle;
486 }
487 </style>
488 <div id="div_file" class="shadowed-box rounded-corners sidebar-box" style="padding: 0; display: none; position: fixed; top: '.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][1].'; left: '.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][0].'; width: '.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][3].'; height: '.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][2].'; border: solid #c00; z-index: 112358;"><table style="width: 100%; height: 100%;" cellspacing="0" cellpadding="0"><tr><td style="border-bottom: 1px solid #EEE; height: 32px;" colspan="2">'.GOTMLS_close_button("div_file").'<h3 onmousedown="grabDiv();" onmouseup="releaseDiv();" id="windowTitle" style="cursor: move; border-bottom: 0px none; z-index: 2345677; position: absolute; left: 0px; top: 0px; margin: 0px; padding: 6px; width: 90%; height: 20px;">'.GOTMLS_Loading_LANGUAGE.'</h3></td></tr><tr><td colspan="2" style="height: 100%"><div style="width: 100%; height: 100%; position: relative; padding: 0; margin: 0;" class="inside"><br /><br /><center><img src="'.GOTMLS_images_path.'wait.gif" height=16 width=16 alt="..."> '.GOTMLS_Loading_LANGUAGE.'<br /><br /><input type="button" onclick="showhide(\'GOTMLS_iFrame\', true);" value="'.__("If this is taking too long, click here.",'gotmls').'" class="button-primary" /></center><iframe id="GOTMLS_iFrame" name="GOTMLS_iFrame" style="top: 0px; left: 0px; position: absolute; width: 100%; height: 100%; background-color: #CCC;"></iframe></td></tr><tr><td style="height: 20px;"><iframe id="GOTMLS_statusFrame" name="GOTMLS_statusFrame" style="width: 100%; height: 20px; background-color: #CCC;"></iframe></div></td><td style="height: 20px; width: 20px;"><h3 id="cornerGrab" onmousedown="grabCorner();" onmouseup="releaseCorner();" style="cursor: move; height: 24px; width: 24px; margin: 0; padding: 0; z-index: 2345678; overflow: hidden; position: absolute; right: 0px; bottom: 0px;"><span class="dashicons dashicons-editor-expand"></span>&#8690;</h3></td></tr></table></div>
489 <script type="text/javascript">
490 function showhide(id) {
491 divx = document.getElementById(id);
492 if (divx) {
493 if (divx.style.display == "none" || arguments[1]) {
494 divx.style.display = "block";
495 divx.parentNode.className = (divx.parentNode.className+"close").replace(/close/gi,"");
496 return true;
497 } else {
498 divx.style.display = "none";
499 return false;
500 }
501 }
502 }
503 function checkAllFiles(check) {
504 var checkboxes = new Array();
505 checkboxes = document["GOTMLS_Form_clean"].getElementsByTagName("input");
506 for (var i=0; i<checkboxes.length; i++)
507 if (checkboxes[i].type == "checkbox" && (checkboxes[i].id.substring(0, 6) == "check_" || checkboxes[i].id.substring(0, 24) == "GOTMLS_quarantine_check_"))
508 checkboxes[i].checked = check;
509 }
510 function setvalAllFiles(val) {
511 var checkboxes = document.getElementById("GOTMLS_fixing");
512 if (checkboxes)
513 checkboxes.value = val;
514 }
515 function getWindowWidth(min) {
516 if (typeof window.innerWidth != "undefined" && window.innerWidth > min)
517 min = window.innerWidth;
518 else if (typeof document.documentElement != "undefined" && typeof document.documentElement.clientWidth != "undefined" && document.documentElement.clientWidth > min)
519 min = document.documentElement.clientWidth;
520 else if (typeof document.getElementsByTagName("body")[0].clientWidth != "undefined" && document.getElementsByTagName("body")[0].clientWidth > min)
521 min = document.getElementsByTagName("body")[0].clientWidth;
522 return min;
523 }
524 function getWindowHeight(min) {
525 if (typeof window.innerHeight != "undefined" && window.innerHeight > min)
526 min = window.innerHeight;
527 else if (typeof document.documentElement != "undefined" && typeof document.documentElement.clientHeight != "undefined" && document.documentElement.clientHeight > min)
528 min = document.documentElement.clientHeight;
529 else if (typeof document.getElementsByTagName("body")[0].clientHeight != "undefined" && document.getElementsByTagName("body")[0].clientHeight > min)
530 min = document.getElementsByTagName("body")[0].clientHeight;
531 return min;
532 }
533 function loadIframe(title) {
534 showhide("GOTMLS_iFrame", true);
535 showhide("GOTMLS_iFrame");
536 document.getElementById("windowTitle").innerHTML = title;
537 if (curDiv) {
538 windowW = getWindowWidth(200);
539 windowH = getWindowHeight(200);
540 if (windowW > 200)
541 windowW -= 30;
542 if (windowH > 200)
543 windowH -= 20;
544 if (px2num(curDiv.style.width) > windowW) {
545 curDiv.style.width = windowW + "px";
546 curDiv.style.left = "0px";
547 } else if ((px2num(curDiv.style.left) + px2num(curDiv.style.width)) > windowW) {
548 curDiv.style.left = (windowW - px2num(curDiv.style.width)) + "px";
549 }
550 if (px2num(curDiv.style.height) > windowH) {
551 curDiv.style.height = windowH + "px";
552 curDiv.style.top = "0px";
553 } else if ((px2num(curDiv.style.top) + px2num(curDiv.style.height)) > windowH) {
554 curDiv.style.top = (windowH - px2num(curDiv.style.height)) + "px";
555 }
556 if (px2num(curDiv.style.left) < 0)
557 curDiv.style.left = "0px";
558 if (px2num(curDiv.style.top)< 0)
559 curDiv.style.top = "0px";
560 }
561 showhide("div_file", true);
562 if (IE)
563 curDiv.scrollIntoView(true);
564 }
565 function cancelserver(divid) {
566 document.getElementById(divid).innerHTML = "<div class=\'error\'>'.GOTMLS_strip4java(__("No response from server!",'gotmls')).'</div>";
567 }
568 var stopCheckingDefinitions = 0;
569 function checkPrimaryUpdateServer() {
570 var updatescript = document.createElement("script");
571 if (arguments[0])
572 updatescript.setAttribute("src", pri_addr+arguments[0]);
573 else
574 updatescript.setAttribute("src", pri_addr);
575 if (divx = document.getElementById("Definition_Updates"))
576 divx.appendChild(updatescript);
577 return setTimeout(function() {stopCheckingDefinitions = checkAlternateUpdateServer();}, 15000);
578 }
579 function checkAlternateUpdateServer() {
580 var updatescript = document.createElement("script");
581 if (arguments[0])
582 updatescript.setAttribute("src", alt_addr+arguments[0]);
583 else
584 updatescript.setAttribute("src", alt_addr);
585 if (divx = document.getElementById("Definition_Updates"))
586 divx.appendChild(updatescript);
587 return setTimeout(function() {stopCheckingDefinitions = cancelserver("Definition_Updates");}, 15000);
588 }
589 function checkupdateserver(server) {
590 var updatescript = document.createElement("script");
591 updatescript.setAttribute("src", server);
592 if (divx = document.getElementById("GOTMLS_patch_searching"))
593 divx.appendChild(updatescript);
594 return setTimeout(function() {cancelserver("GOTMLS_patch_searching");}, '.(((INT) $GLOBALS["GOTMLS"]["tmp"]['execution_time'])+1).'000+3000);
595 }
596 var IE = document.all?true:false;
597 //if (!IE) document.addEventListener("mousemove", getMouseXY);
598 document.onmousemove = getMouseXY;
599 var offsetX = 0;
600 var offsetY = 0;
601 var offsetW = 0;
602 var offsetH = 0;
603 var curX = 0;
604 var curY = 0;
605 var curDiv;
606 function getMouseXY(e) {
607 if (IE) { // grab the mouse pos if browser is IE
608 curX = event.clientX + document.body.scrollLeft;
609 curY = event.clientY + document.body.scrollTop;
610 } else { // grab the mouse pos if browser is Not IE
611 curX = e.pageX - document.body.scrollLeft;
612 curY = e.pageY - document.body.scrollTop;
613 }
614 if (curX < 0) {curX = 0;}
615 if (curY < 0) {curY = 0;}
616 if (offsetX && curX > 10) {curDiv.style.left = (curX - offsetX)+"px";}
617 if (offsetY && (curY - offsetY) > 0) {curDiv.style.top = (curY - offsetY)+"px";}
618 if (offsetW && (curX - offsetW) > 360) {curDiv.style.width = (curX - offsetW)+"px";}
619 if (offsetH && (curY - offsetH) > 200) {curDiv.style.height = (curY - offsetH)+"px";}
620 return true;
621 }
622 function px2num(px) {
623 return parseInt(px.substring(0, px.length - 2), 10);
624 }
625 function setDiv(DivID) {
626 if (curDiv = document.getElementById(DivID)) {
627 if (IE)
628 curDiv.style.position = "absolute";
629 curDiv.style.left = "'.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][0].'";
630 curDiv.style.top = "'.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][1].'";
631 curDiv.style.height = "'.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][2].'";
632 curDiv.style.width = "'.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][3].'";
633 }
634 }
635 function grabDiv() {
636 corner = document.getElementById("windowTitle");
637 if (corner) {
638 corner.style.width="100%";
639 corner.style.height="100%";
640 }
641 offsetX=curX-px2num(curDiv.style.left);
642 offsetY=curY-px2num(curDiv.style.top);
643 }
644 function releaseDiv() {
645 corner = document.getElementById("windowTitle");
646 if (corner) {
647 corner.style.width="90%";
648 corner.style.height="20px";
649 }
650 document.getElementById("GOTMLS_statusFrame").src = "'.GOTMLS_admin_url('GOTMLS_position', ($GOTMLS_position_nonce = GOTMLS_set_nonce(GOTMLS_position_msg)).'&GOTMLS_x=').'"+curDiv.style.left+"&GOTMLS_y="+curDiv.style.top;
651 offsetX=0;
652 offsetY=0;
653 }
654 function grabCorner() {
655 corner = document.getElementById("cornerGrab");
656 if (corner) {
657 corner.style.width="100%";
658 corner.style.height="100%";
659 }
660 offsetW=curX-px2num(curDiv.style.width);
661 offsetH=curY-px2num(curDiv.style.height);
662 }
663 function releaseCorner() {
664 corner = document.getElementById("cornerGrab");
665 if (corner) {
666 corner.style.width="20px";
667 corner.style.height="20px";
668 }
669 document.getElementById("GOTMLS_statusFrame").src = "'.GOTMLS_admin_url('GOTMLS_position', $GOTMLS_position_nonce.'&GOTMLS_w=').'"+curDiv.style.width+"&GOTMLS_h="+curDiv.style.height;
670 offsetW=0;
671 offsetH=0;
672 }
673 function check_for_donation(chk) {
674 if ((audl = document.getElementById("autoUpdateDownload")) && audl.src.replace(/^.+\?/,"")=="0")
675 if (chk.substr(0, 8) != "Changed " || chk.substr(8, 1) != "0")
676 chk += "\\n\\n'.__("Please make a donation for the use of this wonderful feature!",'gotmls').'";
677 alert(chk);
678 }
679 setDiv("div_file");
680 </script>';
681 }
682
683 function GOTMLS_get_header($optional_box = "") {
684 if (isset($_GET["check_site"]) && $_GET["check_site"])
685 $pre_style = '<div id="check_site" style="z-index: 1234567;"><img src="'.GOTMLS_images_path.'checked.gif" height=16 width=16 alt="&#x2714;"> '.__("Tested your site. It appears we didn't break anything",'gotmls').' ;-)</div><script type="text/javascript">if (csw = window.parent.document.getElementById("check_site_warning")) csw.style.backgroundColor=\'#0C0\';window.addEventListener(\'load\', (event) => {showhide(\'inside_ddd6dbd641b9a5909fe4d44da2017cc7\');});</script><li>Please <a target="_blank" href="https://wordpress.org/support/plugin/gotmls/reviews/#wporg-footer">write a "Five-Star" Review</a> on WordPress.org if you like this plugin.</li><style>#footer, #GOTMLS-metabox-container, #GOTMLS-right-sidebar, #admin-page-container, #wpadminbar, #adminmenuback, #adminmenuwrap, #adminmenu, .error, .updated, .notice, .update-nag {display: none !important;} #wpbody-content {padding-bottom: 0;} #wpbody, html.wp-toolbar {padding-top: 0 !important;} #wpcontent, #footer {margin-left: 5px !important;}';
686 else
687 $pre_style = '<style>#GOTMLS-right-sidebar {float: right; margin-right: 0px;}';
688 return GOTMLS_get_styles($pre_style).'<div id="main-page-title"><h1 style="vertical-align: middle;">Anti-Malware from&nbsp;GOTMLS.NET</h1></div>';
689 }
690
691 function GOTMLS_object_to_array($obj) {
692 if (is_object($obj))
693 $obj = (array) $obj;
694 $new = array();
695 if (is_array($obj)) {
696 foreach ($obj as $key => $val)
697 $new[$key] = GOTMLS_object_to_array($val);
698 } else
699 $new = $obj;
700 return $new;
701 }
702
703 function GOTMLS_get_pagination($count, $wrap = "") {
704 $Q_Paged = "";
705 if (isset($_REQUEST["paged"]) && is_numeric($_REQUEST["paged"])) {
706 if ((INT) $count < (INT) $_REQUEST["paged"])
707 $GLOBALS["GOTMLS"]["Quarantine"]["paged"] = (INT) $count;
708 else
709 $GLOBALS["GOTMLS"]["Quarantine"]["paged"] = (INT) $_REQUEST["paged"];
710 } else
711 $GLOBALS["GOTMLS"]["Quarantine"]["paged"] = 1;
712 for ($p = 1; $p <= $count; $p++) {
713 $Q_Paged .= '<input class="GOTMLS_page" type="submit" value="'.$p.'"'.((isset($GLOBALS["GOTMLS"]["Quarantine"]["paged"]) && $GLOBALS["GOTMLS"]["Quarantine"]["paged"] == $p) || (!isset($GLOBALS["GOTMLS"]["Quarantine"]["paged"]) && 1 == $p)?" DISABLED":"").' name="paged">';
714 }
715 if ($Q_Paged) {
716 foreach ($_GET as $name => $value) {
717 if (substr($name, 0, 10) != 'paged') {
718 if (is_array($value)) {
719 foreach ($value as $val)
720 $Q_Paged .= '<input type="hidden" name="'.GOTMLS_htmlspecialchars($name).'[]" value="'.GOTMLS_htmlspecialchars($val).'">';
721 } else
722 $Q_Paged .= '<input type="hidden" name="'.GOTMLS_htmlspecialchars($name).'" value="'.GOTMLS_htmlspecialchars($value).'">';
723 }
724 }
725 $Q_Paged = '<form method="GET" name="GOTMLS_Form_page"><div style="float: left;">Page:</div>'."$Q_Paged\n</form><br style=\"clear: left;\" />\n";
726 }
727 if ($wrap)
728 return "$Q_Paged<!-- p = $p , count = $count -->$wrap$Q_Paged";
729 else
730 return $Q_Paged;
731 }
732
733 function GOTMLS_get_quarantine($only = false) {
734 global $wpdb, $post;
735 if (is_numeric($only))
736 return get_post($only, ARRAY_A);
737 elseif ($only)
738 return $wpdb->get_var("SELECT COUNT(*) FROM `$wpdb->posts` WHERE `post_type` = 'GOTMLS_quarantine' AND `post_status` != 'trash'");
739 else
740 $args = array("orderby" => 'date', "post_type" => 'GOTMLS_quarantine', "post_status" => array('pending', 'draft', 'private'));
741 if (isset($_REQUEST["post_status"]))
742 $args["post_status"] = $_REQUEST["post_status"];
743 if (isset($_REQUEST["paged"]) && is_numeric($_REQUEST["paged"]))
744 $args["paged"] = (INT) $_REQUEST["paged"];
745 if (isset($_REQUEST["posts_per_page"]) && is_numeric($_REQUEST["posts_per_page"]) && ($_REQUEST["posts_per_page"]))
746 $args["posts_per_page"] = (INT) $_REQUEST["posts_per_page"];
747 else
748 $args["posts_per_page"] = 200;
749 $my_query = new WP_Query($args);
750 if ($my_query->have_posts()) {
751 $Q_Page = '<form method="POST" action="'.admin_url('admin-ajax.php').'" target="GOTMLS_iFrame" name="GOTMLS_Form_clean"><input type="hidden" id="GOTMLS_fixing" name="GOTMLS_fixing" value="1"><input type="hidden" name="'.str_replace('=', '" value="', GOTMLS_set_nonce(__FUNCTION__."639")).'"><input type="hidden" name="action" value="GOTMLS_fix"><p id="quarantine_buttons" style="display: none;"><input id="repair_button" type="submit" value="'.__("Restore selected files from quarantine records",'gotmls').'" class="button-primary" onclick="if (confirm(\''.__("Are you sure you want to overwrite the previously cleaned files with the selected files in the Quarantine?",'gotmls').'\')) { setvalAllFiles(1); loadIframe(\'File Restoration Results\'); } else return false;" /><input id="delete_button" type="submit" class="button-primary" value="'.__("Delete selected quarantine records",'gotmls').'" onclick="if (confirm(\''.__("Are you sure you want to permanently delete the selected files in the Quarantine?",'gotmls').'\')) { setvalAllFiles(2); loadIframe(\'File Deletion Results\'); } else return false;" /></p><p><b>'.__("The following items highlighted in yellow had been found to contain malicious code, they have been cleaned and the malicious contents have been removed. A record of the infection has been saved here in the Quarantine for your review and could help with any future investigations. The code is safe here and you do not need to do anything further with these files.",'gotmls').'</b></p>
752 <p id="reclean_buttons" style="display: none;"><input id="reclean_button" type="submit" value="'.__("Re-clean re-infected files",'gotmls').'" class="button-primary" onclick="checkAllFiles(false); setvalAllFiles(1); loadIframe(\'Reinfected File Recleaning Results\');" /><b>'.__("The items highlighted in red have been found to be re-infected. The malicious code has returned and needs to be cleaned again.",'gotmls').'</b></p>
753 <ul name="found_Quarantine" id="found_Quarantine" class="GOTMLS_plugin known" style="background-color: #ccc; padding: 0;"><h3 style="margin: 8px 12px;">'.($my_query->post_count>1?'<input type="checkbox" onchange="checkAllFiles(this.checked); document.getElementById(\'quarantine_buttons\').style.display = \'block\';"> '.sprintf(__("Check all %d",'gotmls'),$my_query->post_count):"").__(" Items in Quarantine",'gotmls').'<span class="GOTMLS_date">'.__("Quarantined",'gotmls').'</span><span class="GOTMLS_date">'.__("Date Infected",'gotmls').((isset($_REQUEST["GOTMLS_debug"]))?'</span><span class="GOTMLS_date">'.__("Date Modified",'gotmls').'</span><span class="GOTMLS_date">'.__("Date Changed",'gotmls').'</span><span class="GOTMLS_date">'.__("File Size",'gotmls').'</span><span class="GOTMLS_date">'.__("Threat Found",'gotmls'):"").'</span></h3>';
754 $root_path = implode(GOTMLS_slash(), array_slice(GOTMLS_explode_dir(__FILE__), 0, (2 + intval($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"])) * -1));
755 while ($my_query->have_posts()) {
756 $my_query->the_post();
757 $gif = 'blocked.gif';
758 $threat = 'potential';
759 $action = $post->ID.'" id="check_'.$post->ID.'" onchange="document.getElementById(\'quarantine_buttons\').style.display = \'block\';';
760 $link = GOTMLS_error_link(__("The current/live file is missing or deleted",'gotmls'), $post->ID, $threat);
761 $fa = GOTMLS_threats_found_meta(GOTMLS_object_to_array($post));
762 if (is_file($post->post_title)) {
763 GOTMLS_scanfile($post->post_title);
764 if (count($GLOBALS["GOTMLS"]["tmp"]["threats_found"])) {
765 $gif = 'threat.gif" onload="document.getElementById(\'reclean_buttons\').style.display = \'block\';';
766 $threat = 'known';
767 $action = GOTMLS_encode(realpath($post->post_title)).'" id="ilist_'.$post->ID.'" checked="true';
768 }
769 $link = GOTMLS_error_link(__("View current/live version",'gotmls'), $post->post_title, $threat);
770 } elseif (is_array($postdb = explode(":", $post->post_title.":")) && count($postdb) > 3 && is_numeric($postdb[1])) {
771 if ("options" == substr($postdb[0], -7)) {
772 if ($opt_row = $wpdb->get_row($wpdb->prepare("SELECT * FROM `$wpdb->options` WHERE `option_id` = %s",(INT) $postdb[1]), ARRAY_A))
773 $link = GOTMLS_error_link(__("View Option Record: ",'gotmls').((INT) $postdb[1]), ((INT) $postdb[1]).'.1', $threat);
774 elseif ($opt_row = $wpdb->get_row($SQL = $wpdb->prepare("SELECT * FROM `$wpdb->options` WHERE `option_name` LIKE %s", trim($postdb[2], '"')), ARRAY_A))
775 $link = GOTMLS_error_link(__("View Option Record: ",'gotmls').htmlspecialchars($postdb[2]), $opt_row["option_id"].'.1', $threat);
776 else
777 $link = GOTMLS_error_link(__("View Quarantine Record",'gotmls'), $post->ID, $threat);
778 } else {
779 $link = '<a target="_blank" href="';
780 if ("revision" == $postdb[0])
781 $link .= admin_url('revision.php?revision='.rawurlencode($postdb[1]))."\" title=\"View this revision";
782 else
783 $link .= admin_url('post.php?action=edit&post='.rawurlencode((INT) $postdb[1]))."\" title=\"View current ".GOTMLS_htmlspecialchars($postdb[0]);
784 $link .= "\" id=\"list_edit_".((INT) $postdb[1])."\" class=\"GOTMLS_plugin $threat\">";
785 }
786 }
787 $Q_Page .= '
788 <li id="GOTMLS_quarantine_'.((INT) $post->ID).'" class="GOTMLS_quarantine_item" onmouseover="this.style.fontWeight=\'bold\';" onmouseout="this.style.fontWeight=\'normal\';"><span class="GOTMLS_date">'.GOTMLS_error_link(__("View Quarantine Record",'gotmls'), $post->ID, $threat).$post->post_date_gmt.'</a></span><span class="GOTMLS_date">'.GOTMLS_htmlspecialchars($post->post_modified_gmt).((isset($_REQUEST["GOTMLS_debug"]) && is_file($post->post_title))?'</span><span class="GOTMLS_date">'.gmdate("Y-m-d H:i:s", filemtime($post->post_title)).'</span><span class="GOTMLS_date">'.gmdate("Y-m-d H:i:s", filectime($post->post_title)).'</span><span class="GOTMLS_date">('.filesize($post->post_title).' bytes)</span><span class="GOTMLS_date">( '.$fa.')':"").'</span><input type="checkbox" name="GOTMLS_fix[]" value="'.$action.'" /><img src="'.GOTMLS_images_path.$gif.'" height=16 width=16 alt="Q">'.$link.GOTMLS_htmlspecialchars(str_replace($root_path, "...", $post->post_title))."</a></li>\n";
789 }
790 $Q_Page = GOTMLS_get_pagination($my_query->max_num_pages, "$Q_Page\n</ul>\n</form>");
791 } else
792 $Q_Page = '<h3>'.__("No Items in Quarantine",'gotmls').'</h3>';
793 wp_reset_query();
794 return $Q_Page;
795 }
796
797 function GOTMLS_box($bTitle, $bContents, $bType = "postbox") {
798 $md5 = md5($bTitle);
799 if (isset($GLOBALS["GOTMLS"]["tmp"]["$bType"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["$bType"]))
800 $GLOBALS["GOTMLS"]["tmp"]["$bType"]["$md5"] = "$bTitle";
801 else
802 $GLOBALS["GOTMLS"]["tmp"]["$bType"] = array("$md5"=>"$bTitle");
803 return '
804 <div id="box_'.$md5.'" class="'.$bType.'"><h3 title="Click to toggle" onclick="if (typeof '.$bType.'_showhide == \'function\'){'.$bType.'_showhide(\'inside_'.$md5.'\');}else{showhide(\'inside_'.$md5.'\');}" style="cursor: pointer;" class="hndle"><span id="title_'.$md5.'">'.$bTitle.'</span></h3>
805 <div id="inside_'.$md5.'" class="inside">
806 '.$bContents.'
807 </div>
808 </div>';
809 }
810
811 function GOTMLS_threats_ver($threats_name) {
812 foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"] as $threat_level => $Threats)
813 if (is_array($Threats) && isset($Threats["$threats_name"][0]) && strlen($Threats["$threats_name"][0]) == 5)
814 return $Threats["$threats_name"][0];
815 return $threats_name;
816 }
817
818 function GOTMLS_threats_found_meta($Q_post = array()) {
819 global $wpdb, $table_prefix;
820 $gt = ">"; // This local variable never changes
821 $lt = "<"; // This local variable never changes
822 $SQL = "SELECT `meta_value` AS `Threat`, COUNT(*) AS `Found` FROM `{$wpdb->prefix}postmeta` WHERE `meta_key` = 'GOTMLS_threats_found'";
823 if (isset($Q_post["ID"]) && is_numeric($pID = $Q_post["ID"]) && ($pID > 0))
824 $SQL = $wpdb->prepare("$SQL AND post_id = %s", (INT) $pID);
825 else
826 $pID = 0;
827 $my_query = $wpdb->get_results("$SQL GROUP BY `meta_value`", ARRAY_A);
828 $fa = "";
829 if (is_array($my_query) && count($my_query)) {
830 $f = 1;
831 foreach ($my_query as $rec) {
832 if (isset($rec["Threat"]) && is_string($rec["Threat"]) && is_array($Threat = @GOTMLS_uckserialize($rec["Threat"])) && isset($Threat["DefVer"]) && isset($Threat["SubPos"])) {
833 $ends = explode("-", $Threat["SubPos"]."--", 3);
834 if (strlen($ends[0]) > 0 && strlen($ends[1]) > 0 && is_numeric($ends[1]) && is_numeric($ends[0])) {
835 if ($ends[1] < $ends[0])
836 $ends = array_reverse($ends);
837 $fa .= $lt.'a title="'.GOTMLS_htmlspecialchars($Threat["DefVer"]).'" href="javascript:select_text_range(\'ta_file\', '.$ends[0].', '.$ends[1].');"'.$gt.'['.$f++."]$lt/a$gt ";
838 }
839 }
840 }
841 } else {
842 if (isset($Q_post["post_excerpt"]) && strlen($Q_post["post_excerpt"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["threats_found"] = @GOTMLS_uckserialize(GOTMLS_decode($Q_post["post_excerpt"])))) {
843 $f = 1;
844 foreach ($GLOBALS["GOTMLS"]["tmp"]["threats_found"] as $threats_found => $threats_name) {
845 $ends = explode("-", "$threats_found--", 3);
846 if (strlen($ends[0]) > 0 && strlen($ends[1]) > 0 && is_numeric($ends[1]) && is_numeric($ends[0])) {
847 if ($ends[1] < $ends[0])
848 $ends = array_reverse($ends);
849 $fa .= $lt.'a title="'.GOTMLS_htmlspecialchars($threats_name).'" href="javascript:select_text_range(\'ta_file\', '.$ends[0].', '.$ends[1].');"'.$gt.'['.$f++."]$lt/a$gt ";
850 if (function_exists("add_post_meta"))
851 add_post_meta($pID, 'GOTMLS_threats_found', array("SubPos" => $ends[0]."-".$ends[1], "DefVer" => GOTMLS_threats_ver($threats_name)));
852 } else {
853 if (is_numeric($threats_found)) {
854 $threats_found = $threats_name;
855 $threats_name = $f;
856 }
857 $fpos = 0;
858 $flen = 0;
859 $potential_threat = GOTMLS_convert_r($threats_found);
860 while (($fpos = strpos($GLOBALS["GOTMLS"]["tmp"]["file_contents"], ($potential_threat), $flen + $fpos)) !== false) {
861 $flen = strlen($potential_threat);
862 $fa .= $lt.'a title="'.GOTMLS_htmlspecialchars($threats_name).'" href="javascript:select_text_range(\'ta_file\', '.($fpos).', '.($fpos + $flen).');"'.$gt.'['.$f++."]$lt/a$gt ";
863 if (function_exists("add_post_meta"))
864 add_post_meta($pID, 'GOTMLS_threats_found', serialize(array("SubPos" => $fpos."-".($fpos + $flen), "DefVer" => GOTMLS_threats_ver($threats_name))));
865 }
866 }
867 }
868 } else
869 $fa = strlen($Q_post["post_excerpt"])."No Threats Found ";
870 }
871 return $fa;
872 }
873
874 function GOTMLS_view_details($Q_post, $pretext = "") {
875 $title = __("View Details:",'gotmls');
876 $clean_file = GOTMLS_htmlentities($Q_post["post_title"]);
877 $encoded_file_contents = GOTMLS_convert_r($GLOBALS["GOTMLS"]["tmp"]["file_contents"]);
878 if (isset($GLOBALS["GOTMLS"]["tmp"]["encoding"])) {
879 $en = $GLOBALS["GOTMLS"]["tmp"]["encoding"];
880 @header("Content-type: text/html; charset=$en");
881 } else
882 $en = "Unknown";
883 $fa = GOTMLS_threats_found_meta($Q_post);
884 die(GOTMLS_html_tags(array(
885 "html" => array(
886 "head" => array(
887 "title" => "$title $clean_file",
888 "script" => GOTMLS_js_text_range()
889 ),
890 "body" => array(
891 "table" => array(
892 "tr" => array(
893 "td" => "$pretext".
894 GOTMLS_html_tags(array(
895 "div" => array(
896 "b" => "$title",
897 "br id='encoding' /" => "encoding: $en",
898 "br id='size' /" => "size: ".strlen("$encoded_file_contents")." Bytes",
899 "br id='infected' /" => 'infected:'.$Q_post["post_modified_gmt"],
900 "br id='quarantined' /" => 'quarantined:'.$Q_post["post_date_gmt"]
901 )
902 ), array(
903 'div' => 'id="fileperms" class="shadowed-box rounded-corners" style="display: none; position: absolute; left: 8px; top: 29px; background-color: #ccc; border: medium solid #C00; box-shadow: -3px 3px 3px #666; border-radius: 10px; padding: 10px;"'
904 )
905 ).
906 GOTMLS_html_tags(array(
907 "div" => GOTMLS_html_tags(array('span' => $title), array('span' => 'onmouseover="document.getElementById(\'fileperms\').style.display=\'block\';" onmouseout="document.getElementById(\'fileperms\').style.display=\'none\';"'))."( $fa)"
908 ), array(
909 'div' => 'style="overflow: auto;"'
910 )
911 )
912 ),
913 GOTMLS_html_tags(array(
914 "tr" => array(
915 "td" => array(
916 "textarea" => GOTMLS_htmlentities("$encoded_file_contents")
917 )
918 )
919 ), array(
920 'td' => 'style="height: 100%; padding: 5px 5px 0 0;"',
921 'textarea' => 'id="ta_file" style="width: 100%; height: 100%"'
922 )
923 )
924 )
925 )
926 )
927 ), array(
928 'script' => 'type="text/javascript"',
929 'table' => 'style="top: 0px; left: 0px; width: 100%; height: 100%; position: absolute;"',
930 'td' => 'style="width: 100%"'
931 )
932 ));
933 }
934
935 function GOTMLS_js_text_range($posttext = "") {
936 return '
937 function select_text_range(ta_id, start, end) {
938 var textBox = document.getElementById(ta_id);
939 var scrolledText = "";
940 scrolledText = textBox.value.substring(0, end);
941 textBox.focus();
942 if (textBox.setSelectionRange) {
943 scrolledText = textBox.value.substring(end);
944 textBox.value = textBox.value.substring(0, end);
945 textBox.scrollTop = textBox.scrollHeight;
946 textBox.value = textBox.value + scrolledText;
947 textBox.setSelectionRange(start, end);
948 } else if (textBox.createTextRange) {
949 var range = textBox.createTextRange();
950 range.collapse(true);
951 range.moveStart("character", start);
952 range.moveEnd("character", end);
953 range.select();
954 } else
955 alert("The highlighting function does not work in your browser");
956 }
957 if (typeof window.parent.showhide === "function")
958 window.parent.showhide("GOTMLS_iFrame", true);
959 '.$posttext;
960 }
961
962 if ((isset($_SERVER["DOCUMENT_ROOT"]) && ($SCRIPT_FILE = str_replace($_SERVER["DOCUMENT_ROOT"], "", (isset($_SERVER["SCRIPT_FILENAME"])?$_SERVER["SCRIPT_FILENAME"]:(isset($_SERVER["SCRIPT_NAME"])?$_SERVER["SCRIPT_NAME"]:"")))) && strlen($SCRIPT_FILE) > strlen("/".basename(__FILE__)) && substr(__FILE__, -1 * strlen($SCRIPT_FILE)) == substr($SCRIPT_FILE, -1 * strlen(__FILE__)))) {
963 if (isset($_REQUEST["page"]) && str_replace('-', '_', $_REQUEST["page"]) == "GOTMLS_View_Quarantine" && isset($_REQUEST["GOTMLS_mt"]) && strlen($GOTMLS_nonce = $_REQUEST["GOTMLS_mt"]) == 32 && isset($GLOBALS["GOTMLS"]["tmp"]["nonce"][$_REQUEST["GOTMLS_mt"]]["context"]) && ($GLOBALS["GOTMLS"]["tmp"]["nonce"][$_REQUEST["GOTMLS_mt"]]["context"] == GOTMLS_update_home)) {
964 try {
965 $wpdb->prefix = $table_prefix;
966 if (isset($_REQUEST["id"]) && is_numeric($_REQUEST["id"])) {
967 $my_query = $wpdb->get_results($wpdb->prepare("SELECT * FROM `{$wpdb->prefix}posts` WHERE `post_type` = 'GOTMLS_quarantine' AND `ID` = %s", (INT) $_REQUEST["id"]), ARRAY_A);
968 if (is_array($my_query) && isset($my_query[0]["post_type"]) && strtolower($my_query[0]["post_type"]) == "gotmls_quarantine") {
969 GOTMLS_load_contents(GOTMLS_decode($my_query[0]["post_content"]));
970 GOTMLS_view_details($my_query[0], '<form style="margin: 0;" method="post" action="?GOTMLS_mt='.$GOTMLS_nonce.'&page=GOTMLS_View_Quarantine" onsubmit="return confirm(\''.GOTMLS_strip4java(__("Are you sure you want to restore this record from the quarantine?",'gotmls')).'\');"><input type="hidden" name="id[]" value="'.$my_query[0]["ID"].'"><input type="submit" value="Restore from Quarantine" style="display: none; background-color: #0C0; float: right;"></form>');
971 } else
972 die('<h3>Item NOT Found in Quarantine</h3>');
973 } else {
974 if (!isset($_REQUEST["not_in"]))
975 $_REQUEST["not_in"] = "trash";
976 $GLOBALS["GOTMLS"]["Quarantine"]["SQL"] = $wpdb->prepare("FROM `{$wpdb->prefix}posts` WHERE `post_type` = 'GOTMLS_quarantine' AND `post_status` != %s ORDER BY `post_date_gmt` DESC", $_REQUEST["not_in"]);
977 $GLOBALS["GOTMLS"]["Quarantine"]["Count"] = $wpdb->get_var("SELECT COUNT(*) ".$GLOBALS["GOTMLS"]["Quarantine"]["SQL"]);
978 if (isset($_REQUEST["posts_per_page"]) && is_numeric($_REQUEST["posts_per_page"]) && ($_REQUEST["posts_per_page"]))
979 $GLOBALS["GOTMLS"]["Quarantine"]["posts_per_page"] = (INT) $_REQUEST["posts_per_page"];
980 else
981 $GLOBALS["GOTMLS"]["Quarantine"]["posts_per_page"] = 200;
982 $paged = GOTMLS_get_pagination(ceil($GLOBALS["GOTMLS"]["Quarantine"]["Count"] / $GLOBALS["GOTMLS"]["Quarantine"]["posts_per_page"]));
983 $GLOBALS["GOTMLS"]["Quarantine"]["SQL"] .= $wpdb->prepare(" LIMIT %d,%d", (INT) (($GLOBALS["GOTMLS"]["Quarantine"]["paged"] - 1) * $GLOBALS["GOTMLS"]["Quarantine"]["posts_per_page"]), (INT) $GLOBALS["GOTMLS"]["Quarantine"]["posts_per_page"]);
984 $my_query = $wpdb->get_results("SELECT * ".$GLOBALS["GOTMLS"]["Quarantine"]["SQL"], ARRAY_A);
985 if (is_array($my_query) && count($my_query)) {
986 $Q_Page = $paged.'<form method="POST" action="?page=GOTMLS_View_Quarantine" name="GOTMLS_Form_clean"><input type="hidden" name="GOTMLS_mt" value="'.$GOTMLS_nonce.'"><p id="quarantine_buttons" style="display: none;"><input id="repair_button" type="submit" value="Restore selected files" class="button-primary" style="background-color: #0C0;" onclick="return confirm(\'Are you sure you want to overwrite the previously cleaned files with the selected files in the Quarantine?\');" /></p><p><b>The following items have been found to contain malicious code, they have been cleaned, and the original infected file contents have been saved here in the Quarantine. The code is safe here and you do not need to do anything further with these files.</b></p>
987 <ul name="found_Quarantine" id="found_Quarantine" class="GOTMLS_plugin known" style="background-color: #ccc; padding: 0;"><h3 style="margin: 8px 12px;">'.(count($my_query)>1?'<input type="checkbox" onchange="checkAllFiles(this.checked); document.getElementById(\'quarantine_buttons\').style.display = \'block\';"> '.sprintf(__("Check all %d",'gotmls'),count($my_query)):"").__(" Items in Quarantine",'gotmls').'<span class="GOTMLS_date">'.__("Quarantined",'gotmls').'</span><span class="GOTMLS_date">'.__("Date Infected",'gotmls').'</span></h3>';
988 $root_path = implode(GOTMLS_slash(), array_slice(GOTMLS_explode_dir(__FILE__), 0, (2 + intval($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"])) * -1));
989 foreach ($my_query as $post_a) {
990 $restored = "";
991 $image = "blocked";
992 if (isset($_REQUEST["id"]) && is_array($_REQUEST["id"]) && in_array($post_a["ID"], $_REQUEST["id"])) {
993 $restored = " read-only disabled";
994 if (GOTMLS_file_put_contents($post_a["post_title"], GOTMLS_decode($post_a["post_content"]))) {
995 $post_a["post_modified_gmt"] = gmdate("Y-m-d H:i:s");
996 $image = "checked";
997 $wpdb->query($wpdb->prepare("UPDATE `{$wpdb->prefix}posts` SET `post_status` = 'pending' WHERE `post_type` = 'GOTMLS_quarantine' AND `ID` = %s", (INT) $post_a["ID"]));
998 }
999 }
1000 $Q_Page .= '
1001 <li id="GOTMLS_quarantine_'.$post_a["ID"].'" class="GOTMLS_quarantine_item"><span class="GOTMLS_date">'.$post_a["post_date_gmt"].'</span><span class="GOTMLS_date">'.$post_a["post_modified_gmt"].'</span><input'.$restored.' type="checkbox" name="id[]" value="'.$post_a["ID"].'" id="GOTMLS_quarantine_check_'.$post_a["ID"].'" onchange="document.getElementById(\'quarantine_buttons\').style.display = \'block\';" /><img src="'.$image.'.gif" height=16 width=16 alt="Q"><a class="GOTMLS_plugin '.$restored.$post_a["ping_status"].'" target="_blank" href="?page=GOTMLS_View_Quarantine&id='.$post_a["ID"].'&GOTMLS_mt='.$GOTMLS_nonce.'" title="View Quarantined File">'.str_replace($root_path, "...", $post_a["post_title"])."</a></li>\n";
1002 }
1003 $Q_Page .= "\n</ul>\n</form>$paged";
1004 } else
1005 $Q_Page = '<h3>'.__("No Items in Quarantine",'gotmls').'</h3>';
1006 die(GOTMLS_html_tags(array("html" => array("body" => GOTMLS_get_header().GOTMLS_box(__("View Quarantine",'gotmls'), $Q_Page)))));
1007 }
1008 } catch (Exception $e) {
1009 die('Caught exception: '.GOTMLS_htmlspecialchars($e->getMessage())."\n");
1010 }
1011 } else {
1012 header("Content-type: image/gif");
1013 die(GOTMLS_decode('R=lGODlhEAAQAIQYAAAAAAIAAAMAAAgAAAkAAAsAAAwAAHcAAHgAAKYAAK4AAK8AALUAALYAAMcAAMgAAM=AANkAANoAANwAAN=AAP4AAP8AANTU1P_______________________________yH5BAEKAB8ALAAAAAAQABAAAAWB4HddwGia5SWSAVBZMAwIKQkg7xtXCJAKCEukURgRIJbKQWCrSGw-QAJWiS4sjFHUAYNUFD7LpKilvC6DiaVUqZxipuQIFpfXSWLC5UWpFdQ-V=gWD1EjDBYLUToJUT4XEVUlAQddAyMGDRIWS1o3SW=6PI9aNKJJMykrNSckIx8hADs2'));
1014
1015 }
1016 }
1017 $GOTMLS_image_alt = array("wait"=>"...", "checked"=>"&#x2714;", "blocked"=>"X", "question"=>"?", "threat"=>"!");
1018 $GOTMLS_dir_at_depth = array();
1019 $GOTMLS_dirs_at_depth = array();
1020 $GLOBAL_STRING = array("REQUEST" => "&","SERVER" => "&","FILES" => "&");
1021 if (isset($_GET) && is_array($_GET))
1022 foreach ($_GET as $req => $val)
1023 $GLOBAL_STRING["REQUEST"] .= "$req=".(is_array($val)?print_r($val,1):$val)."&";
1024 if (isset($_POST) && is_array($_POST))
1025 foreach ($_POST as $req => $val)
1026 $GLOBAL_STRING["REQUEST"] .= "$req=".(is_array($val)?print_r($val,1):$val)."&";
1027 if (isset($_SERVER) && is_array($_SERVER))
1028 foreach ($_SERVER as $req => $val)
1029 $GLOBAL_STRING["SERVER"] .= "$req=".(is_array($val)?print_r($val,1):$val)."&";
1030 if (isset($_FILES) && is_array($_FILES))
1031 foreach ($_FILES as $req => $fila)
1032 foreach (array("tmp_name","name") as $val)
1033 if (isset($fila["$val"]))
1034 $GLOBAL_STRING["FILES"] .= "$req.$val=".(is_array($fila["$val"])?print_r($fila["$val"],1):$fila["$val"])."&";
1035 if (!(isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["firewall"]) && array($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["firewall"])))
1036 $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["firewall"] = array(
1037 "RevSlider"=>array("CCIGG", "Revolution Slider Exploit Protection", "This protection is automatically activated because of the widespread attacks on WordPress that have affected so many sites. It is still recommended that you make sure to upgrade any older versions of the Revolution Slider plugin, especially those included in themes that will not update automatically. Even if you don't think you have Revolution Slider on your site it doen't hurt to have this protection enabled.", "SERVER", '/\/admin-ajax\.php/i', "REQUEST", '/\&img=[^\&]*(?<!\.'.implode(')(?<!\.', array_slice($GLOBALS["GOTMLS"]["tmp"]["skip_ext"], 0, 10)).')\&/i'),
1038 "Traversal"=>array("CCIGG", "Directory Traversal Protection", "This protection is automatically activated because this type of attack is quite common. This protection can prevent hackers from accessing secure files in parent directories (or user's folders outside the site_root).", "REQUEST", '/[\=\/](\.\.|etc)\//'),
1039 "UploadPHP"=>array("CCIGG", "Upload PHP File Protection", "This protection is automatically activated because this type of attack is extremely dangerous. This protection can prevent hackers from uploading malicious code via web scripts.", "FILES", '/name=[^\&]*\.php\&/'));
1040 foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["firewall"] as $TP => $VA) {
1041 $V = 3;
1042 if (is_array($VA) && count($VA) > $V && is_array($VA[$V])) {
1043 foreach ($VA[$V] as $reg => $arr) {
1044 $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["firewall"]["$TP"][$V++] = $arr;
1045 $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["firewall"]["$TP"][$V++] = $reg;
1046 }
1047 }
1048 if (!(isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["firewall"]["$TP"]) && $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["firewall"]["$TP"])) {
1049 $GLOBALS["GOTMLS"]["detected_attacks"] = "&attack[]=FW_$TP";
1050 for ($V = 4; isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["firewall"]["$TP"][$V]); $V+=2)
1051 if (!isset($GLOBAL_STRING[$GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["firewall"]["$TP"][$V-1]]))
1052 die($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["firewall"]["$TP"][$V-1]." [$V] not in <pre>".GOTMLS_htmlspecialchars(print_r($GLOBAL_STRING,1))."</pre>");
1053 elseif (!preg_match($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["firewall"]["$TP"][$V], $GLOBAL_STRING[$GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["firewall"]["$TP"][$V-1]], $matches))
1054 $GLOBALS["GOTMLS"]["detected_attacks"] = "";
1055 if ($GLOBALS["GOTMLS"]["detected_attacks"])
1056 include(dirname(dirname(__FILE__))."/safe-load/index.php");
1057 }
1058 }
1059 $GLOBALS["GOTMLS"]["detected_attacks"] = "";
1060 if (!(isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"]) && count($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"]) == 4))
1061 $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"] = $GLOBALS["GOTMLS"]["tmp"]["default"]["msg_position"];
1062 if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_what"]))
1063 $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_what"] = 2;
1064 if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_depth"]))
1065 $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_depth"] = -1;
1066 if (!(isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"])))
1067 $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"] = $GLOBALS["GOTMLS"]["tmp"]["skip_ext"];
1068 if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check_custom"]))
1069 $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check_custom"] = "";
1070 if (!(isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_dir"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_dir"])))
1071 $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_dir"] = array();
1072 $GOTMLS_total_percent = 0;
1073
1074 function GOTMLS_admin_notices() {
1075 if (!is_admin())
1076 return;
1077 if (is_file(dirname(dirname(dirname(__FILE__)))."/yuzo-related-post/yuzo_related_post.php"))
1078 echo GOTMLS_error_div('It looks like you have <b>"Related Post" plugin By <i>Lenin Zapata</i></b> installed on your site.<br />This plugin was removed from the WordPress Plugin Repository because it contained a major vulnerability that was responsible for a fairly widespread breach to many WordPress sites that had it installed.<br />It is recommended that it be deactivated and deleted until a fix is released that solves this problem.');
1079 if (!function_exists("mb_detect_encoding"))
1080 echo GOTMLS_error_div('It looks like you don\'t have <b>"mbstring" functions</b> enabled on your server.<br />This Anti-Malware plugin requires Multibyte String compatibility for best results. Please make sure that php-mbstring is installed and configured for the version of PHP running on your server.');
1081 if ($GLOBALS["GOTMLS"]["tmp"]["HeadersError"])
1082 echo $GLOBALS["GOTMLS"]["tmp"]["HeadersError"];
1083 }
1084 add_action("admin_notices", "GOTMLS_admin_notices");
1085
1086 function GOTMLS_array_recurse($array1, $array2) {
1087 foreach ($array2 as $key => $value) {
1088 if (!isset($array1[$key]) || (isset($array1[$key]) && !is_array($array1[$key])))
1089 $array1[$key] = array();
1090 if (is_array($value))
1091 $value = GOTMLS_array_recurse($array1[$key], $value);
1092 $array1[$key] = $value;
1093 }
1094 return $array1;
1095 }
1096
1097 function GOTMLS_array_replace($array1, $array2) {
1098 foreach ($array2 as $key => $value)
1099 $array1[$key] = $value;
1100 return $array1;
1101 }
1102
1103 function GOTMLS_array_replace_recursive($array1 = array()) {
1104 $args = func_get_args();
1105 $array1 = $args[0];
1106 if (!is_array($array1))
1107 $array1 = array();
1108 for ($i = 1; $i < count($args); $i++)
1109 if (is_array($args[$i]))
1110 $array1 = GOTMLS_array_recurse($array1, $args[$i]);
1111 return $array1;
1112 }
1113
1114 function GOTMLS_scanlog_title() {
1115 $units = array("seconds"=>60,"minutes"=>60,"hours"=>24,"days"=>365,"years"=>10);
1116 if (isset($GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["type"]) && strlen($GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["type"]))
1117 $GLOBALS["GOTMLS"]["scan"]["title"] = GOTMLS_sanitize($GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["type"]);
1118 else
1119 $GLOBALS["GOTMLS"]["scan"]["title"] = "Unknown scan type";
1120 $scan_only = "";
1121 if (isset($GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["scan_only"])) {
1122 if (is_array($GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["scan_only"])) {
1123 if (count($GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["scan_only"]) == 1 && isset($GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["scan_only"][0]))
1124 $scan_only = "/".$GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["scan_only"][0];
1125 } else
1126 $scan_only = "/".$GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["scan_only"];
1127 }
1128 if (isset($GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["dir"]) && @is_dir($GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["dir"]))
1129 $GLOBALS["GOTMLS"]["scan"]["title"] .= " of ".basename($GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["dir"].$scan_only);
1130 elseif ($scan_only)
1131 $GLOBALS["GOTMLS"]["scan"]["title"] .= " of ".basename($scan_only);
1132 if (isset($GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["start"]) && is_numeric($GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["start"])) {
1133 $ukeys = array_keys($units);
1134 $GLOBALS["GOTMLS"]["scan"]["title"] .= " on ".date("Y-m-d", $GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["start"]);
1135 if (isset($GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["finish"]) && is_numeric($GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["finish"]) && ($GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["finish"] >= $GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["start"])) {
1136 $time = ($GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["finish"] - $GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["start"]);
1137 for ($unit = $ukeys[0], $key=0; (isset($units[$ukeys[$key]]) && $key < (count($ukeys) - 1) && $time >= $units[$ukeys[$key]]); $unit = $ukeys[++$key])
1138 $time = floor($time/$units[$ukeys[$key]]);
1139 if (1 == $time)
1140 $unit = substr($unit, 0, -1);
1141 if ($time)
1142 $GLOBALS["GOTMLS"]["scan"]["title"] .= " ran for $time $unit";
1143 } else
1144 $GLOBALS["GOTMLS"]["scan"]["title"] .= " was not finished!";
1145 } else
1146 $GLOBALS["GOTMLS"]["scan"]["title"] .= " failed to started!";
1147 return $GLOBALS["GOTMLS"]["scan"]["title"];
1148 }
1149
1150 function GOTMLS_load_scanlog($scanlog_key) {
1151 global $wpdb;
1152 if (strlen($scanlog_key = preg_replace('/[^0-9a-f]++]i/', "", $scanlog_key)) != 32)
1153 $scanlog_key = preg_replace('/[^0-9a-f]++]i/', "", $GLOBALS["GOTMLS"]["tmp"]["mt"]);
1154 if ((strlen($scanlog_key) == 32) && ($prs = $wpdb->get_results($wpdb->prepare("SELECT * FROM `{$wpdb->prefix}posts` WHERE post_type = %s AND post_name = %s", 'gotmls_results', $scanlog_key), ARRAY_A))) {
1155 $GLOBALS["GOTMLS"]["scan"]["key"] = $scanlog_key;
1156 if (!(isset($prs[0]["post_content"]) && (strlen($prs[0]["post_content"])) && is_array($GLOBALS["GOTMLS"]["scan"]["log"] = json_decode($prs[0]["post_content"], true))))
1157 $GLOBALS["GOTMLS"]["scan"]["log"] = array();
1158 if (!isset($GLOBALS["GOTMLS"]["scan"]["title"]) && !(isset($prs[0]["post_title"]) && (strlen($GLOBALS["GOTMLS"]["scan"]["title"] = $prs[0]["post_title"])))) {
1159 GOTMLS_scanlog_title();
1160 }
1161 return $scanlog_key;
1162 }
1163 return false;
1164 }
1165
1166 function GOTMLS_update_scanlog($scan_log, $status = "") {
1167 global $wpdb;
1168 if (is_array($scan_log)) {
1169 if (isset($GLOBALS["GOTMLS"]["scan"]["key"]) && strlen($scanlog_key = preg_replace('/[^0-9a-f]++]i/', "", $GLOBALS["GOTMLS"]["scan"]["key"])) == 32) {
1170 $GLOBALS["GOTMLS"]["scan"]["log"] = GOTMLS_array_replace_recursive($GLOBALS["GOTMLS"]["scan"]["log"], $scan_log);
1171 $values = array("post_modified" => date("Y-m-d H:i:s", (int) $GLOBALS["GOTMLS"]["MT"]));
1172 $where = array("post_type" => 'gotmls_results', "post_name" => $scanlog_key);
1173 } else {
1174 $where = false;
1175 $values = array("post_modified" => date("Y-m-d H:i:s", (int) $GLOBALS["GOTMLS"]["MT"]), "post_date_gmt" => date("Y-m-d H:i:s", (int) $GLOBALS["GOTMLS"]["MT"]), "post_type" => 'gotmls_results', "post_parent" => 0);
1176 if (($prs = $wpdb->get_results($wpdb->prepare("SELECT ID FROM `{$wpdb->prefix}posts` WHERE post_type = %s ORDER BY post_date DESC LIMIT 1", 'gotmls_results'), ARRAY_A)) && isset($prs[0]["ID"]))
1177 $values["post_parent"] = $prs[0]["ID"];
1178 $GLOBALS["GOTMLS"]["scan"]["log"] = $scan_log;
1179 }
1180 if (isset($GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["percent"]) && is_numeric($GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["percent"]) && ($GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["percent"] >= 100))
1181 $GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["finish"] = time();
1182 if (isset($GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["finish"]) && is_numeric($GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["finish"])) {
1183 $values["post_modified_gmt"] = date("Y-m-d H:i:s", (int) $GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["finish"]);
1184 if (!isset($GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["start"]))
1185 $GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["start"] = $GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["finish"];
1186 }
1187 if (isset($GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["type"]) && !isset($GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["start"]))
1188 $GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["start"] = (int) $GLOBALS["GOTMLS"]["MT"];
1189 $values["post_content"] = json_encode($GLOBALS["GOTMLS"]["scan"]["log"]);
1190 $values["post_author"] = GOTMLS_get_current_user_id(0);
1191 $values["post_modified"] = date("Y-m-d H:i:s", (int) microtime(true));
1192 if (!(isset($GLOBALS["GOTMLS"]["scan"]["log"]["settings"]) && is_array($GLOBALS["GOTMLS"]["scan"]["log"]["settings"])) && isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]))
1193 $GLOBALS["GOTMLS"]["scan"]["log"]["settings"] = $GLOBALS["GOTMLS"]["tmp"]["settings_array"];
1194 if (isset($GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["start"]) && is_numeric($GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["start"]) && ($GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["start"] > 0)) {
1195 $values["post_date"] = date("Y-m-d H:i:s", (int) $GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["start"]);
1196 $values["post_title"] = GOTMLS_scanlog_title();
1197 if ($where)
1198 $scan_log["updated" . $wpdb->update($wpdb->posts, $values, $where)] = $where;
1199 else {
1200 if (strlen($GLOBALS["GOTMLS"]["scan"]["key"] = preg_replace('/[^0-9a-f]++]i/', "", $GLOBALS["GOTMLS"]["tmp"]["mt"])) != 32)
1201 $GLOBALS["GOTMLS"]["scan"]["key"] = md5($GLOBALS["GOTMLS"]["MT"]);
1202 $values["post_name"] = $GLOBALS["GOTMLS"]["scan"]["key"];
1203 $scan_log["inserted"] = $wpdb->insert($wpdb->posts, $values);
1204 }
1205 }
1206 }
1207 }
1208
1209 function GOTMLS_loaded() {
1210 if (headers_sent($filename, $linenum)) {
1211 if (!$filename)
1212 $filename = __("an unknown file",'gotmls');
1213 if (!is_numeric($linenum))
1214 $linenum = __("unknown",'gotmls');
1215 $GLOBALS["GOTMLS"]["tmp"]["HeadersError"] = GOTMLS_error_div(sprintf(__('<b>Headers already sent</b> in %1$s on line %2$s.<br />This is not a good sign, it may just be a poorly written plugin but Headers should not have been sent at this point.<br />Check the code in the above mentioned file to fix this problem.','gotmls'), $filename, $linenum));
1216 } elseif (isset($_GET["SESSION"]) && !session_id()) {
1217 @session_start();
1218 }
1219 if (session_id() && isset($_GET["SESSION"]) && $_GET["SESSION"] == "GOTMLS_debug" && ((isset($_GET["GOTMLS_debug"]) && "SESSION" == $_GET["GOTMLS_debug"]) || !isset($_SESSION["GOTMLS_debug"])))
1220 $_SESSION["GOTMLS_debug"] = array("GOTMLS_loaded" => microtime(true));
1221 }
1222 add_action("plugins_loaded", "GOTMLS_loaded");
1223
1224 if (!function_exists("add_action")) {
1225 GOTMLS_loaded();
1226 // GOTMLS_admin_notices();
1227 }
1228
1229 function GOTMLS_get_ext($filename) {
1230 $nameparts = explode(".", ".$filename");
1231 return strtolower($nameparts[(count($nameparts)-1)]);
1232 }
1233
1234 function GOTMLS_preg_match_all($threat_definition, $threat_name, $not_serialized = true) {
1235 if ($match = @preg_match_all($threat_definition, $GLOBALS["GOTMLS"]["tmp"]["file_contents"], $threats_found)) {
1236 $start = -1;
1237 if (!@preg_match_all($threat_definition, $GLOBALS["GOTMLS"]["tmp"]["new_contents"], $threat_found)) {
1238 $new_contents = $GLOBALS["GOTMLS"]["tmp"]["new_contents"];
1239 $GLOBALS["GOTMLS"]["tmp"]["new_contents"] = $GLOBALS["GOTMLS"]["tmp"]["file_contents"];
1240 } else
1241 $new_contents = false;
1242 foreach ($threats_found[0] as $find) {
1243 $potential_threat = GOTMLS_convert_r($find);
1244 $flen = strlen($potential_threat);
1245 while (($start = strpos(GOTMLS_convert_r($GLOBALS["GOTMLS"]["tmp"]["file_contents"]), $potential_threat, $start+1)) !== false) {
1246 $GLOBALS["GOTMLS"]["tmp"]["threats_found"]["$start-".($flen+$start)] = "$threat_name";
1247 if ($not_serialized)
1248 $GLOBALS["GOTMLS"]["tmp"]["new_contents"] = str_replace($find, "", $GLOBALS["GOTMLS"]["tmp"]["new_contents"]);
1249 else
1250 $GLOBALS["GOTMLS"]["tmp"]["new_contents"] = substr($GLOBALS["GOTMLS"]["tmp"]["new_contents"], 0, $start).str_repeat(" ", $flen).substr($GLOBALS["GOTMLS"]["tmp"]["new_contents"], $start + $flen);
1251 }
1252 }
1253 if ($not_serialized && ($new_contents !== false) && strlen($new_contents) < strlen($GLOBALS["GOTMLS"]["tmp"]["new_contents"]))
1254 $GLOBALS["GOTMLS"]["tmp"]["new_contents"] = $new_contents;
1255 return count($GLOBALS["GOTMLS"]["tmp"]["threats_found"]);
1256 } else
1257 return $match;
1258 }
1259
1260 function GOTMLS_preg_last_pcre_error() {
1261 $DC = array('PREG_NO_ERROR', 'PREG_INTERNAL_ERROR', 'PREG_BACKTRACK_LIMIT_ERROR', 'PREG_RECURSION_LIMIT_ERROR', 'PREG_BAD_UTF8_ERROR', 'PREG_BAD_UTF8_OFFSET_ERROR');
1262 if (function_exists("preg_last_error") && ($key = (INT) preg_last_error()) && isset($DC[$key]))
1263 return $DC[$key];
1264 else
1265 return "";
1266 }
1267
1268 function GOTMLS_check_threat($check_threats, $file='UNKNOWN') {
1269 $GLOBALS["GOTMLS"]["tmp"]["threats_found"] = array();
1270 $GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["last_threat"] = microtime(true);
1271 $filekey = md5($GLOBALS["GOTMLS"]["tmp"]["file_contents"])."O".strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]);
1272 if (is_array($check_threats)) {
1273 $path = str_replace("//", "/", "/".str_replace("\\", "/", substr($file, strlen(ABSPATH))));
1274 if (substr($file, 0, strlen(ABSPATH)) == ABSPATH && isset($check_threats[GOTMLS_wp_version]["$path"])) {
1275 if (($check_threats[GOTMLS_wp_version]["$path"] != $filekey) && ($source = GOTMLS_get_URL(GOTMLS_get_corefile_URL("$path", $check_threats[GOTMLS_wp_version]["$path"]))) && ($check_threats[GOTMLS_wp_version]["$path"] == md5($source)."O".strlen($source))) {
1276 $GLOBALS["GOTMLS"]["tmp"]["new_contents"] = $source;
1277 $len = strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]);
1278 if (strlen($source) < $len)
1279 $len = strlen($source);
1280 for ($start = 0, $end = 0; ($start == 0 || $end == 0) && $len > 0; $len--){
1281 if ($start == 0 && substr($source, 0, $len) == substr($GLOBALS["GOTMLS"]["tmp"]["file_contents"], 0, $len))
1282 $start = $len;
1283 if ($end == 0 && substr($source, -1 * $len) == substr($GLOBALS["GOTMLS"]["tmp"]["file_contents"], -1 * $len))
1284 $end = $len;
1285 }
1286 $GLOBALS["GOTMLS"]["tmp"]["threats_found"]["$start-".(strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"])-$end)] = "Core File Modified";
1287 }
1288 } else {
1289 foreach ($check_threats as $threat_name=>$threat_definitions) {
1290 $GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["last_threat"] = microtime(true);
1291 if (is_array($threat_definitions) && count($threat_definitions) > 1 && strlen($def_ver = array_shift($threat_definitions)) == 5 && (!(isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"]) && in_array($threat_name, $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"])))) {
1292 while ($threat_definition = array_shift($threat_definitions)) {
1293 $found = GOTMLS_preg_match_all($threat_definition, $threat_name);
1294 if ($found===false && ($err = GOTMLS_preg_last_pcre_error()))
1295 $GLOBALS["GOTMLS"]["tmp"]["errors"]["$def_ver"]["$filekey"] = $err;
1296 }
1297 if (isset($_SESSION["GOTMLS_debug"])) {
1298 $_SESSION["GOTMLS_debug"]["threat_name"] = "$threat_name";// ($def_ver)";
1299 $file_time = sprintf('%f', (microtime(true) - $GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["last_threat"]));
1300 if (isset($_GET["GOTMLS_debug"]) && is_numeric($_GET["GOTMLS_debug"]) && $file_time > $_GET["GOTMLS_debug"])
1301 echo GOTMLS_htmlspecialchars("\n//GOTMLS_debug $file_time $threat_name $file\n");
1302 if (isset($GLOBALS["GOTMLS"]["tmp"]["errors"]["$def_ver"]["$filekey"]))
1303 $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["errors"]["$filekey"] = $GLOBALS["GOTMLS"]["tmp"]["errors"]["$def_ver"]["$filekey"];
1304 if (isset($_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["total"]))
1305 $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["total"] = sprintf('%f', $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["total"] + $file_time);
1306 else
1307 $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["total"] = $file_time;
1308 if (isset($_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["count"]))
1309 $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["count"]++;
1310 else
1311 $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["count"] = 1;
1312 if (!isset($_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["least"]) || $file_time < $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["least"])
1313 $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["least"] = $file_time;
1314 if (!isset($_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["most"]) || $file_time > $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["most"])
1315 $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["most"] = $file_time;
1316 }
1317 }
1318 }
1319 }
1320 } elseif (strlen($check_threats) && isset($_GET['eli']) && GOTMLS_verify_regex($check_threats)) {
1321 $found = GOTMLS_preg_match_all($check_threats, $check_threats);
1322 if ($found===false && ($err = GOTMLS_preg_last_pcre_error()))
1323 $GLOBALS["GOTMLS"]["tmp"]["errors"]["$check_threats"]["$filekey"] = $err;
1324 }
1325 if (isset($_SESSION["GOTMLS_debug"])) {
1326 $file_time = sprintf('%f', (microtime(true) - $GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["last_threat"]));
1327 if (isset($_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_level"]]["total"]))
1328 $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_level"]]["total"] = sprintf('%f', $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_level"]]["total"] + $file_time);
1329 else
1330 $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_level"]]["total"] = $file_time;
1331 if (isset($_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_level"]]["count"]))
1332 $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_level"]]["count"]++;
1333 else
1334 $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_level"]]["count"] = 1;
1335 if (!isset($_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_level"]]["least"]) || $file_time < $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_level"]]["least"])
1336 $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_level"]]["least"] = $file_time;
1337 if (!isset($_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_level"]]["most"]) || $file_time > $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_level"]]["most"])
1338 $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_level"]]["most"] = $file_time;
1339 }
1340 return count($GLOBALS["GOTMLS"]["tmp"]["threats_found"]);
1341 }
1342
1343 function GOTMLS_verify_regex($RegExp) {
1344 if (preg_match('/^(\/|\#|\|).+\1[is]*$/', $RegExp))
1345 return $RegExp;
1346 else
1347 return "";
1348 }
1349
1350 function GOTMLS_scanfile($file) {
1351 global $wpdb, $GOTMLS_chmod_file, $GOTMLS_chmod_dir;
1352 $gt = ">"; // This local variable never changes
1353 $lt = "<"; // This local variable never changes
1354 $GLOBALS["GOTMLS"]["tmp"]["debug_fix"] = "Scanning...";
1355 $GLOBALS["GOTMLS"]["tmp"]["threats_found"] = array();
1356 $found = false;
1357 $threat_link = "";
1358 $className = "scanned";
1359 $real_file = realpath($file);
1360 $clean_file = GOTMLS_encode($real_file);
1361 if (is_file($real_file) && ($filesize = filesize($real_file)) && GOTMLS_load_contents(@file_get_contents($real_file))) {
1362 if (isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"][GOTMLS_wp_version]) && is_array($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"][GOTMLS_wp_version]))
1363 $whitelist = array_flip($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"][GOTMLS_wp_version]);
1364 else
1365 $whitelist = array();
1366 if (isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"])) {
1367 foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"] as $whitelist_file=>$non_threats) {
1368 if (is_array($non_threats) && count($non_threats) > 1) {
1369 if (isset($non_threats[0]))
1370 unset($non_threats[0]);
1371 $whitelist = array_merge($whitelist, $non_threats);
1372 }
1373 }
1374 }
1375 if (isset($whitelist[md5($GLOBALS["GOTMLS"]["tmp"]["file_contents"]).'O'.$filesize]))
1376 return GOTMLS_return_threat($className, "checked.gif?$className", $file, $threat_link);
1377 $GLOBALS["GOTMLS"]["tmp"]["new_contents"] = $GLOBALS["GOTMLS"]["tmp"]["file_contents"];
1378 if (isset($GLOBALS["GOTMLS"]["scan"]["log"]["settings"]["check_custom"]) && strlen($GLOBALS["GOTMLS"]["scan"]["log"]["settings"]["check_custom"]) && isset($_GET['eli']) && GOTMLS_verify_regex($GLOBALS["GOTMLS"]["scan"]["log"]["settings"]["check_custom"]) && ($found = GOTMLS_check_threat($GLOBALS["GOTMLS"]["scan"]["log"]["settings"]["check_custom"])))
1379 $className = "known";
1380 else {
1381 $path = str_replace("//", "/", "/".str_replace("\\", "/", substr($file, strlen(ABSPATH))));
1382 if (isset($_SESSION["GOTMLS_debug"])) {
1383 $_SESSION["GOTMLS_debug"]["file"] = $file;
1384 $_SESSION["GOTMLS_debug"]["last"]["total"] = microtime(true);
1385 }
1386 if (isset($GLOBALS["GOTMLS"]["tmp"]["threat_levels"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["threat_levels"])) {
1387 foreach ($GLOBALS["GOTMLS"]["tmp"]["threat_levels"] as $threat_level) {
1388 if ("db_scan" != $threat_level) {
1389 if (isset($_SESSION["GOTMLS_debug"])) {
1390 $_SESSION["GOTMLS_debug"]["threat_level"] = $threat_level;
1391 $_SESSION["GOTMLS_debug"]["last"]["threat_level"] = microtime(true);
1392 }
1393 if (in_array($threat_level, $GLOBALS["GOTMLS"]["scan"]["log"]["settings"]["check"]) && !$found && isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"][$threat_level]) && ($threat_level != "wp_core" || (substr($file, 0, strlen(ABSPATH)) == ABSPATH && isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"][GOTMLS_wp_version]["$path"]))) && (!isset($GLOBALS["GOTMLS"]["tmp"]["threat_files"]["$threat_level"]) || (substr($file."e", (-1 * strlen($GLOBALS["GOTMLS"]["tmp"]["threat_files"][$threat_level]."e"))) == $GLOBALS["GOTMLS"]["tmp"]["threat_files"][$threat_level]."e")) && ($found = GOTMLS_check_threat($GLOBALS["GOTMLS"]["tmp"]["definitions_array"][$threat_level],$file)))
1394 $className = $threat_level;
1395 }
1396 }
1397 }
1398 if (isset($_SESSION["GOTMLS_debug"])) {
1399 $file_time = round(microtime(true) - $_SESSION["GOTMLS_debug"]["last"]["total"], 5);
1400 if (isset($_SESSION["GOTMLS_debug"]["total"]["total"]))
1401 $_SESSION["GOTMLS_debug"]["total"]["total"] += $file_time;
1402 else
1403 $_SESSION["GOTMLS_debug"]["total"]["total"] = $file_time;
1404 if (isset($_SESSION["GOTMLS_debug"]["total"]["count"]))
1405 $_SESSION["GOTMLS_debug"]["total"]["count"] ++;
1406 else
1407 $_SESSION["GOTMLS_debug"]["total"]["count"] = 1;
1408 if (!isset($_SESSION["GOTMLS_debug"]["total"]["least"]) || $file_time < $_SESSION["GOTMLS_debug"]["total"]["least"])
1409 $_SESSION["GOTMLS_debug"]["total"]["least"] = $file_time;
1410 if (!isset($_SESSION["GOTMLS_debug"]["total"]["most"]) || $file_time > $_SESSION["GOTMLS_debug"]["total"]["most"])
1411 $_SESSION["GOTMLS_debug"]["total"]["most"] = $file_time;
1412 }
1413 }
1414 } else {
1415 GOTMLS_load_contents((is_file($real_file)?(is_readable($real_file)?(filesize($real_file)?__("Failed to read file contents!",'gotmls'):__("Empty file!",'gotmls')):(isset($_GET["eli"])?(@chmod($real_file, $GOTMLS_chmod_file)?__("Fixed file permissions! (try again)",'gotmls'):__("File permissions read-only!",'gotmls')):__("File not readable!",'gotmls'))):__("File does not exist!",'gotmls')));
1416 $className = "errors";
1417 }
1418 if (count($GLOBALS["GOTMLS"]["tmp"]["threats_found"])) {
1419 $threat_link = $lt.'a target="GOTMLS_iFrame" href="'.GOTMLS_admin_url('GOTMLS_scan', GOTMLS_set_nonce(__FUNCTION__."1249").'&mt='.$GLOBALS["GOTMLS"]["tmp"]["mt"].'&GOTMLS_scan='.$clean_file).'" id="list_'.$clean_file.'" onclick="loadIframe(\''.str_replace("\"", "&quot;", $lt.'div style="float: left; white-space: nowrap;"'.$gt.GOTMLS_strip4java(__("Examine File",'gotmls')).' ... '.$lt.'/div'.$gt.$lt.'div style="overflow: hidden; position: relative; height: 20px;"'.$gt.$lt.'div style="position: absolute; right: 0px; text-align: right; width: 9000px;"'.$gt.GOTMLS_htmlspecialchars(GOTMLS_strip4java($file), ENT_NOQUOTES))."$lt/div$gt$lt/div$gt');\" class=\"GOTMLS_plugin\"$gt";
1420 if ($className == "errors") {
1421 $GLOBALS["GOTMLS"]["tmp"]["debug_fix"]="errors";
1422 $threat_link = GOTMLS_error_link($GLOBALS["GOTMLS"]["tmp"]["file_contents"], $file);
1423 $imageFile = "/blocked";
1424 } elseif ($className != "potential") {
1425 if (isset($_REQUEST["GOTMLS_fix"]) && is_array($_REQUEST["GOTMLS_fix"]) && in_array($clean_file, $_REQUEST["GOTMLS_fix"])) {
1426 $GLOBALS["GOTMLS"]["tmp"]["debug_fix"]="GOTMLS_fix";
1427 if (GOTMLS_get_nonce()) {
1428 if ($className == "timthumb") {
1429 if (($source = GOTMLS_get_URL("https://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/timthumb/timthumb.php")) && strlen($source) > 500)
1430 $GLOBALS["GOTMLS"]["tmp"]["new_contents"] = $source;
1431 else
1432 $GLOBALS["GOTMLS"]["tmp"]["file_contents"] = "";
1433 } elseif ($className == 'wp_core') {
1434 $path = str_replace("//", "/", "/".str_replace("\\", "/", substr($file, strlen(ABSPATH))));
1435 if (substr($file, 0, strlen(ABSPATH)) == ABSPATH && isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"][GOTMLS_wp_version]["$path"]) && ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"][GOTMLS_wp_version]["$path"] != md5($GLOBALS["GOTMLS"]["tmp"]["file_contents"])."O".strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"])) && ($source = GOTMLS_get_URL(GOTMLS_get_corefile_URL("$path", $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"][GOTMLS_wp_version]["$path"]))) && ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"][GOTMLS_wp_version]["$path"] == md5($source)."O".strlen($source)))
1436 $GLOBALS["GOTMLS"]["tmp"]["new_contents"] = $source;
1437 else
1438 $GLOBALS["GOTMLS"]["tmp"]["file_contents"] = "";
1439 } else {
1440 $GOTMLS_no_contents = trim(preg_replace('/\/\*.*?\*\/\s*/s', "", $GLOBALS["GOTMLS"]["tmp"]["new_contents"]));
1441 $GOTMLS_no_contents = trim(preg_replace('/\n\s*\/\/.*/', "", $GOTMLS_no_contents));
1442 $GOTMLS_no_contents = trim(preg_replace('/'.$lt.'\?(php)?\s*(\?'.$gt.'|$)/is', "", $GOTMLS_no_contents));
1443 if (strlen($GOTMLS_no_contents))
1444 $GLOBALS["GOTMLS"]["tmp"]["new_contents"] = trim(preg_replace('/'.$lt.'\?(php)?\s*(\?'.$gt.'|$)/is', "", $GLOBALS["GOTMLS"]["tmp"]["new_contents"]));
1445 else
1446 $GLOBALS["GOTMLS"]["tmp"]["new_contents"] = "";
1447 }
1448 if (strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]) > 0 && (($Q_post = GOTMLS_write_quarantine($file, $className)) !== false) && ((strlen($GLOBALS["GOTMLS"]["tmp"]["new_contents"])==0 && isset($_GET["eli"]) && ($_GET["eli"] == "delete") && @unlink($file)) || (($Write_File = GOTMLS_file_put_contents($file, $GLOBALS["GOTMLS"]["tmp"]["new_contents"])) !== false))) {
1449 echo __("Success!",'gotmls');
1450 return "/*--{$gt}*"."/\nfixedFile('$clean_file');\n/*{$lt}!--*"."/";
1451 } else {
1452 echo __("Failed:",'gotmls').' '.(strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"])?((is_writable(dirname($file)) && is_writable($file))?(($Q_post===false)?__("failed to quarantine!",'gotmls')." (".GOTMLS_htmlspecialchars($wpdb->last_error).")":((isset($Write_File)&&$Write_File)?"Q=$Q_post: ".__("reason unknown!",'gotmls'):"Q=$Q_post: ".__("failed to write!",'gotmls'))):__("file not writable!",'gotmls')):__("no file contents!",'gotmls'));
1453 if (isset($_GET["eli"]))
1454 echo 'uid='.getmyuid().'('.get_current_user().'),gid='.getmygid().($lt.'br'.$gt.$lt.'pre'.$gt.'file_stat'.print_r(stat($file), true));
1455 return "/*--{$gt}*"."/\nfailedFile('$clean_file');\n/*{$lt}!--*"."/";
1456 }
1457 } else {
1458 echo GOTMLS_Invalid_Nonce(__("Failed: ",'gotmls'));
1459 return "/*--{$gt}*"."/\nfailedFile('$clean_file');\n/*{$lt}!--*"."/";
1460 }
1461 }
1462 $GLOBALS["GOTMLS"]["tmp"]["debug_fix"]=isset($_POST["GOTMLS_fix"])?"GOTMLS_fix=".GOTMLS_htmlspecialchars(preg_replace('/[\r\n]+/', ' ', print_r($_POST["GOTMLS_fix"],1))):"!potential";
1463 $threat_link = $lt.'input type="checkbox" name="GOTMLS_fix[]" value="'.$clean_file.'" id="check_'.$clean_file.(($className != "wp_core||ifitis")?'" checked="'.$className:'').'" /'.$gt.$threat_link;
1464 $imageFile = "threat";
1465 } elseif (isset($_POST["GOTMLS_fix"]) && is_array($_POST["GOTMLS_fix"]) && in_array($clean_file, $_POST["GOTMLS_fix"])) {
1466 echo __("Already Fixed!",'gotmls');
1467 return "/*-->*"."/\nfixedFile('$clean_file');\n/*<!--*"."/";
1468 } else
1469 $imageFile = "question";
1470 return GOTMLS_return_threat($className, $imageFile, $file, str_replace("GOTMLS_plugin", "GOTMLS_plugin $className", $threat_link));
1471 } elseif (isset($_POST["GOTMLS_fix"]) && is_array($_POST["GOTMLS_fix"]) && in_array($clean_file, $_POST["GOTMLS_fix"])) {
1472 $GLOBALS["GOTMLS"]["tmp"]["debug_fix"]="Already Fixed";
1473 echo __("Already Fixed!",'gotmls');
1474 return "/*--{$gt}*"."/\nfixedFile('$clean_file');\n/*{$lt}!--*"."/";
1475 } else {
1476 $GLOBALS["GOTMLS"]["tmp"]["debug_fix"]="no threat";
1477 return GOTMLS_return_threat($className, ($className=="scanned"?"checked":"blocked").".gif?$className", $file, $threat_link);
1478 }
1479 }
1480
1481 function GOTMLS_db_scan($id = 0) {
1482 global $wpdb;
1483 $li_js = "";
1484 if (isset($GLOBALS["GOTMLS"]["scan"]["log"]["settings"]["check"]) && is_array($GLOBALS["GOTMLS"]["scan"]["log"]["settings"]["check"]) && in_array("db_scan", $GLOBALS["GOTMLS"]["scan"]["log"]["settings"]["check"]) && isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["db_scan"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["db_scan"]) && count($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["db_scan"])) {
1485 if ($id) {
1486 $encoded_id = GOTMLS_encode($id);
1487 $ids = explode(".", $id.'.');
1488 if (count($ids) > 2 && 'tbl'.$ids[1] == 'tbl1' && is_numeric($ids[0]) && ($Q_post = $wpdb->get_row($wpdb->prepare("SELECT * FROM `$wpdb->options` WHERE `option_id` = %s", (INT) $ids[0]), ARRAY_A))) {
1489 $path = 'Option ID: '.$Q_post["option_id"];
1490 $clean_file = $Q_post["option_name"];
1491 $fa = "";
1492 GOTMLS_load_contents($Q_post["option_value"]);
1493 $not_serialized = !(is_array(GOTMLS_uckserialize($GLOBALS["GOTMLS"]["tmp"]["new_contents"] = $Q_post["option_value"])));
1494 $found = 0;
1495 $GLOBALS["GOTMLS"]["tmp"]["threats_found"] = array();
1496 foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["db_scan"] as $scan_sql => $scan_regex) {
1497 $GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["last_threat"] = microtime(true);
1498 $threat_name = array_shift($scan_regex);
1499 while ($threat_definition = array_shift($scan_regex))
1500 $found += GOTMLS_preg_match_all($threat_definition, $threat_name, $not_serialized);
1501 }
1502 if (isset($GLOBALS["GOTMLS"]["tmp"]["threats_found"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["threats_found"]) && count($GLOBALS["GOTMLS"]["tmp"]["threats_found"])) {
1503 $f = 1;
1504 foreach ($GLOBALS["GOTMLS"]["tmp"]["threats_found"] as $threats_found => $threats_name) {
1505 list($start, $end, $junk) = explode("-", "$threats_found--", 3);
1506 if ($start > $end)
1507 $fa .= 'ERROR['.($f++).']: Threat_size{'.$threats_found.'} Content_size{'.strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]).'}';
1508 else
1509 $fa .= ' <a title="'.GOTMLS_htmlspecialchars($threats_name).'" href="javascript:select_text_range(\'ta_file\', '.$start.', '.$end.');">['.$f++.']</a>';
1510 }
1511 } else
1512 $fa = " No Threats Found";
1513 if (isset($_REQUEST["GOTMLS_fix"]) && is_array($_REQUEST["GOTMLS_fix"]) && in_array($encoded_id, $_REQUEST["GOTMLS_fix"]) && isset($_REQUEST["GOTMLS_fixing"]) && $_REQUEST["GOTMLS_fixing"] > 0) {
1514 GOTMLS_write_quarantine($Q_post, "db_scan");
1515 if ($_REQUEST["GOTMLS_fixing"] > 1) {
1516 echo "<li>Removing $path ... ";
1517 if ($wpdb->query($wpdb->prepare("DELETE FROM `$wpdb->options` WHERE `option_id` = %s", (INT) $Q_post["option_id"]))) {
1518 echo __("Done!",'gotmls');
1519 $li_js .= "/*-->*"."/\nDeletedFile('$encoded_id');\n/*<!--*"."/";
1520 } else {
1521 echo __("Failed to delete!",'gotmls');
1522 $li_js .= "/*-->*"."/\nfailedFile('$encoded_id');\n/*<!--*"."/";
1523 }
1524 GOTMLS_update_scanlog(array("scan" => array("finish" => time(), "type" => "Removal of Option")));
1525 } else {
1526 echo "<li>Fixing $path ... ";
1527 if ($wpdb->update($wpdb->options, array("option_value" => $GLOBALS["GOTMLS"]["tmp"]["new_contents"]), array('option_id' => $Q_post["option_id"]))) {
1528 echo __("Success!",'gotmls');
1529 $li_js .= "/*-->*"."/\nfixedFile('$encoded_id');\n/*<!--*"."/";
1530 } else {
1531 echo __("Update Failed!",'gotmls');
1532 $li_js .= "/*-->*"."/\nfailedFile('$encoded_id');\n/*<!--*"."/";
1533 }
1534 GOTMLS_update_scanlog(array("scan" => array("finish" => time(), "type" => "Removal from Option")));
1535 }
1536 return $li_js;
1537 } else {
1538 return '<form style="margin: 0;" method="post" action="'.admin_url('admin-ajax.php?'.GOTMLS_set_nonce(__FUNCTION__."1380")).'" onsubmit="return confirm(\''.__("Are you sure you want to delete this option?",'gotmls').'\');"><input type="hidden" name="GOTMLS_fixing" value="2"><input type="hidden" name="action" value="GOTMLS_fix"><input type="submit" value="Delete this Option" style="float: right;"><input type="hidden" name="GOTMLS_fix[]" value="'.$encoded_id.'"></form><div id="fileperms" class="shadowed-box rounded-corners" style="display: none; position: absolute; left: 8px; top: 29px; background-color: #ccc; border: medium solid #C00; box-shadow: -3px 3px 3px #666; border-radius: 10px; padding: 10px;"><b>Record Details</b><br />encoding: '.(isset($GLOBALS["GOTMLS"]["tmp"]["encoding"])?$GLOBALS["GOTMLS"]["tmp"]["encoding"]:"Unknown").'<br />size: '.strlen(GOTMLS_convert_r($GLOBALS["GOTMLS"]["tmp"]["file_contents"])).' bytes</div><div style="overflow: auto;"><span onmouseover="document.getElementById(\'fileperms\').style.display=\'block\';" onmouseout="document.getElementById(\'fileperms\').style.display=\'none\';">'.__("Record Details:",'gotmls').'</span> ('.$fa.' )</div></td></tr><tr><td style="height: 100%"><textarea id="ta_file" style="width: 100%; height: 100%">'.GOTMLS_htmlentities(GOTMLS_convert_r($GLOBALS["GOTMLS"]["tmp"]["file_contents"])).'</textarea></td></tr></table>';
1539 }
1540 } elseif (($Q_post = GOTMLS_get_quarantine($ids[0])) && isset($Q_post["post_content"])) {
1541 $path = $Q_post["post_type"].' ID: '.$Q_post["ID"];
1542 $clean_file = $Q_post["post_title"];
1543 $fa = "";
1544 GOTMLS_load_contents($Q_post["post_content"]);
1545 $not_serialized = !(is_array(GOTMLS_uckserialize($GLOBALS["GOTMLS"]["tmp"]["new_contents"] = $Q_post["post_content"])));
1546 $found = 0;
1547 $GLOBALS["GOTMLS"]["tmp"]["threats_found"] = array();
1548 foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["db_scan"] as $scan_sql => $scan_regex) {
1549 $GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["last_threat"] = microtime(true);
1550 $threat_name = array_shift($scan_regex);
1551 while ($threat_definition = array_shift($scan_regex))
1552 $found += GOTMLS_preg_match_all($threat_definition, $threat_name, $not_serialized);
1553 }
1554 if (isset($GLOBALS["GOTMLS"]["tmp"]["threats_found"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["threats_found"]) && count($GLOBALS["GOTMLS"]["tmp"]["threats_found"])) {
1555 $f = 1;
1556 foreach ($GLOBALS["GOTMLS"]["tmp"]["threats_found"] as $threats_found => $threats_name) {
1557 list($start, $end, $junk) = explode("-", "$threats_found--", 3);
1558 if ($start > $end)
1559 $fa .= 'ERROR['.($f++).']: Threat_size{'.$threats_found.'} Content_size{'.strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]).'}';
1560 else
1561 $fa .= ' <a title="'.GOTMLS_htmlspecialchars($threats_name).'" href="javascript:select_text_range(\'ta_file\', '.$start.', '.$end.');">['.$f++.']</a>';
1562 }
1563 } else
1564 $fa = " No Threats Found";
1565 if (isset($_REQUEST["GOTMLS_fix"]) && is_array($_REQUEST["GOTMLS_fix"]) && in_array($encoded_id, $_REQUEST["GOTMLS_fix"]) && isset($_REQUEST["GOTMLS_fixing"]) && $_REQUEST["GOTMLS_fixing"] > 0) {
1566 if ($_REQUEST["GOTMLS_fixing"] > 1) {
1567 echo "<li>Removing $path ... ";
1568 $Q_post["post_status"] = "trash";
1569 if (wp_update_post($Q_post)) {
1570 echo __("Done!",'gotmls');
1571 $li_js .= "/*-->*"."/\nDeletedFile('$encoded_id');\n/*<!--*"."/";
1572 } else {
1573 echo __("Failed to delete!",'gotmls');
1574 $li_js .= "/*-->*"."/\nfailedFile('$encoded_id');\n/*<!--*"."/";
1575 }
1576 GOTMLS_update_scanlog(array("scan" => array("finish" => time(), "type" => "Removal of Revision")));
1577 } else {
1578 echo "<li>Fixing $path ... ";
1579 GOTMLS_write_quarantine($Q_post, "db_scan");
1580 $Q_post["post_content"] = $GLOBALS["GOTMLS"]["tmp"]["new_contents"];
1581 if (wp_update_post($Q_post)) {
1582 echo __("Success!",'gotmls');
1583 $li_js .= "/*-->*"."/\nfixedFile('$encoded_id');\n/*<!--*"."/";
1584 } else {
1585 echo __("Update Failed!",'gotmls');
1586 $li_js .= "/*-->*"."/\nfailedFile('$encoded_id');\n/*<!--*"."/";
1587 }
1588 GOTMLS_update_scanlog(array("scan" => array("finish" => time(), "type" => "Removal from Content")));
1589 }
1590 return $li_js;
1591 } else {
1592 return '<form style="margin: 0;" method="post" action="'.admin_url('admin-ajax.php?'.GOTMLS_set_nonce(__FUNCTION__."1421")).($Q_post["post_type"]=="revision"?'" onsubmit="return confirm(\''.__("Are you sure you want to delete this revision?",'gotmls').'\');"><input type="hidden" name="GOTMLS_fixing" value="2"><input type="hidden" name="action" value="GOTMLS_fix"><input type="submit" value="Delete this revision" style="float: right;"><input type="hidden" name="GOTMLS_fix[]" value="'.$encoded_id:"").'"></form><div id="fileperms" class="shadowed-box rounded-corners" style="display: none; position: absolute; left: 8px; top: 29px; background-color: #ccc; border: medium solid #C00; box-shadow: -3px 3px 3px #666; border-radius: 10px; padding: 10px;"><b>Record Details</b><br />encoding: '.(isset($GLOBALS["GOTMLS"]["tmp"]["encoding"])?$GLOBALS["GOTMLS"]["tmp"]["encoding"]:"Unknown").'<br />size: '.strlen(GOTMLS_convert_r($GLOBALS["GOTMLS"]["tmp"]["file_contents"])).' bytes<br />last_modified:'.$Q_post["post_modified_gmt"].'<br />post_type:'.$Q_post["post_type"].'<br />author:'.$Q_post["post_author"].'<br />status:'.$Q_post["post_status"].'</div><div style="overflow: auto;"><span onmouseover="document.getElementById(\'fileperms\').style.display=\'block\';" onmouseout="document.getElementById(\'fileperms\').style.display=\'none\';">'.__("Record Details:",'gotmls').'</span> ('.$fa.' )</div></td></tr><tr><td style="height: 100%"><textarea id="ta_file" style="width: 100%; height: 100%">'.GOTMLS_htmlentities(GOTMLS_convert_r($GLOBALS["GOTMLS"]["tmp"]["file_contents"])).'</textarea></td></tr></table>';
1593 }
1594 } else
1595 die(GOTMLS_html_tags(array("html" => array("body" => __("This record no longer exists.",'gotmls')."<br />\n<script type=\"text/javascript\">\nwindow.parent.showhide('GOTMLS_iFrame', true);\n</script>"))));
1596 } else {
1597 $threats_found = array();
1598 if (!isset($_REQUEST["eli"]))
1599 $and = " AND `post_status` != 'trash'";
1600 if (isset($_REQUEST["limit"]) && is_numeric($_REQUEST["limit"]))
1601 $and = " LIMIT ".((INT) $_REQUEST["limit"]);
1602 if (isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["db_scan"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["db_scan"])) {
1603 if (isset($_GET["GOTMLS_scan"]) && strlen($_GET["GOTMLS_scan"]) > 8 && isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["db_scan"][substr($_GET["GOTMLS_scan"], 8)])) {
1604 $scan_replace = str_replace("db_scan", "Database for ", GOTMLS_htmlspecialchars($_GET["GOTMLS_scan"]));
1605 $db_scan_a = array(GOTMLS_sanitize(substr($_GET["GOTMLS_scan"], 8)) => $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["db_scan"][substr($_GET["GOTMLS_scan"], 8)]);
1606 } elseif (isset($_GET["GOTMLS_only_file"]) && strlen($_GET["GOTMLS_only_file"]) && isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["db_scan"][$_GET["GOTMLS_only_file"]])) {
1607 $scan_replace = str_replace("db_scan", "Database only ".(isset($_GET["limit"]) && is_numeric($_GET["limit"])) ? (INT) $_GET["limit"] : ""." for ", GOTMLS_htmlspecialchars("db_scan=".GOTMLS_decode($_GET["GOTMLS_only_file"])));
1608 $_GET["GOTMLS_scan"] = "db_scan=".GOTMLS_decode($_GET["GOTMLS_only_file"]);
1609 $db_scan_a = array(GOTMLS_decode($_GET["GOTMLS_only_file"]) => $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["db_scan"][GOTMLS_decode($_GET["GOTMLS_only_file"])]);
1610 } else {
1611 $scan_replace = str_replace("db_scan", "Database", GOTMLS_htmlspecialchars($_GET["GOTMLS_scan"]));
1612 $db_scan_a = $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["db_scan"];
1613 }
1614 echo "/*<!--*"."/".GOTMLS_update_status(sprintf(__("Scanning %s",'gotmls'), $scan_replace));
1615 GOTMLS_flush();
1616 $li_js .= "/*<!--*"."/".GOTMLS_return_threat("dir", "checked", GOTMLS_htmlspecialchars($_GET["GOTMLS_scan"])).GOTMLS_update_status(sprintf(__("Scanned %s",'gotmls'), $scan_replace));
1617 } else {
1618 echo "/*<!--*"."/".GOTMLS_update_status(sprintf(__("No Definitions for DB Injections!",'gotmls')));
1619 GOTMLS_flush();
1620 $li_js .= GOTMLS_return_threat("error", "question", GOTMLS_htmlspecialchars($_GET["GOTMLS_scan"]));
1621 $db_scan_a = GOTMLS_sanitize($_GET["GOTMLS_scan"]);
1622 }
1623 if (isset($db_scan_a) && is_array($db_scan_a)) {
1624 echo "\n//memory_limit=".@ini_get("memory_limit")."\n";
1625 foreach ($db_scan_a as $scan_sql => $scan_regex) {
1626 if (!in_array(GOTMLS_sanitize($scan_sql), $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"])) {
1627 $SQL = preg_replace('/\{[a-f0-9]{64}\}/', '%', $wpdb->prepare("SELECT * FROM `$wpdb->posts` WHERE `post_content` LIKE %s $and", $scan_sql));
1628 $threat_name = array_shift($scan_regex);
1629 if (($found_row = $wpdb->get_results($SQL, ARRAY_A)) && is_array($found_row) && count($found_row)) {
1630 $val = count($found_row);
1631 if (isset($_REQUEST["eli"]) && ($_REQUEST["eli"] == "debug"))
1632 echo GOTMLS_return_threat("db_scan", "question", (print_r(array("scan_regex:"=>$scan_regex,"SQL:"=>$SQL),1)), GOTMLS_error_link("$val Rows", 0));//debug
1633 foreach ($found_row as $frow) {
1634 $encoded_id = GOTMLS_encode($frow["ID"].'.0');
1635 $found = 0;
1636 if ($frow["post_type"] != "revision" || isset($_REQUEST["eli"])) {
1637 GOTMLS_load_contents($frow["post_content"]);
1638 $not_serialized = !(is_array(GOTMLS_uckserialize($frow["post_content"])));
1639 $GLOBALS["GOTMLS"]["tmp"]["threats_found"] = array();
1640 $GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["last_threat"] = microtime(true);
1641 foreach ($scan_regex as $threat_definition)
1642 $found += GOTMLS_preg_match_all($threat_definition, $threat_name, $not_serialized);
1643 if ($found && !isset($threats_found['row_id_'.$encoded_id])) {
1644 echo str_replace($frow["ID"].'</a>', '</a><a target="_blank" title="Open '.$frow["post_type"].'" href="'.admin_url(($frow["post_type"]=="revision")?'revision.php?revision='.$frow["ID"].'">View Revision: ':'post.php?action=edit&post='.$frow["ID"].'">Edit '.$frow["post_type"].': ').$frow["ID"].'</a>', GOTMLS_return_threat("db_scan", "threat", "$found $threat_name(\"".str_replace('%', '*', trim($scan_sql, "%")).'") in '.$frow["post_type"]."(".(($frow["post_status"]=='inherit')?$frow["post_parent"]:$frow["post_status"]).'):"'.GOTMLS_htmlspecialchars($frow["post_title"]).'":'.$frow["ID"], '<input type="checkbox" name="GOTMLS_fix[]" id="check_'.$encoded_id.'" value="'.$encoded_id.'" checked="true">'.GOTMLS_error_link(__("View DB Injection",'gotmls'), $frow["ID"].'.0', "db_scan")));
1645 $threats_found['row_id_'.$encoded_id] = $threat_name;
1646 } elseif (isset($_REQUEST["eli"]) && ($_REQUEST["eli"] == "debug"))
1647 echo GOTMLS_return_threat("db_scan", "question", (print_r(array("post_id"=>$frow["ID"], "scan_regex:"=>$scan_regex,"SQL:"=>$SQL),1)), GOTMLS_error_link("No preg_match", 0));//debug
1648 }
1649 }
1650 }
1651 if (($found_row = $wpdb->get_results(preg_replace('/\{[a-f0-9]{64}\}/', '%', $wpdb->prepare("SELECT * FROM `$wpdb->options` WHERE `option_value` LIKE %s", $scan_sql)), ARRAY_A)) && is_array($found_row) && count($found_row)) {
1652 $val = count($found_row);
1653 if (isset($_REQUEST["eli"]) && ($_REQUEST["eli"] == "debug"))
1654 echo GOTMLS_return_threat("db_scan", "question", (print_r(array("scan_regex:"=>$scan_regex,"SQL:"=>$SQL),1)), GOTMLS_error_link("$val Rows", 0));//debug
1655 foreach ($found_row as $frow) {
1656 $GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["last_threat"] = microtime(true);
1657 $GLOBALS["GOTMLS"]["tmp"]["threats_found"] = array();
1658 $encoded_id = GOTMLS_encode($frow["option_id"].'.1');
1659 $found = 0;
1660 GOTMLS_load_contents($frow["option_value"]);
1661 $not_serialized = !(is_array(GOTMLS_uckserialize($frow["option_value"])));
1662 foreach ($scan_regex as $threat_definition)
1663 $found += GOTMLS_preg_match_all($threat_definition, $threat_name, $not_serialized);
1664 if ($found && !isset($threats_found['row_id_'.$encoded_id])) {
1665 echo GOTMLS_return_threat("db_scan", "threat", "$found $threat_name(\"".str_replace('%', '*', trim($scan_sql, "%")).'") in '."$wpdb->options:".GOTMLS_htmlspecialchars($frow["option_name"]).'":'.$frow["option_id"].'.1', '<input type="checkbox" name="GOTMLS_fix[]" id="check_'.$encoded_id.'" value="'.$encoded_id.'" checked="true">'.GOTMLS_error_link(__("View DB Injection",'gotmls'), $frow["option_id"].'.1', "db_scan"));
1666 $threats_found['row_id_'.$encoded_id] = $threat_name;
1667 } elseif (isset($_REQUEST["eli"]) && ($_REQUEST["eli"] == "debug"))
1668 echo GOTMLS_return_threat("db_scan", "question", (print_r(array("post_id"=>$frow["ID"], "scan_regex:"=>$scan_regex,"SQL:"=>$SQL),1)), GOTMLS_error_link("No preg_match", 0));//debug
1669 }
1670 }
1671 }
1672 }
1673 }
1674 //
1675 }
1676 } else {
1677 $li_js .= "/*<!--*"."/".GOTMLS_return_threat("skipdirs", "blocked", "db_scan").GOTMLS_update_status(__("Skipped DB Scan",'gotmls'));
1678 }
1679 GOTMLS_update_scanlog(array("scan" => array("finish" => time())));
1680 return "$li_js/*-->*"."/\nscanNextDir(-1);\n/*<!--*"."/";
1681 }
1682
1683 function GOTMLS_remove_dots($dir) {
1684 if ($dir != "." && $dir != "..")
1685 return $dir;
1686 }
1687
1688 function GOTMLS_getfiles($dir) {
1689 $files = false;
1690 if (is_dir($dir)) {
1691 if (function_exists("scandir"))
1692 $files = @scandir($dir);
1693 if (is_array($files))
1694 $files = array_filter($files, "GOTMLS_remove_dots");
1695 elseif ($handle = @opendir($dir)) {
1696 $files = array();
1697 while (false !== ($entry = readdir($handle)))
1698 if ($entry != "." && $entry != "..")
1699 $files[] = "$entry";
1700 closedir($handle);
1701 } else
1702 $files = GOTMLS_read_error($dir);
1703 }
1704 return $files;
1705 }
1706
1707 function GOTMLS_decodeBase64($encoded_string) {
1708 if (function_exists("base64_decode"))
1709 $unencoded_string = base64_decode($encoded_string);
1710 elseif (function_exists("mb_convert_encoding"))
1711 $unencoded_string = mb_convert_encoding($encoded_string, "UTF-8", "BASE64");
1712 else
1713 return "Cannot decode: '$encoded_string'";
1714 return "'".str_replace("'", "\\'", str_replace("\\", "\\\\", $unencoded_string))."'";
1715 }
1716
1717 function GOTMLS_decodeHex($encoded_string) {
1718 if (strtolower(substr($encoded_string, 0, 2)) == "\\x")
1719 $dec_string = hexdec($encoded_string);
1720 else
1721 $dec_string = octdec($encoded_string);
1722 return chr($dec_string);
1723 }
1724
1725 function GOTMLS_return_threat($className, $imageFile, $fileName, $link = "") {
1726 global $GOTMLS_image_alt;
1727 $fileNameJS = GOTMLS_strip4java(str_replace("db_scan", "Database", str_replace("db_scan=", "Database Query ", GOTMLS_replace_dirname($fileName))));
1728 $fileName64 = GOTMLS_encode($fileName);
1729 $li_js = "/*-->*"."/";
1730 $imageF = explode(".", $imageFile.".");
1731 if ($className != "scanned")
1732 $li_js .= "\n$className++;\ndivx=document.getElementById('found_$className');\nif (divx) {\n\tvar newli = document.createElement('li');\n\tnewli.innerHTML='<img src=\"".GOTMLS_strip4java(GOTMLS_images_path.$imageFile).".gif\" height=16 width=16 alt=\"".$GOTMLS_image_alt[$imageF[0]]."\" style=\"float: left;\" id=\"$imageFile"."_$fileName64\">".GOTMLS_strip4java($link, true).$fileNameJS.($link?"</a>';\n\tdivx.display='block":"")."';\n\tdivx.appendChild(newli);\n}";
1733 if ($className == "errors")
1734 $li_js .= "\ndivx=document.getElementById('wait_$fileName64');\nif (divx) {\n\tdivx.src='".GOTMLS_images_path."blocked.gif';\n\tdirerrors++;\n}";
1735 elseif (is_file($fileName))
1736 $li_js .= "\nscanned++;\n";
1737 if ($className == "dir")
1738 $li_js .= "\ndivx=document.getElementById('wait_$fileName64');\nif (divx)\n\tdivx.src='".GOTMLS_images_path."checked.gif';";
1739 return $li_js."\n/*<!--*"."/";
1740 }
1741
1742 function GOTMLS_slash($dir = __FILE__) {
1743 if (substr($dir.' ', 1, 1) == ':' || substr($dir.' ', 0, 1) == "\\")
1744 return "\\";
1745 else
1746 return '/';
1747 }
1748
1749 function GOTMLS_trailingslashit($dir = "") {
1750 if (substr(' '.$dir, -1) != GOTMLS_slash($dir))
1751 $dir .= GOTMLS_slash($dir);
1752 return $dir;
1753 }
1754
1755 function GOTMLS_explode_dir($dir, $pre = '') {
1756 if (strlen($pre))
1757 $dir = GOTMLS_slash($dir).$pre.$dir;
1758 return explode(GOTMLS_slash($dir), $dir);
1759 }
1760
1761 function GOTMLS_html_tags($tags, $inner = array()) {
1762 $html = "";
1763 $gt = ">"; // This local variable never changes
1764 if (!is_array($tags))
1765 $tags = array($tags => (is_array($inner)?(isset($inner["contents"])?$inner["contents"]:""):$inner));
1766 foreach ($tags as $tag => $contents) {
1767 if (!is_numeric($tag))
1768 $html .= ($tag=="html"?"<!DOCTYPE html$gt":"")."<$tag".(isset($inner[$tag])?" ".$inner[$tag]:"").$gt;
1769 if (is_array($contents))
1770 $html .= GOTMLS_html_tags($contents, $inner);
1771 else
1772 $html .= $contents;
1773 if ((!is_numeric($tag)) && substr($tag, -1) != '/')
1774 $html .= "</$tag$gt";
1775 }
1776 return $html;
1777 }
1778
1779 function GOTMLS_write_quarantine($file, $className) {
1780 global $wpdb;
1781 $insert = array("post_author"=>GOTMLS_get_current_user_id(), "post_content"=>GOTMLS_encode($GLOBALS["GOTMLS"]["tmp"]["file_contents"]), "post_mime_type"=>md5($GLOBALS["GOTMLS"]["tmp"]["file_contents"]), "ping_status"=>$className, "post_status"=>"private", "post_type"=>"GOTMLS_quarantine", "post_content_filtered"=>GOTMLS_encode($GLOBALS["GOTMLS"]["tmp"]["new_contents"]), "guid"=>GOTMLS_Version);//! comment_status post_password post_name to_ping post_parent menu_order";
1782 if (isset($file["ID"]) && is_numeric($file["ID"])) {
1783 $insert["post_modified"] = $file["post_modified"];
1784 $insert["post_modified_gmt"] = $file["post_modified_gmt"];
1785 $insert["comment_count"] = strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]);
1786 $file = $file["post_type"].':'.$file["ID"].':"'.$file["post_title"].'"';
1787 } elseif (isset($file["option_id"]) && is_numeric($file["option_id"])) {
1788 $insert["post_modified"] = gmdate("Y-m-d H:i:s");
1789 $insert["post_modified_gmt"] = gmdate("Y-m-d H:i:s");
1790 $insert["comment_count"] = strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]);
1791 $file = $wpdb->options.':'.$file["option_id"].':"'.$file["option_name"].'"';
1792 }
1793 $insert["post_title"] = $file;
1794 $insert["post_date"] = gmdate("Y-m-d H:i:s");
1795 $insert["post_date_gmt"] = $insert["post_date"];
1796 if (is_file($file)) {
1797 if (@filemtime($file))
1798 $insert["post_modified"] = gmdate("Y-m-d H:i:s", filemtime($file));
1799 else
1800 $insert["post_modified"] = $insert["post_date"];
1801 if (@filectime($file))
1802 $insert["post_modified_gmt"] = gmdate("Y-m-d H:i:s", filectime($file));
1803 else
1804 $insert["post_modified_gmt"] = $insert["post_date"];
1805 if (!($insert["comment_count"] = @filesize($file)))
1806 $insert["comment_count"] = strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]);
1807 }
1808 if (isset($GLOBALS["GOTMLS"]["tmp"]["threats_found"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["threats_found"])) {
1809 $insert["post_excerpt"] = GOTMLS_encode(@serialize($GLOBALS["GOTMLS"]["tmp"]["threats_found"]));
1810 $pinged = array();
1811 foreach ($GLOBALS["GOTMLS"]["tmp"]["threats_found"] as $loc => $threat_name) {
1812 if (isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["$className"]["$threat_name"][0]) && isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["$className"]["$threat_name"][1]) && strlen($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["$className"]["$threat_name"][0]) == 5 && strlen($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["$className"]["$threat_name"][1]))
1813 $ping = $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["$className"]["$threat_name"][1];
1814 else
1815 $ping = $threat_name;
1816 if (isset($pinged[$ping]))
1817 $pinged[$ping]++;
1818 else
1819 $pinged[$ping] = 1;
1820 }
1821 $insert["pinged"] = GOTMLS_encode(@serialize($pinged));
1822 }
1823 if ($return = $wpdb->insert($wpdb->posts, $insert))
1824 return $return;
1825 else
1826 die(print_r(array('return'=>($return===false)?"FALSE":$return, 'last_error'=>$wpdb->last_error, 'insert'=>$insert),1));
1827 }
1828
1829 function GOTMLS_get_current_user_id($return = 0) {
1830 if (function_exists("wp_get_current_user") && ($current_user = @wp_get_current_user()) && (@$current_user->ID > 0))
1831 $return = $current_user->ID;
1832 return $return;
1833 }
1834
1835 function GOTMLS_update_status($status, $percent = -1) {
1836 if (!(isset($GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["start"]) && is_numeric($GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["start"])))
1837 $GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["start"] = time();
1838 $microtime = ceil(time()-$GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["start"]);
1839 if (($percent > 0) || isset($GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["finish"]))
1840 GOTMLS_update_scanlog(array("scan" => array("microtime" => $microtime, "percent" => $percent)), $status);
1841 return "/*-->*"."/\nupdate_status('".GOTMLS_strip4java($status)."', $microtime, $percent);\n/*<!--*"."/";
1842 }
1843
1844 function GOTMLS_flush($tag = "") {
1845 $output = "";
1846 if (($output = @ob_get_contents()) && strlen(trim($output)) > 18) {
1847 @ob_clean();
1848 if (!(isset($_GET["eli"]) && $_GET["eli"] == "debug"))
1849 $output = preg_replace('/\/\*<\!--\*\/.*?\/\*-->\*\//s', "", "$output/*-->*"."/");
1850 echo "$output\n//flushed(".strlen(trim($output)).")\n";
1851 if ($tag)
1852 echo "\n</$tag>\n";
1853 if (@ob_get_length())
1854 @ob_flush();
1855 if ($tag)
1856 echo "<$tag>\n";
1857 echo "/*<!--*"."/";
1858 }
1859 }
1860
1861 function GOTMLS_replace_dirname($dir, $replace_with = "...") {
1862 return (isset($GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["dir"]) ? str_replace(dirname($GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["dir"]), "...", $dir) : $dir);
1863 }
1864
1865 function GOTMLS_readdir($dir, $current_depth = 1) {
1866 global $GOTMLS_dirs_at_depth, $GOTMLS_dir_at_depth, $GOTMLS_total_percent;
1867 if ($current_depth) {
1868 @set_time_limit($GLOBALS["GOTMLS"]["tmp"]['execution_time']);
1869 $entries = GOTMLS_getfiles($dir);
1870 if (is_array($entries)) {
1871 echo GOTMLS_return_threat("dirs", "wait", $dir).GOTMLS_update_status(sprintf(__("Preparing %s",'gotmls'), GOTMLS_replace_dirname($dir)), $GOTMLS_total_percent);
1872 $files = array();
1873 $directories = array();
1874 foreach ($entries as $entry) {
1875 if (is_dir(GOTMLS_trailingslashit($dir).$entry))
1876 $directories[] = $entry;
1877 else
1878 $files[] = $entry;
1879 }
1880 if (isset($_GET["eli"]) && $_GET["eli"] == "trace" && count($files)) {
1881 $tracer_code = "(base64_decode('".base64_encode('if(isset($_SERVER["REMOTE_ADDR"]) && $_SERVER["REMOTE_ADDR"] == "'.GOTMLS_REMOTEADDR.'" && is_file("'.GOTMLS_local_images_path.'../safe-load/trace.php")) {include_once("'.GOTMLS_local_images_path.'../safe-load/trace.php");GOTMLS_debug_trace(__FILE__);}')."'));";
1882 foreach ($files as $file)
1883 if (GOTMLS_get_ext($file) == "php" && $filecontents = @file_get_contents(GOTMLS_trailingslashit($dir).$file))
1884 GOTMLS_file_put_contents(GOTMLS_trailingslashit($dir).$file, preg_replace('/^<\?php(?! eval)/is', '<?php eval'.$tracer_code, $filecontents));
1885 }
1886 if ($_REQUEST["scan_type"] == "Quick Scan") {
1887 $GOTMLS_dirs_at_depth[$current_depth] = count($directories);
1888 $GOTMLS_dir_at_depth[$current_depth] = 0;
1889 } else
1890 $GLOBALS["GOTMLS"]["tmp"]["scanfiles"][GOTMLS_encode($dir)] = GOTMLS_strip4java(GOTMLS_replace_dirname($dir));
1891 foreach ($directories as $directory) {
1892 $path = GOTMLS_trailingslashit($dir).$directory;
1893 if (isset($_REQUEST["scan_depth"]) && is_numeric($_REQUEST["scan_depth"]) && ($_REQUEST["scan_depth"] != $current_depth) && (!((($Recusive = strpos(GOTMLS_trailingslashit($dir), '/'.$directory.'/')) !== FALSE) && is_dir($dir.substr($dir, $Recusive).substr($dir, $Recusive).substr($dir, $Recusive)))) && !in_array($directory, $GLOBALS["GOTMLS"]["tmp"]["skip_dirs"])) {
1894 $current_depth++;
1895 $current_depth = GOTMLS_readdir($path, $current_depth);
1896 } else {
1897 echo GOTMLS_return_threat("skipdirs", "blocked", $path);
1898 $GOTMLS_dir_at_depth[$current_depth] = (isset($GOTMLS_dir_at_depth[$current_depth])?$GOTMLS_dir_at_depth[$current_depth]:0) + 1;
1899 }
1900 }
1901 if ($_REQUEST["scan_type"] == "Quick Scan") {
1902 $echo = "";
1903 echo GOTMLS_update_status(sprintf(__("Scanning %s",'gotmls'), GOTMLS_replace_dirname($dir)), $GOTMLS_total_percent);
1904 GOTMLS_flush("script");
1905 foreach ($files as $file)
1906 echo GOTMLS_check_file(GOTMLS_trailingslashit($dir).$file);
1907 echo GOTMLS_return_threat("dir", "checked", $dir);
1908 }
1909 } else
1910 echo GOTMLS_return_threat("errors", "blocked", $dir, GOTMLS_error_link(GOTMLS_Failed_to_list_LANGUAGE.' readdir:'.($entries===false?'('.GOTMLS_fileperms($dir).')':$entries)));
1911 @set_time_limit($GLOBALS["GOTMLS"]["tmp"]['execution_time']);
1912 if ($current_depth-- && $_REQUEST["scan_type"] == "Quick Scan") {
1913 $GOTMLS_dir_at_depth[$current_depth] = (isset($GOTMLS_dir_at_depth[$current_depth])?$GOTMLS_dir_at_depth[$current_depth]:0) + 1;
1914 for ($GOTMLS_total_percent = 0, $depth = $current_depth; $depth >= 0; $depth--) {
1915 if (!isset($GOTMLS_dir_at_depth[$depth]))
1916 $GOTMLS_dir_at_depth[$depth] = 0;
1917 echo "\n//(($GOTMLS_total_percent / $GOTMLS_dirs_at_depth[$depth]) + ($GOTMLS_dir_at_depth[$depth] / $GOTMLS_dirs_at_depth[$depth])) = ";
1918 $GOTMLS_total_percent = (($GOTMLS_dirs_at_depth[$depth]?($GOTMLS_total_percent / $GOTMLS_dirs_at_depth[$depth]):0) + ($GOTMLS_dir_at_depth[$depth] / ($GOTMLS_dirs_at_depth[$depth]+1)));
1919 echo "$GOTMLS_total_percent\n";
1920 }
1921 $GOTMLS_total_percent = floor($GOTMLS_total_percent * 100);
1922 echo GOTMLS_update_status(sprintf(__("Scanned %s",'gotmls'), GOTMLS_replace_dirname($dir)), $GOTMLS_total_percent);
1923 }
1924 GOTMLS_flush("script");
1925 }
1926 return $current_depth;
1927 }
1928
1929 function GOTMLS_sexagesimal($timestamp = 0) {
1930 if (!is_numeric($timestamp) && strlen($timestamp) == 5) {
1931 $delim = array("=", "-", "-", " ", ":");
1932 foreach (str_split($timestamp) as $bit)
1933 $timestamp .= array_shift($delim).substr("00".(ord($bit)>96?ord($bit)-61:(ord($bit)>64?ord($bit)-55:ord($bit)-48)), -2);
1934 return "20".substr($timestamp, -14);
1935 } else {
1936 $match = '/^(20)?([0-5][0-9])[\-: \/]*(0*[1-9]|1[0-2])[\-: \/]*(0*[1-9]|[12][0-9]|3[01])[\-: \/]*([0-5][0-9])[\-: \/]*([0-5][0-9])$/';
1937 if (preg_match($match, $timestamp))
1938 $date = preg_replace($match, "\\2-\\3-\\4-\\5-\\6", $timestamp);
1939 elseif ($timestamp && strtotime($timestamp))
1940 $date = date("y-m-d-H-i", strtotime($timestamp));
1941 else
1942 $date = gmdate("y-m-d-H-i", time());
1943 foreach (explode("-", $date) as $bit)
1944 $date .= (intval($bit)>35?chr(ord("a")+intval($bit)-36):(intval($bit)>9?chr(ord("A")+intval($bit)-10):substr('0'.$bit, -1)));
1945 return substr($date, -5);
1946 }
1947 }
1948
1949 if (!function_exists('ur1encode')) { function ur1encode($url) {
1950 $return = "";
1951 foreach (str_split($url) as $char)
1952 $return .= '%'.substr('00'.strtoupper(dechex(ord($char))),-2);
1953 return $return;
1954 }}
1955
1956 function GOTMLS_strip4java($item, $htmlentities = false) {
1957 return preg_replace("/\\\\/", "\\\\\\\\", str_replace("'", "'+\"'\"+'", preg_replace('/\\+n|\\+r|\n|\r|\0/', "", ($htmlentities?$item:GOTMLS_htmlentities($item)))));
1958 }
1959
1960 function GOTMLS_error_link($errorTXT, $file = "", $class = "errors") {
1961 global $post, $wpdb;
1962 $encoded_file = GOTMLS_encode($file);
1963 $ids = explode(".", $file.'.');
1964 if (isset($post->post_title))
1965 $js_file = GOTMLS_strip4java(GOTMLS_htmlspecialchars($post->post_title, ENT_NOQUOTES));
1966 elseif (count($ids) > 2 && 'tbl'.$ids[1] == 'tbl1' && is_numeric($ids[0]))
1967 $js_file = GOTMLS_strip4java(GOTMLS_htmlspecialchars($wpdb->get_var($wpdb->prepare("SELECT CONCAT('option', `option_id`, ': ', `option_name`) FROM `$wpdb->options` WHERE `option_id` = %s", (INT) $ids[0])), ENT_NOQUOTES));
1968 elseif (count($ids) > 2 && 'tbl'.$ids[1] == 'tbl0' && is_numeric($ids[0]))
1969 $js_file = GOTMLS_strip4java(GOTMLS_htmlspecialchars($wpdb->get_var($wpdb->prepare("SELECT CONCAT(`post_type`, `ID`, ': ', `post_title`) FROM `$wpdb->posts` WHERE `ID` = %s", (INT) $ids[0])), ENT_NOQUOTES));
1970 else
1971 $js_file = GOTMLS_strip4java(GOTMLS_htmlspecialchars($file, ENT_NOQUOTES));
1972 $nonce_url = GOTMLS_set_nonce(__FUNCTION__."1811");
1973 if (count($ids) == 2 && is_numeric($ids[0])) {
1974 $encoded_file = (INT) $file;
1975 $onclick = 'loadIframe(\''.str_replace("\"", "&quot;", '<div style="float: left; white-space: nowrap;">'.GOTMLS_strip4java(__("Examine Quarantined Content",'gotmls')).' ... </div><div style="overflow: hidden; position: relative; height: 20px;"><div style="position: absolute; right: 0px; text-align: right; width: 9000px;">'.$js_file).'</div></div>\');" href="'.GOTMLS_admin_url('GOTMLS_scan', $nonce_url.'&mt='.$GLOBALS["GOTMLS"]["tmp"]["mt"].'&GOTMLS_scan='.$encoded_file);
1976 } elseif ($file)
1977 $onclick = 'loadIframe(\''.str_replace("\"", "&quot;", '<div style="float: left; white-space: nowrap;">'.GOTMLS_strip4java(__("Examine Current Content",'gotmls')).' ... </div><div style="overflow: hidden; position: relative; height: 20px;"><div style="position: absolute; right: 0px; text-align: right; width: 9000px;">'.$js_file).'</div></div>\');" href="'.GOTMLS_admin_url('GOTMLS_scan', $nonce_url.'&mt='.$GLOBALS["GOTMLS"]["tmp"]["mt"].'&GOTMLS_scan='.$encoded_file);
1978 else
1979 $onclick = 'return false;';
1980 return "<a id=\"list_$encoded_file\" title=\"$errorTXT\" target=\"GOTMLS_iFrame\" onclick=\"$onclick\" class=\"GOTMLS_plugin $class\">";
1981 }
1982
1983 function GOTMLS_check_file($file) {
1984 $filesize = @filesize($file);
1985 echo "/*-->*"."/\ndocument.getElementById('status_text').innerHTML='Checking ".GOTMLS_strip4java($file)." ($filesize bytes)';\n/*<!--*"."/";
1986 if ($filesize===false)
1987 echo GOTMLS_return_threat("errors", "blocked", $file, GOTMLS_error_link(__("Failed to determine file size!",'gotmls'), $file));
1988 elseif (($filesize==0) || ($filesize>((isset($_GET["eli"])&&is_numeric($_GET["eli"]))?$_GET["eli"]:2934567)))
1989 echo GOTMLS_return_threat("skipped", "blocked", $file, GOTMLS_error_link(__("Skipped because of file size!",'gotmls')." ($filesize bytes)", $file, "potential"));
1990 elseif (in_array(GOTMLS_get_ext($file), $GLOBALS["GOTMLS"]["tmp"]["skip_ext"]) && !(preg_match('/(shim|social[0-9]*)\.png$/i', $file)))
1991 echo GOTMLS_return_threat("skipped", "blocked", $file, GOTMLS_error_link(__("Skipped because of file extention!",'gotmls'), $file, "potential"));
1992 else {
1993 try {
1994 echo @GOTMLS_scanfile($file);
1995 echo "//debug_fix:".$GLOBALS["GOTMLS"]["tmp"]["debug_fix"];
1996 } catch (Exception $e) {
1997 die("//Exception:".GOTMLS_strip4java($e));
1998 }
1999 }
2000 echo "/*-->*"."/\ndocument.getElementById('status_text').innerHTML='Checked ".GOTMLS_strip4java($file)."';\n/*<!--*"."/";
2001 }
2002
2003 function GOTMLS_read_error($path) {
2004 global $GOTMLS_chmod_file, $GOTMLS_chmod_dir;
2005 $error = error_get_last();
2006 if (!file_exists($path))
2007 return " (Path not found)";
2008 if (!is_readable($path) && isset($_GET["eli"]))
2009 $return = (@chmod($path, (is_dir($path)?$GOTMLS_chmod_dir:$GOTMLS_chmod_file))?"Fixed permissions":"error: ".preg_replace('/[\r\n]/', ' ', print_r($error,1)));
2010 else
2011 $return = (is_array($error) && isset($error["message"])?preg_replace('/[\r\n]/', ' ', print_r($error["message"],1)):"readable?");
2012 return " [".GOTMLS_fileperms($path)."] ( ".filesize($path)." $return)";
2013 }
2014
2015 function GOTMLS_scandir($dir) {
2016 echo "/*<!--*"."/".GOTMLS_update_status(sprintf(__("Scanning %s",'gotmls'), GOTMLS_replace_dirname(GOTMLS_htmlspecialchars($dir))));
2017 GOTMLS_flush();
2018 $li_js = "/*-->*"."/\nscanNextDir(-1);\n/*<!--*"."/";
2019 if (!(isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_depth"]) && $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_depth"]))
2020 echo GOTMLS_return_threat("errors", "blocked", $dir, GOTMLS_error_link("Directory Scan Depth set to 0, no files will be scanned!"));
2021 elseif (isset($_GET["GOTMLS_skip_dir"]) && $dir == GOTMLS_decode($_GET["GOTMLS_skip_dir"])) {
2022 if (isset($_GET["GOTMLS_only_file"]) && strlen($_GET["GOTMLS_only_file"]))
2023 echo GOTMLS_return_threat("errors", "blocked", GOTMLS_trailingslashit($dir).GOTMLS_decode($_GET["GOTMLS_only_file"]), GOTMLS_error_link("Failed to read this file!".GOTMLS_read_error(GOTMLS_trailingslashit($dir).GOTMLS_decode($_GET["GOTMLS_only_file"])), GOTMLS_trailingslashit($dir).GOTMLS_decode($_GET["GOTMLS_only_file"])));
2024 else
2025 echo GOTMLS_return_threat("errors", "blocked", $dir, GOTMLS_error_link(__("Failed to read directory!",'gotmls')).GOTMLS_read_error($dir));
2026 } else {
2027 if (is_dir($dir) && is_array($files = GOTMLS_getfiles($dir))) {
2028 if (isset($_GET["GOTMLS_only_file"])) {
2029 if (strlen($_GET["GOTMLS_only_file"])) {
2030 $path = GOTMLS_trailingslashit($dir).GOTMLS_decode($_GET["GOTMLS_only_file"]);
2031 if (is_file($path)) {
2032 GOTMLS_check_file($path);
2033 echo GOTMLS_return_threat("dir", "checked", $path);
2034 }
2035 } else {
2036 foreach ($files as $file) {
2037 $path = GOTMLS_trailingslashit($dir).$file;
2038 if (is_file($path)) {
2039 $file_ext = GOTMLS_get_ext($file);
2040 $filesize = @filesize($path);
2041 if ((in_array($file_ext, $GLOBALS["GOTMLS"]["tmp"]["skip_ext"]) && !(preg_match('/social[0-9]*\.png$/i', $file))) || ($filesize==0) || ($filesize>((isset($_GET["eli"])&&is_numeric($_GET["eli"]))?$_GET["eli"]:2934567)))
2042 echo GOTMLS_return_threat("skipped", "blocked", $path, GOTMLS_error_link(sprintf(__('Skipped because of file size (%1$s bytes) or file extention (%2$s)!','gotmls'), $filesize, $file_ext), $file, "potential"));
2043 else
2044 echo "/*-->*"."/\nscanfilesArKeys.push('".GOTMLS_encode($dir)."&GOTMLS_only_file=".GOTMLS_encode($file, "D")."');\nscanfilesArNames.push('Re-Checking ".GOTMLS_strip4java($path)."');\n/*<!--*"."/".GOTMLS_return_threat("dirs", "wait", $path);
2045 } elseif (is_dir($path)) {
2046 echo "/*-->*"."/\n//sub-directory $path;\n/*<!--*"."/";
2047 }
2048 }
2049 echo GOTMLS_return_threat("dir", "question", $dir);
2050 }
2051 } else {
2052 foreach ($files as $file) {
2053 $path = GOTMLS_trailingslashit($dir).$file;
2054 if (is_file($path)) {
2055 if (isset($_GET["GOTMLS_skip_file"]) && is_array($_GET["GOTMLS_skip_file"]) && in_array($path, $_GET["GOTMLS_skip_file"])) {
2056 $li_js .= "/*-->*"."/\n//skipped $path;\n/*<!--*"."/";
2057 if ($_GET["GOTMLS_skip_file"][count($_GET["GOTMLS_skip_file"])-1] == $path)
2058 echo GOTMLS_return_threat("errors", "blocked", $path, GOTMLS_error_link(__("Failed to read file!",'gotmls'), $path));
2059 } else {
2060 GOTMLS_check_file($path);
2061 }
2062 } elseif (is_dir($path)) {
2063 $li_js .= "/*-->*"."/\n//sub-directory $path;\n/*<!--*"."/";
2064 }
2065 }
2066 echo GOTMLS_return_threat("dir", "checked", $dir);
2067 }
2068 } else
2069 echo GOTMLS_return_threat("errors", "blocked", $dir, GOTMLS_error_link(GOTMLS_Failed_to_list_LANGUAGE.' scandir:'.($files===false?' (FALSE)':$files)));
2070 }
2071 echo GOTMLS_update_status(sprintf(__("Scanned %s",'gotmls'), GOTMLS_replace_dirname($dir)));
2072 return $li_js;
2073 }
2074
2075 function GOTMLS_safe_domain($domain) {
2076 return preg_replace('/[^a-z_0-9\-\~\+\.\?\#\/\:\@]/i', "", $domain);
2077 }
2078
2079 function GOTMLS_safe_url($url, $allow = array(' ', '%20')) {
2080 $all = implode("", array_keys($allow));
2081 $url = preg_replace('/[^a-z_0-9\-\~\+\.\?\#\/\:\@\%\$\|\*\(\)\[\]\=\!\&\;'.$all.']/i', "", $url);
2082 foreach ($allow as $al => $low)
2083 $url = str_replace($al, $low, ltrim($url));
2084 return $url;
2085 }
2086
2087 function GOTMLS_reset_settings($item, $key) {
2088 $key_parts = explode("_", $key."_");
2089 if (strlen($key_parts[0]) != 4 && $key_parts[0] != "exclude")
2090 unset($GLOBALS["GOTMLS"]["tmp"]["settings_array"][$key]);
2091 }
2092
2093 function GOTMLS_file_put_contents($file, $content) {
2094 global $GOTMLS_chmod_file, $GOTMLS_chmod_dir;
2095 $chmoded_file = false;
2096 $chmoded_dir = false;
2097 if ((is_dir(dirname($file)) || @mkdir(dirname($file), $GOTMLS_chmod_dir, true)) && !is_writable(dirname($file)) && ($GOTMLS_chmod_dir = @fileperms(dirname($file))))
2098 $chmoded_dir = @chmod(dirname($file), 0777);
2099 if (is_file($file) && !is_writable($file) && ($GOTMLS_chmod_file = @fileperms($file)))
2100 $chmoded_file = @chmod($file, 0666);
2101 if (function_exists("file_put_contents"))
2102 $return = @file_put_contents($file, $content);
2103 elseif ($fp = fopen($file, 'w')) {
2104 if (false === fwrite($fp, $content))
2105 $return = false;
2106 else
2107 $return = true;
2108 fclose($fp);
2109 } else
2110 $return = false;
2111 if ($chmoded_file)
2112 @chmod($file, $GOTMLS_chmod_file);
2113 if ($chmoded_dir)
2114 @chmod(dirname($file), $GOTMLS_chmod_dir);
2115 return $return;
2116 }
2117
2118 function GOTMLS_sanitize($unsanitized, $allow = 'a-zA-Z0-9\|\[\]\{\}<>\s\?\*\%\#\&\/=_\~\:;\.,\+-') {
2119 if (is_array($unsanitized)) {
2120 $sanitized = array();
2121 foreach ($unsanitized as $key => $val)
2122 $sanitized[preg_replace('/[^'.$allow.']/', '', $key)] = preg_replace('/[^'.$allow.']/', '', $val);
2123 } else
2124 $sanitized = preg_replace('/[^'.$allow.']/', '', $unsanitized);
2125 return $sanitized;
2126 }
2127
2128 function GOTMLS_get_URL($URL) {
2129 $response = "";
2130 $GLOBALS["GOTMLS"]["get_URL"] = get_option('GOTMLS_get_URL_array', array());
2131 $min = round($GLOBALS["GOTMLS"]["MT"]/60);
2132 if (is_array($GLOBALS["GOTMLS"]["get_URL"])) {
2133 foreach ($GLOBALS["GOTMLS"]["get_URL"] as $URI => $property)
2134 if (!(isset($property["time"]) && is_numeric($property["time"]) && ($property["time"] + 30) > $min))
2135 unset($GLOBALS["GOTMLS"]["get_URL"]["$URI"]);
2136 } else
2137 $GLOBALS["GOTMLS"]["get_URL"] = array();
2138 $URI = md5(preg_replace('/GOTMLS_mt[\[\]]*=[0-9a-f]*/i', "", $URL));
2139 if (isset($GLOBALS["GOTMLS"]["get_URL"]["$URI"]["response"]) && strlen($response = GOTMLS_decode($GLOBALS["GOTMLS"]["get_URL"]["$URI"]["response"])))
2140 $method = "cached";
2141 else {
2142 $GLOBALS["GOTMLS"]["get_URL"]["$URI"] = array("time" => $min);
2143 if (function_exists($method = "wp_remote_get")) {
2144 $GLOBALS["GOTMLS"]["get_URL"]["$URI"][$method] = wp_remote_get($URL, array("sslverify" => false));
2145 if (200 == wp_remote_retrieve_response_code($GLOBALS["GOTMLS"]["get_URL"]["$URI"][$method]))
2146 $response = wp_remote_retrieve_body($GLOBALS["GOTMLS"]["get_URL"]["$URI"][$method]);
2147 }
2148 if (strlen($response) == 0 && function_exists($method = "curl_exec")) {
2149 $curl_hndl = curl_init();
2150 curl_setopt($curl_hndl, CURLOPT_URL, $URL);
2151 curl_setopt($curl_hndl, CURLOPT_TIMEOUT, 30);
2152 if (isset($_SERVER['HTTP_REFERER']))
2153 $SERVER_HTTP_REFERER = GOTMLS_safe_url($_SERVER['HTTP_REFERER']);
2154 elseif (isset($_SERVER['HTTP_HOST']))
2155 $SERVER_HTTP_REFERER = 'HOST://'.GOTMLS_safe_domain($_SERVER['HTTP_HOST']);
2156 elseif (isset($_SERVER['SERVER_NAME']))
2157 $SERVER_HTTP_REFERER = 'NAME://'.GOTMLS_safe_domain($_SERVER['SERVER_NAME']);
2158 elseif (isset($_SERVER['SERVER_ADDR']))
2159 $SERVER_HTTP_REFERER = 'ADDR://'.GOTMLS_safe_ip($_SERVER['SERVER_ADDR']);
2160 else
2161 $SERVER_HTTP_REFERER = 'NULL://not.anything.com';
2162 curl_setopt($curl_hndl, CURLOPT_REFERER, $SERVER_HTTP_REFERER);
2163 if (isset($_SERVER['HTTP_USER_AGENT']))
2164 curl_setopt($curl_hndl, CURLOPT_USERAGENT, GOTMLS_safe_url($_SERVER['HTTP_USER_AGENT'], array(' ', ' ')));
2165 curl_setopt($curl_hndl, CURLOPT_HEADER, 0);
2166 curl_setopt($curl_hndl, CURLOPT_RETURNTRANSFER, TRUE);
2167 if (!($response = curl_exec($curl_hndl)))
2168 $GLOBALS["GOTMLS"]["get_URL"]["$URI"][$method] = curl_error($curl_hndl);
2169 curl_close($curl_hndl);
2170 }
2171 if (strlen($response) == 0 && function_exists($method = "file_get_contents")) {
2172 try {
2173 $response = @file_get_contents($URL).'';
2174 } catch(Exception $e) {
2175 $GLOBALS["GOTMLS"]["get_URL"]["$URI"][$method] = $e->getTrace();
2176 }
2177 }
2178 $GLOBALS["GOTMLS"]["get_URL"]["$URI"]["response"] = GOTMLS_encode($response);
2179 }
2180 update_option('GOTMLS_get_URL_array', $GLOBALS["GOTMLS"]["get_URL"], 'no');
2181 if (isset($_GET["GOTMLS_debug"]) && (strlen($response) == 0 || $_GET["GOTMLS_debug"] == "GOTMLS_get_URL"))
2182 print_r(array("$method $URI:".strlen($response)=>htmlspecialchars($GLOBALS["GOTMLS"]["get_URL"]["$URI"]["time"]." ~ $min: ".count($GLOBALS["GOTMLS"]["get_URL"]))));
2183 return $response;
2184 }
2185