PluginProbe ʕ •ᴥ•ʔ
Anti-Malware Security and Brute-Force Firewall / trunk
Anti-Malware Security and Brute-Force Firewall vtrunk
4.23.90 trunk 1.2.03.23 1.3.02.15 3.07.06 4.14.47 4.15.16 4.16.17 4.17.28 4.17.29 4.17.44 4.17.57 4.17.58 4.17.68 4.17.69 4.18.52 4.18.62 4.18.63 4.18.69 4.18.71 4.18.74 4.18.76 4.19.44 4.19.50 4.19.68 4.19.69 4.20.59 4.20.72 4.20.92 4.20.93 4.20.94 4.20.95 4.20.96 4.21.74 4.21.83 4.21.84 4.21.85 4.21.86 4.21.87 4.21.88 4.21.89 4.21.90 4.21.91 4.21.92 4.21.93 4.21.94 4.21.95 4.21.96 4.23.56 4.23.57 4.23.67 4.23.68 4.23.69 4.23.71 4.23.73 4.23.77 4.23.81 4.23.83 4.23.85 4.23.87 4.23.88 4.23.89
gotmls / images / index.php
gotmls / images Last commit date
.htaccess 11 years ago ELI-16x16.gif 14 years ago GOTMLS-16x16.gif 12 years ago GOTMLS-Loading.gif 2 years ago blocked.gif 14 years ago btn_donateCC_WIDE.gif 13 years ago checked.gif 14 years ago index.php 1 week ago question.gif 13 years ago threat.gif 13 years ago wait.gif 14 years ago
index.php
2044 lines
1 <?php
2 /**
3 * GOTMLS Plugin Global Variables and Functions
4 * @package GOTMLS
5 * @since 4.23.89
6 */
7
8 define("GOTMLS_plugin_path", dirname(dirname(__FILE__))."/");
9
10 if (!function_exists("__")) {
11 function __($text, $domain = "gotmls") {
12 return $text;
13 }}
14
15 require_once(GOTMLS_plugin_path."safe-load/trace.php");
16
17 GOTMLS_define("GOTMLS_local_images_path", substr(__FILE__, 0, GOTMLS_strlen(__FILE__) - GOTMLS_strlen(basename(__FILE__))));
18
19 if (!defined("ABSPATH")) {
20 define("ABSPATH", dirname(dirname(__FILE__)).'/safe-load/');
21 $root_path = dirname(ABSPATH);
22 while (GOTMLS_strlen($root_path) > 1 && !is_file($root_path."/wp-config.php"))
23 $root_path = dirname($root_path);
24 if (is_file($root_path."/wp-config.php"))
25 include_once($root_path."/wp-config.php");
26 else
27 die("No wp-config!");
28 }
29
30 $bad = array("eval", "preg_replace", "auth_pass");
31 $GLOBALS["GOTMLS"] = array(
32 "MT" => microtime(true),
33 "tmp"=>array("debug_fix"=>"", "HeadersError"=>"", "onLoad"=>"", "file_contents"=>"", "new_contents"=>"", "threats_found"=>array(),
34 "base_page" => "GOTMLS-settings",
35 "pluginTitle" => "Anti-Malware",
36 "default_encodings" => array('UTF-8', 'ISO-8859-1', 'windows-1252'),
37 "skip_dirs" => array(".", ".."), "scanfiles" => array(), "nonce"=>array(),
38 "mt" => ((isset($_REQUEST["mt"])&&preg_match('/^[0-9\.a-f]{32}$/is', $_REQUEST["mt"]))?$_REQUEST["mt"]:md5(microtime(true))),
39 "threat_files" => array("htaccess"=>".htaccess","timthumb"=>"thumb.php"),
40 "apache" => array(),
41 "skip_ext"=>array("png", "jpg", "jpeg", "gif", "bmp", "tif", "tiff", "psd", "svg", "webp", "doc", "docx", "otf", "ttf", "fla", "flv", "mov", "mp3", "mp4", "pptx", "ppsx", "pdf", "css", "pot", "po", "mo", "so", "exe", "zip", "7z", "gz", "rar"),
42 "execution_time" => 60,
43 "default" => array("msg_position" => array("80px", "40px", "400px", "600px")),
44 "Definition" => array("Default" => "CCIGG"),
45 "definitions_array" => array(
46 "potential" => array(
47 $bad[0] => array("CCIGG", "/[^a-z_\\/'\"]".$bad[0]."\\(.+\\)+\\s*;/i"),
48 $bad[1]." /e" => array("CCIGG", "/".$bad[1]."[\\s*\\(]+(['\"])([\\!\\/\\#\\|\\@\\%\\^\\*\\~]).+?\\2[imsx]*e[imsx]*\\1\\s*,[^,]+,[^\\)]+[\\);\\s]+/i"),
49 $bad[2] => array("CCIGG", "/\\\$".$bad[2]."\\s*=.+;/i"),
50 "function add_action wp_enqueue_script json2" => array("CCIGG", "/json2\\.min\\.js/i"),
51 "Tagged Code" => array("CCIGG", "/\\#(\\w+)\\#.+?\\#\\/\\1\\#/is"),
52 "protected by copyright" => array("CCIGG", "/\\/\\* This file is protected by copyright law and provided under license. Reverse engineering of this file is strictly prohibited. \\*\\//i")
53 )
54 )
55 )
56 );
57 if (isset($_SERVER["HTTP_HOST"]))
58 $SERVER_HTTP = 'HOST://'.GOTMLS_safe_domain($_SERVER["HTTP_HOST"]);
59 elseif (isset($_SERVER["SERVER_NAME"]))
60 $SERVER_HTTP = 'NAME://'.GOTMLS_safe_domain($_SERVER["SERVER_NAME"]);
61 elseif (isset($_SERVER["SERVER_ADDR"]))
62 $SERVER_HTTP = 'ADDR://'.GOTMLS_safe_ip($_SERVER["SERVER_ADDR"]);
63 else
64 $SERVER_HTTP = "NULL://not.anything.com";
65 if (isset($_SERVER["SERVER_PORT"]) && $_SERVER["SERVER_PORT"])
66 $SERVER_HTTP .= ":".GOTMLS_safe_ip($_SERVER["SERVER_PORT"]);
67 $SERVER_parts = explode(":", $SERVER_HTTP.":");
68 if ((isset($_SERVER["HTTPS"]) && ($_SERVER["HTTPS"] == "on" || $_SERVER["HTTPS"] == 1)) || (count($SERVER_parts) > 2 && $SERVER_parts[2] == "443"))
69 $GLOBALS["GOTMLS"]["tmp"]["protocol"] = "https:";
70 else
71 $GLOBALS["GOTMLS"]["tmp"]["protocol"] = "http:";
72 GOTMLS_define("GOTMLS_script_URI", preg_replace('/(^|\&)(last_)?mt=[^\&]++/i', '', str_replace('&amp;', '&', GOTMLS_htmlspecialchars($_SERVER["REQUEST_URI"], ENT_QUOTES))).'&mt='.GOTMLS_htmlspecialchars($GLOBALS["GOTMLS"]["tmp"]["mt"]));
73 GOTMLS_define("GOTMLS_plugin_home", "https://gotmls.net/");
74 if (function_exists("plugins_url"))
75 GOTMLS_define("GOTMLS_images_path", GOTMLS_fix_url(plugins_url('/', __FILE__)));
76 elseif (function_exists("plugin_dir_url"))
77 GOTMLS_define("GOTMLS_images_path", GOTMLS_fix_url(plugin_dir_url(__FILE__)));
78 elseif (isset($_SERVER["DOCUMENT_ROOT"]) && ($_SERVER["DOCUMENT_ROOT"]) && GOTMLS_strlen($_SERVER["DOCUMENT_ROOT"]) < __FILE__ && substr(__FILE__, 0, GOTMLS_strlen($_SERVER["DOCUMENT_ROOT"])) == $_SERVER["DOCUMENT_ROOT"])
79 GOTMLS_define("GOTMLS_images_path", substr(dirname(__FILE__), GOTMLS_strlen($_SERVER["DOCUMENT_ROOT"])).'/');
80 elseif (isset($_SERVER["SCRIPT_FILENAME"]) && isset($_SERVER["DOCUMENT_ROOT"]) && ($_SERVER["DOCUMENT_ROOT"]) && GOTMLS_strlen($_SERVER["DOCUMENT_ROOT"]) < GOTMLS_strlen($_SERVER["SCRIPT_FILENAME"]) && substr($_SERVER["SCRIPT_FILENAME"], 0, GOTMLS_strlen($_SERVER["DOCUMENT_ROOT"])) == $_SERVER["DOCUMENT_ROOT"])
81 GOTMLS_define("GOTMLS_images_path", substr(GOTMLS_safe_url(dirname($_SERVER["SCRIPT_FILENAME"])), GOTMLS_strlen($_SERVER["DOCUMENT_ROOT"])).'/');
82 else
83 GOTMLS_define("GOTMLS_images_path", "/wp-content/plugins/gotmls/images/");
84
85 function GOTMLS_user_can() {
86 if (is_multisite())
87 $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"] = "manage_network";
88 elseif (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"]) || $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"] == "manage_network")
89 $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"] = "activate_plugins";
90 if (current_user_can($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"]))
91 return true;
92 else
93 return false;
94 }
95
96 function GOTMLS_update_option($index, $value = array(), $auto = true) {
97 return update_option('GOTMLS_'.$index.'_blob', GOTMLS_encode(serialize($value)), $auto);
98 }
99
100 function GOTMLS_get_option($index, $value = array()) {
101 if (is_array($tmp = get_option('GOTMLS_'.$index.'_array', array())) && count($tmp)) {
102 GOTMLS_update_option($index, $tmp);
103 delete_option('GOTMLS_'.$index.'_array');
104 } else
105 $tmp = $value;
106 return GOTMLS_uckserialize(GOTMLS_decode(get_option('GOTMLS_'.$index.'_blob', GOTMLS_encode(serialize($tmp)))));
107 }
108
109 $GLOBALS["GOTMLS"]["tmp"]["nonce"] = GOTMLS_get_option('nonce', array());
110 $GLOBALS["GOTMLS"]["tmp"]["settings_array"] = get_option('GOTMLS_settings_array', array());
111 $GLOBALS["GOTMLS"]["tmp"]["definitions_array"] = GOTMLS_get_option('definitions', $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]);
112 GOTMLS_define("GOTMLS_siteurl", rtrim(get_option("siteurl", $GLOBALS["GOTMLS"]["tmp"]["protocol"].$SERVER_parts[1].((count($SERVER_parts) > 2 && ($SERVER_parts[2] == '80' || $SERVER_parts[2] == '443'))?"":":".$SERVER_parts[2])."/"), '\\/'));
113 GOTMLS_load_scanlog($GLOBALS["GOTMLS"]["tmp"]["mt"]);
114 if (!(isset($GLOBALS["GOTMLS"]["scan"]["log"]["settings"]) && is_array($GLOBALS["GOTMLS"]["scan"]["log"]["settings"])))
115 $GLOBALS["GOTMLS"]["scan"]["log"]["settings"] = $GLOBALS["GOTMLS"]["tmp"]["settings_array"];
116 GOTMLS_define("GOTMLS_installation_key", md5(GOTMLS_siteurl));
117 GOTMLS_define("GOTMLS_update_home", "//updates.gotmls.net/".GOTMLS_installation_key."/");
118
119 function GOTMLS_get_corefile_URL($path, $hash) {
120 if (strpos($URL = GOTMLS_get_version("URL"), '&cp='))
121 //$hash != md5($contents)."O".GOTMLS_strlen($contents)
122 return 'http:'.GOTMLS_update_home.'cp_core.php?'.$URL.'&f='.GOTMLS_encode($path)."&h=$hash&ts=".gmdate("YmdHis").'&d='.rawurlencode(GOTMLS_siteurl);
123 else
124 return "http://core.svn.wordpress.org/tags/".GOTMLS_wp_version."$path";
125 }
126
127 function GOTMLS_Invalid_Nonce($pre = "//Error: ") {
128 return sprintf(__("%s Invalid or expired Nonce Token! %s Refresh and try again?",'gotmls'), $pre, (isset($_REQUEST["GOTMLS_mt"])?(" (".GOTMLS_htmlspecialchars($_REQUEST["GOTMLS_mt"]).((GOTMLS_strlen($_REQUEST["GOTMLS_mt"]) == 32)?(isset($GLOBALS["GOTMLS"]["tmp"]["nonce"][$_REQUEST["GOTMLS_mt"]]["hour"])&&isset($GLOBALS["GOTMLS"]["tmp"]["nonce"][$_REQUEST["GOTMLS_mt"]]["user"])?(substr($pre, 0, 7)=="//DEBUG"?GOTMLS_htmlspecialchars(", U:".$GLOBALS["GOTMLS"]["tmp"]["nonce"][$_REQUEST["GOTMLS_mt"]]["user"].", H:".$GLOBALS["GOTMLS"]["tmp"]["nonce"][$_REQUEST["GOTMLS_mt"]]["hour"]."!) "):" !UH!) "):" !found!) "):" !len[".GOTMLS_strlen($_REQUEST["GOTMLS_mt"])."]!) ")):" (GOTMLS_mt !set!) "));
129 }
130
131 function GOTMLS_kill_invalid_user($pre = "\n//Permission Error: ") {
132 if ($return = GOTMLS_user_can())
133 return $return;
134 else
135 die(sprintf(__("%s Invalid User Authentication!",'gotmls'), $pre));
136 }
137
138 function GOTMLS_set_nonce($context = "NULL", $uid = 0) {
139 $hour = (int) round(round($GLOBALS["GOTMLS"]["MT"]/60)/60);
140 if (!$uid)
141 $uid = GOTMLS_get_current_user_id(GOTMLS_REMOTEADDR);
142 $transient_name = md5(substr(number_format(microtime(true), 9, '-', '/'), 6).GOTMLS_installation_key.GOTMLS_plugin_path.$context.$uid);
143 if (isset($GLOBALS["GOTMLS"]["tmp"]["nonce"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["nonce"])) {
144 foreach ($GLOBALS["GOTMLS"]["tmp"]["nonce"] as $nonce_key => $token) {
145 if ((!(is_array($token) && isset($token["hour"]) && is_numeric($token["hour"]))) || (($token["hour"] > $hour) || (($token["hour"] + 24) < $hour)))
146 unset($GLOBALS["GOTMLS"]["tmp"]["nonce"][$nonce_key]);
147 elseif (is_array($token) && isset($token["hour"]) && isset($token["user"]) && isset($token["context"]) && ($token["hour"] == $hour) && ($token["user"] == $uid) && ($token["context"] == $context))
148 $transient_name = $nonce_key;
149 }
150 }
151 if (!isset($GLOBALS["GOTMLS"]["tmp"]["nonce"][$transient_name])) {
152 $GLOBALS["GOTMLS"]["tmp"]["nonce"][$transient_name] = array("hour" => $hour, "user" => $uid, "context" => $context);
153 if (!GOTMLS_update_option('nonce', $GLOBALS["GOTMLS"]["tmp"]["nonce"], false))
154 return (GOTMLS_sanitize($context)."=DB-err:".rawurlencode(preg_replace('/[\r\n]+/', " ", print_r($GLOBALS["GOTMLS"]["tmp"]["nonce"],1).$wpdb->last_error)));
155 }
156 return 'GOTMLS_mt='.rawurlencode($transient_name);
157 }
158
159 function GOTMLS_get_nonce($context = "", $uid = 0) {
160 $return = false;
161 if (isset($_REQUEST["GOTMLS_mt"])) {
162 if (!$uid)
163 $uid = GOTMLS_get_current_user_id(GOTMLS_REMOTEADDR);
164 if (isset($_POST["GOTMLS_mt"]) && (GOTMLS_strlen($_POST["GOTMLS_mt"]) == 32) && isset($GLOBALS["GOTMLS"]["tmp"]["nonce"][$_POST["GOTMLS_mt"]]))
165 $token = $GLOBALS["GOTMLS"]["tmp"]["nonce"][$_POST["GOTMLS_mt"]];
166 elseif (isset($_GET["GOTMLS_mt"]) && (GOTMLS_strlen($_GET["GOTMLS_mt"]) == 32) && isset($GLOBALS["GOTMLS"]["tmp"]["nonce"][$_GET["GOTMLS_mt"]]))
167 $token = $GLOBALS["GOTMLS"]["tmp"]["nonce"][$_GET["GOTMLS_mt"]];
168 if (isset($token) && is_array($token) && isset($token["hour"]) && isset($token["user"]) && isset($token["context"])) {
169 if (GOTMLS_strlen($context) && ($context != $token["context"]))
170 $return = null;
171 elseif ($uid == $token["user"] || (is_numeric($uid) && !is_numeric(GOTMLS_REMOTEADDR) && (GOTMLS_REMOTEADDR == $token["user"])))
172 $return = (INT) $token["hour"];
173 else
174 $return = 0;
175 } else
176 $return = "";
177 }
178 return $return;
179 }
180
181 function GOTMLS_fileperms($file) {
182 if ($prm = @fileperms($file)) {
183 if (($prm & 0xC000) == 0xC000)
184 $ret = "s";
185 elseif (($prm & 0xA000) == 0xA000)
186 $ret = "l";
187 elseif (($prm & 0x8000) == 0x8000)
188 $ret = "-";
189 elseif (($prm & 0x6000) == 0x6000)
190 $ret = "b";
191 elseif (($prm & 0x4000) == 0x4000)
192 $ret = "d";
193 elseif (($prm & 0x2000) == 0x2000)
194 $ret = "c";
195 elseif (($prm & 0x1000) == 0x1000)
196 $ret = "p";
197 else
198 $ret = "u";
199 $ret .= (($prm & 0x0100)?"r":"-").(($prm & 0x0080)?"w":"-");
200 $ret .= (($prm & 0x0040)?(($prm & 0x0800)?"s":"x" ):(($prm & 0x0800)?"S":"-"));
201 $ret .= (($prm & 0x0020)?"r":"-").(($prm & 0x0010)?"w":"-");
202 $ret .= (($prm & 0x0008)?(($prm & 0x0400)?"s":"x" ):(($prm & 0x0400)?"S":"-"));
203 $ret .= (($prm & 0x0004)?"r":"-").(($prm & 0x0002)?"w":"-");
204 $ret .= (($prm & 0x0001)?(($prm & 0x0200)?"t":"x" ):(($prm & 0x0200)?"T":"-"));
205 return $ret;
206 } else
207 return "stat failed!";
208 }
209
210 function GOTMLS_file_details($file) {
211 return '<div id="file_details_'.md5($file).'" class="shadowed-box rounded-corners" style="display: none; position: absolute; left: 8px; top: 29px; background-color: #ccc; border: medium solid #C00; box-shadow: -3px 3px 3px #666; border-radius: 10px; padding: 10px;"><b>File Details: '.GOTMLS_htmlspecialchars(basename($file)).'</b><br />in: '.dirname(realpath($file)).'<br />size: '.filesize(realpath($file)).' ( '.ceil(GOTMLS_strlen(GOTMLS_htmlspecialchars($GLOBALS["GOTMLS"]["tmp"]["file_contents"]))/1024).' KB )<br />encoding: '.(isset($GLOBALS["GOTMLS"]["tmp"]["encoding"])?$GLOBALS["GOTMLS"]["tmp"]["encoding"]:(function_exists("mb_detect_encoding")?mb_detect_encoding($GLOBALS["GOTMLS"]["tmp"]["file_contents"]):"Unknown")).'<br />permissions: '.GOTMLS_fileperms(realpath($file)).'<br />Owner/Group: '.fileowner(realpath($file)).'/'.filegroup(realpath($file)).(function_exists("getmyuid")&&function_exists("getmygid")?' (you are: '.getmyuid().'/'.getmygid():'(getmyuid does not exist').')<br />modified:'.gmdate(" Y-m-d H:i:s ", filemtime(realpath($file))).'<br />changed:'.gmdate(" Y-m-d H:i:s ", filectime(realpath($file))).'</div>';
212 }
213
214 function GOTMLS_esc_url($url) {
215 if ("" === trim($url))
216 return "";
217 $original_url = $url;
218 $url = str_replace(' ', '%20', ltrim($url));
219 $url = preg_replace('|[^a-z0-9-~+_.?#=!&;,/:%@$\|*\'()\[\]\\x80-\\xff]|i', '', $url);
220 $url = wp_kses_normalize_entities($url);
221 $url = str_replace('&amp;', '&#038;', $url);
222 $url = str_replace("'", '&#039;', $url);
223 if ((false !== strpos($url, '[')) || (false !== strpos($url, ']'))) {
224 $end_dirty = preg_replace('/^([fhtps]+\:)?\/\/([^\@]+\@)*[^\/]++/i', '', $url);
225 $end_clean = str_replace(array('[', ']'), array('%5B', '%5D'), $end_dirty);
226 $url = str_replace($end_dirty, $end_clean, $url);
227 }
228 return $url;
229 }
230
231 function GOTMLS_fix_url($url) {
232 return preg_replace('/^https?:\/\//i', '//', "$url");
233 }
234
235 function GOTMLS_admin_url($action, $url = '') {
236 $return = admin_url("admin-ajax.php?action=$action");
237 foreach (array('eli', 'oversize', 'GOTMLS_debug') as $pass_on)
238 if (isset($_GET["$pass_on"]))
239 $return .= "&$pass_on=".GOTMLS_esc_url($_GET["$pass_on"]);
240 return GOTMLS_fix_url("$return&$url");
241 }
242
243 function GOTMLS_dashicon_button($title, $dashicon = "editor-help", $style = 'text-decoration: none;', $contents = "", $href = "javascript:void(0);") {
244 $gt = ">"; // This local variable never changes
245 $lt = "<"; // This local variable never changes
246 return $lt.'a href="'.$href.'" title="'.$title.'" style="'.$style.'"'.$gt.$lt."span class='dashicons dashicons-$dashicon'$gt$lt/span$gt $contents$lt/a$gt\n";
247 }
248
249 function GOTMLS_close_button($box_id, $margin = '6px', $title = "Close") {
250 return GOTMLS_dashicon_button($title, 'dismiss', "float: right; color: #F00; overflow: hidden; width: 20px; height: 20px; text-decoration: none; margin: $margin", "X", 'javascript:void(0);" onclick="showhide(\''.$box_id.'\');');
251 }
252
253 function GOTMLS_get_styles($pre_style = "") {
254 $head_nonce = GOTMLS_set_nonce(__FUNCTION__."255");
255 $gt = ">"; // This local variable never changes
256 $lt = "<"; // This local variable never changes
257 if (!GOTMLS_strlen(trim("$pre_style")))
258 $pre_style = $lt."style$gt";
259 return $pre_style.'
260 span.GOTMLS_date {float: right; width: 130px; white-space: nowrap;}
261 .GOTMLS_page {float: left; border-radius: 10px; padding: 0 5px;}
262 .GOTMLS_quarantine_item {margin: 4px 12px;}
263 .rounded-corners {margin: 10px; border-radius: 10px; -moz-border-radius: 10px; -webkit-border-radius: 10px; border: 1px solid #000;}
264 .shadowed-box {box-shadow: -3px 3px 3px #666; -moz-box-shadow: -3px 3px 3px #666; -webkit-box-shadow: -3px 3px 3px #666;}
265 .sidebar-box {background-color: #CCC;}
266 iframe {border: 0;}
267 .GOTMLS-scanlog li a {display: none;}
268 .GOTMLS-scanlog li:hover a {display: block;}
269 .GOTMLS-sidebar-links {list-style: none;}
270 .GOTMLS-sidebar-links li img {margin: 3px; height: 16px; vertical-align: middle;}
271 .GOTMLS-sidebar-links li {margin-bottom: 0 !important;}
272 .popup-box {background-color: #FFC; display: none; position: absolute; left: 0px; z-index: 10;}
273 .shadowed-text {text-shadow: #00F -1px 1px 1px;}
274 .sub-option {float: left; margin: 3px 5px;}
275 .inside {margin: 10px; position: relative;}
276 .GOTMLS_li, .GOTMLS_plugin li {list-style: none;}
277 .GOTMLS_plugin {margin: 5px; background: #cfc; border: 1px solid #0C0; padding: 0 5px; border-radius: 3px;}
278 .GOTMLS_plugin.known, .GOTMLS_plugin.db_scan, .GOTMLS_plugin.htaccess, .GOTMLS_plugin.timthumb, .GOTMLS_plugin.errors {background: #f99; border: 1px solid #f00;}
279 .GOTMLS_plugin.potential, .GOTMLS_plugin.wp_core, .GOTMLS_plugin.skipdirs, .GOTMLS_plugin.skipped {background: #ffc; border: 1px solid #fc6;}
280 .GOTMLS ul li {margin-left: 12px;}
281 .GOTMLS h2 {margin: 0 0 10px;}
282 .postbox {margin-right: 10px; line-height: 1.4; font-size: 13px;}
283 #pastDonations li {list-style: none;}
284 #quarantine_buttons {margin: 0px; padding: 0px;}
285 #quarantine_buttons input.button-primary {margin-right: 20px;}
286 #reclean_buttons {
287 color: #a00;
288 min-height: 32px;
289 border-top: solid 2px black;
290 padding-top: 10px;
291 }
292 #reclean_buttons input.button-primary {float: right;}
293 #delete_button {
294 background-color: #C33;
295 color: #FFF;
296 background-image: linear-gradient(to bottom, #C22, #933);
297 border-color: #933 #933 #900;
298 box-shadow: 0 1px 0 rgba(230, 120, 120, 0.5) inset;
299 text-decoration: none; text-shadow: 0 1px 0 rgba(0, 0, 0, 0.1);
300 margin-top: 10px;
301 }
302 #main-page-title {
303 background: url("https://secure.gravatar.com/avatar/5feb789dd3a292d563fea3b885f786d6?s=64") no-repeat scroll 0 0 transparent;
304 height: 64px;
305 line-height: 58px;
306 margin: 10px 0 0 0;
307 max-width: 600px;
308 padding: 0 110px 0 84px;
309 }
310 #main-page-title h1 {
311 background: url("https://secure.gravatar.com/avatar/8151cac22b3fc543d099241fd573d176?s=64") no-repeat scroll top right transparent;
312 height: 64px;
313 line-height: 32px;
314 margin: 0;
315 padding: 0 84px 0 0;
316 display: table-cell;
317 text-align: center;
318 vertical-align: middle;
319 }
320 '."$lt/style$gt\n$lt".'div id="div_file" class="shadowed-box rounded-corners sidebar-box" style="padding: 0; display: none; position: fixed; top: '.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][1].'; left: '.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][0].'; width: '.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][3].'; height: '.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][2].'; border: solid #c00; z-index: 112358;"'.$gt.$lt.'table style="width: 100%; height: 100%;" cellspacing="0" cellpadding="0"'.$gt.$lt.'tr'.$gt.$lt.'td style="border-bottom: 1px solid #EEE; height: 32px;" colspan="2"'.$gt.GOTMLS_close_button("div_file").$lt.'h3 onmousedown="grabDiv();" onmouseup="releaseDiv();" id="windowTitle" style="cursor: move; border-bottom: 0px none; z-index: 2345677; position: absolute; left: 0px; top: 0px; margin: 0px; padding: 6px; width: 90%; height: 20px;"'.$gt.GOTMLS_Loading_LANGUAGE."$lt/h3$gt$lt/td$gt$lt/tr$gt$lt".'tr'.$gt.$lt.'td colspan="2" style="height: 100%"'.$gt.$lt.'div style="width: 100%; height: 100%; position: relative; padding: 0; margin: 0; background-color: #fff;" class="inside"'.$gt.$lt.'center'.$gt.$lt.'img src="'.GOTMLS_images_path.'GOTMLS-Loading.gif" id="got-loading-gif" style="max-height: 280px;" alt="..."'.$gt.$lt.'br /'.$gt.GOTMLS_Loading_LANGUAGE.$lt.'br /'.$gt.$lt.'div id="gotmls_too_long" style="display: none;"'.$gt.__("If this is taking too long:",'gotmls').$lt.'br /'.$gt.$lt.'input type="button" onclick="showhide(\'div_file\');if (formx = document.getElementById(\'GOTMLS_Form_clean\')) formx.method = \'get\';" value="'.__("Go Back and Try Again",'gotmls').'" style="margin: 0 5px;" class="button-primary" /'.$gt.'or'.$lt.'input type="button" onclick="showhide(\'GOTMLS_iFrame\', true);" value="'.__("Show the Unloaded Page",'gotmls').'" style="margin: 0 5px;" class="button-primary" /'."$gt$lt/div$gt$lt/center$gt$lt".'iframe id="GOTMLS_iFrame" name="GOTMLS_iFrame" style="top: 0px; left: 0px; position: absolute; width: 100%; height: 100%; background-color: #CCC;"'."$gt$lt/iframe$gt$lt/td$gt$lt/tr$gt$lt".'tr'.$gt.$lt.'td style="height: 20px;"'.$gt.$lt.'iframe id="GOTMLS_statusFrame" name="GOTMLS_statusFrame" style="width: 100%; height: 20px; background-color: #CCC;"'."$gt$lt/iframe$gt$lt/div$gt$lt/td$gt$lt".'td style="height: 20px; width: 20px;"'.$gt.$lt.'h3 id="cornerGrab" onmousedown="grabCorner();" onmouseup="releaseCorner();" style="cursor: move; height: 24px; width: 24px; margin: 0; padding: 0; z-index: 2345678; overflow: hidden; position: absolute; right: 0px; bottom: 0px;"'.$gt.$lt.'span class="dashicons dashicons-editor-expand"'."$gt$lt/span$gt&#8690;$lt/h3$gt$lt/td$gt$lt/tr$gt$lt/table$gt$lt/div$gt\n$lt".'script type="text/javascript"'.$gt.'
321 function showhide(id) {
322 divx = document.getElementById(id);
323 if (divx) {
324 if (divx.style.display == "none" || arguments[1]) {
325 divx.style.display = "block";
326 divx.parentNode.className = (divx.parentNode.className+"close").replace(/close/gi,"");
327 return true;
328 } else {
329 divx.style.display = "none";
330 return false;
331 }
332 }
333 }
334 function checkAllFiles(check) {
335 var checkboxes = new Array();
336 checkboxes = document["GOTMLS_Form_clean"].getElementsByTagName("input");
337 for (var i=0; i<checkboxes.length; i++)
338 if (checkboxes[i].type == "checkbox" && (checkboxes[i].id.substring(0, 6) == "check_" || checkboxes[i].id.substring(0, 24) == "GOTMLS_quarantine_check_"))
339 checkboxes[i].checked = check;
340 }
341 function setvalAllFiles(val) {
342 var checkboxes = document.getElementById("GOTMLS_fixing");
343 if (checkboxes)
344 checkboxes.value = val;
345 }
346 function getWindowWidth(min) {
347 if (typeof window.innerWidth != "undefined" && window.innerWidth > min)
348 min = window.innerWidth;
349 else if (typeof document.documentElement != "undefined" && typeof document.documentElement.clientWidth != "undefined" && document.documentElement.clientWidth > min)
350 min = document.documentElement.clientWidth;
351 else if (typeof document.getElementsByTagName("body")[0].clientWidth != "undefined" && document.getElementsByTagName("body")[0].clientWidth > min)
352 min = document.getElementsByTagName("body")[0].clientWidth;
353 return min;
354 }
355 function getWindowHeight(min) {
356 if (typeof window.innerHeight != "undefined" && window.innerHeight > min)
357 min = window.innerHeight;
358 else if (typeof document.documentElement != "undefined" && typeof document.documentElement.clientHeight != "undefined" && document.documentElement.clientHeight > min)
359 min = document.documentElement.clientHeight;
360 else if (typeof document.getElementsByTagName("body")[0].clientHeight != "undefined" && document.getElementsByTagName("body")[0].clientHeight > min)
361 min = document.getElementsByTagName("body")[0].clientHeight;
362 return min;
363 }
364 function loadIframe(title) {
365 showhide("gotmls_too_long", true);
366 showhide("gotmls_too_long");
367 showhide("GOTMLS_iFrame", true);
368 showhide("GOTMLS_iFrame");
369 document.getElementById("windowTitle").innerHTML = title;
370 if (curDiv) {
371 windowW = getWindowWidth(200);
372 windowH = getWindowHeight(200);
373 if (windowW > 200)
374 windowW -= 30;
375 if (windowH > 200)
376 windowH -= 20;
377 if (px2num(curDiv.style.width) > windowW) {
378 curDiv.style.width = windowW + "px";
379 curDiv.style.left = "0px";
380 } else if ((px2num(curDiv.style.left) + px2num(curDiv.style.width)) > windowW) {
381 curDiv.style.left = (windowW - px2num(curDiv.style.width)) + "px";
382 }
383 if (px2num(curDiv.style.height) > windowH) {
384 curDiv.style.height = windowH + "px";
385 curDiv.style.top = "0px";
386 } else if ((px2num(curDiv.style.top) + px2num(curDiv.style.height)) > windowH) {
387 curDiv.style.top = (windowH - px2num(curDiv.style.height)) + "px";
388 }
389 if (px2num(curDiv.style.left) < 0)
390 curDiv.style.left = "0px";
391 if (px2num(curDiv.style.top)< 0)
392 curDiv.style.top = "0px";
393 }
394 showhide("div_file", true);
395 if (IE)
396 curDiv.scrollIntoView(true);
397 setTimeout(function (){ showhide(\'gotmls_too_long\', true); }, 15000);
398 }
399 function cancelserver(divid) {
400 document.getElementById(divid).innerHTML = "'.$lt."div class='error'$gt".GOTMLS_strip4java(__("No response from server!",'gotmls'))."$lt/div$gt".'";
401 }
402 var stopCheckingDefinitions = 0;
403 function checkPrimaryUpdateServer() {
404 var updatescript = document.createElement("script");
405 if (arguments[0])
406 updatescript.setAttribute("src", pri_addr+arguments[0]);
407 else
408 updatescript.setAttribute("src", pri_addr);
409 if (divx = document.getElementById("Definition_Updates"))
410 divx.appendChild(updatescript);
411 return setTimeout(function() {stopCheckingDefinitions = checkAlternateUpdateServer();}, 15000);
412 }
413 function checkAlternateUpdateServer() {
414 var updatescript = document.createElement("script");
415 if (arguments[0])
416 updatescript.setAttribute("src", alt_addr+arguments[0]);
417 else
418 updatescript.setAttribute("src", alt_addr);
419 if (divx = document.getElementById("Definition_Updates"))
420 divx.appendChild(updatescript);
421 return setTimeout(function() {stopCheckingDefinitions = cancelserver("Definition_Updates");}, 15000);
422 }
423 function checkupdateserver(server) {
424 var updatescript = document.createElement("script");
425 updatescript.setAttribute("src", server);
426 if (divx = document.getElementById("GOTMLS_patch_searching"))
427 divx.appendChild(updatescript);
428 return setTimeout(function() {cancelserver("GOTMLS_patch_searching");}, '.(((INT) $GLOBALS["GOTMLS"]["tmp"]['execution_time'])+1).'000+3000);
429 }
430 var IE = document.all?true:false;
431 //if (!IE) document.addEventListener("mousemove", getMouseXY);
432 document.onmousemove = getMouseXY;
433 var offsetX = 0;
434 var offsetY = 0;
435 var offsetW = 0;
436 var offsetH = 0;
437 var curX = 0;
438 var curY = 0;
439 var curDiv, loadingGif;
440 function getMouseXY(e) {
441 if (IE) { // grab the mouse pos if browser is IE
442 curX = event.clientX + document.body.scrollLeft;
443 curY = event.clientY + document.body.scrollTop;
444 } else { // grab the mouse pos if browser is Not IE
445 curX = e.pageX - document.body.scrollLeft;
446 curY = e.pageY - document.body.scrollTop;
447 }
448 if (curX < 0) {curX = 0;}
449 if (curY < 0) {curY = 0;}
450 if (offsetX && curX > 10) {curDiv.style.left = (curX - offsetX)+"px";}
451 if (offsetY && (curY - offsetY) > 0) {curDiv.style.top = (curY - offsetY)+"px";}
452 if (offsetW && (curX - offsetW) > 360) {curDiv.style.width = (curX - offsetW)+"px";}
453 if (offsetH && (curY - offsetH) > 200) {
454 curDiv.style.height = (curY - offsetH)+"px";
455 loadingGif.style.height = (curY - offsetH - 130)+"px";
456 }
457 return true;
458 }
459 function px2num(px) {
460 return parseInt(px.substring(0, px.length - 2), 10);
461 }
462 function setDiv(DivID) {
463 if (curDiv = document.getElementById(DivID)) {
464 if (IE)
465 curDiv.style.position = "absolute";
466 curDiv.style.left = "'.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][0].'";
467 curDiv.style.top = "'.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][1].'";
468 curDiv.style.height = "'.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][2].'";
469 curDiv.style.width = "'.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][3].'";
470 }
471 if (loadingGif = document.getElementById("got-loading-gif"))
472 loadingGif.style.height = "'.(substr($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][2], 0, -2) - 130).'px";
473 }
474 function grabDiv() {
475 corner = document.getElementById("windowTitle");
476 if (corner) {
477 corner.style.width="100%";
478 corner.style.height="100%";
479 }
480 offsetX=curX-px2num(curDiv.style.left);
481 offsetY=curY-px2num(curDiv.style.top);
482 }
483 function releaseDiv() {
484 corner = document.getElementById("windowTitle");
485 if (corner) {
486 corner.style.width="90%";
487 corner.style.height="20px";
488 }
489 document.getElementById("GOTMLS_statusFrame").src = "'.GOTMLS_admin_url('GOTMLS_position', ($GOTMLS_position_nonce = GOTMLS_set_nonce(GOTMLS_position_msg)).'&GOTMLS_x=').'"+curDiv.style.left+"&GOTMLS_y="+curDiv.style.top;
490 offsetX=0;
491 offsetY=0;
492 }
493 function grabCorner() {
494 corner = document.getElementById("cornerGrab");
495 if (corner) {
496 corner.style.width="100%";
497 corner.style.height="100%";
498 }
499 offsetW=curX-px2num(curDiv.style.width);
500 offsetH=curY-px2num(curDiv.style.height);
501 }
502 function releaseCorner() {
503 corner = document.getElementById("cornerGrab");
504 if (corner) {
505 corner.style.width="20px";
506 corner.style.height="20px";
507 }
508 document.getElementById("GOTMLS_statusFrame").src = "'.GOTMLS_admin_url('GOTMLS_position', $GOTMLS_position_nonce.'&GOTMLS_w=').'"+curDiv.style.width+"&GOTMLS_h="+curDiv.style.height;
509 offsetW=0;
510 offsetH=0;
511 }
512 function check_for_donation(chk) {
513 if ((audl = document.getElementById("autoUpdateDownload")) && audl.src.replace(/^.+\?/,"")=="0")
514 if (chk.substr(0, 8) != "Changed " || chk.substr(8, 1) != "0")
515 chk += "\\n\\n'.__("Please make a donation for the use of this wonderful feature!",'gotmls').'";
516 alert(chk);
517 }
518 setDiv("div_file");'."\n$lt/script$gt\n";
519 }
520
521 function GOTMLS_get_header($optional_box = "") {
522 $gt = ">"; // This local variable never changes
523 $lt = "<"; // This local variable never changes
524 if (isset($_GET["check_site"]) && $_GET["check_site"])
525 $pre_style = $lt.'div id="check_site" style="z-index: 1234567;"'.$gt.$lt.'img src="'.GOTMLS_images_path.'checked.gif" height=16 width=16 alt="&#x2714;"'.$gt.__("Tested your site. It appears we didn't break anything",'gotmls')." ;-)$lt/div$gt$lt".'script type="text/javascript"'.$gt.'if (csw = window.parent.document.getElementById("check_site_warning")) csw.style.backgroundColor=\'#0C0\';window.addEventListener(\'load\', (event) => {showhide(\'inside_ddd6dbd641b9a5909fe4d44da2017cc7\');});'."$lt/script$gt{$lt}li$gt Please $lt".'a target="_blank" href="https://wordpress.org/support/plugin/gotmls/reviews/#wporg-footer"'.$gt.'write a "Five-Star" Review'."$lt/a$gt".' on WordPress.org if you like this plugin.'."$lt/li$gt$lt".'style'.$gt.'#footer, #GOTMLS-metabox-container, #GOTMLS-right-sidebar, #admin-page-container, #wpadminbar, #adminmenuback, #adminmenuwrap, #adminmenu, .error, .updated, .notice, .update-nag {display: none !important;} #wpbody-content {padding-bottom: 0;} #wpbody, html.wp-toolbar {padding-top: 0 !important;} #wpcontent, #footer {margin-left: 5px !important;}';
526 else
527 $pre_style = $lt.'style'.$gt.'#GOTMLS-right-sidebar {float: right; margin-right: 0px;}';
528 return GOTMLS_get_styles($pre_style).$lt.'div id="main-page-title"'.$gt.$lt.'h1 style="vertical-align: middle;"'.$gt.'Anti-Malware from&nbsp;GOTMLS.NET'."$lt/h1$gt$lt/div$gt";
529 }
530
531 function GOTMLS_object_to_array($obj) {
532 if (is_object($obj))
533 $obj = (array) $obj;
534 $new = array();
535 if (is_array($obj)) {
536 foreach ($obj as $key => $val)
537 $new[$key] = GOTMLS_object_to_array($val);
538 } else
539 $new = $obj;
540 return $new;
541 }
542
543 function GOTMLS_get_pagination($count, $wrap = "") {
544 $Q_Paged = "";
545 if (isset($_REQUEST["paged"]) && is_numeric($_REQUEST["paged"])) {
546 if ((INT) $count < (INT) $_REQUEST["paged"])
547 $GLOBALS["GOTMLS"]["Quarantine"]["paged"] = (INT) $count;
548 else
549 $GLOBALS["GOTMLS"]["Quarantine"]["paged"] = (INT) $_REQUEST["paged"];
550 } else
551 $GLOBALS["GOTMLS"]["Quarantine"]["paged"] = 1;
552 for ($p = 1; $p <= $count; $p++) {
553 $Q_Paged .= '<input class="GOTMLS_page" type="submit" value="'.$p.'"'.((isset($GLOBALS["GOTMLS"]["Quarantine"]["paged"]) && $GLOBALS["GOTMLS"]["Quarantine"]["paged"] == $p) || (!isset($GLOBALS["GOTMLS"]["Quarantine"]["paged"]) && 1 == $p)?" DISABLED":"").' name="paged">';
554 }
555 if ($Q_Paged) {
556 foreach ($_GET as $name => $value) {
557 if (substr($name, 0, 10) != 'paged') {
558 if (is_array($value)) {
559 foreach ($value as $val)
560 $Q_Paged .= '<input type="hidden" name="'.GOTMLS_htmlspecialchars($name).'[]" value="'.GOTMLS_htmlspecialchars($val).'">';
561 } else
562 $Q_Paged .= '<input type="hidden" name="'.GOTMLS_htmlspecialchars($name).'" value="'.GOTMLS_htmlspecialchars($value).'">';
563 }
564 }
565 $Q_Paged = '<form method="GET" name="GOTMLS_Form_page"><div style="float: left;">Page:</div>'."$Q_Paged\n</form><br style=\"clear: left;\" />\n";
566 }
567 if ($wrap)
568 return "$Q_Paged<!-- p = $p , count = $count -->$wrap$Q_Paged";
569 else
570 return $Q_Paged;
571 }
572
573 function GOTMLS_get_quarantine($only = false) {
574 global $wpdb, $post;
575 if (is_numeric($only))
576 return get_post($only, ARRAY_A);
577 elseif ($only === true)
578 return $wpdb->get_var("SELECT COUNT(*) FROM `$wpdb->posts` WHERE `post_type` = 'GOTMLS_quarantine' AND `post_status` = 'private'");
579 else
580 $args = array("orderby" => 'date', "post_type" => 'GOTMLS_quarantine', "post_status" => array('private'));
581 if (isset($_REQUEST["post_status"]))
582 $args["post_status"] = $_REQUEST["post_status"];
583 if (isset($_REQUEST["paged"]) && is_numeric($_REQUEST["paged"]))
584 $args["paged"] = (INT) $_REQUEST["paged"];
585 if (isset($_REQUEST["posts_per_page"]) && is_numeric($_REQUEST["posts_per_page"]) && ($_REQUEST["posts_per_page"]))
586 $args["posts_per_page"] = (INT) $_REQUEST["posts_per_page"];
587 else
588 $args["posts_per_page"] = 200;
589 $my_query = new WP_Query($args);
590 if ($my_query->have_posts()) {
591 $Q_Page = '<form method="POST" action="'.admin_url('admin-ajax.php').'" target="GOTMLS_iFrame" id="GOTMLS_Form_clean" name="GOTMLS_Form_clean"><input type="hidden" id="GOTMLS_fixing" name="GOTMLS_fixing" value="1"><input type="hidden" name="'.str_replace('=', '" value="', GOTMLS_set_nonce(__FUNCTION__."581")).'"><input type="hidden" name="action" value="GOTMLS_fix"><p id="quarantine_buttons" style="display: none;"><input id="repair_button" type="submit" value="'.__("Restore selected files from quarantine records",'gotmls').'" class="button-primary" onclick="if (confirm(\''.__("Are you sure you want to overwrite the previously cleaned files with the selected files in the Quarantine?",'gotmls').'\')) { setvalAllFiles(1); loadIframe(\'File Restoration Results\'); } else return false;" /><input id="delete_button" type="submit" class="button-primary" value="'.__("Delete selected quarantine records",'gotmls').'" onclick="if (confirm(\''.__("Are you sure you want to permanently delete the selected files in the Quarantine?",'gotmls').'\')) { setvalAllFiles(2); loadIframe(\'File Deletion Results\'); } else return false;" /></p><p><b>'.__("The following items highlighted in yellow had been found to contain malicious code, they have been cleaned and the malicious contents have been removed. A record of the infection has been saved here in the Quarantine for your review and could help with any future investigations. The code is safe here and you do not need to do anything further with these files.",'gotmls').'</b></p>
592 <p id="reclean_buttons" style="display: none;"><input id="reclean_button" type="submit" value="'.__("Re-clean re-infected files",'gotmls').'" class="button-primary" onclick="checkAllFiles(false); setvalAllFiles(1); loadIframe(\'Reinfected File Recleaning Results\');" /><b>'.__("The items highlighted in red have been found to be re-infected. The malicious code has returned and needs to be cleaned again.",'gotmls').'</b></p>
593 <ul name="found_Quarantine" id="found_Quarantine" class="GOTMLS_plugin known" style="background-color: #ccc; padding: 0;"><h3 style="margin: 8px 12px;">'.($my_query->post_count>1?'<input type="checkbox" onchange="checkAllFiles(this.checked); document.getElementById(\'quarantine_buttons\').style.display = \'block\';"> '.sprintf(__("Check all %d",'gotmls'),$my_query->post_count):"").__(" Items in Quarantine",'gotmls').'<span class="GOTMLS_date">'.__("Quarantined",'gotmls').'</span><span class="GOTMLS_date">'.__("Date Infected",'gotmls').((isset($_REQUEST["GOTMLS_debug"]))?'</span><span class="GOTMLS_date">'.__("Date Modified",'gotmls').'</span><span class="GOTMLS_date">'.__("Date Changed",'gotmls').'</span><span class="GOTMLS_date">'.__("File Size",'gotmls').'</span><span class="GOTMLS_date">'.__("Threat Found",'gotmls'):"").'</span></h3>';
594 $root_path = implode(GOTMLS_slash(), array_slice(GOTMLS_explode_dir(__FILE__), 0, (2 + intval($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"])) * -1));
595 while ($my_query->have_posts()) {
596 $my_query->the_post();
597 $gif = 'blocked.gif';
598 $threat = 'potential';
599 $action = $post->ID.'" id="check_'.$post->ID.'" onchange="document.getElementById(\'quarantine_buttons\').style.display = \'block\';';
600 $link = GOTMLS_error_link(__("The current/live file is missing or deleted",'gotmls'), $post->ID, $threat);
601 $fa = GOTMLS_threats_found_meta(GOTMLS_object_to_array($post));
602 if (is_file($post->post_title)) {
603 GOTMLS_scanfile($post->post_title);
604 if (count($GLOBALS["GOTMLS"]["tmp"]["threats_found"])) {
605 $gif = 'threat.gif" onload="document.getElementById(\'reclean_buttons\').style.display = \'block\';';
606 $threat = 'known';
607 $action = GOTMLS_encode(realpath($post->post_title)).'" id="ilist_'.$post->ID.'" checked="true';
608 }
609 $link = GOTMLS_error_link(__("View current/live version",'gotmls'), $post->post_title, $threat);
610 } elseif (is_array($postdb = explode(":", $post->post_title.":")) && count($postdb) > 3 && is_numeric($postdb[1])) {
611 if ("options" == substr($postdb[0], -7)) {
612 if ($opt_row = $wpdb->get_row($wpdb->prepare("SELECT * FROM `$wpdb->options` WHERE `option_id` = %s",(INT) $postdb[1]), ARRAY_A))
613 $link = GOTMLS_error_link(__("View Option Record: ",'gotmls').((INT) $postdb[1]), ((INT) $postdb[1]).'.1', $threat);
614 elseif ($opt_row = $wpdb->get_row($SQL = $wpdb->prepare("SELECT * FROM `$wpdb->options` WHERE `option_name` LIKE %s", trim($postdb[2], '"')), ARRAY_A))
615 $link = GOTMLS_error_link(__("View Option Record: ",'gotmls').htmlspecialchars($postdb[2]), $opt_row["option_id"].'.1', $threat);
616 else
617 $link = GOTMLS_error_link(__("View Quarantine Record",'gotmls'), $post->ID, $threat);
618 } else {
619 $link = '<a target="_blank" href="';
620 if ("revision" == $postdb[0])
621 $link .= admin_url('revision.php?revision='.rawurlencode($postdb[1]))."\" title=\"View this revision";
622 else
623 $link .= admin_url('post.php?action=edit&post='.rawurlencode((INT) $postdb[1]))."\" title=\"View current ".GOTMLS_htmlspecialchars($postdb[0]);
624 $link .= "\" id=\"list_edit_".((INT) $postdb[1])."\" class=\"GOTMLS_plugin $threat\">";
625 }
626 }
627 $Q_Page .= '
628 <li id="GOTMLS_quarantine_'.((INT) $post->ID).'" class="GOTMLS_quarantine_item" onmouseover="this.style.fontWeight=\'bold\';" onmouseout="this.style.fontWeight=\'normal\';"><span class="GOTMLS_date">'.GOTMLS_error_link(__("View Quarantine Record",'gotmls'), $post->ID, $threat).$post->post_date.'</a></span><span title="modified: '.GOTMLS_htmlspecialchars($post->post_modified).'" class="GOTMLS_date">'.GOTMLS_htmlspecialchars($post->post_modified_gmt).((isset($_REQUEST["GOTMLS_debug"]) && is_file($post->post_title))?'</span><span class="GOTMLS_date">'.gmdate("Y-m-d H:i:s", filemtime($post->post_title)).'</span><span class="GOTMLS_date">'.gmdate("Y-m-d H:i:s", filectime($post->post_title)).'</span><span class="GOTMLS_date">('.filesize($post->post_title).' bytes)</span><span class="GOTMLS_date">( '.$fa.')':"").'</span><input type="checkbox" name="GOTMLS_fix[]" value="'.$action.'" /><img src="'.GOTMLS_images_path.$gif.'" height=16 width=16 alt="Q">'.$link.GOTMLS_htmlspecialchars(str_replace($root_path, "...", $post->post_title))."</a></li>\n";
629 }
630 $Q_Page = GOTMLS_get_pagination($my_query->max_num_pages, "$Q_Page\n</ul>\n</form>");
631 } else
632 $Q_Page = '<h3>'.__("No Items in Quarantine",'gotmls').'</h3>';
633 wp_reset_query();
634 return $Q_Page;
635 }
636
637 function GOTMLS_box($bTitle, $bContents, $bType = "postbox") {
638 $md5 = md5($bTitle);
639 if (isset($GLOBALS["GOTMLS"]["tmp"]["$bType"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["$bType"]))
640 $GLOBALS["GOTMLS"]["tmp"]["$bType"]["$md5"] = "$bTitle";
641 else
642 $GLOBALS["GOTMLS"]["tmp"]["$bType"] = array("$md5"=>"$bTitle");
643 return '
644 <div id="box_'.$md5.'" class="'.$bType.'"><h3 title="Click to toggle" onclick="if (typeof '.$bType.'_showhide == \'function\'){'.$bType.'_showhide(\'inside_'.$md5.'\');}else{showhide(\'inside_'.$md5.'\');}" style="cursor: pointer;" class="hndle"><span id="title_'.$md5.'">'.$bTitle.'</span></h3>
645 <div id="inside_'.$md5.'" class="inside">
646 '.$bContents.'
647 </div>
648 </div>';
649 }
650
651 function GOTMLS_threats_ver($threats_name) {
652 foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"] as $threat_level => $Threats)
653 if (is_array($Threats) && isset($Threats["$threats_name"][0]) && GOTMLS_strlen($Threats["$threats_name"][0]) == 5)
654 return $Threats["$threats_name"][0];
655 return $threats_name;
656 }
657
658 function GOTMLS_threats_found_meta($Q_post = array()) {
659 global $wpdb, $table_prefix;
660 $gt = ">"; // This local variable never changes
661 $lt = "<"; // This local variable never changes
662 $SQL = "SELECT `meta_value` AS `Threat`, COUNT(*) AS `Found` FROM `{$wpdb->prefix}postmeta` WHERE `meta_key` = 'GOTMLS_threats_found'";
663 if (isset($Q_post["ID"]) && is_numeric($pID = $Q_post["ID"]) && ($pID > 0))
664 $SQL = $wpdb->prepare("$SQL AND post_id = %s", (INT) $pID);
665 else
666 $pID = 0;
667 $my_query = $wpdb->get_results("$SQL GROUP BY `meta_value`", ARRAY_A);
668 $fa = "";
669 if (is_array($my_query) && count($my_query)) {
670 $f = 1;
671 foreach ($my_query as $rec) {
672 if (isset($rec["Threat"]) && is_string($rec["Threat"]) && is_array($Threat = @GOTMLS_uckserialize($rec["Threat"])) && isset($Threat["DefVer"]) && isset($Threat["SubPos"])) {
673 $ends = explode("-", $Threat["SubPos"]."--", 3);
674 if (GOTMLS_strlen($ends[0]) > 0 && GOTMLS_strlen($ends[1]) > 0 && is_numeric($ends[1]) && is_numeric($ends[0])) {
675 if ($ends[1] < $ends[0])
676 $ends = array_reverse($ends);
677 $fa .= $lt.'a title="'.GOTMLS_htmlspecialchars($Threat["DefVer"]).'" href="javascript:select_text_range(\'ta_file\', '.$ends[0].', '.$ends[1].');"'.$gt.'['.$f++."]$lt/a$gt ";
678 }
679 }
680 }
681 } else {
682 if (isset($Q_post["post_excerpt"]) && GOTMLS_strlen($Q_post["post_excerpt"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["threats_found"] = @GOTMLS_uckserialize(GOTMLS_decode($Q_post["post_excerpt"])))) {
683 $f = 1;
684 foreach ($GLOBALS["GOTMLS"]["tmp"]["threats_found"] as $threats_found => $threats_name) {
685 $ends = explode("-", "$threats_found--", 3);
686 if (GOTMLS_strlen($ends[0]) > 0 && GOTMLS_strlen($ends[1]) > 0 && is_numeric($ends[1]) && is_numeric($ends[0])) {
687 if ($ends[1] < $ends[0])
688 $ends = array_reverse($ends);
689 $fa .= $lt.'a title="'.GOTMLS_htmlspecialchars($threats_name).'" href="javascript:select_text_range(\'ta_file\', '.$ends[0].', '.$ends[1].');"'.$gt.'['.$f++."]$lt/a$gt ";
690 if (function_exists("add_post_meta"))
691 add_post_meta($pID, 'GOTMLS_threats_found', array("SubPos" => $ends[0]."-".$ends[1], "DefVer" => GOTMLS_threats_ver($threats_name)));
692 } else {
693 if (is_numeric($threats_found)) {
694 $threats_found = $threats_name;
695 $threats_name = $f;
696 }
697 $fpos = 0;
698 $flen = 0;
699 $potential_threat = GOTMLS_convert_r($threats_found);
700 while (($fpos = strpos($GLOBALS["GOTMLS"]["tmp"]["file_contents"], ($potential_threat), $flen + $fpos)) !== false) {
701 $flen = GOTMLS_strlen($potential_threat);
702 $fa .= $lt.'a title="'.GOTMLS_htmlspecialchars($threats_name).'" href="javascript:select_text_range(\'ta_file\', '.($fpos).', '.($fpos + $flen).');"'.$gt.'['.$f++."]$lt/a$gt ";
703 if (function_exists("add_post_meta"))
704 add_post_meta($pID, 'GOTMLS_threats_found', serialize(array("SubPos" => $fpos."-".($fpos + $flen), "DefVer" => GOTMLS_threats_ver($threats_name))));
705 }
706 }
707 }
708 } else
709 $fa = GOTMLS_strlen($Q_post["post_excerpt"])."No Threats Found ";
710 }
711 return $fa;
712 }
713
714 function GOTMLS_view_details($Q_post, $pretext = "") {
715 $title = __("View Details:",'gotmls');
716 $clean_file = GOTMLS_htmlentities($Q_post["post_title"]);
717 $encoded_file_contents = GOTMLS_convert_r($GLOBALS["GOTMLS"]["tmp"]["file_contents"]);
718 if (isset($GLOBALS["GOTMLS"]["tmp"]["encoding"])) {
719 $en = $GLOBALS["GOTMLS"]["tmp"]["encoding"];
720 @header("Content-type: text/html; charset=$en");
721 } else
722 $en = "Unknown";
723 $fa = GOTMLS_threats_found_meta($Q_post);
724 die(GOTMLS_html_tags(array(
725 "html" => array(
726 "head" => array(
727 "title" => "$title $clean_file",
728 "script" => GOTMLS_js_text_range()
729 ),
730 "body" => array(
731 "table" => array(
732 "tr" => array(
733 "td" => "$pretext".
734 GOTMLS_html_tags(array(
735 "div" => array(
736 "b" => "$title",
737 "br id='encoding' /" => "encoding: $en",
738 "br id='size' /" => "size: ".GOTMLS_strlen("$encoded_file_contents")." Bytes",
739 "br id='modified' /" => 'modified:'.$Q_post["post_modified"],
740 "br id='changed' /" => 'changed:'.$Q_post["post_modified_gmt"],
741 "br id='quarantined' /" => 'quarantined:'.$Q_post["post_date"]
742 )
743 ), array(
744 'div' => 'id="fileperms" class="shadowed-box rounded-corners" style="display: none; position: absolute; left: 8px; top: 29px; background-color: #ccc; border: medium solid #C00; box-shadow: -3px 3px 3px #666; border-radius: 10px; padding: 10px;"'
745 )
746 ).
747 GOTMLS_html_tags(array(
748 "div" => GOTMLS_html_tags(array('span' => $title), array('span' => 'onmouseover="document.getElementById(\'fileperms\').style.display=\'block\';" onmouseout="document.getElementById(\'fileperms\').style.display=\'none\';"'))."( $fa)"
749 ), array(
750 'div' => 'style="overflow: auto;"'
751 )
752 )
753 ),
754 GOTMLS_html_tags(array(
755 "tr" => array(
756 "td" => array(
757 "textarea" => GOTMLS_htmlentities("$encoded_file_contents")
758 )
759 )
760 ), array(
761 'td' => 'style="height: 100%; padding: 5px 5px 0 0;"',
762 'textarea' => 'id="ta_file" style="width: 100%; height: 100%"'
763 )
764 )
765 )
766 )
767 )
768 ), array(
769 'script' => 'type="text/javascript"',
770 'table' => 'style="top: 0px; left: 0px; width: 100%; height: 100%; position: absolute;"',
771 'td' => 'style="width: 100%"'
772 )
773 ));
774 }
775
776 function GOTMLS_js_text_range($posttext = "") {
777 return '
778 function select_text_range(ta_id, start, end) {
779 var textBox = document.getElementById(ta_id);
780 var scrolledText = "";
781 scrolledText = textBox.value.substring(0, end);
782 textBox.focus();
783 if (textBox.setSelectionRange) {
784 scrolledText = textBox.value.substring(end);
785 textBox.value = textBox.value.substring(0, end);
786 textBox.scrollTop = textBox.scrollHeight;
787 textBox.value = textBox.value + scrolledText;
788 textBox.setSelectionRange(start, end);
789 } else if (textBox.createTextRange) {
790 var range = textBox.createTextRange();
791 range.collapse(true);
792 range.moveStart("character", start);
793 range.moveEnd("character", end);
794 range.select();
795 } else
796 alert("The highlighting function does not work in your browser");
797 }
798 if (typeof window.parent.showhide === "function")
799 window.parent.showhide("GOTMLS_iFrame", true);
800 '.$posttext;
801 }
802
803 if ((isset($_SERVER["DOCUMENT_ROOT"]) && ($SCRIPT_FILE = str_replace($_SERVER["DOCUMENT_ROOT"], "", (isset($_SERVER["SCRIPT_FILENAME"])?$_SERVER["SCRIPT_FILENAME"]:(isset($_SERVER["SCRIPT_NAME"])?$_SERVER["SCRIPT_NAME"]:"")))) && GOTMLS_strlen($SCRIPT_FILE) > GOTMLS_strlen("/".basename(__FILE__)) && substr(__FILE__, -1 * GOTMLS_strlen($SCRIPT_FILE)) == substr($SCRIPT_FILE, -1 * GOTMLS_strlen(__FILE__)))) {
804 if (isset($_REQUEST["page"]) && str_replace('-', '_', $_REQUEST["page"]) == "GOTMLS_View_Quarantine" && isset($_REQUEST["GOTMLS_mt"]) && GOTMLS_strlen($GOTMLS_nonce = $_REQUEST["GOTMLS_mt"]) == 32 && isset($GLOBALS["GOTMLS"]["tmp"]["nonce"][$_REQUEST["GOTMLS_mt"]]["context"]) && ($GLOBALS["GOTMLS"]["tmp"]["nonce"][$_REQUEST["GOTMLS_mt"]]["context"] == GOTMLS_update_home)) {
805 try {
806 $wpdb->prefix = $table_prefix;
807 GOTMLS_define("GOTMLS_Loading_LANGUAGE", __("Loading, Please Wait ...",'gotmls'));
808 GOTMLS_define("GOTMLS_position_msg", __("Default position",'gotmls'));
809 if (isset($_REQUEST["id"]) && is_numeric($_REQUEST["id"])) {
810 $my_query = $wpdb->get_results($wpdb->prepare("SELECT * FROM `{$wpdb->prefix}posts` WHERE `post_type` = 'GOTMLS_quarantine' AND `ID` = %s", (INT) $_REQUEST["id"]), ARRAY_A);
811 if (is_array($my_query) && isset($my_query[0]["post_type"]) && strtolower($my_query[0]["post_type"]) == "gotmls_quarantine") {
812 GOTMLS_load_contents(GOTMLS_decode($my_query[0]["post_content"]));
813 GOTMLS_view_details($my_query[0], '<form style="margin: 0;" method="post" action="?GOTMLS_mt='.$GOTMLS_nonce.'&page=GOTMLS_View_Quarantine" onsubmit="return confirm(\''.GOTMLS_strip4java(__("Are you sure you want to restore this record from the quarantine?",'gotmls')).'\');"><input type="hidden" name="id[]" value="'.$my_query[0]["ID"].'"><input type="submit" value="Restore from Quarantine" style="display: none; background-color: #0C0; float: right;"></form>');
814 } else
815 die('<h3>Item NOT Found in Quarantine</h3>');
816 } else {
817 if (!isset($_REQUEST["not_in"]))
818 $_REQUEST["not_in"] = "trash";
819 $GLOBALS["GOTMLS"]["Quarantine"]["SQL"] = $wpdb->prepare("FROM `{$wpdb->prefix}posts` WHERE `post_type` = 'GOTMLS_quarantine' AND `post_status` != %s ORDER BY `post_date_gmt` DESC", $_REQUEST["not_in"]);
820 $GLOBALS["GOTMLS"]["Quarantine"]["Count"] = $wpdb->get_var("SELECT COUNT(*) ".$GLOBALS["GOTMLS"]["Quarantine"]["SQL"]);
821 if (isset($_REQUEST["posts_per_page"]) && is_numeric($_REQUEST["posts_per_page"]) && ($_REQUEST["posts_per_page"]))
822 $GLOBALS["GOTMLS"]["Quarantine"]["posts_per_page"] = (INT) $_REQUEST["posts_per_page"];
823 else
824 $GLOBALS["GOTMLS"]["Quarantine"]["posts_per_page"] = 200;
825 $paged = GOTMLS_get_pagination(ceil($GLOBALS["GOTMLS"]["Quarantine"]["Count"] / $GLOBALS["GOTMLS"]["Quarantine"]["posts_per_page"]));
826 $GLOBALS["GOTMLS"]["Quarantine"]["SQL"] .= $wpdb->prepare(" LIMIT %d,%d", (INT) (($GLOBALS["GOTMLS"]["Quarantine"]["paged"] - 1) * $GLOBALS["GOTMLS"]["Quarantine"]["posts_per_page"]), (INT) $GLOBALS["GOTMLS"]["Quarantine"]["posts_per_page"]);
827 $my_query = $wpdb->get_results("SELECT * ".$GLOBALS["GOTMLS"]["Quarantine"]["SQL"], ARRAY_A);
828 if (is_array($my_query) && count($my_query)) {
829 $Q_Page = $paged.'<form method="POST" action="?page=GOTMLS_View_Quarantine" id="GOTMLS_Form_clean" name="GOTMLS_Form_clean"><input type="hidden" name="GOTMLS_mt" value="'.$GOTMLS_nonce.'"><p id="quarantine_buttons" style="display: none;"><input id="repair_button" type="submit" value="Restore selected files" class="button-primary" style="background-color: #0C0;" onclick="return confirm(\'Are you sure you want to overwrite the previously cleaned files with the selected files in the Quarantine?\');" /></p><p><b>The following items have been found to contain malicious code, they have been cleaned, and the original infected file contents have been saved here in the Quarantine. The code is safe here and you do not need to do anything further with these files.</b></p>
830 <ul name="found_Quarantine" id="found_Quarantine" class="GOTMLS_plugin known" style="background-color: #ccc; padding: 0;"><h3 style="margin: 8px 12px;">'.(count($my_query)>1?'<input type="checkbox" onchange="checkAllFiles(this.checked); document.getElementById(\'quarantine_buttons\').style.display = \'block\';"> '.sprintf(__("Check all %d",'gotmls'),count($my_query)):"").__(" Items in Quarantine",'gotmls').'<span class="GOTMLS_date">'.__("Quarantined",'gotmls').'</span><span class="GOTMLS_date">'.__("Date Infected",'gotmls').'</span></h3>';
831 $root_path = implode(GOTMLS_slash(), array_slice(GOTMLS_explode_dir(__FILE__), 0, (2 + intval($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"])) * -1));
832 foreach ($my_query as $post_a) {
833 $restored = "";
834 $image = "threat";
835 $extra = "";
836 if (isset($_REQUEST["id"]) && is_array($_REQUEST["id"]) && in_array($post_a["ID"], $_REQUEST["id"])) {
837 if (GOTMLS_save_contents($post_a["post_title"], $apost_content = GOTMLS_decode($post_a["post_content"]))) {
838 $post_a["post_date_gmt"] = gmdate("Y-m-d H:i:s");
839 if ($wpdb->query($wpdb->prepare("UPDATE `{$wpdb->prefix}posts` SET `post_status` = 'pending', `post_name` = 'whitelist', `post_date_gmt` = '".$post_a["post_date_gmt"]."' WHERE `post_type` = 'GOTMLS_quarantine' AND `ID` = %s", (INT) $post_a["ID"])))
840 $post_a["post_status"] = 'pending';
841 }
842 }
843 if ($post_a["post_status"] == 'pending') {
844 $restored = " read-only disabled";
845 $image = "checked";
846 $extra = " Whitelisted ".$post_a["post_date_gmt"];
847 }
848 if ($post_a["post_status"] == 'trash') {
849 $restored = " read-only disabled";
850 $image = "blocked";
851 $extra = " Deleted ".$post_a["post_date_gmt"];
852 }
853 $Q_Page .= '
854 <li id="GOTMLS_quarantine_'.$post_a["ID"].'" class="GOTMLS_quarantine_item"><span class="GOTMLS_date">'.$post_a["post_date"].'</span><span class="GOTMLS_date" title="modified: '.$post_a["post_modified"].'">'.$post_a["post_modified_gmt"].'</span><input'.$restored.' type="checkbox" name="id[]" value="'.$post_a["ID"].'" id="GOTMLS_quarantine_check_'.$post_a["ID"].'" onchange="document.getElementById(\'quarantine_buttons\').style.display = \'block\';" /><img src="'.$image.'.gif" height=16 width=16 alt="Q"><a class="GOTMLS_plugin '.$restored.($post_a["post_status"]=='pending'?'" title="View Whitelisted File':($post_a["post_status"]=='trash'?' potential" title="View Deleted File':' known" title="View Quarantined File')).'" target="_blank" href="?page=GOTMLS_View_Quarantine&id='.$post_a["ID"].'&GOTMLS_mt='.$GOTMLS_nonce.'">'.str_replace($root_path, "...", $post_a["post_title"])."$extra</a></li>\n";
855 }
856 $Q_Page .= "\n</ul>\n</form>$paged";
857 } else
858 $Q_Page = '<h3>'.__("No Items in Quarantine",'gotmls').'</h3>';
859 die(GOTMLS_html_tags(array("html" => array("body" => GOTMLS_get_header().GOTMLS_box(__("View Quarantine",'gotmls'), $Q_Page)))));
860 }
861 } catch (Exception $e) {
862 die('Caught exception: '.GOTMLS_htmlspecialchars($e->getMessage())."\n");
863 }
864 } else {
865 header("Content-type: image/gif");
866 die(GOTMLS_decode('R=lGODlhEAAQAIQYAAAAAAIAAAMAAAgAAAkAAAsAAAwAAHcAAHgAAKYAAK4AAK8AALUAALYAAMcAAMgAAM=AANkAANoAANwAAN=AAP4AAP8AANTU1P_______________________________yH5BAEKAB8ALAAAAAAQABAAAAWB4HddwGia5SWSAVBZMAwIKQkg7xtXCJAKCEukURgRIJbKQWCrSGw-QAJWiS4sjFHUAYNUFD7LpKilvC6DiaVUqZxipuQIFpfXSWLC5UWpFdQ-V=gWD1EjDBYLUToJUT4XEVUlAQddAyMGDRIWS1o3SW=6PI9aNKJJMykrNSckIx8hADs2'));
867
868 }
869 }
870 $GOTMLS_image_alt = array("wait"=>"...", "checked"=>"&#x2714;", "blocked"=>"X", "question"=>"?", "threat"=>"!");
871 $GOTMLS_dir_at_depth = array();
872 $GOTMLS_dirs_at_depth = array();
873 $GLOBAL_STRING = array("REQUEST" => "&","SERVER" => "&","FILES" => "&");
874 if (isset($_GET) && is_array($_GET))
875 foreach ($_GET as $req => $val)
876 $GLOBAL_STRING["REQUEST"] .= "$req=".(is_array($val)?print_r($val,1):$val)."&";
877 if (isset($_POST) && is_array($_POST))
878 foreach ($_POST as $req => $val)
879 $GLOBAL_STRING["REQUEST"] .= "$req=".(is_array($val)?print_r($val,1):$val)."&";
880 if (isset($_SERVER) && is_array($_SERVER))
881 foreach ($_SERVER as $req => $val)
882 $GLOBAL_STRING["SERVER"] .= "$req=".(is_array($val)?print_r($val,1):$val)."&";
883 if (isset($_FILES) && is_array($_FILES))
884 foreach ($_FILES as $req => $fila)
885 foreach (array("tmp_name","name") as $val)
886 if (isset($fila["$val"]))
887 $GLOBAL_STRING["FILES"] .= "$req.$val=".(is_array($fila["$val"])?print_r($fila["$val"],1):$fila["$val"])."&";
888 if (!(isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["firewall"]) && array($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["firewall"])))
889 $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["firewall"] = array(
890 "RevSlider"=>array("CCIGG", "Revolution Slider Exploit Protection", "This protection is automatically activated because of the widespread attacks on WordPress that have affected so many sites. It is still recommended that you make sure to upgrade any older versions of the Revolution Slider plugin, especially those included in themes that will not update automatically. Even if you don't think you have Revolution Slider on your site it doen't hurt to have this protection enabled.", "SERVER", '/\/admin-ajax\.php/i', "REQUEST", '/\&img=[^\&]*(?<!\.'.implode(')(?<!\.', array_slice($GLOBALS["GOTMLS"]["tmp"]["skip_ext"], 0, 10)).')\&/i'),
891 "Traversal"=>array("CCIGG", "Directory Traversal Protection", "This protection is automatically activated because this type of attack is quite common. This protection can prevent hackers from accessing secure files in parent directories (or user's folders outside the site_root).", "REQUEST", '/[\=\/](\.\.|etc)\//'),
892 "UploadPHP"=>array("CCIGG", "Upload PHP File Protection", "This protection is automatically activated because this type of attack is extremely dangerous. This protection can prevent hackers from uploading malicious code via web scripts.", "FILES", '/name=[^\&]*\.php\&/'));
893 foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["firewall"] as $TP => $VA) {
894 $V = 3;
895 if (is_array($VA) && count($VA) > $V && is_array($VA[$V])) {
896 foreach ($VA[$V] as $reg => $arr) {
897 $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["firewall"]["$TP"][$V++] = $arr;
898 $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["firewall"]["$TP"][$V++] = $reg;
899 }
900 }
901 if (!(isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["firewall"]["$TP"]) && $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["firewall"]["$TP"])) {
902 $GLOBALS["GOTMLS"]["detected_attacks"] = "&attack[]=FW_$TP";
903 for ($V = 4; isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["firewall"]["$TP"][$V]); $V+=2)
904 if (!isset($GLOBAL_STRING[$GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["firewall"]["$TP"][$V-1]]))
905 die($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["firewall"]["$TP"][$V-1]." [$V] not in ".GOTMLS_html_tags(array('pre' => GOTMLS_htmlspecialchars(print_r($GLOBAL_STRING,1)))));
906 elseif (!preg_match($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["firewall"]["$TP"][$V], $GLOBAL_STRING[$GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["firewall"]["$TP"][$V-1]], $matches))
907 $GLOBALS["GOTMLS"]["detected_attacks"] = "";
908 if ($GLOBALS["GOTMLS"]["detected_attacks"])
909 include(dirname(dirname(__FILE__))."/safe-load/index.php");
910 }
911 }
912 $GLOBALS["GOTMLS"]["detected_attacks"] = "";
913 if (!(isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"]) && count($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"]) == 4))
914 $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"] = $GLOBALS["GOTMLS"]["tmp"]["default"]["msg_position"];
915 if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_what"]))
916 $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_what"] = 2;
917 if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_depth"]))
918 $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_depth"] = -1;
919 if (!(isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"])))
920 $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"] = $GLOBALS["GOTMLS"]["tmp"]["skip_ext"];
921 if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check_custom"]))
922 $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check_custom"] = "";
923 if (!(isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_dir"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_dir"])))
924 $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_dir"] = array();
925 $GOTMLS_total_percent = 0;
926
927 function GOTMLS_admin_notices() {
928 if (!is_admin())
929 return;
930 if (is_file(dirname(dirname(dirname(__FILE__)))."/yuzo-related-post/yuzo_related_post.php"))
931 echo GOTMLS_error_div('It looks like you have <b>"Related Post" plugin By <i>Lenin Zapata</i></b> installed on your site.<br />This plugin was removed from the WordPress Plugin Repository because it contained a major vulnerability that was responsible for a fairly widespread breach to many WordPress sites that had it installed.<br />It is recommended that it be deactivated and deleted until a fix is released that solves this problem.');
932 if (!function_exists("mb_detect_encoding"))
933 echo GOTMLS_error_div('It looks like you don\'t have <b>"mbstring" functions</b> enabled on your server.<br />This Anti-Malware plugin requires Multibyte String compatibility for best results. Please make sure that php-mbstring is installed and configured for the version of PHP running on your server.');
934 if ($GLOBALS["GOTMLS"]["tmp"]["HeadersError"])
935 echo $GLOBALS["GOTMLS"]["tmp"]["HeadersError"];
936 }
937 add_action("admin_notices", "GOTMLS_admin_notices");
938
939 function GOTMLS_array_recurse($array1, $array2) {
940 foreach ($array2 as $key => $value) {
941 if (!isset($array1[$key]) || (isset($array1[$key]) && !is_array($array1[$key])))
942 $array1[$key] = array();
943 if (is_array($value))
944 $value = GOTMLS_array_recurse($array1[$key], $value);
945 $array1[$key] = $value;
946 }
947 return $array1;
948 }
949
950 function GOTMLS_array_replace($array1, $array2) {
951 foreach ($array2 as $key => $value)
952 $array1[$key] = $value;
953 return $array1;
954 }
955
956 function GOTMLS_array_replace_recursive($array1 = array()) {
957 $args = func_get_args();
958 $array1 = $args[0];
959 if (!is_array($array1))
960 $array1 = array();
961 for ($i = 1; $i < count($args); $i++)
962 if (is_array($args[$i]))
963 $array1 = GOTMLS_array_recurse($array1, $args[$i]);
964 return $array1;
965 }
966
967 function GOTMLS_scanlog_title() {
968 $units = array("seconds"=>60,"minutes"=>60,"hours"=>24,"days"=>365,"years"=>10);
969 if (isset($GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["type"]) && GOTMLS_strlen($GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["type"]))
970 $GLOBALS["GOTMLS"]["scan"]["title"] = GOTMLS_sanitize($GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["type"]);
971 else
972 $GLOBALS["GOTMLS"]["scan"]["title"] = "Unknown scan type";
973 $scan_only = "";
974 if (isset($GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["scan_only"])) {
975 if (is_array($GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["scan_only"])) {
976 if (count($GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["scan_only"]) == 1 && isset($GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["scan_only"][0]))
977 $scan_only = "/".$GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["scan_only"][0];
978 } else
979 $scan_only = "/".$GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["scan_only"];
980 }
981 if (isset($GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["dir"]) && @is_dir($GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["dir"]))
982 $GLOBALS["GOTMLS"]["scan"]["title"] .= " of ".basename($GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["dir"].$scan_only);
983 elseif ($scan_only)
984 $GLOBALS["GOTMLS"]["scan"]["title"] .= " of ".basename($scan_only);
985 if (isset($GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["start"]) && is_numeric($GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["start"])) {
986 $ukeys = array_keys($units);
987 $GLOBALS["GOTMLS"]["scan"]["title"] .= " on ".date("Y-m-d", $GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["start"]);
988 if (isset($GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["finish"]) && is_numeric($GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["finish"]) && ($GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["finish"] >= $GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["start"])) {
989 $time = ($GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["finish"] - $GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["start"]);
990 for ($unit = $ukeys[0], $key=0; (isset($units[$ukeys[$key]]) && $key < (count($ukeys) - 1) && $time >= $units[$ukeys[$key]]); $unit = $ukeys[++$key])
991 $time = floor($time/$units[$ukeys[$key]]);
992 if (1 == $time)
993 $unit = substr($unit, 0, -1);
994 if ($time) {
995 $issues = "";
996 if (isset($GLOBALS["GOTMLS"]["scan"]["log"]["file_results"]) && is_array($GLOBALS["GOTMLS"]["scan"]["log"]["file_results"])) {
997 foreach ($GLOBALS["GOTMLS"]["scan"]["log"]["file_results"] as $clas => $found) {
998 if ($issues)
999 $issues .= " and ";
1000 else
1001 $issues .= " with ";
1002 $issues .= count($found)." $clas";
1003 }
1004 }
1005 $GLOBALS["GOTMLS"]["scan"]["title"] .= " and finished $issues in $time $unit";
1006 }
1007 } else
1008 $GLOBALS["GOTMLS"]["scan"]["title"] .= " was not finished!";
1009 } else
1010 $GLOBALS["GOTMLS"]["scan"]["title"] .= " failed to started!";
1011 return $GLOBALS["GOTMLS"]["scan"]["title"];
1012 }
1013
1014 function GOTMLS_load_scanlog($scanlog_key) {
1015 global $wpdb;
1016 if (GOTMLS_strlen($scanlog_key = preg_replace('/[^0-9a-f]++]i/', "", $scanlog_key)) != 32)
1017 $scanlog_key = preg_replace('/[^0-9a-f]++]i/', "", $GLOBALS["GOTMLS"]["tmp"]["mt"]);
1018 if ((GOTMLS_strlen($scanlog_key) == 32) && ($prs = $wpdb->get_results($wpdb->prepare("SELECT * FROM `{$wpdb->prefix}posts` WHERE post_type = %s AND post_name = %s", 'gotmls_results', $scanlog_key), ARRAY_A))) {
1019 $GLOBALS["GOTMLS"]["scan"]["key"] = $scanlog_key;
1020 if (!(isset($prs[0]["post_content"]) && (GOTMLS_strlen($prs[0]["post_content"])) && is_array($GLOBALS["GOTMLS"]["scan"]["log"] = json_decode($prs[0]["post_content"], true))))
1021 $GLOBALS["GOTMLS"]["scan"]["log"] = array();
1022 if (!isset($GLOBALS["GOTMLS"]["scan"]["title"]) && !(isset($prs[0]["post_title"]) && (GOTMLS_strlen($GLOBALS["GOTMLS"]["scan"]["title"] = $prs[0]["post_title"])))) {
1023 GOTMLS_scanlog_title();
1024 }
1025 return $scanlog_key;
1026 }
1027 return false;
1028 }
1029
1030 function GOTMLS_update_scanlog($scan_log, $status = "") {
1031 global $wpdb;
1032 if (is_array($scan_log)) {
1033 if (isset($GLOBALS["GOTMLS"]["scan"]["key"]) && GOTMLS_strlen($scanlog_key = preg_replace('/[^0-9a-f]++]i/', "", $GLOBALS["GOTMLS"]["scan"]["key"])) == 32) {
1034 $GLOBALS["GOTMLS"]["scan"]["log"] = GOTMLS_array_replace_recursive($GLOBALS["GOTMLS"]["scan"]["log"], $scan_log);
1035 $values = array("post_modified" => date("Y-m-d H:i:s", (int) $GLOBALS["GOTMLS"]["MT"]));
1036 $where = array("post_type" => 'gotmls_results', "post_name" => $scanlog_key);
1037 } else {
1038 $where = false;
1039 $values = array("post_modified" => date("Y-m-d H:i:s", (int) $GLOBALS["GOTMLS"]["MT"]), "post_date_gmt" => date("Y-m-d H:i:s", (int) $GLOBALS["GOTMLS"]["MT"]), "post_type" => 'gotmls_results', "post_parent" => 0);
1040 if (($prs = $wpdb->get_results($wpdb->prepare("SELECT ID FROM `{$wpdb->prefix}posts` WHERE post_type = %s ORDER BY post_date DESC LIMIT 1", 'gotmls_results'), ARRAY_A)) && isset($prs[0]["ID"]))
1041 $values["post_parent"] = $prs[0]["ID"];
1042 $GLOBALS["GOTMLS"]["scan"]["log"] = $scan_log;
1043 }
1044 if (isset($GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["percent"]) && is_numeric($GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["percent"]) && ($GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["percent"] >= 100))
1045 $GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["finish"] = time();
1046 if (isset($GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["finish"]) && is_numeric($GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["finish"])) {
1047 $values["post_modified_gmt"] = date("Y-m-d H:i:s", (int) $GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["finish"]);
1048 if (!isset($GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["start"]))
1049 $GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["start"] = $GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["finish"];
1050 }
1051 if (isset($GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["type"]) && !isset($GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["start"]))
1052 $GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["start"] = (int) $GLOBALS["GOTMLS"]["MT"];
1053 $values["post_content"] = json_encode($GLOBALS["GOTMLS"]["scan"]["log"]);
1054 $values["post_author"] = GOTMLS_get_current_user_id(0);
1055 $values["post_modified"] = date("Y-m-d H:i:s", (int) microtime(true));
1056 $values["post_status"] = 'private';
1057 if (!(isset($GLOBALS["GOTMLS"]["scan"]["log"]["settings"]) && is_array($GLOBALS["GOTMLS"]["scan"]["log"]["settings"])) && isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]))
1058 $GLOBALS["GOTMLS"]["scan"]["log"]["settings"] = $GLOBALS["GOTMLS"]["tmp"]["settings_array"];
1059 if (isset($GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["start"]) && is_numeric($GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["start"]) && ($GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["start"] > 0)) {
1060 $values["post_date"] = date("Y-m-d H:i:s", (int) $GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["start"]);
1061 $values["post_title"] = GOTMLS_scanlog_title();
1062 if ($where)
1063 $scan_log["updated" . $wpdb->update($wpdb->posts, $values, $where)] = $where;
1064 else {
1065 if (GOTMLS_strlen($GLOBALS["GOTMLS"]["scan"]["key"] = preg_replace('/[^0-9a-f]++]i/', "", $GLOBALS["GOTMLS"]["tmp"]["mt"])) != 32)
1066 $GLOBALS["GOTMLS"]["scan"]["key"] = md5($GLOBALS["GOTMLS"]["MT"]);
1067 $values["post_name"] = $GLOBALS["GOTMLS"]["scan"]["key"];
1068 $scan_log["inserted"] = $wpdb->insert($wpdb->posts, $values);
1069 }
1070 if (isset($GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["finish"]) && is_numeric($GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["finish"]) && GOTMLS_strlen($scanlog_key = preg_replace('/[^0-9a-f]++]i/', "", $GLOBALS["GOTMLS"]["scan"]["key"])) == 32) {
1071 if (isset($GLOBALS["GOTMLS"]["scan"]["log"]["file_results"]) && is_array($GLOBALS["GOTMLS"]["scan"]["log"]["file_results"]) && count($GLOBALS["GOTMLS"]["scan"]["log"]["file_results"]) && ($gotmls_results_ID = $wpdb->get_var($wpdb->prepare("SELECT `ID` FROM `$wpdb->posts` WHERE `post_type` = 'gotmls_results' AND `post_name` = %s", $scanlog_key)))) {
1072 $wpdb->delete($wpdb->postmeta, ["post_id" => $gotmls_results_ID]);
1073 foreach ($GLOBALS["GOTMLS"]["scan"]["log"]["file_results"] as $clas => $found) {
1074 $wpdb->insert($wpdb->postmeta, ["post_id" => $gotmls_results_ID, "meta_key" => $clas, "meta_value" => json_encode($found)]);
1075 }
1076 }
1077 }
1078 }
1079 }
1080 }
1081
1082 function GOTMLS_loaded() {
1083 if (headers_sent($filename, $linenum)) {
1084 if (!$filename)
1085 $filename = __("an unknown file",'gotmls');
1086 if (!is_numeric($linenum))
1087 $linenum = __("unknown",'gotmls');
1088 $GLOBALS["GOTMLS"]["tmp"]["HeadersError"] = GOTMLS_error_div(sprintf(__('<b>Headers already sent</b> in %1$s on line %2$s.<br />This is not a good sign, it may just be a poorly written plugin but Headers should not have been sent at this point.<br />Check the code in the above mentioned file to fix this problem.','gotmls'), $filename, $linenum));
1089 } elseif (isset($_GET["SESSION"]) && !session_id()) {
1090 @session_start();
1091 }
1092 if (session_id() && isset($_GET["SESSION"]) && $_GET["SESSION"] == "GOTMLS_debug" && ((isset($_GET["GOTMLS_debug"]) && "SESSION" == $_GET["GOTMLS_debug"]) || !isset($_SESSION["GOTMLS_debug"])))
1093 $_SESSION["GOTMLS_debug"] = array("GOTMLS_loaded" => microtime(true));
1094 }
1095 add_action("plugins_loaded", "GOTMLS_loaded");
1096
1097 if (!function_exists("add_action")) {
1098 GOTMLS_loaded();
1099 // GOTMLS_admin_notices();
1100 }
1101
1102 function GOTMLS_get_ext($filename) {
1103 $nameparts = explode(".", ".$filename");
1104 return strtolower($nameparts[(count($nameparts)-1)]);
1105 }
1106
1107 function GOTMLS_preg_match_all($threat_definition, $threat_name, $not_serialized = true) {
1108 if ($match = @preg_match_all($threat_definition, $GLOBALS["GOTMLS"]["tmp"]["file_contents"], $threats_found)) {
1109 $start = -1;
1110 if (!@preg_match_all($threat_definition, $GLOBALS["GOTMLS"]["tmp"]["new_contents"], $threat_found)) {
1111 $new_contents = $GLOBALS["GOTMLS"]["tmp"]["new_contents"];
1112 $GLOBALS["GOTMLS"]["tmp"]["new_contents"] = $GLOBALS["GOTMLS"]["tmp"]["file_contents"];
1113 } else
1114 $new_contents = false;
1115 foreach ($threats_found[0] as $find) {
1116 $potential_threat = GOTMLS_convert_r($find);
1117 $flen = GOTMLS_strlen($potential_threat);
1118 while (($start = strpos(GOTMLS_convert_r($GLOBALS["GOTMLS"]["tmp"]["file_contents"]), $potential_threat, $start+1)) !== false) {
1119 $GLOBALS["GOTMLS"]["tmp"]["threats_found"]["$start-".($flen+$start)] = "$threat_name";
1120 if ($not_serialized)
1121 $GLOBALS["GOTMLS"]["tmp"]["new_contents"] = str_replace($find, "", $GLOBALS["GOTMLS"]["tmp"]["new_contents"]);
1122 else
1123 $GLOBALS["GOTMLS"]["tmp"]["new_contents"] = substr($GLOBALS["GOTMLS"]["tmp"]["new_contents"], 0, $start).str_repeat(" ", $flen).substr($GLOBALS["GOTMLS"]["tmp"]["new_contents"], $start + $flen);
1124 }
1125 }
1126 if ($not_serialized && ($new_contents !== false) && GOTMLS_strlen($new_contents) < GOTMLS_strlen($GLOBALS["GOTMLS"]["tmp"]["new_contents"]))
1127 $GLOBALS["GOTMLS"]["tmp"]["new_contents"] = $new_contents;
1128 return count($GLOBALS["GOTMLS"]["tmp"]["threats_found"]);
1129 } else
1130 return $match;
1131 }
1132
1133 function GOTMLS_preg_last_pcre_error() {
1134 $DC = array('PREG_NO_ERROR', 'PREG_INTERNAL_ERROR', 'PREG_BACKTRACK_LIMIT_ERROR', 'PREG_RECURSION_LIMIT_ERROR', 'PREG_BAD_UTF8_ERROR', 'PREG_BAD_UTF8_OFFSET_ERROR');
1135 if (function_exists("preg_last_error") && ($key = (INT) preg_last_error()) && isset($DC[$key]))
1136 return $DC[$key];
1137 else
1138 return "";
1139 }
1140
1141 function GOTMLS_check_threat($check_threats, $file='UNKNOWN') {
1142 $GLOBALS["GOTMLS"]["tmp"]["threats_found"] = array();
1143 $GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["last_threat"] = microtime(true);
1144 $filekey = md5($GLOBALS["GOTMLS"]["tmp"]["file_contents"])."O".GOTMLS_strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]);
1145 if (is_array($check_threats)) {
1146 $path = str_replace("//", "/", "/".str_replace("\\", "/", substr($file, GOTMLS_strlen(ABSPATH))));
1147 if (substr($file, 0, GOTMLS_strlen(ABSPATH)) == ABSPATH && isset($check_threats[GOTMLS_wp_version]["$path"])) {
1148 if (($check_threats[GOTMLS_wp_version]["$path"] != $filekey) && ($source = GOTMLS_get_URL(GOTMLS_get_corefile_URL("$path", $check_threats[GOTMLS_wp_version]["$path"]))) && ($check_threats[GOTMLS_wp_version]["$path"] == md5($source)."O".GOTMLS_strlen($source))) {
1149 $GLOBALS["GOTMLS"]["tmp"]["new_contents"] = $source;
1150 $len = GOTMLS_strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]);
1151 if (GOTMLS_strlen($source) < $len)
1152 $len = GOTMLS_strlen($source);
1153 for ($start = 0, $end = 0; ($start == 0 || $end == 0) && $len > 0; $len--){
1154 if ($start == 0 && substr($source, 0, $len) == substr($GLOBALS["GOTMLS"]["tmp"]["file_contents"], 0, $len))
1155 $start = $len;
1156 if ($end == 0 && substr($source, -1 * $len) == substr($GLOBALS["GOTMLS"]["tmp"]["file_contents"], -1 * $len))
1157 $end = $len;
1158 }
1159 $GLOBALS["GOTMLS"]["tmp"]["threats_found"]["$start-".(GOTMLS_strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"])-$end)] = "Core File Modified";
1160 }
1161 } else {
1162 foreach ($check_threats as $threat_name=>$threat_definitions) {
1163 $GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["last_threat"] = microtime(true);
1164 if (is_array($threat_definitions) && count($threat_definitions) > 1 && GOTMLS_strlen($def_ver = array_shift($threat_definitions)) == 5 && (!(isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"]) && in_array($threat_name, $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"])))) {
1165 while ($threat_definition = array_shift($threat_definitions)) {
1166 $found = GOTMLS_preg_match_all($threat_definition, $threat_name);
1167 if ($found===false && ($err = GOTMLS_preg_last_pcre_error())) {
1168 $GLOBALS["GOTMLS"]["tmp"]["file_scan"]["errors"]["$threat_definition"] = $err;
1169 $GLOBALS["GOTMLS"]["tmp"]["errors"]["$def_ver"]["$filekey"] = $err;
1170 }
1171 }
1172 if (isset($_SESSION["GOTMLS_debug"])) {
1173 $_SESSION["GOTMLS_debug"]["threat_name"] = "$threat_name";// ($def_ver)";
1174 $file_time = sprintf('%f', (microtime(true) - $GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["last_threat"]));
1175 if (isset($_GET["GOTMLS_debug"]) && is_numeric($_GET["GOTMLS_debug"]) && $file_time > $_GET["GOTMLS_debug"])
1176 echo GOTMLS_htmlspecialchars("\n//GOTMLS_debug $file_time $threat_name $file\n");
1177 if (isset($GLOBALS["GOTMLS"]["tmp"]["errors"]["$def_ver"]["$filekey"]))
1178 $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["errors"]["$filekey"] = $GLOBALS["GOTMLS"]["tmp"]["errors"]["$def_ver"]["$filekey"];
1179 if (isset($_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["total"]))
1180 $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["total"] = sprintf('%f', $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["total"] + $file_time);
1181 else
1182 $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["total"] = $file_time;
1183 if (isset($_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["count"]))
1184 $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["count"]++;
1185 else
1186 $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["count"] = 1;
1187 if (!isset($_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["least"]) || $file_time < $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["least"])
1188 $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["least"] = $file_time;
1189 if (!isset($_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["most"]) || $file_time > $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["most"])
1190 $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["most"] = $file_time;
1191 }
1192 }
1193 }
1194 }
1195 } elseif (GOTMLS_strlen($check_threats) && isset($_GET['eli']) && GOTMLS_verify_regex($check_threats)) {
1196 $found = GOTMLS_preg_match_all($check_threats, $check_threats);
1197 if ($found===false && ($err = GOTMLS_preg_last_pcre_error()))
1198 $GLOBALS["GOTMLS"]["tmp"]["errors"]["$check_threats"]["$filekey"] = $err;
1199 }
1200 if (isset($_SESSION["GOTMLS_debug"])) {
1201 $file_time = sprintf('%f', (microtime(true) - $GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["last_threat"]));
1202 if (isset($_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_level"]]["total"]))
1203 $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_level"]]["total"] = sprintf('%f', $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_level"]]["total"] + $file_time);
1204 else
1205 $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_level"]]["total"] = $file_time;
1206 if (isset($_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_level"]]["count"]))
1207 $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_level"]]["count"]++;
1208 else
1209 $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_level"]]["count"] = 1;
1210 if (!isset($_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_level"]]["least"]) || $file_time < $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_level"]]["least"])
1211 $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_level"]]["least"] = $file_time;
1212 if (!isset($_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_level"]]["most"]) || $file_time > $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_level"]]["most"])
1213 $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_level"]]["most"] = $file_time;
1214 }
1215 return count($GLOBALS["GOTMLS"]["tmp"]["threats_found"]);
1216 }
1217
1218 function GOTMLS_verify_regex($RegExp) {
1219 if (preg_match('/^(\/|\#|\|).+\1[is]*$/', $RegExp))
1220 return $RegExp;
1221 else
1222 return "";
1223 }
1224
1225 function GOTMLS_is_whitelisted($MD5Ofile, $file = "") {
1226 if (!(isset($GLOBALS["GOTMLS"]["tmp"]["whitelist"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["whitelist"]))) {
1227 if (isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"][GOTMLS_wp_version]) && is_array($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"][GOTMLS_wp_version]))
1228 $GLOBALS["GOTMLS"]["tmp"]["whitelist"] = array_flip($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"][GOTMLS_wp_version]);
1229 else
1230 $GLOBALS["GOTMLS"]["tmp"]["whitelist"] = array();
1231 if (isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"])) {
1232 foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"] as $whitelist_file=>$non_threats) {
1233 if (is_array($non_threats) && count($non_threats) > 1) {
1234 if (isset($non_threats[0]))
1235 unset($non_threats[0]);
1236 $GLOBALS["GOTMLS"]["tmp"]["whitelist"] = array_merge($GLOBALS["GOTMLS"]["tmp"]["whitelist"], $non_threats);
1237 }
1238 }
1239 }
1240 }
1241 if (isset($GLOBALS["GOTMLS"]["tmp"]["whitelist"][$MD5Ofile]))
1242 return true;
1243 else
1244 return false;
1245 }
1246
1247 function GOTMLS_scanfile($file) {
1248 global $wpdb;
1249 $gt = ">"; // This local variable never changes
1250 $lt = "<"; // This local variable never changes
1251 $GLOBALS["GOTMLS"]["tmp"]["debug_fix"] = "Scanning...";
1252 $GLOBALS["GOTMLS"]["tmp"]["threats_found"] = array();
1253 $found = false;
1254 $threat_link = "";
1255 $MD5O = "O";
1256 $className = "scanned";
1257 $real_file = realpath($file);
1258 $clean_file = GOTMLS_encode($real_file);
1259 $GLOBALS["GOTMLS"]["tmp"]["file_scan"] = array("start" => microtime(true), "name" => $real_file, "size" => 0, "errors" => array());
1260 if (is_file($real_file) && ($filesize = filesize($real_file)) && GOTMLS_load_contents(@file_get_contents($real_file))) {
1261 $MD5O = md5($GLOBALS["GOTMLS"]["tmp"]["file_contents"]).'O';
1262 $GLOBALS["GOTMLS"]["tmp"]["file_scan"]["size"] = $filesize;
1263 if (GOTMLS_is_whitelisted($MD5O.$filesize))
1264 return GOTMLS_return_threat($className, "checked.gif?$className", $file, $threat_link);
1265 $GLOBALS["GOTMLS"]["tmp"]["new_contents"] = $GLOBALS["GOTMLS"]["tmp"]["file_contents"];
1266 if (isset($GLOBALS["GOTMLS"]["scan"]["log"]["settings"]["check_custom"]) && GOTMLS_strlen($GLOBALS["GOTMLS"]["scan"]["log"]["settings"]["check_custom"]) && isset($_GET['eli']) && GOTMLS_verify_regex($GLOBALS["GOTMLS"]["scan"]["log"]["settings"]["check_custom"]) && ($found = GOTMLS_check_threat($GLOBALS["GOTMLS"]["scan"]["log"]["settings"]["check_custom"])))
1267 $className = "known";
1268 else {
1269 $path = str_replace("//", "/", "/".str_replace("\\", "/", substr($file, GOTMLS_strlen(ABSPATH))));
1270 if (isset($_SESSION["GOTMLS_debug"])) {
1271 $_SESSION["GOTMLS_debug"]["file"] = $file;
1272 $_SESSION["GOTMLS_debug"]["last"]["total"] = microtime(true);
1273 }
1274 if (isset($GLOBALS["GOTMLS"]["tmp"]["threat_levels"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["threat_levels"])) {
1275 foreach ($GLOBALS["GOTMLS"]["tmp"]["threat_levels"] as $threat_level) {
1276 if ("db_scan" != $threat_level) {
1277 if (isset($_SESSION["GOTMLS_debug"])) {
1278 $_SESSION["GOTMLS_debug"]["threat_level"] = $threat_level;
1279 $_SESSION["GOTMLS_debug"]["last"]["threat_level"] = microtime(true);
1280 }
1281 if (in_array($threat_level, $GLOBALS["GOTMLS"]["scan"]["log"]["settings"]["check"]) && !$found && isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"][$threat_level]) && ($threat_level != "wp_core" || (substr($file, 0, GOTMLS_strlen(ABSPATH)) == ABSPATH && isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"][GOTMLS_wp_version]["$path"]))) && (!isset($GLOBALS["GOTMLS"]["tmp"]["threat_files"]["$threat_level"]) || (substr($file."e", (-1 * GOTMLS_strlen($GLOBALS["GOTMLS"]["tmp"]["threat_files"][$threat_level]."e"))) == $GLOBALS["GOTMLS"]["tmp"]["threat_files"][$threat_level]."e")) && ($found = GOTMLS_check_threat($GLOBALS["GOTMLS"]["tmp"]["definitions_array"][$threat_level],$file)))
1282 $className = $threat_level;
1283 }
1284 }
1285 }
1286 if (isset($_SESSION["GOTMLS_debug"])) {
1287 $file_time = round(microtime(true) - $_SESSION["GOTMLS_debug"]["last"]["total"], 5);
1288 if (isset($_SESSION["GOTMLS_debug"]["total"]["total"]))
1289 $_SESSION["GOTMLS_debug"]["total"]["total"] += $file_time;
1290 else
1291 $_SESSION["GOTMLS_debug"]["total"]["total"] = $file_time;
1292 if (isset($_SESSION["GOTMLS_debug"]["total"]["count"]))
1293 $_SESSION["GOTMLS_debug"]["total"]["count"] ++;
1294 else
1295 $_SESSION["GOTMLS_debug"]["total"]["count"] = 1;
1296 if (!isset($_SESSION["GOTMLS_debug"]["total"]["least"]) || $file_time < $_SESSION["GOTMLS_debug"]["total"]["least"])
1297 $_SESSION["GOTMLS_debug"]["total"]["least"] = $file_time;
1298 if (!isset($_SESSION["GOTMLS_debug"]["total"]["most"]) || $file_time > $_SESSION["GOTMLS_debug"]["total"]["most"])
1299 $_SESSION["GOTMLS_debug"]["total"]["most"] = $file_time;
1300 }
1301 }
1302 } else {
1303 GOTMLS_load_contents((is_file($real_file)?(is_readable($real_file)?(filesize($real_file)?__("Failed to read file contents!",'gotmls'):__("Empty file!",'gotmls')):(isset($_GET["eli"])?(@chmod($real_file, GOTMLS_CHMOD_FILE)?__("Fixed file permissions! (try again)",'gotmls'):__("File permissions read-only!",'gotmls')):__("File not readable!",'gotmls'))):__("File does not exist!",'gotmls')));
1304 $className = "errors";
1305 }
1306 if (count($GLOBALS["GOTMLS"]["tmp"]["threats_found"])) {
1307 $threat_link = $lt.'a target="GOTMLS_iFrame" href="'.GOTMLS_admin_url('GOTMLS_scan', GOTMLS_set_nonce(__FUNCTION__."1275").'&mt='.$GLOBALS["GOTMLS"]["tmp"]["mt"].'&GOTMLS_scan='.$clean_file).'" id="list_'.$clean_file.'" onclick="loadIframe(\''.str_replace("\"", "&quot;", $lt.'div style="float: left; white-space: nowrap;"'.$gt.GOTMLS_strip4java(__("Examine File",'gotmls')).' ... '.$lt.'/div'.$gt.$lt.'div style="overflow: hidden; position: relative; height: 20px;"'.$gt.$lt.'div style="position: absolute; right: 0px; text-align: right; width: 9000px;"'.$gt.GOTMLS_htmlspecialchars(GOTMLS_strip4java($file), ENT_NOQUOTES))."$lt/div$gt$lt/div$gt');\" class=\"GOTMLS_plugin\"$gt";
1308 if ($className == "errors") {
1309 $GLOBALS["GOTMLS"]["tmp"]["debug_fix"]="errors";
1310 $threat_link = GOTMLS_error_link($GLOBALS["GOTMLS"]["tmp"]["file_contents"], $file);
1311 $imageFile = "/blocked";
1312 } elseif ($className != "potential") {
1313 if (isset($_REQUEST["GOTMLS_fix"]) && is_array($_REQUEST["GOTMLS_fix"]) && in_array($clean_file, $_REQUEST["GOTMLS_fix"])) {
1314 $GLOBALS["GOTMLS"]["tmp"]["debug_fix"]="GOTMLS_fix";
1315 if (GOTMLS_get_nonce()) {
1316 if ($className == "timthumb") {
1317 if (($source = GOTMLS_get_URL("https://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/timthumb/timthumb.php")) && GOTMLS_strlen($source) > 500)
1318 $GLOBALS["GOTMLS"]["tmp"]["new_contents"] = $source;
1319 else
1320 $GLOBALS["GOTMLS"]["tmp"]["file_contents"] = "";
1321 } elseif ($className == 'wp_core') {
1322 $path = str_replace("//", "/", "/".str_replace("\\", "/", substr($file, GOTMLS_strlen(ABSPATH))));
1323 if (substr($file, 0, GOTMLS_strlen(ABSPATH)) == ABSPATH && isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"][GOTMLS_wp_version]["$path"]) && ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"][GOTMLS_wp_version]["$path"] != $MD5O.GOTMLS_strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"])) && ($source = GOTMLS_get_URL(GOTMLS_get_corefile_URL("$path", $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"][GOTMLS_wp_version]["$path"]))) && ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"][GOTMLS_wp_version]["$path"] == md5($source)."O".GOTMLS_strlen($source)))
1324 $GLOBALS["GOTMLS"]["tmp"]["new_contents"] = $source;
1325 else
1326 $GLOBALS["GOTMLS"]["tmp"]["file_contents"] = "";
1327 } else {
1328 $GOTMLS_no_contents = trim(preg_replace('/\/\*.*?\*\/\s*/s', "", $GLOBALS["GOTMLS"]["tmp"]["new_contents"]));
1329 $GOTMLS_no_contents = trim(preg_replace('/\n\s*\/\/.*/', "", $GOTMLS_no_contents));
1330 $GOTMLS_no_contents = trim(preg_replace('/'.$lt.'\?(php)?\s*(\?'.$gt.'|$)/is', "", $GOTMLS_no_contents));
1331 if (GOTMLS_strlen($GOTMLS_no_contents))
1332 $GLOBALS["GOTMLS"]["tmp"]["new_contents"] = trim(preg_replace('/'.$lt.'\?(php)?\s*(\?'.$gt.'|$)/is', "", $GLOBALS["GOTMLS"]["tmp"]["new_contents"]));
1333 else
1334 $GLOBALS["GOTMLS"]["tmp"]["new_contents"] = "";
1335 }
1336 if (GOTMLS_strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]) > 0 && (($Q_post = GOTMLS_write_quarantine($file, $className)) !== false) && ((GOTMLS_strlen($GLOBALS["GOTMLS"]["tmp"]["new_contents"])==0 && isset($_GET["eli"]) && ($_GET["eli"] == "delete") && @unlink($file)) || (($Write_File = GOTMLS_save_contents($file, $GLOBALS["GOTMLS"]["tmp"]["new_contents"])) !== false))) {
1337 echo __("Success!",'gotmls');
1338 return "/*--{$gt}*"."/\nfixedFile('$clean_file');\n/*{$lt}!--*"."/";
1339 } else {
1340 echo __("Failed:",'gotmls').' '.(GOTMLS_strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"])?((is_writable(dirname($file)) && is_writable($file))?(($Q_post===false)?__("failed to quarantine!",'gotmls')." (".GOTMLS_htmlspecialchars($wpdb->last_error).")":((isset($Write_File)&&$Write_File)?"Q=$Q_post: ".__("reason unknown!",'gotmls'):"Q=$Q_post: ".__("failed to write!",'gotmls'))):__("file not writable!",'gotmls')):__("no file contents!",'gotmls'));
1341 if (isset($_GET["eli"]))
1342 echo get_current_user().$lt."br$gt{$lt}pre$gt file_stat".print_r(stat($file), true);
1343 return "/*--{$gt}*"."/\nfailedFile('$clean_file');\n/*{$lt}!--*"."/";
1344 }
1345 } else {
1346 echo GOTMLS_Invalid_Nonce(__("Failed: ",'gotmls'));
1347 return "/*--{$gt}*"."/\nfailedFile('$clean_file');\n/*{$lt}!--*"."/";
1348 }
1349 }
1350 $GLOBALS["GOTMLS"]["tmp"]["debug_fix"]=isset($_POST["GOTMLS_fix"])?"GOTMLS_fix=".GOTMLS_htmlspecialchars(preg_replace('/[\r\n]+/', ' ', print_r($_POST["GOTMLS_fix"],1))):"!potential";
1351 $threat_link = $lt.'input type="checkbox" name="GOTMLS_fix[]" value="'.$clean_file.'" id="check_'.$clean_file.(($className != "wp_core||ifitis")?'" checked="'.$className:'').'" /'.$gt.$threat_link;
1352 $imageFile = "threat";
1353 } elseif (isset($_POST["GOTMLS_fix"]) && is_array($_POST["GOTMLS_fix"]) && in_array($clean_file, $_POST["GOTMLS_fix"])) {
1354 echo __("Already Fixed!",'gotmls');
1355 return "/*-->*"."/\nfixedFile('$clean_file');\n/*<!--*"."/";
1356 } else
1357 $imageFile = "question";
1358 return GOTMLS_return_threat($className, $imageFile, $file, str_replace("GOTMLS_plugin", "GOTMLS_plugin $className", $threat_link));
1359 } elseif (isset($_POST["GOTMLS_fix"]) && is_array($_POST["GOTMLS_fix"]) && in_array($clean_file, $_POST["GOTMLS_fix"])) {
1360 $GLOBALS["GOTMLS"]["tmp"]["debug_fix"]="Already Fixed";
1361 echo __("Already Fixed!",'gotmls');
1362 return "/*--{$gt}*"."/\nfixedFile('$clean_file');\n/*{$lt}!--*"."/";
1363 } else {
1364 $GLOBALS["GOTMLS"]["tmp"]["debug_fix"]="no threat";
1365 return GOTMLS_return_threat($className, ($className=="scanned"?"checked":"blocked").".gif?$className", $file, $threat_link);
1366 }
1367 }
1368
1369 function GOTMLS_db_scan($id = 0) {
1370 global $wpdb;
1371 $li_js = "";
1372 if (isset($GLOBALS["GOTMLS"]["scan"]["log"]["settings"]["check"]) && is_array($GLOBALS["GOTMLS"]["scan"]["log"]["settings"]["check"]) && in_array("db_scan", $GLOBALS["GOTMLS"]["scan"]["log"]["settings"]["check"]) && isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["db_scan"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["db_scan"]) && count($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["db_scan"])) {
1373 if ($id) {
1374 $encoded_id = GOTMLS_encode($id);
1375 $ids = explode(".", $id.'.');
1376 if (count($ids) > 2 && 'tbl'.$ids[1] == 'tbl1' && is_numeric($ids[0]) && ($Q_post = $wpdb->get_row($wpdb->prepare("SELECT * FROM `$wpdb->options` WHERE `option_id` = %s", (INT) $ids[0]), ARRAY_A))) {
1377 $path = 'Option ID: '.$Q_post["option_id"];
1378 $clean_file = $Q_post["option_name"];
1379 $fa = "";
1380 GOTMLS_load_contents($Q_post["option_value"]);
1381 $not_serialized = !(is_array(GOTMLS_uckserialize($GLOBALS["GOTMLS"]["tmp"]["new_contents"] = $Q_post["option_value"])));
1382 $found = 0;
1383 $GLOBALS["GOTMLS"]["tmp"]["threats_found"] = array();
1384 foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["db_scan"] as $scan_sql => $scan_regex) {
1385 $GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["last_threat"] = microtime(true);
1386 $threat_name = array_shift($scan_regex);
1387 while ($threat_definition = array_shift($scan_regex))
1388 $found += GOTMLS_preg_match_all($threat_definition, $threat_name, $not_serialized);
1389 }
1390 if (isset($GLOBALS["GOTMLS"]["tmp"]["threats_found"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["threats_found"]) && count($GLOBALS["GOTMLS"]["tmp"]["threats_found"])) {
1391 $f = 1;
1392 foreach ($GLOBALS["GOTMLS"]["tmp"]["threats_found"] as $threats_found => $threats_name) {
1393 list($start, $end, $junk) = explode("-", "$threats_found--", 3);
1394 if ($start > $end)
1395 $fa .= 'ERROR['.($f++).']: Threat_size{'.$threats_found.'} Content_size{'.GOTMLS_strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]).'}';
1396 else
1397 $fa .= ' <a title="'.GOTMLS_htmlspecialchars($threats_name).'" href="javascript:select_text_range(\'ta_file\', '.$start.', '.$end.');">['.$f++.']</a>';
1398 }
1399 } else
1400 $fa = " No Threats Found";
1401 if (isset($_REQUEST["GOTMLS_fix"]) && is_array($_REQUEST["GOTMLS_fix"]) && in_array($encoded_id, $_REQUEST["GOTMLS_fix"]) && isset($_REQUEST["GOTMLS_fixing"]) && $_REQUEST["GOTMLS_fixing"] > 0) {
1402 GOTMLS_write_quarantine($Q_post, "db_scan");
1403 if ($_REQUEST["GOTMLS_fixing"] > 1) {
1404 echo "<li>Removing $path ... ";
1405 if ($wpdb->query($wpdb->prepare("DELETE FROM `$wpdb->options` WHERE `option_id` = %s", (INT) $Q_post["option_id"]))) {
1406 echo __("Done!",'gotmls');
1407 $li_js .= "/*-->*"."/\nDeletedFile('$encoded_id');\n/*<!--*"."/";
1408 } else {
1409 echo __("Failed to delete!",'gotmls');
1410 $li_js .= "/*-->*"."/\nfailedFile('$encoded_id');\n/*<!--*"."/";
1411 }
1412 GOTMLS_update_scanlog(array("scan" => array("finish" => time(), "type" => "Removal of Option")));
1413 } else {
1414 echo "<li>Fixing $path ... ";
1415 if ($wpdb->update($wpdb->options, array("option_value" => $GLOBALS["GOTMLS"]["tmp"]["new_contents"]), array('option_id' => $Q_post["option_id"]))) {
1416 echo __("Success!",'gotmls');
1417 $li_js .= "/*-->*"."/\nfixedFile('$encoded_id');\n/*<!--*"."/";
1418 } else {
1419 echo __("Update Failed!",'gotmls');
1420 $li_js .= "/*-->*"."/\nfailedFile('$encoded_id');\n/*<!--*"."/";
1421 }
1422 GOTMLS_update_scanlog(array("scan" => array("finish" => time(), "type" => "Removal from Option")));
1423 }
1424 return $li_js;
1425 } else {
1426 return '<form style="margin: 0;" method="post" action="'.admin_url('admin-ajax.php?'.GOTMLS_set_nonce(__FUNCTION__."1394")).'" onsubmit="return confirm(\''.__("Are you sure you want to delete this option?",'gotmls').'\');"><input type="hidden" name="GOTMLS_fixing" value="2"><input type="hidden" name="action" value="GOTMLS_fix"><input type="submit" value="Delete this Option" style="float: right;"><input type="hidden" name="GOTMLS_fix[]" value="'.$encoded_id.'"></form><div id="fileperms" class="shadowed-box rounded-corners" style="display: none; position: absolute; left: 8px; top: 29px; background-color: #ccc; border: medium solid #C00; box-shadow: -3px 3px 3px #666; border-radius: 10px; padding: 10px;"><b>Record Details</b><br />encoding: '.(isset($GLOBALS["GOTMLS"]["tmp"]["encoding"])?$GLOBALS["GOTMLS"]["tmp"]["encoding"]:"Unknown").'<br />size: '.GOTMLS_strlen(GOTMLS_convert_r($GLOBALS["GOTMLS"]["tmp"]["file_contents"])).' bytes</div><div style="overflow: auto;"><span onmouseover="document.getElementById(\'fileperms\').style.display=\'block\';" onmouseout="document.getElementById(\'fileperms\').style.display=\'none\';">'.__("Record Details:",'gotmls').'</span> ('.$fa.' )</div></td></tr><tr><td style="height: 100%"><textarea id="ta_file" style="width: 100%; height: 100%">'.GOTMLS_htmlentities(GOTMLS_convert_r($GLOBALS["GOTMLS"]["tmp"]["file_contents"])).'</textarea></td></tr></table>';
1427 }
1428 } elseif (($Q_post = GOTMLS_get_quarantine($ids[0])) && isset($Q_post["post_content"])) {
1429 $path = $Q_post["post_type"].' ID: '.$Q_post["ID"];
1430 $clean_file = $Q_post["post_title"];
1431 $fa = "";
1432 GOTMLS_load_contents($Q_post["post_content"]);
1433 $not_serialized = !(is_array(GOTMLS_uckserialize($GLOBALS["GOTMLS"]["tmp"]["new_contents"] = $Q_post["post_content"])));
1434 $found = 0;
1435 $GLOBALS["GOTMLS"]["tmp"]["threats_found"] = array();
1436 foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["db_scan"] as $scan_sql => $scan_regex) {
1437 $GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["last_threat"] = microtime(true);
1438 $threat_name = array_shift($scan_regex);
1439 while ($threat_definition = array_shift($scan_regex))
1440 $found += GOTMLS_preg_match_all($threat_definition, $threat_name, $not_serialized);
1441 }
1442 if (isset($GLOBALS["GOTMLS"]["tmp"]["threats_found"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["threats_found"]) && count($GLOBALS["GOTMLS"]["tmp"]["threats_found"])) {
1443 $f = 1;
1444 foreach ($GLOBALS["GOTMLS"]["tmp"]["threats_found"] as $threats_found => $threats_name) {
1445 list($start, $end, $junk) = explode("-", "$threats_found--", 3);
1446 if ($start > $end)
1447 $fa .= 'ERROR['.($f++).']: Threat_size{'.$threats_found.'} Content_size{'.GOTMLS_strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]).'}';
1448 else
1449 $fa .= ' <a title="'.GOTMLS_htmlspecialchars($threats_name).'" href="javascript:select_text_range(\'ta_file\', '.$start.', '.$end.');">['.$f++.']</a>';
1450 }
1451 } else
1452 $fa = " No Threats Found";
1453 if (isset($_REQUEST["GOTMLS_fix"]) && is_array($_REQUEST["GOTMLS_fix"]) && in_array($encoded_id, $_REQUEST["GOTMLS_fix"]) && isset($_REQUEST["GOTMLS_fixing"]) && $_REQUEST["GOTMLS_fixing"] > 0) {
1454 if ($_REQUEST["GOTMLS_fixing"] > 1) {
1455 echo "<li>Removing $path ... ";
1456 $Q_post["post_status"] = "trash";
1457 if (wp_update_post($Q_post)) {
1458 echo __("Done!",'gotmls');
1459 $li_js .= "/*-->*"."/\nDeletedFile('$encoded_id');\n/*<!--*"."/";
1460 } else {
1461 echo __("Failed to delete!",'gotmls');
1462 $li_js .= "/*-->*"."/\nfailedFile('$encoded_id');\n/*<!--*"."/";
1463 }
1464 GOTMLS_update_scanlog(array("scan" => array("finish" => time(), "type" => "Removal of Revision")));
1465 } else {
1466 echo "<li>Fixing $path ... ";
1467 GOTMLS_write_quarantine($Q_post, "db_scan");
1468 $Q_post["post_content"] = $GLOBALS["GOTMLS"]["tmp"]["new_contents"];
1469 if (wp_update_post($Q_post)) {
1470 echo __("Success!",'gotmls');
1471 $li_js .= "/*-->*"."/\nfixedFile('$encoded_id');\n/*<!--*"."/";
1472 } else {
1473 echo __("Update Failed!",'gotmls');
1474 $li_js .= "/*-->*"."/\nfailedFile('$encoded_id');\n/*<!--*"."/";
1475 }
1476 GOTMLS_update_scanlog(array("scan" => array("finish" => time(), "type" => "Removal from Content")));
1477 }
1478 return $li_js;
1479 } else {
1480 return '<form style="margin: 0;" method="post" action="'.admin_url('admin-ajax.php?'.GOTMLS_set_nonce(__FUNCTION__."1448")).($Q_post["post_type"]=="revision"?'" onsubmit="return confirm(\''.__("Are you sure you want to delete this revision?",'gotmls').'\');"><input type="hidden" name="GOTMLS_fixing" value="2"><input type="hidden" name="action" value="GOTMLS_fix"><input type="submit" value="Delete this revision" style="float: right;"><input type="hidden" name="GOTMLS_fix[]" value="'.$encoded_id:"").'"></form><div id="fileperms" class="shadowed-box rounded-corners" style="display: none; position: absolute; left: 8px; top: 29px; background-color: #ccc; border: medium solid #C00; box-shadow: -3px 3px 3px #666; border-radius: 10px; padding: 10px;"><b>Record Details</b><br />encoding: '.(isset($GLOBALS["GOTMLS"]["tmp"]["encoding"])?$GLOBALS["GOTMLS"]["tmp"]["encoding"]:"Unknown").'<br />size: '.GOTMLS_strlen(GOTMLS_convert_r($GLOBALS["GOTMLS"]["tmp"]["file_contents"])).' bytes<br />last_modified:'.$Q_post["post_modified_gmt"].'<br />post_type:'.$Q_post["post_type"].'<br />author:'.$Q_post["post_author"].'<br />status:'.$Q_post["post_status"].'</div><div style="overflow: auto;"><span onmouseover="document.getElementById(\'fileperms\').style.display=\'block\';" onmouseout="document.getElementById(\'fileperms\').style.display=\'none\';">'.__("Record Details:",'gotmls').'</span> ('.$fa.' )</div></td></tr><tr><td style="height: 100%"><textarea id="ta_file" style="width: 100%; height: 100%">'.GOTMLS_htmlentities(GOTMLS_convert_r($GLOBALS["GOTMLS"]["tmp"]["file_contents"])).'</textarea></td></tr></table>';
1481 }
1482 } else
1483 die(GOTMLS_html_tags(array("html" => array("body" => __("This record no longer exists.",'gotmls')."<br />\n<script type=\"text/javascript\">\nwindow.parent.showhide('GOTMLS_iFrame', true);\n</script>"))));
1484 } else {
1485 $threats_found = array();
1486 $and = "";
1487 if (!isset($_REQUEST["eli"]))
1488 $and .= " AND `post_status` != 'trash'";
1489 if (isset($_REQUEST["limit"]) && is_numeric($_REQUEST["limit"]))
1490 $and .= " LIMIT ".((INT) $_REQUEST["limit"]);
1491 if (isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["db_scan"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["db_scan"])) {
1492 if (isset($_GET["GOTMLS_scan"]) && GOTMLS_strlen($_GET["GOTMLS_scan"]) > 8 && isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["db_scan"][substr($_GET["GOTMLS_scan"], 8)])) {
1493 $scan_replace = str_replace("db_scan", "Database for ", GOTMLS_htmlspecialchars($_GET["GOTMLS_scan"]));
1494 $db_scan_a = array(GOTMLS_sanitize(substr($_GET["GOTMLS_scan"], 8)) => $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["db_scan"][substr($_GET["GOTMLS_scan"], 8)]);
1495 } elseif (isset($_GET["GOTMLS_only_file"]) && GOTMLS_strlen($_GET["GOTMLS_only_file"]) && isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["db_scan"][GOTMLS_decode($_GET["GOTMLS_only_file"])])) {
1496 $scan_replace = str_replace("db_scan", ("Database only $and for "), GOTMLS_htmlspecialchars("db_scan=".htmlspecialchars_decode(GOTMLS_decode($_GET["GOTMLS_only_file"]))));
1497 $_GET["GOTMLS_scan"] = "db_scan=".GOTMLS_decode($_GET["GOTMLS_only_file"]);
1498 $db_scan_a = array(GOTMLS_decode($_GET["GOTMLS_only_file"]) => $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["db_scan"][GOTMLS_decode($_GET["GOTMLS_only_file"])]);
1499 } else {
1500 $scan_replace = str_replace("db_scan", "Database", GOTMLS_htmlspecialchars($_GET["GOTMLS_scan"]));
1501 $db_scan_a = $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["db_scan"];
1502 }
1503 echo "/*<!--*"."/".GOTMLS_update_status(sprintf(__("Scanning %s",'gotmls'), $scan_replace));
1504 GOTMLS_flush();
1505 $li_js .= "/*<!--*"."/".GOTMLS_return_threat("dir", "checked", GOTMLS_htmlspecialchars($_GET["GOTMLS_scan"])).GOTMLS_update_status(sprintf(__("Scanned %s",'gotmls'), $scan_replace));
1506 } else {
1507 echo "/*<!--*"."/".GOTMLS_update_status(sprintf(__("No Definitions for DB Injections!",'gotmls')));
1508 GOTMLS_flush();
1509 $li_js .= GOTMLS_return_threat("error", "question", GOTMLS_htmlspecialchars($_GET["GOTMLS_scan"]));
1510 $db_scan_a = GOTMLS_sanitize($_GET["GOTMLS_scan"]);
1511 }
1512 if (isset($db_scan_a) && is_array($db_scan_a)) {
1513 echo "\n//memory_limit=".@ini_get("memory_limit")."\n";
1514 foreach ($db_scan_a as $scan_sql => $scan_regex) {
1515 if (!in_array(GOTMLS_sanitize($scan_sql), $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"])) {
1516 $SQL = preg_replace('/\{[a-f0-9]{64}\}/', '%', $wpdb->prepare("SELECT * FROM `$wpdb->posts` WHERE `post_content` LIKE %s $and", $scan_sql));
1517 $threat_name = array_shift($scan_regex);
1518 if (($found_row = $wpdb->get_results($SQL, ARRAY_A)) && is_array($found_row) && count($found_row)) {
1519 $val = count($found_row);
1520 if (isset($_REQUEST["eli"]) && ($_REQUEST["eli"] == "debug"))
1521 echo GOTMLS_return_threat("db_scan", "question", (print_r(array("scan_regex:"=>$scan_regex,"SQL:"=>$SQL),1)), GOTMLS_error_link("$val Rows", 0));//debug
1522 foreach ($found_row as $frow) {
1523 $encoded_id = GOTMLS_encode($frow["ID"].'.0');
1524 $found = 0;
1525 if ($frow["post_type"] != "revision" || isset($_REQUEST["eli"])) {
1526 GOTMLS_load_contents($frow["post_content"]);
1527 $not_serialized = !(is_array(GOTMLS_uckserialize($frow["post_content"])));
1528 $GLOBALS["GOTMLS"]["tmp"]["threats_found"] = array();
1529 $GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["last_threat"] = microtime(true);
1530 foreach ($scan_regex as $threat_definition)
1531 $found += GOTMLS_preg_match_all($threat_definition, $threat_name, $not_serialized);
1532 if ($found && !isset($threats_found['row_id_'.$encoded_id])) {
1533 echo str_replace($frow["ID"].'</a>', '</a><a target="_blank" title="Open '.$frow["post_type"].'" href="'.admin_url(($frow["post_type"]=="revision")?'revision.php?revision='.$frow["ID"].'">View Revision: ':'post.php?action=edit&post='.$frow["ID"].'">Edit '.$frow["post_type"].': ').$frow["ID"].'</a>', GOTMLS_return_threat("db_scan", "threat", "$found $threat_name \"".str_replace('%', '*', trim($scan_sql, "%")).'" in '.$frow["post_type"]."(".(($frow["post_status"]=='inherit')?$frow["post_parent"]:$frow["post_status"]).'):"'.GOTMLS_htmlspecialchars($frow["post_title"]).'":'.$frow["ID"], '<input type="checkbox" name="GOTMLS_fix[]" id="check_'.$encoded_id.'" value="'.$encoded_id.'" checked="true">'.GOTMLS_error_link(__("View DB Injection",'gotmls'), $frow["ID"].'.0', "db_scan")));
1534 $threats_found['row_id_'.$encoded_id] = $threat_name;
1535 } elseif (isset($_REQUEST["eli"]) && ($_REQUEST["eli"] == "debug"))
1536 echo GOTMLS_return_threat("db_scan", "question", (print_r(array("post_id"=>$frow["ID"], "scan_regex:"=>$scan_regex,"SQL:"=>$SQL),1)), GOTMLS_error_link("No preg_match", 0));//debug
1537 }
1538 }
1539 }
1540 if (($found_row = $wpdb->get_results(preg_replace('/\{[a-f0-9]{64}\}/', '%', $wpdb->prepare("SELECT * FROM `$wpdb->options` WHERE `option_value` LIKE %s", $scan_sql)), ARRAY_A)) && is_array($found_row) && count($found_row)) {
1541 $val = count($found_row);
1542 if (isset($_REQUEST["eli"]) && ($_REQUEST["eli"] == "debug"))
1543 echo GOTMLS_return_threat("db_scan", "question", (print_r(array("scan_regex:"=>$scan_regex,"SQL:"=>$SQL),1)), GOTMLS_error_link("$val Rows", 0));//debug
1544 foreach ($found_row as $frow) {
1545 $GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["last_threat"] = microtime(true);
1546 $GLOBALS["GOTMLS"]["tmp"]["threats_found"] = array();
1547 $encoded_id = GOTMLS_encode($frow["option_id"].'.1');
1548 $found = 0;
1549 GOTMLS_load_contents($frow["option_value"]);
1550 $not_serialized = !(is_array(GOTMLS_uckserialize($frow["option_value"])));
1551 foreach ($scan_regex as $threat_definition)
1552 $found += GOTMLS_preg_match_all($threat_definition, $threat_name, $not_serialized);
1553 if ($found && !isset($threats_found['row_id_'.$encoded_id])) {
1554 echo GOTMLS_return_threat("db_scan", "threat", "$found $threat_name \"".str_replace('%', '*', trim($scan_sql, "%")).'" in '."$wpdb->options:".GOTMLS_htmlspecialchars($frow["option_name"]).'":'.$frow["option_id"].'.1', '<input type="checkbox" name="GOTMLS_fix[]" id="check_'.$encoded_id.'" value="'.$encoded_id.'" checked="true">'.GOTMLS_error_link(__("View DB Injection",'gotmls'), $frow["option_id"].'.1', "db_scan"));
1555 $threats_found['row_id_'.$encoded_id] = $threat_name;
1556 } elseif (isset($_REQUEST["eli"]) && ($_REQUEST["eli"] == "debug"))
1557 echo GOTMLS_return_threat("db_scan", "question", (print_r(array("post_id"=>$frow["ID"], "scan_regex:"=>$scan_regex,"SQL:"=>$SQL),1)), GOTMLS_error_link("No preg_match", 0));//debug
1558 }
1559 }
1560 }
1561 }
1562 }
1563 //
1564 }
1565 } else {
1566 $li_js .= "/*<!--*"."/".GOTMLS_return_threat("skipdirs", "blocked", "db_scan").GOTMLS_update_status(__("Skipped DB Scan",'gotmls'));
1567 }
1568 GOTMLS_update_scanlog(array("scan" => array("finish" => time())));
1569 return "$li_js/*-->*"."/\nscanNextDir(-1);\n/*<!--*"."/";
1570 }
1571
1572 function GOTMLS_remove_dots($dir) {
1573 if ($dir != "." && $dir != "..")
1574 return $dir;
1575 }
1576
1577 function GOTMLS_getfiles($dir) {
1578 $files = false;
1579 if (is_dir($dir)) {
1580 if (function_exists("scandir"))
1581 $files = @scandir($dir);
1582 if (is_array($files))
1583 $files = array_filter($files, "GOTMLS_remove_dots");
1584 elseif ($handle = @opendir($dir)) {
1585 $files = array();
1586 while (false !== ($entry = readdir($handle)))
1587 if ($entry != "." && $entry != "..")
1588 $files[] = "$entry";
1589 closedir($handle);
1590 } else
1591 $files = GOTMLS_read_error($dir);
1592 }
1593 return $files;
1594 }
1595
1596 function GOTMLS_return_threat($className, $imageFile, $fileName, $link = "") {
1597 global $GOTMLS_image_alt;
1598 $fileNameJS = GOTMLS_strip4java(str_replace("db_scan", "Database", str_replace("db_scan=", "Database Query ", GOTMLS_replace_dirname(htmlspecialchars_decode($fileName)))));
1599 $fileName64 = GOTMLS_encode(htmlspecialchars_decode($fileName));
1600 $li_js = "/*-->*"."/";
1601 $imageF = explode(".", $imageFile.".");
1602 if ($className != "scanned") {
1603 $li_js .= "\n$className++;\ndivx=document.getElementById('found_$className');\nif (divx) {\n\tvar newli = document.createElement('li');\n\tnewli.innerHTML='<img src=\"".GOTMLS_strip4java(GOTMLS_images_path.$imageFile).'.gif" height=16 width=16 alt="'.$GOTMLS_image_alt[$imageF[0]].'" style="float: left;" id="'.$imageFile."_$fileName64\">".GOTMLS_strip4java($link, true).$fileNameJS.($link?"</a>';\n\tdivx.display='block":"")."';\n\tdivx.appendChild(newli);\n}";
1604 if (substr($className, 0, 3) != "dir" && substr($className, 0, 4) != "skip") {
1605 if (!(isset($GLOBALS["GOTMLS"]["scan"]["log"]["file_results"]) && is_array($GLOBALS["GOTMLS"]["scan"]["log"]["file_results"])))
1606 $GLOBALS["GOTMLS"]["scan"]["log"]["file_results"] = array();
1607 if (isset($GLOBALS["GOTMLS"]["scan"]["log"]["file_results"]["$className"]) && is_array($GLOBALS["GOTMLS"]["scan"]["log"]["file_results"]["$className"]))
1608 $GLOBALS["GOTMLS"]["scan"]["log"]["file_results"]["$className"][] = "$fileName";
1609 else
1610 $GLOBALS["GOTMLS"]["scan"]["log"]["file_results"]["$className"] = array("$fileName");
1611 }
1612 } elseif ($GLOBALS["GOTMLS"]["scan"]["log"]["settings"]["scan_depth"] == 1) {
1613 if (isset($GLOBALS["GOTMLS"]["tmp"]["file_scan"]["errors"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["file_scan"]["errors"]) && count($GLOBALS["GOTMLS"]["tmp"]["file_scan"]["errors"]))
1614 $text = preg_replace('/[\r\n]/', " ", print_r($GLOBALS["GOTMLS"]["tmp"]["file_scan"]["errors"],1));
1615 else
1616 $text = (isset($GLOBALS["GOTMLS"]["tmp"]["file_scan"]["size"]) ? $GLOBALS["GOTMLS"]["tmp"]["file_scan"]["size"]." bytes" : "Size Errors");
1617 $link = GOTMLS_error_link(htmlspecialchars($text), $fileName, substr($text, -1)=="s"?$className:"potential");
1618 $li_js .= "\ndivx=document.getElementById('found_$className');\nif (divx) {\n\tvar newli = document.createElement('li');\n\tnewli.innerHTML='<img src=\"".GOTMLS_strip4java(GOTMLS_images_path.$imageFile).'.gif" height=16 width=16 alt="'.$GOTMLS_image_alt[$imageF[0]].'" style="float: left;" id="'.$imageFile."_$fileName64\">".round(microtime(true)-$GLOBALS["GOTMLS"]["tmp"]["file_scan"]["start"], 4).GOTMLS_strip4java($link, true).$fileNameJS.($link?"</a>';\n\tdivx.display='block":"")."';\n\tdivx.appendChild(newli);\n}";
1619 }
1620 if ($className == "errors")
1621 $li_js .= "\ndivx=document.getElementById('wait_$fileName64');\nif (divx) {\n\tdivx.src='".GOTMLS_images_path."blocked.gif';\n\tdirerrors++;\n}";
1622 elseif (is_file($fileName))
1623 $li_js .= "\nscanned++;\n";
1624 if ($className == "dir")
1625 $li_js .= "\ndivx=document.getElementById('wait_$fileName64');\nif (divx)\n\tdivx.src='".GOTMLS_images_path."checked.gif';";
1626 return $li_js."\n/*<!--*"."/";
1627 }
1628
1629 function GOTMLS_slash($dir = __FILE__) {
1630 if (substr($dir.' ', 1, 1) == ':' || substr($dir.' ', 0, 1) == "\\")
1631 return "\\";
1632 else
1633 return '/';
1634 }
1635
1636 function GOTMLS_trailingslashit($dir = "") {
1637 if (substr(' '.$dir, -1) != GOTMLS_slash($dir))
1638 $dir .= GOTMLS_slash($dir);
1639 return $dir;
1640 }
1641
1642 function GOTMLS_explode_dir($dir, $pre = '') {
1643 if (GOTMLS_strlen($pre))
1644 $dir = GOTMLS_slash($dir).$pre.$dir;
1645 return explode(GOTMLS_slash($dir), $dir);
1646 }
1647
1648 function GOTMLS_html_tags($tags, $inner = array()) {
1649 $html = "";
1650 $gt = ">"; // This local variable never changes
1651 if (!is_array($tags))
1652 $tags = array($tags => (is_array($inner)?(isset($inner["contents"])?$inner["contents"]:""):$inner));
1653 foreach ($tags as $tag => $contents) {
1654 if (!is_numeric($tag))
1655 $html .= ($tag=="html"?"<!DOCTYPE html$gt":"")."<$tag".(isset($inner[$tag])?" ".$inner[$tag]:"").$gt;
1656 if (is_array($contents))
1657 $html .= GOTMLS_html_tags($contents, $inner);
1658 else
1659 $html .= $contents;
1660 if ((!is_numeric($tag)) && substr($tag, -1) != '/')
1661 $html .= "</$tag$gt";
1662 }
1663 return $html;
1664 }
1665
1666 function GOTMLS_write_quarantine($file, $className, $post_status = "private") {
1667 global $wpdb;
1668 $insert = array("post_author"=>GOTMLS_get_current_user_id(), "post_content"=>GOTMLS_encode($GLOBALS["GOTMLS"]["tmp"]["file_contents"]), "post_mime_type"=>md5($GLOBALS["GOTMLS"]["tmp"]["file_contents"]), "post_name"=>$className, "post_status"=>$post_status, "post_type"=>"GOTMLS_quarantine", "post_content_filtered"=>GOTMLS_encode($GLOBALS["GOTMLS"]["tmp"]["new_contents"]), "guid"=>GOTMLS_Version);
1669 if (isset($file["ID"]) && is_numeric($file["ID"])) {
1670 $insert["post_modified"] = $file["post_modified"];
1671 $insert["post_modified_gmt"] = $file["post_modified_gmt"];
1672 $file = $file["post_type"].':'.$file["ID"].':"'.$file["post_title"].'"';
1673 } elseif (isset($file["option_id"]) && is_numeric($file["option_id"])) {
1674 $insert["post_modified"] = gmdate("Y-m-d H:i:s");
1675 $insert["post_modified_gmt"] = gmdate("Y-m-d H:i:s");
1676 $file = $wpdb->options.':'.$file["option_id"].':"'.$file["option_name"].'"';
1677 }
1678 $insert["comment_count"] = GOTMLS_strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]);
1679 $insert["post_title"] = $file;
1680 $insert["post_date"] = gmdate("Y-m-d H:i:s");
1681 $insert["post_date_gmt"] = $insert["post_date"];
1682 if (is_file($file)) {
1683 if (@filemtime($file))
1684 $insert["post_modified"] = gmdate("Y-m-d H:i:s", filemtime($file));
1685 else
1686 $insert["post_modified"] = $insert["post_date"];
1687 if (@filectime($file))
1688 $insert["post_modified_gmt"] = gmdate("Y-m-d H:i:s", filectime($file));
1689 else
1690 $insert["post_modified_gmt"] = $insert["post_date"];
1691 if (!($insert["comment_count"] = @filesize($file)))
1692 $insert["comment_count"] = GOTMLS_strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]);
1693 }
1694 if (isset($GLOBALS["GOTMLS"]["tmp"]["threats_found"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["threats_found"])) {
1695 $insert["post_excerpt"] = GOTMLS_encode(@serialize($GLOBALS["GOTMLS"]["tmp"]["threats_found"]));
1696 $pinged = array();
1697 foreach ($GLOBALS["GOTMLS"]["tmp"]["threats_found"] as $loc => $threat_name) {
1698 if (isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["$className"]["$threat_name"][0]) && isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["$className"]["$threat_name"][1]) && GOTMLS_strlen($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["$className"]["$threat_name"][0]) == 5 && GOTMLS_strlen($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["$className"]["$threat_name"][1]))
1699 $ping = $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["$className"]["$threat_name"][1];
1700 else
1701 $ping = $threat_name;
1702 if (isset($pinged[$ping]))
1703 $pinged[$ping]++;
1704 else
1705 $pinged[$ping] = 1;
1706 }
1707 $insert["pinged"] = GOTMLS_encode(@serialize($pinged));
1708 }
1709 if ($return = $wpdb->insert($wpdb->posts, $insert))
1710 return $return;
1711 else
1712 die(print_r(array('return'=>($return===false)?"FALSE":$return, 'last_error'=>$wpdb->last_error, 'insert'=>$insert),1));
1713 }
1714
1715 function GOTMLS_update_status($status, $percent = -1) {
1716 if (!(isset($GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["start"]) && is_numeric($GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["start"])))
1717 $GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["start"] = time();
1718 $microtime = ceil(time()-$GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["start"]);
1719 if (($percent > 0) || isset($GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["finish"]))
1720 GOTMLS_update_scanlog(array("scan" => array("microtime" => $microtime, "percent" => $percent)), $status);
1721 return "/*-->*"."/\nupdate_status('".GOTMLS_strip4java($status)."', $microtime, $percent);\n/*<!--*"."/";
1722 }
1723
1724 function GOTMLS_flush($tag = "") {
1725 $output = "";
1726 if (($output = @ob_get_contents()) && GOTMLS_strlen(trim($output)) > 18) {
1727 @ob_clean();
1728 if (!(isset($_GET["eli"]) && $_GET["eli"] == "debug"))
1729 $output = preg_replace('/\/\*<\!--\*\/.*?\/\*-->\*\//s', "", "$output/*-->*"."/");
1730 echo "$output\n//flushed(".GOTMLS_strlen(trim($output)).")\n";
1731 if ($tag)
1732 echo "\n</$tag>\n";
1733 if (@ob_get_length())
1734 @ob_flush();
1735 if ($tag)
1736 echo "<$tag>\n";
1737 echo "/*<!--*"."/";
1738 }
1739 }
1740
1741 function GOTMLS_replace_dirname($dir, $replace_with = "...") {
1742 return (isset($GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["dir"]) ? str_replace(dirname($GLOBALS["GOTMLS"]["scan"]["log"]["scan"]["dir"]), $replace_with, $dir) : $dir);
1743 }
1744
1745 function GOTMLS_readdir($dir, $current_depth = 1) {
1746 global $GOTMLS_dirs_at_depth, $GOTMLS_dir_at_depth, $GOTMLS_total_percent;
1747 if ($current_depth) {
1748 @set_time_limit($GLOBALS["GOTMLS"]["tmp"]['execution_time']);
1749 $entries = GOTMLS_getfiles($dir);
1750 if (is_array($entries)) {
1751 echo GOTMLS_return_threat("dirs", "wait", $dir).GOTMLS_update_status(sprintf(__("Preparing %s",'gotmls'), GOTMLS_replace_dirname($dir)), $GOTMLS_total_percent);
1752 $files = array();
1753 $directories = array();
1754 foreach ($entries as $entry) {
1755 if (is_dir(GOTMLS_trailingslashit($dir).$entry))
1756 $directories[] = $entry;
1757 else
1758 $files[] = $entry;
1759 }
1760 if ($_REQUEST["scan_type"] == "Quick Scan") {
1761 $GOTMLS_dirs_at_depth[$current_depth] = count($directories);
1762 $GOTMLS_dir_at_depth[$current_depth] = 0;
1763 } else
1764 $GLOBALS["GOTMLS"]["tmp"]["scanfiles"][GOTMLS_encode($dir)] = GOTMLS_strip4java(GOTMLS_replace_dirname($dir));
1765 foreach ($directories as $directory) {
1766 $path = GOTMLS_trailingslashit($dir).$directory;
1767 if (isset($_REQUEST["scan_depth"]) && is_numeric($_REQUEST["scan_depth"]) && ($_REQUEST["scan_depth"] != $current_depth) && (!((($Recusive = strpos(GOTMLS_trailingslashit($dir), '/'.$directory.'/')) !== FALSE) && is_dir($dir.substr($dir, $Recusive).substr($dir, $Recusive).substr($dir, $Recusive)))) && !in_array($directory, $GLOBALS["GOTMLS"]["tmp"]["skip_dirs"]) && !in_array($path, $GLOBALS["GOTMLS"]["tmp"]["skip_dirs"])) {
1768 $current_depth++;
1769 $current_depth = GOTMLS_readdir($path, $current_depth);
1770 } else {
1771 if (!(isset($_REQUEST["scan_only"]) && is_array($_REQUEST["scan_only"])&& in_array($directory, $_REQUEST["scan_only"])))
1772 echo GOTMLS_return_threat("skipdirs", "blocked", $path, '<a title="'.(in_array($directory, $GLOBALS["GOTMLS"]["tmp"]["skip_dirs"])||in_array($path, $GLOBALS["GOTMLS"]["tmp"]["skip_dirs"])?"Directory is on Skip List":"Directory is below Scan Depth").'">');
1773 $GOTMLS_dir_at_depth[$current_depth] = (isset($GOTMLS_dir_at_depth[$current_depth])?$GOTMLS_dir_at_depth[$current_depth]:0) + 1;
1774 }
1775 }
1776 if ($_REQUEST["scan_type"] == "Quick Scan") {
1777 $echo = "";
1778 echo GOTMLS_update_status(sprintf(__("Scanning %s",'gotmls'), GOTMLS_replace_dirname($dir)), $GOTMLS_total_percent);
1779 GOTMLS_flush("script");
1780 foreach ($files as $file)
1781 echo GOTMLS_check_file(GOTMLS_trailingslashit($dir).$file);
1782 echo GOTMLS_return_threat("dir", "checked", $dir);
1783 }
1784 } else
1785 echo GOTMLS_return_threat("errors", "blocked", $dir, GOTMLS_error_link(GOTMLS_Failed_to_list_LANGUAGE.' readdir:'.($entries===false?'('.GOTMLS_fileperms($dir).')':$entries)));
1786 @set_time_limit($GLOBALS["GOTMLS"]["tmp"]['execution_time']);
1787 if ($current_depth-- && $_REQUEST["scan_type"] == "Quick Scan") {
1788 $GOTMLS_dir_at_depth[$current_depth] = (isset($GOTMLS_dir_at_depth[$current_depth])?$GOTMLS_dir_at_depth[$current_depth]:0) + 1;
1789 for ($GOTMLS_total_percent = 0, $depth = $current_depth; $depth >= 0; $depth--) {
1790 if (!isset($GOTMLS_dir_at_depth[$depth]))
1791 $GOTMLS_dir_at_depth[$depth] = 0;
1792 echo "\n//(($GOTMLS_total_percent / $GOTMLS_dirs_at_depth[$depth]) + ($GOTMLS_dir_at_depth[$depth] / $GOTMLS_dirs_at_depth[$depth])) = ";
1793 $GOTMLS_total_percent = (($GOTMLS_dirs_at_depth[$depth]?($GOTMLS_total_percent / $GOTMLS_dirs_at_depth[$depth]):0) + ($GOTMLS_dir_at_depth[$depth] / ($GOTMLS_dirs_at_depth[$depth]+1)));
1794 echo "$GOTMLS_total_percent\n";
1795 }
1796 $GOTMLS_total_percent = floor($GOTMLS_total_percent * 100);
1797 echo GOTMLS_update_status(sprintf(__("Scanned %s",'gotmls'), GOTMLS_replace_dirname($dir)), $GOTMLS_total_percent);
1798 }
1799 GOTMLS_flush("script");
1800 }
1801 return $current_depth;
1802 }
1803
1804 function GOTMLS_sexagesimal($timestamp = 0) {
1805 if (!is_numeric($timestamp) && GOTMLS_strlen($timestamp) == 5) {
1806 $delim = array("=", "-", "-", " ", ":");
1807 foreach (str_split($timestamp) as $bit)
1808 $timestamp .= array_shift($delim).substr("00".(ord($bit)>96?ord($bit)-61:(ord($bit)>64?ord($bit)-55:ord($bit)-48)), -2);
1809 return "20".substr($timestamp, -14);
1810 } else {
1811 $match = '/^(20)?([0-5][0-9])[\-: \/]*(0*[1-9]|1[0-2])[\-: \/]*(0*[1-9]|[12][0-9]|3[01])[\-: \/]*([0-5][0-9])[\-: \/]*([0-5][0-9])$/';
1812 if (preg_match($match, $timestamp))
1813 $date = preg_replace($match, "\\2-\\3-\\4-\\5-\\6", $timestamp);
1814 elseif ($timestamp && strtotime($timestamp))
1815 $date = date("y-m-d-H-i", strtotime($timestamp));
1816 else
1817 $date = gmdate("y-m-d-H-i", time());
1818 foreach (explode("-", $date) as $bit)
1819 $date .= (intval($bit)>35?chr(ord("a")+intval($bit)-36):(intval($bit)>9?chr(ord("A")+intval($bit)-10):substr('0'.$bit, -1)));
1820 return substr($date, -5);
1821 }
1822 }
1823
1824 if (!function_exists('ur1encode')) { function ur1encode($url) {
1825 $return = "";
1826 foreach (str_split($url) as $char)
1827 $return .= '%'.substr('00'.strtoupper(dechex(ord($char))),-2);
1828 return $return;
1829 }}
1830
1831 function GOTMLS_strip4java($item, $htmlentities = false) {
1832 return preg_replace("/\\\\/", "\\\\\\\\", str_replace("'", "'+\"'\"+'", preg_replace('/\\+n|\\+r|\n|\r|\0/', "", ($htmlentities?$item:GOTMLS_htmlentities($item)))));
1833 }
1834
1835 function GOTMLS_error_link($errorTXT, $file = "", $class = "errors") {
1836 global $post, $wpdb;
1837 $encoded_file = GOTMLS_encode($file);
1838 $ids = explode(".", $file.'.');
1839 if (isset($post->post_title))
1840 $js_file = GOTMLS_strip4java(GOTMLS_htmlspecialchars($post->post_title, ENT_NOQUOTES));
1841 elseif (count($ids) > 2 && 'tbl'.$ids[1] == 'tbl1' && is_numeric($ids[0]))
1842 $js_file = GOTMLS_strip4java(GOTMLS_htmlspecialchars($wpdb->get_var($wpdb->prepare("SELECT CONCAT('option', `option_id`, ': ', `option_name`) FROM `$wpdb->options` WHERE `option_id` = %s", (INT) $ids[0])), ENT_NOQUOTES));
1843 elseif (count($ids) > 2 && 'tbl'.$ids[1] == 'tbl0' && is_numeric($ids[0]))
1844 $js_file = GOTMLS_strip4java(GOTMLS_htmlspecialchars($wpdb->get_var($wpdb->prepare("SELECT CONCAT(`post_type`, `ID`, ': ', `post_title`) FROM `$wpdb->posts` WHERE `ID` = %s", (INT) $ids[0])), ENT_NOQUOTES));
1845 else
1846 $js_file = GOTMLS_strip4java(GOTMLS_htmlspecialchars($file, ENT_NOQUOTES));
1847 $nonce_url = GOTMLS_set_nonce(__FUNCTION__."1823");
1848 if (count($ids) == 2 && is_numeric($ids[0])) {
1849 $encoded_file = (INT) $file;
1850 $onclick = 'loadIframe(\''.str_replace("\"", "&quot;", '<div style="float: left; white-space: nowrap;">'.GOTMLS_strip4java(__("Examine Quarantined Content",'gotmls')).' ... </div><div style="overflow: hidden; position: relative; height: 20px;"><div style="position: absolute; right: 0px; text-align: right; width: 9000px;">'.$js_file).'</div></div>\');" href="'.GOTMLS_admin_url('GOTMLS_scan', $nonce_url.'&mt='.$GLOBALS["GOTMLS"]["tmp"]["mt"].'&GOTMLS_scan='.$encoded_file);
1851 } elseif ($file)
1852 $onclick = 'loadIframe(\''.str_replace("\"", "&quot;", '<div style="float: left; white-space: nowrap;">'.GOTMLS_strip4java(__("Examine Current Content",'gotmls')).' ... </div><div style="overflow: hidden; position: relative; height: 20px;"><div style="position: absolute; right: 0px; text-align: right; width: 9000px;">'.$js_file).'</div></div>\');" href="'.GOTMLS_admin_url('GOTMLS_scan', $nonce_url.'&mt='.$GLOBALS["GOTMLS"]["tmp"]["mt"].'&GOTMLS_scan='.$encoded_file);
1853 else
1854 $onclick = 'return false;';
1855 return "<a id=\"list_$encoded_file\" title=\"$errorTXT\" target=\"GOTMLS_iFrame\" onclick=\"$onclick\" class=\"GOTMLS_plugin $class\">";
1856 }
1857
1858 function GOTMLS_check_file($file) {
1859 $filesize = @filesize($file);
1860 $MD5O = @md5_file($file)."O";
1861 echo "/*-->*"."/\ndocument.getElementById('status_text').innerHTML='Checking ".GOTMLS_strip4java($file)." ($filesize bytes)';\n/*<!--*"."/";
1862 if ($filesize===false)
1863 echo GOTMLS_return_threat("errors", "blocked", $file, GOTMLS_error_link(__("Failed to determine file size!",'gotmls'), $file));
1864 elseif (GOTMLS_is_whitelisted($MD5O.$filesize, $file))
1865 echo GOTMLS_return_threat("scanned", "checked", $file, GOTMLS_error_link(__("CORE file was not modified!",'gotmls'), $file, ""));
1866 elseif (($filesize==0) || ($filesize>((isset($_REQUEST["oversize"])&&is_numeric($_REQUEST["oversize"]))?$_REQUEST["oversize"]:2934567)))
1867 echo GOTMLS_return_threat("skipped", "blocked", $file, GOTMLS_error_link(__("Skipped because of file size!",'gotmls')." ($filesize bytes)", $file, "potential"));
1868 elseif (in_array(GOTMLS_get_ext($file), $GLOBALS["GOTMLS"]["tmp"]["skip_ext"]) && !(preg_match('/(?:(?:shim|social\d*+)\.png|\/\.[^\/]++)$/i', $file)))
1869 echo GOTMLS_return_threat("skipped", "blocked", $file, GOTMLS_error_link(__("Skipped because of file extention!",'gotmls'), $file, "potential"));
1870 elseif (isset($GLOBALS["GOTMLS"]["tmp"]["custom_whitelist"]) && isset($GLOBALS["GOTMLS"]["tmp"]["custom_whitelist"]["$MD5O$filesize"]))
1871 echo GOTMLS_return_threat("skipped", "blocked", $file, GOTMLS_error_link(__("Skipped because file was Whitelisted!",'gotmls'), $file, "potential"));
1872 else {
1873 try {
1874 echo @GOTMLS_scanfile($file);
1875 echo "/*-->*"."/\n//debug_fix:".$GLOBALS["GOTMLS"]["tmp"]["debug_fix"]."\n/*<!--*"."/";
1876 } catch (Exception $e) {
1877 die("//Exception:".GOTMLS_strip4java($e));
1878 }
1879 }
1880 echo "/*-->*"."/\ndocument.getElementById('status_text').innerHTML='Checked ".GOTMLS_strip4java($file)."';\n/*<!--*"."/";
1881 }
1882
1883 function GOTMLS_read_error($path) {
1884 $error = error_get_last();
1885 if (!file_exists($path))
1886 return " (Path not found)";
1887 if (!is_readable($path) && isset($_GET["eli"]))
1888 $return = (@chmod($path, (is_dir($path)?GOTMLS_CHMOD_DIR:GOTMLS_CHMOD_FILE))?"Fixed permissions":"error: ".preg_replace('/[\r\n]/', ' ', print_r($error,1)));
1889 else
1890 $return = (is_array($error) && isset($error["message"])?preg_replace('/[\r\n]/', ' ', print_r($error["message"],1)):"readable?");
1891 return " [".GOTMLS_fileperms($path)."] ( ".filesize($path)." $return)";
1892 }
1893
1894 function GOTMLS_scandir($dir) {
1895 echo "/*<!--*"."/".GOTMLS_update_status(sprintf(__("Scanning %s",'gotmls'), GOTMLS_replace_dirname(GOTMLS_htmlspecialchars($dir))));
1896 GOTMLS_flush();
1897 $li_js = "/*-->*"."/\nscanNextDir(-1);\n/*<!--*"."/";
1898 if (!(isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_depth"]) && $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_depth"]))
1899 echo GOTMLS_return_threat("errors", "blocked", $dir, GOTMLS_error_link("Directory Scan Depth set to 0, no files will be scanned!"));
1900 elseif (isset($_GET["GOTMLS_skip_dir"]) && $dir == GOTMLS_decode($_GET["GOTMLS_skip_dir"])) {
1901 if (isset($_GET["GOTMLS_only_file"]) && GOTMLS_strlen($_GET["GOTMLS_only_file"]))
1902 echo GOTMLS_return_threat("errors", "blocked", GOTMLS_trailingslashit($dir).GOTMLS_decode($_GET["GOTMLS_only_file"]), GOTMLS_error_link("Failed to read this file!".GOTMLS_read_error(GOTMLS_trailingslashit($dir).GOTMLS_decode($_GET["GOTMLS_only_file"])), GOTMLS_trailingslashit($dir).GOTMLS_decode($_GET["GOTMLS_only_file"])));
1903 else
1904 echo GOTMLS_return_threat("errors", "blocked", $dir, GOTMLS_error_link(__("Failed to read directory!",'gotmls')).GOTMLS_read_error($dir));
1905 } else {
1906 if (is_dir($dir) && is_array($files = GOTMLS_getfiles($dir))) {
1907 if (isset($_GET["GOTMLS_only_file"])) {
1908 if (GOTMLS_strlen($_GET["GOTMLS_only_file"])) {
1909 $path = GOTMLS_trailingslashit($dir).GOTMLS_decode($_GET["GOTMLS_only_file"]);
1910 if (is_file($path)) {
1911 GOTMLS_check_file($path);
1912 echo GOTMLS_return_threat("dir", "checked", $path);
1913 }
1914 } else {
1915 foreach ($files as $file) {
1916 $path = GOTMLS_trailingslashit($dir).$file;
1917 if (is_file($path)) {
1918 $file_ext = GOTMLS_get_ext($file);
1919 $filesize = @filesize($path);
1920 if ((in_array($file_ext, $GLOBALS["GOTMLS"]["tmp"]["skip_ext"]) && !(preg_match('/(?:(?:shim|social\d*+)\.png|\/\.[^\/]++)$/i', $file))) || ($filesize==0) || ($filesize>((isset($_REQUEST["oversize"])&&is_numeric($_REQUEST["oversize"]))?$_REQUEST["oversize"]:2934567)))
1921 echo GOTMLS_return_threat("skipped", "blocked", $path, GOTMLS_error_link(sprintf(__('Skipped because of file size (%1$s bytes) or file extention (%2$s)!','gotmls'), $filesize, $file_ext), $file, "potential"));
1922 else
1923 echo "/*-->*"."/\nscanfilesArKeys.push('".GOTMLS_encode($dir)."&GOTMLS_only_file=".GOTMLS_encode($file, "D")."');\nscanfilesArNames.push('Re-Checking ".GOTMLS_strip4java($path)."');\n/*<!--*"."/".GOTMLS_return_threat("dirs", "wait", $path);
1924 } elseif (is_dir($path)) {
1925 echo "/*-->*"."/\n//sub-directory $path;\n/*<!--*"."/";
1926 }
1927 }
1928 echo GOTMLS_return_threat("dir", "question", $dir);
1929 }
1930 } else {
1931 foreach ($files as $file) {
1932 $path = GOTMLS_trailingslashit($dir).$file;
1933 if (is_file($path)) {
1934 if (isset($_GET["GOTMLS_skip_file"]) && is_array($_GET["GOTMLS_skip_file"]) && in_array($path, $_GET["GOTMLS_skip_file"])) {
1935 $li_js .= "/*-->*"."/\n//skipped $path;\n/*<!--*"."/";
1936 if ($_GET["GOTMLS_skip_file"][count($_GET["GOTMLS_skip_file"])-1] == $path)
1937 echo GOTMLS_return_threat("errors", "blocked", $path, GOTMLS_error_link(__("Failed to read file!",'gotmls'), $path));
1938 } else {
1939 GOTMLS_check_file($path);
1940 }
1941 } elseif (is_dir($path)) {
1942 $li_js .= "/*-->*"."/\n//sub-directory $path;\n/*<!--*"."/";
1943 }
1944 }
1945 echo GOTMLS_return_threat("dir", "checked", $dir);
1946 }
1947 } else
1948 echo GOTMLS_return_threat("errors", "blocked", $dir, GOTMLS_error_link(GOTMLS_Failed_to_list_LANGUAGE.' scandir:'.($files===false?' (FALSE)':$files)));
1949 }
1950 echo GOTMLS_update_status(sprintf(__("Scanned %s",'gotmls'), GOTMLS_replace_dirname($dir)));
1951 return $li_js;
1952 }
1953
1954 function GOTMLS_safe_domain($domain) {
1955 return preg_replace('/[^a-z_0-9\-\~\+\.\?\#\/\:\@]/i', "", $domain);
1956 }
1957
1958 function GOTMLS_safe_url($url, $allow = array(' ', '%20')) {
1959 $all = implode("", array_keys($allow));
1960 $url = preg_replace('/[^a-z_0-9\-\~\+\.\?\#\/\:\@\%\$\|\*\(\)\[\]\=\!\&\;'.$all.']/i', "", $url);
1961 foreach ($allow as $al => $low)
1962 $url = str_replace($al, $low, ltrim($url));
1963 return $url;
1964 }
1965
1966 function GOTMLS_reset_settings($item, $key) {
1967 $key_parts = explode("_", $key."_");
1968 if (GOTMLS_strlen($key_parts[0]) != 4 && $key_parts[0] != "exclude")
1969 unset($GLOBALS["GOTMLS"]["tmp"]["settings_array"][$key]);
1970 }
1971
1972 function GOTMLS_sanitize($unsanitized, $allow = 'a-zA-Z0-9\|\[\]\{\}<>\s\?\*\%\#\&\/=_\~\:;\.,\+-') {
1973 if (is_array($unsanitized)) {
1974 $sanitized = array();
1975 foreach ($unsanitized as $key => $val)
1976 $sanitized[preg_replace('/[^'.$allow.']/', '', $key)] = preg_replace('/[^'.$allow.']/', '', $val);
1977 } else
1978 $sanitized = preg_replace('/[^'.$allow.']/', '', $unsanitized);
1979 return $sanitized;
1980 }
1981
1982 function GOTMLS_get_URL($URL) {
1983 $response = "";
1984 $GLOBALS["GOTMLS"]["get_URL"] = GOTMLS_get_option('get_URL', array());
1985 $min = round($GLOBALS["GOTMLS"]["MT"]/60);
1986 if (is_array($GLOBALS["GOTMLS"]["get_URL"]) && !preg_match('/\&dt=\d++/', $URL)) {
1987 foreach ($GLOBALS["GOTMLS"]["get_URL"] as $URI => $property)
1988 if (!(isset($property["time"]) && is_numeric($property["time"]) && ($property["time"] + 30) > $min))
1989 unset($GLOBALS["GOTMLS"]["get_URL"]["$URI"]);
1990 } else
1991 $GLOBALS["GOTMLS"]["get_URL"] = array();
1992 $URI = md5(preg_replace('/GOTMLS_mt[\[\]]*+=[a-f\d]*+/i', "", $URL));
1993 if (isset($GLOBALS["GOTMLS"]["get_URL"]["$URI"]["response"]) && GOTMLS_strlen($response = ($GLOBALS["GOTMLS"]["get_URL"]["$URI"]["response"])))
1994 $method = "cached";
1995 else {
1996 $GLOBALS["GOTMLS"]["get_URL"]["$URI"] = array("time" => $min);
1997 if (function_exists($method = "wp_remote_get")) {
1998 $GLOBALS["GOTMLS"]["get_URL"]["$URI"][$method] = wp_remote_get($URL, array("sslverify" => false));
1999 if (200 == wp_remote_retrieve_response_code($GLOBALS["GOTMLS"]["get_URL"]["$URI"][$method])) {
2000 $response = wp_remote_retrieve_body($GLOBALS["GOTMLS"]["get_URL"]["$URI"][$method]);
2001 if (isset($GLOBALS["GOTMLS"]["get_URL"]["$URI"][$method]["http_response"]))
2002 unset($GLOBALS["GOTMLS"]["get_URL"]["$URI"][$method]["http_response"]);
2003 if (isset($GLOBALS["GOTMLS"]["get_URL"]["$URI"][$method]["body"]))
2004 unset($GLOBALS["GOTMLS"]["get_URL"]["$URI"][$method]["body"]);
2005 }
2006 }
2007 if (GOTMLS_strlen($response) == 0 && function_exists($method = "curl_exec")) {
2008 $curl_hndl = curl_init();
2009 curl_setopt($curl_hndl, CURLOPT_URL, $URL);
2010 curl_setopt($curl_hndl, CURLOPT_TIMEOUT, 30);
2011 if (isset($_SERVER['HTTP_REFERER']))
2012 $SERVER_HTTP_REFERER = GOTMLS_safe_url($_SERVER['HTTP_REFERER']);
2013 elseif (isset($_SERVER['HTTP_HOST']))
2014 $SERVER_HTTP_REFERER = 'HOST://'.GOTMLS_safe_domain($_SERVER['HTTP_HOST']);
2015 elseif (isset($_SERVER['SERVER_NAME']))
2016 $SERVER_HTTP_REFERER = 'NAME://'.GOTMLS_safe_domain($_SERVER['SERVER_NAME']);
2017 elseif (isset($_SERVER['SERVER_ADDR']))
2018 $SERVER_HTTP_REFERER = 'ADDR://'.GOTMLS_safe_ip($_SERVER['SERVER_ADDR']);
2019 else
2020 $SERVER_HTTP_REFERER = 'NULL://not.anything.com';
2021 curl_setopt($curl_hndl, CURLOPT_REFERER, $SERVER_HTTP_REFERER);
2022 if (isset($_SERVER['HTTP_USER_AGENT']))
2023 curl_setopt($curl_hndl, CURLOPT_USERAGENT, GOTMLS_safe_url($_SERVER['HTTP_USER_AGENT'], array(' ', ' ')));
2024 curl_setopt($curl_hndl, CURLOPT_HEADER, 0);
2025 curl_setopt($curl_hndl, CURLOPT_RETURNTRANSFER, TRUE);
2026 if (!($response = curl_exec($curl_hndl)))
2027 $GLOBALS["GOTMLS"]["get_URL"]["$URI"][$method] = curl_error($curl_hndl);
2028 curl_close($curl_hndl);
2029 }
2030 if (GOTMLS_strlen($response) == 0 && function_exists($method = "file_get_contents")) {
2031 try {
2032 $response = @file_get_contents($URL).'';
2033 } catch(Exception $e) {
2034 $GLOBALS["GOTMLS"]["get_URL"]["$URI"][$method] = $e->getTrace();
2035 }
2036 }
2037 $GLOBALS["GOTMLS"]["get_URL"]["$URI"]["response"] = ($response);
2038 }
2039 GOTMLS_update_option('get_URL', $GLOBALS["GOTMLS"]["get_URL"], false);
2040 if (isset($_GET["GOTMLS_debug"]) && (GOTMLS_strlen($response) == 0 || $_GET["GOTMLS_debug"] == "GOTMLS_get_URL"))
2041 print_r(array("$method $URI:".GOTMLS_strlen($response)=>htmlspecialchars($GLOBALS["GOTMLS"]["get_URL"]["$URI"]["time"]." ~ $min: ".count($GLOBALS["GOTMLS"]["get_URL"]))));
2042 return $response;
2043 }
2044