strlen("/".basename(__FILE__)) && substr(__FILE__, -1 * strlen($SCRIPT_FILE)) == substr($SCRIPT_FILE, -1 * strlen(__FILE__))) include(dirname(__FILE__)."/safe-load/index.php"); else require_once(dirname(__FILE__)."/images/index.php"); /* ___ * / /\ GOTMLS Main Plugin File * / /:/ @package GOTMLS * /__/::\ Copyright \__\/\:\__ © 2012-2018 Eli Scheetz (email: eli@gotmls.net) * \ \:\/\ * \__\::/ This program is free software; you can redistribute it * ___ /__/:/ and/or modify it under the terms of the GNU General Public * /__/\ _\__\/ License as published by the Free Software Foundation; * \ \:\ / /\ either version 2 of the License, or (at your option) any * ___\ \:\ /:/ later version. * / /\\ \:\/:/ / /:/ \ \::/ This program is distributed in the hope that it will be useful, / /:/_ \__\/ but WITHOUT ANY WARRANTY; without even the implied warranty /__/:/ /\__ of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. \ \:\/:/ /\ See the GNU General Public License for more details. \ \::/ /:/ \ \:\/:/ You should have received a copy of the GNU General Public License * \ \::/ with this program; if not, write to the Free Software Foundation, * \__\/ Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ load_plugin_textdomain('gotmls', false, basename(GOTMLS_plugin_path).'/languages'); require_once(GOTMLS_plugin_path.'images/index.php'); function GOTMLS_install() { global $wp_version; if (isset($wp_version) && ($wp_version)) GOTMLS_define("GOTMLS_wp_version", $wp_version); else GOTMLS_define("GOTMLS_wp_version", "Unknown"); if (version_compare(GOTMLS_wp_version, GOTMLS_require_version, "<")) die(GOTMLS_require_version_LANGUAGE.", NOT version: ".GOTMLS_wp_version); } register_activation_hook(__FILE__, "GOTMLS_install"); function GOTMLS_user_can() { if (is_multisite()) $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"] = "manage_network"; elseif (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"]) || $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"] == "manage_network") $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"] = "activate_plugins"; if (current_user_can($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"])) return true; else return false; } function GOTMLS_menu() { $GOTMLS_Full_plugin_logo_URL = GOTMLS_images_path.'GOTMLS-16x16.gif'; $base_page = "GOTMLS-settings"; $base_function = "GOTMLS_settings"; $pluginTitle = "Anti-Malware"; $pageTitle = "$pluginTitle ".GOTMLS_Scan_Settings_LANGUAGE; if (GOTMLS_user_can()) { $my_admin_page = add_menu_page($pageTitle, $pluginTitle, $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"], $base_page, $base_function, $GOTMLS_Full_plugin_logo_URL); add_action('load-'.$my_admin_page, 'GOTMLS_admin_add_help_tab'); add_submenu_page($base_page, "$pluginTitle ".GOTMLS_Scan_Settings_LANGUAGE, GOTMLS_Scan_Settings_LANGUAGE, $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"], $base_page, $base_function); add_submenu_page($base_page, "$pluginTitle Firewall Options", "Firewall Options", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"], "GOTMLS-Firewall-Options", "GOTMLS_Firewall_Options"); add_submenu_page($base_page, "$pluginTitle ".GOTMLS_View_Quarantine_LANGUAGE, GOTMLS_View_Quarantine_LANGUAGE.(($Qs = GOTMLS_get_quarantine(true))?' '.$Qs.'':""), $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"], "GOTMLS-View-Quarantine", "GOTMLS_View_Quarantine"); } } function GOTMLS_admin_add_help_tab() { $screen = get_current_screen(); $screen->add_help_tab(array( 'id' => "GOTMLS_Getting_Started", 'title' => __("Getting Started", 'gotmls'), 'content' => '

'.__("Make sure the Definition Updates are current and Run a Complete Scan.").'

'.sprintf(__("If Known Threats are found and displayed in red then there will be a button to '%s'. If only Potentional Threats are found then there is no automatic fix because those are probably not malicious."), GOTMLS_Automatically_Fix_LANGUAGE).'

'.__("A backup of the original infected files are placed in the Quarantine in case you need to restore them or just want to look at them later. You can delete these files if you don't want to save more.").'

' )); $FAQMarker = '== Frequently Asked Questions =='; if (is_file(dirname(__FILE__).'/readme.txt') && ($readme = explode($FAQMarker, @file_get_contents(dirname(__FILE__).'/readme.txt').$FAQMarker)) && strlen($readme[1]) && ($readme = explode("==", $readme[1]."==")) && strlen($readme[0])) { $screen->add_help_tab(array( 'id' => "GOTMLS_FAQs", 'title' => __("FAQs", 'gotmls'), 'content' => '

'.preg_replace('/\[(.+?)\]\((.+?)\)/', "\\1", preg_replace('/[\r\n]+= /', "

", preg_replace('/ =[\r\n]+/', "

", $readme[0]))).'

' )); } } function GOTMLS_close_button($box_id, $margin = '6px') { return 'X'; } function GOTMLS_enqueue_scripts() { wp_enqueue_style('dashicons'); } add_action('admin_enqueue_scripts', 'GOTMLS_enqueue_scripts'); function GOTMLS_display_header($optional_box = "") { global $current_user, $wpdb; wp_get_current_user(); $GOTMLS_url_parts = explode('/', GOTMLS_siteurl); if (isset($_GET["check_site"]) && $_GET["check_site"]) echo '
✔ '.__("Tested your site. It appears we didn't break anything",'gotmls').' ;-)
  • Please write a "Five-Star" Review on WordPress.org if you like this plugin.
  • Anti-Malware from GOTMLS.NET

    '.GOTMLS_box(__("Updates & Registration",'gotmls'), "
    '.str_replace('findUpdates', 'Definition_Updates', $Update_Div).'
    '.(false && $isRegistered?'Registered to: '.$isRegistered:"").$Update_Link, "stuffbox").' '.GOTMLS_box(__("Resources & Links",'gotmls'), '
    $15 $29 $52 $100 $200
    Google Safe Browsing Diagnostic', "stuffbox").//GOTMLS_box(__("Last Scan Status",'gotmls'), GOTMLS_scan_log(), "stuffbox"). $optional_box.'
    '; if (isset($GLOBALS["GOTMLS"]["tmp"]["stuffbox"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["stuffbox"])) { echo ' '; } echo '
    '; } function GOTMLS_box($bTitle, $bContents, $bType = "postbox") { $md5 = md5($bTitle); if (isset($GLOBALS["GOTMLS"]["tmp"]["$bType"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["$bType"])) $GLOBALS["GOTMLS"]["tmp"]["$bType"]["$md5"] = "$bTitle"; else $GLOBALS["GOTMLS"]["tmp"]["$bType"] = array("$md5"=>"$bTitle"); return '

    '.$bTitle.'

    '.$bContents.'
    '; } function GOTMLS_get_scanlog() { global $wpdb; $LastScan = ''; if (isset($_GET["GOTMLS_cl"]) && GOTMLS_get_nonce()) { $SQL = $wpdb->prepare("DELETE FROM `$wpdb->options` WHERE option_name LIKE %s AND substring_index(option_name, '/', -1) < %s", 'GOTMLS_scan_log/%', $_GET["GOTMLS_cl"]); if ($cleared = $wpdb->query($SQL)) $LastScan .= sprintf(__("Cleared %s records from this log.",'gotmls'), $cleared); // else $LastScan .= $wpdb->last_error."
  • $SQL
  • "; } $SQL = "SELECT substring_index(option_name, '/', -1) AS `mt`, option_name, option_value FROM `$wpdb->options` WHERE option_name LIKE 'GOTMLS_scan_log/%' ORDER BY mt DESC"; if ($rs = $wpdb->get_results($SQL, ARRAY_A)) { $units = array("seconds"=>60,"minutes"=>60,"hours"=>24,"days"=>365,"years"=>10); $LastScan .= ''; } else $LastScan .= '

    '.__("No Scans have been logged",'gotmls').'

    '; return "$LastScan\n"; } function GOTMLS_get_whitelists() { $Q_Page = ''; if (isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"])) { $Q_Page .= '

      '.__("Globally White-listed files",'gotmls').''.__("# of patterns",'gotmls').''.__("Date Updated",'gotmls').'

      '; foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"] as $file => $non_threats) { if (isset($non_threats[0])) { $updated = GOTMLS_sexagesimal($non_threats[0]); unset($non_threats[0]); } else $updated = "Unknown"; $Q_Page .= '
    • '.count($non_threats).''.$updated."$file
    • \n"; } if (isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"])) { $Q_Page .= '

      '.__("WordPress Core files",'gotmls').''.__("# of files",'gotmls').'

      '; foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"] as $ver => $files) { $Q_Page .= '
    • '.count($files)."Version $ver
    • \n"; } } $Q_Page .= "
    "; } return "$Q_Page\n"; } function GOTMLS_get_quarantine($only = false) { global $wpdb, $post; if (is_numeric($only)) return get_post($only, ARRAY_A); elseif ($only) return $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->posts WHERE `post_type` = 'GOTMLS_quarantine' AND `post_status` = 'private'"); else $args = array('posts_per_page' => (isset($_GET['posts_per_page'])&&is_numeric($_GET['posts_per_page'])&&$_GET['posts_per_page']>0?$_GET['posts_per_page']:200), 'orderby' => 'date', 'post_type' => 'GOTMLS_quarantine', "post_status" => "private"); if (isset($_POST["paged"])) $args["paged"] = $_POST["paged"]; $my_query = new WP_Query($args); $Q_Paged = '
    Page:
    '; $Q_Page = ' '; if ($my_query->have_posts()) { $Q_Page .= '

    '.__("The following items have been found to contain malicious code, they have been cleaned, and the original infected file contents have been saved here in the Quarantine. The code is safe here and you do not need to do anything further with these files.",'gotmls').'

      '.($my_query->post_count>1?' '.sprintf(__("Check all %d",'gotmls'),$my_query->post_count):"").__(" Items in Quarantine",'gotmls').''.__("Quarantined",'gotmls').''.__("Date Infected",'gotmls').'

      '; $root_path = implode(GOTMLS_slash(), array_slice(GOTMLS_explode_dir(__FILE__), 0, (2 + intval($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"])) * -1)); while ($my_query->have_posts()) { $my_query->the_post(); $Q_Page .= '
    • '.$post->post_date_gmt.''.$post->post_modified_gmt.'Q'.GOTMLS_error_link(__("View Quarantined File",'gotmls'), $post->ID).str_replace($root_path, "...", $post->post_title)."
    • \n"; } $Q_Page .= "\n
    "; for ($p = 1; $p <= $my_query->max_num_pages; $p++) { $Q_Paged .= ''; } } else $Q_Page .= '

    '.__("No Items in Quarantine",'gotmls').'

    '; wp_reset_query(); $return = "$Q_Paged\n

    \n$Q_Page\n\n$Q_Paged\n
    \n"; if (($trashed = $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->posts WHERE `post_type` = 'GOTMLS_quarantine' AND `post_status` != 'private'")) > 1) $return = '['.sprintf(__("Clear %s Deleted Files from the Trash",'gotmls'), $trashed)."]$return"; return $return; } function GOTMLS_View_Quarantine() { GOTMLS_update_definitions(); $echo = GOTMLS_box($Q_Page = __("White-lists",'gotmls'), GOTMLS_get_whitelists()); if (!isset($_GET['Whitelists'])) $echo .= "\n\n"; $echo .= GOTMLS_box($Q_Page = __("Quarantine",'gotmls'), GOTMLS_get_quarantine()); GOTMLS_display_header(); echo $echo."\n
    "; } function GOTMLS_Firewall_Options() { global $current_user, $wpdb, $table_prefix; GOTMLS_update_definitions(); GOTMLS_display_header(); $GOTMLS_nonce_found = GOTMLS_get_nonce(); $gt = ">"; $lt = "<"; $save_action = ""; $patch_attr = array( array( "icon" => "blocked", "language" => __("Your WordPress Login page is susceptible to a brute-force attack (just like any other login page). These types of attacks are becoming more prevalent these days and can sometimes cause your server to become slow or unresponsive, even if the attacks do not succeed in gaining access to your site. Applying this patch will block access to the WordPress Login page whenever this type of attack is detected."), "status" => 'Not Installed', "action" => 'Install Patch' ), array( "language" => __("Your WordPress site has the current version of my brute-force Login protection installed."), "action" => 'Uninstall Patch', "status" => 'Enabled', "icon" => "checked" ), array( "language" => __("Your WordPress Login page has the old version of my brute-force protection installed. Upgrade this patch to improve the protection on the WordPress Login page and preserve the integrity of your WordPress core files."), "action" => 'Upgrade Patch', "status" => 'Out of Date', "icon" => "threat" ) ); $find = '|]+xmlrpc.php>(.+?)\s*(# END GOTMLS Patch to Block XMLRPC Access\s*)*|is'; $deny = "\n\norder deny,allow\ndeny from all"; $allow = ""; if (isset($_SERVER["REMOTE_ADDR"])) { $deny .= "\nallow from ".$_SERVER["REMOTE_ADDR"]; $allow .= " ".$_SERVER["REMOTE_ADDR"]; } if (isset($_SERVER["SERVER_ADDR"])) { $deny .= "\nallow from ".$_SERVER["SERVER_ADDR"]; $allow .= " ".$_SERVER["SERVER_ADDR"]; } $deny .= "\n\n\nRequire"; if (strlen(trim($allow)) > 0) $deny .= " ip$allow"; else $deny .= " all denied"; $deny .= "\n"; if (count($GLOBALS["GOTMLS"]["tmp"]["apache"]) > 1) $errdiv = ""; else $errdiv = "
    Unable to read Apache Version, this patch may not work!
    "; $patch_action = $lt.'form method="POST" name="GOTMLS_Form_XMLRPC_patch"'.$gt.$lt.'input type="hidden" name="'.str_replace('=', '" value="', GOTMLS_set_nonce(__FUNCTION__."1159")).'"'.$gt.$lt.'script'.$gt."\nfunction setFirewall(opt, val) {\n\tif (autoUpdateDownloadGIF = document.getElementById('fw_opt'))\n\t\tautoUpdateDownloadGIF.value = opt;\n\tif (autoUpdateDownloadGIF = document.getElementById('fw_val'))\n\t\tautoUpdateDownloadGIF.value = val;\n}\nfunction testComplete() {\nif (autoUpdateDownloadGIF = document.getElementById('autoUpdateDownload'))\n\tdonationAmount = autoUpdateDownloadGIF.src.replace(/^.+\?/,'');\nif ((autoUpdateDownloadGIF.src == donationAmount) || donationAmount=='0') {\n\tif (patch_searching_div = document.getElementById('GOTMLS_XMLRPC_patch_searching')) {\n\t\tif (autoUpdateDownloadGIF.src == donationAmount)\n\t\t\tpatch_searching_div.innerHTML = '".__("You must register and donate to use this feature!",'gotmls')."';\n\t\telse\n\t\t\tpatch_searching_div.innerHTML = '".__("This feature is available to those who have donated!",'gotmls')."';\n\t}\n} else {\n\tshowhide('GOTMLS_XMLRPC_patch_searching');\n\tshowhide('GOTMLS_XMLRPC_patch_button', true);\n}\n}\nwindow.onload=testComplete;\n$lt/script$gt$lt".'div style="padding: 0 30px;"'.$gt.$lt.'input type="hidden" name="GOTMLS_XMLRPC_patching" value="'; $patch_found = false; $head = str_replace(array('|]+', '(.+?)', '\\s*(', '\\s*)*|is'), array(" 0) && GOTMLS_file_put_contents(ABSPATH.'.htaccess', "$head$htaccess")) { $patch_action .= '-1"'.$gt.$lt.'input style="float: right;" type="submit" value="Unblock XMLRPC Access" /'.$gt.$lt.'p'.$gt.$lt.'img src="'.GOTMLS_images_path.'checked.gif"'.$gt.$lt.'b'.$gt.'Block XMLRPC Access (Now Blocked'; $errdiv = ""; } elseif ($GOTMLS_nonce_found && isset($_POST["GOTMLS_XMLRPC_patching"]) && ($_POST["GOTMLS_XMLRPC_patching"] > 0)) $patch_action .= '1"'.$gt.$lt.'input style="float: right;" type="submit" value="Block XMLRPC Access" /'.$gt.$lt.'p'.$gt.$lt.'img src="'.GOTMLS_images_path.'threat.gif"'.$gt.$lt.'b'.$gt.'Block XMLRPC Access (Still Allowing Access: '.sprintf(__("Failed to install XMLRPC Protection [.htaccess %s]",'gotmls'),(is_readable(ABSPATH.'.htaccess')?'read-'.(is_writable(ABSPATH.'.htaccess')?'write?':'only!'):"unreadable!").": ".strlen($htaccess).GOTMLS_fileperms(ABSPATH.'.htaccess')); else $patch_action .= '1"'.$gt.$lt.'input style="float: right;" type="submit" value="Block XMLRPC Access" /'.$gt.$lt.'p'.$gt.$lt.'img src="'.GOTMLS_images_path.'question.gif"'.$gt.$lt.'b'.$gt.'Block XMLRPC Access (Currently Allowing Access'; } $patch_action .= ")$errdiv$lt/b$gt$lt/p$gt".__("Most WordPress sites do not use the XMLRPC features and hack attempts on the xmlrpc.php file are more common then ever before. Even if there are no vulnerabilities for hackers to exploit, these attempts can cause slowness or downtime similar to a DDoS attack. This patch automatically blocks all external access to the xmlrpc.php file.",'gotmls').$lt.'/div'.$gt.$lt.'/form'.$gt.$lt.'hr /'.$gt; $patch_status = 0; $patch_found = -1; $find = "#if\s*\(([^\&]+\&\&)?\s*file_exists\((.+?)(safe-load|wp-login)\.php'\)\)\s*require(_once)?\((.+?)(safe-load|wp-login)\.php'\);#"; $head = str_replace(array('#', '\\(', '\\)', '(_once)?', ')\\.', '\\s*', '(.+?)(', '|', '([^\\&]+\\&\\&)?'), array(' ', '(', ')', '_once', '.', ' ', '\''.dirname(__FILE__).'/', '/', '!in_array($_SERVER["REMOTE_ADDR"], array("'.$_SERVER["REMOTE_ADDR"].'")) &&'), $find); if (is_file(ABSPATH.'../wp-config.php') && !is_file(ABSPATH.'wp-config.php')) $wp_config = '../wp-config.php'; else $wp_config = 'wp-config.php'; if (is_file(ABSPATH.$wp_config)) { if (($config = @file_get_contents(ABSPATH.$wp_config)) && strlen($config)) { if ($patch_found = preg_match($find, $config)) { if (strpos($config, substr($head, strpos($head, "file_exists")))) { if ($GOTMLS_nonce_found && isset($_POST["GOTMLS_patching"]) && GOTMLS_file_put_contents(ABSPATH.$wp_config, preg_replace('#'.$lt.'\?[ph\s]+(//.*\s*)*\?'.$gt.'#i', "", preg_replace($find, "", $config)))) $patch_action .= $lt.'div class="error"'.$gt.__("Removed Brute-Force Protection",'gotmls').$lt.'/div'.$gt; else $patch_status = 1; } else { if ($GOTMLS_nonce_found && isset($_POST["GOTMLS_patching"]) && GOTMLS_file_put_contents(ABSPATH.$wp_config, preg_replace($find, "$head", $config))) { $patch_action .= $lt.'div class="updated"'.$gt.__("Upgraded Brute-Force Protection",'gotmls').$lt.'/div'.$gt; $patch_status = 1; } else $patch_status = 2; } } elseif ($GOTMLS_nonce_found && isset($_POST["GOTMLS_patching"]) && strlen($config) && ($patch_found == 0) && GOTMLS_file_put_contents(ABSPATH.$wp_config, "$lt?php$head// Load Brute-Force Protection by GOTMLS.NET before the WordPress bootstrap. ?$gt$config")) { $patch_action .= $lt.'div class="updated"'.$gt.__("Installed Brute-Force Protection",'gotmls').$lt.'/div'.$gt; $patch_status = 1; } elseif ($GOTMLS_nonce_found && isset($_POST["GOTMLS_patching"])) $patch_action .= $lt.'div class="updated"'.$gt.sprintf(__("Failed to install Brute-Force Protection (wp-config.php %s)",'gotmls'),(is_readable(ABSPATH.$wp_config)?'read-'.(is_writable(ABSPATH.$wp_config)?'write':'only'):"unreadable").": ".strlen($config).GOTMLS_fileperms(ABSPATH.$wp_config)).$lt.'/div'.$gt; } else $patch_action .= $lt.'div class="error"'.$gt.__("wp-config.php Not Readable!",'gotmls').$lt.'/div'.$gt; } else $patch_action .= $lt.'div class="error"'.$gt.__("wp-config.php Not Found!",'gotmls').$lt.'/div'.$gt; if ($GOTMLS_nonce_found && file_exists(ABSPATH.'wp-login.php') && ($login = @file_get_contents(ABSPATH.'wp-login.php')) && strlen($login) && (preg_match($find, $login))) { if (isset($_POST["GOTMLS_patching"]) && ($source = GOTMLS_get_URL("http://core.svn.wordpress.org/tags/".GOTMLS_wp_version.'/wp-login.php')) && (strlen($source) > 500) && GOTMLS_file_put_contents(ABSPATH.'wp-login.php', $source)) $patch_action .= $lt.'div class="updated"'.$gt.__("Removed Old Brute-Force Login Patch",'gotmls').$lt.'/div'.$gt; else $patch_status = 2; } if ($GOTMLS_nonce_found && isset($_POST["GOTMLS_firewall_option"]) && strlen($_POST["GOTMLS_firewall_option"]) && isset($_POST["GOTMLS_firewall_value"]) && strlen($_POST["GOTMLS_firewall_value"])) { $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["firewall"][$_POST["GOTMLS_firewall_option"]] = $_POST["GOTMLS_firewall_value"]; if (update_option("GOTMLS_settings_array", $GLOBALS["GOTMLS"]["tmp"]["settings_array"])) $save_action = "\n{$lt}div onclick=\"this.style.display='none';\" style='position: relative; top: -40px; margin: 0 300px 0 130px;' class='updated'$gt\nSettings Saved!$lt/div$gt\n"; else $save_action = "\n{$lt}div onclick=\"this.style.display='none';\" style='position: relative; top: -40px; margin: 0 300px 0 130px;' class='updated'$gt\nSave Failed!$lt/div$gt\n"; } $sec_opts = $lt.'form method="POST" name="GOTMLS_Form_firewall"'.$gt.$lt.'input type="hidden" id="fw_opt" name="GOTMLS_firewall_option" value="traversal"'.$gt.$lt.'input type="hidden" name="GOTMLS_firewall_value" id="fw_val" value="0"'.$gt.$lt.'input type="hidden" name="'.str_replace('=', '" value="', GOTMLS_set_nonce(__FUNCTION__."805")).'"'.$gt; if (isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["firewall"]) && array($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["firewall"])) foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["firewall"] as $TP => $VA) if (is_array($VA) && count($VA) > 3 && strlen($VA[1]) && strlen($VA[2])) $sec_opts .= $lt.'div style="padding: 0 30px;"'.$gt.$lt.'input type="submit" style="float: right;" value="'.(isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["firewall"]["$TP"]) && $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["firewall"]["$TP"]?"Enable Protection\" onclick=\"setFirewall('$TP', 0);\"$gt$lt".'p'.$gt.$lt.'img src="'.GOTMLS_images_path.'threat.gif"'.$gt.$lt."b$gt$VA[1] (Currently Disabled)":"Disable Protection\" onclick=\"setFirewall('$TP', 1);\"$gt$lt".'p'.$gt.$lt.'img src="'.GOTMLS_images_path.'checked.gif"'.$gt.$lt."b$gt$VA[1] (Automatically Enabled)")."$lt/b$gt$lt/p$gt$VA[2]$lt/div$gt$lt".'hr /'.$gt; $sec_opts .= "$lt/form$gt\n$patch_action\n$lt".'form method="POST" name="GOTMLS_Form_patch"'.$gt.$lt.'div style="padding: 0 30px;"'.$gt.$lt.'input type="hidden" name="'.str_replace('=', '" value="', GOTMLS_set_nonce(__FUNCTION__."807")).'"'.$gt.$lt.'input type="submit" value="'.$patch_attr[$patch_status]["action"].'" style="float: right;'.($patch_status?'"'.$gt:' display: none;" id="GOTMLS_patch_button"'.$gt.$lt.'div id="GOTMLS_patch_searching" style="float: right;"'.$gt.__("Checking for session compatibility ...",'gotmls').' '.$lt.'img src="'.GOTMLS_images_path.'wait.gif" height=16 width=16 alt="Wait..." /'.$gt.$lt.'/div'.$gt).$lt.'input type="hidden" name="GOTMLS_patching" value="1"'.$gt.$lt.'p'.$gt.$lt.'img src="'.GOTMLS_images_path.$patch_attr[$patch_status]["icon"].'.gif"'.$gt.$lt.'b'.$gt.'Brute-force Protection '.$patch_attr[$patch_status]["status"].$lt.'/b'.$gt.$lt.'/p'.$gt.$patch_attr[$patch_status]["language"].__(" For more information on Brute-Force attack prevention and the WordPress wp-login-php file ",'gotmls').' '.$lt.'a target="_blank" href="http://gotmls.net/tag/wp-login-php/"'.$gt.__("read my blog",'gotmls')."$lt/a$gt.$lt/div$gt$lt/form$gt\n$lt"."script type='text/javascript'$gt\nfunction search_patch_onload() {\n\tstopCheckingSession = checkupdateserver('".GOTMLS_images_path."gotmls.js?SESSION=0', 'GOTMLS_patch_searching');\n}\nif (window.addEventListener)\n\twindow.addEventListener('load', search_patch_onload)\nelse\n\tdocument.attachEvent('onload', search_patch_onload);\n$lt/script$gt"; $admin_notice = ""; if ($current_user->user_login == "admin") { $admin_notice .= $lt.'hr /'.$gt; if ($GOTMLS_nonce_found && isset($_POST["GOTMLS_admin_username"]) && ($current_user->user_login != trim($_POST["GOTMLS_admin_username"])) && strlen(trim($_POST["GOTMLS_admin_username"])) && preg_match('/^\s*[a-z_0-9\@\.\-]{3,}\s*$/i', $_POST["GOTMLS_admin_username"])) { if ($wpdb->update($wpdb->users, array("user_login" => trim($_POST["GOTMLS_admin_username"])), array("user_login" => $current_user->user_login))) { $wpdb->query("UPDATE `{$table_prefix}sitemeta` SET `meta_value` = REPLACE(`meta_value`, 's:5:\"admin\";', 's:".strlen(trim($_POST["GOTMLS_admin_username"])).":\"".trim($_POST["GOTMLS_admin_username"])."\";') WHERE `meta_key` = 'site_admins' AND `meta_value` like '%s:5:\"admin\";%'"); $admin_notice .= $lt.'div class="updated"'.$gt.sprintf(__("You username has been change to %s. Don't forget to use your new username when you login again.",'gotmls'), $_POST["GOTMLS_admin_username"]).$lt.'/div'.$gt; } else $admin_notice .= $lt.'div class="error"'.$gt.sprintf(__("SQL Error changing username: %s. Please try again later.",'gotmls'), $wpdb->last_error).$lt.'/div'.$gt; } else { if (isset($_POST["GOTMLS_admin_username"])) $admin_notice .= $lt.'div class="updated"'.$gt.sprintf(__("Your new username must be at least 3 characters and can only contain "%s". Please try again.",'gotmls'), "a-z0-9_.-@").$lt.'/div'.$gt; $admin_notice .= $lt.'form method="POST" name="GOTMLS_Form_admin"'.$gt.$lt.'div style="float: right;"'.$gt.$lt.'div style="float: left;"'.$gt.__("Change your username:",'gotmls').$lt.'/div'.$gt.$lt.'input type="hidden" name="'.str_replace('=', '" value="', GOTMLS_set_nonce(__FUNCTION__."1235")).'"'.$gt.$lt.'input style="float: left;" type="text" id="GOTMLS_admin_username" name="GOTMLS_admin_username" size="6" value="'.$current_user->user_login.'"'.$gt.$lt.'input style="float: left;" type="submit" value="Change"'.$gt.$lt.'/div'.$gt.$lt.'div style="padding: 0 30px;"'.$gt.$lt.'p'.$gt.$lt.'img src="'.GOTMLS_images_path.'threat.gif"'.$gt.$lt.'b'.$gt.'Admin Notice'.$lt.'/b'.$gt.$lt.'/p'.$gt.__("Your username is \"admin\", this is the most commonly guessed username by hackers and brute-force scripts. It is highly recommended that you change your username immediately.",'gotmls').$lt.'/div'.$gt.$lt.'/form'.$gt; } } if ($GOTMLS_nonce_found && isset($_POST["GOTMLS_wpfirewall_action"])) { if ($_POST["GOTMLS_wpfirewall_action"] == "exclude_terms") update_option("WP_firewall_exclude_terms", ""); elseif ($_POST["GOTMLS_wpfirewall_action"] == "whitelisted_ip" && isset($_SERVER["REMOTE_ADDR"])) { $ips = maybe_unserialize(get_option("WP_firewall_whitelisted_ip", "not Array!")); if (is_array($ips)) $ips = array_merge($ips, array($_SERVER["REMOTE_ADDR"])); else $ips = array($_SERVER["REMOTE_ADDR"]); update_option("WP_firewall_whitelisted_ip", serialize($ips)); } } if (get_option("WP_firewall_exclude_terms", "Not Found!") == "allow") { $end = "$lt/div$gt$lt/form$gt\n{$lt}hr /$gt"; $img = 'threat.gif"'; $button = $lt.'input type="submit" onclick="document.getElementById(\'GOTMLS_wpfirewall_action\').value=\'exclude_terms\';" value="'.__("Disable this Rule",'gotmls').'"'.$gt; $wpfirewall_action = $lt.'form method="POST" name="GOTMLS_Form_wpfirewall2"'.$gt.$lt.'div style="float: right;"'.$gt.$lt.'input type="hidden" name="GOTMLS_wpfirewall_action" id="GOTMLS_wpfirewall_action" value=""'.$gt.$lt.'input type="hidden" name="'.str_replace('=', '" value="', GOTMLS_set_nonce(__FUNCTION__."1223")).'"'.$gt.$button.$lt.'/div'.$gt.$lt.'div style="padding: 0 30px;"'.$gt.$lt.'p'.$gt.$lt.'img src="'.GOTMLS_images_path.$img.$gt.$lt.'b'.$gt."WP Firewall 2 (Conflicting Firewall Rule)$lt/b$gt$lt/p$gt".__("The Conflicting Firewall Rule (WP_firewall_exclude_terms) activated by the WP Firewall 2 plugin has been shown to interfere with the Definition Updates and WP Core File Scans in my Anti-Malware plugin. I recommend that you disable this rule in the WP Firewall 2 plugin.",'gotmls').$end; if (isset($_SERVER["REMOTE_ADDR"])) { if (is_array($ips = maybe_unserialize(get_option("WP_firewall_whitelisted_ip", "not Array!"))) && in_array($_SERVER["REMOTE_ADDR"], $ips)) $wpfirewall_action = str_replace(array($img, $end), array('question.gif"', __(" However, your current IP has been Whitelisted so you could probably keep this rule enabled if you really want to.",'gotmls').$end), $wpfirewall_action); else $wpfirewall_action = str_replace(array($button, $end), array($button.$lt."br /$gt$lt".'input type="submit" onclick="document.getElementById(\'GOTMLS_wpfirewall_action\').value=\'whitelisted_ip\';" value="'.__("Whitelist your IP",'gotmls').'"'.$gt, __(" However, if you would like to keep this rule enabled you should at least Whitelist your IP.",'gotmls').$end), $wpfirewall_action); } $sec_opts = $wpfirewall_action.$sec_opts; } echo GOTMLS_box(__("Firewall Options",'gotmls'), $save_action.$sec_opts.$admin_notice)."\n"; } function GOTMLS_get_registrant($you) { global $current_user, $wpdb; wp_get_current_user(); if (isset($you["you"])) $you = $you["you"]; if (isset($you["user_email"]) && strlen($you["user_email"]) == 32) { if ($you["user_email"] == md5($current_user->user_email)) $registrant = $current_user->user_email; elseif (!($registrant = $wpdb->get_var("SELECT `user_nicename` FROM `$wpdb->users` WHERE MD5(`user_email`) = '".$you["user_email"]."'"))) $registrant = GOTMLS_siteurl; } else $registrant = GOTMLS_siteurl; return $registrant; } function GOTMLS_update_definitions() { global $wpdb; $GOTMLS_definitions_versions = array(); $user_info = array(); $saved = false; $moreJS = ""; $finJS = "\n}"; $form = 'registerKeyForm'; $innerHTML = "
  • Your Installation Key could not be confirmed!
  • "; $autoUpJS = 'This new feature is currently only available to registered users who have donated above the default level.
    '; foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"] as $threat_level=>$definition_names) foreach ($definition_names as $definition_name=>$definition_version) if (is_array($definition_version) && isset($definition_version[0]) && strlen($definition_version[0]) == 5) if (!isset($GOTMLS_definitions_versions[$threat_level]) || $definition_version[0] > $GOTMLS_definitions_versions[$threat_level]) $GOTMLS_definitions_versions[$threat_level] = $definition_version[0]; asort($GOTMLS_definitions_versions); if (isset($_REQUEST["UPDATE_definitions_array"]) && strlen($_REQUEST["UPDATE_definitions_array"]) && GOTMLS_get_nonce()) { $DEF_url = 'http:'.GOTMLS_update_home.'definitions.php?ver='.GOTMLS_Version.'&wp='.GOTMLS_wp_version.'&'.GOTMLS_set_nonce(__FUNCTION__."870").'&d='.ur1encode(GOTMLS_siteurl); if (strlen($_REQUEST["UPDATE_definitions_array"]) > 1) { $GOTnew_definitions = maybe_unserialize(GOTMLS_decode($_REQUEST["UPDATE_definitions_array"])); if (is_array($GOTnew_definitions)) { $form = 'autoUpdateDownload'; $GLOBALS["GOTMLS"]["tmp"]["onLoad"] .= "updates_complete('Downloaded Definitions');"; } } elseif ($_REQUEST["UPDATE_definitions_array"] == "D") { $GLOBALS["GOTMLS"]["tmp"]["definitions_array"] = array(); $GOTnew_definitions = array(); } elseif (($DEF = GOTMLS_get_URL($DEF_url)) && is_array($GOTnew_definitions = maybe_unserialize(GOTMLS_decode($DEF))) && count($GOTnew_definitions)) { if (isset($GOTnew_definitions["you"]["user_email"]) && strlen($GOTnew_definitions["you"]["user_email"]) == 32) { $toInfo = GOTMLS_get_registrant($GOTnew_definitions["you"]); $innerHTML = "
  • Your Installation Key is Registered to:
    $toInfo
  • "; $form = 'autoUpdateForm'; if (isset($GOTnew_definitions["you"]["user_donations"]) && isset($GOTnew_definitions["you"]["user_donation_total"]) && isset($GOTnew_definitions["you"]["user_donation_freshness"])) { $user_donations_src = $GOTnew_definitions["you"]["user_donations"]; if ($GOTnew_definitions["you"]["user_donation_total"] > 27.99) { $autoUpJS = 'Yes | No '; $moreJS = 'if (foundUpdates = document.getElementById("check_wp_core_div_NA")) foundUpdates.innerHTML = "Set Definition Updates to Automatically Download to activate this feature.";'; } if ($user_donations_src > 0 && $GOTnew_definitions["you"]["user_donation_total"] > 0) $li = "
  • You have made $user_donations_src donation".($user_donations_src?'s totalling':' for').' $'.$GOTnew_definitions["you"]["user_donation_total"].".
  • "; } } else $innerHTML = "
  • Your Installation Key is not registered!
  • "; asort($GOTnew_definitions); if (serialize($GOTnew_definitions) == serialize($GLOBALS["GOTMLS"]["tmp"]["definitions_array"])) unset($GOTnew_definitions); else { $debug = substr(serialize($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]), 0, 9)." ".md5(serialize($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]))." ".strlen(serialize($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]))." ".substr(serialize($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]), -9)." = ".substr(serialize($GOTnew_definitions), 0, 9)." ".md5(serialize($GOTnew_definitions))." ".strlen(serialize($GOTnew_definitions)." ".substr(serialize($GOTnew_definitions), -9)); $GLOBALS["GOTMLS"]["tmp"]["definitions_array"] = $GOTnew_definitions; $GLOBALS["GOTMLS"]["tmp"]["onLoad"] .= "updates_complete('New Definitions Automatically Installed :-)');"; } $finJS .= "\nif (divNAtext)\n\tloadGOTMLS();\nelse\n\tdivNAtext = setTimeout('loadGOTMLS()', 4000);"; $finJS .= "\nif (typeof stopCheckingDefinitions !== 'undefined')\n\tclearTimeout(stopCheckingDefinitions);"; } else $innerHTML = "
  • $GLOBALS["GOTMLS"]["get_URL"])))."', 'Definition_Updates');\\\">Automatic Update Connection Failed!
  • "; if (isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["backdoor"])) unset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["backdoor"]); } else $innerHTML = "
  • ".GOTMLS_Invalid_Nonce("Nonce Error")."
  • "; if (isset($GOTnew_definitions) && is_array($GOTnew_definitions)) { $GLOBALS["GOTMLS"]["tmp"]["definitions_array"] = GOTMLS_array_replace($GLOBALS["GOTMLS"]["tmp"]["definitions_array"], $GOTnew_definitions); if (file_exists(GOTMLS_plugin_path.'definitions_update.txt')) @unlink(GOTMLS_plugin_path.'definitions_update.txt'); $saved = GOTMLS_update_option('definitions', $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]); $_REQUEST["check"] = array(); foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"] as $threat_level=>$definition_names) { if ($threat_level != "potential") $_REQUEST["check"][] = $threat_level; foreach ($definition_names as $definition_name=>$definition_version) if (is_array($definition_version) && isset($definition_version[0]) && strlen($definition_version[0]) == 5) if (!isset($GOTMLS_definitions_versions[$threat_level]) || $definition_version[0] > $GOTMLS_definitions_versions[$threat_level]) $GOTMLS_definitions_versions[$threat_level] = $definition_version[0]; } $GLOBALS["GOTMLS"]["log"]["settings"]["check"] = $_REQUEST["check"]; $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"] = $_REQUEST["check"]; asort($GOTMLS_definitions_versions); $autoUpJS .= '(Newest Definition Updates Installed.)'; } elseif ($form != 'registerKeyForm') { $form = 'autoUpdateDownload'; $autoUpJS .= '(No newer Definition Updates are available at this time.)'; $innerHTML .= "
  • No Newer Definition Updates Available.
  • "; } if (isset($_SERVER["SCRIPT_FILENAME"]) && preg_match('/\/admin-ajax\.php/i', $_SERVER["SCRIPT_FILENAME"]) && isset($_REQUEST["action"]) && $_REQUEST["action"] == "GOTMLS_auto_update") { if (!$user_donations_src) $li = "
  • You have not donated yet!
  • "; if (strlen($moreJS) == 0) $moreJS = 'if (foundUpdates = document.getElementById("check_wp_core_div_NA")) foundUpdates.innerHTML = "Donate $29+ now then enable Automatic Definition Updates to Scan for Core Files changes.";'; $moreJS .= "\n\tif (foundUpdates = document.getElementById('pastDonations'))\n\tfoundUpdates.innerHTML = '$li';"; @header("Content-type: text/javascript"); if (is_array($GOTMLS_definitions_versions) && count($GOTMLS_definitions_versions) && (strlen($new_ver = trim(array_pop($GOTMLS_definitions_versions))) == 5) && $saved) { $innerHTML .= "
  • New Definition Updates Installed.
  • "; $finJS .= "\nif (foundUpdates = document.getElementById('GOTMLS_definitions_date')) foundUpdates.innerHTML = '$new_ver';"; } elseif (is_array($GOTnew_definitions) && count($GOTnew_definitions)) $finJS .= "\nalert('Definition update $new_ver could not be saved because update_option Failed! $debug');"; if (isset($_REQUEST["UPDATE_core"]) && ($_REQUEST["UPDATE_core"] == GOTMLS_wp_version) && isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"][GOTMLS_wp_version])) { foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"][$_REQUEST["UPDATE_core"]] as $file => $md5) { if (is_file(ABSPATH.$file)) { $GLOBALS["GOTMLS"]["tmp"]["file_contents"] = file_get_contents(ABSPATH.$file); if (GOTMLS_check_threat($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"], ABSPATH.$file)) { if (isset($GLOBALS["GOTMLS"]["tmp"]["new_contents"]) && isset($_REQUEST["UPDATE_restore"]) && (md5($GLOBALS["GOTMLS"]["tmp"]["new_contents"])."O".strlen($GLOBALS["GOTMLS"]["tmp"]["new_contents"]) == $_REQUEST["UPDATE_restore"])) $autoUpJS .= "
  • Core File Restored: $file
  • "; else $autoUpJS .= "
  • Core File MODIFIED: $file (".md5($GLOBALS["GOTMLS"]["tmp"]["file_contents"])."O".strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"])." => $md5)
  • "; } } else $autoUpJS .= "
  • Core File MISSING: $file
  • "; } $autoUpJS .= '
    Definition update: '.$_REQUEST["UPDATE_core"].' checked '.count($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"][$_REQUEST["UPDATE_core"]]).' core files!
    '; } die('//'.$innerHTML.'"+inc_form; function setDivNAtext() { var foundUpdates; '.$moreJS.$finJS.' if (foundUpdates = document.getElementById("UPDATE_definitions_div")) foundUpdates.innerHTML = \''.$autoUpJS.'\'; //]]>'); } $GLOBALS["GOTMLS"]["tmp"]["Definition"]["Updates"] = '?div=Definition_Updates'; foreach ($GOTMLS_definitions_versions as $definition_name=>$GLOBALS["GOTMLS"]["tmp"]["Definition"]["Latest"]) $GLOBALS["GOTMLS"]["tmp"]["Definition"]["Updates"] .= "&def[$definition_name]=".$GLOBALS["GOTMLS"]["tmp"]["Definition"]["Latest"]; if (isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["you"]["user_email"]) && strlen($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["you"]["user_email"]) == 32) $GLOBALS["GOTMLS"]["tmp"]["Definition"]["Updates"] .= "&def[you]=".$GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["you"]["user_email"]; } add_action('wp_ajax_GOTMLS_auto_update', 'GOTMLS_update_definitions'); function GOTMLS_settings() { global $wpdb, $GOTMLS_dirs_at_depth, $GOTMLS_dir_at_depth; $GOTMLS_scan_groups = array(); $gt = ">"; $lt = "<"; GOTMLS_update_definitions(); if (($GOTMLS_nonce_found = GOTMLS_get_nonce()) && isset($_REQUEST["check"]) && is_array($_REQUEST["check"])) $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"] = $_REQUEST["check"]; /* removed old code */ if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"])) { $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"] = $GLOBALS["GOTMLS"]["tmp"]["threat_levels"]; update_option("GOTMLS_settings_array", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]); } $dirs = GOTMLS_explode_dir(__FILE__); for ($SL=0;$SL 0) $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"] = preg_split('/[\s]*([,]+[\s]*)+/', trim(str_replace('.', ',', htmlentities($_POST["exclude_ext"]))), -1, PREG_SPLIT_NO_EMPTY); else $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"] = array(); } $default_exclude_ext = str_replace(",gotmls", "", implode(",", $GLOBALS["GOTMLS"]["tmp"]["skip_ext"])); $GLOBALS["GOTMLS"]["tmp"]["skip_ext"] = $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"]; if (isset($_POST["UPDATE_definitions_checkbox"])) { if (isset($_POST[$_POST["UPDATE_definitions_checkbox"]]) && strlen(trim(" ".$_POST[$_POST["UPDATE_definitions_checkbox"]]))) $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["auto_UPDATE_definitions"] = $_POST[$_POST["UPDATE_definitions_checkbox"]]; else $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["auto_UPDATE_definitions"] = ""; } if (isset($_POST["exclude_dir"])) { if (strlen(trim(str_replace(",","",$_POST["exclude_dir"]).' ')) > 0) $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_dir"] = preg_split('/[\s]*([,]+[\s]*)+/', trim(htmlentities($_POST["exclude_dir"])), -1, PREG_SPLIT_NO_EMPTY); else $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_dir"] = array(); for ($d=0; $d $GLOBALS["GOTMLS"]["tmp"]["settings_array"])); $scan_whatopts = ''; $scan_optjs = "\n{$lt}script type=\"text/javascript\"$gt\nfunction showOnly(what) {\n"; foreach ($GOTMLS_scan_groups as $mg => $GOTMLS_scan_group) { $scan_optjs .= "document.getElementById('only$mg').style.display = 'none';\n"; $scan_whatopts = "\n$lt/div$gt\n$lt/div$gt\n$scan_whatopts"; $dir = implode(GOTMLS_slash(), array_slice($dirs, 0, -1 * (2 + $mg))); $files = GOTMLS_getfiles($dir); if (is_array($files)) foreach ($files as $file) if (is_dir(GOTMLS_trailingslashit($dir).$file)) $scan_whatopts = $lt.'input type="checkbox" name="scan_only[]" value="'.htmlentities($file).'" /'.$gt.htmlentities($file).$lt.'br /'.$gt.$scan_whatopts; $scan_whatopts = "\n$lt".'div style="padding: 4px 30px;" id="scan_group_div_'.$mg.'"'.$gt.$lt.'input type="radio" name="scan_what" id="not-only'.$mg.'" value="'.$mg.'"'.($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_what"]==$mg?' checked':'').' /'.$gt.$lt.'a style="text-decoration: none;" href="#scan_what" onclick="showOnly(\''.$mg.'\');document.getElementById(\'not-only'.$mg.'\').checked=true;"'."$gt$GOTMLS_scan_group$lt/a$gt{$lt}br /$gt\n$lt".'div class="rounded-corners" style="position: absolute; display: none; background-color: #CCF; margin: 0; padding: 10px; z-index: 10;" id="only'.$mg.'"'.$gt.$lt.'div style="padding-bottom: 6px;"'.$gt.GOTMLS_close_button('only'.$mg, 0).$lt.'b'.$gt.str_replace(" ", " ", __("Only Scan These Folders:",'gotmls')).$lt.'/b'.$gt.$lt.'/div'.$gt.$scan_whatopts; } $scan_optjs .= "document.getElementById('only'+what).style.display = 'block';\n}"; if (isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["auto_UPDATE_definitions"]) && strlen(trim(" ".$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["auto_UPDATE_definitions"]))) $scan_optjs .= "\nfunction auto_UPDATE_check() {\n\tif (auto_UPdef_check = document.getElementById('auto_UPDATE_definitions_".$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["auto_UPDATE_definitions"]."'))\n\t\tauto_UPdef_check.checked = true;\n}\nif (window.addEventListener)\n\twindow.addEventListener('load', auto_UPDATE_check)\nelse\n\tdocument.attachEvent('onload', auto_UPDATE_check);\n"; $scan_optjs .= "$lt/script$gt"; $GOTMLS_nonce_URL = GOTMLS_set_nonce(__FUNCTION__."853"); $scan_opts = "\n$lt".'form method="POST" id="GOTMLS_Form" name="GOTMLS_Form"'.$gt.$lt.'input type="hidden" name="'.str_replace('=', '" value="', $GOTMLS_nonce_URL).'"'.$gt.$lt.'input type="hidden" name="scan_type" id="scan_type" value="Complete Scan" /'.$gt.$lt.'div style="float: right;"'.$gt.$lt.'input type="submit" id="complete_scan" value="'.__("Run Complete Scan",'gotmls').'" class="button-primary" onclick="document.getElementById(\'scan_type\').value=\'Complete Scan\';" /'.$gt.$lt.'/div'.$gt.' '.$lt.'div style="float: left;"'.$gt.$lt.'p'.$gt.$lt.'b'.$gt.__("What to look for:",'gotmls').$lt.'/b'.$gt.$lt.'/p'.$gt.' '.$lt.'div style="padding: 0 30px;"'.$gt; $cInput = '"'.$gt.$lt.'input'; $pCheck = "$cInput checked"; $kCheck = ""; foreach ($GLOBALS["GOTMLS"]["tmp"]["threat_levels"] as $threat_level_name=>$threat_level) { $scan_opts .= $lt.'div id="check_'.$threat_level.'_div" style="padding: 0; position: relative;'; if (($threat_level != "wp_core" && isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"][$threat_level])) || isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"][$threat_level][GOTMLS_wp_version])) { if ($threat_level != "potential" && in_array($threat_level,$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"])) { $pCheck = " display: none;$cInput"; $scan_opts .= "$cInput checked"; } elseif ($threat_level == "potential") $scan_opts .= $pCheck; else $scan_opts .= $cInput; if ($threat_level != "potential") $kCheck .= ",'$threat_level'"; $scan_opts .= ' type="checkbox" onchange="pCheck(this);" name="check[]" id="check_'.$threat_level.'_Yes" value="'.$threat_level.'" /'.$gt.' '.$lt.'a style="text-decoration: none;" href="#check_'.$threat_level.'_div_0" onclick="document.getElementById(\'check_'.$threat_level.'_Yes\').checked=true;pCheck(document.getElementById(\'check_'.$threat_level.'_Yes\'));showhide(\'dont_check_'.$threat_level.'\');"'."$gt{$lt}b$gt$threat_level_name$lt/b$gt$lt/a$gt\n"; if (isset($_GET["SESSION"])) { $scan_opts .= "\n$lt".'div style="padding: 0 20px; position: relative; top: -18px; display: none;" id="dont_check_'.$threat_level.'"'.$gt.$lt.'a class="rounded-corners" style="position: absolute; left: 0; margin: 0; padding: 0 4px; text-decoration: none; color: #C00; background-color: #FCC; border: solid #F00 1px;" href="#check_'.$threat_level.'_div_0" onclick="showhide(\'dont_check_'.$threat_level.'\');"'.$gt.'X'.$lt.'/a'.$gt; foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"][$threat_level] as $threat_name => $threat_regex) $scan_opts .= $lt."br /$gt\n$lt".'input type="checkbox" name="dont_check[]" value="'.htmlspecialchars($threat_name).'"'.(in_array($threat_name, $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"])?' checked /'.$gt.$lt.'script'.$gt.'showhide("dont_check_'.$threat_level.'", true);'.$lt.'/script'.$gt:' /'.$gt).(isset($_SESSION["GOTMLS_debug"][$threat_name])?$lt.'div style="float: right;"'.$gt.print_r($_SESSION["GOTMLS_debug"][$threat_name],1)."$lt/div$gt":"").htmlspecialchars($threat_name); $scan_opts .= "\n$lt/div$gt"; } } else $scan_opts .= $lt.'a title="'.__("Download Definition Updates to Use this feature",'gotmls').'"'.$gt.$lt.'img src="'.GOTMLS_images_path.'blocked.gif" height=16 width=16 alt="X"'.$gt.$lt.'b'.$gt.'  '.$threat_level_name.$lt.'/b'.$gt.$lt.'br /'.$gt.$lt.'div style="padding: 14px;" id="check_'.$threat_level.'_div_NA"'.$gt.$lt.'span style="color: #F00"'.$gt.__("Download the new definitions (Right sidebar) to activate this feature.",'gotmls')."$lt/span$gt$lt/div$gt"; $scan_opts .= "\n$lt/div$gt"; } $scan_opts .= $lt.'/div'.$gt.$lt.'/div'.$gt.' '.$lt.'div style="float: left;"'.$gt.$lt.'p'.$gt.$lt.'b'.$gt.__("What to scan:",'gotmls').$lt.'/b'.$gt.$lt.'/p'.$gt.$scan_whatopts.$scan_optjs.$lt.'/div'.$gt.' '.$lt.'div style="float: left;" id="scanwhatfolder"'.$gt.$lt.'/div'.$gt.' '.$lt.'div style="float: left;"'.$gt.$lt.'p'.$gt.$lt.'b'.$gt.__("Scan Depth:",'gotmls').$lt.'/b'.$gt.$lt.'/p'.$gt.' '.$lt.'div style="padding: 0 30px;"'.$gt.$lt.'input type="text" value="'.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_depth"].'" name="scan_depth" size="5"'.$gt.$lt.'br /'.$gt.__("how far to drill down",'gotmls').$lt.'br /'.$gt.'('.__("-1 is infinite depth",'gotmls').')'.$lt.'/div'.$gt.$lt.'/div'.$gt.$lt.'br style="clear: left;"'.$gt; if (isset($_GET["SESSION"]) && isset($_SESSION["GOTMLS_debug"]['total'])) {$scan_opts .= $lt.'div style="float: right;"'.$gt.print_r($_SESSION["GOTMLS_debug"]['total'],1)."$lt/div$gt"; unset($_SESSION["GOTMLS_debug"]);} if (isset($_GET["eli"])) {//still testing this option $scan_opts .= "\n$lt".'div style="padding: 10px;"'.$gt.$lt.'p'.$gt.$lt.'b'.$gt.__("Custom RegExp:",'gotmls').$lt.'/b'.$gt.' ('.__("For very advanced users only. Do not use this without talking to Eli first. If used incorrectly you could easily break your site.",'gotmls').')'.$lt.'/p'.$gt.$lt.'input type="text" name="check_custom" style="width: 100%;" value="'.htmlspecialchars($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check_custom"]).'" /'."$gt$lt/div$gt\n"; } $QuickScan = $lt.((is_dir(dirname(__FILE__)."/../../../wp-includes") && is_dir(dirname(__FILE__)."/../../../wp-admin"))?'a href="'.admin_url("admin.php?page=GOTMLS-settings&scan_type=Quick+Scan&$GOTMLS_nonce_URL").'" class="button-primary" style="height: 22px; line-height: 13px; padding: 3px;">WP_Coreget_var("SELECT `option_value` FROM `$wpdb->options` WHERE `option_name` = 'blogname'")); $title_tagline .= "$lt/li$gt$lt"."li$gt Tagline: ".htmlspecialchars($wpdb->get_var("SELECT `option_value` FROM `$wpdb->options` WHERE `option_name` = 'blogdescription'")); if (preg_match('/h[\@a]ck[3e]d.*by/is', $title_tagline)) echo $lt.'div class="error"'.$gt.sprintf(__("Your Site Title or Tagline suggests that you may have been hacked ...%sThis could impact the indexing of your site and may even lead to blacklisting. You can change those options on the %sGeneral Settings$lt/a$gt page.",'gotmls'), "$title_tagline$lt/li$gt", $lt.'a href="'.admin_url("options-general.php").'"'.$gt)."$lt/div$gt"; @ob_start(); $OB_default_handlers = array("default output handler", "zlib output compression"); $OB_handlers = @ob_list_handlers(); if (is_array($OB_handlers) && count($OB_handlers)) foreach ($OB_handlers as $OB_last_handler) if (!in_array($OB_last_handler, $OB_default_handlers)) echo $lt.'div class="error"'.$gt.sprintf(__("Another Plugin or Theme is using '%s' to handle output buffers.
    This prevents actively outputing the buffer on-the-fly and could severely degrade the performance of this (and many other) Plugins.
    Consider disabling caching and compression plugins (at least during the scanning process).",'gotmls'), $OB_last_handler)."$lt/div$gt"; GOTMLS_display_header(); $scan_groups = array_merge(array(__("Scanned Files",'gotmls')=>"scanned",__("Selected Folders",'gotmls')=>"dirs",__("Scanned Folders",'gotmls')=>"dir",__("Skipped Folders",'gotmls')=>"skipdirs",__("Skipped Files",'gotmls')=>"skipped",__("Read/Write Errors",'gotmls')=>"errors",__("Quarantined Files",'gotmls')=>"bad"), $GLOBALS["GOTMLS"]["tmp"]["threat_levels"]); echo $lt.'script type="text/javascript"> var percent = 0; function pCheck(chkb) { var kCheck = ['.trim($kCheck,",").']; chk = true; for (var i = 0; i < kCheck.length; i++) { var chkbox = document.getElementById("check_"+kCheck[i]+"_Yes"); if (chkbox && chkb.id == "check_potential_Yes" && chkb.checked == false) { chk = false; chkbox.checked = true; } else if (chkbox && chkbox.checked) { chk = false; } } if (chkbox = document.getElementById("check_potential_Yes")) chkbox.checked = chk; if (chk) { document.getElementById("check_potential_div").style.display = "block"; alert("If you do not select any other threat types, then only potential threats will be found and the automatic fix will not be available!"); } else document.getElementById("check_potential_div").style.display = "none"; } function changeFavicon(percent) { var oldLink = document.getElementById("wait_gif"); if (oldLink) { if (percent >= 100) { document.getElementsByTagName("head")[0].removeChild(oldLink); var link = document.createElement("link"); link.id = "wait_gif"; link.type = "image/gif"; link.rel = "shortcut icon"; var threats = '.implode(" + ", array_merge($GLOBALS["GOTMLS"]["tmp"]["threat_levels"], array(__("Potential Threats",'gotmls')=>"errors",__("WP-Login Updates",'gotmls')=>"errors"))).'; if (threats > 0) { if ((errors * 2) == threats) linkhref = "blocked"; else linkhref = "threat"; } else linkhref = "checked"; link.href = "'.GOTMLS_images_path.'"+linkhref+".gif"; document.getElementsByTagName("head")[0].appendChild(link); } } else { var icons = document.getElementsByTagName("link"); var link = document.createElement("link"); link.id = "wait_gif"; link.type = "image/gif"; link.rel = "shortcut icon"; link.href = "'.GOTMLS_images_path.'wait.gif"; // document.head.appendChild(link); document.getElementsByTagName("head")[0].appendChild(link); } } function update_status(title, time) { sdir = (dir+direrrors); if (arguments[2] >= 0 && arguments[2] <= 100) percent = arguments[2]; else percent = Math.floor((sdir*100)/dirs); scan_state = "6F6"; if (percent == 100) { showhide("pause_button", true); showhide("pause_button"); title = "'.$lt.'b'.$gt.__("Scan Complete!",'gotmls').$lt.'/b'.$gt.'"; } else scan_state = "99F"; changeFavicon(percent); if (sdir) { if (arguments[2] >= 0 && arguments[2] <= 100) timeRemaining = Math.ceil(((time-startTime)*(100/percent))-(time-startTime)); else timeRemaining = Math.ceil(((time-startTime)*(dirs/sdir))-(time-startTime)); if (timeRemaining > 59) timeRemaining = Math.ceil(timeRemaining/60)+" Minute"; else timeRemaining += " Second"; if (timeRemaining.substr(0, 2) != "1 ") timeRemaining += "s"; } else timeRemaining = "Calculating Time"; timeElapsed = Math.ceil(time); if (timeElapsed > 59) timeElapsed = Math.floor(timeElapsed/60)+" Minute"; else timeElapsed += " Second"; if (timeElapsed.substr(0, 2) != "1 ") timeElapsed += "s"; divHTML = \''.$lt.'div align="center" style="vertical-align: middle; background-color: #ccc; z-index: 3; height: 18px; width: 100%; border: solid #000 1px; position: relative; padding: 10px 0;"'.$gt.$lt.'div style="height: 18px; padding: 10px 0; position: absolute; top: 0px; left: 0px; background-color: #\'+scan_state+\'; width: \'+percent+\'%"'.$gt.$lt.'/div'.$gt.$lt.'div style="height: 32px; position: absolute; top: 3px; left: 10px; z-index: 5; line-height: 16px;" align="left"'.$gt.'\'+sdir+" Folder"+(sdir==1?"":"s")+" Checked'.$lt.'br /'.$gt.'"+timeElapsed+\' Elapsed'.$lt.'/div'.$gt.$lt.'div style="height: 38px; position: absolute; top: 0px; left: 0px; width: 100%; z-index: 5; line-height: 38px; font-size: 30px; text-align: center;"'.$gt.'\'+percent+\'%'.$lt.'/div'.$gt.$lt.'div style="height: 32px; position: absolute; top: 3px; right: 10px; z-index: 5; line-height: 16px;" align="right"'.$gt.'\'+(dirs-sdir)+" Folder"+((dirs-sdir)==1?"":"s")+" Remaining'.$lt.'br /'.$gt.'"+timeRemaining+" Remaining'.$lt.'/div'.$gt.$lt.'/div'.$gt.'"; document.getElementById("status_bar").innerHTML = divHTML; document.getElementById("status_text").innerHTML = title; dis="none"; divHTML = \''.$lt.'ul style="float: right; margin: 0 20px; text-align: right;"'.$gt.'\'; /*'.$lt.'!--*'.'/'; $MAX = 0; $vars = "var i, intrvl, direrrors=0"; $fix_button_js = ""; $found = ""; $li_js = "return false;"; if (isset($_REQUEST["scan_type"]) && $_REQUEST["scan_type"] == "Quick Scan") { $GLOBALS["GOTMLS"]["log"]["settings"]["check"] = array(); foreach ($GLOBALS["GOTMLS"]["tmp"]["threat_levels"] as $check) if ($check != "potential") $GLOBALS["GOTMLS"]["log"]["settings"]["check"][] = $check; } foreach ($scan_groups as $scan_name => $scan_group) { if ($MAX++ == 6) { $quarantineCountOnly = GOTMLS_get_quarantine(true); $vars .= ", $scan_group=$quarantineCountOnly"; echo "/*--{$gt}*"."/\n\tif ($scan_group > 0)\n\t\tscan_state = ' potential'; \n\telse\n\t\tscan_state = '';\n\tdivHTML += '
    • '+$scan_group+' '+($scan_group==1?('$scan_name').slice(0,-1):'$scan_name')+'
    • ';\n/*{$lt}!--*"."/"; $found = "Found "; $fix_button_js = "\n\t\tdis='block';"; } else { $val = 0; if ($found && !in_array($scan_group, $GLOBALS["GOTMLS"]["log"]["settings"]["check"])) $potential_threat = ' potential" title="'.GOTMLS_strip4java(__("You are not currently scanning for this type of threat!",'gotmls')); else $potential_threat = ""; $vars .= ", $scan_group=$val"; echo "/*--{$gt}*"."/\n\tif ($scan_group > 0) {\n\t\tscan_state = ' href=\"#found_$scan_group\" onclick=\"$li_js showhide(\\'found_$scan_group\\', true);\" class=\"GOTMLS_plugin $scan_group\"';$fix_button_js".($MAX>6?"\n\tshowhide('found_$scan_group', true);":"")."\n\t} else\n\t\tscan_state = ' class=\"GOTMLS_plugin$potential_threat\"';\n\tdivHTML += '';\n/*{$lt}!--*"."/"; } $li_js = ""; if ($MAX > 11) $fix_button_js = ""; } $ScanSettings = $lt.'div style="float: right;"'.$gt.GOTMLS_Run_Quick_Scan_LANGUAGE.": $QuickScan$lt/div$gt".GOTMLS_Scan_Settings_LANGUAGE; echo "/*--{$gt}*".'/ document.getElementById("status_counts").innerHTML = divHTML+"'.$lt.'/ul'.$gt.'"; document.getElementById("fix_button").style.display = dis; } '.$vars.'; function showOnly(what) { document.getElementById("only_what").innerHTML = document.getElementById("only"+what).innerHTML; } var startTime = 0; '.$lt.'/script'.$gt.GOTMLS_box($ScanSettings, $scan_opts); $Settings_Saved = "\n{$lt}div onclick=\"this.style.display='none';\" style='position: relative; top: -50px; margin: 0 300px 0 130px;' class='updated'$gt\nSettings Saved!$lt/div$gt\n";//script type='text/javascript'$gt\nalert('Settings Saved!');\n$lt/script$gt\n"; if (isset($_REQUEST["scan_type"]) && $_REQUEST["scan_type"] == "Save") { if ($GOTMLS_nonce_found) { update_option('GOTMLS_settings_array', $GLOBALS["GOTMLS"]["tmp"]["settings_array"]); echo $Settings_Saved; } else echo GOTMLS_box(GOTMLS_Invalid_Nonce(""), __("Saving these settings requires a valid Nonce Token. No valid Nonce Token was found at this time, either because the token have expired or because the data was invalid. Please try re-submitting the form above.",'gotmls')."\n{$lt}script type='text/javascript'$gt\nalert('".GOTMLS_Invalid_Nonce("")."');\n$lt/script$gt\n"); echo GOTMLS_box(__("Scan Logs",'gotmls'), GOTMLS_get_scanlog()); } elseif (isset($_REQUEST["scan_what"]) && is_numeric($_REQUEST["scan_what"]) && ($_REQUEST["scan_what"] > -1)) { if ($GOTMLS_nonce_found) { update_option('GOTMLS_settings_array', $GLOBALS["GOTMLS"]["tmp"]["settings_array"]); $GLOBALS["GOTMLS"]["log"]["settings"]["check"] = array(); GOTMLS_update_scan_log(array("settings" => $GLOBALS["GOTMLS"]["tmp"]["settings_array"])); $cleadCache = false; if (function_exists('is_plugin_active')) { if (function_exists('wp_cache_clear_cache')) { wp_cache_clear_cache(); $cleadCache = true; } if (function_exists('w3tc_pgcache_flush')) { w3tc_pgcache_flush(); $cleadCache = true; } if (class_exists('WpFastestCache')) { $newCache = new WpFastestCache(); $newCache->deleteCache(); $cleadCache = true; } } if ($cleadCache) str_replace("Settings Saved!", "Cache Cleared and Settings Saved!", $Settings_Saved); echo $Settings_Saved; if (!isset($_REQUEST["scan_type"])) $_REQUEST["scan_type"] = "Complete Scan"; elseif ($_REQUEST["scan_type"] == "Quick Scan") { $li_js = "\nfunction testComplete() {\n\tif (percent != 100)\n\t\talert('".__("The Quick Scan was unable to finish because of a shortage of memory or a problem accessing a file. Please try using the Complete Scan, it is slower but it will handle these errors better and continue scanning the rest of the files.",'gotmls')."');\n}\nwindow.onload=testComplete;\n$lt/script$gt\n$lt".'script type="text/javascript"'.$gt; $GLOBALS["GOTMLS"]["log"]["settings"]["check"] = array(); foreach ($GLOBALS["GOTMLS"]["tmp"]["threat_levels"] as $check) if ($check != "potential") $GLOBALS["GOTMLS"]["log"]["settings"]["check"][] = $check; } echo "\n$lt".'form method="POST" action="'.admin_url('admin-ajax.php?'.GOTMLS_set_nonce(__FUNCTION__."1314")).(isset($_SERVER["QUERY_STRING"])&&strlen($_SERVER["QUERY_STRING"])?"&".$_SERVER["QUERY_STRING"]:"").'" target="GOTMLS_iFrame" name="GOTMLS_Form_clean"'.$gt.$lt.'input type="hidden" name="action" value="GOTMLS_fix"'.$gt.$lt.'input type="hidden" id="GOTMLS_fixing" name="GOTMLS_fixing" value="1"'.$gt; foreach ($_POST as $name => $value) { if (substr($name, 0, 10) != 'GOTMLS_fix') { if (is_array($value)) { foreach ($value as $val) echo $lt.'input type="hidden" name="'.$name.'[]" value="'.htmlspecialchars($val).'"'.$gt; } else echo $lt.'input type="hidden" name="'.$name.'" value="'.htmlspecialchars($value).'"'.$gt; } } echo "\n$lt".'script type="text/javascript"'.$gt.'showhide("inside_'.md5($ScanSettings).'");'.$lt.'/script'.$gt.GOTMLS_box(htmlspecialchars($_REQUEST["scan_type"]).' Status', $lt.'div id="status_text"'.$gt.$lt.'img src="'.GOTMLS_images_path.'wait.gif" height=16 width=16 alt="..."'.$gt.' '.GOTMLS_Loading_LANGUAGE.$lt.'/div'.$gt.$lt.'div id="status_bar"'.$gt.$lt.'/div'.$gt.$lt.'p id="pause_button" style="display: none; position: absolute; left: 0; text-align: center; margin-left: -30px; padding-left: 50%;"'.$gt.$lt.'input type="button" value="Pause" class="button-primary" onclick="pauseresume(this);" id="resume_button" /'.$gt.$lt.'/p'.$gt.$lt.'div id="status_counts"'.$gt.$lt.'/div'.$gt.$lt.'p id="fix_button" style="display: none; text-align: center;"'.$gt.$lt.'input id="repair_button" type="submit" value="'.GOTMLS_Automatically_Fix_LANGUAGE.'" class="button-primary" onclick="loadIframe(\'Examine Results\');" /'.$gt.$lt.'/p'.$gt); $scan_groups_UL = ""; foreach ($scan_groups as $scan_name => $scan_group) $scan_groups_UL .= "\n{$lt}ul name=\"found_$scan_group\" id=\"found_$scan_group\" class=\"GOTMLS_plugin $scan_group\" style=\"background-color: #ccc; display: none; padding: 0;\"$gt{$lt}a class=\"rounded-corners\" name=\"link_$scan_group\" style=\"float: right; padding: 0 4px; margin: 5px 5px 0 30px; line-height: 16px; text-decoration: none; color: #C00; background-color: #FCC; border: solid #F00 1px;\" href=\"#found_top\" onclick=\"showhide('found_$scan_group');\"{$gt}X$lt/a$gt{$lt}h3$gt$scan_name$lt/h3$gt\n".($scan_group=='potential'?$lt.'p'.$gt.'   * '.__("NOTE: These are probably not malicious scripts (but it's a good place to start looking IF your site is infected and no Known Threats were found).",'gotmls').$lt.'/p'.$gt:($scan_group=='wp_core'?$lt.'p'.$gt.'   * '.sprintf(__("NOTE: We have detected changes to the WordPress Core files on your site. This could be an intentional modification or the malicious work of a hacker. We can restore these files to their original state to preserve the integrity of your original WordPress %s installation.",'gotmls'), GOTMLS_wp_version).' (for more info '.$lt.'a target="_blank" href="http://gotmls.net/tag/wp-core-files/"'.$gt.__("read my blog",'gotmls').$lt.'/a'.$gt.').'.$lt.'/p'.$gt:$lt.'br /'.$gt)).$lt.'/ul'.$gt; if (!($dir = implode(GOTMLS_slash(), array_slice($dirs, 0, -1 * (2 + $_REQUEST["scan_what"]))))) $dir = "/"; GOTMLS_update_scan_log(array("scan" => array("dir" => $dir, "start" => time(), "type" => htmlentities($_REQUEST["scan_type"])))); echo GOTMLS_box($lt.'div id="GOTMLS_scan_dir" style="float: right;"'.$gt.' ('.$GLOBALS["GOTMLS"]["log"]["scan"]["dir"].") $lt/div$gt".__("Scan Details:",'gotmls'), $scan_groups_UL); $no_flush_LANGUAGE = __("Not flushing OB Handlers: %s",'gotmls'); if (isset($_REQUEST["no_ob_end_flush"])) echo $lt.'div class="error"'.$gt.sprintf($no_flush_LANGUAGE, print_r(ob_list_handlers(), 1))."$lt/div$gt\n"; elseif (is_array($OB_handlers) && count($OB_handlers)) { // $GOTMLS_OB_handlers = get_option("GOTMLS_OB_handlers", array()); foreach (array_reverse($OB_handlers) as $OB_handler) { if (isset($GOTMLS_OB_handlers[$OB_handler]) && $GOTMLS_OB_handlers[$OB_handler] == "no_end_flush") echo $lt.'div class="error"'.$gt.sprintf($no_flush_LANGUAGE, $OB_handler)."$lt/div$gt\n"; elseif (in_array($OB_handler, $OB_default_handlers)) { // $GOTMLS_OB_handlers[$OB_handler] = "no_end_flush"; // update_option("GOTMLS_OB_handlers", $GOTMLS_OB_handlers); @ob_end_flush(); // $GOTMLS_OB_handlers[$OB_handler] = "ob_end_flush"; // update_option("GOTMLS_OB_handlers", $GOTMLS_OB_handlers); } } } @ob_start(); echo "\n{$lt}script type=\"text/javascript\"$gt$li_js\n/*{$lt}!--*"."/"; if (is_dir($dir)) { $GOTMLS_dirs_at_depth[0] = 1; $GOTMLS_dir_at_depth[0] = 0; if (isset($_REQUEST['scan_only']) && is_array($_REQUEST['scan_only'])) { $GOTMLS_dirs_at_depth[0] += (count($_REQUEST['scan_only']) - 1); foreach ($_REQUEST['scan_only'] as $only_dir) if (is_dir(GOTMLS_trailingslashit($dir).$only_dir)) GOTMLS_readdir(GOTMLS_trailingslashit($dir).$only_dir); } else GOTMLS_readdir($dir); } else echo GOTMLS_return_threat("errors", "blocked", $dir, GOTMLS_error_link("Not a valid directory!")); if ($_REQUEST["scan_type"] == "Quick Scan") echo GOTMLS_update_status(__("Completed!",'gotmls'), 100); else { echo GOTMLS_update_status(__("Starting Scan ...",'gotmls')); if (isset($GLOBALS["GOTMLS"]["log"]["settings"]["check"]) && is_array($GLOBALS["GOTMLS"]["log"]["settings"]["check"]) && in_array("db_scan", $GLOBALS["GOTMLS"]["log"]["settings"]["check"])) GOTMLS_db_scan(); echo "/*--{$gt}*"."/\nvar scriptSRC = '".admin_url('admin-ajax.php?action=GOTMLS_scan&'.GOTMLS_set_nonce(__FUNCTION__."1087").'&mt='.$GLOBALS["GOTMLS"]["tmp"]["mt"].preg_replace('/\&(GOTMLS_scan|mt|GOTMLS_mt|action)=/', '&last_\1=', isset($_SERVER["QUERY_STRING"])&&strlen($_SERVER["QUERY_STRING"])?"&".$_SERVER["QUERY_STRING"]:"").'&GOTMLS_scan=')."';\nvar scanfilesArKeys = new Array('".implode("','", array_keys($GLOBALS["GOTMLS"]["tmp"]["scanfiles"]))."');\nvar scanfilesArNames = new Array('Scanning ".implode("','Scanning ", $GLOBALS["GOTMLS"]["tmp"]["scanfiles"])."');".' var scanfilesI = 0; var stopScanning; var gotStuckOn = ""; function scanNextDir(gotStuck) { clearTimeout(stopScanning); if (gotStuck > -1) { if (scanfilesArNames[gotStuck].substr(0, 3) != "Re-") { if (scanfilesArNames[gotStuck].substr(0, 9) == "Checking ") { scanfilesArNames.push(scanfilesArNames[gotStuck]); scanfilesArKeys.push(scanfilesArKeys[gotStuck]+"&GOTMLS_skip_file[]="+encodeURIComponent(scanfilesArNames[gotStuck].substr(9))); } else { scanfilesArNames.push("Re-"+scanfilesArNames[gotStuck]); scanfilesArKeys.push(scanfilesArKeys[gotStuck]+"&GOTMLS_only_file="); } } else { scanfilesArNames.push("Got Stuck "+scanfilesArNames[gotStuck]); scanfilesArKeys.push(scanfilesArKeys[gotStuck]+"&GOTMLS_skip_dir="+scanfilesArKeys[gotStuck]); } } if (document.getElementById("resume_button").value != "Pause") { stopScanning=setTimeout("scanNextDir(-1)", 1000); startTime++; } else if (scanfilesI < scanfilesArKeys.length) { document.getElementById("status_text").innerHTML = scanfilesArNames[scanfilesI]; var newscript = document.createElement("script"); newscript.setAttribute("src", scriptSRC+scanfilesArKeys[scanfilesI]); divx = document.getElementById("found_scanned"); if (divx) divx.appendChild(newscript); stopScanning=setTimeout("scanNextDir("+(scanfilesI++)+")",'.$GLOBALS["GOTMLS"]["tmp"]['execution_time'].'000); } } startTime = ('.ceil(time()-$GLOBALS["GOTMLS"]["log"]["scan"]["start"]).'+3); stopScanning=setTimeout("scanNextDir(-1)",3000); function pauseresume(butt) { if (butt.value == "Resume") butt.value = "Pause"; else butt.value = "Resume"; } showhide("pause_button", true);'."\n/*{$lt}!--*"."/"; } if (@ob_get_level()) { GOTMLS_flush('script'); @ob_end_flush(); } echo "/*--{$gt}*"."/\n$lt/script$gt"; } else echo GOTMLS_box(GOTMLS_Invalid_Nonce(""), __("Starting a Complete Scan requires a valid Nonce Token. No valid Nonce Token was found at this time, either because the token have expired or because the data was invalid. Please try re-submitting the form above.",'gotmls')."\n{$lt}script type='text/javascript'$gt\nalert('".GOTMLS_Invalid_Nonce("")."');\n$lt/script$gt\n"); } else echo GOTMLS_box(__("Scan Logs",'gotmls'), GOTMLS_get_scanlog()); echo "\n$lt/div$gt$lt/div$gt$lt/div$gt"; } function GOTMLS_login_form($form_id = "loginform") { $sess = time(); $ajaxURL = admin_url("admin-ajax.php?action=GOTMLS_logintime&GOTMLS_sess="); echo '\n";//GOTMLS_login_script.onload = set_offset_id(); } add_action("login_form", "GOTMLS_login_form"); function GOTMLS_ajax_logintime() { @header("Content-type: text/javascript"); $sess = (false && isset($_GET["GOTMLS_sess"]) && is_numeric($_GET["GOTMLS_sess"])) ? htmlspecialchars($_GET["sess"]) : time(); die("\n//Permission Error: User not authenticated!\nvar GOTMLS_login_offset = new Date();\nvar GOTMLS_login_offset_start = GOTMLS_login_offset.getTime() - ".$sess."000;\nfunction set_offset_id() {\n\tGOTMLS_login_offset = new Date();\n\tif (form_login = document.getElementById('offset_id'))\n\t\tform_login.value = GOTMLS_login_offset.getTime() - GOTMLS_login_offset_start;\n\tsetTimeout(set_offset_id, 15673);\n}\nset_offset_id();"); } add_action('wp_ajax_nopriv_GOTMLS_logintime', 'GOTMLS_ajax_logintime'); add_action('wp_ajax_GOTMLS_logintime', 'GOTMLS_ajax_logintime'); function GOTMLS_ajax_lognewkey() { @header("Content-type: text/javascript"); if (GOTMLS_get_nonce()) { if (isset($_POST["GOTMLS_installation_key"]) && ($_POST["GOTMLS_installation_key"] == GOTMLS_installation_key)) { $keys = maybe_unserialize(get_option('GOTMLS_Installation_Keys', array())); if (is_array($keys)) { $count = count($keys); if (!array_key_exists(GOTMLS_installation_key, $keys)) $keys = array_merge($keys, array(GOTMLS_installation_key => GOTMLS_siteurl)); } else $keys = array(GOTMLS_installation_key => GOTMLS_siteurl); update_option("GOTMLS_Installation_Keys", serialize($keys)); die("\n//$count~".count($keys)); } else die("\n//0"); } else die(GOTMLS_Invalid_Nonce("\n//Log New Key Error: ")."\n"); } add_action('wp_ajax_GOTMLS_lognewkey', 'GOTMLS_ajax_lognewkey'); add_action('wp_ajax_nopriv_GOTMLS_lognewkey', 'GOTMLS_ajax_nopriv'); function GOTMLS_set_plugin_action_links($links_array, $plugin_file) { if ($plugin_file == substr(str_replace("\\", "/", __FILE__), (-1 * strlen($plugin_file))) && strlen($plugin_file) > 10) $links_array = array_merge(array(''.GOTMLS_Scan_Settings_LANGUAGE.''), $links_array); return $links_array; } add_filter("plugin_action_links", "GOTMLS_set_plugin_action_links", 1, 2); function GOTMLS_set_plugin_row_meta($links_array, $plugin_file) { if ($plugin_file == substr(str_replace("\\", "/", __FILE__), (-1 * strlen($plugin_file))) && strlen($plugin_file) > 10) $links_array = array_merge($links_array, array('FAQ','Support','Donate')); return $links_array; } add_filter("plugin_row_meta", "GOTMLS_set_plugin_row_meta", 1, 2); function GOTMLS_in_plugin_update_message($args) { $transient_name = 'GOTMLS_upgrade_notice_'.$args["Version"].'_'.$args["new_version"]; if ((false === ($upgrade_notice = get_transient($transient_name))) && ($ret = GOTMLS_get_URL("https://plugins.svn.wordpress.org/gotmls/trunk/readme.txt"))) { $upgrade_notice = ''; if ($match = preg_split('/==\s*Upgrade Notice\s*==\s+/i', $ret)) { if (preg_match('/\n+=\s*'.str_replace(".", "\\.", GOTMLS_Version).'\s*=\s+/is', $match[1])) $notice = (array) preg_split('/\n+=\s*'.str_replace(".", "\\.", GOTMLS_Version).'\s*=\s+/is', $match[1]); else $notice = (array) preg_split('/\n+=/is', $match[1]."\n="); $upgrade_notice .= '
      '.preg_replace('/=\s*([\.0-9]+)\s*=\s*([^=]+)/i', '
    • ${1}: ${2}
    • ', preg_replace('~\[([^\]]*)\]\(([^\)]*)\)~', '${1}', $notice[0])).'
      '; set_transient($transient_name, $upgrade_notice, DAY_IN_SECONDS); } } echo $upgrade_notice; } add_action("in_plugin_update_message-gotmls/index.php", "GOTMLS_in_plugin_update_message"); function GOTMLS_init() { global $wp_version; if (isset($wp_version) && ($wp_version)) GOTMLS_define("GOTMLS_wp_version", $wp_version); else GOTMLS_define("GOTMLS_wp_version", "Not Set"); if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_what"])) $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_what"] = 2; if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_depth"])) $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_depth"] = -1; if (isset($_REQUEST["scan_type"]) && ($_REQUEST["scan_type"] == "Quick Scan")) { if (!isset($_REQUEST["scan_what"])) $_REQUEST["scan_what"] = 2; if (!isset($_REQUEST["scan_depth"])) $_REQUEST["scan_depth"] = 2; if (!isset($_REQUEST["scan_only"])) $_REQUEST["scan_only"] = array("","wp-includes","wp-admin"); if ($_REQUEST["scan_only"] && !is_array($_REQUEST["scan_only"])) $_REQUEST["scan_only"] = array($_REQUEST["scan_only"]); } if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check_custom"])) $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check_custom"] = ""; if (isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"]) && is_numeric($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"])) $scan_level = intval($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"]); else $scan_level = count(explode('/', trailingslashit(GOTMLS_siteurl))) - 1; if (GOTMLS_get_nonce()) { if (isset($_REQUEST["dont_check"]) && is_array($_REQUEST["dont_check"]) && count($_REQUEST["dont_check"])) $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"] = $_REQUEST["dont_check"]; elseif (isset($_POST["scan_type"]) || !(isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"]))) $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"] = array(); if (isset($_POST["scan_level"]) && is_numeric($_POST["scan_level"])) $scan_level = intval($_POST["scan_level"]); if (isset($scan_level) && is_numeric($scan_level)) $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"] = intval($scan_level); } if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"])) $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"] = count(explode('/', trailingslashit(GOTMLS_siteurl))) - 1; } add_action("admin_init", "GOTMLS_init"); function GOTMLS_ajax_position() { if (GOTMLS_get_nonce()) { $GLOBALS["GOTMLS_msg"] = __("Default position",'gotmls'); $properties = array("body" => 'style="margin: 0; padding: 0;"'); if (isset($_GET["GOTMLS_msg"]) && $_GET["GOTMLS_msg"] == $GLOBALS["GOTMLS_msg"]) { $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"] = $GLOBALS["GOTMLS"]["tmp"]["default"]["msg_position"]; $gl = '><'; $properties["html"] = $gl.'head'.$gl.'script type="text/javascript"> if (curDiv = window.parent.document.getElementById("div_file")) { curDiv.style.left = "'.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][0].'"; curDiv.style.top = "'.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][1].'"; curDiv.style.height = "'.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][2].'"; curDiv.style.width = "'.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][3].'"; } array("body" => htmlentities($_GET["GOTMLS_msg"]).' '.__("saved.",'gotmls').(implode($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"]) == implode($GLOBALS["GOTMLS"]["tmp"]["default"]["msg_position"])?"":' ['.$GLOBALS["GOTMLS_msg"].']'))), $properties)); } else die(GOTMLS_Invalid_Nonce("\n//Position Error: ")."\n"); } add_action('wp_ajax_GOTMLS_position', 'GOTMLS_ajax_position'); function GOTMLS_ajax_empty_trash() { global $wpdb; $gl = '><'; if (GOTMLS_get_nonce()) { if ($trashed = $wpdb->query("DELETE FROM $wpdb->posts WHERE `post_type` = 'GOTMLS_quarantine' AND `post_status` != 'private'")) { $wpdb->query("REPAIR TABLE $wpdb->posts"); $trashmsg = __("Emptied $trashed item from the quarantine trash.",'gotmls'); } else $trashmsg = __("Failed to empty the trash.",'gotmls'); } else $trashmsg = GOTMLS_Invalid_Nonce(""); $properties = array("html" => $gl.'head'.$gl."script type='text/javascript'>\nif (curDiv = window.parent.document.getElementById('empty_trash_link'))\n\tcurDiv.style.display = 'none';\nalert('$trashmsg');\n 'style="margin: 0; padding: 0;"'); die(GOTMLS_html_tags(array("html" => array("body" => $trashmsg)), $properties)); } add_action('wp_ajax_GOTMLS_empty_trash', 'GOTMLS_ajax_empty_trash'); function GOTMLS_ajax_whitelist() { if (GOTMLS_get_nonce()) { if (isset($_POST['GOTMLS_whitelist']) && isset($_POST['GOTMLS_chksum'])) { $file = GOTMLS_decode($_POST['GOTMLS_whitelist']); $chksum = explode("O", $_POST['GOTMLS_chksum']."O"); if (strlen($chksum[0]) == 32 && strlen($chksum[1]) == 32 && is_file($file) && md5(@file_get_contents($file)) == $chksum[0]) { $filesize = @filesize($file); if (true) { if (!isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"][$file][0])) $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"][$file][0] = "A0002"; $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"][$file][$chksum[0].'O'.$filesize] = "A0002"; } else unset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"][$file]); GOTMLS_update_option("definitions", $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]); $body = "Added $file to Whitelist!
      \n"; } else $body = "
    • Invalid Data!
    • "; die(GOTMLS_html_tags(array("html" => array("body" => $body)))); } else die("\n//Whitelist Error: Invalid checksum!\n"); } else die(GOTMLS_Invalid_Nonce("\n//Whitelist Error: ")."\n"); } add_action('wp_ajax_GOTMLS_whitelist', 'GOTMLS_ajax_whitelist'); function GOTMLS_ajax_fix() { if (GOTMLS_get_nonce()) { if (isset($_POST["GOTMLS_fix"]) && !is_array($_POST["GOTMLS_fix"])) $_POST["GOTMLS_fix"] = array($_POST["GOTMLS_fix"]); if (isset($_REQUEST["GOTMLS_fix"]) && is_array($_REQUEST["GOTMLS_fix"]) && isset($_REQUEST["GOTMLS_fixing"]) && $_REQUEST["GOTMLS_fixing"]) { GOTMLS_update_scan_log(array("settings" => $GLOBALS["GOTMLS"]["tmp"]["settings_array"])); $callAlert = "clearTimeout(callAlert);\ncallAlert=setTimeout('alert_repaired(1)', 30000);"; $li_js = "\n\n\n"; $li_js = "\n"; $li_js = "\n"; $li_js = "\n$HTML[1]"); } else die(GOTMLS_html_tags(array("html" => array("body" => "".__("Done!",'gotmls'))))); } else die(GOTMLS_html_tags(array("html" => array("body" => "".__("Done!",'gotmls'))))); } add_action('wp_ajax_GOTMLS_fix', 'GOTMLS_ajax_fix'); function GOTMLS_ajax_scan() { if (GOTMLS_get_nonce()) { @error_reporting(0); if (isset($_GET["GOTMLS_scan"])) { $script_form = '
      $GLOBALS["GOTMLS"]["tmp"]["threats_found"])); foreach ($GLOBALS["GOTMLS"]["tmp"]["threats_found"] as $threats_found => $threats_name) { list($start, $end, $junk) = explode("-", "$threats_found--", 3); if (strlen($end) > 0 && is_numeric($start) && is_numeric($end)) { if ($start < $end) $fa .= ' ['.$f++.']'; else $fa .= ' ['.$f++.']'; } else { if (is_numeric($threats_found)) { $threats_found = $threats_name; $threats_name = $f; } $fpos = 0; $flen = 0; $potential_threat = str_replace("\r", "", $threats_found); while (($fpos = strpos(str_replace("\r", "", $GLOBALS["GOTMLS"]["tmp"]["file_contents"]), ($potential_threat), $flen + $fpos)) !== false) { $flen = strlen($potential_threat); $fa .= ' ['.$f++.']'; } } } } //else echo "excerpt:".$Q_post["post_excerpt"]; die("\n$script_form".admin_url('admin-ajax.php?'.GOTMLS_set_nonce(__FUNCTION__."1779")).'" onsubmit="return confirm(\''.__("Are you sure you want to delete the record of this file from the quarantine?",'gotmls').'\');">
      '.__("File Details:",'gotmls').' ('.$fa.' )
      '); } else die(GOTMLS_html_tags(array("html" => array("body" => __("This record no longer exists in the quarantine.",'gotmls')."
      \n")))); } else { $file = GOTMLS_decode($_GET["GOTMLS_scan"]); if (is_numeric($file)) die("\n$script_form".GOTMLS_db_scan($file)); elseif (is_dir($file)) { @error_reporting(0); @header("Content-type: text/javascript"); if (isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"])) $GLOBALS["GOTMLS"]["tmp"]["skip_ext"] = $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"]; @ob_start(); echo GOTMLS_scandir($file); if (@ob_get_level()) { GOTMLS_flush(); @ob_end_flush(); } die('//END OF JavaScript'); } elseif (file_exists($file)) { GOTMLS_scanfile($file); $fa = ""; $function = 'GOTMLS_decode'; if (isset($_GET[$function]) && is_array($_GET[$function])) { foreach ($_GET[$function] as $decode) { $fa .= " NO-$decode"; } } elseif (isset($GLOBALS["GOTMLS"]["tmp"]["threats_found"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["threats_found"]) && count($GLOBALS["GOTMLS"]["tmp"]["threats_found"])) { $f = 1; foreach ($GLOBALS["GOTMLS"]["tmp"]["threats_found"] as $threats_found => $threats_name) { list($start, $end, $junk) = explode("-", "$threats_found--", 3); if ($start > $end) $fa .= 'ERROR['.($f++).']: Threat_size{'.$threats_found.'} Content_size{'.strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]).'}'; else $fa .= ' ['.$f++.']'; } } else $fa = " No Threats Found"; die("\n$script_form".admin_url('admin-ajax.php?'.GOTMLS_set_nonce(__FUNCTION__."1821")).'" onsubmit="return confirm(\''.__("Are you sure this file is not infected and you want to ignore it in future scans?",'gotmls').'\');">
      '.__("Potential threats in file:",'gotmls').' ('.$fa.' )
      '); } else die(GOTMLS_html_tags(array("html" => array("body" => sprintf(__("The file %s does not exist, it must have already been deleted.",'gotmls'), htmlspecialchars($file))."")))); } } else die("\n//Directory Error: Nothing to scan!\n"); } else { if (isset($_GET["GOTMLS_scan"]) && is_dir(GOTMLS_decode($_GET["GOTMLS_scan"]))) @header("Content-type: text/javascript"); die(GOTMLS_Invalid_Nonce("\n//Ajax Scan Error: ")."\n"); } } add_action('wp_ajax_GOTMLS_scan', 'GOTMLS_ajax_scan'); function GOTMLS_ajax_nopriv() { die("\n//Permission Error: User not authenticated!\n"); } add_action('wp_ajax_nopriv_GOTMLS_scan', 'GOTMLS_ajax_nopriv'); add_action('wp_ajax_nopriv_GOTMLS_position', 'GOTMLS_ajax_nopriv'); add_action('wp_ajax_nopriv_GOTMLS_fix', 'GOTMLS_ajax_nopriv'); add_action('wp_ajax_nopriv_GOTMLS_whitelist', 'GOTMLS_ajax_nopriv'); add_action('wp_ajax_nopriv_GOTMLS_empty_trash', 'GOTMLS_ajax_nopriv'); add_action('wp_ajax_nopriv_GOTMLS_auto_update', 'GOTMLS_update_definitions'); add_action("plugins_loaded", "GOTMLS_loaded"); add_action("admin_notices", "GOTMLS_admin_notices"); add_action("admin_menu", "GOTMLS_menu"); add_action("network_admin_menu", "GOTMLS_menu"); strlen("/".basename(__FILE__)) && substr(__FILE__, -1 * strlen($SCRIPT_FILE)) == substr($SCRIPT_FILE, -1 * strlen(__FILE__))) include(dirname(__FILE__)."/safe-load/index.php"); else require_once(dirname(__FILE__)."/images/index.php"); /* ___ * / /\ GOTMLS Main Plugin File * / /:/ @package GOTMLS * /__/::\ Copyright \__\/\:\__ © 2012-2018 Eli Scheetz (email: eli@gotmls.net) * \ \:\/\ * \__\::/ This program is free software; you can redistribute it * ___ /__/:/ and/or modify it under the terms of the GNU General Public * /__/\ _\__\/ License as published by the Free Software Foundation; * \ \:\ / /\ either version 2 of the License, or (at your option) any * ___\ \:\ /:/ later version. * / /\\ \:\/:/ / /:/ \ \::/ This program is distributed in the hope that it will be useful, / /:/_ \__\/ but WITHOUT ANY WARRANTY; without even the implied warranty /__/:/ /\__ of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. \ \:\/:/ /\ See the GNU General Public License for more details. \ \::/ /:/ \ \:\/:/ You should have received a copy of the GNU General Public License * \ \::/ with this program; if not, write to the Free Software Foundation, * \__\/ Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ load_plugin_textdomain('gotmls', false, basename(GOTMLS_plugin_path).'/languages'); require_once(GOTMLS_plugin_path.'images/index.php'); function GOTMLS_install() { global $wp_version; if (isset($wp_version) && ($wp_version)) GOTMLS_define("GOTMLS_wp_version", $wp_version); else GOTMLS_define("GOTMLS_wp_version", "Unknown"); if (version_compare(GOTMLS_wp_version, GOTMLS_require_version, "<")) die(GOTMLS_require_version_LANGUAGE.", NOT version: ".GOTMLS_wp_version); } register_activation_hook(__FILE__, "GOTMLS_install"); function GOTMLS_user_can() { if (is_multisite()) $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"] = "manage_network"; elseif (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"]) || $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"] == "manage_network") $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"] = "activate_plugins"; if (current_user_can($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"])) return true; else return false; } function GOTMLS_menu() { $GOTMLS_Full_plugin_logo_URL = GOTMLS_images_path.'GOTMLS-16x16.gif'; $base_page = "GOTMLS-settings"; $base_function = "GOTMLS_settings"; $pluginTitle = "Anti-Malware"; $pageTitle = "$pluginTitle ".GOTMLS_Scan_Settings_LANGUAGE; if (GOTMLS_user_can()) { $my_admin_page = add_menu_page($pageTitle, $pluginTitle, $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"], $base_page, $base_function, $GOTMLS_Full_plugin_logo_URL); add_action('load-'.$my_admin_page, 'GOTMLS_admin_add_help_tab'); add_submenu_page($base_page, "$pluginTitle ".GOTMLS_Scan_Settings_LANGUAGE, GOTMLS_Scan_Settings_LANGUAGE, $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"], $base_page, $base_function); add_submenu_page($base_page, "$pluginTitle Firewall Options", "Firewall Options", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"], "GOTMLS-Firewall-Options", "GOTMLS_Firewall_Options"); add_submenu_page($base_page, "$pluginTitle ".GOTMLS_View_Quarantine_LANGUAGE, GOTMLS_View_Quarantine_LANGUAGE.(($Qs = GOTMLS_get_quarantine(true))?' '.$Qs.'':""), $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"], "GOTMLS-View-Quarantine", "GOTMLS_View_Quarantine"); } } function GOTMLS_admin_add_help_tab() { $screen = get_current_screen(); $screen->add_help_tab(array( 'id' => "GOTMLS_Getting_Started", 'title' => __("Getting Started", 'gotmls'), 'content' => '

      '.__("Make sure the Definition Updates are current and Run a Complete Scan.").'

      '.sprintf(__("If Known Threats are found and displayed in red then there will be a button to '%s'. If only Potentional Threats are found then there is no automatic fix because those are probably not malicious."), GOTMLS_Automatically_Fix_LANGUAGE).'

      '.__("A backup of the original infected files are placed in the Quarantine in case you need to restore them or just want to look at them later. You can delete these files if you don't want to save more.").'

      ' )); $FAQMarker = '== Frequently Asked Questions =='; if (is_file(dirname(__FILE__).'/readme.txt') && ($readme = explode($FAQMarker, @file_get_contents(dirname(__FILE__).'/readme.txt').$FAQMarker)) && strlen($readme[1]) && ($readme = explode("==", $readme[1]."==")) && strlen($readme[0])) { $screen->add_help_tab(array( 'id' => "GOTMLS_FAQs", 'title' => __("FAQs", 'gotmls'), 'content' => '

      '.preg_replace('/\[(.+?)\]\((.+?)\)/', "\\1", preg_replace('/[\r\n]+= /', "

      ", preg_replace('/ =[\r\n]+/', "

      ", $readme[0]))).'

      ' )); } } function GOTMLS_close_button($box_id, $margin = '6px') { return 'X'; } function GOTMLS_enqueue_scripts() { wp_enqueue_style('dashicons'); } add_action('admin_enqueue_scripts', 'GOTMLS_enqueue_scripts'); function GOTMLS_display_header($optional_box = "") { global $current_user, $wpdb; wp_get_current_user(); $GOTMLS_url_parts = explode('/', GOTMLS_siteurl); if (isset($_GET["check_site"]) && $_GET["check_site"]) echo '
      ✔ '.__("Tested your site. It appears we didn't break anything",'gotmls').' ;-)
    • Please write a "Five-Star" Review on WordPress.org if you like this plugin.
    • Anti-Malware from GOTMLS.NET

      '.GOTMLS_box(__("Updates & Registration",'gotmls'), "
        $php_version
      • WordPress: ".GOTMLS_wp_version."
      • \n
      • Plugin: ".GOTMLS_Version.'
      • Key: '.GOTMLS_installation_key.'
        Key: '.GOTMLS_installation_key.'
        No Key!
      • Definitions: '.$GLOBALS["GOTMLS"]["tmp"]["Definition"]["Latest"].'
      '.str_replace('findUpdates', 'Definition_Updates', $Update_Div).'
      '.(false && $isRegistered?'Registered to: '.$isRegistered:"").$Update_Link, "stuffbox").' '.GOTMLS_box(__("Resources & Links",'gotmls'), '
      $15 $29 $52 $100 $200
      Google Safe Browsing Diagnostic', "stuffbox").//GOTMLS_box(__("Last Scan Status",'gotmls'), GOTMLS_scan_log(), "stuffbox"). $optional_box.'
      '; if (isset($GLOBALS["GOTMLS"]["tmp"]["stuffbox"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["stuffbox"])) { echo ' '; } echo '
      '; } function GOTMLS_box($bTitle, $bContents, $bType = "postbox") { $md5 = md5($bTitle); if (isset($GLOBALS["GOTMLS"]["tmp"]["$bType"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["$bType"])) $GLOBALS["GOTMLS"]["tmp"]["$bType"]["$md5"] = "$bTitle"; else $GLOBALS["GOTMLS"]["tmp"]["$bType"] = array("$md5"=>"$bTitle"); return '

      '.$bTitle.'

      '.$bContents.'
      '; } function GOTMLS_get_scanlog() { global $wpdb; $LastScan = ''; if (isset($_GET["GOTMLS_cl"]) && GOTMLS_get_nonce()) { $SQL = $wpdb->prepare("DELETE FROM `$wpdb->options` WHERE option_name LIKE %s AND substring_index(option_name, '/', -1) < %s", 'GOTMLS_scan_log/%', $_GET["GOTMLS_cl"]); if ($cleared = $wpdb->query($SQL)) $LastScan .= sprintf(__("Cleared %s records from this log.",'gotmls'), $cleared); // else $LastScan .= $wpdb->last_error."
    • $SQL
    • "; } $SQL = "SELECT substring_index(option_name, '/', -1) AS `mt`, option_name, option_value FROM `$wpdb->options` WHERE option_name LIKE 'GOTMLS_scan_log/%' ORDER BY mt DESC"; if ($rs = $wpdb->get_results($SQL, ARRAY_A)) { $units = array("seconds"=>60,"minutes"=>60,"hours"=>24,"days"=>365,"years"=>10); $LastScan .= ''; } else $LastScan .= '

      '.__("No Scans have been logged",'gotmls').'

      '; return "$LastScan\n"; } function GOTMLS_get_whitelists() { $Q_Page = ''; if (isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"])) { $Q_Page .= '

        '.__("Globally White-listed files",'gotmls').''.__("# of patterns",'gotmls').''.__("Date Updated",'gotmls').'

        '; foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"] as $file => $non_threats) { if (isset($non_threats[0])) { $updated = GOTMLS_sexagesimal($non_threats[0]); unset($non_threats[0]); } else $updated = "Unknown"; $Q_Page .= '
      • '.count($non_threats).''.$updated."$file
      • \n"; } if (isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"])) { $Q_Page .= '

        '.__("WordPress Core files",'gotmls').''.__("# of files",'gotmls').'

        '; foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"] as $ver => $files) { $Q_Page .= '
      • '.count($files)."Version $ver
      • \n"; } } $Q_Page .= "
      "; } return "$Q_Page\n"; } function GOTMLS_get_quarantine($only = false) { global $wpdb, $post; if (is_numeric($only)) return get_post($only, ARRAY_A); elseif ($only) return $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->posts WHERE `post_type` = 'GOTMLS_quarantine' AND `post_status` = 'private'"); else $args = array('posts_per_page' => (isset($_GET['posts_per_page'])&&is_numeric($_GET['posts_per_page'])&&$_GET['posts_per_page']>0?$_GET['posts_per_page']:200), 'orderby' => 'date', 'post_type' => 'GOTMLS_quarantine', "post_status" => "private"); if (isset($_POST["paged"])) $args["paged"] = $_POST["paged"]; $my_query = new WP_Query($args); $Q_Paged = '
      Page:
      '; $Q_Page = ' '; if ($my_query->have_posts()) { $Q_Page .= '

      '.__("The following items have been found to contain malicious code, they have been cleaned, and the original infected file contents have been saved here in the Quarantine. The code is safe here and you do not need to do anything further with these files.",'gotmls').'

        '.($my_query->post_count>1?' '.sprintf(__("Check all %d",'gotmls'),$my_query->post_count):"").__(" Items in Quarantine",'gotmls').''.__("Quarantined",'gotmls').''.__("Date Infected",'gotmls').'

        '; $root_path = implode(GOTMLS_slash(), array_slice(GOTMLS_explode_dir(__FILE__), 0, (2 + intval($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"])) * -1)); while ($my_query->have_posts()) { $my_query->the_post(); $Q_Page .= '
      • '.$post->post_date_gmt.''.$post->post_modified_gmt.'Q'.GOTMLS_error_link(__("View Quarantined File",'gotmls'), $post->ID).str_replace($root_path, "...", $post->post_title)."
      • \n"; } $Q_Page .= "\n
      "; for ($p = 1; $p <= $my_query->max_num_pages; $p++) { $Q_Paged .= ''; } } else $Q_Page .= '

      '.__("No Items in Quarantine",'gotmls').'

      '; wp_reset_query(); $return = "$Q_Paged\n

      \n$Q_Page\n\n$Q_Paged\n
      \n"; if (($trashed = $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->posts WHERE `post_type` = 'GOTMLS_quarantine' AND `post_status` != 'private'")) > 1) $return = '['.sprintf(__("Clear %s Deleted Files from the Trash",'gotmls'), $trashed)."]$return"; return $return; } function GOTMLS_View_Quarantine() { GOTMLS_update_definitions(); $echo = GOTMLS_box($Q_Page = __("White-lists",'gotmls'), GOTMLS_get_whitelists()); if (!isset($_GET['Whitelists'])) $echo .= "\n\n"; $echo .= GOTMLS_box($Q_Page = __("Quarantine",'gotmls'), GOTMLS_get_quarantine()); GOTMLS_display_header(); echo $echo."\n
      "; } function GOTMLS_Firewall_Options() { global $current_user, $wpdb, $table_prefix; GOTMLS_update_definitions(); GOTMLS_display_header(); $GOTMLS_nonce_found = GOTMLS_get_nonce(); $gt = ">"; $lt = "<"; $save_action = ""; $patch_attr = array( array( "icon" => "blocked", "language" => __("Your WordPress Login page is susceptible to a brute-force attack (just like any other login page). These types of attacks are becoming more prevalent these days and can sometimes cause your server to become slow or unresponsive, even if the attacks do not succeed in gaining access to your site. Applying this patch will block access to the WordPress Login page whenever this type of attack is detected."), "status" => 'Not Installed', "action" => 'Install Patch' ), array( "language" => __("Your WordPress site has the current version of my brute-force Login protection installed."), "action" => 'Uninstall Patch', "status" => 'Enabled', "icon" => "checked" ), array( "language" => __("Your WordPress Login page has the old version of my brute-force protection installed. Upgrade this patch to improve the protection on the WordPress Login page and preserve the integrity of your WordPress core files."), "action" => 'Upgrade Patch', "status" => 'Out of Date', "icon" => "threat" ) ); $find = '|]+xmlrpc.php>(.+?)\s*(# END GOTMLS Patch to Block XMLRPC Access\s*)*|is'; $deny = "\n\norder deny,allow\ndeny from all"; $allow = ""; if (isset($_SERVER["REMOTE_ADDR"])) { $deny .= "\nallow from ".$_SERVER["REMOTE_ADDR"]; $allow .= " ".$_SERVER["REMOTE_ADDR"]; } if (isset($_SERVER["SERVER_ADDR"])) { $deny .= "\nallow from ".$_SERVER["SERVER_ADDR"]; $allow .= " ".$_SERVER["SERVER_ADDR"]; } $deny .= "\n\n\nRequire"; if (strlen(trim($allow)) > 0) $deny .= " ip$allow"; else $deny .= " all denied"; $deny .= "\n"; if (count($GLOBALS["GOTMLS"]["tmp"]["apache"]) > 1) $errdiv = ""; else $errdiv = "
      Unable to read Apache Version, this patch may not work!
      "; $patch_action = $lt.'form method="POST" name="GOTMLS_Form_XMLRPC_patch"'.$gt.$lt.'input type="hidden" name="'.str_replace('=', '" value="', GOTMLS_set_nonce(__FUNCTION__."1159")).'"'.$gt.$lt.'script'.$gt."\nfunction setFirewall(opt, val) {\n\tif (autoUpdateDownloadGIF = document.getElementById('fw_opt'))\n\t\tautoUpdateDownloadGIF.value = opt;\n\tif (autoUpdateDownloadGIF = document.getElementById('fw_val'))\n\t\tautoUpdateDownloadGIF.value = val;\n}\nfunction testComplete() {\nif (autoUpdateDownloadGIF = document.getElementById('autoUpdateDownload'))\n\tdonationAmount = autoUpdateDownloadGIF.src.replace(/^.+\?/,'');\nif ((autoUpdateDownloadGIF.src == donationAmount) || donationAmount=='0') {\n\tif (patch_searching_div = document.getElementById('GOTMLS_XMLRPC_patch_searching')) {\n\t\tif (autoUpdateDownloadGIF.src == donationAmount)\n\t\t\tpatch_searching_div.innerHTML = '".__("You must register and donate to use this feature!",'gotmls')."';\n\t\telse\n\t\t\tpatch_searching_div.innerHTML = '".__("This feature is available to those who have donated!",'gotmls')."';\n\t}\n} else {\n\tshowhide('GOTMLS_XMLRPC_patch_searching');\n\tshowhide('GOTMLS_XMLRPC_patch_button', true);\n}\n}\nwindow.onload=testComplete;\n$lt/script$gt$lt".'div style="padding: 0 30px;"'.$gt.$lt.'input type="hidden" name="GOTMLS_XMLRPC_patching" value="'; $patch_found = false; $head = str_replace(array('|]+', '(.+?)', '\\s*(', '\\s*)*|is'), array(" 0) && GOTMLS_file_put_contents(ABSPATH.'.htaccess', "$head$htaccess")) { $patch_action .= '-1"'.$gt.$lt.'input style="float: right;" type="submit" value="Unblock XMLRPC Access" /'.$gt.$lt.'p'.$gt.$lt.'img src="'.GOTMLS_images_path.'checked.gif"'.$gt.$lt.'b'.$gt.'Block XMLRPC Access (Now Blocked'; $errdiv = ""; } elseif ($GOTMLS_nonce_found && isset($_POST["GOTMLS_XMLRPC_patching"]) && ($_POST["GOTMLS_XMLRPC_patching"] > 0)) $patch_action .= '1"'.$gt.$lt.'input style="float: right;" type="submit" value="Block XMLRPC Access" /'.$gt.$lt.'p'.$gt.$lt.'img src="'.GOTMLS_images_path.'threat.gif"'.$gt.$lt.'b'.$gt.'Block XMLRPC Access (Still Allowing Access: '.sprintf(__("Failed to install XMLRPC Protection [.htaccess %s]",'gotmls'),(is_readable(ABSPATH.'.htaccess')?'read-'.(is_writable(ABSPATH.'.htaccess')?'write?':'only!'):"unreadable!").": ".strlen($htaccess).GOTMLS_fileperms(ABSPATH.'.htaccess')); else $patch_action .= '1"'.$gt.$lt.'input style="float: right;" type="submit" value="Block XMLRPC Access" /'.$gt.$lt.'p'.$gt.$lt.'img src="'.GOTMLS_images_path.'question.gif"'.$gt.$lt.'b'.$gt.'Block XMLRPC Access (Currently Allowing Access'; } $patch_action .= ")$errdiv$lt/b$gt$lt/p$gt".__("Most WordPress sites do not use the XMLRPC features and hack attempts on the xmlrpc.php file are more common then ever before. Even if there are no vulnerabilities for hackers to exploit, these attempts can cause slowness or downtime similar to a DDoS attack. This patch automatically blocks all external access to the xmlrpc.php file.",'gotmls').$lt.'/div'.$gt.$lt.'/form'.$gt.$lt.'hr /'.$gt; $patch_status = 0; $patch_found = -1; $find = "#if\s*\(([^\&]+\&\&)?\s*file_exists\((.+?)(safe-load|wp-login)\.php'\)\)\s*require(_once)?\((.+?)(safe-load|wp-login)\.php'\);#"; $head = str_replace(array('#', '\\(', '\\)', '(_once)?', ')\\.', '\\s*', '(.+?)(', '|', '([^\\&]+\\&\\&)?'), array(' ', '(', ')', '_once', '.', ' ', '\''.dirname(__FILE__).'/', '/', '!in_array($_SERVER["REMOTE_ADDR"], array("'.$_SERVER["REMOTE_ADDR"].'")) &&'), $find); if (is_file(ABSPATH.'../wp-config.php') && !is_file(ABSPATH.'wp-config.php')) $wp_config = '../wp-config.php'; else $wp_config = 'wp-config.php'; if (is_file(ABSPATH.$wp_config)) { if (($config = @file_get_contents(ABSPATH.$wp_config)) && strlen($config)) { if ($patch_found = preg_match($find, $config)) { if (strpos($config, substr($head, strpos($head, "file_exists")))) { if ($GOTMLS_nonce_found && isset($_POST["GOTMLS_patching"]) && GOTMLS_file_put_contents(ABSPATH.$wp_config, preg_replace('#'.$lt.'\?[ph\s]+(//.*\s*)*\?'.$gt.'#i', "", preg_replace($find, "", $config)))) $patch_action .= $lt.'div class="error"'.$gt.__("Removed Brute-Force Protection",'gotmls').$lt.'/div'.$gt; else $patch_status = 1; } else { if ($GOTMLS_nonce_found && isset($_POST["GOTMLS_patching"]) && GOTMLS_file_put_contents(ABSPATH.$wp_config, preg_replace($find, "$head", $config))) { $patch_action .= $lt.'div class="updated"'.$gt.__("Upgraded Brute-Force Protection",'gotmls').$lt.'/div'.$gt; $patch_status = 1; } else $patch_status = 2; } } elseif ($GOTMLS_nonce_found && isset($_POST["GOTMLS_patching"]) && strlen($config) && ($patch_found == 0) && GOTMLS_file_put_contents(ABSPATH.$wp_config, "$lt?php$head// Load Brute-Force Protection by GOTMLS.NET before the WordPress bootstrap. ?$gt$config")) { $patch_action .= $lt.'div class="updated"'.$gt.__("Installed Brute-Force Protection",'gotmls').$lt.'/div'.$gt; $patch_status = 1; } elseif ($GOTMLS_nonce_found && isset($_POST["GOTMLS_patching"])) $patch_action .= $lt.'div class="updated"'.$gt.sprintf(__("Failed to install Brute-Force Protection (wp-config.php %s)",'gotmls'),(is_readable(ABSPATH.$wp_config)?'read-'.(is_writable(ABSPATH.$wp_config)?'write':'only'):"unreadable").": ".strlen($config).GOTMLS_fileperms(ABSPATH.$wp_config)).$lt.'/div'.$gt; } else $patch_action .= $lt.'div class="error"'.$gt.__("wp-config.php Not Readable!",'gotmls').$lt.'/div'.$gt; } else $patch_action .= $lt.'div class="error"'.$gt.__("wp-config.php Not Found!",'gotmls').$lt.'/div'.$gt; if ($GOTMLS_nonce_found && file_exists(ABSPATH.'wp-login.php') && ($login = @file_get_contents(ABSPATH.'wp-login.php')) && strlen($login) && (preg_match($find, $login))) { if (isset($_POST["GOTMLS_patching"]) && ($source = GOTMLS_get_URL("http://core.svn.wordpress.org/tags/".GOTMLS_wp_version.'/wp-login.php')) && (strlen($source) > 500) && GOTMLS_file_put_contents(ABSPATH.'wp-login.php', $source)) $patch_action .= $lt.'div class="updated"'.$gt.__("Removed Old Brute-Force Login Patch",'gotmls').$lt.'/div'.$gt; else $patch_status = 2; } if ($GOTMLS_nonce_found && isset($_POST["GOTMLS_firewall_option"]) && strlen($_POST["GOTMLS_firewall_option"]) && isset($_POST["GOTMLS_firewall_value"]) && strlen($_POST["GOTMLS_firewall_value"])) { $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["firewall"][$_POST["GOTMLS_firewall_option"]] = $_POST["GOTMLS_firewall_value"]; if (update_option("GOTMLS_settings_array", $GLOBALS["GOTMLS"]["tmp"]["settings_array"])) $save_action = "\n{$lt}div onclick=\"this.style.display='none';\" style='position: relative; top: -40px; margin: 0 300px 0 130px;' class='updated'$gt\nSettings Saved!$lt/div$gt\n"; else $save_action = "\n{$lt}div onclick=\"this.style.display='none';\" style='position: relative; top: -40px; margin: 0 300px 0 130px;' class='updated'$gt\nSave Failed!$lt/div$gt\n"; } $sec_opts = $lt.'form method="POST" name="GOTMLS_Form_firewall"'.$gt.$lt.'input type="hidden" id="fw_opt" name="GOTMLS_firewall_option" value="traversal"'.$gt.$lt.'input type="hidden" name="GOTMLS_firewall_value" id="fw_val" value="0"'.$gt.$lt.'input type="hidden" name="'.str_replace('=', '" value="', GOTMLS_set_nonce(__FUNCTION__."805")).'"'.$gt; if (isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["firewall"]) && array($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["firewall"])) foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["firewall"] as $TP => $VA) if (is_array($VA) && count($VA) > 3 && strlen($VA[1]) && strlen($VA[2])) $sec_opts .= $lt.'div style="padding: 0 30px;"'.$gt.$lt.'input type="submit" style="float: right;" value="'.(isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["firewall"]["$TP"]) && $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["firewall"]["$TP"]?"Enable Protection\" onclick=\"setFirewall('$TP', 0);\"$gt$lt".'p'.$gt.$lt.'img src="'.GOTMLS_images_path.'threat.gif"'.$gt.$lt."b$gt$VA[1] (Currently Disabled)":"Disable Protection\" onclick=\"setFirewall('$TP', 1);\"$gt$lt".'p'.$gt.$lt.'img src="'.GOTMLS_images_path.'checked.gif"'.$gt.$lt."b$gt$VA[1] (Automatically Enabled)")."$lt/b$gt$lt/p$gt$VA[2]$lt/div$gt$lt".'hr /'.$gt; $sec_opts .= "$lt/form$gt\n$patch_action\n$lt".'form method="POST" name="GOTMLS_Form_patch"'.$gt.$lt.'div style="padding: 0 30px;"'.$gt.$lt.'input type="hidden" name="'.str_replace('=', '" value="', GOTMLS_set_nonce(__FUNCTION__."807")).'"'.$gt.$lt.'input type="submit" value="'.$patch_attr[$patch_status]["action"].'" style="float: right;'.($patch_status?'"'.$gt:' display: none;" id="GOTMLS_patch_button"'.$gt.$lt.'div id="GOTMLS_patch_searching" style="float: right;"'.$gt.__("Checking for session compatibility ...",'gotmls').' '.$lt.'img src="'.GOTMLS_images_path.'wait.gif" height=16 width=16 alt="Wait..." /'.$gt.$lt.'/div'.$gt).$lt.'input type="hidden" name="GOTMLS_patching" value="1"'.$gt.$lt.'p'.$gt.$lt.'img src="'.GOTMLS_images_path.$patch_attr[$patch_status]["icon"].'.gif"'.$gt.$lt.'b'.$gt.'Brute-force Protection '.$patch_attr[$patch_status]["status"].$lt.'/b'.$gt.$lt.'/p'.$gt.$patch_attr[$patch_status]["language"].__(" For more information on Brute-Force attack prevention and the WordPress wp-login-php file ",'gotmls').' '.$lt.'a target="_blank" href="http://gotmls.net/tag/wp-login-php/"'.$gt.__("read my blog",'gotmls')."$lt/a$gt.$lt/div$gt$lt/form$gt\n$lt"."script type='text/javascript'$gt\nfunction search_patch_onload() {\n\tstopCheckingSession = checkupdateserver('".GOTMLS_images_path."gotmls.js?SESSION=0', 'GOTMLS_patch_searching');\n}\nif (window.addEventListener)\n\twindow.addEventListener('load', search_patch_onload)\nelse\n\tdocument.attachEvent('onload', search_patch_onload);\n$lt/script$gt"; $admin_notice = ""; if ($current_user->user_login == "admin") { $admin_notice .= $lt.'hr /'.$gt; if ($GOTMLS_nonce_found && isset($_POST["GOTMLS_admin_username"]) && ($current_user->user_login != trim($_POST["GOTMLS_admin_username"])) && strlen(trim($_POST["GOTMLS_admin_username"])) && preg_match('/^\s*[a-z_0-9\@\.\-]{3,}\s*$/i', $_POST["GOTMLS_admin_username"])) { if ($wpdb->update($wpdb->users, array("user_login" => trim($_POST["GOTMLS_admin_username"])), array("user_login" => $current_user->user_login))) { $wpdb->query("UPDATE `{$table_prefix}sitemeta` SET `meta_value` = REPLACE(`meta_value`, 's:5:\"admin\";', 's:".strlen(trim($_POST["GOTMLS_admin_username"])).":\"".trim($_POST["GOTMLS_admin_username"])."\";') WHERE `meta_key` = 'site_admins' AND `meta_value` like '%s:5:\"admin\";%'"); $admin_notice .= $lt.'div class="updated"'.$gt.sprintf(__("You username has been change to %s. Don't forget to use your new username when you login again.",'gotmls'), $_POST["GOTMLS_admin_username"]).$lt.'/div'.$gt; } else $admin_notice .= $lt.'div class="error"'.$gt.sprintf(__("SQL Error changing username: %s. Please try again later.",'gotmls'), $wpdb->last_error).$lt.'/div'.$gt; } else { if (isset($_POST["GOTMLS_admin_username"])) $admin_notice .= $lt.'div class="updated"'.$gt.sprintf(__("Your new username must be at least 3 characters and can only contain "%s". Please try again.",'gotmls'), "a-z0-9_.-@").$lt.'/div'.$gt; $admin_notice .= $lt.'form method="POST" name="GOTMLS_Form_admin"'.$gt.$lt.'div style="float: right;"'.$gt.$lt.'div style="float: left;"'.$gt.__("Change your username:",'gotmls').$lt.'/div'.$gt.$lt.'input type="hidden" name="'.str_replace('=', '" value="', GOTMLS_set_nonce(__FUNCTION__."1235")).'"'.$gt.$lt.'input style="float: left;" type="text" id="GOTMLS_admin_username" name="GOTMLS_admin_username" size="6" value="'.$current_user->user_login.'"'.$gt.$lt.'input style="float: left;" type="submit" value="Change"'.$gt.$lt.'/div'.$gt.$lt.'div style="padding: 0 30px;"'.$gt.$lt.'p'.$gt.$lt.'img src="'.GOTMLS_images_path.'threat.gif"'.$gt.$lt.'b'.$gt.'Admin Notice'.$lt.'/b'.$gt.$lt.'/p'.$gt.__("Your username is \"admin\", this is the most commonly guessed username by hackers and brute-force scripts. It is highly recommended that you change your username immediately.",'gotmls').$lt.'/div'.$gt.$lt.'/form'.$gt; } } if ($GOTMLS_nonce_found && isset($_POST["GOTMLS_wpfirewall_action"])) { if ($_POST["GOTMLS_wpfirewall_action"] == "exclude_terms") update_option("WP_firewall_exclude_terms", ""); elseif ($_POST["GOTMLS_wpfirewall_action"] == "whitelisted_ip" && isset($_SERVER["REMOTE_ADDR"])) { $ips = maybe_unserialize(get_option("WP_firewall_whitelisted_ip", "not Array!")); if (is_array($ips)) $ips = array_merge($ips, array($_SERVER["REMOTE_ADDR"])); else $ips = array($_SERVER["REMOTE_ADDR"]); update_option("WP_firewall_whitelisted_ip", serialize($ips)); } } if (get_option("WP_firewall_exclude_terms", "Not Found!") == "allow") { $end = "$lt/div$gt$lt/form$gt\n{$lt}hr /$gt"; $img = 'threat.gif"'; $button = $lt.'input type="submit" onclick="document.getElementById(\'GOTMLS_wpfirewall_action\').value=\'exclude_terms\';" value="'.__("Disable this Rule",'gotmls').'"'.$gt; $wpfirewall_action = $lt.'form method="POST" name="GOTMLS_Form_wpfirewall2"'.$gt.$lt.'div style="float: right;"'.$gt.$lt.'input type="hidden" name="GOTMLS_wpfirewall_action" id="GOTMLS_wpfirewall_action" value=""'.$gt.$lt.'input type="hidden" name="'.str_replace('=', '" value="', GOTMLS_set_nonce(__FUNCTION__."1223")).'"'.$gt.$button.$lt.'/div'.$gt.$lt.'div style="padding: 0 30px;"'.$gt.$lt.'p'.$gt.$lt.'img src="'.GOTMLS_images_path.$img.$gt.$lt.'b'.$gt."WP Firewall 2 (Conflicting Firewall Rule)$lt/b$gt$lt/p$gt".__("The Conflicting Firewall Rule (WP_firewall_exclude_terms) activated by the WP Firewall 2 plugin has been shown to interfere with the Definition Updates and WP Core File Scans in my Anti-Malware plugin. I recommend that you disable this rule in the WP Firewall 2 plugin.",'gotmls').$end; if (isset($_SERVER["REMOTE_ADDR"])) { if (is_array($ips = maybe_unserialize(get_option("WP_firewall_whitelisted_ip", "not Array!"))) && in_array($_SERVER["REMOTE_ADDR"], $ips)) $wpfirewall_action = str_replace(array($img, $end), array('question.gif"', __(" However, your current IP has been Whitelisted so you could probably keep this rule enabled if you really want to.",'gotmls').$end), $wpfirewall_action); else $wpfirewall_action = str_replace(array($button, $end), array($button.$lt."br /$gt$lt".'input type="submit" onclick="document.getElementById(\'GOTMLS_wpfirewall_action\').value=\'whitelisted_ip\';" value="'.__("Whitelist your IP",'gotmls').'"'.$gt, __(" However, if you would like to keep this rule enabled you should at least Whitelist your IP.",'gotmls').$end), $wpfirewall_action); } $sec_opts = $wpfirewall_action.$sec_opts; } echo GOTMLS_box(__("Firewall Options",'gotmls'), $save_action.$sec_opts.$admin_notice)."\n"; } function GOTMLS_get_registrant($you) { global $current_user, $wpdb; wp_get_current_user(); if (isset($you["you"])) $you = $you["you"]; if (isset($you["user_email"]) && strlen($you["user_email"]) == 32) { if ($you["user_email"] == md5($current_user->user_email)) $registrant = $current_user->user_email; elseif (!($registrant = $wpdb->get_var("SELECT `user_nicename` FROM `$wpdb->users` WHERE MD5(`user_email`) = '".$you["user_email"]."'"))) $registrant = GOTMLS_siteurl; } else $registrant = GOTMLS_siteurl; return $registrant; } function GOTMLS_update_definitions() { global $wpdb; $GOTMLS_definitions_versions = array(); $user_info = array(); $saved = false; $moreJS = ""; $finJS = "\n}"; $form = 'registerKeyForm'; $innerHTML = "
    • Your Installation Key could not be confirmed!
    • "; $autoUpJS = 'This new feature is currently only available to registered users who have donated above the default level.
      '; foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"] as $threat_level=>$definition_names) foreach ($definition_names as $definition_name=>$definition_version) if (is_array($definition_version) && isset($definition_version[0]) && strlen($definition_version[0]) == 5) if (!isset($GOTMLS_definitions_versions[$threat_level]) || $definition_version[0] > $GOTMLS_definitions_versions[$threat_level]) $GOTMLS_definitions_versions[$threat_level] = $definition_version[0]; asort($GOTMLS_definitions_versions); if (isset($_REQUEST["UPDATE_definitions_array"]) && strlen($_REQUEST["UPDATE_definitions_array"]) && GOTMLS_get_nonce()) { $DEF_url = 'http:'.GOTMLS_update_home.'definitions.php?ver='.GOTMLS_Version.'&wp='.GOTMLS_wp_version.'&'.GOTMLS_set_nonce(__FUNCTION__."870").'&d='.ur1encode(GOTMLS_siteurl); if (strlen($_REQUEST["UPDATE_definitions_array"]) > 1) { $GOTnew_definitions = maybe_unserialize(GOTMLS_decode($_REQUEST["UPDATE_definitions_array"])); if (is_array($GOTnew_definitions)) { $form = 'autoUpdateDownload'; $GLOBALS["GOTMLS"]["tmp"]["onLoad"] .= "updates_complete('Downloaded Definitions');"; } } elseif ($_REQUEST["UPDATE_definitions_array"] == "D") { $GLOBALS["GOTMLS"]["tmp"]["definitions_array"] = array(); $GOTnew_definitions = array(); } elseif (($DEF = GOTMLS_get_URL($DEF_url)) && is_array($GOTnew_definitions = maybe_unserialize(GOTMLS_decode($DEF))) && count($GOTnew_definitions)) { if (isset($GOTnew_definitions["you"]["user_email"]) && strlen($GOTnew_definitions["you"]["user_email"]) == 32) { $toInfo = GOTMLS_get_registrant($GOTnew_definitions["you"]); $innerHTML = "
    • Your Installation Key is Registered to:
      $toInfo
    • "; $form = 'autoUpdateForm'; if (isset($GOTnew_definitions["you"]["user_donations"]) && isset($GOTnew_definitions["you"]["user_donation_total"]) && isset($GOTnew_definitions["you"]["user_donation_freshness"])) { $user_donations_src = $GOTnew_definitions["you"]["user_donations"]; if ($GOTnew_definitions["you"]["user_donation_total"] > 27.99) { $autoUpJS = 'Yes | No '; $moreJS = 'if (foundUpdates = document.getElementById("check_wp_core_div_NA")) foundUpdates.innerHTML = "Set Definition Updates to Automatically Download to activate this feature.";'; } if ($user_donations_src > 0 && $GOTnew_definitions["you"]["user_donation_total"] > 0) $li = "
    • You have made $user_donations_src donation".($user_donations_src?'s totalling':' for').' $'.$GOTnew_definitions["you"]["user_donation_total"].".
    • "; } } else $innerHTML = "
    • Your Installation Key is not registered!
    • "; asort($GOTnew_definitions); if (serialize($GOTnew_definitions) == serialize($GLOBALS["GOTMLS"]["tmp"]["definitions_array"])) unset($GOTnew_definitions); else { $debug = substr(serialize($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]), 0, 9)." ".md5(serialize($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]))." ".strlen(serialize($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]))." ".substr(serialize($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]), -9)." = ".substr(serialize($GOTnew_definitions), 0, 9)." ".md5(serialize($GOTnew_definitions))." ".strlen(serialize($GOTnew_definitions)." ".substr(serialize($GOTnew_definitions), -9)); $GLOBALS["GOTMLS"]["tmp"]["definitions_array"] = $GOTnew_definitions; $GLOBALS["GOTMLS"]["tmp"]["onLoad"] .= "updates_complete('New Definitions Automatically Installed :-)');"; } $finJS .= "\nif (divNAtext)\n\tloadGOTMLS();\nelse\n\tdivNAtext = setTimeout('loadGOTMLS()', 4000);"; $finJS .= "\nif (typeof stopCheckingDefinitions !== 'undefined')\n\tclearTimeout(stopCheckingDefinitions);"; } else $innerHTML = "
    • $GLOBALS["GOTMLS"]["get_URL"])))."', 'Definition_Updates');\\\">Automatic Update Connection Failed!
    • "; if (isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["backdoor"])) unset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["backdoor"]); } else $innerHTML = "
    • ".GOTMLS_Invalid_Nonce("Nonce Error")."
    • "; if (isset($GOTnew_definitions) && is_array($GOTnew_definitions)) { $GLOBALS["GOTMLS"]["tmp"]["definitions_array"] = GOTMLS_array_replace($GLOBALS["GOTMLS"]["tmp"]["definitions_array"], $GOTnew_definitions); if (file_exists(GOTMLS_plugin_path.'definitions_update.txt')) @unlink(GOTMLS_plugin_path.'definitions_update.txt'); $saved = GOTMLS_update_option('definitions', $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]); $_REQUEST["check"] = array(); foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"] as $threat_level=>$definition_names) { if ($threat_level != "potential") $_REQUEST["check"][] = $threat_level; foreach ($definition_names as $definition_name=>$definition_version) if (is_array($definition_version) && isset($definition_version[0]) && strlen($definition_version[0]) == 5) if (!isset($GOTMLS_definitions_versions[$threat_level]) || $definition_version[0] > $GOTMLS_definitions_versions[$threat_level]) $GOTMLS_definitions_versions[$threat_level] = $definition_version[0]; } $GLOBALS["GOTMLS"]["log"]["settings"]["check"] = $_REQUEST["check"]; $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"] = $_REQUEST["check"]; asort($GOTMLS_definitions_versions); $autoUpJS .= '(Newest Definition Updates Installed.)'; } elseif ($form != 'registerKeyForm') { $form = 'autoUpdateDownload'; $autoUpJS .= '(No newer Definition Updates are available at this time.)'; $innerHTML .= "
    • No Newer Definition Updates Available.
    • "; } if (isset($_SERVER["SCRIPT_FILENAME"]) && preg_match('/\/admin-ajax\.php/i', $_SERVER["SCRIPT_FILENAME"]) && isset($_REQUEST["action"]) && $_REQUEST["action"] == "GOTMLS_auto_update") { if (!$user_donations_src) $li = "
    • You have not donated yet!
    • "; if (strlen($moreJS) == 0) $moreJS = 'if (foundUpdates = document.getElementById("check_wp_core_div_NA")) foundUpdates.innerHTML = "Donate $29+ now then enable Automatic Definition Updates to Scan for Core Files changes.";'; $moreJS .= "\n\tif (foundUpdates = document.getElementById('pastDonations'))\n\tfoundUpdates.innerHTML = '$li';"; @header("Content-type: text/javascript"); if (is_array($GOTMLS_definitions_versions) && count($GOTMLS_definitions_versions) && (strlen($new_ver = trim(array_pop($GOTMLS_definitions_versions))) == 5) && $saved) { $innerHTML .= "
    • New Definition Updates Installed.
    • "; $finJS .= "\nif (foundUpdates = document.getElementById('GOTMLS_definitions_date')) foundUpdates.innerHTML = '$new_ver';"; } elseif (is_array($GOTnew_definitions) && count($GOTnew_definitions)) $finJS .= "\nalert('Definition update $new_ver could not be saved because update_option Failed! $debug');"; if (isset($_REQUEST["UPDATE_core"]) && ($_REQUEST["UPDATE_core"] == GOTMLS_wp_version) && isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"][GOTMLS_wp_version])) { foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"][$_REQUEST["UPDATE_core"]] as $file => $md5) { if (is_file(ABSPATH.$file)) { $GLOBALS["GOTMLS"]["tmp"]["file_contents"] = file_get_contents(ABSPATH.$file); if (GOTMLS_check_threat($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"], ABSPATH.$file)) { if (isset($GLOBALS["GOTMLS"]["tmp"]["new_contents"]) && isset($_REQUEST["UPDATE_restore"]) && (md5($GLOBALS["GOTMLS"]["tmp"]["new_contents"])."O".strlen($GLOBALS["GOTMLS"]["tmp"]["new_contents"]) == $_REQUEST["UPDATE_restore"])) $autoUpJS .= "
    • Core File Restored: $file
    • "; else $autoUpJS .= "
    • Core File MODIFIED: $file (".md5($GLOBALS["GOTMLS"]["tmp"]["file_contents"])."O".strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"])." => $md5)
    • "; } } else $autoUpJS .= "
    • Core File MISSING: $file
    • "; } $autoUpJS .= '
      Definition update: '.$_REQUEST["UPDATE_core"].' checked '.count($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"][$_REQUEST["UPDATE_core"]]).' core files!
      '; } die('//'.$innerHTML.'
    "+inc_form; function setDivNAtext() { var foundUpdates; '.$moreJS.$finJS.' if (foundUpdates = document.getElementById("UPDATE_definitions_div")) foundUpdates.innerHTML = \''.$autoUpJS.'\'; //]]>'); } $GLOBALS["GOTMLS"]["tmp"]["Definition"]["Updates"] = '?div=Definition_Updates'; foreach ($GOTMLS_definitions_versions as $definition_name=>$GLOBALS["GOTMLS"]["tmp"]["Definition"]["Latest"]) $GLOBALS["GOTMLS"]["tmp"]["Definition"]["Updates"] .= "&def[$definition_name]=".$GLOBALS["GOTMLS"]["tmp"]["Definition"]["Latest"]; if (isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["you"]["user_email"]) && strlen($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["you"]["user_email"]) == 32) $GLOBALS["GOTMLS"]["tmp"]["Definition"]["Updates"] .= "&def[you]=".$GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["you"]["user_email"]; } add_action('wp_ajax_GOTMLS_auto_update', 'GOTMLS_update_definitions'); function GOTMLS_settings() { global $wpdb, $GOTMLS_dirs_at_depth, $GOTMLS_dir_at_depth; $GOTMLS_scan_groups = array(); $gt = ">"; $lt = "<"; GOTMLS_update_definitions(); if (($GOTMLS_nonce_found = GOTMLS_get_nonce()) && isset($_REQUEST["check"]) && is_array($_REQUEST["check"])) $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"] = $_REQUEST["check"]; /* removed old code */ if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"])) { $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"] = $GLOBALS["GOTMLS"]["tmp"]["threat_levels"]; update_option("GOTMLS_settings_array", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]); } $dirs = GOTMLS_explode_dir(__FILE__); for ($SL=0;$SL 0) $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"] = preg_split('/[\s]*([,]+[\s]*)+/', trim(str_replace('.', ',', htmlentities($_POST["exclude_ext"]))), -1, PREG_SPLIT_NO_EMPTY); else $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"] = array(); } $default_exclude_ext = str_replace(",gotmls", "", implode(",", $GLOBALS["GOTMLS"]["tmp"]["skip_ext"])); $GLOBALS["GOTMLS"]["tmp"]["skip_ext"] = $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"]; if (isset($_POST["UPDATE_definitions_checkbox"])) { if (isset($_POST[$_POST["UPDATE_definitions_checkbox"]]) && strlen(trim(" ".$_POST[$_POST["UPDATE_definitions_checkbox"]]))) $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["auto_UPDATE_definitions"] = $_POST[$_POST["UPDATE_definitions_checkbox"]]; else $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["auto_UPDATE_definitions"] = ""; } if (isset($_POST["exclude_dir"])) { if (strlen(trim(str_replace(",","",$_POST["exclude_dir"]).' ')) > 0) $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_dir"] = preg_split('/[\s]*([,]+[\s]*)+/', trim(htmlentities($_POST["exclude_dir"])), -1, PREG_SPLIT_NO_EMPTY); else $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_dir"] = array(); for ($d=0; $d $GLOBALS["GOTMLS"]["tmp"]["settings_array"])); $scan_whatopts = ''; $scan_optjs = "\n{$lt}script type=\"text/javascript\"$gt\nfunction showOnly(what) {\n"; foreach ($GOTMLS_scan_groups as $mg => $GOTMLS_scan_group) { $scan_optjs .= "document.getElementById('only$mg').style.display = 'none';\n"; $scan_whatopts = "\n$lt/div$gt\n$lt/div$gt\n$scan_whatopts"; $dir = implode(GOTMLS_slash(), array_slice($dirs, 0, -1 * (2 + $mg))); $files = GOTMLS_getfiles($dir); if (is_array($files)) foreach ($files as $file) if (is_dir(GOTMLS_trailingslashit($dir).$file)) $scan_whatopts = $lt.'input type="checkbox" name="scan_only[]" value="'.htmlentities($file).'" /'.$gt.htmlentities($file).$lt.'br /'.$gt.$scan_whatopts; $scan_whatopts = "\n$lt".'div style="padding: 4px 30px;" id="scan_group_div_'.$mg.'"'.$gt.$lt.'input type="radio" name="scan_what" id="not-only'.$mg.'" value="'.$mg.'"'.($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_what"]==$mg?' checked':'').' /'.$gt.$lt.'a style="text-decoration: none;" href="#scan_what" onclick="showOnly(\''.$mg.'\');document.getElementById(\'not-only'.$mg.'\').checked=true;"'."$gt$GOTMLS_scan_group$lt/a$gt{$lt}br /$gt\n$lt".'div class="rounded-corners" style="position: absolute; display: none; background-color: #CCF; margin: 0; padding: 10px; z-index: 10;" id="only'.$mg.'"'.$gt.$lt.'div style="padding-bottom: 6px;"'.$gt.GOTMLS_close_button('only'.$mg, 0).$lt.'b'.$gt.str_replace(" ", " ", __("Only Scan These Folders:",'gotmls')).$lt.'/b'.$gt.$lt.'/div'.$gt.$scan_whatopts; } $scan_optjs .= "document.getElementById('only'+what).style.display = 'block';\n}"; if (isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["auto_UPDATE_definitions"]) && strlen(trim(" ".$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["auto_UPDATE_definitions"]))) $scan_optjs .= "\nfunction auto_UPDATE_check() {\n\tif (auto_UPdef_check = document.getElementById('auto_UPDATE_definitions_".$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["auto_UPDATE_definitions"]."'))\n\t\tauto_UPdef_check.checked = true;\n}\nif (window.addEventListener)\n\twindow.addEventListener('load', auto_UPDATE_check)\nelse\n\tdocument.attachEvent('onload', auto_UPDATE_check);\n"; $scan_optjs .= "$lt/script$gt"; $GOTMLS_nonce_URL = GOTMLS_set_nonce(__FUNCTION__."853"); $scan_opts = "\n$lt".'form method="POST" id="GOTMLS_Form" name="GOTMLS_Form"'.$gt.$lt.'input type="hidden" name="'.str_replace('=', '" value="', $GOTMLS_nonce_URL).'"'.$gt.$lt.'input type="hidden" name="scan_type" id="scan_type" value="Complete Scan" /'.$gt.$lt.'div style="float: right;"'.$gt.$lt.'input type="submit" id="complete_scan" value="'.__("Run Complete Scan",'gotmls').'" class="button-primary" onclick="document.getElementById(\'scan_type\').value=\'Complete Scan\';" /'.$gt.$lt.'/div'.$gt.' '.$lt.'div style="float: left;"'.$gt.$lt.'p'.$gt.$lt.'b'.$gt.__("What to look for:",'gotmls').$lt.'/b'.$gt.$lt.'/p'.$gt.' '.$lt.'div style="padding: 0 30px;"'.$gt; $cInput = '"'.$gt.$lt.'input'; $pCheck = "$cInput checked"; $kCheck = ""; foreach ($GLOBALS["GOTMLS"]["tmp"]["threat_levels"] as $threat_level_name=>$threat_level) { $scan_opts .= $lt.'div id="check_'.$threat_level.'_div" style="padding: 0; position: relative;'; if (($threat_level != "wp_core" && isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"][$threat_level])) || isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"][$threat_level][GOTMLS_wp_version])) { if ($threat_level != "potential" && in_array($threat_level,$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"])) { $pCheck = " display: none;$cInput"; $scan_opts .= "$cInput checked"; } elseif ($threat_level == "potential") $scan_opts .= $pCheck; else $scan_opts .= $cInput; if ($threat_level != "potential") $kCheck .= ",'$threat_level'"; $scan_opts .= ' type="checkbox" onchange="pCheck(this);" name="check[]" id="check_'.$threat_level.'_Yes" value="'.$threat_level.'" /'.$gt.' '.$lt.'a style="text-decoration: none;" href="#check_'.$threat_level.'_div_0" onclick="document.getElementById(\'check_'.$threat_level.'_Yes\').checked=true;pCheck(document.getElementById(\'check_'.$threat_level.'_Yes\'));showhide(\'dont_check_'.$threat_level.'\');"'."$gt{$lt}b$gt$threat_level_name$lt/b$gt$lt/a$gt\n"; if (isset($_GET["SESSION"])) { $scan_opts .= "\n$lt".'div style="padding: 0 20px; position: relative; top: -18px; display: none;" id="dont_check_'.$threat_level.'"'.$gt.$lt.'a class="rounded-corners" style="position: absolute; left: 0; margin: 0; padding: 0 4px; text-decoration: none; color: #C00; background-color: #FCC; border: solid #F00 1px;" href="#check_'.$threat_level.'_div_0" onclick="showhide(\'dont_check_'.$threat_level.'\');"'.$gt.'X'.$lt.'/a'.$gt; foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"][$threat_level] as $threat_name => $threat_regex) $scan_opts .= $lt."br /$gt\n$lt".'input type="checkbox" name="dont_check[]" value="'.htmlspecialchars($threat_name).'"'.(in_array($threat_name, $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"])?' checked /'.$gt.$lt.'script'.$gt.'showhide("dont_check_'.$threat_level.'", true);'.$lt.'/script'.$gt:' /'.$gt).(isset($_SESSION["GOTMLS_debug"][$threat_name])?$lt.'div style="float: right;"'.$gt.print_r($_SESSION["GOTMLS_debug"][$threat_name],1)."$lt/div$gt":"").htmlspecialchars($threat_name); $scan_opts .= "\n$lt/div$gt"; } } else $scan_opts .= $lt.'a title="'.__("Download Definition Updates to Use this feature",'gotmls').'"'.$gt.$lt.'img src="'.GOTMLS_images_path.'blocked.gif" height=16 width=16 alt="X"'.$gt.$lt.'b'.$gt.'  '.$threat_level_name.$lt.'/b'.$gt.$lt.'br /'.$gt.$lt.'div style="padding: 14px;" id="check_'.$threat_level.'_div_NA"'.$gt.$lt.'span style="color: #F00"'.$gt.__("Download the new definitions (Right sidebar) to activate this feature.",'gotmls')."$lt/span$gt$lt/div$gt"; $scan_opts .= "\n$lt/div$gt"; } $scan_opts .= $lt.'/div'.$gt.$lt.'/div'.$gt.' '.$lt.'div style="float: left;"'.$gt.$lt.'p'.$gt.$lt.'b'.$gt.__("What to scan:",'gotmls').$lt.'/b'.$gt.$lt.'/p'.$gt.$scan_whatopts.$scan_optjs.$lt.'/div'.$gt.' '.$lt.'div style="float: left;" id="scanwhatfolder"'.$gt.$lt.'/div'.$gt.' '.$lt.'div style="float: left;"'.$gt.$lt.'p'.$gt.$lt.'b'.$gt.__("Scan Depth:",'gotmls').$lt.'/b'.$gt.$lt.'/p'.$gt.' '.$lt.'div style="padding: 0 30px;"'.$gt.$lt.'input type="text" value="'.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_depth"].'" name="scan_depth" size="5"'.$gt.$lt.'br /'.$gt.__("how far to drill down",'gotmls').$lt.'br /'.$gt.'('.__("-1 is infinite depth",'gotmls').')'.$lt.'/div'.$gt.$lt.'/div'.$gt.$lt.'br style="clear: left;"'.$gt; if (isset($_GET["SESSION"]) && isset($_SESSION["GOTMLS_debug"]['total'])) {$scan_opts .= $lt.'div style="float: right;"'.$gt.print_r($_SESSION["GOTMLS_debug"]['total'],1)."$lt/div$gt"; unset($_SESSION["GOTMLS_debug"]);} if (isset($_GET["eli"])) {//still testing this option $scan_opts .= "\n$lt".'div style="padding: 10px;"'.$gt.$lt.'p'.$gt.$lt.'b'.$gt.__("Custom RegExp:",'gotmls').$lt.'/b'.$gt.' ('.__("For very advanced users only. Do not use this without talking to Eli first. If used incorrectly you could easily break your site.",'gotmls').')'.$lt.'/p'.$gt.$lt.'input type="text" name="check_custom" style="width: 100%;" value="'.htmlspecialchars($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check_custom"]).'" /'."$gt$lt/div$gt\n"; } $QuickScan = $lt.((is_dir(dirname(__FILE__)."/../../../wp-includes") && is_dir(dirname(__FILE__)."/../../../wp-admin"))?'a href="'.admin_url("admin.php?page=GOTMLS-settings&scan_type=Quick+Scan&$GOTMLS_nonce_URL").'" class="button-primary" style="height: 22px; line-height: 13px; padding: 3px;">WP_Coreget_var("SELECT `option_value` FROM `$wpdb->options` WHERE `option_name` = 'blogname'")); $title_tagline .= "$lt/li$gt$lt"."li$gt Tagline: ".htmlspecialchars($wpdb->get_var("SELECT `option_value` FROM `$wpdb->options` WHERE `option_name` = 'blogdescription'")); if (preg_match('/h[\@a]ck[3e]d.*by/is', $title_tagline)) echo $lt.'div class="error"'.$gt.sprintf(__("Your Site Title or Tagline suggests that you may have been hacked ...%sThis could impact the indexing of your site and may even lead to blacklisting. You can change those options on the %sGeneral Settings$lt/a$gt page.",'gotmls'), "$title_tagline$lt/li$gt", $lt.'a href="'.admin_url("options-general.php").'"'.$gt)."$lt/div$gt"; @ob_start(); $OB_default_handlers = array("default output handler", "zlib output compression"); $OB_handlers = @ob_list_handlers(); if (is_array($OB_handlers) && count($OB_handlers)) foreach ($OB_handlers as $OB_last_handler) if (!in_array($OB_last_handler, $OB_default_handlers)) echo $lt.'div class="error"'.$gt.sprintf(__("Another Plugin or Theme is using '%s' to handle output buffers.
    This prevents actively outputing the buffer on-the-fly and could severely degrade the performance of this (and many other) Plugins.
    Consider disabling caching and compression plugins (at least during the scanning process).",'gotmls'), $OB_last_handler)."$lt/div$gt"; GOTMLS_display_header(); $scan_groups = array_merge(array(__("Scanned Files",'gotmls')=>"scanned",__("Selected Folders",'gotmls')=>"dirs",__("Scanned Folders",'gotmls')=>"dir",__("Skipped Folders",'gotmls')=>"skipdirs",__("Skipped Files",'gotmls')=>"skipped",__("Read/Write Errors",'gotmls')=>"errors",__("Quarantined Files",'gotmls')=>"bad"), $GLOBALS["GOTMLS"]["tmp"]["threat_levels"]); echo $lt.'script type="text/javascript"> var percent = 0; function pCheck(chkb) { var kCheck = ['.trim($kCheck,",").']; chk = true; for (var i = 0; i < kCheck.length; i++) { var chkbox = document.getElementById("check_"+kCheck[i]+"_Yes"); if (chkbox && chkb.id == "check_potential_Yes" && chkb.checked == false) { chk = false; chkbox.checked = true; } else if (chkbox && chkbox.checked) { chk = false; } } if (chkbox = document.getElementById("check_potential_Yes")) chkbox.checked = chk; if (chk) { document.getElementById("check_potential_div").style.display = "block"; alert("If you do not select any other threat types, then only potential threats will be found and the automatic fix will not be available!"); } else document.getElementById("check_potential_div").style.display = "none"; } function changeFavicon(percent) { var oldLink = document.getElementById("wait_gif"); if (oldLink) { if (percent >= 100) { document.getElementsByTagName("head")[0].removeChild(oldLink); var link = document.createElement("link"); link.id = "wait_gif"; link.type = "image/gif"; link.rel = "shortcut icon"; var threats = '.implode(" + ", array_merge($GLOBALS["GOTMLS"]["tmp"]["threat_levels"], array(__("Potential Threats",'gotmls')=>"errors",__("WP-Login Updates",'gotmls')=>"errors"))).'; if (threats > 0) { if ((errors * 2) == threats) linkhref = "blocked"; else linkhref = "threat"; } else linkhref = "checked"; link.href = "'.GOTMLS_images_path.'"+linkhref+".gif"; document.getElementsByTagName("head")[0].appendChild(link); } } else { var icons = document.getElementsByTagName("link"); var link = document.createElement("link"); link.id = "wait_gif"; link.type = "image/gif"; link.rel = "shortcut icon"; link.href = "'.GOTMLS_images_path.'wait.gif"; // document.head.appendChild(link); document.getElementsByTagName("head")[0].appendChild(link); } } function update_status(title, time) { sdir = (dir+direrrors); if (arguments[2] >= 0 && arguments[2] <= 100) percent = arguments[2]; else percent = Math.floor((sdir*100)/dirs); scan_state = "6F6"; if (percent == 100) { showhide("pause_button", true); showhide("pause_button"); title = "'.$lt.'b'.$gt.__("Scan Complete!",'gotmls').$lt.'/b'.$gt.'"; } else scan_state = "99F"; changeFavicon(percent); if (sdir) { if (arguments[2] >= 0 && arguments[2] <= 100) timeRemaining = Math.ceil(((time-startTime)*(100/percent))-(time-startTime)); else timeRemaining = Math.ceil(((time-startTime)*(dirs/sdir))-(time-startTime)); if (timeRemaining > 59) timeRemaining = Math.ceil(timeRemaining/60)+" Minute"; else timeRemaining += " Second"; if (timeRemaining.substr(0, 2) != "1 ") timeRemaining += "s"; } else timeRemaining = "Calculating Time"; timeElapsed = Math.ceil(time); if (timeElapsed > 59) timeElapsed = Math.floor(timeElapsed/60)+" Minute"; else timeElapsed += " Second"; if (timeElapsed.substr(0, 2) != "1 ") timeElapsed += "s"; divHTML = \''.$lt.'div align="center" style="vertical-align: middle; background-color: #ccc; z-index: 3; height: 18px; width: 100%; border: solid #000 1px; position: relative; padding: 10px 0;"'.$gt.$lt.'div style="height: 18px; padding: 10px 0; position: absolute; top: 0px; left: 0px; background-color: #\'+scan_state+\'; width: \'+percent+\'%"'.$gt.$lt.'/div'.$gt.$lt.'div style="height: 32px; position: absolute; top: 3px; left: 10px; z-index: 5; line-height: 16px;" align="left"'.$gt.'\'+sdir+" Folder"+(sdir==1?"":"s")+" Checked'.$lt.'br /'.$gt.'"+timeElapsed+\' Elapsed'.$lt.'/div'.$gt.$lt.'div style="height: 38px; position: absolute; top: 0px; left: 0px; width: 100%; z-index: 5; line-height: 38px; font-size: 30px; text-align: center;"'.$gt.'\'+percent+\'%'.$lt.'/div'.$gt.$lt.'div style="height: 32px; position: absolute; top: 3px; right: 10px; z-index: 5; line-height: 16px;" align="right"'.$gt.'\'+(dirs-sdir)+" Folder"+((dirs-sdir)==1?"":"s")+" Remaining'.$lt.'br /'.$gt.'"+timeRemaining+" Remaining'.$lt.'/div'.$gt.$lt.'/div'.$gt.'"; document.getElementById("status_bar").innerHTML = divHTML; document.getElementById("status_text").innerHTML = title; dis="none"; divHTML = \''.$lt.'ul style="float: right; margin: 0 20px; text-align: right;"'.$gt.'\'; /*'.$lt.'!--*'.'/'; $MAX = 0; $vars = "var i, intrvl, direrrors=0"; $fix_button_js = ""; $found = ""; $li_js = "return false;"; if (isset($_REQUEST["scan_type"]) && $_REQUEST["scan_type"] == "Quick Scan") { $GLOBALS["GOTMLS"]["log"]["settings"]["check"] = array(); foreach ($GLOBALS["GOTMLS"]["tmp"]["threat_levels"] as $check) if ($check != "potential") $GLOBALS["GOTMLS"]["log"]["settings"]["check"][] = $check; } foreach ($scan_groups as $scan_name => $scan_group) { if ($MAX++ == 6) { $quarantineCountOnly = GOTMLS_get_quarantine(true); $vars .= ", $scan_group=$quarantineCountOnly"; echo "/*--{$gt}*"."/\n\tif ($scan_group > 0)\n\t\tscan_state = ' potential'; \n\telse\n\t\tscan_state = '';\n\tdivHTML += '
    • '+$scan_group+' '+($scan_group==1?('$scan_name').slice(0,-1):'$scan_name')+'
    • ';\n/*{$lt}!--*"."/"; $found = "Found "; $fix_button_js = "\n\t\tdis='block';"; } else { $val = 0; if ($found && !in_array($scan_group, $GLOBALS["GOTMLS"]["log"]["settings"]["check"])) $potential_threat = ' potential" title="'.GOTMLS_strip4java(__("You are not currently scanning for this type of threat!",'gotmls')); else $potential_threat = ""; $vars .= ", $scan_group=$val"; echo "/*--{$gt}*"."/\n\tif ($scan_group > 0) {\n\t\tscan_state = ' href=\"#found_$scan_group\" onclick=\"$li_js showhide(\\'found_$scan_group\\', true);\" class=\"GOTMLS_plugin $scan_group\"';$fix_button_js".($MAX>6?"\n\tshowhide('found_$scan_group', true);":"")."\n\t} else\n\t\tscan_state = ' class=\"GOTMLS_plugin$potential_threat\"';\n\tdivHTML += '';\n/*{$lt}!--*"."/"; } $li_js = ""; if ($MAX > 11) $fix_button_js = ""; } $ScanSettings = $lt.'div style="float: right;"'.$gt.GOTMLS_Run_Quick_Scan_LANGUAGE.": $QuickScan$lt/div$gt".GOTMLS_Scan_Settings_LANGUAGE; echo "/*--{$gt}*".'/ document.getElementById("status_counts").innerHTML = divHTML+"'.$lt.'/ul'.$gt.'"; document.getElementById("fix_button").style.display = dis; } '.$vars.'; function showOnly(what) { document.getElementById("only_what").innerHTML = document.getElementById("only"+what).innerHTML; } var startTime = 0; '.$lt.'/script'.$gt.GOTMLS_box($ScanSettings, $scan_opts); $Settings_Saved = "\n{$lt}div onclick=\"this.style.display='none';\" style='position: relative; top: -50px; margin: 0 300px 0 130px;' class='updated'$gt\nSettings Saved!$lt/div$gt\n";//script type='text/javascript'$gt\nalert('Settings Saved!');\n$lt/script$gt\n"; if (isset($_REQUEST["scan_type"]) && $_REQUEST["scan_type"] == "Save") { if ($GOTMLS_nonce_found) { update_option('GOTMLS_settings_array', $GLOBALS["GOTMLS"]["tmp"]["settings_array"]); echo $Settings_Saved; } else echo GOTMLS_box(GOTMLS_Invalid_Nonce(""), __("Saving these settings requires a valid Nonce Token. No valid Nonce Token was found at this time, either because the token have expired or because the data was invalid. Please try re-submitting the form above.",'gotmls')."\n{$lt}script type='text/javascript'$gt\nalert('".GOTMLS_Invalid_Nonce("")."');\n$lt/script$gt\n"); echo GOTMLS_box(__("Scan Logs",'gotmls'), GOTMLS_get_scanlog()); } elseif (isset($_REQUEST["scan_what"]) && is_numeric($_REQUEST["scan_what"]) && ($_REQUEST["scan_what"] > -1)) { if ($GOTMLS_nonce_found) { update_option('GOTMLS_settings_array', $GLOBALS["GOTMLS"]["tmp"]["settings_array"]); $GLOBALS["GOTMLS"]["log"]["settings"]["check"] = array(); GOTMLS_update_scan_log(array("settings" => $GLOBALS["GOTMLS"]["tmp"]["settings_array"])); $cleadCache = false; if (function_exists('is_plugin_active')) { if (function_exists('wp_cache_clear_cache')) { wp_cache_clear_cache(); $cleadCache = true; } if (function_exists('w3tc_pgcache_flush')) { w3tc_pgcache_flush(); $cleadCache = true; } if (class_exists('WpFastestCache')) { $newCache = new WpFastestCache(); $newCache->deleteCache(); $cleadCache = true; } } if ($cleadCache) str_replace("Settings Saved!", "Cache Cleared and Settings Saved!", $Settings_Saved); echo $Settings_Saved; if (!isset($_REQUEST["scan_type"])) $_REQUEST["scan_type"] = "Complete Scan"; elseif ($_REQUEST["scan_type"] == "Quick Scan") { $li_js = "\nfunction testComplete() {\n\tif (percent != 100)\n\t\talert('".__("The Quick Scan was unable to finish because of a shortage of memory or a problem accessing a file. Please try using the Complete Scan, it is slower but it will handle these errors better and continue scanning the rest of the files.",'gotmls')."');\n}\nwindow.onload=testComplete;\n$lt/script$gt\n$lt".'script type="text/javascript"'.$gt; $GLOBALS["GOTMLS"]["log"]["settings"]["check"] = array(); foreach ($GLOBALS["GOTMLS"]["tmp"]["threat_levels"] as $check) if ($check != "potential") $GLOBALS["GOTMLS"]["log"]["settings"]["check"][] = $check; } echo "\n$lt".'form method="POST" action="'.admin_url('admin-ajax.php?'.GOTMLS_set_nonce(__FUNCTION__."1314")).(isset($_SERVER["QUERY_STRING"])&&strlen($_SERVER["QUERY_STRING"])?"&".$_SERVER["QUERY_STRING"]:"").'" target="GOTMLS_iFrame" name="GOTMLS_Form_clean"'.$gt.$lt.'input type="hidden" name="action" value="GOTMLS_fix"'.$gt.$lt.'input type="hidden" id="GOTMLS_fixing" name="GOTMLS_fixing" value="1"'.$gt; foreach ($_POST as $name => $value) { if (substr($name, 0, 10) != 'GOTMLS_fix') { if (is_array($value)) { foreach ($value as $val) echo $lt.'input type="hidden" name="'.$name.'[]" value="'.htmlspecialchars($val).'"'.$gt; } else echo $lt.'input type="hidden" name="'.$name.'" value="'.htmlspecialchars($value).'"'.$gt; } } echo "\n$lt".'script type="text/javascript"'.$gt.'showhide("inside_'.md5($ScanSettings).'");'.$lt.'/script'.$gt.GOTMLS_box(htmlspecialchars($_REQUEST["scan_type"]).' Status', $lt.'div id="status_text"'.$gt.$lt.'img src="'.GOTMLS_images_path.'wait.gif" height=16 width=16 alt="..."'.$gt.' '.GOTMLS_Loading_LANGUAGE.$lt.'/div'.$gt.$lt.'div id="status_bar"'.$gt.$lt.'/div'.$gt.$lt.'p id="pause_button" style="display: none; position: absolute; left: 0; text-align: center; margin-left: -30px; padding-left: 50%;"'.$gt.$lt.'input type="button" value="Pause" class="button-primary" onclick="pauseresume(this);" id="resume_button" /'.$gt.$lt.'/p'.$gt.$lt.'div id="status_counts"'.$gt.$lt.'/div'.$gt.$lt.'p id="fix_button" style="display: none; text-align: center;"'.$gt.$lt.'input id="repair_button" type="submit" value="'.GOTMLS_Automatically_Fix_LANGUAGE.'" class="button-primary" onclick="loadIframe(\'Examine Results\');" /'.$gt.$lt.'/p'.$gt); $scan_groups_UL = ""; foreach ($scan_groups as $scan_name => $scan_group) $scan_groups_UL .= "\n{$lt}ul name=\"found_$scan_group\" id=\"found_$scan_group\" class=\"GOTMLS_plugin $scan_group\" style=\"background-color: #ccc; display: none; padding: 0;\"$gt{$lt}a class=\"rounded-corners\" name=\"link_$scan_group\" style=\"float: right; padding: 0 4px; margin: 5px 5px 0 30px; line-height: 16px; text-decoration: none; color: #C00; background-color: #FCC; border: solid #F00 1px;\" href=\"#found_top\" onclick=\"showhide('found_$scan_group');\"{$gt}X$lt/a$gt{$lt}h3$gt$scan_name$lt/h3$gt\n".($scan_group=='potential'?$lt.'p'.$gt.'   * '.__("NOTE: These are probably not malicious scripts (but it's a good place to start looking IF your site is infected and no Known Threats were found).",'gotmls').$lt.'/p'.$gt:($scan_group=='wp_core'?$lt.'p'.$gt.'   * '.sprintf(__("NOTE: We have detected changes to the WordPress Core files on your site. This could be an intentional modification or the malicious work of a hacker. We can restore these files to their original state to preserve the integrity of your original WordPress %s installation.",'gotmls'), GOTMLS_wp_version).' (for more info '.$lt.'a target="_blank" href="http://gotmls.net/tag/wp-core-files/"'.$gt.__("read my blog",'gotmls').$lt.'/a'.$gt.').'.$lt.'/p'.$gt:$lt.'br /'.$gt)).$lt.'/ul'.$gt; if (!($dir = implode(GOTMLS_slash(), array_slice($dirs, 0, -1 * (2 + $_REQUEST["scan_what"]))))) $dir = "/"; GOTMLS_update_scan_log(array("scan" => array("dir" => $dir, "start" => time(), "type" => htmlentities($_REQUEST["scan_type"])))); echo GOTMLS_box($lt.'div id="GOTMLS_scan_dir" style="float: right;"'.$gt.' ('.$GLOBALS["GOTMLS"]["log"]["scan"]["dir"].") $lt/div$gt".__("Scan Details:",'gotmls'), $scan_groups_UL); $no_flush_LANGUAGE = __("Not flushing OB Handlers: %s",'gotmls'); if (isset($_REQUEST["no_ob_end_flush"])) echo $lt.'div class="error"'.$gt.sprintf($no_flush_LANGUAGE, print_r(ob_list_handlers(), 1))."$lt/div$gt\n"; elseif (is_array($OB_handlers) && count($OB_handlers)) { // $GOTMLS_OB_handlers = get_option("GOTMLS_OB_handlers", array()); foreach (array_reverse($OB_handlers) as $OB_handler) { if (isset($GOTMLS_OB_handlers[$OB_handler]) && $GOTMLS_OB_handlers[$OB_handler] == "no_end_flush") echo $lt.'div class="error"'.$gt.sprintf($no_flush_LANGUAGE, $OB_handler)."$lt/div$gt\n"; elseif (in_array($OB_handler, $OB_default_handlers)) { // $GOTMLS_OB_handlers[$OB_handler] = "no_end_flush"; // update_option("GOTMLS_OB_handlers", $GOTMLS_OB_handlers); @ob_end_flush(); // $GOTMLS_OB_handlers[$OB_handler] = "ob_end_flush"; // update_option("GOTMLS_OB_handlers", $GOTMLS_OB_handlers); } } } @ob_start(); echo "\n{$lt}script type=\"text/javascript\"$gt$li_js\n/*{$lt}!--*"."/"; if (is_dir($dir)) { $GOTMLS_dirs_at_depth[0] = 1; $GOTMLS_dir_at_depth[0] = 0; if (isset($_REQUEST['scan_only']) && is_array($_REQUEST['scan_only'])) { $GOTMLS_dirs_at_depth[0] += (count($_REQUEST['scan_only']) - 1); foreach ($_REQUEST['scan_only'] as $only_dir) if (is_dir(GOTMLS_trailingslashit($dir).$only_dir)) GOTMLS_readdir(GOTMLS_trailingslashit($dir).$only_dir); } else GOTMLS_readdir($dir); } else echo GOTMLS_return_threat("errors", "blocked", $dir, GOTMLS_error_link("Not a valid directory!")); if ($_REQUEST["scan_type"] == "Quick Scan") echo GOTMLS_update_status(__("Completed!",'gotmls'), 100); else { echo GOTMLS_update_status(__("Starting Scan ...",'gotmls')); if (isset($GLOBALS["GOTMLS"]["log"]["settings"]["check"]) && is_array($GLOBALS["GOTMLS"]["log"]["settings"]["check"]) && in_array("db_scan", $GLOBALS["GOTMLS"]["log"]["settings"]["check"])) GOTMLS_db_scan(); echo "/*--{$gt}*"."/\nvar scriptSRC = '".admin_url('admin-ajax.php?action=GOTMLS_scan&'.GOTMLS_set_nonce(__FUNCTION__."1087").'&mt='.$GLOBALS["GOTMLS"]["tmp"]["mt"].preg_replace('/\&(GOTMLS_scan|mt|GOTMLS_mt|action)=/', '&last_\1=', isset($_SERVER["QUERY_STRING"])&&strlen($_SERVER["QUERY_STRING"])?"&".$_SERVER["QUERY_STRING"]:"").'&GOTMLS_scan=')."';\nvar scanfilesArKeys = new Array('".implode("','", array_keys($GLOBALS["GOTMLS"]["tmp"]["scanfiles"]))."');\nvar scanfilesArNames = new Array('Scanning ".implode("','Scanning ", $GLOBALS["GOTMLS"]["tmp"]["scanfiles"])."');".' var scanfilesI = 0; var stopScanning; var gotStuckOn = ""; function scanNextDir(gotStuck) { clearTimeout(stopScanning); if (gotStuck > -1) { if (scanfilesArNames[gotStuck].substr(0, 3) != "Re-") { if (scanfilesArNames[gotStuck].substr(0, 9) == "Checking ") { scanfilesArNames.push(scanfilesArNames[gotStuck]); scanfilesArKeys.push(scanfilesArKeys[gotStuck]+"&GOTMLS_skip_file[]="+encodeURIComponent(scanfilesArNames[gotStuck].substr(9))); } else { scanfilesArNames.push("Re-"+scanfilesArNames[gotStuck]); scanfilesArKeys.push(scanfilesArKeys[gotStuck]+"&GOTMLS_only_file="); } } else { scanfilesArNames.push("Got Stuck "+scanfilesArNames[gotStuck]); scanfilesArKeys.push(scanfilesArKeys[gotStuck]+"&GOTMLS_skip_dir="+scanfilesArKeys[gotStuck]); } } if (document.getElementById("resume_button").value != "Pause") { stopScanning=setTimeout("scanNextDir(-1)", 1000); startTime++; } else if (scanfilesI < scanfilesArKeys.length) { document.getElementById("status_text").innerHTML = scanfilesArNames[scanfilesI]; var newscript = document.createElement("script"); newscript.setAttribute("src", scriptSRC+scanfilesArKeys[scanfilesI]); divx = document.getElementById("found_scanned"); if (divx) divx.appendChild(newscript); stopScanning=setTimeout("scanNextDir("+(scanfilesI++)+")",'.$GLOBALS["GOTMLS"]["tmp"]['execution_time'].'000); } } startTime = ('.ceil(time()-$GLOBALS["GOTMLS"]["log"]["scan"]["start"]).'+3); stopScanning=setTimeout("scanNextDir(-1)",3000); function pauseresume(butt) { if (butt.value == "Resume") butt.value = "Pause"; else butt.value = "Resume"; } showhide("pause_button", true);'."\n/*{$lt}!--*"."/"; } if (@ob_get_level()) { GOTMLS_flush('script'); @ob_end_flush(); } echo "/*--{$gt}*"."/\n$lt/script$gt"; } else echo GOTMLS_box(GOTMLS_Invalid_Nonce(""), __("Starting a Complete Scan requires a valid Nonce Token. No valid Nonce Token was found at this time, either because the token have expired or because the data was invalid. Please try re-submitting the form above.",'gotmls')."\n{$lt}script type='text/javascript'$gt\nalert('".GOTMLS_Invalid_Nonce("")."');\n$lt/script$gt\n"); } else echo GOTMLS_box(__("Scan Logs",'gotmls'), GOTMLS_get_scanlog()); echo "\n$lt/div$gt$lt/div$gt$lt/div$gt"; } function GOTMLS_login_form($form_id = "loginform") { $sess = time(); $ajaxURL = admin_url("admin-ajax.php?action=GOTMLS_logintime&GOTMLS_sess="); echo '\n";//GOTMLS_login_script.onload = set_offset_id(); } add_action("login_form", "GOTMLS_login_form"); function GOTMLS_ajax_logintime() { @header("Content-type: text/javascript"); $sess = (false && isset($_GET["GOTMLS_sess"]) && is_numeric($_GET["GOTMLS_sess"])) ? htmlspecialchars($_GET["sess"]) : time(); die("\n//Permission Error: User not authenticated!\nvar GOTMLS_login_offset = new Date();\nvar GOTMLS_login_offset_start = GOTMLS_login_offset.getTime() - ".$sess."000;\nfunction set_offset_id() {\n\tGOTMLS_login_offset = new Date();\n\tif (form_login = document.getElementById('offset_id'))\n\t\tform_login.value = GOTMLS_login_offset.getTime() - GOTMLS_login_offset_start;\n\tsetTimeout(set_offset_id, 15673);\n}\nset_offset_id();"); } add_action('wp_ajax_nopriv_GOTMLS_logintime', 'GOTMLS_ajax_logintime'); add_action('wp_ajax_GOTMLS_logintime', 'GOTMLS_ajax_logintime'); function GOTMLS_ajax_lognewkey() { @header("Content-type: text/javascript"); if (GOTMLS_get_nonce()) { if (isset($_POST["GOTMLS_installation_key"]) && ($_POST["GOTMLS_installation_key"] == GOTMLS_installation_key)) { $keys = maybe_unserialize(get_option('GOTMLS_Installation_Keys', array())); if (is_array($keys)) { $count = count($keys); if (!array_key_exists(GOTMLS_installation_key, $keys)) $keys = array_merge($keys, array(GOTMLS_installation_key => GOTMLS_siteurl)); } else $keys = array(GOTMLS_installation_key => GOTMLS_siteurl); update_option("GOTMLS_Installation_Keys", serialize($keys)); die("\n//$count~".count($keys)); } else die("\n//0"); } else die(GOTMLS_Invalid_Nonce("\n//Log New Key Error: ")."\n"); } add_action('wp_ajax_GOTMLS_lognewkey', 'GOTMLS_ajax_lognewkey'); add_action('wp_ajax_nopriv_GOTMLS_lognewkey', 'GOTMLS_ajax_nopriv'); function GOTMLS_set_plugin_action_links($links_array, $plugin_file) { if ($plugin_file == substr(str_replace("\\", "/", __FILE__), (-1 * strlen($plugin_file))) && strlen($plugin_file) > 10) $links_array = array_merge(array(''.GOTMLS_Scan_Settings_LANGUAGE.''), $links_array); return $links_array; } add_filter("plugin_action_links", "GOTMLS_set_plugin_action_links", 1, 2); function GOTMLS_set_plugin_row_meta($links_array, $plugin_file) { if ($plugin_file == substr(str_replace("\\", "/", __FILE__), (-1 * strlen($plugin_file))) && strlen($plugin_file) > 10) $links_array = array_merge($links_array, array('FAQ','Support','Donate')); return $links_array; } add_filter("plugin_row_meta", "GOTMLS_set_plugin_row_meta", 1, 2); function GOTMLS_in_plugin_update_message($args) { $transient_name = 'GOTMLS_upgrade_notice_'.$args["Version"].'_'.$args["new_version"]; if ((false === ($upgrade_notice = get_transient($transient_name))) && ($ret = GOTMLS_get_URL("https://plugins.svn.wordpress.org/gotmls/trunk/readme.txt"))) { $upgrade_notice = ''; if ($match = preg_split('/==\s*Upgrade Notice\s*==\s+/i', $ret)) { if (preg_match('/\n+=\s*'.str_replace(".", "\\.", GOTMLS_Version).'\s*=\s+/is', $match[1])) $notice = (array) preg_split('/\n+=\s*'.str_replace(".", "\\.", GOTMLS_Version).'\s*=\s+/is', $match[1]); else $notice = (array) preg_split('/\n+=/is', $match[1]."\n="); $upgrade_notice .= '
      '.preg_replace('/=\s*([\.0-9]+)\s*=\s*([^=]+)/i', '
    • ${1}: ${2}
    • ', preg_replace('~\[([^\]]*)\]\(([^\)]*)\)~', '${1}', $notice[0])).'
      '; set_transient($transient_name, $upgrade_notice, DAY_IN_SECONDS); } } echo $upgrade_notice; } add_action("in_plugin_update_message-gotmls/index.php", "GOTMLS_in_plugin_update_message"); function GOTMLS_init() { global $wp_version; if (isset($wp_version) && ($wp_version)) GOTMLS_define("GOTMLS_wp_version", $wp_version); else GOTMLS_define("GOTMLS_wp_version", "Not Set"); if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_what"])) $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_what"] = 2; if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_depth"])) $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_depth"] = -1; if (isset($_REQUEST["scan_type"]) && ($_REQUEST["scan_type"] == "Quick Scan")) { if (!isset($_REQUEST["scan_what"])) $_REQUEST["scan_what"] = 2; if (!isset($_REQUEST["scan_depth"])) $_REQUEST["scan_depth"] = 2; if (!isset($_REQUEST["scan_only"])) $_REQUEST["scan_only"] = array("","wp-includes","wp-admin"); if ($_REQUEST["scan_only"] && !is_array($_REQUEST["scan_only"])) $_REQUEST["scan_only"] = array($_REQUEST["scan_only"]); } if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check_custom"])) $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check_custom"] = ""; if (isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"]) && is_numeric($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"])) $scan_level = intval($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"]); else $scan_level = count(explode('/', trailingslashit(GOTMLS_siteurl))) - 1; if (GOTMLS_get_nonce()) { if (isset($_REQUEST["dont_check"]) && is_array($_REQUEST["dont_check"]) && count($_REQUEST["dont_check"])) $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"] = $_REQUEST["dont_check"]; elseif (isset($_POST["scan_type"]) || !(isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"]))) $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"] = array(); if (isset($_POST["scan_level"]) && is_numeric($_POST["scan_level"])) $scan_level = intval($_POST["scan_level"]); if (isset($scan_level) && is_numeric($scan_level)) $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"] = intval($scan_level); } if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"])) $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"] = count(explode('/', trailingslashit(GOTMLS_siteurl))) - 1; } add_action("admin_init", "GOTMLS_init"); function GOTMLS_ajax_position() { if (GOTMLS_get_nonce()) { $GLOBALS["GOTMLS_msg"] = __("Default position",'gotmls'); $properties = array("body" => 'style="margin: 0; padding: 0;"'); if (isset($_GET["GOTMLS_msg"]) && $_GET["GOTMLS_msg"] == $GLOBALS["GOTMLS_msg"]) { $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"] = $GLOBALS["GOTMLS"]["tmp"]["default"]["msg_position"]; $gl = '><'; $properties["html"] = $gl.'head'.$gl.'script type="text/javascript"> if (curDiv = window.parent.document.getElementById("div_file")) { curDiv.style.left = "'.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][0].'"; curDiv.style.top = "'.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][1].'"; curDiv.style.height = "'.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][2].'"; curDiv.style.width = "'.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][3].'"; } array("body" => htmlentities($_GET["GOTMLS_msg"]).' '.__("saved.",'gotmls').(implode($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"]) == implode($GLOBALS["GOTMLS"]["tmp"]["default"]["msg_position"])?"":' ['.$GLOBALS["GOTMLS_msg"].']'))), $properties)); } else die(GOTMLS_Invalid_Nonce("\n//Position Error: ")."\n"); } add_action('wp_ajax_GOTMLS_position', 'GOTMLS_ajax_position'); function GOTMLS_ajax_empty_trash() { global $wpdb; $gl = '><'; if (GOTMLS_get_nonce()) { if ($trashed = $wpdb->query("DELETE FROM $wpdb->posts WHERE `post_type` = 'GOTMLS_quarantine' AND `post_status` != 'private'")) { $wpdb->query("REPAIR TABLE $wpdb->posts"); $trashmsg = __("Emptied $trashed item from the quarantine trash.",'gotmls'); } else $trashmsg = __("Failed to empty the trash.",'gotmls'); } else $trashmsg = GOTMLS_Invalid_Nonce(""); $properties = array("html" => $gl.'head'.$gl."script type='text/javascript'>\nif (curDiv = window.parent.document.getElementById('empty_trash_link'))\n\tcurDiv.style.display = 'none';\nalert('$trashmsg');\n 'style="margin: 0; padding: 0;"'); die(GOTMLS_html_tags(array("html" => array("body" => $trashmsg)), $properties)); } add_action('wp_ajax_GOTMLS_empty_trash', 'GOTMLS_ajax_empty_trash'); function GOTMLS_ajax_whitelist() { if (GOTMLS_get_nonce()) { if (isset($_POST['GOTMLS_whitelist']) && isset($_POST['GOTMLS_chksum'])) { $file = GOTMLS_decode($_POST['GOTMLS_whitelist']); $chksum = explode("O", $_POST['GOTMLS_chksum']."O"); if (strlen($chksum[0]) == 32 && strlen($chksum[1]) == 32 && is_file($file) && md5(@file_get_contents($file)) == $chksum[0]) { $filesize = @filesize($file); if (true) { if (!isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"][$file][0])) $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"][$file][0] = "A0002"; $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"][$file][$chksum[0].'O'.$filesize] = "A0002"; } else unset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"][$file]); GOTMLS_update_option("definitions", $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]); $body = "Added $file to Whitelist!
      \n"; } else $body = "
    • Invalid Data!
    • "; die(GOTMLS_html_tags(array("html" => array("body" => $body)))); } else die("\n//Whitelist Error: Invalid checksum!\n"); } else die(GOTMLS_Invalid_Nonce("\n//Whitelist Error: ")."\n"); } add_action('wp_ajax_GOTMLS_whitelist', 'GOTMLS_ajax_whitelist'); function GOTMLS_ajax_fix() { if (GOTMLS_get_nonce()) { if (isset($_POST["GOTMLS_fix"]) && !is_array($_POST["GOTMLS_fix"])) $_POST["GOTMLS_fix"] = array($_POST["GOTMLS_fix"]); if (isset($_REQUEST["GOTMLS_fix"]) && is_array($_REQUEST["GOTMLS_fix"]) && isset($_REQUEST["GOTMLS_fixing"]) && $_REQUEST["GOTMLS_fixing"]) { GOTMLS_update_scan_log(array("settings" => $GLOBALS["GOTMLS"]["tmp"]["settings_array"])); $callAlert = "clearTimeout(callAlert);\ncallAlert=setTimeout('alert_repaired(1)', 30000);"; $li_js = "\n\n\n"; $li_js = "\n"; $li_js = "\n"; $li_js = "\n$HTML[1]"); } else die(GOTMLS_html_tags(array("html" => array("body" => "".__("Done!",'gotmls'))))); } else die(GOTMLS_html_tags(array("html" => array("body" => "".__("Done!",'gotmls'))))); } add_action('wp_ajax_GOTMLS_fix', 'GOTMLS_ajax_fix'); function GOTMLS_ajax_scan() { if (GOTMLS_get_nonce()) { @error_reporting(0); if (isset($_GET["GOTMLS_scan"])) { $script_form = '
      $GLOBALS["GOTMLS"]["tmp"]["threats_found"])); foreach ($GLOBALS["GOTMLS"]["tmp"]["threats_found"] as $threats_found => $threats_name) { list($start, $end, $junk) = explode("-", "$threats_found--", 3); if (strlen($end) > 0 && is_numeric($start) && is_numeric($end)) { if ($start < $end) $fa .= ' ['.$f++.']'; else $fa .= ' ['.$f++.']'; } else { if (is_numeric($threats_found)) { $threats_found = $threats_name; $threats_name = $f; } $fpos = 0; $flen = 0; $potential_threat = str_replace("\r", "", $threats_found); while (($fpos = strpos(str_replace("\r", "", $GLOBALS["GOTMLS"]["tmp"]["file_contents"]), ($potential_threat), $flen + $fpos)) !== false) { $flen = strlen($potential_threat); $fa .= ' ['.$f++.']'; } } } } //else echo "excerpt:".$Q_post["post_excerpt"]; die("\n$script_form".admin_url('admin-ajax.php?'.GOTMLS_set_nonce(__FUNCTION__."1779")).'" onsubmit="return confirm(\''.__("Are you sure you want to delete the record of this file from the quarantine?",'gotmls').'\');">
      '.__("File Details:",'gotmls').' ('.$fa.' )
      '); } else die(GOTMLS_html_tags(array("html" => array("body" => __("This record no longer exists in the quarantine.",'gotmls')."
      \n")))); } else { $file = GOTMLS_decode($_GET["GOTMLS_scan"]); if (is_numeric($file)) die("\n$script_form".GOTMLS_db_scan($file)); elseif (is_dir($file)) { @error_reporting(0); @header("Content-type: text/javascript"); if (isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"])) $GLOBALS["GOTMLS"]["tmp"]["skip_ext"] = $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"]; @ob_start(); echo GOTMLS_scandir($file); if (@ob_get_level()) { GOTMLS_flush(); @ob_end_flush(); } die('//END OF JavaScript'); } elseif (file_exists($file)) { GOTMLS_scanfile($file); $fa = ""; $function = 'GOTMLS_decode'; if (isset($_GET[$function]) && is_array($_GET[$function])) { foreach ($_GET[$function] as $decode) { $fa .= " NO-$decode"; } } elseif (isset($GLOBALS["GOTMLS"]["tmp"]["threats_found"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["threats_found"]) && count($GLOBALS["GOTMLS"]["tmp"]["threats_found"])) { $f = 1; foreach ($GLOBALS["GOTMLS"]["tmp"]["threats_found"] as $threats_found => $threats_name) { list($start, $end, $junk) = explode("-", "$threats_found--", 3); if ($start > $end) $fa .= 'ERROR['.($f++).']: Threat_size{'.$threats_found.'} Content_size{'.strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]).'}'; else $fa .= ' ['.$f++.']'; } } else $fa = " No Threats Found"; die("\n$script_form".admin_url('admin-ajax.php?'.GOTMLS_set_nonce(__FUNCTION__."1821")).'" onsubmit="return confirm(\''.__("Are you sure this file is not infected and you want to ignore it in future scans?",'gotmls').'\');">
      '.__("Potential threats in file:",'gotmls').' ('.$fa.' )
      '); } else die(GOTMLS_html_tags(array("html" => array("body" => sprintf(__("The file %s does not exist, it must have already been deleted.",'gotmls'), htmlspecialchars($file))."")))); } } else die("\n//Directory Error: Nothing to scan!\n"); } else { if (isset($_GET["GOTMLS_scan"]) && is_dir(GOTMLS_decode($_GET["GOTMLS_scan"]))) @header("Content-type: text/javascript"); die(GOTMLS_Invalid_Nonce("\n//Ajax Scan Error: ")."\n"); } } add_action('wp_ajax_GOTMLS_scan', 'GOTMLS_ajax_scan'); function GOTMLS_ajax_nopriv() { die("\n//Permission Error: User not authenticated!\n"); } add_action('wp_ajax_nopriv_GOTMLS_scan', 'GOTMLS_ajax_nopriv'); add_action('wp_ajax_nopriv_GOTMLS_position', 'GOTMLS_ajax_nopriv'); add_action('wp_ajax_nopriv_GOTMLS_fix', 'GOTMLS_ajax_nopriv'); add_action('wp_ajax_nopriv_GOTMLS_whitelist', 'GOTMLS_ajax_nopriv'); add_action('wp_ajax_nopriv_GOTMLS_empty_trash', 'GOTMLS_ajax_nopriv'); add_action('wp_ajax_nopriv_GOTMLS_auto_update', 'GOTMLS_update_definitions'); add_action("plugins_loaded", "GOTMLS_loaded"); add_action("admin_notices", "GOTMLS_admin_notices"); add_action("admin_menu", "GOTMLS_menu"); add_action("network_admin_menu", "GOTMLS_menu"); strlen("/".basename(__FILE__)) && substr(__FILE__, -1 * strlen($SCRIPT_FILE)) == substr($SCRIPT_FILE, -1 * strlen(__FILE__))) include(dirname(__FILE__)."/safe-load/index.php"); else require_once(dirname(__FILE__)."/images/index.php"); /* ___ * / /\ GOTMLS Main Plugin File * / /:/ @package GOTMLS * /__/::\ Copyright \__\/\:\__ © 2012-2018 Eli Scheetz (email: eli@gotmls.net) * \ \:\/\ * \__\::/ This program is free software; you can redistribute it * ___ /__/:/ and/or modify it under the terms of the GNU General Public * /__/\ _\__\/ License as published by the Free Software Foundation; * \ \:\ / /\ either version 2 of the License, or (at your option) any * ___\ \:\ /:/ later version. * / /\\ \:\/:/ / /:/ \ \::/ This program is distributed in the hope that it will be useful, / /:/_ \__\/ but WITHOUT ANY WARRANTY; without even the implied warranty /__/:/ /\__ of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. \ \:\/:/ /\ See the GNU General Public License for more details. \ \::/ /:/ \ \:\/:/ You should have received a copy of the GNU General Public License * \ \::/ with this program; if not, write to the Free Software Foundation, * \__\/ Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ load_plugin_textdomain('gotmls', false, basename(GOTMLS_plugin_path).'/languages'); require_once(GOTMLS_plugin_path.'images/index.php'); function GOTMLS_install() { global $wp_version; if (isset($wp_version) && ($wp_version)) GOTMLS_define("GOTMLS_wp_version", $wp_version); else GOTMLS_define("GOTMLS_wp_version", "Unknown"); if (version_compare(GOTMLS_wp_version, GOTMLS_require_version, "<")) die(GOTMLS_require_version_LANGUAGE.", NOT version: ".GOTMLS_wp_version); } register_activation_hook(__FILE__, "GOTMLS_install"); function GOTMLS_user_can() { if (is_multisite()) $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"] = "manage_network"; elseif (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"]) || $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"] == "manage_network") $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"] = "activate_plugins"; if (current_user_can($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"])) return true; else return false; } function GOTMLS_menu() { $GOTMLS_Full_plugin_logo_URL = GOTMLS_images_path.'GOTMLS-16x16.gif'; $base_page = "GOTMLS-settings"; $base_function = "GOTMLS_settings"; $pluginTitle = "Anti-Malware"; $pageTitle = "$pluginTitle ".GOTMLS_Scan_Settings_LANGUAGE; if (GOTMLS_user_can()) { $my_admin_page = add_menu_page($pageTitle, $pluginTitle, $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"], $base_page, $base_function, $GOTMLS_Full_plugin_logo_URL); add_action('load-'.$my_admin_page, 'GOTMLS_admin_add_help_tab'); add_submenu_page($base_page, "$pluginTitle ".GOTMLS_Scan_Settings_LANGUAGE, GOTMLS_Scan_Settings_LANGUAGE, $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"], $base_page, $base_function); add_submenu_page($base_page, "$pluginTitle Firewall Options", "Firewall Options", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"], "GOTMLS-Firewall-Options", "GOTMLS_Firewall_Options"); add_submenu_page($base_page, "$pluginTitle ".GOTMLS_View_Quarantine_LANGUAGE, GOTMLS_View_Quarantine_LANGUAGE.(($Qs = GOTMLS_get_quarantine(true))?' '.$Qs.'':""), $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"], "GOTMLS-View-Quarantine", "GOTMLS_View_Quarantine"); } } function GOTMLS_admin_add_help_tab() { $screen = get_current_screen(); $screen->add_help_tab(array( 'id' => "GOTMLS_Getting_Started", 'title' => __("Getting Started", 'gotmls'), 'content' => '

      '.__("Make sure the Definition Updates are current and Run a Complete Scan.").'

      '.sprintf(__("If Known Threats are found and displayed in red then there will be a button to '%s'. If only Potentional Threats are found then there is no automatic fix because those are probably not malicious."), GOTMLS_Automatically_Fix_LANGUAGE).'

      '.__("A backup of the original infected files are placed in the Quarantine in case you need to restore them or just want to look at them later. You can delete these files if you don't want to save more.").'

      ' )); $FAQMarker = '== Frequently Asked Questions =='; if (is_file(dirname(__FILE__).'/readme.txt') && ($readme = explode($FAQMarker, @file_get_contents(dirname(__FILE__).'/readme.txt').$FAQMarker)) && strlen($readme[1]) && ($readme = explode("==", $readme[1]."==")) && strlen($readme[0])) { $screen->add_help_tab(array( 'id' => "GOTMLS_FAQs", 'title' => __("FAQs", 'gotmls'), 'content' => '

      '.preg_replace('/\[(.+?)\]\((.+?)\)/', "\\1", preg_replace('/[\r\n]+= /', "

      ", preg_replace('/ =[\r\n]+/', "

      ", $readme[0]))).'

      ' )); } } function GOTMLS_close_button($box_id, $margin = '6px') { return 'X'; } function GOTMLS_enqueue_scripts() { wp_enqueue_style('dashicons'); } add_action('admin_enqueue_scripts', 'GOTMLS_enqueue_scripts'); function GOTMLS_display_header($optional_box = "") { global $current_user, $wpdb; wp_get_current_user(); $GOTMLS_url_parts = explode('/', GOTMLS_siteurl); if (isset($_GET["check_site"]) && $_GET["check_site"]) echo '
      ✔ '.__("Tested your site. It appears we didn't break anything",'gotmls').' ;-)
    • Please write a "Five-Star" Review on WordPress.org if you like this plugin.
    • Anti-Malware from GOTMLS.NET

      '.GOTMLS_box(__("Updates & Registration",'gotmls'), "
        $php_version
      • WordPress: ".GOTMLS_wp_version."
      • \n
      • Plugin: ".GOTMLS_Version.'
      • Key: '.GOTMLS_installation_key.'
        Key: '.GOTMLS_installation_key.'
        No Key!
      • Definitions: '.$GLOBALS["GOTMLS"]["tmp"]["Definition"]["Latest"].'
      '.str_replace('findUpdates', 'Definition_Updates', $Update_Div).'
      '.(false && $isRegistered?'Registered to: '.$isRegistered:"").$Update_Link, "stuffbox").' '.GOTMLS_box(__("Resources & Links",'gotmls'), '
      $15 $29 $52 $100 $200
      Google Safe Browsing Diagnostic', "stuffbox").//GOTMLS_box(__("Last Scan Status",'gotmls'), GOTMLS_scan_log(), "stuffbox"). $optional_box.'
      '; if (isset($GLOBALS["GOTMLS"]["tmp"]["stuffbox"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["stuffbox"])) { echo ' '; } echo '
      '; } function GOTMLS_box($bTitle, $bContents, $bType = "postbox") { $md5 = md5($bTitle); if (isset($GLOBALS["GOTMLS"]["tmp"]["$bType"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["$bType"])) $GLOBALS["GOTMLS"]["tmp"]["$bType"]["$md5"] = "$bTitle"; else $GLOBALS["GOTMLS"]["tmp"]["$bType"] = array("$md5"=>"$bTitle"); return '

      '.$bTitle.'

      '.$bContents.'
      '; } function GOTMLS_get_scanlog() { global $wpdb; $LastScan = ''; if (isset($_GET["GOTMLS_cl"]) && GOTMLS_get_nonce()) { $SQL = $wpdb->prepare("DELETE FROM `$wpdb->options` WHERE option_name LIKE %s AND substring_index(option_name, '/', -1) < %s", 'GOTMLS_scan_log/%', $_GET["GOTMLS_cl"]); if ($cleared = $wpdb->query($SQL)) $LastScan .= sprintf(__("Cleared %s records from this log.",'gotmls'), $cleared); // else $LastScan .= $wpdb->last_error."
    • $SQL
    • "; } $SQL = "SELECT substring_index(option_name, '/', -1) AS `mt`, option_name, option_value FROM `$wpdb->options` WHERE option_name LIKE 'GOTMLS_scan_log/%' ORDER BY mt DESC"; if ($rs = $wpdb->get_results($SQL, ARRAY_A)) { $units = array("seconds"=>60,"minutes"=>60,"hours"=>24,"days"=>365,"years"=>10); $LastScan .= ''; } else $LastScan .= '

      '.__("No Scans have been logged",'gotmls').'

      '; return "$LastScan\n"; } function GOTMLS_get_whitelists() { $Q_Page = ''; if (isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"])) { $Q_Page .= '

        '.__("Globally White-listed files",'gotmls').''.__("# of patterns",'gotmls').''.__("Date Updated",'gotmls').'

        '; foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"] as $file => $non_threats) { if (isset($non_threats[0])) { $updated = GOTMLS_sexagesimal($non_threats[0]); unset($non_threats[0]); } else $updated = "Unknown"; $Q_Page .= '
      • '.count($non_threats).''.$updated."$file
      • \n"; } if (isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"])) { $Q_Page .= '

        '.__("WordPress Core files",'gotmls').''.__("# of files",'gotmls').'

        '; foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"] as $ver => $files) { $Q_Page .= '
      • '.count($files)."Version $ver
      • \n"; } } $Q_Page .= "
      "; } return "$Q_Page\n"; } function GOTMLS_get_quarantine($only = false) { global $wpdb, $post; if (is_numeric($only)) return get_post($only, ARRAY_A); elseif ($only) return $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->posts WHERE `post_type` = 'GOTMLS_quarantine' AND `post_status` = 'private'"); else $args = array('posts_per_page' => (isset($_GET['posts_per_page'])&&is_numeric($_GET['posts_per_page'])&&$_GET['posts_per_page']>0?$_GET['posts_per_page']:200), 'orderby' => 'date', 'post_type' => 'GOTMLS_quarantine', "post_status" => "private"); if (isset($_POST["paged"])) $args["paged"] = $_POST["paged"]; $my_query = new WP_Query($args); $Q_Paged = '
      Page:
      '; $Q_Page = ' '; if ($my_query->have_posts()) { $Q_Page .= '

      '.__("The following items have been found to contain malicious code, they have been cleaned, and the original infected file contents have been saved here in the Quarantine. The code is safe here and you do not need to do anything further with these files.",'gotmls').'

        '.($my_query->post_count>1?' '.sprintf(__("Check all %d",'gotmls'),$my_query->post_count):"").__(" Items in Quarantine",'gotmls').''.__("Quarantined",'gotmls').''.__("Date Infected",'gotmls').'

        '; $root_path = implode(GOTMLS_slash(), array_slice(GOTMLS_explode_dir(__FILE__), 0, (2 + intval($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"])) * -1)); while ($my_query->have_posts()) { $my_query->the_post(); $Q_Page .= '
      • '.$post->post_date_gmt.''.$post->post_modified_gmt.'Q'.GOTMLS_error_link(__("View Quarantined File",'gotmls'), $post->ID).str_replace($root_path, "...", $post->post_title)."
      • \n"; } $Q_Page .= "\n
      "; for ($p = 1; $p <= $my_query->max_num_pages; $p++) { $Q_Paged .= ''; } } else $Q_Page .= '

      '.__("No Items in Quarantine",'gotmls').'

      '; wp_reset_query(); $return = "$Q_Paged\n

      \n$Q_Page\n\n$Q_Paged\n
      \n"; if (($trashed = $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->posts WHERE `post_type` = 'GOTMLS_quarantine' AND `post_status` != 'private'")) > 1) $return = '['.sprintf(__("Clear %s Deleted Files from the Trash",'gotmls'), $trashed)."]$return"; return $return; } function GOTMLS_View_Quarantine() { GOTMLS_update_definitions(); $echo = GOTMLS_box($Q_Page = __("White-lists",'gotmls'), GOTMLS_get_whitelists()); if (!isset($_GET['Whitelists'])) $echo .= "\n\n"; $echo .= GOTMLS_box($Q_Page = __("Quarantine",'gotmls'), GOTMLS_get_quarantine()); GOTMLS_display_header(); echo $echo."\n
      "; } function GOTMLS_Firewall_Options() { global $current_user, $wpdb, $table_prefix; GOTMLS_update_definitions(); GOTMLS_display_header(); $GOTMLS_nonce_found = GOTMLS_get_nonce(); $gt = ">"; $lt = "<"; $save_action = ""; $patch_attr = array( array( "icon" => "blocked", "language" => __("Your WordPress Login page is susceptible to a brute-force attack (just like any other login page). These types of attacks are becoming more prevalent these days and can sometimes cause your server to become slow or unresponsive, even if the attacks do not succeed in gaining access to your site. Applying this patch will block access to the WordPress Login page whenever this type of attack is detected."), "status" => 'Not Installed', "action" => 'Install Patch' ), array( "language" => __("Your WordPress site has the current version of my brute-force Login protection installed."), "action" => 'Uninstall Patch', "status" => 'Enabled', "icon" => "checked" ), array( "language" => __("Your WordPress Login page has the old version of my brute-force protection installed. Upgrade this patch to improve the protection on the WordPress Login page and preserve the integrity of your WordPress core files."), "action" => 'Upgrade Patch', "status" => 'Out of Date', "icon" => "threat" ) ); $find = '|]+xmlrpc.php>(.+?)\s*(# END GOTMLS Patch to Block XMLRPC Access\s*)*|is'; $deny = "\n\norder deny,allow\ndeny from all"; $allow = ""; if (isset($_SERVER["REMOTE_ADDR"])) { $deny .= "\nallow from ".$_SERVER["REMOTE_ADDR"]; $allow .= " ".$_SERVER["REMOTE_ADDR"]; } if (isset($_SERVER["SERVER_ADDR"])) { $deny .= "\nallow from ".$_SERVER["SERVER_ADDR"]; $allow .= " ".$_SERVER["SERVER_ADDR"]; } $deny .= "\n\n\nRequire"; if (strlen(trim($allow)) > 0) $deny .= " ip$allow"; else $deny .= " all denied"; $deny .= "\n"; if (count($GLOBALS["GOTMLS"]["tmp"]["apache"]) > 1) $errdiv = ""; else $errdiv = "
      Unable to read Apache Version, this patch may not work!
      "; $patch_action = $lt.'form method="POST" name="GOTMLS_Form_XMLRPC_patch"'.$gt.$lt.'input type="hidden" name="'.str_replace('=', '" value="', GOTMLS_set_nonce(__FUNCTION__."1159")).'"'.$gt.$lt.'script'.$gt."\nfunction setFirewall(opt, val) {\n\tif (autoUpdateDownloadGIF = document.getElementById('fw_opt'))\n\t\tautoUpdateDownloadGIF.value = opt;\n\tif (autoUpdateDownloadGIF = document.getElementById('fw_val'))\n\t\tautoUpdateDownloadGIF.value = val;\n}\nfunction testComplete() {\nif (autoUpdateDownloadGIF = document.getElementById('autoUpdateDownload'))\n\tdonationAmount = autoUpdateDownloadGIF.src.replace(/^.+\?/,'');\nif ((autoUpdateDownloadGIF.src == donationAmount) || donationAmount=='0') {\n\tif (patch_searching_div = document.getElementById('GOTMLS_XMLRPC_patch_searching')) {\n\t\tif (autoUpdateDownloadGIF.src == donationAmount)\n\t\t\tpatch_searching_div.innerHTML = '".__("You must register and donate to use this feature!",'gotmls')."';\n\t\telse\n\t\t\tpatch_searching_div.innerHTML = '".__("This feature is available to those who have donated!",'gotmls')."';\n\t}\n} else {\n\tshowhide('GOTMLS_XMLRPC_patch_searching');\n\tshowhide('GOTMLS_XMLRPC_patch_button', true);\n}\n}\nwindow.onload=testComplete;\n$lt/script$gt$lt".'div style="padding: 0 30px;"'.$gt.$lt.'input type="hidden" name="GOTMLS_XMLRPC_patching" value="'; $patch_found = false; $head = str_replace(array('|]+', '(.+?)', '\\s*(', '\\s*)*|is'), array(" 0) && GOTMLS_file_put_contents(ABSPATH.'.htaccess', "$head$htaccess")) { $patch_action .= '-1"'.$gt.$lt.'input style="float: right;" type="submit" value="Unblock XMLRPC Access" /'.$gt.$lt.'p'.$gt.$lt.'img src="'.GOTMLS_images_path.'checked.gif"'.$gt.$lt.'b'.$gt.'Block XMLRPC Access (Now Blocked'; $errdiv = ""; } elseif ($GOTMLS_nonce_found && isset($_POST["GOTMLS_XMLRPC_patching"]) && ($_POST["GOTMLS_XMLRPC_patching"] > 0)) $patch_action .= '1"'.$gt.$lt.'input style="float: right;" type="submit" value="Block XMLRPC Access" /'.$gt.$lt.'p'.$gt.$lt.'img src="'.GOTMLS_images_path.'threat.gif"'.$gt.$lt.'b'.$gt.'Block XMLRPC Access (Still Allowing Access: '.sprintf(__("Failed to install XMLRPC Protection [.htaccess %s]",'gotmls'),(is_readable(ABSPATH.'.htaccess')?'read-'.(is_writable(ABSPATH.'.htaccess')?'write?':'only!'):"unreadable!").": ".strlen($htaccess).GOTMLS_fileperms(ABSPATH.'.htaccess')); else $patch_action .= '1"'.$gt.$lt.'input style="float: right;" type="submit" value="Block XMLRPC Access" /'.$gt.$lt.'p'.$gt.$lt.'img src="'.GOTMLS_images_path.'question.gif"'.$gt.$lt.'b'.$gt.'Block XMLRPC Access (Currently Allowing Access'; } $patch_action .= ")$errdiv$lt/b$gt$lt/p$gt".__("Most WordPress sites do not use the XMLRPC features and hack attempts on the xmlrpc.php file are more common then ever before. Even if there are no vulnerabilities for hackers to exploit, these attempts can cause slowness or downtime similar to a DDoS attack. This patch automatically blocks all external access to the xmlrpc.php file.",'gotmls').$lt.'/div'.$gt.$lt.'/form'.$gt.$lt.'hr /'.$gt; $patch_status = 0; $patch_found = -1; $find = "#if\s*\(([^\&]+\&\&)?\s*file_exists\((.+?)(safe-load|wp-login)\.php'\)\)\s*require(_once)?\((.+?)(safe-load|wp-login)\.php'\);#"; $head = str_replace(array('#', '\\(', '\\)', '(_once)?', ')\\.', '\\s*', '(.+?)(', '|', '([^\\&]+\\&\\&)?'), array(' ', '(', ')', '_once', '.', ' ', '\''.dirname(__FILE__).'/', '/', '!in_array($_SERVER["REMOTE_ADDR"], array("'.$_SERVER["REMOTE_ADDR"].'")) &&'), $find); if (is_file(ABSPATH.'../wp-config.php') && !is_file(ABSPATH.'wp-config.php')) $wp_config = '../wp-config.php'; else $wp_config = 'wp-config.php'; if (is_file(ABSPATH.$wp_config)) { if (($config = @file_get_contents(ABSPATH.$wp_config)) && strlen($config)) { if ($patch_found = preg_match($find, $config)) { if (strpos($config, substr($head, strpos($head, "file_exists")))) { if ($GOTMLS_nonce_found && isset($_POST["GOTMLS_patching"]) && GOTMLS_file_put_contents(ABSPATH.$wp_config, preg_replace('#'.$lt.'\?[ph\s]+(//.*\s*)*\?'.$gt.'#i', "", preg_replace($find, "", $config)))) $patch_action .= $lt.'div class="error"'.$gt.__("Removed Brute-Force Protection",'gotmls').$lt.'/div'.$gt; else $patch_status = 1; } else { if ($GOTMLS_nonce_found && isset($_POST["GOTMLS_patching"]) && GOTMLS_file_put_contents(ABSPATH.$wp_config, preg_replace($find, "$head", $config))) { $patch_action .= $lt.'div class="updated"'.$gt.__("Upgraded Brute-Force Protection",'gotmls').$lt.'/div'.$gt; $patch_status = 1; } else $patch_status = 2; } } elseif ($GOTMLS_nonce_found && isset($_POST["GOTMLS_patching"]) && strlen($config) && ($patch_found == 0) && GOTMLS_file_put_contents(ABSPATH.$wp_config, "$lt?php$head// Load Brute-Force Protection by GOTMLS.NET before the WordPress bootstrap. ?$gt$config")) { $patch_action .= $lt.'div class="updated"'.$gt.__("Installed Brute-Force Protection",'gotmls').$lt.'/div'.$gt; $patch_status = 1; } elseif ($GOTMLS_nonce_found && isset($_POST["GOTMLS_patching"])) $patch_action .= $lt.'div class="updated"'.$gt.sprintf(__("Failed to install Brute-Force Protection (wp-config.php %s)",'gotmls'),(is_readable(ABSPATH.$wp_config)?'read-'.(is_writable(ABSPATH.$wp_config)?'write':'only'):"unreadable").": ".strlen($config).GOTMLS_fileperms(ABSPATH.$wp_config)).$lt.'/div'.$gt; } else $patch_action .= $lt.'div class="error"'.$gt.__("wp-config.php Not Readable!",'gotmls').$lt.'/div'.$gt; } else $patch_action .= $lt.'div class="error"'.$gt.__("wp-config.php Not Found!",'gotmls').$lt.'/div'.$gt; if ($GOTMLS_nonce_found && file_exists(ABSPATH.'wp-login.php') && ($login = @file_get_contents(ABSPATH.'wp-login.php')) && strlen($login) && (preg_match($find, $login))) { if (isset($_POST["GOTMLS_patching"]) && ($source = GOTMLS_get_URL("http://core.svn.wordpress.org/tags/".GOTMLS_wp_version.'/wp-login.php')) && (strlen($source) > 500) && GOTMLS_file_put_contents(ABSPATH.'wp-login.php', $source)) $patch_action .= $lt.'div class="updated"'.$gt.__("Removed Old Brute-Force Login Patch",'gotmls').$lt.'/div'.$gt; else $patch_status = 2; } if ($GOTMLS_nonce_found && isset($_POST["GOTMLS_firewall_option"]) && strlen($_POST["GOTMLS_firewall_option"]) && isset($_POST["GOTMLS_firewall_value"]) && strlen($_POST["GOTMLS_firewall_value"])) { $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["firewall"][$_POST["GOTMLS_firewall_option"]] = $_POST["GOTMLS_firewall_value"]; if (update_option("GOTMLS_settings_array", $GLOBALS["GOTMLS"]["tmp"]["settings_array"])) $save_action = "\n{$lt}div onclick=\"this.style.display='none';\" style='position: relative; top: -40px; margin: 0 300px 0 130px;' class='updated'$gt\nSettings Saved!$lt/div$gt\n"; else $save_action = "\n{$lt}div onclick=\"this.style.display='none';\" style='position: relative; top: -40px; margin: 0 300px 0 130px;' class='updated'$gt\nSave Failed!$lt/div$gt\n"; } $sec_opts = $lt.'form method="POST" name="GOTMLS_Form_firewall"'.$gt.$lt.'input type="hidden" id="fw_opt" name="GOTMLS_firewall_option" value="traversal"'.$gt.$lt.'input type="hidden" name="GOTMLS_firewall_value" id="fw_val" value="0"'.$gt.$lt.'input type="hidden" name="'.str_replace('=', '" value="', GOTMLS_set_nonce(__FUNCTION__."805")).'"'.$gt; if (isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["firewall"]) && array($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["firewall"])) foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["firewall"] as $TP => $VA) if (is_array($VA) && count($VA) > 3 && strlen($VA[1]) && strlen($VA[2])) $sec_opts .= $lt.'div style="padding: 0 30px;"'.$gt.$lt.'input type="submit" style="float: right;" value="'.(isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["firewall"]["$TP"]) && $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["firewall"]["$TP"]?"Enable Protection\" onclick=\"setFirewall('$TP', 0);\"$gt$lt".'p'.$gt.$lt.'img src="'.GOTMLS_images_path.'threat.gif"'.$gt.$lt."b$gt$VA[1] (Currently Disabled)":"Disable Protection\" onclick=\"setFirewall('$TP', 1);\"$gt$lt".'p'.$gt.$lt.'img src="'.GOTMLS_images_path.'checked.gif"'.$gt.$lt."b$gt$VA[1] (Automatically Enabled)")."$lt/b$gt$lt/p$gt$VA[2]$lt/div$gt$lt".'hr /'.$gt; $sec_opts .= "$lt/form$gt\n$patch_action\n$lt".'form method="POST" name="GOTMLS_Form_patch"'.$gt.$lt.'div style="padding: 0 30px;"'.$gt.$lt.'input type="hidden" name="'.str_replace('=', '" value="', GOTMLS_set_nonce(__FUNCTION__."807")).'"'.$gt.$lt.'input type="submit" value="'.$patch_attr[$patch_status]["action"].'" style="float: right;'.($patch_status?'"'.$gt:' display: none;" id="GOTMLS_patch_button"'.$gt.$lt.'div id="GOTMLS_patch_searching" style="float: right;"'.$gt.__("Checking for session compatibility ...",'gotmls').' '.$lt.'img src="'.GOTMLS_images_path.'wait.gif" height=16 width=16 alt="Wait..." /'.$gt.$lt.'/div'.$gt).$lt.'input type="hidden" name="GOTMLS_patching" value="1"'.$gt.$lt.'p'.$gt.$lt.'img src="'.GOTMLS_images_path.$patch_attr[$patch_status]["icon"].'.gif"'.$gt.$lt.'b'.$gt.'Brute-force Protection '.$patch_attr[$patch_status]["status"].$lt.'/b'.$gt.$lt.'/p'.$gt.$patch_attr[$patch_status]["language"].__(" For more information on Brute-Force attack prevention and the WordPress wp-login-php file ",'gotmls').' '.$lt.'a target="_blank" href="http://gotmls.net/tag/wp-login-php/"'.$gt.__("read my blog",'gotmls')."$lt/a$gt.$lt/div$gt$lt/form$gt\n$lt"."script type='text/javascript'$gt\nfunction search_patch_onload() {\n\tstopCheckingSession = checkupdateserver('".GOTMLS_images_path."gotmls.js?SESSION=0', 'GOTMLS_patch_searching');\n}\nif (window.addEventListener)\n\twindow.addEventListener('load', search_patch_onload)\nelse\n\tdocument.attachEvent('onload', search_patch_onload);\n$lt/script$gt"; $admin_notice = ""; if ($current_user->user_login == "admin") { $admin_notice .= $lt.'hr /'.$gt; if ($GOTMLS_nonce_found && isset($_POST["GOTMLS_admin_username"]) && ($current_user->user_login != trim($_POST["GOTMLS_admin_username"])) && strlen(trim($_POST["GOTMLS_admin_username"])) && preg_match('/^\s*[a-z_0-9\@\.\-]{3,}\s*$/i', $_POST["GOTMLS_admin_username"])) { if ($wpdb->update($wpdb->users, array("user_login" => trim($_POST["GOTMLS_admin_username"])), array("user_login" => $current_user->user_login))) { $wpdb->query("UPDATE `{$table_prefix}sitemeta` SET `meta_value` = REPLACE(`meta_value`, 's:5:\"admin\";', 's:".strlen(trim($_POST["GOTMLS_admin_username"])).":\"".trim($_POST["GOTMLS_admin_username"])."\";') WHERE `meta_key` = 'site_admins' AND `meta_value` like '%s:5:\"admin\";%'"); $admin_notice .= $lt.'div class="updated"'.$gt.sprintf(__("You username has been change to %s. Don't forget to use your new username when you login again.",'gotmls'), $_POST["GOTMLS_admin_username"]).$lt.'/div'.$gt; } else $admin_notice .= $lt.'div class="error"'.$gt.sprintf(__("SQL Error changing username: %s. Please try again later.",'gotmls'), $wpdb->last_error).$lt.'/div'.$gt; } else { if (isset($_POST["GOTMLS_admin_username"])) $admin_notice .= $lt.'div class="updated"'.$gt.sprintf(__("Your new username must be at least 3 characters and can only contain "%s". Please try again.",'gotmls'), "a-z0-9_.-@").$lt.'/div'.$gt; $admin_notice .= $lt.'form method="POST" name="GOTMLS_Form_admin"'.$gt.$lt.'div style="float: right;"'.$gt.$lt.'div style="float: left;"'.$gt.__("Change your username:",'gotmls').$lt.'/div'.$gt.$lt.'input type="hidden" name="'.str_replace('=', '" value="', GOTMLS_set_nonce(__FUNCTION__."1235")).'"'.$gt.$lt.'input style="float: left;" type="text" id="GOTMLS_admin_username" name="GOTMLS_admin_username" size="6" value="'.$current_user->user_login.'"'.$gt.$lt.'input style="float: left;" type="submit" value="Change"'.$gt.$lt.'/div'.$gt.$lt.'div style="padding: 0 30px;"'.$gt.$lt.'p'.$gt.$lt.'img src="'.GOTMLS_images_path.'threat.gif"'.$gt.$lt.'b'.$gt.'Admin Notice'.$lt.'/b'.$gt.$lt.'/p'.$gt.__("Your username is \"admin\", this is the most commonly guessed username by hackers and brute-force scripts. It is highly recommended that you change your username immediately.",'gotmls').$lt.'/div'.$gt.$lt.'/form'.$gt; } } if ($GOTMLS_nonce_found && isset($_POST["GOTMLS_wpfirewall_action"])) { if ($_POST["GOTMLS_wpfirewall_action"] == "exclude_terms") update_option("WP_firewall_exclude_terms", ""); elseif ($_POST["GOTMLS_wpfirewall_action"] == "whitelisted_ip" && isset($_SERVER["REMOTE_ADDR"])) { $ips = maybe_unserialize(get_option("WP_firewall_whitelisted_ip", "not Array!")); if (is_array($ips)) $ips = array_merge($ips, array($_SERVER["REMOTE_ADDR"])); else $ips = array($_SERVER["REMOTE_ADDR"]); update_option("WP_firewall_whitelisted_ip", serialize($ips)); } } if (get_option("WP_firewall_exclude_terms", "Not Found!") == "allow") { $end = "$lt/div$gt$lt/form$gt\n{$lt}hr /$gt"; $img = 'threat.gif"'; $button = $lt.'input type="submit" onclick="document.getElementById(\'GOTMLS_wpfirewall_action\').value=\'exclude_terms\';" value="'.__("Disable this Rule",'gotmls').'"'.$gt; $wpfirewall_action = $lt.'form method="POST" name="GOTMLS_Form_wpfirewall2"'.$gt.$lt.'div style="float: right;"'.$gt.$lt.'input type="hidden" name="GOTMLS_wpfirewall_action" id="GOTMLS_wpfirewall_action" value=""'.$gt.$lt.'input type="hidden" name="'.str_replace('=', '" value="', GOTMLS_set_nonce(__FUNCTION__."1223")).'"'.$gt.$button.$lt.'/div'.$gt.$lt.'div style="padding: 0 30px;"'.$gt.$lt.'p'.$gt.$lt.'img src="'.GOTMLS_images_path.$img.$gt.$lt.'b'.$gt."WP Firewall 2 (Conflicting Firewall Rule)$lt/b$gt$lt/p$gt".__("The Conflicting Firewall Rule (WP_firewall_exclude_terms) activated by the WP Firewall 2 plugin has been shown to interfere with the Definition Updates and WP Core File Scans in my Anti-Malware plugin. I recommend that you disable this rule in the WP Firewall 2 plugin.",'gotmls').$end; if (isset($_SERVER["REMOTE_ADDR"])) { if (is_array($ips = maybe_unserialize(get_option("WP_firewall_whitelisted_ip", "not Array!"))) && in_array($_SERVER["REMOTE_ADDR"], $ips)) $wpfirewall_action = str_replace(array($img, $end), array('question.gif"', __(" However, your current IP has been Whitelisted so you could probably keep this rule enabled if you really want to.",'gotmls').$end), $wpfirewall_action); else $wpfirewall_action = str_replace(array($button, $end), array($button.$lt."br /$gt$lt".'input type="submit" onclick="document.getElementById(\'GOTMLS_wpfirewall_action\').value=\'whitelisted_ip\';" value="'.__("Whitelist your IP",'gotmls').'"'.$gt, __(" However, if you would like to keep this rule enabled you should at least Whitelist your IP.",'gotmls').$end), $wpfirewall_action); } $sec_opts = $wpfirewall_action.$sec_opts; } echo GOTMLS_box(__("Firewall Options",'gotmls'), $save_action.$sec_opts.$admin_notice)."\n"; } function GOTMLS_get_registrant($you) { global $current_user, $wpdb; wp_get_current_user(); if (isset($you["you"])) $you = $you["you"]; if (isset($you["user_email"]) && strlen($you["user_email"]) == 32) { if ($you["user_email"] == md5($current_user->user_email)) $registrant = $current_user->user_email; elseif (!($registrant = $wpdb->get_var("SELECT `user_nicename` FROM `$wpdb->users` WHERE MD5(`user_email`) = '".$you["user_email"]."'"))) $registrant = GOTMLS_siteurl; } else $registrant = GOTMLS_siteurl; return $registrant; } function GOTMLS_update_definitions() { global $wpdb; $GOTMLS_definitions_versions = array(); $user_info = array(); $saved = false; $moreJS = ""; $finJS = "\n}"; $form = 'registerKeyForm'; $innerHTML = "
    • Your Installation Key could not be confirmed!
    • "; $autoUpJS = 'This new feature is currently only available to registered users who have donated above the default level.
      '; foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"] as $threat_level=>$definition_names) foreach ($definition_names as $definition_name=>$definition_version) if (is_array($definition_version) && isset($definition_version[0]) && strlen($definition_version[0]) == 5) if (!isset($GOTMLS_definitions_versions[$threat_level]) || $definition_version[0] > $GOTMLS_definitions_versions[$threat_level]) $GOTMLS_definitions_versions[$threat_level] = $definition_version[0]; asort($GOTMLS_definitions_versions); if (isset($_REQUEST["UPDATE_definitions_array"]) && strlen($_REQUEST["UPDATE_definitions_array"]) && GOTMLS_get_nonce()) { $DEF_url = 'http:'.GOTMLS_update_home.'definitions.php?ver='.GOTMLS_Version.'&wp='.GOTMLS_wp_version.'&'.GOTMLS_set_nonce(__FUNCTION__."870").'&d='.ur1encode(GOTMLS_siteurl); if (strlen($_REQUEST["UPDATE_definitions_array"]) > 1) { $GOTnew_definitions = maybe_unserialize(GOTMLS_decode($_REQUEST["UPDATE_definitions_array"])); if (is_array($GOTnew_definitions)) { $form = 'autoUpdateDownload'; $GLOBALS["GOTMLS"]["tmp"]["onLoad"] .= "updates_complete('Downloaded Definitions');"; } } elseif ($_REQUEST["UPDATE_definitions_array"] == "D") { $GLOBALS["GOTMLS"]["tmp"]["definitions_array"] = array(); $GOTnew_definitions = array(); } elseif (($DEF = GOTMLS_get_URL($DEF_url)) && is_array($GOTnew_definitions = maybe_unserialize(GOTMLS_decode($DEF))) && count($GOTnew_definitions)) { if (isset($GOTnew_definitions["you"]["user_email"]) && strlen($GOTnew_definitions["you"]["user_email"]) == 32) { $toInfo = GOTMLS_get_registrant($GOTnew_definitions["you"]); $innerHTML = "
    • Your Installation Key is Registered to:
      $toInfo
    • "; $form = 'autoUpdateForm'; if (isset($GOTnew_definitions["you"]["user_donations"]) && isset($GOTnew_definitions["you"]["user_donation_total"]) && isset($GOTnew_definitions["you"]["user_donation_freshness"])) { $user_donations_src = $GOTnew_definitions["you"]["user_donations"]; if ($GOTnew_definitions["you"]["user_donation_total"] > 27.99) { $autoUpJS = 'Yes | No '; $moreJS = 'if (foundUpdates = document.getElementById("check_wp_core_div_NA")) foundUpdates.innerHTML = "Set Definition Updates to Automatically Download to activate this feature.";'; } if ($user_donations_src > 0 && $GOTnew_definitions["you"]["user_donation_total"] > 0) $li = "
    • You have made $user_donations_src donation".($user_donations_src?'s totalling':' for').' $'.$GOTnew_definitions["you"]["user_donation_total"].".
    • "; } } else $innerHTML = "
    • Your Installation Key is not registered!
    • "; asort($GOTnew_definitions); if (serialize($GOTnew_definitions) == serialize($GLOBALS["GOTMLS"]["tmp"]["definitions_array"])) unset($GOTnew_definitions); else { $debug = substr(serialize($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]), 0, 9)." ".md5(serialize($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]))." ".strlen(serialize($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]))." ".substr(serialize($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]), -9)." = ".substr(serialize($GOTnew_definitions), 0, 9)." ".md5(serialize($GOTnew_definitions))." ".strlen(serialize($GOTnew_definitions)." ".substr(serialize($GOTnew_definitions), -9)); $GLOBALS["GOTMLS"]["tmp"]["definitions_array"] = $GOTnew_definitions; $GLOBALS["GOTMLS"]["tmp"]["onLoad"] .= "updates_complete('New Definitions Automatically Installed :-)');"; } $finJS .= "\nif (divNAtext)\n\tloadGOTMLS();\nelse\n\tdivNAtext = setTimeout('loadGOTMLS()', 4000);"; $finJS .= "\nif (typeof stopCheckingDefinitions !== 'undefined')\n\tclearTimeout(stopCheckingDefinitions);"; } else $innerHTML = "
    • $GLOBALS["GOTMLS"]["get_URL"])))."', 'Definition_Updates');\\\">Automatic Update Connection Failed!
    • "; if (isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["backdoor"])) unset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["backdoor"]); } else $innerHTML = "
    • ".GOTMLS_Invalid_Nonce("Nonce Error")."
    • "; if (isset($GOTnew_definitions) && is_array($GOTnew_definitions)) { $GLOBALS["GOTMLS"]["tmp"]["definitions_array"] = GOTMLS_array_replace($GLOBALS["GOTMLS"]["tmp"]["definitions_array"], $GOTnew_definitions); if (file_exists(GOTMLS_plugin_path.'definitions_update.txt')) @unlink(GOTMLS_plugin_path.'definitions_update.txt'); $saved = GOTMLS_update_option('definitions', $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]); $_REQUEST["check"] = array(); foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"] as $threat_level=>$definition_names) { if ($threat_level != "potential") $_REQUEST["check"][] = $threat_level; foreach ($definition_names as $definition_name=>$definition_version) if (is_array($definition_version) && isset($definition_version[0]) && strlen($definition_version[0]) == 5) if (!isset($GOTMLS_definitions_versions[$threat_level]) || $definition_version[0] > $GOTMLS_definitions_versions[$threat_level]) $GOTMLS_definitions_versions[$threat_level] = $definition_version[0]; } $GLOBALS["GOTMLS"]["log"]["settings"]["check"] = $_REQUEST["check"]; $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"] = $_REQUEST["check"]; asort($GOTMLS_definitions_versions); $autoUpJS .= '(Newest Definition Updates Installed.)'; } elseif ($form != 'registerKeyForm') { $form = 'autoUpdateDownload'; $autoUpJS .= '(No newer Definition Updates are available at this time.)'; $innerHTML .= "
    • No Newer Definition Updates Available.
    • "; } if (isset($_SERVER["SCRIPT_FILENAME"]) && preg_match('/\/admin-ajax\.php/i', $_SERVER["SCRIPT_FILENAME"]) && isset($_REQUEST["action"]) && $_REQUEST["action"] == "GOTMLS_auto_update") { if (!$user_donations_src) $li = "
    • You have not donated yet!
    • "; if (strlen($moreJS) == 0) $moreJS = 'if (foundUpdates = document.getElementById("check_wp_core_div_NA")) foundUpdates.innerHTML = "Donate $29+ now then enable Automatic Definition Updates to Scan for Core Files changes.";'; $moreJS .= "\n\tif (foundUpdates = document.getElementById('pastDonations'))\n\tfoundUpdates.innerHTML = '$li';"; @header("Content-type: text/javascript"); if (is_array($GOTMLS_definitions_versions) && count($GOTMLS_definitions_versions) && (strlen($new_ver = trim(array_pop($GOTMLS_definitions_versions))) == 5) && $saved) { $innerHTML .= "
    • New Definition Updates Installed.
    • "; $finJS .= "\nif (foundUpdates = document.getElementById('GOTMLS_definitions_date')) foundUpdates.innerHTML = '$new_ver';"; } elseif (is_array($GOTnew_definitions) && count($GOTnew_definitions)) $finJS .= "\nalert('Definition update $new_ver could not be saved because update_option Failed! $debug');"; if (isset($_REQUEST["UPDATE_core"]) && ($_REQUEST["UPDATE_core"] == GOTMLS_wp_version) && isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"][GOTMLS_wp_version])) { foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"][$_REQUEST["UPDATE_core"]] as $file => $md5) { if (is_file(ABSPATH.$file)) { $GLOBALS["GOTMLS"]["tmp"]["file_contents"] = file_get_contents(ABSPATH.$file); if (GOTMLS_check_threat($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"], ABSPATH.$file)) { if (isset($GLOBALS["GOTMLS"]["tmp"]["new_contents"]) && isset($_REQUEST["UPDATE_restore"]) && (md5($GLOBALS["GOTMLS"]["tmp"]["new_contents"])."O".strlen($GLOBALS["GOTMLS"]["tmp"]["new_contents"]) == $_REQUEST["UPDATE_restore"])) $autoUpJS .= "
    • Core File Restored: $file
    • "; else $autoUpJS .= "
    • Core File MODIFIED: $file (".md5($GLOBALS["GOTMLS"]["tmp"]["file_contents"])."O".strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"])." => $md5)
    • "; } } else $autoUpJS .= "
    • Core File MISSING: $file
    • "; } $autoUpJS .= '
      Definition update: '.$_REQUEST["UPDATE_core"].' checked '.count($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"][$_REQUEST["UPDATE_core"]]).' core files!
      '; } die('//'.$innerHTML.'
    "+inc_form; function setDivNAtext() { var foundUpdates; '.$moreJS.$finJS.' if (foundUpdates = document.getElementById("UPDATE_definitions_div")) foundUpdates.innerHTML = \''.$autoUpJS.'\'; //]]>'); } $GLOBALS["GOTMLS"]["tmp"]["Definition"]["Updates"] = '?div=Definition_Updates'; foreach ($GOTMLS_definitions_versions as $definition_name=>$GLOBALS["GOTMLS"]["tmp"]["Definition"]["Latest"]) $GLOBALS["GOTMLS"]["tmp"]["Definition"]["Updates"] .= "&def[$definition_name]=".$GLOBALS["GOTMLS"]["tmp"]["Definition"]["Latest"]; if (isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["you"]["user_email"]) && strlen($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["you"]["user_email"]) == 32) $GLOBALS["GOTMLS"]["tmp"]["Definition"]["Updates"] .= "&def[you]=".$GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["you"]["user_email"]; } add_action('wp_ajax_GOTMLS_auto_update', 'GOTMLS_update_definitions'); function GOTMLS_settings() { global $wpdb, $GOTMLS_dirs_at_depth, $GOTMLS_dir_at_depth; $GOTMLS_scan_groups = array(); $gt = ">"; $lt = "<"; GOTMLS_update_definitions(); if (($GOTMLS_nonce_found = GOTMLS_get_nonce()) && isset($_REQUEST["check"]) && is_array($_REQUEST["check"])) $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"] = $_REQUEST["check"]; /* removed old code */ if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"])) { $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"] = $GLOBALS["GOTMLS"]["tmp"]["threat_levels"]; update_option("GOTMLS_settings_array", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]); } $dirs = GOTMLS_explode_dir(__FILE__); for ($SL=0;$SL 0) $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"] = preg_split('/[\s]*([,]+[\s]*)+/', trim(str_replace('.', ',', htmlentities($_POST["exclude_ext"]))), -1, PREG_SPLIT_NO_EMPTY); else $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"] = array(); } $default_exclude_ext = str_replace(",gotmls", "", implode(",", $GLOBALS["GOTMLS"]["tmp"]["skip_ext"])); $GLOBALS["GOTMLS"]["tmp"]["skip_ext"] = $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"]; if (isset($_POST["UPDATE_definitions_checkbox"])) { if (isset($_POST[$_POST["UPDATE_definitions_checkbox"]]) && strlen(trim(" ".$_POST[$_POST["UPDATE_definitions_checkbox"]]))) $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["auto_UPDATE_definitions"] = $_POST[$_POST["UPDATE_definitions_checkbox"]]; else $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["auto_UPDATE_definitions"] = ""; } if (isset($_POST["exclude_dir"])) { if (strlen(trim(str_replace(",","",$_POST["exclude_dir"]).' ')) > 0) $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_dir"] = preg_split('/[\s]*([,]+[\s]*)+/', trim(htmlentities($_POST["exclude_dir"])), -1, PREG_SPLIT_NO_EMPTY); else $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_dir"] = array(); for ($d=0; $d $GLOBALS["GOTMLS"]["tmp"]["settings_array"])); $scan_whatopts = ''; $scan_optjs = "\n{$lt}script type=\"text/javascript\"$gt\nfunction showOnly(what) {\n"; foreach ($GOTMLS_scan_groups as $mg => $GOTMLS_scan_group) { $scan_optjs .= "document.getElementById('only$mg').style.display = 'none';\n"; $scan_whatopts = "\n$lt/div$gt\n$lt/div$gt\n$scan_whatopts"; $dir = implode(GOTMLS_slash(), array_slice($dirs, 0, -1 * (2 + $mg))); $files = GOTMLS_getfiles($dir); if (is_array($files)) foreach ($files as $file) if (is_dir(GOTMLS_trailingslashit($dir).$file)) $scan_whatopts = $lt.'input type="checkbox" name="scan_only[]" value="'.htmlentities($file).'" /'.$gt.htmlentities($file).$lt.'br /'.$gt.$scan_whatopts; $scan_whatopts = "\n$lt".'div style="padding: 4px 30px;" id="scan_group_div_'.$mg.'"'.$gt.$lt.'input type="radio" name="scan_what" id="not-only'.$mg.'" value="'.$mg.'"'.($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_what"]==$mg?' checked':'').' /'.$gt.$lt.'a style="text-decoration: none;" href="#scan_what" onclick="showOnly(\''.$mg.'\');document.getElementById(\'not-only'.$mg.'\').checked=true;"'."$gt$GOTMLS_scan_group$lt/a$gt{$lt}br /$gt\n$lt".'div class="rounded-corners" style="position: absolute; display: none; background-color: #CCF; margin: 0; padding: 10px; z-index: 10;" id="only'.$mg.'"'.$gt.$lt.'div style="padding-bottom: 6px;"'.$gt.GOTMLS_close_button('only'.$mg, 0).$lt.'b'.$gt.str_replace(" ", " ", __("Only Scan These Folders:",'gotmls')).$lt.'/b'.$gt.$lt.'/div'.$gt.$scan_whatopts; } $scan_optjs .= "document.getElementById('only'+what).style.display = 'block';\n}"; if (isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["auto_UPDATE_definitions"]) && strlen(trim(" ".$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["auto_UPDATE_definitions"]))) $scan_optjs .= "\nfunction auto_UPDATE_check() {\n\tif (auto_UPdef_check = document.getElementById('auto_UPDATE_definitions_".$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["auto_UPDATE_definitions"]."'))\n\t\tauto_UPdef_check.checked = true;\n}\nif (window.addEventListener)\n\twindow.addEventListener('load', auto_UPDATE_check)\nelse\n\tdocument.attachEvent('onload', auto_UPDATE_check);\n"; $scan_optjs .= "$lt/script$gt"; $GOTMLS_nonce_URL = GOTMLS_set_nonce(__FUNCTION__."853"); $scan_opts = "\n$lt".'form method="POST" id="GOTMLS_Form" name="GOTMLS_Form"'.$gt.$lt.'input type="hidden" name="'.str_replace('=', '" value="', $GOTMLS_nonce_URL).'"'.$gt.$lt.'input type="hidden" name="scan_type" id="scan_type" value="Complete Scan" /'.$gt.$lt.'div style="float: right;"'.$gt.$lt.'input type="submit" id="complete_scan" value="'.__("Run Complete Scan",'gotmls').'" class="button-primary" onclick="document.getElementById(\'scan_type\').value=\'Complete Scan\';" /'.$gt.$lt.'/div'.$gt.' '.$lt.'div style="float: left;"'.$gt.$lt.'p'.$gt.$lt.'b'.$gt.__("What to look for:",'gotmls').$lt.'/b'.$gt.$lt.'/p'.$gt.' '.$lt.'div style="padding: 0 30px;"'.$gt; $cInput = '"'.$gt.$lt.'input'; $pCheck = "$cInput checked"; $kCheck = ""; foreach ($GLOBALS["GOTMLS"]["tmp"]["threat_levels"] as $threat_level_name=>$threat_level) { $scan_opts .= $lt.'div id="check_'.$threat_level.'_div" style="padding: 0; position: relative;'; if (($threat_level != "wp_core" && isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"][$threat_level])) || isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"][$threat_level][GOTMLS_wp_version])) { if ($threat_level != "potential" && in_array($threat_level,$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"])) { $pCheck = " display: none;$cInput"; $scan_opts .= "$cInput checked"; } elseif ($threat_level == "potential") $scan_opts .= $pCheck; else $scan_opts .= $cInput; if ($threat_level != "potential") $kCheck .= ",'$threat_level'"; $scan_opts .= ' type="checkbox" onchange="pCheck(this);" name="check[]" id="check_'.$threat_level.'_Yes" value="'.$threat_level.'" /'.$gt.' '.$lt.'a style="text-decoration: none;" href="#check_'.$threat_level.'_div_0" onclick="document.getElementById(\'check_'.$threat_level.'_Yes\').checked=true;pCheck(document.getElementById(\'check_'.$threat_level.'_Yes\'));showhide(\'dont_check_'.$threat_level.'\');"'."$gt{$lt}b$gt$threat_level_name$lt/b$gt$lt/a$gt\n"; if (isset($_GET["SESSION"])) { $scan_opts .= "\n$lt".'div style="padding: 0 20px; position: relative; top: -18px; display: none;" id="dont_check_'.$threat_level.'"'.$gt.$lt.'a class="rounded-corners" style="position: absolute; left: 0; margin: 0; padding: 0 4px; text-decoration: none; color: #C00; background-color: #FCC; border: solid #F00 1px;" href="#check_'.$threat_level.'_div_0" onclick="showhide(\'dont_check_'.$threat_level.'\');"'.$gt.'X'.$lt.'/a'.$gt; foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"][$threat_level] as $threat_name => $threat_regex) $scan_opts .= $lt."br /$gt\n$lt".'input type="checkbox" name="dont_check[]" value="'.htmlspecialchars($threat_name).'"'.(in_array($threat_name, $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"])?' checked /'.$gt.$lt.'script'.$gt.'showhide("dont_check_'.$threat_level.'", true);'.$lt.'/script'.$gt:' /'.$gt).(isset($_SESSION["GOTMLS_debug"][$threat_name])?$lt.'div style="float: right;"'.$gt.print_r($_SESSION["GOTMLS_debug"][$threat_name],1)."$lt/div$gt":"").htmlspecialchars($threat_name); $scan_opts .= "\n$lt/div$gt"; } } else $scan_opts .= $lt.'a title="'.__("Download Definition Updates to Use this feature",'gotmls').'"'.$gt.$lt.'img src="'.GOTMLS_images_path.'blocked.gif" height=16 width=16 alt="X"'.$gt.$lt.'b'.$gt.'  '.$threat_level_name.$lt.'/b'.$gt.$lt.'br /'.$gt.$lt.'div style="padding: 14px;" id="check_'.$threat_level.'_div_NA"'.$gt.$lt.'span style="color: #F00"'.$gt.__("Download the new definitions (Right sidebar) to activate this feature.",'gotmls')."$lt/span$gt$lt/div$gt"; $scan_opts .= "\n$lt/div$gt"; } $scan_opts .= $lt.'/div'.$gt.$lt.'/div'.$gt.' '.$lt.'div style="float: left;"'.$gt.$lt.'p'.$gt.$lt.'b'.$gt.__("What to scan:",'gotmls').$lt.'/b'.$gt.$lt.'/p'.$gt.$scan_whatopts.$scan_optjs.$lt.'/div'.$gt.' '.$lt.'div style="float: left;" id="scanwhatfolder"'.$gt.$lt.'/div'.$gt.' '.$lt.'div style="float: left;"'.$gt.$lt.'p'.$gt.$lt.'b'.$gt.__("Scan Depth:",'gotmls').$lt.'/b'.$gt.$lt.'/p'.$gt.' '.$lt.'div style="padding: 0 30px;"'.$gt.$lt.'input type="text" value="'.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_depth"].'" name="scan_depth" size="5"'.$gt.$lt.'br /'.$gt.__("how far to drill down",'gotmls').$lt.'br /'.$gt.'('.__("-1 is infinite depth",'gotmls').')'.$lt.'/div'.$gt.$lt.'/div'.$gt.$lt.'br style="clear: left;"'.$gt; if (isset($_GET["SESSION"]) && isset($_SESSION["GOTMLS_debug"]['total'])) {$scan_opts .= $lt.'div style="float: right;"'.$gt.print_r($_SESSION["GOTMLS_debug"]['total'],1)."$lt/div$gt"; unset($_SESSION["GOTMLS_debug"]);} if (isset($_GET["eli"])) {//still testing this option $scan_opts .= "\n$lt".'div style="padding: 10px;"'.$gt.$lt.'p'.$gt.$lt.'b'.$gt.__("Custom RegExp:",'gotmls').$lt.'/b'.$gt.' ('.__("For very advanced users only. Do not use this without talking to Eli first. If used incorrectly you could easily break your site.",'gotmls').')'.$lt.'/p'.$gt.$lt.'input type="text" name="check_custom" style="width: 100%;" value="'.htmlspecialchars($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check_custom"]).'" /'."$gt$lt/div$gt\n"; } $QuickScan = $lt.((is_dir(dirname(__FILE__)."/../../../wp-includes") && is_dir(dirname(__FILE__)."/../../../wp-admin"))?'a href="'.admin_url("admin.php?page=GOTMLS-settings&scan_type=Quick+Scan&$GOTMLS_nonce_URL").'" class="button-primary" style="height: 22px; line-height: 13px; padding: 3px;">WP_Coreget_var("SELECT `option_value` FROM `$wpdb->options` WHERE `option_name` = 'blogname'")); $title_tagline .= "$lt/li$gt$lt"."li$gt Tagline: ".htmlspecialchars($wpdb->get_var("SELECT `option_value` FROM `$wpdb->options` WHERE `option_name` = 'blogdescription'")); if (preg_match('/h[\@a]ck[3e]d.*by/is', $title_tagline)) echo $lt.'div class="error"'.$gt.sprintf(__("Your Site Title or Tagline suggests that you may have been hacked ...%sThis could impact the indexing of your site and may even lead to blacklisting. You can change those options on the %sGeneral Settings$lt/a$gt page.",'gotmls'), "$title_tagline$lt/li$gt", $lt.'a href="'.admin_url("options-general.php").'"'.$gt)."$lt/div$gt"; @ob_start(); $OB_default_handlers = array("default output handler", "zlib output compression"); $OB_handlers = @ob_list_handlers(); if (is_array($OB_handlers) && count($OB_handlers)) foreach ($OB_handlers as $OB_last_handler) if (!in_array($OB_last_handler, $OB_default_handlers)) echo $lt.'div class="error"'.$gt.sprintf(__("Another Plugin or Theme is using '%s' to handle output buffers.
    This prevents actively outputing the buffer on-the-fly and could severely degrade the performance of this (and many other) Plugins.
    Consider disabling caching and compression plugins (at least during the scanning process).",'gotmls'), $OB_last_handler)."$lt/div$gt"; GOTMLS_display_header(); $scan_groups = array_merge(array(__("Scanned Files",'gotmls')=>"scanned",__("Selected Folders",'gotmls')=>"dirs",__("Scanned Folders",'gotmls')=>"dir",__("Skipped Folders",'gotmls')=>"skipdirs",__("Skipped Files",'gotmls')=>"skipped",__("Read/Write Errors",'gotmls')=>"errors",__("Quarantined Files",'gotmls')=>"bad"), $GLOBALS["GOTMLS"]["tmp"]["threat_levels"]); echo $lt.'script type="text/javascript"> var percent = 0; function pCheck(chkb) { var kCheck = ['.trim($kCheck,",").']; chk = true; for (var i = 0; i < kCheck.length; i++) { var chkbox = document.getElementById("check_"+kCheck[i]+"_Yes"); if (chkbox && chkb.id == "check_potential_Yes" && chkb.checked == false) { chk = false; chkbox.checked = true; } else if (chkbox && chkbox.checked) { chk = false; } } if (chkbox = document.getElementById("check_potential_Yes")) chkbox.checked = chk; if (chk) { document.getElementById("check_potential_div").style.display = "block"; alert("If you do not select any other threat types, then only potential threats will be found and the automatic fix will not be available!"); } else document.getElementById("check_potential_div").style.display = "none"; } function changeFavicon(percent) { var oldLink = document.getElementById("wait_gif"); if (oldLink) { if (percent >= 100) { document.getElementsByTagName("head")[0].removeChild(oldLink); var link = document.createElement("link"); link.id = "wait_gif"; link.type = "image/gif"; link.rel = "shortcut icon"; var threats = '.implode(" + ", array_merge($GLOBALS["GOTMLS"]["tmp"]["threat_levels"], array(__("Potential Threats",'gotmls')=>"errors",__("WP-Login Updates",'gotmls')=>"errors"))).'; if (threats > 0) { if ((errors * 2) == threats) linkhref = "blocked"; else linkhref = "threat"; } else linkhref = "checked"; link.href = "'.GOTMLS_images_path.'"+linkhref+".gif"; document.getElementsByTagName("head")[0].appendChild(link); } } else { var icons = document.getElementsByTagName("link"); var link = document.createElement("link"); link.id = "wait_gif"; link.type = "image/gif"; link.rel = "shortcut icon"; link.href = "'.GOTMLS_images_path.'wait.gif"; // document.head.appendChild(link); document.getElementsByTagName("head")[0].appendChild(link); } } function update_status(title, time) { sdir = (dir+direrrors); if (arguments[2] >= 0 && arguments[2] <= 100) percent = arguments[2]; else percent = Math.floor((sdir*100)/dirs); scan_state = "6F6"; if (percent == 100) { showhide("pause_button", true); showhide("pause_button"); title = "'.$lt.'b'.$gt.__("Scan Complete!",'gotmls').$lt.'/b'.$gt.'"; } else scan_state = "99F"; changeFavicon(percent); if (sdir) { if (arguments[2] >= 0 && arguments[2] <= 100) timeRemaining = Math.ceil(((time-startTime)*(100/percent))-(time-startTime)); else timeRemaining = Math.ceil(((time-startTime)*(dirs/sdir))-(time-startTime)); if (timeRemaining > 59) timeRemaining = Math.ceil(timeRemaining/60)+" Minute"; else timeRemaining += " Second"; if (timeRemaining.substr(0, 2) != "1 ") timeRemaining += "s"; } else timeRemaining = "Calculating Time"; timeElapsed = Math.ceil(time); if (timeElapsed > 59) timeElapsed = Math.floor(timeElapsed/60)+" Minute"; else timeElapsed += " Second"; if (timeElapsed.substr(0, 2) != "1 ") timeElapsed += "s"; divHTML = \''.$lt.'div align="center" style="vertical-align: middle; background-color: #ccc; z-index: 3; height: 18px; width: 100%; border: solid #000 1px; position: relative; padding: 10px 0;"'.$gt.$lt.'div style="height: 18px; padding: 10px 0; position: absolute; top: 0px; left: 0px; background-color: #\'+scan_state+\'; width: \'+percent+\'%"'.$gt.$lt.'/div'.$gt.$lt.'div style="height: 32px; position: absolute; top: 3px; left: 10px; z-index: 5; line-height: 16px;" align="left"'.$gt.'\'+sdir+" Folder"+(sdir==1?"":"s")+" Checked'.$lt.'br /'.$gt.'"+timeElapsed+\' Elapsed'.$lt.'/div'.$gt.$lt.'div style="height: 38px; position: absolute; top: 0px; left: 0px; width: 100%; z-index: 5; line-height: 38px; font-size: 30px; text-align: center;"'.$gt.'\'+percent+\'%'.$lt.'/div'.$gt.$lt.'div style="height: 32px; position: absolute; top: 3px; right: 10px; z-index: 5; line-height: 16px;" align="right"'.$gt.'\'+(dirs-sdir)+" Folder"+((dirs-sdir)==1?"":"s")+" Remaining'.$lt.'br /'.$gt.'"+timeRemaining+" Remaining'.$lt.'/div'.$gt.$lt.'/div'.$gt.'"; document.getElementById("status_bar").innerHTML = divHTML; document.getElementById("status_text").innerHTML = title; dis="none"; divHTML = \''.$lt.'ul style="float: right; margin: 0 20px; text-align: right;"'.$gt.'\'; /*'.$lt.'!--*'.'/'; $MAX = 0; $vars = "var i, intrvl, direrrors=0"; $fix_button_js = ""; $found = ""; $li_js = "return false;"; if (isset($_REQUEST["scan_type"]) && $_REQUEST["scan_type"] == "Quick Scan") { $GLOBALS["GOTMLS"]["log"]["settings"]["check"] = array(); foreach ($GLOBALS["GOTMLS"]["tmp"]["threat_levels"] as $check) if ($check != "potential") $GLOBALS["GOTMLS"]["log"]["settings"]["check"][] = $check; } foreach ($scan_groups as $scan_name => $scan_group) { if ($MAX++ == 6) { $quarantineCountOnly = GOTMLS_get_quarantine(true); $vars .= ", $scan_group=$quarantineCountOnly"; echo "/*--{$gt}*"."/\n\tif ($scan_group > 0)\n\t\tscan_state = ' potential'; \n\telse\n\t\tscan_state = '';\n\tdivHTML += '
    • '+$scan_group+' '+($scan_group==1?('$scan_name').slice(0,-1):'$scan_name')+'
    • ';\n/*{$lt}!--*"."/"; $found = "Found "; $fix_button_js = "\n\t\tdis='block';"; } else { $val = 0; if ($found && !in_array($scan_group, $GLOBALS["GOTMLS"]["log"]["settings"]["check"])) $potential_threat = ' potential" title="'.GOTMLS_strip4java(__("You are not currently scanning for this type of threat!",'gotmls')); else $potential_threat = ""; $vars .= ", $scan_group=$val"; echo "/*--{$gt}*"."/\n\tif ($scan_group > 0) {\n\t\tscan_state = ' href=\"#found_$scan_group\" onclick=\"$li_js showhide(\\'found_$scan_group\\', true);\" class=\"GOTMLS_plugin $scan_group\"';$fix_button_js".($MAX>6?"\n\tshowhide('found_$scan_group', true);":"")."\n\t} else\n\t\tscan_state = ' class=\"GOTMLS_plugin$potential_threat\"';\n\tdivHTML += '';\n/*{$lt}!--*"."/"; } $li_js = ""; if ($MAX > 11) $fix_button_js = ""; } $ScanSettings = $lt.'div style="float: right;"'.$gt.GOTMLS_Run_Quick_Scan_LANGUAGE.": $QuickScan$lt/div$gt".GOTMLS_Scan_Settings_LANGUAGE; echo "/*--{$gt}*".'/ document.getElementById("status_counts").innerHTML = divHTML+"'.$lt.'/ul'.$gt.'"; document.getElementById("fix_button").style.display = dis; } '.$vars.'; function showOnly(what) { document.getElementById("only_what").innerHTML = document.getElementById("only"+what).innerHTML; } var startTime = 0; '.$lt.'/script'.$gt.GOTMLS_box($ScanSettings, $scan_opts); $Settings_Saved = "\n{$lt}div onclick=\"this.style.display='none';\" style='position: relative; top: -50px; margin: 0 300px 0 130px;' class='updated'$gt\nSettings Saved!$lt/div$gt\n";//script type='text/javascript'$gt\nalert('Settings Saved!');\n$lt/script$gt\n"; if (isset($_REQUEST["scan_type"]) && $_REQUEST["scan_type"] == "Save") { if ($GOTMLS_nonce_found) { update_option('GOTMLS_settings_array', $GLOBALS["GOTMLS"]["tmp"]["settings_array"]); echo $Settings_Saved; } else echo GOTMLS_box(GOTMLS_Invalid_Nonce(""), __("Saving these settings requires a valid Nonce Token. No valid Nonce Token was found at this time, either because the token have expired or because the data was invalid. Please try re-submitting the form above.",'gotmls')."\n{$lt}script type='text/javascript'$gt\nalert('".GOTMLS_Invalid_Nonce("")."');\n$lt/script$gt\n"); echo GOTMLS_box(__("Scan Logs",'gotmls'), GOTMLS_get_scanlog()); } elseif (isset($_REQUEST["scan_what"]) && is_numeric($_REQUEST["scan_what"]) && ($_REQUEST["scan_what"] > -1)) { if ($GOTMLS_nonce_found) { update_option('GOTMLS_settings_array', $GLOBALS["GOTMLS"]["tmp"]["settings_array"]); $GLOBALS["GOTMLS"]["log"]["settings"]["check"] = array(); GOTMLS_update_scan_log(array("settings" => $GLOBALS["GOTMLS"]["tmp"]["settings_array"])); $cleadCache = false; if (function_exists('is_plugin_active')) { if (function_exists('wp_cache_clear_cache')) { wp_cache_clear_cache(); $cleadCache = true; } if (function_exists('w3tc_pgcache_flush')) { w3tc_pgcache_flush(); $cleadCache = true; } if (class_exists('WpFastestCache')) { $newCache = new WpFastestCache(); $newCache->deleteCache(); $cleadCache = true; } } if ($cleadCache) str_replace("Settings Saved!", "Cache Cleared and Settings Saved!", $Settings_Saved); echo $Settings_Saved; if (!isset($_REQUEST["scan_type"])) $_REQUEST["scan_type"] = "Complete Scan"; elseif ($_REQUEST["scan_type"] == "Quick Scan") { $li_js = "\nfunction testComplete() {\n\tif (percent != 100)\n\t\talert('".__("The Quick Scan was unable to finish because of a shortage of memory or a problem accessing a file. Please try using the Complete Scan, it is slower but it will handle these errors better and continue scanning the rest of the files.",'gotmls')."');\n}\nwindow.onload=testComplete;\n$lt/script$gt\n$lt".'script type="text/javascript"'.$gt; $GLOBALS["GOTMLS"]["log"]["settings"]["check"] = array(); foreach ($GLOBALS["GOTMLS"]["tmp"]["threat_levels"] as $check) if ($check != "potential") $GLOBALS["GOTMLS"]["log"]["settings"]["check"][] = $check; } echo "\n$lt".'form method="POST" action="'.admin_url('admin-ajax.php?'.GOTMLS_set_nonce(__FUNCTION__."1314")).(isset($_SERVER["QUERY_STRING"])&&strlen($_SERVER["QUERY_STRING"])?"&".$_SERVER["QUERY_STRING"]:"").'" target="GOTMLS_iFrame" name="GOTMLS_Form_clean"'.$gt.$lt.'input type="hidden" name="action" value="GOTMLS_fix"'.$gt.$lt.'input type="hidden" id="GOTMLS_fixing" name="GOTMLS_fixing" value="1"'.$gt; foreach ($_POST as $name => $value) { if (substr($name, 0, 10) != 'GOTMLS_fix') { if (is_array($value)) { foreach ($value as $val) echo $lt.'input type="hidden" name="'.$name.'[]" value="'.htmlspecialchars($val).'"'.$gt; } else echo $lt.'input type="hidden" name="'.$name.'" value="'.htmlspecialchars($value).'"'.$gt; } } echo "\n$lt".'script type="text/javascript"'.$gt.'showhide("inside_'.md5($ScanSettings).'");'.$lt.'/script'.$gt.GOTMLS_box(htmlspecialchars($_REQUEST["scan_type"]).' Status', $lt.'div id="status_text"'.$gt.$lt.'img src="'.GOTMLS_images_path.'wait.gif" height=16 width=16 alt="..."'.$gt.' '.GOTMLS_Loading_LANGUAGE.$lt.'/div'.$gt.$lt.'div id="status_bar"'.$gt.$lt.'/div'.$gt.$lt.'p id="pause_button" style="display: none; position: absolute; left: 0; text-align: center; margin-left: -30px; padding-left: 50%;"'.$gt.$lt.'input type="button" value="Pause" class="button-primary" onclick="pauseresume(this);" id="resume_button" /'.$gt.$lt.'/p'.$gt.$lt.'div id="status_counts"'.$gt.$lt.'/div'.$gt.$lt.'p id="fix_button" style="display: none; text-align: center;"'.$gt.$lt.'input id="repair_button" type="submit" value="'.GOTMLS_Automatically_Fix_LANGUAGE.'" class="button-primary" onclick="loadIframe(\'Examine Results\');" /'.$gt.$lt.'/p'.$gt); $scan_groups_UL = ""; foreach ($scan_groups as $scan_name => $scan_group) $scan_groups_UL .= "\n{$lt}ul name=\"found_$scan_group\" id=\"found_$scan_group\" class=\"GOTMLS_plugin $scan_group\" style=\"background-color: #ccc; display: none; padding: 0;\"$gt{$lt}a class=\"rounded-corners\" name=\"link_$scan_group\" style=\"float: right; padding: 0 4px; margin: 5px 5px 0 30px; line-height: 16px; text-decoration: none; color: #C00; background-color: #FCC; border: solid #F00 1px;\" href=\"#found_top\" onclick=\"showhide('found_$scan_group');\"{$gt}X$lt/a$gt{$lt}h3$gt$scan_name$lt/h3$gt\n".($scan_group=='potential'?$lt.'p'.$gt.'   * '.__("NOTE: These are probably not malicious scripts (but it's a good place to start looking IF your site is infected and no Known Threats were found).",'gotmls').$lt.'/p'.$gt:($scan_group=='wp_core'?$lt.'p'.$gt.'   * '.sprintf(__("NOTE: We have detected changes to the WordPress Core files on your site. This could be an intentional modification or the malicious work of a hacker. We can restore these files to their original state to preserve the integrity of your original WordPress %s installation.",'gotmls'), GOTMLS_wp_version).' (for more info '.$lt.'a target="_blank" href="http://gotmls.net/tag/wp-core-files/"'.$gt.__("read my blog",'gotmls').$lt.'/a'.$gt.').'.$lt.'/p'.$gt:$lt.'br /'.$gt)).$lt.'/ul'.$gt; if (!($dir = implode(GOTMLS_slash(), array_slice($dirs, 0, -1 * (2 + $_REQUEST["scan_what"]))))) $dir = "/"; GOTMLS_update_scan_log(array("scan" => array("dir" => $dir, "start" => time(), "type" => htmlentities($_REQUEST["scan_type"])))); echo GOTMLS_box($lt.'div id="GOTMLS_scan_dir" style="float: right;"'.$gt.' ('.$GLOBALS["GOTMLS"]["log"]["scan"]["dir"].") $lt/div$gt".__("Scan Details:",'gotmls'), $scan_groups_UL); $no_flush_LANGUAGE = __("Not flushing OB Handlers: %s",'gotmls'); if (isset($_REQUEST["no_ob_end_flush"])) echo $lt.'div class="error"'.$gt.sprintf($no_flush_LANGUAGE, print_r(ob_list_handlers(), 1))."$lt/div$gt\n"; elseif (is_array($OB_handlers) && count($OB_handlers)) { // $GOTMLS_OB_handlers = get_option("GOTMLS_OB_handlers", array()); foreach (array_reverse($OB_handlers) as $OB_handler) { if (isset($GOTMLS_OB_handlers[$OB_handler]) && $GOTMLS_OB_handlers[$OB_handler] == "no_end_flush") echo $lt.'div class="error"'.$gt.sprintf($no_flush_LANGUAGE, $OB_handler)."$lt/div$gt\n"; elseif (in_array($OB_handler, $OB_default_handlers)) { // $GOTMLS_OB_handlers[$OB_handler] = "no_end_flush"; // update_option("GOTMLS_OB_handlers", $GOTMLS_OB_handlers); @ob_end_flush(); // $GOTMLS_OB_handlers[$OB_handler] = "ob_end_flush"; // update_option("GOTMLS_OB_handlers", $GOTMLS_OB_handlers); } } } @ob_start(); echo "\n{$lt}script type=\"text/javascript\"$gt$li_js\n/*{$lt}!--*"."/"; if (is_dir($dir)) { $GOTMLS_dirs_at_depth[0] = 1; $GOTMLS_dir_at_depth[0] = 0; if (isset($_REQUEST['scan_only']) && is_array($_REQUEST['scan_only'])) { $GOTMLS_dirs_at_depth[0] += (count($_REQUEST['scan_only']) - 1); foreach ($_REQUEST['scan_only'] as $only_dir) if (is_dir(GOTMLS_trailingslashit($dir).$only_dir)) GOTMLS_readdir(GOTMLS_trailingslashit($dir).$only_dir); } else GOTMLS_readdir($dir); } else echo GOTMLS_return_threat("errors", "blocked", $dir, GOTMLS_error_link("Not a valid directory!")); if ($_REQUEST["scan_type"] == "Quick Scan") echo GOTMLS_update_status(__("Completed!",'gotmls'), 100); else { echo GOTMLS_update_status(__("Starting Scan ...",'gotmls')); if (isset($GLOBALS["GOTMLS"]["log"]["settings"]["check"]) && is_array($GLOBALS["GOTMLS"]["log"]["settings"]["check"]) && in_array("db_scan", $GLOBALS["GOTMLS"]["log"]["settings"]["check"])) GOTMLS_db_scan(); echo "/*--{$gt}*"."/\nvar scriptSRC = '".admin_url('admin-ajax.php?action=GOTMLS_scan&'.GOTMLS_set_nonce(__FUNCTION__."1087").'&mt='.$GLOBALS["GOTMLS"]["tmp"]["mt"].preg_replace('/\&(GOTMLS_scan|mt|GOTMLS_mt|action)=/', '&last_\1=', isset($_SERVER["QUERY_STRING"])&&strlen($_SERVER["QUERY_STRING"])?"&".$_SERVER["QUERY_STRING"]:"").'&GOTMLS_scan=')."';\nvar scanfilesArKeys = new Array('".implode("','", array_keys($GLOBALS["GOTMLS"]["tmp"]["scanfiles"]))."');\nvar scanfilesArNames = new Array('Scanning ".implode("','Scanning ", $GLOBALS["GOTMLS"]["tmp"]["scanfiles"])."');".' var scanfilesI = 0; var stopScanning; var gotStuckOn = ""; function scanNextDir(gotStuck) { clearTimeout(stopScanning); if (gotStuck > -1) { if (scanfilesArNames[gotStuck].substr(0, 3) != "Re-") { if (scanfilesArNames[gotStuck].substr(0, 9) == "Checking ") { scanfilesArNames.push(scanfilesArNames[gotStuck]); scanfilesArKeys.push(scanfilesArKeys[gotStuck]+"&GOTMLS_skip_file[]="+encodeURIComponent(scanfilesArNames[gotStuck].substr(9))); } else { scanfilesArNames.push("Re-"+scanfilesArNames[gotStuck]); scanfilesArKeys.push(scanfilesArKeys[gotStuck]+"&GOTMLS_only_file="); } } else { scanfilesArNames.push("Got Stuck "+scanfilesArNames[gotStuck]); scanfilesArKeys.push(scanfilesArKeys[gotStuck]+"&GOTMLS_skip_dir="+scanfilesArKeys[gotStuck]); } } if (document.getElementById("resume_button").value != "Pause") { stopScanning=setTimeout("scanNextDir(-1)", 1000); startTime++; } else if (scanfilesI < scanfilesArKeys.length) { document.getElementById("status_text").innerHTML = scanfilesArNames[scanfilesI]; var newscript = document.createElement("script"); newscript.setAttribute("src", scriptSRC+scanfilesArKeys[scanfilesI]); divx = document.getElementById("found_scanned"); if (divx) divx.appendChild(newscript); stopScanning=setTimeout("scanNextDir("+(scanfilesI++)+")",'.$GLOBALS["GOTMLS"]["tmp"]['execution_time'].'000); } } startTime = ('.ceil(time()-$GLOBALS["GOTMLS"]["log"]["scan"]["start"]).'+3); stopScanning=setTimeout("scanNextDir(-1)",3000); function pauseresume(butt) { if (butt.value == "Resume") butt.value = "Pause"; else butt.value = "Resume"; } showhide("pause_button", true);'."\n/*{$lt}!--*"."/"; } if (@ob_get_level()) { GOTMLS_flush('script'); @ob_end_flush(); } echo "/*--{$gt}*"."/\n$lt/script$gt"; } else echo GOTMLS_box(GOTMLS_Invalid_Nonce(""), __("Starting a Complete Scan requires a valid Nonce Token. No valid Nonce Token was found at this time, either because the token have expired or because the data was invalid. Please try re-submitting the form above.",'gotmls')."\n{$lt}script type='text/javascript'$gt\nalert('".GOTMLS_Invalid_Nonce("")."');\n$lt/script$gt\n"); } else echo GOTMLS_box(__("Scan Logs",'gotmls'), GOTMLS_get_scanlog()); echo "\n$lt/div$gt$lt/div$gt$lt/div$gt"; } function GOTMLS_login_form($form_id = "loginform") { $sess = time(); $ajaxURL = admin_url("admin-ajax.php?action=GOTMLS_logintime&GOTMLS_sess="); echo '\n";//GOTMLS_login_script.onload = set_offset_id(); } add_action("login_form", "GOTMLS_login_form"); function GOTMLS_ajax_logintime() { @header("Content-type: text/javascript"); $sess = (false && isset($_GET["GOTMLS_sess"]) && is_numeric($_GET["GOTMLS_sess"])) ? htmlspecialchars($_GET["sess"]) : time(); die("\n//Permission Error: User not authenticated!\nvar GOTMLS_login_offset = new Date();\nvar GOTMLS_login_offset_start = GOTMLS_login_offset.getTime() - ".$sess."000;\nfunction set_offset_id() {\n\tGOTMLS_login_offset = new Date();\n\tif (form_login = document.getElementById('offset_id'))\n\t\tform_login.value = GOTMLS_login_offset.getTime() - GOTMLS_login_offset_start;\n\tsetTimeout(set_offset_id, 15673);\n}\nset_offset_id();"); } add_action('wp_ajax_nopriv_GOTMLS_logintime', 'GOTMLS_ajax_logintime'); add_action('wp_ajax_GOTMLS_logintime', 'GOTMLS_ajax_logintime'); function GOTMLS_ajax_lognewkey() { @header("Content-type: text/javascript"); if (GOTMLS_get_nonce()) { if (isset($_POST["GOTMLS_installation_key"]) && ($_POST["GOTMLS_installation_key"] == GOTMLS_installation_key)) { $keys = maybe_unserialize(get_option('GOTMLS_Installation_Keys', array())); if (is_array($keys)) { $count = count($keys); if (!array_key_exists(GOTMLS_installation_key, $keys)) $keys = array_merge($keys, array(GOTMLS_installation_key => GOTMLS_siteurl)); } else $keys = array(GOTMLS_installation_key => GOTMLS_siteurl); update_option("GOTMLS_Installation_Keys", serialize($keys)); die("\n//$count~".count($keys)); } else die("\n//0"); } else die(GOTMLS_Invalid_Nonce("\n//Log New Key Error: ")."\n"); } add_action('wp_ajax_GOTMLS_lognewkey', 'GOTMLS_ajax_lognewkey'); add_action('wp_ajax_nopriv_GOTMLS_lognewkey', 'GOTMLS_ajax_nopriv'); function GOTMLS_set_plugin_action_links($links_array, $plugin_file) { if ($plugin_file == substr(str_replace("\\", "/", __FILE__), (-1 * strlen($plugin_file))) && strlen($plugin_file) > 10) $links_array = array_merge(array(''.GOTMLS_Scan_Settings_LANGUAGE.''), $links_array); return $links_array; } add_filter("plugin_action_links", "GOTMLS_set_plugin_action_links", 1, 2); function GOTMLS_set_plugin_row_meta($links_array, $plugin_file) { if ($plugin_file == substr(str_replace("\\", "/", __FILE__), (-1 * strlen($plugin_file))) && strlen($plugin_file) > 10) $links_array = array_merge($links_array, array('FAQ','Support','Donate')); return $links_array; } add_filter("plugin_row_meta", "GOTMLS_set_plugin_row_meta", 1, 2); function GOTMLS_in_plugin_update_message($args) { $transient_name = 'GOTMLS_upgrade_notice_'.$args["Version"].'_'.$args["new_version"]; if ((false === ($upgrade_notice = get_transient($transient_name))) && ($ret = GOTMLS_get_URL("https://plugins.svn.wordpress.org/gotmls/trunk/readme.txt"))) { $upgrade_notice = ''; if ($match = preg_split('/==\s*Upgrade Notice\s*==\s+/i', $ret)) { if (preg_match('/\n+=\s*'.str_replace(".", "\\.", GOTMLS_Version).'\s*=\s+/is', $match[1])) $notice = (array) preg_split('/\n+=\s*'.str_replace(".", "\\.", GOTMLS_Version).'\s*=\s+/is', $match[1]); else $notice = (array) preg_split('/\n+=/is', $match[1]."\n="); $upgrade_notice .= '
      '.preg_replace('/=\s*([\.0-9]+)\s*=\s*([^=]+)/i', '
    • ${1}: ${2}
    • ', preg_replace('~\[([^\]]*)\]\(([^\)]*)\)~', '${1}', $notice[0])).'
      '; set_transient($transient_name, $upgrade_notice, DAY_IN_SECONDS); } } echo $upgrade_notice; } add_action("in_plugin_update_message-gotmls/index.php", "GOTMLS_in_plugin_update_message"); function GOTMLS_init() { global $wp_version; if (isset($wp_version) && ($wp_version)) GOTMLS_define("GOTMLS_wp_version", $wp_version); else GOTMLS_define("GOTMLS_wp_version", "Not Set"); if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_what"])) $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_what"] = 2; if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_depth"])) $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_depth"] = -1; if (isset($_REQUEST["scan_type"]) && ($_REQUEST["scan_type"] == "Quick Scan")) { if (!isset($_REQUEST["scan_what"])) $_REQUEST["scan_what"] = 2; if (!isset($_REQUEST["scan_depth"])) $_REQUEST["scan_depth"] = 2; if (!isset($_REQUEST["scan_only"])) $_REQUEST["scan_only"] = array("","wp-includes","wp-admin"); if ($_REQUEST["scan_only"] && !is_array($_REQUEST["scan_only"])) $_REQUEST["scan_only"] = array($_REQUEST["scan_only"]); } if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check_custom"])) $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check_custom"] = ""; if (isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"]) && is_numeric($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"])) $scan_level = intval($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"]); else $scan_level = count(explode('/', trailingslashit(GOTMLS_siteurl))) - 1; if (GOTMLS_get_nonce()) { if (isset($_REQUEST["dont_check"]) && is_array($_REQUEST["dont_check"]) && count($_REQUEST["dont_check"])) $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"] = $_REQUEST["dont_check"]; elseif (isset($_POST["scan_type"]) || !(isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"]))) $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"] = array(); if (isset($_POST["scan_level"]) && is_numeric($_POST["scan_level"])) $scan_level = intval($_POST["scan_level"]); if (isset($scan_level) && is_numeric($scan_level)) $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"] = intval($scan_level); } if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"])) $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"] = count(explode('/', trailingslashit(GOTMLS_siteurl))) - 1; } add_action("admin_init", "GOTMLS_init"); function GOTMLS_ajax_position() { if (GOTMLS_get_nonce()) { $GLOBALS["GOTMLS_msg"] = __("Default position",'gotmls'); $properties = array("body" => 'style="margin: 0; padding: 0;"'); if (isset($_GET["GOTMLS_msg"]) && $_GET["GOTMLS_msg"] == $GLOBALS["GOTMLS_msg"]) { $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"] = $GLOBALS["GOTMLS"]["tmp"]["default"]["msg_position"]; $gl = '><'; $properties["html"] = $gl.'head'.$gl.'script type="text/javascript"> if (curDiv = window.parent.document.getElementById("div_file")) { curDiv.style.left = "'.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][0].'"; curDiv.style.top = "'.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][1].'"; curDiv.style.height = "'.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][2].'"; curDiv.style.width = "'.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][3].'"; } array("body" => htmlentities($_GET["GOTMLS_msg"]).' '.__("saved.",'gotmls').(implode($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"]) == implode($GLOBALS["GOTMLS"]["tmp"]["default"]["msg_position"])?"":' ['.$GLOBALS["GOTMLS_msg"].']'))), $properties)); } else die(GOTMLS_Invalid_Nonce("\n//Position Error: ")."\n"); } add_action('wp_ajax_GOTMLS_position', 'GOTMLS_ajax_position'); function GOTMLS_ajax_empty_trash() { global $wpdb; $gl = '><'; if (GOTMLS_get_nonce()) { if ($trashed = $wpdb->query("DELETE FROM $wpdb->posts WHERE `post_type` = 'GOTMLS_quarantine' AND `post_status` != 'private'")) { $wpdb->query("REPAIR TABLE $wpdb->posts"); $trashmsg = __("Emptied $trashed item from the quarantine trash.",'gotmls'); } else $trashmsg = __("Failed to empty the trash.",'gotmls'); } else $trashmsg = GOTMLS_Invalid_Nonce(""); $properties = array("html" => $gl.'head'.$gl."script type='text/javascript'>\nif (curDiv = window.parent.document.getElementById('empty_trash_link'))\n\tcurDiv.style.display = 'none';\nalert('$trashmsg');\n 'style="margin: 0; padding: 0;"'); die(GOTMLS_html_tags(array("html" => array("body" => $trashmsg)), $properties)); } add_action('wp_ajax_GOTMLS_empty_trash', 'GOTMLS_ajax_empty_trash'); function GOTMLS_ajax_whitelist() { if (GOTMLS_get_nonce()) { if (isset($_POST['GOTMLS_whitelist']) && isset($_POST['GOTMLS_chksum'])) { $file = GOTMLS_decode($_POST['GOTMLS_whitelist']); $chksum = explode("O", $_POST['GOTMLS_chksum']."O"); if (strlen($chksum[0]) == 32 && strlen($chksum[1]) == 32 && is_file($file) && md5(@file_get_contents($file)) == $chksum[0]) { $filesize = @filesize($file); if (true) { if (!isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"][$file][0])) $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"][$file][0] = "A0002"; $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"][$file][$chksum[0].'O'.$filesize] = "A0002"; } else unset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"][$file]); GOTMLS_update_option("definitions", $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]); $body = "Added $file to Whitelist!
      \n"; } else $body = "
    • Invalid Data!
    • "; die(GOTMLS_html_tags(array("html" => array("body" => $body)))); } else die("\n//Whitelist Error: Invalid checksum!\n"); } else die(GOTMLS_Invalid_Nonce("\n//Whitelist Error: ")."\n"); } add_action('wp_ajax_GOTMLS_whitelist', 'GOTMLS_ajax_whitelist'); function GOTMLS_ajax_fix() { if (GOTMLS_get_nonce()) { if (isset($_POST["GOTMLS_fix"]) && !is_array($_POST["GOTMLS_fix"])) $_POST["GOTMLS_fix"] = array($_POST["GOTMLS_fix"]); if (isset($_REQUEST["GOTMLS_fix"]) && is_array($_REQUEST["GOTMLS_fix"]) && isset($_REQUEST["GOTMLS_fixing"]) && $_REQUEST["GOTMLS_fixing"]) { GOTMLS_update_scan_log(array("settings" => $GLOBALS["GOTMLS"]["tmp"]["settings_array"])); $callAlert = "clearTimeout(callAlert);\ncallAlert=setTimeout('alert_repaired(1)', 30000);"; $li_js = "\n\n\n"; $li_js = "\n"; $li_js = "\n"; $li_js = "\n$HTML[1]"); } else die(GOTMLS_html_tags(array("html" => array("body" => "".__("Done!",'gotmls'))))); } else die(GOTMLS_html_tags(array("html" => array("body" => "".__("Done!",'gotmls'))))); } add_action('wp_ajax_GOTMLS_fix', 'GOTMLS_ajax_fix'); function GOTMLS_ajax_scan() { if (GOTMLS_get_nonce()) { @error_reporting(0); if (isset($_GET["GOTMLS_scan"])) { $script_form = '
      $GLOBALS["GOTMLS"]["tmp"]["threats_found"])); foreach ($GLOBALS["GOTMLS"]["tmp"]["threats_found"] as $threats_found => $threats_name) { list($start, $end, $junk) = explode("-", "$threats_found--", 3); if (strlen($end) > 0 && is_numeric($start) && is_numeric($end)) { if ($start < $end) $fa .= ' ['.$f++.']'; else $fa .= ' ['.$f++.']'; } else { if (is_numeric($threats_found)) { $threats_found = $threats_name; $threats_name = $f; } $fpos = 0; $flen = 0; $potential_threat = str_replace("\r", "", $threats_found); while (($fpos = strpos(str_replace("\r", "", $GLOBALS["GOTMLS"]["tmp"]["file_contents"]), ($potential_threat), $flen + $fpos)) !== false) { $flen = strlen($potential_threat); $fa .= ' ['.$f++.']'; } } } } //else echo "excerpt:".$Q_post["post_excerpt"]; die("\n$script_form".admin_url('admin-ajax.php?'.GOTMLS_set_nonce(__FUNCTION__."1779")).'" onsubmit="return confirm(\''.__("Are you sure you want to delete the record of this file from the quarantine?",'gotmls').'\');">
      '.__("File Details:",'gotmls').' ('.$fa.' )
      '); } else die(GOTMLS_html_tags(array("html" => array("body" => __("This record no longer exists in the quarantine.",'gotmls')."
      \n")))); } else { $file = GOTMLS_decode($_GET["GOTMLS_scan"]); if (is_numeric($file)) die("\n$script_form".GOTMLS_db_scan($file)); elseif (is_dir($file)) { @error_reporting(0); @header("Content-type: text/javascript"); if (isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"])) $GLOBALS["GOTMLS"]["tmp"]["skip_ext"] = $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"]; @ob_start(); echo GOTMLS_scandir($file); if (@ob_get_level()) { GOTMLS_flush(); @ob_end_flush(); } die('//END OF JavaScript'); } elseif (file_exists($file)) { GOTMLS_scanfile($file); $fa = ""; $function = 'GOTMLS_decode'; if (isset($_GET[$function]) && is_array($_GET[$function])) { foreach ($_GET[$function] as $decode) { $fa .= " NO-$decode"; } } elseif (isset($GLOBALS["GOTMLS"]["tmp"]["threats_found"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["threats_found"]) && count($GLOBALS["GOTMLS"]["tmp"]["threats_found"])) { $f = 1; foreach ($GLOBALS["GOTMLS"]["tmp"]["threats_found"] as $threats_found => $threats_name) { list($start, $end, $junk) = explode("-", "$threats_found--", 3); if ($start > $end) $fa .= 'ERROR['.($f++).']: Threat_size{'.$threats_found.'} Content_size{'.strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]).'}'; else $fa .= ' ['.$f++.']'; } } else $fa = " No Threats Found"; die("\n$script_form".admin_url('admin-ajax.php?'.GOTMLS_set_nonce(__FUNCTION__."1821")).'" onsubmit="return confirm(\''.__("Are you sure this file is not infected and you want to ignore it in future scans?",'gotmls').'\');">
      '.__("Potential threats in file:",'gotmls').' ('.$fa.' )
      '); } else die(GOTMLS_html_tags(array("html" => array("body" => sprintf(__("The file %s does not exist, it must have already been deleted.",'gotmls'), htmlspecialchars($file))."")))); } } else die("\n//Directory Error: Nothing to scan!\n"); } else { if (isset($_GET["GOTMLS_scan"]) && is_dir(GOTMLS_decode($_GET["GOTMLS_scan"]))) @header("Content-type: text/javascript"); die(GOTMLS_Invalid_Nonce("\n//Ajax Scan Error: ")."\n"); } } add_action('wp_ajax_GOTMLS_scan', 'GOTMLS_ajax_scan'); function GOTMLS_ajax_nopriv() { die("\n//Permission Error: User not authenticated!\n"); } add_action('wp_ajax_nopriv_GOTMLS_scan', 'GOTMLS_ajax_nopriv'); add_action('wp_ajax_nopriv_GOTMLS_position', 'GOTMLS_ajax_nopriv'); add_action('wp_ajax_nopriv_GOTMLS_fix', 'GOTMLS_ajax_nopriv'); add_action('wp_ajax_nopriv_GOTMLS_whitelist', 'GOTMLS_ajax_nopriv'); add_action('wp_ajax_nopriv_GOTMLS_empty_trash', 'GOTMLS_ajax_nopriv'); add_action('wp_ajax_nopriv_GOTMLS_auto_update', 'GOTMLS_update_definitions'); add_action("plugins_loaded", "GOTMLS_loaded"); add_action("admin_notices", "GOTMLS_admin_notices"); add_action("admin_menu", "GOTMLS_menu"); add_action("network_admin_menu", "GOTMLS_menu");