Beispiel #1
0
function GOTMLS_View_Quarantine()
{
    GOTMLS_display_header();
    echo GOTMLS_box($Q_Page = __("White-lists", 'gotmls'), GOTMLS_get_whitelists());
    if (!isset($_GET['Whitelists'])) {
        echo "\n<script>\nshowhide('inside_" . md5($Q_Page) . "');\n</script>\n";
    }
    echo GOTMLS_box($Q_Page = __("Quarantine", 'gotmls'), GOTMLS_get_quarantine());
    if (isset($_GET['Scanlog'])) {
        echo "\n<script>\nshowhide('inside_" . md5($Q_Page) . "');\n</script>\n";
    }
    echo GOTMLS_box(__("Scan Logs", 'gotmls'), GOTMLS_get_scanlog());
    echo "\n</div></div></div>";
}
function GOTMLS_ajax_scan()
{
    if (GOTMLS_get_nonce()) {
        @error_reporting(0);
        if (isset($_GET["GOTMLS_scan"])) {
            @set_time_limit($GLOBALS["GOTMLS"]["tmp"]['execution_time'] - 5);
            $decode_list = array("Base64" => '/base64_decode\\([\'"]([0-9\\+\\/\\=a-z]+)[\'"]\\)/', "Hex" => '/(\\\\(x[0-9a-f]{2}|[0-9]{1,3}))/');
            if (is_numeric($_GET["GOTMLS_scan"])) {
                if (($Q_post = GOTMLS_get_quarantine($_GET["GOTMLS_scan"])) && isset($Q_post["post_type"]) && $Q_post["post_type"] == "GOTMLS_quarantine" && isset($Q_post["post_status"]) && $Q_post["post_status"] == "private") {
                    $clean_file = $Q_post["post_title"];
                    $GLOBALS["GOTMLS"]["tmp"]["file_contents"] = GOTMLS_decode($Q_post["post_content"]);
                    $fa = "";
                    $function = 'GOTMLS_decode';
                    if (isset($_GET[$function]) && is_array($_GET[$function])) {
                        foreach ($_GET[$function] as $decode) {
                            if (isset($decode_list[$decode])) {
                                $GLOBALS["GOTMLS"]["tmp"]["file_contents"] = preg_replace($decode_list[$decode] . substr($GLOBALS["GOTMLS"]["tmp"]["default_ext"], 0, 2), $function . $decode . '("\\1")', $GLOBALS["GOTMLS"]["tmp"]["file_contents"]);
                                $fa .= " {$decode} decoded";
                            } else {
                                $fa .= " NO-{$decode}";
                            }
                        }
                    } elseif (isset($Q_post["post_excerpt"]) && strlen($Q_post["post_excerpt"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["threats_found"] = @maybe_unserialize(GOTMLS_decode($Q_post["post_excerpt"])))) {
                        $f = 1;
                        //print_r(array("excerpt:"=>$GLOBALS["GOTMLS"]["tmp"]["threats_found"]));
                        foreach ($GLOBALS["GOTMLS"]["tmp"]["threats_found"] as $threats_found => $threats_name) {
                            list($start, $end, $junk) = explode("-", "{$threats_found}--", 3);
                            if (strlen($end) > 0 && is_numeric($start) && is_numeric($end)) {
                                if ($start < $end) {
                                    $fa .= ' <a title="' . htmlspecialchars($threats_name) . '" href="javascript:select_text_range(\'ta_file\', ' . $start . ', ' . $end . ');">[' . $f++ . ']</a>';
                                } else {
                                    $fa .= ' <a title="' . htmlspecialchars($threats_name) . '" href="javascript:select_text_range(\'ta_file\', ' . $end . ', ' . $start . ');">[' . $f++ . ']</a>';
                                }
                            } else {
                                if (is_numeric($threats_found)) {
                                    $threats_found = $threats_name;
                                    $threats_name = $f;
                                }
                                $fpos = 0;
                                $flen = 0;
                                $potential_threat = str_replace("\r", "", $threats_found);
                                while (($fpos = strpos(str_replace("\r", "", $GLOBALS["GOTMLS"]["tmp"]["file_contents"]), $potential_threat, $flen + $fpos)) !== false) {
                                    $flen = strlen($potential_threat);
                                    $fa .= ' <a title="' . htmlspecialchars($threats_name) . '" href="javascript:select_text_range(\'ta_file\', ' . $fpos . ', ' . ($fpos + $flen) . ');">[' . $f++ . ']</a>';
                                }
                            }
                        }
                    }
                    //else echo "excerpt:".$Q_post["post_excerpt"];
                    foreach ($decode_list as $decode => $regex) {
                        if (preg_match($regex . substr($GLOBALS["GOTMLS"]["tmp"]["default_ext"], 0, 1), $GLOBALS["GOTMLS"]["tmp"]["file_contents"])) {
                            $fa .= ' <a href="' . GOTMLS_script_URI . '&' . $function . '[]=' . $decode . '">decode[' . $decode . ']</a>';
                        }
                    }
                    die("\n" . '<script type="text/javascript">
		function select_text_range(ta_id, start, end) {
		ta_element = document.getElementById(ta_id);
		ta_element.focus();
		if(ta_element.setSelectionRange)
		   ta_element.setSelectionRange(start, end);
		else {
		   var r = ta_element.createTextRange();
		   r.collapse(true);
		   r.moveEnd(\'character\', end);
		   r.moveStart(\'character\', start);
		   r.select();   
		}
		}
		window.parent.showhide("GOTMLS_iFrame", true);
		</script><table style="top: 0px; left: 0px; width: 100%; height: 100%; position: absolute;"><tr><td style="width: 100%"><form style="margin: 0;" method="post" action="' . admin_url('admin-ajax.php?' . GOTMLS_set_nonce(__FUNCTION__ . "1522")) . '" onsubmit="return confirm(\'' . __("Are you sure you want to delete this file from the quarantine?", 'gotmls') . '\');"><input type="hidden" name="GOTMLS_fix[]" value="' . $Q_post["ID"] . '"><input type="hidden" name="GOTMLS_fixing" value="2"><input type="hidden" name="action" value="GOTMLS_fix"><input type="submit" value="DELETE from Quarantine" style="background-color: #C00; float: right;"></form><div id="fileperms" class="shadowed-box rounded-corners" style="display: none; position: absolute; left: 8px; top: 29px; background-color: #ccc; border: medium solid #C00; box-shadow: -3px 3px 3px #666; border-radius: 10px; padding: 10px;"><b>File Details</b><br />encoding: ' . (function_exists("mb_detect_encoding") ? mb_detect_encoding($GLOBALS["GOTMLS"]["tmp"]["file_contents"]) : "Unknown") . '<br />size: ' . strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]) . ' bytes<br />infected:' . $Q_post["post_modified_gmt"] . '<br />quarantined:' . $Q_post["post_date_gmt"] . '</div><div style="overflow: auto;"><span onmouseover="document.getElementById(\'fileperms\').style.display=\'block\';" onmouseout="document.getElementById(\'fileperms\').style.display=\'none\';">' . __("File Details:", 'gotmls') . '</span> (' . $fa . ' )</div></td></tr><tr><td style="height: 100%"><textarea id="ta_file" style="width: 100%; height: 100%">' . htmlentities(str_replace("\r", "", $GLOBALS["GOTMLS"]["tmp"]["file_contents"])) . '</textarea></td></tr></table>');
                } else {
                    die(GOTMLS_html_tags(array("html" => array("body" => __("This file no longer exists in the quarantine.", 'gotmls') . "<br />\n<script type=\"text/javascript\">\nwindow.parent.showhide('GOTMLS_iFrame', true);\n</script>"))));
                }
            } else {
                $file = GOTMLS_decode($_GET["GOTMLS_scan"]);
                if (is_dir($file)) {
                    @error_reporting(0);
                    @header("Content-type: text/javascript");
                    if (isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"])) {
                        $GLOBALS["GOTMLS"]["tmp"]["skip_ext"] = $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"];
                    }
                    @ob_start();
                    echo GOTMLS_scandir($file);
                    if (@ob_get_level()) {
                        GOTMLS_flush();
                        @ob_end_flush();
                    }
                    die('//END OF JavaScript');
                } else {
                    if (!file_exists($file)) {
                        die(GOTMLS_html_tags(array("html" => array("body" => sprintf(__("The file %s does not exist, it must have already been deleted.", 'gotmls'), $file) . "<script type=\"text/javascript\">\nwindow.parent.showhide('GOTMLS_iFrame', true);\n</script>"))));
                    } else {
                        GOTMLS_scanfile($file);
                        $fa = "";
                        $function = 'GOTMLS_decode';
                        if (isset($_GET[$function]) && is_array($_GET[$function])) {
                            foreach ($_GET[$function] as $decode) {
                                if (isset($decode_list[$decode])) {
                                    $GLOBALS["GOTMLS"]["tmp"]["file_contents"] = preg_replace($decode_list[$decode] . substr($GLOBALS["GOTMLS"]["tmp"]["default_ext"], 0, 2), $function . $decode . '("\\1")', $GLOBALS["GOTMLS"]["tmp"]["file_contents"]);
                                    $fa .= " {$decode} decoded";
                                } else {
                                    $fa .= " NO-{$decode}";
                                }
                            }
                        } elseif (isset($GLOBALS["GOTMLS"]["tmp"]["threats_found"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["threats_found"]) && count($GLOBALS["GOTMLS"]["tmp"]["threats_found"])) {
                            $f = 1;
                            foreach ($GLOBALS["GOTMLS"]["tmp"]["threats_found"] as $threats_found => $threats_name) {
                                list($start, $end, $junk) = explode("-", "{$threats_found}--", 3);
                                if ($start > $end) {
                                    $fa .= 'ERROR[' . $f++ . ']: Threat_size{' . $threats_found . '} Content_size{' . strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]) . '}';
                                } else {
                                    $fa .= ' <a title="' . htmlspecialchars($threats_name) . '" href="javascript:select_text_range(\'ta_file\', ' . $start . ', ' . $end . ');">[' . $f++ . ']</a>';
                                }
                            }
                        } else {
                            $fa = " No Threats Found";
                        }
                        foreach ($decode_list as $decode => $regex) {
                            if (preg_match($regex . substr($GLOBALS["GOTMLS"]["tmp"]["default_ext"], 0, 1), $GLOBALS["GOTMLS"]["tmp"]["file_contents"])) {
                                $fa .= ' <a href="' . GOTMLS_script_URI . '&' . $function . '[]=' . $decode . '">decode[' . $decode . ']</a>';
                            }
                        }
                        die("\n" . '<script type="text/javascript">
		function select_text_range(ta_id, start, end) {
			ta_element = document.getElementById(ta_id);
			ta_element.focus();
			if(ta_element.setSelectionRange)
			   ta_element.setSelectionRange(start, end);
			else {
			   var r = ta_element.createTextRange();
			   r.collapse(true);
			   r.moveEnd(\'character\', end);
			   r.moveStart(\'character\', start);
			   r.select();   
			}
		}
		window.parent.showhide("GOTMLS_iFrame", true);
		</script><table style="top: 0px; left: 0px; width: 100%; height: 100%; position: absolute;"><tr><td style="width: 100%"><form style="margin: 0;" method="post" action="' . admin_url('admin-ajax.php?' . GOTMLS_set_nonce(__FUNCTION__ . "1583")) . '" onsubmit="return confirm(\'' . __("Are you sure this file is not infected and you want to ignore it in future scans?", 'gotmls') . '\');"><input type="hidden" name="GOTMLS_whitelist" value="' . GOTMLS_encode($file) . '"><input type="hidden" name="action" value="GOTMLS_whitelist"><input type="hidden" name="GOTMLS_chksum" value="' . md5($GLOBALS["GOTMLS"]["tmp"]["file_contents"]) . 'O' . GOTMLS_installation_key . '"><input type="submit" value="Whitelist this file" style="float: right;"></form><div id="fileperms" class="shadowed-box rounded-corners" style="display: none; position: absolute; left: 8px; top: 29px; background-color: #ccc; border: medium solid #C00; box-shadow: -3px 3px 3px #666; border-radius: 10px; padding: 10px;"><b>File Details</b><br />encoding: ' . (function_exists("mb_detect_encoding") ? mb_detect_encoding($GLOBALS["GOTMLS"]["tmp"]["file_contents"]) : "Unknown") . '<br />size: ' . strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]) . ' (' . filesize($file) . 'bytes)<br />permissions: ' . GOTMLS_fileperms($file) . '<br />modified:' . date(" Y-m-d H:i:s ", filemtime($file)) . '<br />changed:' . date(" Y-m-d H:i:s ", filectime($file)) . '</div><div style="overflow: auto;"><span onmouseover="document.getElementById(\'fileperms\').style.display=\'block\';" onmouseout="document.getElementById(\'fileperms\').style.display=\'none\';">' . __("Potential threats in file:", 'gotmls') . '</span> (' . $fa . ' )</div></td></tr><tr><td style="height: 100%"><textarea id="ta_file" style="width: 100%; height: 100%">' . htmlentities(str_replace("\r", "", $GLOBALS["GOTMLS"]["tmp"]["file_contents"])) . '</textarea></td></tr></table>');
                    }
                }
            }
        } else {
            die("\n//Directory Error: Nothing to scan!\n");
        }
    } else {
        if (isset($_GET["GOTMLS_scan"]) && is_dir(GOTMLS_decode($_GET["GOTMLS_scan"]))) {
            @header("Content-type: text/javascript");
        }
        die(GOTMLS_Invalid_Nonce("\n//Ajax Scan Error: ") . "\n");
    }
}