Beispiel #1
0
function GOTMLS_init()
{
    global $GOTMLS_onLoad, $wp_version, $wpdb, $GOTMLS_threats_found, $GOTMLS_file_contents;
    if (GOTMLS_user_can()) {
        if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_what"])) {
            $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_what"] = 2;
        }
        if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_depth"])) {
            $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_depth"] = -1;
        }
        if (isset($_REQUEST["scan_type"]) && $_REQUEST["scan_type"] == "Quick Scan") {
            if (!isset($_REQUEST["scan_what"])) {
                $_REQUEST["scan_what"] = 2;
            }
            if (!isset($_REQUEST["scan_depth"])) {
                $_REQUEST["scan_depth"] = 2;
            }
            if (!(isset($_POST["scan_only"]) && is_array($_POST["scan_only"]))) {
                $_POST["scan_only"] = array("", "wp-content/plugins", "wp-content/themes");
            }
        }
        //$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check_custom"] = stripslashes($_POST["check_custom"]);
        if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check_custom"])) {
            $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check_custom"] = "";
        }
        if (isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"]) && is_numeric($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"])) {
            $scan_level = intval($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"]);
        } else {
            $scan_level = count(explode('/', trailingslashit(get_option("siteurl")))) - 1;
        }
        if (isset($_REQUEST["dont_check"]) && is_array($_REQUEST["dont_check"]) && count($_REQUEST["dont_check"])) {
            $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"] = $_REQUEST["dont_check"];
        } elseif (isset($_POST["scan_type"]) || !(isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"]))) {
            $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"] = array();
        }
        if ($array = get_option('GOTMLS_definitions_array')) {
            if (is_array($array)) {
                $GLOBALS["GOTMLS"]["tmp"]["definitions_array"] = $array;
            }
        } else {
            $wpdb->query("DELETE FROM {$wpdb->options} WHERE `option_name` LIKE 'GOTMLS_known_%' OR `option_name` LIKE 'GOTMLS_definitions_array_%'");
            array_walk($GLOBALS["GOTMLS"]["tmp"]["settings_array"], "GOTMLS_reset_settings");
        }
        $GOTMLS_definitions_versions = array();
        foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"] as $threat_level => $definition_names) {
            foreach ($definition_names as $definition_name => $definition_version) {
                if (is_array($definition_version) && isset($definition_version[0]) && strlen($definition_version[0]) == 5) {
                    if (!isset($GOTMLS_definitions_versions[$threat_level]) || $definition_version[0] > $GOTMLS_definitions_versions[$threat_level]) {
                        $GOTMLS_definitions_versions[$threat_level] = $definition_version[0];
                    }
                }
            }
        }
        if (isset($_POST["UPDATE_definitions_array"]) && strlen($_POST["UPDATE_definitions_array"])) {
            if (strlen($_POST["UPDATE_definitions_array"]) > 1) {
                $GOTnew_definitions = maybe_unserialize(GOTMLS_decode($_POST["UPDATE_definitions_array"]));
                if (is_array($GOTnew_definitions)) {
                    $GOTMLS_onLoad .= "updates_complete('Downloaded Definitions');";
                }
            } elseif (($DEF = GOTMLS_get_URL(GOTMLS_update_home . 'definitions.php?ver=' . GOTMLS_Version . '&wp=' . $wp_version . '&ts=' . date("YmdHis") . '&d=' . ur1encode(GOTMLS_siteurl))) && ($GOT_definitions = GOTMLS_decode($DEF)) != serialize($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]) && is_array($GOTnew_definitions = maybe_unserialize($GOT_definitions)) && count($GOTnew_definitions)) {
                if (!(isset($_REQUEST["check"]) && is_array($_REQUEST["check"]))) {
                    $_REQUEST["check"] = array();
                }
                foreach ($GOTnew_definitions as $threat_level => $definition_names) {
                    if (!isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["{$threat_level}"]) && !(is_array($GLOBALS["GOTMLS"]["tmp"]["settings"]["check"]) && in_array("{$threat_level}", $GLOBALS["GOTMLS"]["tmp"]["settings"]["check"])) && !in_array("{$threat_level}", $_REQUEST["check"])) {
                        $_REQUEST["check"][] = "{$threat_level}";
                    }
                }
                $GLOBALS["GOTMLS"]["tmp"]["definitions_array"] = $GOTnew_definitions;
                $GOTnew_definitions = array();
                $GOTMLS_onLoad .= "updates_complete('New Definitions Automatically Installed :-)');";
            } else {
                $GOTnew_definitions = "";
            }
        }
        //elseif (file_exists(GOTMLS_plugin_path.'definitions_update.txt'))	$GOTnew_definitions = maybe_unserialize(GOTMLS_decode(file_get_contents(GOTMLS_plugin_path.'definitions_update.txt')));
        if (isset($GOTnew_definitions) && is_array($GOTnew_definitions)) {
            $GLOBALS["GOTMLS"]["tmp"]["definitions_array"] = GOTMLS_array_replace_recursive($GLOBALS["GOTMLS"]["tmp"]["definitions_array"], $GOTnew_definitions);
            if (file_exists(GOTMLS_plugin_path . 'definitions_update.txt')) {
                @unlink(GOTMLS_plugin_path . 'definitions_update.txt');
            }
            if (isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"])) {
                unset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"]);
            }
            update_option('GOTMLS_definitions_array', $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]);
            foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"] as $threat_level => $definition_names) {
                foreach ($definition_names as $definition_name => $definition_version) {
                    if (is_array($definition_version) && isset($definition_version[0]) && strlen($definition_version[0]) == 5) {
                        if (!isset($GOTMLS_definitions_versions[$threat_level]) || $definition_version[0] > $GOTMLS_definitions_versions[$threat_level]) {
                            $GOTMLS_definitions_versions[$threat_level] = $definition_version[0];
                        }
                    }
                }
            }
        }
        asort($GOTMLS_definitions_versions);
        $GLOBALS["GOTMLS"]["tmp"]["Definition"]["Updates"] = '?div=Definition_Updates';
        foreach ($GOTMLS_definitions_versions as $definition_name => $GLOBALS["GOTMLS"]["tmp"]["Definition"]["Latest"]) {
            $GLOBALS["GOTMLS"]["tmp"]["Definition"]["Updates"] .= "&ver[{$definition_name}]=" . $GLOBALS["GOTMLS"]["tmp"]["Definition"]["Latest"];
        }
        if (isset($_REQUEST["check"]) && is_array($_REQUEST["check"])) {
            $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"] = $_REQUEST["check"];
        }
        /*	$threat_names = array_keys($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"]);
        		foreach ($threat_names as $threat_name) {
        			if (isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"][$threat_name]) && is_array($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"][$threat_name]) && count($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"][$threat_name]) > 1) {
        				if ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"][$threat_name][0] > $GOTMLS_definitions_version)
        					$GOTMLS_definitions_version = $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"][$threat_name][0];
        				if (!(count($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"]) && in_array($threat_name, $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"]))) {
        					$GLOBALS["GOTMLS"]["tmp"]["threat_levels"][$threat_name] = count($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"][$threat_name]);
        					if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"]) && $GLOBALS["GOTMLS"]["tmp"]["threat_levels"][$threat_name] > 2)
        						$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"] = "known";
        				}
        			}
        		}*/
        if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"])) {
            $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"] = $GLOBALS["GOTMLS"]["tmp"]["threat_levels"];
            update_option("GOTMLS_settings_array", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]);
        }
        if (isset($_POST["GOTMLS_fix"]) && !is_array($_POST["GOTMLS_fix"])) {
            $_POST["GOTMLS_fix"] = array($_POST["GOTMLS_fix"]);
        }
        GOTMLS_update_scan_log(array("settings" => $GLOBALS["GOTMLS"]["tmp"]["settings_array"]));
        if (isset($_POST['GOTMLS_whitelist']) && isset($_POST['GOTMLS_chksum'])) {
            $file = GOTMLS_decode($_POST['GOTMLS_whitelist']);
            $chksum = explode("O", $_POST['GOTMLS_chksum'] . "O");
            if (strlen($chksum[0]) == 32 && strlen($chksum[1]) == 32 && is_file($file) && md5(@file_get_contents($file)) == $chksum[0]) {
                $filesize = @filesize($file);
                if (true) {
                    if (!isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"][$file][0])) {
                        $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"][$file][0] = "A0002";
                    }
                    $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"][$file][$chksum[0] . 'O' . $filesize] = "A0002";
                } else {
                    unset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"][$file]);
                }
                update_option("GOTMLS_definitions_array", $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]);
                die(GOTMLS_html_tags(array("html" => array("body" => "Added {$file} to Whitelist!<br />\n<iframe style='width: 90%; height: 350px;' src='" . GOTMLS_plugin_home . "whitelist.html?whitelist=" . $_POST['GOTMLS_whitelist'] . "&hash={$chksum['0']}&size={$filesize}&key={$chksum['1']}'></iframe>"))));
            } else {
                echo "<li>Invalid Data!</li>";
            }
        } elseif (isset($_GET["GOTMLS_scan"])) {
            $file = GOTMLS_decode($_GET["GOTMLS_scan"]);
            if (is_dir($file)) {
                @error_reporting(0);
                @header("Content-type: text/javascript");
                if (isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"])) {
                    $GLOBALS["GOTMLS"]["tmp"]["skip_ext"] = $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"];
                }
                @ob_start();
                echo GOTMLS_scandir($file);
                if (@ob_get_level()) {
                    GOTMLS_flush();
                    @ob_end_flush();
                }
                die('//END OF JavaScript');
            } else {
                if (!file_exists($file)) {
                    die(sprintf(__("The file %s does not exist.", 'gotmls'), $file) . "<br />\n" . (file_exists(GOTMLS_quarantine($file)) ? sprintf(__("You could <a %s>try viewing the quarantined backup file</a>.", 'gotmls'), 'target="GOTMLS_iFrame" href="' . GOTMLS_script_URI . '&GOTMLS_scan=' . GOTMLS_encode(GOTMLS_quarantine($file)) . '"') : __("The file must have already been delete.", 'gotmls')) . "<script type=\"text/javascript\">\nwindow.parent.showhide('GOTMLS_iFrame', true);\n</script>");
                } else {
                    $clean_file = $file;
                    if (GOTMLS_get_ext($file) == 'gotmls' && dirname($file) == dirname(GOTMLS_quarantine($file))) {
                        $clean_file = 'Quarantined: ' . GOTMLS_decode(array_pop(explode(".", '.' . substr($file, strlen(dirname($file)) + 1, -7))));
                        $_GET["eli"] = "quarantine";
                    }
                    GOTMLS_scanfile($file);
                    $fa = "";
                    $function = 'GOTMLS_decode';
                    $decode_list = array("Base64" => '/base64_decode\\([\'"]([0-9\\+\\/\\=a-z]+)[\'"]\\)/', "Hex" => '/(\\\\x[0-9a-f]{2})/');
                    if (isset($_GET[$function]) && is_array($_GET[$function])) {
                        foreach ($_GET[$function] as $decode) {
                            if (isset($decode_list[$decode])) {
                                $GOTMLS_file_contents = preg_replace($decode_list[$decode] . substr($GLOBALS["GOTMLS"]["tmp"]["default_ext"], 0, 2), $function . $decode . '("\\1")', $GOTMLS_file_contents);
                                $fa .= " {$decode} decoded";
                            } else {
                                $fa .= " NO-{$decode}";
                            }
                        }
                    } elseif (isset($GOTMLS_threats_found) && is_array($GOTMLS_threats_found) && count($GOTMLS_threats_found)) {
                        $f = 1;
                        foreach ($GOTMLS_threats_found as $threats_found => $threats_name) {
                            $fpos = 0;
                            $flen = 0;
                            $potential_threat = str_replace("\r", "", $threats_found);
                            while (($fpos = strpos(str_replace("\r", "", $GOTMLS_file_contents), $potential_threat, $flen + $fpos)) !== false) {
                                $flen = strlen($potential_threat);
                                $fa .= ' <a title="' . htmlspecialchars($threats_name) . '" href="javascript:select_text_range(\'ta_file\', ' . $fpos . ', ' . ($fpos + $flen) . ');">[' . $f++ . ']</a>';
                            }
                            if (0 == $flen) {
                                $fa = 'ERROR[' . $f++ . ']: Threat_size{' . strlen($potential_threat) . '} } Content_size{' . strlen(str_replace("\r", "", $GOTMLS_file_contents)) . '}';
                            }
                        }
                    } else {
                        $fa = " No Threats Found";
                    }
                    foreach ($decode_list as $decode => $regex) {
                        if (preg_match($regex . substr($GLOBALS["GOTMLS"]["tmp"]["default_ext"], 0, 1), $GOTMLS_file_contents)) {
                            $fa .= ' <a href="' . GOTMLS_script_URI . '&' . $function . '[]=' . $decode . '">decode[' . $decode . ']</a>';
                        }
                    }
                    die("\n" . '<script type="text/javascript">
	function select_text_range(ta_id, start, end) {
		ta_element = document.getElementById(ta_id);
		ta_element.focus();
		if(ta_element.setSelectionRange)
		   ta_element.setSelectionRange(start, end);
		else {
		   var r = ta_element.createTextRange();
		   r.collapse(true);
		   r.moveEnd(\'character\', end);
		   r.moveStart(\'character\', start);
		   r.select();   
		}
	}
	window.parent.showhide("GOTMLS_iFrame", true);
	</script><table style="top: 0px; left: 0px; width: 100%; height: 100%; position: absolute;"><tr><td style="width: 100%"><form style="margin: 0;" method="post"' . (is_file($clean_file) ? ' onsubmit="return confirm(\'' . __("Are you sure this file is not infected and you want to ignore it in future scans?", 'gotmls') . '\');"><input type="hidden" name="GOTMLS_whitelist" value="' . GOTMLS_encode($clean_file) . '"><input type="hidden" name="GOTMLS_chksum" value="' . md5($GOTMLS_file_contents) . 'O' . GOTMLS_installation_key . '"><input type="submit" value="Whitelist this file" style="float: right;">' : (is_file(GOTMLS_quarantine($clean_file)) ? ' >' : '>')) . '</form><div id="fileperms" class="shadowed-box rounded-corners" style="display: none; position: absolute; left: 8px; top: 29px; background-color: #ccc; border: medium solid #C00; box-shadow: -3px 3px 3px #666; border-radius: 10px; padding: 10px;"><b>File Details</b><br />encoding: ' . mb_detect_encoding($GOTMLS_file_contents) . '<br />size: ' . strlen($GOTMLS_file_contents) . ' (' . filesize($file) . 'bytes)<br />permissions: ' . GOTMLS_fileperms($file) . '<br />modified:' . date(" Y-m-d H:i:s ", filemtime($file)) . '<br />changed:' . date(" Y-m-d H:i:s ", filectime($file)) . '</div><div style="overflow: auto;"><span onmouseover="document.getElementById(\'fileperms\').style.display=\'block\';" onmouseout="document.getElementById(\'fileperms\').style.display=\'none\';">' . __("Potential threats in file:", 'gotmls') . '</span> (' . $fa . ' )</div></td></tr><tr><td style="height: 100%"><textarea id="ta_file" style="width: 100%; height: 100%">' . htmlentities(str_replace("\r", "", $GOTMLS_file_contents)) . '</textarea></td></tr></table>');
                }
            }
        } elseif (isset($_REQUEST["GOTMLS_fix"]) && is_array($_REQUEST["GOTMLS_fix"]) && isset($_REQUEST["GOTMLS_fixing"]) && $_REQUEST["GOTMLS_fixing"]) {
            $callAlert = "clearTimeout(callAlert);\ncallAlert=setTimeout('alert_repaired(1)', 30000);";
            $li_js = "\n<script type=\"text/javascript\">\nvar callAlert;\nfunction alert_repaired(failed) {\nclearTimeout(callAlert);\nif (failed)\nfilesFailed='the rest, try again to change more.';\nwindow.parent.check_for_donation('Changed '+filesFixed+' files, failed to change '+filesFailed);\n}\n{$callAlert}\nwindow.parent.showhide('GOTMLS_iFrame', true);\nfilesFixed=0;\nfilesFailed=0;\nfunction fixedFile(file) {\n filesFixed++;\nwindow.parent.document.getElementById('list_'+file).className='GOTMLS_plugin';\nwindow.parent.document.getElementById('check_'+file).checked=false;\n }\nfunction DeletedFile(file) {\n filesFixed++;\nwindow.parent.document.getElementById('list_'+file).style.display='none';\nwindow.parent.document.getElementById('check_'+file).checked=false;\n }\nfunction failedFile(file) {\n filesFailed++;\nwindow.parent.document.getElementById('check_'+file).checked=false; \n}\n</script>\n<script type=\"text/javascript\">\n/*<!--*" . "/";
            @set_time_limit($GLOBALS["GOTMLS"]["tmp"]['execution_time'] * 2);
            foreach ($_REQUEST["GOTMLS_fix"] as $clean_file) {
                $path = realpath(GOTMLS_decode($clean_file));
                if (is_file($path)) {
                    if ($_REQUEST["GOTMLS_fixing"] > 1) {
                        echo "<li>Deleting {$path} ... ";
                        if (GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]) == substr($path, 0, strlen(GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]))) && @unlink($path)) {
                            echo __("Deleted!", 'gotmls');
                            $li_js .= "/*-->*" . "/\nDeletedFile('{$clean_file}');\n/*<!--*" . "/";
                        } elseif (GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]) == substr($path, 0, strlen(GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]))) && is_file(dirname($path) . "/index.php") && ($GOTMLS_file_contents = @file_get_contents(dirname($path) . "/index.php")) && strlen($GOTMLS_file_contents) > 0 && GOTMLS_file_put_contents($path, $GOTMLS_file_contents) && (@rename($path, dirname($path) . "/index.php") || GOTMLS_file_put_contents($path, "") !== false)) {
                            echo __("Removed file contents!", 'gotmls');
                            $li_js .= "/*-->*" . "/\nfixedFile('{$clean_file}');\n/*<!--*" . "/";
                        } else {
                            echo __("Failed to delete!", 'gotmls');
                            $li_js .= "/*-->*" . "/\nfailedFile('{$clean_file}');\n/*<!--*" . "/";
                        }
                    } else {
                        echo "<li>Fixing {$path} ... ";
                        $li_js .= GOTMLS_scanfile($path);
                    }
                    echo "</li>\n{$li_js}/*-->*" . "/\n{$callAlert}\n</script>\n";
                    $li_js = "<script type=\"text/javascript\">\n/*<!--*" . "/";
                } else {
                    echo "<li>" . __("File " . htmlentities($path) . " not found!", 'gotmls') . "</li>";
                }
            }
            die('<div id="check_site_warning" style="background-color: #F00;">' . sprintf(__("Because some threats were automatically fixed we need to check to make sure the removal did not break your site. If this stays Red and the frame below does not load please <a %s>revert the changes</a> made during the automated fix process.", 'gotmls'), 'target="test_frame" href="admin.php?page=GOTMLS-View-Quarantine"') . ' <span style="color: #F00;">' . __("Never mind, it worked!", 'gotmls') . '</span></div><br /><iframe id="test_frame" name="test_frame" src="' . GOTMLS_script_URI . '&check_site=1" style="width: 100%; height: 200px"></iframe>' . $li_js . "/*-->*" . "/\nalert_repaired(0);\n</script>\n");
        } elseif (isset($_REQUEST["GOTMLS_fixing"])) {
            die("<script type=\"text/javascript\">\nwindow.parent.showhide('GOTMLS_iFrame', true);\nalert('" . __("Nothing Selected to be Changed!", 'gotmls') . "');\n</script>" . __("Done!", 'gotmls'));
        }
        if (isset($_POST["scan_level"]) && is_numeric($_POST["scan_level"])) {
            $scan_level = intval($_POST["scan_level"]);
        }
        if (isset($scan_level) && is_numeric($scan_level)) {
            $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"] = intval($scan_level);
        } else {
            $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"] = count(explode('/', trailingslashit(get_option("siteurl")))) - 1;
        }
        $GLOBALS["GOTMLS_msg"] = __("Default position", 'gotmls');
        $properties = array("body" => 'style="margin: 0; padding: 0;"');
        if (isset($_GET["GOTMLS_msg"]) && $_GET["GOTMLS_msg"] == $GLOBALS["GOTMLS_msg"]) {
            $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"] = $GLOBALS["GOTMLS"]["tmp"]["default"]["msg_position"];
            $gl = '><';
            $properties["html"] = $gl . 'head' . $gl . 'script type="text/javascript">
	if (curDiv = window.parent.document.getElementById("div_file")) {
		curDiv.style.left = "' . $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][0] . '";
		curDiv.style.top = "' . $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][1] . '";
		curDiv.style.height = "' . $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][2] . '";
		curDiv.style.width = "' . $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][3] . '";
	}
	</script' . $gl . '/head';
        } elseif (isset($_GET["GOTMLS_x"]) || isset($_GET["GOTMLS_y"]) || isset($_GET["GOTMLS_h"]) || isset($_GET["GOTMLS_w"])) {
            if (isset($_GET["GOTMLS_x"])) {
                $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][0] = $_GET["GOTMLS_x"];
            }
            if (isset($_GET["GOTMLS_y"])) {
                $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][1] = $_GET["GOTMLS_y"];
            }
            if (isset($_GET["GOTMLS_h"])) {
                $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][2] = $_GET["GOTMLS_h"];
            }
            if (isset($_GET["GOTMLS_w"])) {
                $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][3] = $_GET["GOTMLS_w"];
            }
            $_GET["GOTMLS_msg"] = __("New position", 'gotmls');
        }
        update_option("GOTMLS_settings_array", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]);
        if (isset($_GET["GOTMLS_msg"])) {
            die(GOTMLS_html_tags(array("html" => array("body" => htmlentities($_GET["GOTMLS_msg"]) . ' ' . __("saved.", 'gotmls') . (implode($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"]) == implode($GLOBALS["GOTMLS"]["tmp"]["default"]["msg_position"]) ? "" : ' <a href="' . GOTMLS_script_URI . '&GOTMLS_msg=' . urlencode($GLOBALS["GOTMLS_msg"]) . '">[' . $GLOBALS["GOTMLS_msg"] . ']</a>'))), $properties));
        }
    }
}
Beispiel #2
0
function GOTMLS_check_file($file)
{
    $filesize = @filesize($file);
    echo "/*-->*" . "/\ndocument.getElementById('status_text').innerHTML='Checking " . GOTMLS_strip4java($file) . " ({$filesize} bytes)';\n/*<!--*" . "/";
    if (GOTMLS_get_ext($file) == "bad") {
        echo GOTMLS_return_threat("bad", @rename($file, GOTMLS_quarantine(substr($file, 0, -4))) ? "checked" : "blocked", $file);
    } elseif (GOTMLS_get_ext($file) == "gotmls" && !(isset($_GET["eli"]) && $_GET["eli"] == "quarantine")) {
        echo GOTMLS_return_threat("bad", "checked", GOTMLS_decode(substr(array_pop(GOTMLS_explode_dir($file)), 0, -7)));
    } elseif (in_array(GOTMLS_get_ext($file), $GLOBALS["GOTMLS"]["tmp"]["skip_ext"]) && !preg_match('/social[0-9]*\\.png$/i', $file)) {
        echo GOTMLS_return_threat("skipped", "blocked", $file, GOTMLS_error_link(__("Skipped because of file extention!", 'gotmls'), $file, "potential"));
    } elseif ($filesize === false) {
        echo GOTMLS_return_threat("errors", "blocked", $file, GOTMLS_error_link(__("Failed to determine file size!", 'gotmls'), $file));
    } elseif ($filesize == 0 || $filesize > (isset($_GET["eli"]) && is_numeric($_GET["eli"]) ? $_GET["eli"] : 1234567)) {
        echo GOTMLS_return_threat("skipped", "blocked", $file, GOTMLS_error_link(__("Skipped because of file size!", 'gotmls') . " ({$filesize} bytes)", $file, "potential"));
    } else {
        try {
            echo @GOTMLS_scanfile($file);
        } catch (Exception $e) {
            die("//Exception:" . GOTMLS_strip4java($e));
        }
    }
    echo "/*-->*" . "/\ndocument.getElementById('status_text').innerHTML='Checked " . GOTMLS_strip4java($file) . "';\n/*<!--*" . "/";
}
function GOTMLS_ajax_scan()
{
    if (GOTMLS_get_nonce()) {
        @error_reporting(0);
        if (isset($_GET["GOTMLS_scan"])) {
            @set_time_limit($GLOBALS["GOTMLS"]["tmp"]['execution_time'] - 5);
            $decode_list = array("Base64" => '/base64_decode\\([\'"]([0-9\\+\\/\\=a-z]+)[\'"]\\)/', "Hex" => '/(\\\\(x[0-9a-f]{2}|[0-9]{1,3}))/');
            if (is_numeric($_GET["GOTMLS_scan"])) {
                if (($Q_post = GOTMLS_get_quarantine($_GET["GOTMLS_scan"])) && isset($Q_post["post_type"]) && $Q_post["post_type"] == "GOTMLS_quarantine" && isset($Q_post["post_status"]) && $Q_post["post_status"] == "private") {
                    $clean_file = $Q_post["post_title"];
                    $GLOBALS["GOTMLS"]["tmp"]["file_contents"] = GOTMLS_decode($Q_post["post_content"]);
                    $fa = "";
                    $function = 'GOTMLS_decode';
                    if (isset($_GET[$function]) && is_array($_GET[$function])) {
                        foreach ($_GET[$function] as $decode) {
                            if (isset($decode_list[$decode])) {
                                $GLOBALS["GOTMLS"]["tmp"]["file_contents"] = preg_replace($decode_list[$decode] . substr($GLOBALS["GOTMLS"]["tmp"]["default_ext"], 0, 2), $function . $decode . '("\\1")', $GLOBALS["GOTMLS"]["tmp"]["file_contents"]);
                                $fa .= " {$decode} decoded";
                            } else {
                                $fa .= " NO-{$decode}";
                            }
                        }
                    } elseif (isset($Q_post["post_excerpt"]) && strlen($Q_post["post_excerpt"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["threats_found"] = @maybe_unserialize(GOTMLS_decode($Q_post["post_excerpt"])))) {
                        $f = 1;
                        //print_r(array("excerpt:"=>$GLOBALS["GOTMLS"]["tmp"]["threats_found"]));
                        foreach ($GLOBALS["GOTMLS"]["tmp"]["threats_found"] as $threats_found => $threats_name) {
                            list($start, $end, $junk) = explode("-", "{$threats_found}--", 3);
                            if (strlen($end) > 0 && is_numeric($start) && is_numeric($end)) {
                                if ($start < $end) {
                                    $fa .= ' <a title="' . htmlspecialchars($threats_name) . '" href="javascript:select_text_range(\'ta_file\', ' . $start . ', ' . $end . ');">[' . $f++ . ']</a>';
                                } else {
                                    $fa .= ' <a title="' . htmlspecialchars($threats_name) . '" href="javascript:select_text_range(\'ta_file\', ' . $end . ', ' . $start . ');">[' . $f++ . ']</a>';
                                }
                            } else {
                                if (is_numeric($threats_found)) {
                                    $threats_found = $threats_name;
                                    $threats_name = $f;
                                }
                                $fpos = 0;
                                $flen = 0;
                                $potential_threat = str_replace("\r", "", $threats_found);
                                while (($fpos = strpos(str_replace("\r", "", $GLOBALS["GOTMLS"]["tmp"]["file_contents"]), $potential_threat, $flen + $fpos)) !== false) {
                                    $flen = strlen($potential_threat);
                                    $fa .= ' <a title="' . htmlspecialchars($threats_name) . '" href="javascript:select_text_range(\'ta_file\', ' . $fpos . ', ' . ($fpos + $flen) . ');">[' . $f++ . ']</a>';
                                }
                            }
                        }
                    }
                    //else echo "excerpt:".$Q_post["post_excerpt"];
                    foreach ($decode_list as $decode => $regex) {
                        if (preg_match($regex . substr($GLOBALS["GOTMLS"]["tmp"]["default_ext"], 0, 1), $GLOBALS["GOTMLS"]["tmp"]["file_contents"])) {
                            $fa .= ' <a href="' . GOTMLS_script_URI . '&' . $function . '[]=' . $decode . '">decode[' . $decode . ']</a>';
                        }
                    }
                    die("\n" . '<script type="text/javascript">
		function select_text_range(ta_id, start, end) {
		ta_element = document.getElementById(ta_id);
		ta_element.focus();
		if(ta_element.setSelectionRange)
		   ta_element.setSelectionRange(start, end);
		else {
		   var r = ta_element.createTextRange();
		   r.collapse(true);
		   r.moveEnd(\'character\', end);
		   r.moveStart(\'character\', start);
		   r.select();   
		}
		}
		window.parent.showhide("GOTMLS_iFrame", true);
		</script><table style="top: 0px; left: 0px; width: 100%; height: 100%; position: absolute;"><tr><td style="width: 100%"><form style="margin: 0;" method="post" action="' . admin_url('admin-ajax.php?' . GOTMLS_set_nonce(__FUNCTION__ . "1522")) . '" onsubmit="return confirm(\'' . __("Are you sure you want to delete this file from the quarantine?", 'gotmls') . '\');"><input type="hidden" name="GOTMLS_fix[]" value="' . $Q_post["ID"] . '"><input type="hidden" name="GOTMLS_fixing" value="2"><input type="hidden" name="action" value="GOTMLS_fix"><input type="submit" value="DELETE from Quarantine" style="background-color: #C00; float: right;"></form><div id="fileperms" class="shadowed-box rounded-corners" style="display: none; position: absolute; left: 8px; top: 29px; background-color: #ccc; border: medium solid #C00; box-shadow: -3px 3px 3px #666; border-radius: 10px; padding: 10px;"><b>File Details</b><br />encoding: ' . (function_exists("mb_detect_encoding") ? mb_detect_encoding($GLOBALS["GOTMLS"]["tmp"]["file_contents"]) : "Unknown") . '<br />size: ' . strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]) . ' bytes<br />infected:' . $Q_post["post_modified_gmt"] . '<br />quarantined:' . $Q_post["post_date_gmt"] . '</div><div style="overflow: auto;"><span onmouseover="document.getElementById(\'fileperms\').style.display=\'block\';" onmouseout="document.getElementById(\'fileperms\').style.display=\'none\';">' . __("File Details:", 'gotmls') . '</span> (' . $fa . ' )</div></td></tr><tr><td style="height: 100%"><textarea id="ta_file" style="width: 100%; height: 100%">' . htmlentities(str_replace("\r", "", $GLOBALS["GOTMLS"]["tmp"]["file_contents"])) . '</textarea></td></tr></table>');
                } else {
                    die(GOTMLS_html_tags(array("html" => array("body" => __("This file no longer exists in the quarantine.", 'gotmls') . "<br />\n<script type=\"text/javascript\">\nwindow.parent.showhide('GOTMLS_iFrame', true);\n</script>"))));
                }
            } else {
                $file = GOTMLS_decode($_GET["GOTMLS_scan"]);
                if (is_dir($file)) {
                    @error_reporting(0);
                    @header("Content-type: text/javascript");
                    if (isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"])) {
                        $GLOBALS["GOTMLS"]["tmp"]["skip_ext"] = $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"];
                    }
                    @ob_start();
                    echo GOTMLS_scandir($file);
                    if (@ob_get_level()) {
                        GOTMLS_flush();
                        @ob_end_flush();
                    }
                    die('//END OF JavaScript');
                } else {
                    if (!file_exists($file)) {
                        die(GOTMLS_html_tags(array("html" => array("body" => sprintf(__("The file %s does not exist, it must have already been deleted.", 'gotmls'), $file) . "<script type=\"text/javascript\">\nwindow.parent.showhide('GOTMLS_iFrame', true);\n</script>"))));
                    } else {
                        GOTMLS_scanfile($file);
                        $fa = "";
                        $function = 'GOTMLS_decode';
                        if (isset($_GET[$function]) && is_array($_GET[$function])) {
                            foreach ($_GET[$function] as $decode) {
                                if (isset($decode_list[$decode])) {
                                    $GLOBALS["GOTMLS"]["tmp"]["file_contents"] = preg_replace($decode_list[$decode] . substr($GLOBALS["GOTMLS"]["tmp"]["default_ext"], 0, 2), $function . $decode . '("\\1")', $GLOBALS["GOTMLS"]["tmp"]["file_contents"]);
                                    $fa .= " {$decode} decoded";
                                } else {
                                    $fa .= " NO-{$decode}";
                                }
                            }
                        } elseif (isset($GLOBALS["GOTMLS"]["tmp"]["threats_found"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["threats_found"]) && count($GLOBALS["GOTMLS"]["tmp"]["threats_found"])) {
                            $f = 1;
                            foreach ($GLOBALS["GOTMLS"]["tmp"]["threats_found"] as $threats_found => $threats_name) {
                                list($start, $end, $junk) = explode("-", "{$threats_found}--", 3);
                                if ($start > $end) {
                                    $fa .= 'ERROR[' . $f++ . ']: Threat_size{' . $threats_found . '} Content_size{' . strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]) . '}';
                                } else {
                                    $fa .= ' <a title="' . htmlspecialchars($threats_name) . '" href="javascript:select_text_range(\'ta_file\', ' . $start . ', ' . $end . ');">[' . $f++ . ']</a>';
                                }
                            }
                        } else {
                            $fa = " No Threats Found";
                        }
                        foreach ($decode_list as $decode => $regex) {
                            if (preg_match($regex . substr($GLOBALS["GOTMLS"]["tmp"]["default_ext"], 0, 1), $GLOBALS["GOTMLS"]["tmp"]["file_contents"])) {
                                $fa .= ' <a href="' . GOTMLS_script_URI . '&' . $function . '[]=' . $decode . '">decode[' . $decode . ']</a>';
                            }
                        }
                        die("\n" . '<script type="text/javascript">
		function select_text_range(ta_id, start, end) {
			ta_element = document.getElementById(ta_id);
			ta_element.focus();
			if(ta_element.setSelectionRange)
			   ta_element.setSelectionRange(start, end);
			else {
			   var r = ta_element.createTextRange();
			   r.collapse(true);
			   r.moveEnd(\'character\', end);
			   r.moveStart(\'character\', start);
			   r.select();   
			}
		}
		window.parent.showhide("GOTMLS_iFrame", true);
		</script><table style="top: 0px; left: 0px; width: 100%; height: 100%; position: absolute;"><tr><td style="width: 100%"><form style="margin: 0;" method="post" action="' . admin_url('admin-ajax.php?' . GOTMLS_set_nonce(__FUNCTION__ . "1583")) . '" onsubmit="return confirm(\'' . __("Are you sure this file is not infected and you want to ignore it in future scans?", 'gotmls') . '\');"><input type="hidden" name="GOTMLS_whitelist" value="' . GOTMLS_encode($file) . '"><input type="hidden" name="action" value="GOTMLS_whitelist"><input type="hidden" name="GOTMLS_chksum" value="' . md5($GLOBALS["GOTMLS"]["tmp"]["file_contents"]) . 'O' . GOTMLS_installation_key . '"><input type="submit" value="Whitelist this file" style="float: right;"></form><div id="fileperms" class="shadowed-box rounded-corners" style="display: none; position: absolute; left: 8px; top: 29px; background-color: #ccc; border: medium solid #C00; box-shadow: -3px 3px 3px #666; border-radius: 10px; padding: 10px;"><b>File Details</b><br />encoding: ' . (function_exists("mb_detect_encoding") ? mb_detect_encoding($GLOBALS["GOTMLS"]["tmp"]["file_contents"]) : "Unknown") . '<br />size: ' . strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]) . ' (' . filesize($file) . 'bytes)<br />permissions: ' . GOTMLS_fileperms($file) . '<br />modified:' . date(" Y-m-d H:i:s ", filemtime($file)) . '<br />changed:' . date(" Y-m-d H:i:s ", filectime($file)) . '</div><div style="overflow: auto;"><span onmouseover="document.getElementById(\'fileperms\').style.display=\'block\';" onmouseout="document.getElementById(\'fileperms\').style.display=\'none\';">' . __("Potential threats in file:", 'gotmls') . '</span> (' . $fa . ' )</div></td></tr><tr><td style="height: 100%"><textarea id="ta_file" style="width: 100%; height: 100%">' . htmlentities(str_replace("\r", "", $GLOBALS["GOTMLS"]["tmp"]["file_contents"])) . '</textarea></td></tr></table>');
                    }
                }
            }
        } else {
            die("\n//Directory Error: Nothing to scan!\n");
        }
    } else {
        if (isset($_GET["GOTMLS_scan"]) && is_dir(GOTMLS_decode($_GET["GOTMLS_scan"]))) {
            @header("Content-type: text/javascript");
        }
        die(GOTMLS_Invalid_Nonce("\n//Ajax Scan Error: ") . "\n");
    }
}