/**
* Compare the md5sum of the core files in the current site with the hashes hosted
* remotely in Sucuri servers. These hashes are updated every time a new version
* of WordPress is released. If the "Send Email" parameter is set the function will
* send a notification to the administrator with a list of files that were added,
* modified and/or deleted so far.
*
* @param boolean $send_email If the HTML code returned will be sent via email.
* @return string HTML code with a list of files that were affected.
*/
function sucuriscan_core_files($send_email = false)
{
$site_version = SucuriScan::site_version();
$affected_files = 0;
$template_variables = array('CoreFiles.List' => '', 'CoreFiles.ListCount' => 0, 'CoreFiles.GoodVisibility' => 'visible', 'CoreFiles.BadVisibility' => 'hidden', 'CoreFiles.FailureVisibility' => 'hidden', 'CoreFiles.RemoteChecksumsURL' => '');
if ($site_version && SucuriScanOption::is_enabled(':scan_checksums')) {
// Check if there are added, removed, or modified files.
$latest_hashes = sucuriscan_check_core_integrity($site_version);
$template_variables['CoreFiles.RemoteChecksumsURL'] = 'http://api.wordpress.org/core/checksums/1.0/' . '?version=' . $site_version . '&locale=en_US';
if ($latest_hashes) {
$cache = new SucuriScanCache('integrity');
$ignored_files = $cache->get_all();
$counter = 0;
foreach ($latest_hashes as $list_type => $file_list) {
if ($list_type == 'stable' || empty($file_list)) {
continue;
}
foreach ($file_list as $file_info) {
$file_path = $file_info['filepath'];
$full_filepath = sprintf('%s/%s', rtrim(ABSPATH, '/'), $file_path);
// Skip files that were marked as fixed.
if ($ignored_files) {
// Get the checksum of the base file name.
$file_path_checksum = md5($file_path);
if (array_key_exists($file_path_checksum, $ignored_files)) {
continue;
}
}
// Add extra information to the file list.
$css_class = $counter % 2 == 0 ? '' : 'alternate';
$file_size = @filesize($full_filepath);
$is_fixable_html = '';
$is_fixable_text = '';
// Check whether the file can be fixed automatically or not.
if ($file_info['is_fixable'] !== true) {
$css_class .= ' sucuriscan-opacity';
$is_fixable_html = 'disabled="disbled"';
$is_fixable_text = '(must be fixed manually)';
}
// Generate the HTML code from the snippet template for this file.
$template_variables['CoreFiles.List'] .= SucuriScanTemplate::get_snippet('integrity-corefiles', array('CoreFiles.CssClass' => $css_class, 'CoreFiles.StatusType' => $list_type, 'CoreFiles.FilePath' => SucuriScan::escape($file_path), 'CoreFiles.FileSize' => $file_size, 'CoreFiles.FileSizeHuman' => SucuriScan::human_filesize($file_size), 'CoreFiles.FileSizeNumber' => number_format($file_size), 'CoreFiles.ModifiedAt' => SucuriScan::datetime($file_info['modified_at']), 'CoreFiles.IsFixtableFile' => $is_fixable_html, 'CoreFiles.IsNotFixable' => $is_fixable_text));
$counter += 1;
$affected_files += 1;
}
}
if ($counter > 0) {
$template_variables['CoreFiles.ListCount'] = $counter;
$template_variables['CoreFiles.GoodVisibility'] = 'hidden';
$template_variables['CoreFiles.BadVisibility'] = 'visible';
}
} else {
$template_variables['CoreFiles.GoodVisibility'] = 'hidden';
$template_variables['CoreFiles.BadVisibility'] = 'hidden';
$template_variables['CoreFiles.FailureVisibility'] = 'visible';
}
}
// Send an email notification with the affected files.
if ($send_email === true) {
if ($affected_files > 0) {
$content = SucuriScanTemplate::get_section('notification-corefiles', $template_variables);
$sent = SucuriScanEvent::notify_event('scan_checksums', $content);
return $sent;
}
return false;
}
return SucuriScanTemplate::get_section('integrity-corefiles', $template_variables);
}
/**
* Compare the md5sum of the core files in the current site with the hashes hosted
* remotely in Sucuri servers. These hashes are updated every time a new version
* of WordPress is released.
*
* @return void
*/
function sucuriscan_core_files()
{
$site_version = SucuriScan::site_version();
$template_variables = array('CoreFiles.List' => '', 'CoreFiles.ListCount' => 0, 'CoreFiles.GoodVisibility' => 'visible', 'CoreFiles.BadVisibility' => 'hidden');
if ($site_version && SucuriScanOption::get_option(':scan_checksums') == 'enabled') {
// Check if there are added, removed, or modified files.
$latest_hashes = sucuriscan_check_core_integrity($site_version);
if ($latest_hashes) {
$cache = new SucuriScanCache('integrity');
$ignored_files = $cache->get_all();
$counter = 0;
foreach ($latest_hashes as $list_type => $file_list) {
if ($list_type == 'stable' || empty($file_list)) {
continue;
}
foreach ($file_list as $file_info) {
$file_path = $file_info['filepath'];
$full_filepath = sprintf('%s/%s', rtrim(ABSPATH, '/'), $file_path);
// Skip files that were marked as fixed.
if ($ignored_files) {
// Get the checksum of the base file name.
$file_path_checksum = md5($file_path);
if (array_key_exists($file_path_checksum, $ignored_files)) {
continue;
}
}
// Add extra information to the file list.
$css_class = $counter % 2 == 0 ? '' : 'alternate';
$file_size = @filesize($full_filepath);
$is_fixable_html = '';
$is_fixable_text = '';
// Check whether the file can be fixed automatically or not.
if ($file_info['is_fixable'] !== true) {
$css_class .= ' sucuriscan-opacity';
$is_fixable_html = 'disabled="disbled"';
$is_fixable_text = '(must be fixed manually)';
}
// Generate the HTML code from the snippet template for this file.
$template_variables['CoreFiles.List'] .= SucuriScanTemplate::get_snippet('integrity-corefiles', array('CoreFiles.CssClass' => $css_class, 'CoreFiles.StatusType' => $list_type, 'CoreFiles.FilePath' => $file_path, 'CoreFiles.FileSize' => $file_size, 'CoreFiles.FileSizeHuman' => SucuriScan::human_filesize($file_size), 'CoreFiles.FileSizeNumber' => number_format($file_size), 'CoreFiles.ModifiedAt' => SucuriScan::datetime($file_info['modified_at']), 'CoreFiles.IsFixtableFile' => $is_fixable_html, 'CoreFiles.IsNotFixable' => $is_fixable_text));
$counter += 1;
}
}
if ($counter > 0) {
$template_variables['CoreFiles.ListCount'] = $counter;
$template_variables['CoreFiles.GoodVisibility'] = 'hidden';
$template_variables['CoreFiles.BadVisibility'] = 'visible';
}
} else {
SucuriScanInterface::error('Error retrieving the WordPress core hashes, try again.');
}
}
return SucuriScanTemplate::get_section('integrity-corefiles', $template_variables);
}
