function GOTMLS_scanfile($file) { global $wp_version, $GOTMLS_threat_files, $GOTMLS_threats_found, $GOTMLS_chmod_file, $GOTMLS_chmod_dir, $GOTMLS_file_contents, $GOTMLS_new_contents; $GOTMLS_threats_found = array(); $gt = ">"; $lt = "<"; $found = false; $threat_link = ""; $className = "scanned"; $clean_file = GOTMLS_encode($file); $file_name = GOTMLS_explode_dir($file); $file_parts = explode(".", "." . array_pop($file_name)); if (is_file($file) && ($filesize = filesize($file)) && ($GOTMLS_file_contents = @file_get_contents($file))) { if (isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]["{$wp_version}"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]["{$wp_version}"])) { $whitelist = array_flip($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]["{$wp_version}"]); } else { $whitelist = array(); } foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"] as $whitelist_file => $non_threats) { if (is_array($non_threats) && count($non_threats) > 1) { if (isset($non_threats[0])) { unset($non_threats[0]); } $whitelist = array_merge($whitelist, $non_threats); } } if (isset($whitelist[md5($GOTMLS_file_contents) . 'O' . $filesize])) { return GOTMLS_return_threat($className, "checked.gif?{$className}", $file, $threat_link); } $GOTMLS_new_contents = $GOTMLS_file_contents; if (isset($GLOBALS["GOTMLS"]["log"]["settings"]["check_custom"]) && strlen($GLOBALS["GOTMLS"]["log"]["settings"]["check_custom"]) && isset($_GET['eli']) && substr($GLOBALS["GOTMLS"]["log"]["settings"]["check_custom"], 0, 1) == '/' && ($found = GOTMLS_check_threat($GLOBALS["GOTMLS"]["log"]["settings"]["check_custom"]))) { $className = "known"; } else { $path = str_replace("//", "/", "/" . str_replace("\\", "/", substr($file, strlen(ABSPATH)))); if (isset($_SESSION["GOTMLS_debug"])) { $_SESSION["GOTMLS_debug"]["file"] = $file; $_SESSION["GOTMLS_debug"]["last"]["total"] = microtime(true); } foreach ($GLOBALS["GOTMLS"]["tmp"]["threat_levels"] as $threat_level) { if (isset($_SESSION["GOTMLS_debug"])) { $_SESSION["GOTMLS_debug"]["threat_level"] = $threat_level; $_SESSION["GOTMLS_debug"]["last"]["threat_level"] = microtime(true); } if (in_array($threat_level, $GLOBALS["GOTMLS"]["log"]["settings"]["check"]) && !$found && isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"][$threat_level]) && ($threat_level != "wp_core" || substr($file, 0, strlen(ABSPATH)) == ABSPATH && isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]["{$wp_version}"]["{$path}"])) && (!array_key_exists($threat_level, $GOTMLS_threat_files) || substr($file . "e", -1 * strlen($GOTMLS_threat_files[$threat_level] . "e")) == $GOTMLS_threat_files[$threat_level] . "e") && ($found = GOTMLS_check_threat($GLOBALS["GOTMLS"]["tmp"]["definitions_array"][$threat_level], $file))) { $className = $threat_level; } } if (isset($_SESSION["GOTMLS_debug"])) { $file_time = round(microtime(true) - $_SESSION["GOTMLS_debug"]["last"]["total"], 5); if (isset($_SESSION["GOTMLS_debug"]["total"]["total"])) { $_SESSION["GOTMLS_debug"]["total"]["total"] += $file_time; } else { $_SESSION["GOTMLS_debug"]["total"]["total"] = $file_time; } if (isset($_SESSION["GOTMLS_debug"]["total"]["count"])) { $_SESSION["GOTMLS_debug"]["total"]["count"]++; } else { $_SESSION["GOTMLS_debug"]["total"]["count"] = 1; } if (!isset($_SESSION["GOTMLS_debug"]["total"]["least"]) || $file_time < $_SESSION["GOTMLS_debug"]["total"]["least"]) { $_SESSION["GOTMLS_debug"]["total"]["least"] = $file_time; } if (!isset($_SESSION["GOTMLS_debug"]["total"]["most"]) || $file_time > $_SESSION["GOTMLS_debug"]["total"]["most"]) { $_SESSION["GOTMLS_debug"]["total"]["most"] = $file_time; } } } } else { $GOTMLS_file_contents = is_file($file) ? is_readable($file) ? filesize($file) ? __("Failed to read file contents!", 'gotmls') : __("Empty file!", 'gotmls') : (isset($_GET["eli"]) ? @chmod($file, $GOTMLS_chmod_file) ? __("Fixed file permissions! (try again)", 'gotmls') : __("File permissions read-only!", 'gotmls') : __("File not readable!", 'gotmls')) : __("File does not exist!", 'gotmls'); // $threat_link = GOTMLS_error_link($GOTMLS_file_contents, $file); $className = "errors"; } if (count($GOTMLS_threats_found)) { $threat_link = $lt . 'a target="GOTMLS_iFrame" href="' . GOTMLS_script_URI . '&GOTMLS_scan=' . $clean_file . '" id="list_' . $clean_file . '" onclick="loadIframe(\'' . str_replace("\"", """, $lt . 'div style="float: left;"' . $gt . 'Examine File ... ' . $lt . '/div' . $gt . $lt . 'div style="overflow: hidden; position: relative; height: 20px;"' . $gt . $lt . 'div style="position: absolute; right: 0px; text-align: right; width: 9000px;"' . $gt . GOTMLS_strip4java($file)) . $lt . '/div' . $gt . $lt . '/div' . $gt . '\');" class="GOTMLS_plugin"' . $gt; if ($className == "errors") { $threat_link = GOTMLS_error_link($GOTMLS_file_contents, $file); $imageFile = "/blocked"; } elseif ($className != "potential") { if (isset($_POST["GOTMLS_fix"]) && is_array($_POST["GOTMLS_fix"]) && in_array($clean_file, $_POST["GOTMLS_fix"])) { if ($className == "timthumb") { if (($source = GOTMLS_get_URL("http://{$className}.googlecode.com/svn/trunk/{$className}.php")) && strlen($source) > 500) { $GOTMLS_new_contents = $source; } else { $GOTMLS_file_contents = ""; } } elseif ($className == 'wp_core') { $path = str_replace("//", "/", "/" . str_replace("\\", "/", substr($file, strlen(ABSPATH)))); if (substr($file, 0, strlen(ABSPATH)) == ABSPATH && isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]["{$wp_version}"]["{$path}"]) && $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]["{$wp_version}"]["{$path}"] != md5($GOTMLS_file_contents) . "O" . strlen($GOTMLS_file_contents) && ($source = GOTMLS_get_URL("http://core.svn.wordpress.org/tags/{$wp_version}{$path}")) && $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]["{$wp_version}"]["{$path}"] == md5($source) . "O" . strlen($source)) { $GOTMLS_new_contents = $source; } else { $GOTMLS_file_contents = ""; } } else { $GOTMLS_new_contents = trim(preg_replace('/' . $lt . '\\?(php)?\\s*(\\?' . $gt . '|$)/i', "", $GOTMLS_new_contents)); } if (strlen($GOTMLS_file_contents) > 0 && GOTMLS_write_quarantine($file, $className) !== false && (strlen($GOTMLS_new_contents) == 0 && isset($_GET["eli"]) && @unlink($file) || GOTMLS_file_put_contents($file, $GOTMLS_new_contents) !== false)) { echo __("Success!", 'gotmls'); return "/*--{$gt}*" . "/\nfixedFile('{$clean_file}');\n/*{$lt}!--*" . "/"; } else { echo __("Failed:", 'gotmls') . ' ' . (strlen($GOTMLS_file_contents) ? is_writable(dirname(GOTMLS_quarantine($file))) ? is_writable(dirname($file)) && is_writable($file) ? __("reason unknown!", 'gotmls') : __("file not writable!", 'gotmls') : __("quarantine not writable!", 'gotmls') . ' ' : __("no file contents!", 'gotmls')); if (isset($_GET["eli"])) { echo 'uid=' . getmyuid() . '(' . get_current_user() . '),gid=' . getmygid() . (is_writable(dirname(GOTMLS_quarantine($file))) ? $lt . 'br' . $gt . $lt . 'pre' . $gt . 'file_stat' . print_r(stat($file), true) : $lt . 'br' . $gt . $lt . 'pre' . $gt . dirname(GOTMLS_quarantine($file)) . ' stat' . print_r(stat(dirname(GOTMLS_quarantine($file))), true)); } return "/*--{$gt}*" . "/\nfailedFile('{$clean_file}');\n/*{$lt}!--*" . "/"; } } $threat_link = $lt . 'input type="checkbox" name="GOTMLS_fix[]" value="' . $clean_file . '" id="check_' . $clean_file . ($className != "wp_core" ? '" checked="' . $className : '') . '" /' . $gt . $threat_link; $imageFile = "threat"; } elseif (isset($_POST["GOTMLS_fix"]) && is_array($_POST["GOTMLS_fix"]) && in_array($clean_file, $_POST["GOTMLS_fix"])) { echo __("Already Fixed!", 'gotmls'); return "/*-->*" . "/\nfixedFile('{$clean_file}');\n/*<!--*" . "/"; } else { $imageFile = "question"; } return GOTMLS_return_threat($className, $imageFile, $file, str_replace("GOTMLS_plugin", "GOTMLS_plugin {$className}", $threat_link)); } elseif (isset($_POST["GOTMLS_fix"]) && is_array($_POST["GOTMLS_fix"]) && in_array($clean_file, $_POST["GOTMLS_fix"])) { if (GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]) == substr($file, 0, strlen(GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"])))) { if (count($file_parts) > 1 && strtolower($file_parts[count($file_parts) - 1]) == "gotmls" && @rename($file, GOTMLS_decode($file_parts[count($file_parts) - 2]))) { echo __("Restored!", 'gotmls'); return "/*--{$gt}*" . "/\nfixedFile('{$clean_file}');\n/*{$lt}!--*" . "/"; } else { echo __("Restore Failed!", 'gotmls'); return ""; } } else { echo __("Already Fixed!", 'gotmls'); return "/*--{$gt}*" . "/\nfixedFile('{$clean_file}');\n/*{$lt}!--*" . "/"; } } else { return GOTMLS_return_threat($className, ($className == "scanned" ? "checked" : "blocked") . ".gif?{$className}", $file, $threat_link); } }
function GOTMLS_in_plugin_update_message($args) { $transient_name = 'GOTMLS_upgrade_notice_' . $args["Version"] . '_' . $args["new_version"]; if (false === ($upgrade_notice = get_transient($transient_name)) && ($ret = GOTMLS_get_URL("https://plugins.svn.wordpress.org/gotmls/trunk/readme.txt"))) { $upgrade_notice = ''; if ($match = preg_split('/==\\s*Upgrade Notice\\s*==\\s+/i', $ret)) { if (preg_match('/\\n+=\\s*' . str_replace(".", "\\.", GOTMLS_Version) . '\\s*=\\s+/is', $match[1])) { $notice = (array) preg_split('/\\n+=\\s*' . str_replace(".", "\\.", GOTMLS_Version) . '\\s*=\\s+/is', $match[1]); } else { $notice = (array) preg_split('/\\n+=/is', $match[1] . "\n="); } $upgrade_notice .= '<div class="GOTMLS_upgrade_notice">' . preg_replace('/=\\s*([\\.0-9]+)\\s*=\\s*([^=]+)/i', '<li><b>${1}:</b> ${2}</li>', preg_replace('~\\[([^\\]]*)\\]\\(([^\\)]*)\\)~', '<a href="${2}">${1}</a>', $notice[0])) . '</div>'; set_transient($transient_name, $upgrade_notice, DAY_IN_SECONDS); } } echo $upgrade_notice; }
function GOTMLS_init() { global $GOTMLS_onLoad, $wp_version, $wpdb, $GOTMLS_threats_found, $GOTMLS_file_contents; if (GOTMLS_user_can()) { if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_what"])) { $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_what"] = 2; } if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_depth"])) { $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_depth"] = -1; } if (isset($_REQUEST["scan_type"]) && $_REQUEST["scan_type"] == "Quick Scan") { if (!isset($_REQUEST["scan_what"])) { $_REQUEST["scan_what"] = 2; } if (!isset($_REQUEST["scan_depth"])) { $_REQUEST["scan_depth"] = 2; } if (!(isset($_POST["scan_only"]) && is_array($_POST["scan_only"]))) { $_POST["scan_only"] = array("", "wp-content/plugins", "wp-content/themes"); } } //$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check_custom"] = stripslashes($_POST["check_custom"]); if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check_custom"])) { $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check_custom"] = ""; } if (isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"]) && is_numeric($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"])) { $scan_level = intval($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"]); } else { $scan_level = count(explode('/', trailingslashit(get_option("siteurl")))) - 1; } if (isset($_REQUEST["dont_check"]) && is_array($_REQUEST["dont_check"]) && count($_REQUEST["dont_check"])) { $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"] = $_REQUEST["dont_check"]; } elseif (isset($_POST["scan_type"]) || !(isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"]))) { $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"] = array(); } if ($array = get_option('GOTMLS_definitions_array')) { if (is_array($array)) { $GLOBALS["GOTMLS"]["tmp"]["definitions_array"] = $array; } } else { $wpdb->query("DELETE FROM {$wpdb->options} WHERE `option_name` LIKE 'GOTMLS_known_%' OR `option_name` LIKE 'GOTMLS_definitions_array_%'"); array_walk($GLOBALS["GOTMLS"]["tmp"]["settings_array"], "GOTMLS_reset_settings"); } $GOTMLS_definitions_versions = array(); foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"] as $threat_level => $definition_names) { foreach ($definition_names as $definition_name => $definition_version) { if (is_array($definition_version) && isset($definition_version[0]) && strlen($definition_version[0]) == 5) { if (!isset($GOTMLS_definitions_versions[$threat_level]) || $definition_version[0] > $GOTMLS_definitions_versions[$threat_level]) { $GOTMLS_definitions_versions[$threat_level] = $definition_version[0]; } } } } if (isset($_POST["UPDATE_definitions_array"]) && strlen($_POST["UPDATE_definitions_array"])) { if (strlen($_POST["UPDATE_definitions_array"]) > 1) { $GOTnew_definitions = maybe_unserialize(GOTMLS_decode($_POST["UPDATE_definitions_array"])); if (is_array($GOTnew_definitions)) { $GOTMLS_onLoad .= "updates_complete('Downloaded Definitions');"; } } elseif (($DEF = GOTMLS_get_URL(GOTMLS_update_home . 'definitions.php?ver=' . GOTMLS_Version . '&wp=' . $wp_version . '&ts=' . date("YmdHis") . '&d=' . ur1encode(GOTMLS_siteurl))) && ($GOT_definitions = GOTMLS_decode($DEF)) != serialize($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]) && is_array($GOTnew_definitions = maybe_unserialize($GOT_definitions)) && count($GOTnew_definitions)) { if (!(isset($_REQUEST["check"]) && is_array($_REQUEST["check"]))) { $_REQUEST["check"] = array(); } foreach ($GOTnew_definitions as $threat_level => $definition_names) { if (!isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["{$threat_level}"]) && !(is_array($GLOBALS["GOTMLS"]["tmp"]["settings"]["check"]) && in_array("{$threat_level}", $GLOBALS["GOTMLS"]["tmp"]["settings"]["check"])) && !in_array("{$threat_level}", $_REQUEST["check"])) { $_REQUEST["check"][] = "{$threat_level}"; } } $GLOBALS["GOTMLS"]["tmp"]["definitions_array"] = $GOTnew_definitions; $GOTnew_definitions = array(); $GOTMLS_onLoad .= "updates_complete('New Definitions Automatically Installed :-)');"; } else { $GOTnew_definitions = ""; } } //elseif (file_exists(GOTMLS_plugin_path.'definitions_update.txt')) $GOTnew_definitions = maybe_unserialize(GOTMLS_decode(file_get_contents(GOTMLS_plugin_path.'definitions_update.txt'))); if (isset($GOTnew_definitions) && is_array($GOTnew_definitions)) { $GLOBALS["GOTMLS"]["tmp"]["definitions_array"] = GOTMLS_array_replace_recursive($GLOBALS["GOTMLS"]["tmp"]["definitions_array"], $GOTnew_definitions); if (file_exists(GOTMLS_plugin_path . 'definitions_update.txt')) { @unlink(GOTMLS_plugin_path . 'definitions_update.txt'); } if (isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"])) { unset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"]); } update_option('GOTMLS_definitions_array', $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]); foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"] as $threat_level => $definition_names) { foreach ($definition_names as $definition_name => $definition_version) { if (is_array($definition_version) && isset($definition_version[0]) && strlen($definition_version[0]) == 5) { if (!isset($GOTMLS_definitions_versions[$threat_level]) || $definition_version[0] > $GOTMLS_definitions_versions[$threat_level]) { $GOTMLS_definitions_versions[$threat_level] = $definition_version[0]; } } } } } asort($GOTMLS_definitions_versions); $GLOBALS["GOTMLS"]["tmp"]["Definition"]["Updates"] = '?div=Definition_Updates'; foreach ($GOTMLS_definitions_versions as $definition_name => $GLOBALS["GOTMLS"]["tmp"]["Definition"]["Latest"]) { $GLOBALS["GOTMLS"]["tmp"]["Definition"]["Updates"] .= "&ver[{$definition_name}]=" . $GLOBALS["GOTMLS"]["tmp"]["Definition"]["Latest"]; } if (isset($_REQUEST["check"]) && is_array($_REQUEST["check"])) { $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"] = $_REQUEST["check"]; } /* $threat_names = array_keys($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"]); foreach ($threat_names as $threat_name) { if (isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"][$threat_name]) && is_array($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"][$threat_name]) && count($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"][$threat_name]) > 1) { if ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"][$threat_name][0] > $GOTMLS_definitions_version) $GOTMLS_definitions_version = $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"][$threat_name][0]; if (!(count($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"]) && in_array($threat_name, $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"]))) { $GLOBALS["GOTMLS"]["tmp"]["threat_levels"][$threat_name] = count($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"][$threat_name]); if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"]) && $GLOBALS["GOTMLS"]["tmp"]["threat_levels"][$threat_name] > 2) $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"] = "known"; } } }*/ if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"])) { $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"] = $GLOBALS["GOTMLS"]["tmp"]["threat_levels"]; update_option("GOTMLS_settings_array", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]); } if (isset($_POST["GOTMLS_fix"]) && !is_array($_POST["GOTMLS_fix"])) { $_POST["GOTMLS_fix"] = array($_POST["GOTMLS_fix"]); } GOTMLS_update_scan_log(array("settings" => $GLOBALS["GOTMLS"]["tmp"]["settings_array"])); if (isset($_POST['GOTMLS_whitelist']) && isset($_POST['GOTMLS_chksum'])) { $file = GOTMLS_decode($_POST['GOTMLS_whitelist']); $chksum = explode("O", $_POST['GOTMLS_chksum'] . "O"); if (strlen($chksum[0]) == 32 && strlen($chksum[1]) == 32 && is_file($file) && md5(@file_get_contents($file)) == $chksum[0]) { $filesize = @filesize($file); if (true) { if (!isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"][$file][0])) { $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"][$file][0] = "A0002"; } $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"][$file][$chksum[0] . 'O' . $filesize] = "A0002"; } else { unset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"][$file]); } update_option("GOTMLS_definitions_array", $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]); die(GOTMLS_html_tags(array("html" => array("body" => "Added {$file} to Whitelist!<br />\n<iframe style='width: 90%; height: 350px;' src='" . GOTMLS_plugin_home . "whitelist.html?whitelist=" . $_POST['GOTMLS_whitelist'] . "&hash={$chksum['0']}&size={$filesize}&key={$chksum['1']}'></iframe>")))); } else { echo "<li>Invalid Data!</li>"; } } elseif (isset($_GET["GOTMLS_scan"])) { $file = GOTMLS_decode($_GET["GOTMLS_scan"]); if (is_dir($file)) { @error_reporting(0); @header("Content-type: text/javascript"); if (isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"])) { $GLOBALS["GOTMLS"]["tmp"]["skip_ext"] = $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"]; } @ob_start(); echo GOTMLS_scandir($file); if (@ob_get_level()) { GOTMLS_flush(); @ob_end_flush(); } die('//END OF JavaScript'); } else { if (!file_exists($file)) { die(sprintf(__("The file %s does not exist.", 'gotmls'), $file) . "<br />\n" . (file_exists(GOTMLS_quarantine($file)) ? sprintf(__("You could <a %s>try viewing the quarantined backup file</a>.", 'gotmls'), 'target="GOTMLS_iFrame" href="' . GOTMLS_script_URI . '&GOTMLS_scan=' . GOTMLS_encode(GOTMLS_quarantine($file)) . '"') : __("The file must have already been delete.", 'gotmls')) . "<script type=\"text/javascript\">\nwindow.parent.showhide('GOTMLS_iFrame', true);\n</script>"); } else { $clean_file = $file; if (GOTMLS_get_ext($file) == 'gotmls' && dirname($file) == dirname(GOTMLS_quarantine($file))) { $clean_file = 'Quarantined: ' . GOTMLS_decode(array_pop(explode(".", '.' . substr($file, strlen(dirname($file)) + 1, -7)))); $_GET["eli"] = "quarantine"; } GOTMLS_scanfile($file); $fa = ""; $function = 'GOTMLS_decode'; $decode_list = array("Base64" => '/base64_decode\\([\'"]([0-9\\+\\/\\=a-z]+)[\'"]\\)/', "Hex" => '/(\\\\x[0-9a-f]{2})/'); if (isset($_GET[$function]) && is_array($_GET[$function])) { foreach ($_GET[$function] as $decode) { if (isset($decode_list[$decode])) { $GOTMLS_file_contents = preg_replace($decode_list[$decode] . substr($GLOBALS["GOTMLS"]["tmp"]["default_ext"], 0, 2), $function . $decode . '("\\1")', $GOTMLS_file_contents); $fa .= " {$decode} decoded"; } else { $fa .= " NO-{$decode}"; } } } elseif (isset($GOTMLS_threats_found) && is_array($GOTMLS_threats_found) && count($GOTMLS_threats_found)) { $f = 1; foreach ($GOTMLS_threats_found as $threats_found => $threats_name) { $fpos = 0; $flen = 0; $potential_threat = str_replace("\r", "", $threats_found); while (($fpos = strpos(str_replace("\r", "", $GOTMLS_file_contents), $potential_threat, $flen + $fpos)) !== false) { $flen = strlen($potential_threat); $fa .= ' <a title="' . htmlspecialchars($threats_name) . '" href="javascript:select_text_range(\'ta_file\', ' . $fpos . ', ' . ($fpos + $flen) . ');">[' . $f++ . ']</a>'; } if (0 == $flen) { $fa = 'ERROR[' . $f++ . ']: Threat_size{' . strlen($potential_threat) . '} } Content_size{' . strlen(str_replace("\r", "", $GOTMLS_file_contents)) . '}'; } } } else { $fa = " No Threats Found"; } foreach ($decode_list as $decode => $regex) { if (preg_match($regex . substr($GLOBALS["GOTMLS"]["tmp"]["default_ext"], 0, 1), $GOTMLS_file_contents)) { $fa .= ' <a href="' . GOTMLS_script_URI . '&' . $function . '[]=' . $decode . '">decode[' . $decode . ']</a>'; } } die("\n" . '<script type="text/javascript"> function select_text_range(ta_id, start, end) { ta_element = document.getElementById(ta_id); ta_element.focus(); if(ta_element.setSelectionRange) ta_element.setSelectionRange(start, end); else { var r = ta_element.createTextRange(); r.collapse(true); r.moveEnd(\'character\', end); r.moveStart(\'character\', start); r.select(); } } window.parent.showhide("GOTMLS_iFrame", true); </script><table style="top: 0px; left: 0px; width: 100%; height: 100%; position: absolute;"><tr><td style="width: 100%"><form style="margin: 0;" method="post"' . (is_file($clean_file) ? ' onsubmit="return confirm(\'' . __("Are you sure this file is not infected and you want to ignore it in future scans?", 'gotmls') . '\');"><input type="hidden" name="GOTMLS_whitelist" value="' . GOTMLS_encode($clean_file) . '"><input type="hidden" name="GOTMLS_chksum" value="' . md5($GOTMLS_file_contents) . 'O' . GOTMLS_installation_key . '"><input type="submit" value="Whitelist this file" style="float: right;">' : (is_file(GOTMLS_quarantine($clean_file)) ? ' >' : '>')) . '</form><div id="fileperms" class="shadowed-box rounded-corners" style="display: none; position: absolute; left: 8px; top: 29px; background-color: #ccc; border: medium solid #C00; box-shadow: -3px 3px 3px #666; border-radius: 10px; padding: 10px;"><b>File Details</b><br />encoding: ' . mb_detect_encoding($GOTMLS_file_contents) . '<br />size: ' . strlen($GOTMLS_file_contents) . ' (' . filesize($file) . 'bytes)<br />permissions: ' . GOTMLS_fileperms($file) . '<br />modified:' . date(" Y-m-d H:i:s ", filemtime($file)) . '<br />changed:' . date(" Y-m-d H:i:s ", filectime($file)) . '</div><div style="overflow: auto;"><span onmouseover="document.getElementById(\'fileperms\').style.display=\'block\';" onmouseout="document.getElementById(\'fileperms\').style.display=\'none\';">' . __("Potential threats in file:", 'gotmls') . '</span> (' . $fa . ' )</div></td></tr><tr><td style="height: 100%"><textarea id="ta_file" style="width: 100%; height: 100%">' . htmlentities(str_replace("\r", "", $GOTMLS_file_contents)) . '</textarea></td></tr></table>'); } } } elseif (isset($_REQUEST["GOTMLS_fix"]) && is_array($_REQUEST["GOTMLS_fix"]) && isset($_REQUEST["GOTMLS_fixing"]) && $_REQUEST["GOTMLS_fixing"]) { $callAlert = "clearTimeout(callAlert);\ncallAlert=setTimeout('alert_repaired(1)', 30000);"; $li_js = "\n<script type=\"text/javascript\">\nvar callAlert;\nfunction alert_repaired(failed) {\nclearTimeout(callAlert);\nif (failed)\nfilesFailed='the rest, try again to change more.';\nwindow.parent.check_for_donation('Changed '+filesFixed+' files, failed to change '+filesFailed);\n}\n{$callAlert}\nwindow.parent.showhide('GOTMLS_iFrame', true);\nfilesFixed=0;\nfilesFailed=0;\nfunction fixedFile(file) {\n filesFixed++;\nwindow.parent.document.getElementById('list_'+file).className='GOTMLS_plugin';\nwindow.parent.document.getElementById('check_'+file).checked=false;\n }\nfunction DeletedFile(file) {\n filesFixed++;\nwindow.parent.document.getElementById('list_'+file).style.display='none';\nwindow.parent.document.getElementById('check_'+file).checked=false;\n }\nfunction failedFile(file) {\n filesFailed++;\nwindow.parent.document.getElementById('check_'+file).checked=false; \n}\n</script>\n<script type=\"text/javascript\">\n/*<!--*" . "/"; @set_time_limit($GLOBALS["GOTMLS"]["tmp"]['execution_time'] * 2); foreach ($_REQUEST["GOTMLS_fix"] as $clean_file) { $path = realpath(GOTMLS_decode($clean_file)); if (is_file($path)) { if ($_REQUEST["GOTMLS_fixing"] > 1) { echo "<li>Deleting {$path} ... "; if (GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]) == substr($path, 0, strlen(GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]))) && @unlink($path)) { echo __("Deleted!", 'gotmls'); $li_js .= "/*-->*" . "/\nDeletedFile('{$clean_file}');\n/*<!--*" . "/"; } elseif (GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]) == substr($path, 0, strlen(GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]))) && is_file(dirname($path) . "/index.php") && ($GOTMLS_file_contents = @file_get_contents(dirname($path) . "/index.php")) && strlen($GOTMLS_file_contents) > 0 && GOTMLS_file_put_contents($path, $GOTMLS_file_contents) && (@rename($path, dirname($path) . "/index.php") || GOTMLS_file_put_contents($path, "") !== false)) { echo __("Removed file contents!", 'gotmls'); $li_js .= "/*-->*" . "/\nfixedFile('{$clean_file}');\n/*<!--*" . "/"; } else { echo __("Failed to delete!", 'gotmls'); $li_js .= "/*-->*" . "/\nfailedFile('{$clean_file}');\n/*<!--*" . "/"; } } else { echo "<li>Fixing {$path} ... "; $li_js .= GOTMLS_scanfile($path); } echo "</li>\n{$li_js}/*-->*" . "/\n{$callAlert}\n</script>\n"; $li_js = "<script type=\"text/javascript\">\n/*<!--*" . "/"; } else { echo "<li>" . __("File " . htmlentities($path) . " not found!", 'gotmls') . "</li>"; } } die('<div id="check_site_warning" style="background-color: #F00;">' . sprintf(__("Because some threats were automatically fixed we need to check to make sure the removal did not break your site. If this stays Red and the frame below does not load please <a %s>revert the changes</a> made during the automated fix process.", 'gotmls'), 'target="test_frame" href="admin.php?page=GOTMLS-View-Quarantine"') . ' <span style="color: #F00;">' . __("Never mind, it worked!", 'gotmls') . '</span></div><br /><iframe id="test_frame" name="test_frame" src="' . GOTMLS_script_URI . '&check_site=1" style="width: 100%; height: 200px"></iframe>' . $li_js . "/*-->*" . "/\nalert_repaired(0);\n</script>\n"); } elseif (isset($_REQUEST["GOTMLS_fixing"])) { die("<script type=\"text/javascript\">\nwindow.parent.showhide('GOTMLS_iFrame', true);\nalert('" . __("Nothing Selected to be Changed!", 'gotmls') . "');\n</script>" . __("Done!", 'gotmls')); } if (isset($_POST["scan_level"]) && is_numeric($_POST["scan_level"])) { $scan_level = intval($_POST["scan_level"]); } if (isset($scan_level) && is_numeric($scan_level)) { $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"] = intval($scan_level); } else { $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"] = count(explode('/', trailingslashit(get_option("siteurl")))) - 1; } $GLOBALS["GOTMLS_msg"] = __("Default position", 'gotmls'); $properties = array("body" => 'style="margin: 0; padding: 0;"'); if (isset($_GET["GOTMLS_msg"]) && $_GET["GOTMLS_msg"] == $GLOBALS["GOTMLS_msg"]) { $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"] = $GLOBALS["GOTMLS"]["tmp"]["default"]["msg_position"]; $gl = '><'; $properties["html"] = $gl . 'head' . $gl . 'script type="text/javascript"> if (curDiv = window.parent.document.getElementById("div_file")) { curDiv.style.left = "' . $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][0] . '"; curDiv.style.top = "' . $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][1] . '"; curDiv.style.height = "' . $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][2] . '"; curDiv.style.width = "' . $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][3] . '"; } </script' . $gl . '/head'; } elseif (isset($_GET["GOTMLS_x"]) || isset($_GET["GOTMLS_y"]) || isset($_GET["GOTMLS_h"]) || isset($_GET["GOTMLS_w"])) { if (isset($_GET["GOTMLS_x"])) { $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][0] = $_GET["GOTMLS_x"]; } if (isset($_GET["GOTMLS_y"])) { $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][1] = $_GET["GOTMLS_y"]; } if (isset($_GET["GOTMLS_h"])) { $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][2] = $_GET["GOTMLS_h"]; } if (isset($_GET["GOTMLS_w"])) { $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"][3] = $_GET["GOTMLS_w"]; } $_GET["GOTMLS_msg"] = __("New position", 'gotmls'); } update_option("GOTMLS_settings_array", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]); if (isset($_GET["GOTMLS_msg"])) { die(GOTMLS_html_tags(array("html" => array("body" => htmlentities($_GET["GOTMLS_msg"]) . ' ' . __("saved.", 'gotmls') . (implode($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"]) == implode($GLOBALS["GOTMLS"]["tmp"]["default"]["msg_position"]) ? "" : ' <a href="' . GOTMLS_script_URI . '&GOTMLS_msg=' . urlencode($GLOBALS["GOTMLS_msg"]) . '">[' . $GLOBALS["GOTMLS_msg"] . ']</a>'))), $properties)); } } }
function GOTMLS_scanfile($file) { global $wp_version, $wpdb, $GOTMLS_chmod_file, $GOTMLS_chmod_dir; $GLOBALS["GOTMLS"]["tmp"]["threats_found"] = array(); $gt = ">"; $lt = "<"; $found = false; $threat_link = ""; $className = "scanned"; $clean_file = GOTMLS_encode($file); $file_name = GOTMLS_explode_dir($file); $file_parts = explode(".", "." . array_pop($file_name)); if (is_file($file) && ($filesize = filesize($file)) && ($GLOBALS["GOTMLS"]["tmp"]["file_contents"] = @file_get_contents($file))) { if (isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]["{$wp_version}"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]["{$wp_version}"])) { $whitelist = array_flip($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]["{$wp_version}"]); } else { $whitelist = array(); } foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"] as $whitelist_file => $non_threats) { if (is_array($non_threats) && count($non_threats) > 1) { if (isset($non_threats[0])) { unset($non_threats[0]); } $whitelist = array_merge($whitelist, $non_threats); } } if (isset($whitelist[md5($GLOBALS["GOTMLS"]["tmp"]["file_contents"]) . 'O' . $filesize])) { return GOTMLS_return_threat($className, "checked.gif?{$className}", $file, $threat_link); } $GLOBALS["GOTMLS"]["tmp"]["new_contents"] = $GLOBALS["GOTMLS"]["tmp"]["file_contents"]; if (isset($GLOBALS["GOTMLS"]["log"]["settings"]["check_custom"]) && strlen($GLOBALS["GOTMLS"]["log"]["settings"]["check_custom"]) && isset($_GET['eli']) && substr($GLOBALS["GOTMLS"]["log"]["settings"]["check_custom"], 0, 1) == '/' && ($found = GOTMLS_check_threat($GLOBALS["GOTMLS"]["log"]["settings"]["check_custom"]))) { $className = "known"; } else { $path = str_replace("//", "/", "/" . str_replace("\\", "/", substr($file, strlen(ABSPATH)))); if (isset($_SESSION["GOTMLS_debug"])) { $_SESSION["GOTMLS_debug"]["file"] = $file; $_SESSION["GOTMLS_debug"]["last"]["total"] = microtime(true); } foreach ($GLOBALS["GOTMLS"]["tmp"]["threat_levels"] as $threat_level) { if (isset($_SESSION["GOTMLS_debug"])) { $_SESSION["GOTMLS_debug"]["threat_level"] = $threat_level; $_SESSION["GOTMLS_debug"]["last"]["threat_level"] = microtime(true); } if (in_array($threat_level, $GLOBALS["GOTMLS"]["log"]["settings"]["check"]) && !$found && isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"][$threat_level]) && ($threat_level != "wp_core" || substr($file, 0, strlen(ABSPATH)) == ABSPATH && isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]["{$wp_version}"]["{$path}"])) && (!array_key_exists($threat_level, $GLOBALS["GOTMLS"]["tmp"]["threat_files"]) || substr($file . "e", -1 * strlen($GLOBALS["GOTMLS"]["tmp"]["threat_files"][$threat_level] . "e")) == $GLOBALS["GOTMLS"]["tmp"]["threat_files"][$threat_level] . "e") && ($found = GOTMLS_check_threat($GLOBALS["GOTMLS"]["tmp"]["definitions_array"][$threat_level], $file))) { $className = $threat_level; } } if (isset($_SESSION["GOTMLS_debug"])) { $file_time = round(microtime(true) - $_SESSION["GOTMLS_debug"]["last"]["total"], 5); if (isset($_SESSION["GOTMLS_debug"]["total"]["total"])) { $_SESSION["GOTMLS_debug"]["total"]["total"] += $file_time; } else { $_SESSION["GOTMLS_debug"]["total"]["total"] = $file_time; } if (isset($_SESSION["GOTMLS_debug"]["total"]["count"])) { $_SESSION["GOTMLS_debug"]["total"]["count"]++; } else { $_SESSION["GOTMLS_debug"]["total"]["count"] = 1; } if (!isset($_SESSION["GOTMLS_debug"]["total"]["least"]) || $file_time < $_SESSION["GOTMLS_debug"]["total"]["least"]) { $_SESSION["GOTMLS_debug"]["total"]["least"] = $file_time; } if (!isset($_SESSION["GOTMLS_debug"]["total"]["most"]) || $file_time > $_SESSION["GOTMLS_debug"]["total"]["most"]) { $_SESSION["GOTMLS_debug"]["total"]["most"] = $file_time; } } } } else { $GLOBALS["GOTMLS"]["tmp"]["file_contents"] = is_file($file) ? is_readable($file) ? filesize($file) ? __("Failed to read file contents!", 'gotmls') : __("Empty file!", 'gotmls') : (isset($_GET["eli"]) ? @chmod($file, $GOTMLS_chmod_file) ? __("Fixed file permissions! (try again)", 'gotmls') : __("File permissions read-only!", 'gotmls') : __("File not readable!", 'gotmls')) : __("File does not exist!", 'gotmls'); // $threat_link = GOTMLS_error_link($GLOBALS["GOTMLS"]["tmp"]["file_contents"], $file); $className = "errors"; } if (count($GLOBALS["GOTMLS"]["tmp"]["threats_found"])) { $threat_link = $lt . 'a target="GOTMLS_iFrame" href="' . admin_url('admin-ajax.php?action=GOTMLS_scan&' . GOTMLS_set_nonce(__FUNCTION__ . "431") . '&mt=' . $GLOBALS["GOTMLS"]["tmp"]["mt"] . '&GOTMLS_scan=' . $clean_file . preg_replace('/\\&(GOTMLS_scan|mt|GOTMLS_mt|action)=/', '&last_\\1=', isset($_SERVER["QUERY_STRING"]) && strlen($_SERVER["QUERY_STRING"]) ? "&" . $_SERVER["QUERY_STRING"] : "")) . '" id="list_' . $clean_file . '" onclick="loadIframe(\'' . str_replace("\"", """, $lt . 'div style="float: left; white-space: nowrap;"' . $gt . __("Examine File", 'gotmls') . ' ... ' . $lt . '/div' . $gt . $lt . 'div style="overflow: hidden; position: relative; height: 20px;"' . $gt . $lt . 'div style="position: absolute; right: 0px; text-align: right; width: 9000px;"' . $gt . htmlspecialchars(GOTMLS_strip4java($file), ENT_NOQUOTES)) . $lt . '/div' . $gt . $lt . '/div' . $gt . '\');" class="GOTMLS_plugin"' . $gt; if ($className == "errors") { $threat_link = GOTMLS_error_link($GLOBALS["GOTMLS"]["tmp"]["file_contents"], $file); $imageFile = "/blocked"; } elseif ($className != "potential") { if (isset($_POST["GOTMLS_fix"]) && is_array($_POST["GOTMLS_fix"]) && in_array($clean_file, $_POST["GOTMLS_fix"])) { if (GOTMLS_get_nonce()) { if ($className == "timthumb") { if (($source = GOTMLS_get_URL("http://{$className}.googlecode.com/svn/trunk/{$className}.php")) && strlen($source) > 500) { $GLOBALS["GOTMLS"]["tmp"]["new_contents"] = $source; } else { $GLOBALS["GOTMLS"]["tmp"]["file_contents"] = ""; } } elseif ($className == 'wp_core') { $path = str_replace("//", "/", "/" . str_replace("\\", "/", substr($file, strlen(ABSPATH)))); if (substr($file, 0, strlen(ABSPATH)) == ABSPATH && isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]["{$wp_version}"]["{$path}"]) && $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]["{$wp_version}"]["{$path}"] != md5($GLOBALS["GOTMLS"]["tmp"]["file_contents"]) . "O" . strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]) && ($source = GOTMLS_get_URL("http://core.svn.wordpress.org/tags/{$wp_version}{$path}")) && $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]["{$wp_version}"]["{$path}"] == md5($source) . "O" . strlen($source)) { $GLOBALS["GOTMLS"]["tmp"]["new_contents"] = $source; } else { $GLOBALS["GOTMLS"]["tmp"]["file_contents"] = ""; } } else { $GOTMLS_no_contents = trim(preg_replace('/\\/\\*.*?\\*\\/\\s*/s', "", $GLOBALS["GOTMLS"]["tmp"]["new_contents"])); $GOTMLS_no_contents = trim(preg_replace('/\\n\\s*\\/\\/.*/', "", $GOTMLS_no_contents)); $GOTMLS_no_contents = trim(preg_replace('/' . $lt . '\\?(php)?\\s*(\\?' . $gt . '|$)/is', "", $GOTMLS_no_contents)); if (strlen($GOTMLS_no_contents)) { $GLOBALS["GOTMLS"]["tmp"]["new_contents"] = trim(preg_replace('/' . $lt . '\\?(php)?\\s*(\\?' . $gt . '|$)/is', "", $GLOBALS["GOTMLS"]["tmp"]["new_contents"])); } else { $GLOBALS["GOTMLS"]["tmp"]["new_contents"] = ""; } } if (strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]) > 0 && ($Q_post = GOTMLS_write_quarantine($file, $className)) !== false && (strlen($GLOBALS["GOTMLS"]["tmp"]["new_contents"]) == 0 && isset($_GET["eli"]) && @unlink($file) || ($Write_File = GOTMLS_file_put_contents($file, $GLOBALS["GOTMLS"]["tmp"]["new_contents"])) !== false)) { echo __("Success!", 'gotmls'); return "/*--{$gt}*" . "/\nfixedFile('{$clean_file}');\n/*{$lt}!--*" . "/"; } else { echo __("Failed:", 'gotmls') . ' ' . (strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]) ? is_writable(dirname($file)) && is_writable($file) ? $Q_post === false ? __("failed to quarantine!", 'gotmls') . " (" . $wpdb->last_error . ")" : (isset($Write_File) && $Write_File ? "Q={$Q_post}: " . __("reason unknown!", 'gotmls') : "Q={$Q_post}: " . __("failed to write!", 'gotmls')) : __("file not writable!", 'gotmls') : __("no file contents!", 'gotmls')); if (isset($_GET["eli"])) { echo 'uid=' . getmyuid() . '(' . get_current_user() . '),gid=' . getmygid() . ($lt . 'br' . $gt . $lt . 'pre' . $gt . 'file_stat' . print_r(stat($file), true)); } return "/*--{$gt}*" . "/\nfailedFile('{$clean_file}');\n/*{$lt}!--*" . "/"; } } else { echo GOTMLS_Invalid_Nonce(__("Failed: ", 'gotmls')); return "/*--{$gt}*" . "/\nfailedFile('{$clean_file}');\n/*{$lt}!--*" . "/"; } } $threat_link = $lt . 'input type="checkbox" name="GOTMLS_fix[]" value="' . $clean_file . '" id="check_' . $clean_file . ($className != "wp_core" ? '" checked="' . $className : '') . '" /' . $gt . $threat_link; $imageFile = "threat"; } elseif (isset($_POST["GOTMLS_fix"]) && is_array($_POST["GOTMLS_fix"]) && in_array($clean_file, $_POST["GOTMLS_fix"])) { echo __("Already Fixed!", 'gotmls'); return "/*-->*" . "/\nfixedFile('{$clean_file}');\n/*<!--*" . "/"; } else { $imageFile = "question"; } return GOTMLS_return_threat($className, $imageFile, $file, str_replace("GOTMLS_plugin", "GOTMLS_plugin {$className}", $threat_link)); } elseif (isset($_POST["GOTMLS_fix"]) && is_array($_POST["GOTMLS_fix"]) && in_array($clean_file, $_POST["GOTMLS_fix"])) { echo __("Already Fixed!", 'gotmls'); return "/*--{$gt}*" . "/\nfixedFile('{$clean_file}');\n/*{$lt}!--*" . "/"; } else { return GOTMLS_return_threat($className, ($className == "scanned" ? "checked" : "blocked") . ".gif?{$className}", $file, $threat_link); } }