function GOTMLS_settings() { global $current_user, $wp_version, $GOTMLS_scanfiles, $GOTMLS_skip_dirs, $GOTMLS_dirs_at_depth, $GOTMLS_dir_at_depth; $GOTMLS_scan_groups = array(); $gt = ">"; $lt = "<"; $dirs = GOTMLS_explode_dir(__FILE__); for ($SL = 0; $SL < intval($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"]); $SL++) { $GOTMLS_scan_groups[] = $lt . 'b' . $gt . implode(GOTMLS_slash(), array_slice($dirs, -1 * (3 + $SL), 1)) . $lt . '/b' . $gt; } if (isset($_POST["check"])) { $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"] = $_POST["check"]; } if (isset($_POST["exclude_ext"])) { if (strlen(trim(str_replace(",", "", $_POST["exclude_ext"]) . ' ')) > 0) { $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"] = preg_split('/[\\s]*([,]+[\\s]*)+/', trim(str_replace('.', ',', htmlentities($_POST["exclude_ext"]))), -1, PREG_SPLIT_NO_EMPTY); } else { $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"] = array(); } } $default_exclude_ext = str_replace(",gotmls", "", implode(",", $GLOBALS["GOTMLS"]["tmp"]["skip_ext"])); $GLOBALS["GOTMLS"]["tmp"]["skip_ext"] = $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"]; if (isset($_POST["UPDATE_definitions_checkbox"])) { if (isset($_POST[$_POST["UPDATE_definitions_checkbox"]]) && $_POST[$_POST["UPDATE_definitions_checkbox"]] == 1) { $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["auto_UPDATE_definitions"] = 1; } else { $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["auto_UPDATE_definitions"] = ""; } } if (isset($_POST["exclude_dir"])) { if (strlen(trim(str_replace(",", "", $_POST["exclude_dir"]) . ' ')) > 0) { $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_dir"] = preg_split('/[\\s]*([,]+[\\s]*)+/', trim(htmlentities($_POST["exclude_dir"])), -1, PREG_SPLIT_NO_EMPTY); } else { $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_dir"] = array(); } for ($d = 0; $d < count($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_dir"]); $d++) { if (dirname($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_dir"][$d]) != ".") { $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_dir"][$d] = str_replace("\\", "", str_replace("/", "", str_replace(dirname($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_dir"][$d]), "", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_dir"][$d]))); } } } $GOTMLS_skip_dirs = array_merge($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_dir"], $GOTMLS_skip_dirs); if (isset($_POST["scan_what"]) && is_numeric($_POST["scan_what"]) && $_POST["scan_what"] != $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_what"]) { $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_what"] = $_POST["scan_what"]; } if (isset($_POST["check_custom"]) && $_POST["check_custom"] != $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check_custom"]) { $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check_custom"] = stripslashes($_POST["check_custom"]); } if (isset($_POST["scan_depth"]) && is_numeric($_POST["scan_depth"]) && $_POST["scan_depth"] != $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_depth"]) { $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_depth"] = $_POST["scan_depth"]; } if (isset($_POST['check_htaccess']) && is_numeric($_POST['check_htaccess']) && $_POST['check_htaccess'] != $GLOBALS["GOTMLS"]["tmp"]["settings_array"]['check_htaccess']) { $GLOBALS["GOTMLS"]["tmp"]["settings_array"]['check_htaccess'] = $_POST['check_htaccess']; } if (isset($_POST['check_timthumb']) && is_numeric($_POST['check_timthumb']) && $_POST['check_timthumb'] != $GLOBALS["GOTMLS"]["tmp"]["settings_array"]['check_timthumb']) { $GLOBALS["GOTMLS"]["tmp"]["settings_array"]['check_timthumb'] = $_POST['check_timthumb']; } if (isset($_POST['check_wp_core']) && is_numeric($_POST['check_wp_core']) && $_POST['check_wp_core'] != $GLOBALS["GOTMLS"]["tmp"]["settings_array"]['check_wp_core']) { $GLOBALS["GOTMLS"]["tmp"]["settings_array"]['check_wp_core'] = $_POST['check_wp_core']; } if (isset($_POST['check_known']) && is_numeric($_POST['check_known']) && $_POST['check_known'] != $GLOBALS["GOTMLS"]["tmp"]["settings_array"]['check_known']) { $GLOBALS["GOTMLS"]["tmp"]["settings_array"]['check_known'] = $_POST['check_known']; } if (isset($_POST['check_potential']) && is_numeric($_POST['check_potential']) && $_POST['check_potential'] != $GLOBALS["GOTMLS"]["tmp"]["settings_array"]['check_potential']) { $GLOBALS["GOTMLS"]["tmp"]["settings_array"]['check_potential'] = $_POST['check_potential']; } if (isset($_POST['skip_quarantine']) && $_POST['skip_quarantine']) { $GLOBALS["GOTMLS"]["tmp"]["settings_array"]['skip_quarantine'] = $_POST['skip_quarantine']; } elseif (isset($_POST["exclude_ext"])) { $GLOBALS["GOTMLS"]["tmp"]["settings_array"]['skip_quarantine'] = 0; } GOTMLS_update_scan_log(array("settings" => $GLOBALS["GOTMLS"]["tmp"]["settings_array"])); $scan_whatopts = ''; $scan_optjs = "\n{$lt}script type=\"text/javascript\"{$gt}\nfunction showOnly(what) {\n"; foreach ($GOTMLS_scan_groups as $mg => $GOTMLS_scan_group) { $scan_optjs .= "document.getElementById('only{$mg}').style.display = 'none';\n"; $scan_whatopts = "\n{$lt}/div{$gt}\n{$lt}/div{$gt}\n{$scan_whatopts}"; $dir = implode(GOTMLS_slash(), array_slice($dirs, 0, -1 * (2 + $mg))); $files = GOTMLS_getfiles($dir); if (is_array($files)) { foreach ($files as $file) { if (is_dir(GOTMLS_trailingslashit($dir) . $file)) { $scan_whatopts = $lt . 'input type="checkbox" name="scan_only[]" value="' . $file . '" /' . $gt . $file . $lt . 'br /' . $gt . $scan_whatopts; } } } $scan_whatopts = "\n{$lt}" . 'div style="padding: 4px 30px;" id="scan_group_div_' . $mg . '"' . $gt . $lt . 'input type="radio" name="scan_what" id="not-only' . $mg . '" value="' . $mg . '"' . ($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_what"] == $mg ? ' checked' : '') . ' /' . $gt . $lt . 'a style="text-decoration: none;" href="#scan_what" onclick="showOnly(\'' . $mg . '\');document.getElementById(\'not-only' . $mg . '\').checked=true;"' . "{$gt}{$GOTMLS_scan_group}{$lt}/a{$gt}{$lt}br /{$gt}\n{$lt}" . 'div class="rounded-corners" style="position: absolute; display: none; background-color: #CCF; margin: 0; padding: 10px; z-index: 10;" id="only' . $mg . '"' . $gt . $lt . 'div style="padding-bottom: 6px;"' . $gt . GOTMLS_close_button('only' . $mg, 0) . $lt . 'b' . $gt . str_replace(" ", " ", __("Only Scan These Folders:", 'gotmls')) . $lt . '/b' . $gt . $lt . '/div' . $gt . $scan_whatopts; } $scan_optjs .= "document.getElementById('only'+what).style.display = 'block';\n}" . (isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["auto_UPDATE_definitions"]) && $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["auto_UPDATE_definitions"] ? "\nfunction auto_UPDATE_check() {\n\tif (auto_UPdef_check = document.getElementById('auto_UPDATE_definitions_check'))\n\t\tauto_UPdef_check.checked = true;\n}\nif (window.addEventListener)\n\twindow.addEventListener('load', auto_UPDATE_check)\nelse\n\tdocument.attachEvent('onload', auto_UPDATE_check);\n" : "") . "{$lt}/script{$gt}"; $scan_opts = "\n{$lt}" . 'form method="POST" name="GOTMLS_Form" action="' . str_replace('&mt=', '&last_mt=', str_replace('&scan_type=', '&last_type=', GOTMLS_script_URI)) . '"' . $gt . $lt . 'input type="hidden" name="scan_type" id="scan_type" value="Complete Scan" /' . $gt . ' ' . $lt . 'div style="float: left;"' . $gt . $lt . 'p' . $gt . $lt . 'b' . $gt . __("What to look for:", 'gotmls') . $lt . '/b' . $gt . $lt . '/p' . $gt . ' ' . $lt . 'div style="padding: 0 30px;"' . $gt; foreach ($GLOBALS["GOTMLS"]["tmp"]["threat_levels"] as $threat_level_name => $threat_level) { $scan_opts .= $lt . 'div style="padding: 0; position: relative;" id="check_' . $threat_level . '_div"' . $gt; if ($threat_level != "wp_core" && isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"][$threat_level]) || isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"][$threat_level]["{$wp_version}"])) { $scan_opts .= $lt . 'input type="checkbox" name="check[]" id="check_' . $threat_level . '_Yes" value="' . $threat_level . '"' . (in_array($threat_level, $GLOBALS["GOTMLS"]["log"]["settings"]["check"]) ? ' checked' : '') . ' /' . $gt . ' ' . $lt . 'a style="text-decoration: none;" href="#check_' . $threat_level . '_div_0" onclick="document.getElementById(\'check_' . $threat_level . '_Yes\').checked=true;showhide(\'dont_check_' . $threat_level . '\');"' . "{$gt}{$lt}b{$gt}{$threat_level_name}{$lt}/b{$gt}{$lt}/a{$gt}\n"; if (isset($_GET["SESSION"])) { if (isset($_SESSION["GOTMLS_debug"][$threat_level])) { print_r($_SESSION["GOTMLS_debug"][$threat_level], 1); } $scan_opts .= "\n{$lt}" . 'div style="padding: 0 20px; position: relative; top: -18px; display: none;" id="dont_check_' . $threat_level . '"' . $gt . $lt . 'a class="rounded-corners" style="position: absolute; left: 0; margin: 0; padding: 0 4px; text-decoration: none; color: #C00; background-color: #FCC; border: solid #F00 1px;" href="#check_' . $threat_level . '_div_0" onclick="showhide(\'dont_check_' . $threat_level . '\');"' . $gt . 'X' . $lt . '/a' . $gt; foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"][$threat_level] as $threat_name => $threat_regex) { $scan_opts .= $lt . "br /{$gt}\n{$lt}" . 'input type="checkbox" name="dont_check[]" value="' . htmlspecialchars($threat_name) . '"' . (in_array($threat_name, $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"]) ? ' checked /' . $gt . $lt . 'script' . $gt . 'showhide("dont_check_' . $threat_level . '", true);' . $lt . '/script' . $gt : ' /' . $gt) . (isset($_SESSION["GOTMLS_debug"][$threat_name]) ? print_r($_SESSION["GOTMLS_debug"][$threat_name], 1) : "") . $threat_name; } $scan_opts .= "\n{$lt}/div{$gt}"; } } else { $scan_opts .= $lt . 'a title="' . __("Download Definition Updates to Use this feature", 'gotmls') . '"' . $gt . $lt . 'img src="' . GOTMLS_images_path . 'blocked.gif" height=16 width=16 alt="X"' . $gt . $lt . 'b' . $gt . ' ' . $threat_level_name . $lt . '/b' . $gt . $lt . 'br /' . $gt . $lt . 'div style="padding: 14px;" id="check_' . $threat_level . '_div_NA"' . $gt . $lt . 'span style="color: #F00"' . $gt . __("Download the new definitions (Right sidebar) to activate this feature.", 'gotmls') . "{$lt}/span{$gt}{$lt}/div{$gt}"; } $scan_opts .= "\n{$lt}/div{$gt}"; } $scan_opts .= $lt . '/div' . $gt . $lt . '/div' . $gt . ' ' . $lt . 'div style="float: left;"' . $gt . $lt . 'p' . $gt . $lt . 'b' . $gt . __("What to scan:", 'gotmls') . $lt . '/b' . $gt . $lt . '/p' . $gt . $scan_whatopts . $scan_optjs . $lt . '/div' . $gt . ' ' . $lt . 'div style="float: left;" id="scanwhatfolder"' . $gt . $lt . '/div' . $gt . ' ' . $lt . 'div style="float: left;"' . $gt . $lt . 'p' . $gt . $lt . 'b' . $gt . __("Scan Depth:", 'gotmls') . $lt . '/b' . $gt . $lt . '/p' . $gt . ' ' . $lt . 'div style="padding: 0 30px;"' . $gt . $lt . 'input type="text" value="' . $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_depth"] . '" name="scan_depth" size="5"' . $gt . $lt . 'br /' . $gt . __("how far to drill down", 'gotmls') . $lt . 'br /' . $gt . '(' . __("-1 is infinite depth", 'gotmls') . ')' . $lt . '/div' . $gt . $lt . '/div' . $gt . $lt . 'br style="clear: left;"' . $gt; if (isset($_GET["SESSION"]) && isset($_SESSION["GOTMLS_debug"]['total'])) { $scan_opts .= print_r($_SESSION["GOTMLS_debug"]['total'], 1); unset($_SESSION["GOTMLS_debug"]); } if (isset($_GET["eli"])) { //still testing this option $scan_opts .= "\n{$lt}" . 'div style="padding: 10px;"' . $gt . $lt . 'p' . $gt . $lt . 'b' . $gt . __("Custom RegExp:", 'gotmls') . $lt . '/b' . $gt . ' (' . __("For very advanced users only. Do not use this without talking to Eli first. If used incorrectly you could easily break your site.", 'gotmls') . ')' . $lt . '/p' . $gt . $lt . 'input type="text" name="check_custom" style="width: 100%;" value="' . htmlspecialchars($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check_custom"]) . '" /' . $gt . $lt . '/div' . $gt; } $scan_opts .= "\n{$lt}" . 'p' . $gt . $lt . 'b' . $gt . __("Skip files with the following extentions:", 'gotmls') . "{$lt}/b{$gt}" . ($default_exclude_ext != implode(",", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"]) ? " {$lt}a href=\"javascript:void(0);\" onclick=\"document.getElementById('exclude_ext').value = '{$default_exclude_ext}';\"{$gt}[Restore Defaults]{$gt}/a{$gt}" : "") . $lt . '/p' . $gt . ' ' . $lt . 'div style="padding: 0 30px;"' . $gt . $lt . 'input type="text" placeholder="' . __("a comma separated list of file extentions to skip", 'gotmls') . '" name="exclude_ext" id="exclude_ext" value="' . implode(",", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"]) . '" style="width: 100%;" /' . $gt . $lt . '/div' . $gt . ' ' . $lt . 'p' . $gt . $lt . 'b' . $gt . __("Skip directories with the following names:", 'gotmls') . $lt . '/b' . $gt . $lt . '/p' . $gt . ' ' . $lt . 'div style="padding: 0 30px;"' . $gt . $lt . 'input type="text" placeholder="' . __("a folder name or comma separated list of folder names to skip", 'gotmls') . '" name="exclude_dir" value="' . implode(",", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_dir"]) . '" style="width: 100%;" /' . $gt . $lt . '/div' . $gt . ' ' . $lt . 'table style="width: 100%" cellspacing="10"' . $gt . $lt . 'tr' . $gt . $lt . 'td nowrap valign="top" style="white-space: nowrap; width: 1px; border-bottom: #F00 solid 2px;"' . $gt . $lt . 'b' . $gt . __("Automatically Update Definitions:", 'gotmls') . $lt . '/b' . $gt . $lt . '/td' . $gt . $lt . 'td colspan=2 style="border-bottom: #F00 solid 2px;"' . $gt . $lt . 'div id="UPDATE_definitions_div"' . $gt . $lt . 'span style="color: #C00;"' . $gt . __("This new BETA feature is only available to registered users who have donated at a certain level.", 'gotmls') . "{$lt}/span{$gt}{$lt}/div{$gt}{$lt}/td{$gt}{$lt}/tr{$gt}{$lt}tr{$gt}{$lt}td nowrap{$gt}\n{$lt}b{$gt}" . GOTMLS_Skip_Quarantine_LANGUAGE . $lt . '/b' . $gt . $lt . '/td' . $gt . $lt . 'td' . $gt . $lt . 'input type="checkbox" name="skip_quarantine" value="1"' . (isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["skip_quarantine"]) && $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["skip_quarantine"] ? " checked" : "") . '' . $gt . $lt . '/td' . $gt . $lt . 'td align="right" valign="bottom"' . $gt . $lt . 'input type="submit" id="complete_scan" value="' . __("Run Complete Scan", 'gotmls') . '" class="button-primary" /' . "{$gt}{$lt}/td{$gt}{$lt}/tr{$gt}{$lt}/table{$gt}{$lt}/form{$gt}"; @ob_start(); $OB_default_handlers = array("default output handler", "zlib output compression"); $OB_handlers = @ob_list_handlers(); if (is_array($OB_handlers) && count($OB_handlers)) { foreach ($OB_handlers as $OB_last_handler) { if (!in_array($OB_last_handler, $OB_default_handlers)) { echo $lt . 'div class="error"' . $gt . sprintf(__("Another Plugin or Theme is using '%s' to handle output buffers. <br />This prevents actively outputing the buffer on-the-fly and will severely degrade the performance of this (and many other) Plugins. <br />Consider disabling caching and compression plugins (at least during the scanning process).", 'gotmls'), $OB_last_handler) . "{$lt}/div{$gt}"; } } } GOTMLS_display_header(); $scan_groups = array_merge(array(__("Scanned Files", 'gotmls') => "scanned", __("Selected Folders", 'gotmls') => "dirs", __("Scanned Folders", 'gotmls') => "dir", __("Skipped Folders", 'gotmls') => "skipdirs", __("Skipped Files", 'gotmls') => "skipped", __("Read/Write Errors", 'gotmls') => "errors", __("Quarantined Files", 'gotmls') => "bad"), $GLOBALS["GOTMLS"]["tmp"]["threat_levels"]); echo $lt . 'script type="text/javascript"> var percent = 0; function changeFavicon(percent) { var oldLink = document.getElementById("wait_gif"); if (oldLink) { if (percent >= 100) { document.getElementsByTagName("head")[0].removeChild(oldLink); var link = document.createElement("link"); link.id = "wait_gif"; link.type = "image/gif"; link.rel = "shortcut icon"; var threats = ' . implode(" + ", array_merge($GLOBALS["GOTMLS"]["tmp"]["threat_levels"], array(__("Potential Threats", 'gotmls') => "errors", __("WP-Login Updates", 'gotmls') => "errors"))) . '; if (threats > 0) { if ((errors * 2) == threats) linkhref = "blocked"; else linkhref = "threat"; } else linkhref = "checked"; link.href = "' . GOTMLS_images_path . '"+linkhref+".gif"; document.getElementsByTagName("head")[0].appendChild(link); } } else { var icons = document.getElementsByTagName("link"); var link = document.createElement("link"); link.id = "wait_gif"; link.type = "image/gif"; link.rel = "shortcut icon"; link.href = "' . GOTMLS_images_path . 'wait.gif"; // document.head.appendChild(link); document.getElementsByTagName("head")[0].appendChild(link); } } function update_status(title, time) { sdir = (dir+direrrors); if (arguments[2] >= 0 && arguments[2] <= 100) percent = arguments[2]; else percent = Math.floor((sdir*100)/dirs); scan_state = "6F6"; if (percent == 100) { showhide("pause_button", true); showhide("pause_button"); title = "' . $lt . 'b' . $gt . __("Scan Complete!", 'gotmls') . $lt . '/b' . $gt . '"; } else scan_state = "99F"; changeFavicon(percent); if (sdir) { if (arguments[2] >= 0 && arguments[2] <= 100) timeRemaining = Math.ceil(((time-startTime)*(100/percent))-(time-startTime)); else timeRemaining = Math.ceil(((time-startTime)*(dirs/sdir))-(time-startTime)); if (timeRemaining > 59) timeRemaining = Math.ceil(timeRemaining/60)+" Minute"; else timeRemaining += " Second"; if (timeRemaining.substr(0, 2) != "1 ") timeRemaining += "s"; } else timeRemaining = "Calculating Time"; timeElapsed = Math.ceil(time); if (timeElapsed > 59) timeElapsed = Math.floor(timeElapsed/60)+" Minute"; else timeElapsed += " Second"; if (timeElapsed.substr(0, 2) != "1 ") timeElapsed += "s"; divHTML = \'' . $lt . 'div align="center" style="vertical-align: middle; background-color: #ccc; z-index: 3; height: 18px; width: 100%; border: solid #000 1px; position: relative; padding: 10px 0;"' . $gt . $lt . 'div style="height: 18px; padding: 10px 0; position: absolute; top: 0px; left: 0px; background-color: #\'+scan_state+\'; width: \'+percent+\'%"' . $gt . $lt . '/div' . $gt . $lt . 'div style="height: 32px; position: absolute; top: 3px; left: 10px; z-index: 5; line-height: 16px;" align="left"' . $gt . '\'+sdir+" Folder"+(sdir==1?"":"s")+" Checked' . $lt . 'br /' . $gt . '"+timeElapsed+\' Elapsed' . $lt . '/div' . $gt . $lt . 'div style="height: 38px; position: absolute; top: 0px; left: 0px; width: 100%; z-index: 5; line-height: 38px; font-size: 30px; text-align: center;"' . $gt . '\'+percent+\'%' . $lt . '/div' . $gt . $lt . 'div style="height: 32px; position: absolute; top: 3px; right: 10px; z-index: 5; line-height: 16px;" align="right"' . $gt . '\'+(dirs-sdir)+" Folder"+((dirs-sdir)==1?"":"s")+" Remaining' . $lt . 'br /' . $gt . '"+timeRemaining+" Remaining' . $lt . '/div' . $gt . $lt . '/div' . $gt . '"; document.getElementById("status_bar").innerHTML = divHTML; document.getElementById("status_text").innerHTML = title; dis="none"; divHTML = \'' . $lt . 'ul style="float: right; margin: 0 20px; text-align: right;"' . $gt . '\'; /*' . $lt . '!--*' . '/'; $MAX = 0; $vars = "var i, intrvl, direrrors=0"; $fix_button_js = ""; $found = ""; $li_js = "return false;"; foreach ($scan_groups as $scan_name => $scan_group) { $vars .= ", {$scan_group}=0"; if ($MAX++ == 6) { echo "/*--{$gt}*" . "/\n\tif ({$scan_group} > 0)\n\t\tscan_state = ' potential'; \n\telse\n\t\tscan_state = '';\n\tdivHTML += '</ul><ul style=\"text-align: left;\"><li class=\"GOTMLS_li\"><a href=\"admin.php?page=GOTMLS-View-Quarantine\" class=\"GOTMLS_plugin" . (isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["skip_quarantine"]) && $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["skip_quarantine"] ? " potential\" title=\"" . GOTMLS_Skip_Quarantine_LANGUAGE : "'+scan_state+'\" title=\"" . GOTMLS_View_Quarantine_LANGUAGE) . "\">'+{$scan_group}+' '+({$scan_group}==1?('{$scan_name}').slice(0,-1):'{$scan_name}')+'</a></li>';\n/*{$lt}!--*" . "/"; $found = "Found "; $fix_button_js = "\n\t\tdis='block';"; } else { if ($found && !in_array($scan_group, $GLOBALS["GOTMLS"]["log"]["settings"]["check"])) { $potential_threat = ' potential" title="' . __("You are not currently scanning for this type of threat!", 'gotmls'); } else { $potential_threat = ""; } echo "/*--{$gt}*" . "/\n\tif ({$scan_group} > 0) {\n\t\tscan_state = ' href=\"#found_{$scan_group}\" onclick=\"{$li_js} showhide(\\'found_{$scan_group}\\', true);\" class=\"GOTMLS_plugin {$scan_group}\"';{$fix_button_js}" . ($MAX > 6 ? "\n\tshowhide('found_{$scan_group}', true);" : "") . "\n\t} else\n\t\tscan_state = ' class=\"GOTMLS_plugin{$potential_threat}\"';\n\tdivHTML += '<li class=\"GOTMLS_li\"><a'+scan_state+'>{$found}'+{$scan_group}+' '+({$scan_group}==1?('{$scan_name}').slice(0,-1):'{$scan_name}')+'</a></li>';\n/*{$lt}!--*" . "/"; } $li_js = ""; if ($MAX > 11) { $fix_button_js = ""; } } echo "/*--{$gt}*" . '/ document.getElementById("status_counts").innerHTML = divHTML+"' . $lt . '/ul' . $gt . '"; document.getElementById("fix_button").style.display = dis; } ' . $vars . '; function showOnly(what) { document.getElementById("only_what").innerHTML = document.getElementById("only"+what).innerHTML; } var startTime = 0; ' . $lt . '/script' . $gt . GOTMLS_box(GOTMLS_Scan_Settings_LANGUAGE, $scan_opts); if (isset($_REQUEST["scan_what"]) && is_numeric($_REQUEST["scan_what"]) && $_REQUEST["scan_what"] > -1) { if (!isset($_REQUEST["scan_type"])) { $_REQUEST["scan_type"] = "Complete Scan"; } update_option('GOTMLS_settings_array', $GLOBALS["GOTMLS"]["tmp"]["settings_array"]); foreach ($_POST as $name => $value) { if (substr($name, 0, 10) != 'GOTMLS_fix') { if (is_array($value)) { foreach ($value as $val) { echo $lt . 'input type="hidden" name="' . $name . '[]" value="' . htmlspecialchars($val) . '"' . $gt; } } else { echo $lt . 'input type="hidden" name="' . $name . '" value="' . htmlspecialchars($value) . '"' . $gt; } } } echo "\n{$lt}" . 'form method="POST" target="GOTMLS_iFrame" name="GOTMLS_Form_clean"' . $gt . $lt . 'input type="hidden" id="GOTMLS_fixing" name="GOTMLS_fixing" value="1"' . $gt . ' ' . $lt . 'script type="text/javascript"' . $gt . ' showhide("inside_' . md5(GOTMLS_Scan_Settings_LANGUAGE) . '"); ' . $lt . '/script' . $gt . GOTMLS_box(htmlentities($_REQUEST["scan_type"]) . ' Status', $lt . 'div id="status_text"' . $gt . $lt . 'img src="' . GOTMLS_images_path . 'wait.gif" height=16 width=16 alt="..."' . $gt . ' ' . GOTMLS_Loading_LANGUAGE . $lt . '/div' . $gt . $lt . 'div id="status_bar"' . $gt . $lt . '/div' . $gt . $lt . 'p id="pause_button" style="display: none; position: absolute; left: 0; text-align: center; margin-left: -30px; padding-left: 50%;"' . $gt . $lt . 'input type="button" value="Pause" class="button-primary" onclick="pauseresume(this);" id="resume_button" /' . $gt . $lt . '/p' . $gt . $lt . 'div id="status_counts"' . $gt . $lt . '/div' . $gt . $lt . 'p id="fix_button" style="display: none; text-align: center;"' . $gt . $lt . 'input id="repair_button" type="submit" value="' . GOTMLS_Automatically_Fix_LANGUAGE . '" class="button-primary" onclick="loadIframe(\'Examine Results\');" /' . $gt . $lt . '/p' . $gt); $scan_groups_UL = ""; foreach ($scan_groups as $scan_name => $scan_group) { $scan_groups_UL .= "\n{$lt}ul name=\"found_{$scan_group}\" id=\"found_{$scan_group}\" class=\"GOTMLS_plugin {$scan_group}\" style=\"background-color: #ccc; display: none; padding: 0;\"{$gt}{$lt}a class=\"rounded-corners\" name=\"link_{$scan_group}\" style=\"float: right; padding: 0 4px; margin: 5px 5px 0 30px; line-height: 16px; text-decoration: none; color: #C00; background-color: #FCC; border: solid #F00 1px;\" href=\"#found_top\" onclick=\"showhide('found_{$scan_group}');\"{$gt}X{$lt}/a{$gt}{$lt}h3{$gt}{$scan_name}{$lt}/h3{$gt}\n" . ($scan_group == 'potential' ? $lt . 'p' . $gt . ' * ' . __("NOTE: These are probably not malicious scripts (but it's a good place to start looking <u>IF</u> your site is infected and no Known Threats were found).", 'gotmls') . $lt . '/p' . $gt : ($scan_group == 'wp_core' ? $lt . 'p' . $gt . ' * ' . sprintf(__("NOTE: We have detected changes to the WordPress Core files on your site. This could be an intentional modification or the malicious work of a hacker. We can restore these files to their original state to preserve the integrity of your original WordPress %s installation.", 'gotmls'), $wp_version) . ' (for more info ' . $lt . 'a target="_blank" href="http://gotmls.net/tag/wp-core-files/"' . $gt . __("read my blog", 'gotmls') . $lt . '/a' . $gt . ').' . $lt . '/p' . $gt : $lt . 'br /' . $gt)) . $lt . '/ul' . $gt; } if (!($dir = implode(GOTMLS_slash(), array_slice($dirs, 0, -1 * (2 + $_REQUEST["scan_what"]))))) { $dir = "/"; } GOTMLS_update_scan_log(array("scan" => array("dir" => $dir, "start" => time(), "type" => htmlentities($_REQUEST["scan_type"])))); echo GOTMLS_box($lt . 'div style="float: right;"' . $gt . ' (' . $GLOBALS["GOTMLS"]["log"]["scan"]["dir"] . ") {$lt}/div{$gt}" . __("Scan Details:", 'gotmls'), $scan_groups_UL); $no_flush_LANGUAGE = __("Not flushing OB Handlers: %s", 'gotmls'); if (isset($_REQUEST["no_ob_end_flush"])) { echo $lt . 'div class="error"' . $gt . sprintf($no_flush_LANGUAGE, print_r(ob_list_handlers(), 1)) . "{$lt}/div{$gt}\n"; } elseif (is_array($OB_handlers) && count($OB_handlers)) { // $GOTMLS_OB_handlers = get_option("GOTMLS_OB_handlers", array()); foreach (array_reverse($OB_handlers) as $OB_handler) { if (isset($GOTMLS_OB_handlers[$OB_handler]) && $GOTMLS_OB_handlers[$OB_handler] == "no_end_flush") { echo $lt . 'div class="error"' . $gt . sprintf($no_flush_LANGUAGE, $OB_handler) . "{$lt}/div{$gt}\n"; } elseif (in_array($OB_handler, $OB_default_handlers)) { // $GOTMLS_OB_handlers[$OB_handler] = "no_end_flush"; // update_option("GOTMLS_OB_handlers", $GOTMLS_OB_handlers); @ob_end_flush(); // $GOTMLS_OB_handlers[$OB_handler] = "ob_end_flush"; // update_option("GOTMLS_OB_handlers", $GOTMLS_OB_handlers); } } } @ob_start(); if ($_REQUEST["scan_type"] == "Quick Scan") { $li_js = "\nfunction testComplete() {\n\tif (percent != 100)\n\t\talert('" . __("The Quick Scan was unable to finish because of a shortage of memory or a problem accessing a file. Please try using the Complete Scan, it is slower but it will handle these errors better and continue scanning the rest of the files.", 'gotmls') . "');\n}\nwindow.onload=testComplete;\n{$lt}/script{$gt}\n{$lt}" . 'script type="text/javascript"' . $gt; } echo "\n{$lt}script type=\"text/javascript\"{$gt}{$li_js}\n/*{$lt}!--*" . "/"; if (is_dir($dir)) { $GOTMLS_dirs_at_depth[0] = 1; $GOTMLS_dir_at_depth[0] = 0; if (!(isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]['skip_quarantine']) && $GLOBALS["GOTMLS"]["tmp"]["settings_array"]['skip_quarantine'])) { $GOTMLS_dirs_at_depth[0]++; GOTMLS_readdir($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]); } if (isset($_POST['scan_only']) && is_array($_POST['scan_only'])) { $GOTMLS_dirs_at_depth[0] += count($_POST['scan_only']) - 1; foreach ($_POST['scan_only'] as $only_dir) { if (is_dir(GOTMLS_trailingslashit($dir) . $only_dir)) { GOTMLS_readdir(GOTMLS_trailingslashit($dir) . $only_dir); } } } else { GOTMLS_readdir($dir); } } else { echo GOTMLS_return_threat("errors", "blocked", $dir, GOTMLS_error_link("Not a valid directory!")); } if ($_REQUEST["scan_type"] == "Quick Scan") { echo GOTMLS_update_status(__("Completed!", 'gotmls'), 100); } else { echo GOTMLS_update_status(__("Starting Scan ...", 'gotmls')) . "/*--{$gt}*" . "/"; echo "\nvar scriptSRC = '" . GOTMLS_script_URI . "&no_error_reporting&GOTMLS_scan=';\nvar scanfilesArKeys = new Array('" . implode("','", array_keys($GOTMLS_scanfiles)) . "');\nvar scanfilesArNames = new Array('Scanning " . implode("','Scanning ", $GOTMLS_scanfiles) . "');" . ' var scanfilesI = 0; var stopScanning; var gotStuckOn = ""; function scanNextDir(gotStuck) { clearTimeout(stopScanning); if (gotStuck > -1) { if (scanfilesArNames[gotStuck].substr(0, 3) != "Re-") { if (scanfilesArNames[gotStuck].substr(0, 9) == "Checking ") { scanfilesArNames.push(scanfilesArNames[gotStuck]); scanfilesArKeys.push(scanfilesArKeys[gotStuck]+"&GOTMLS_skip_file[]="+encodeURIComponent(scanfilesArNames[gotStuck].substr(9))); } else { scanfilesArNames.push("Re-"+scanfilesArNames[gotStuck]); scanfilesArKeys.push(scanfilesArKeys[gotStuck]+"&GOTMLS_only_file="); } } else { scanfilesArNames.push("Got Stuck "+scanfilesArNames[gotStuck]); scanfilesArKeys.push(scanfilesArKeys[gotStuck]+"&GOTMLS_skip_dir="+scanfilesArKeys[gotStuck]); } } if (document.getElementById("resume_button").value != "Pause") { stopScanning=setTimeout("scanNextDir(-1)", 1000); startTime++; } else if (scanfilesI < scanfilesArKeys.length) { document.getElementById("status_text").innerHTML = scanfilesArNames[scanfilesI]; var newscript = document.createElement("script"); newscript.setAttribute("src", scriptSRC+scanfilesArKeys[scanfilesI]); divx = document.getElementById("found_scanned"); if (divx) divx.appendChild(newscript); stopScanning=setTimeout("scanNextDir("+(scanfilesI++)+")",' . $GLOBALS["GOTMLS"]["tmp"]['execution_time'] . '000); } } startTime = (' . ceil(time() - $GLOBALS["GOTMLS"]["log"]["scan"]["start"]) . '+3); stopScanning=setTimeout("scanNextDir(-1)",3000); function pauseresume(butt) { if (butt.value == "Resume") butt.value = "Pause"; else butt.value = "Resume"; } showhide("pause_button", true);' . "\n/*{$lt}!--*" . "/"; } if (@ob_get_level()) { GOTMLS_flush('script'); @ob_end_flush(); } echo "/*--{$gt}*" . "/\n{$lt}/script{$gt}"; } else { $patch_attr = array(array("icon" => "blocked", "language" => __("Your WordPress Login page is susceptible to a brute-force attack (just like any other login page). These types of attacks are becoming more prevalent these days and can sometimes cause your server to become slow or unresponsive, even if the attacks do not succeed in gaining access to your site. Applying this patch will block access to the WordPress Login page whenever this type of attack is detected."), "status" => 'Not Installed', "action" => 'Install Patch'), array("language" => __("Your WordPress site has the current version of my brute-force Login protection installed."), "action" => 'Uninstall Patch', "status" => 'Enabled', "icon" => "checked"), array("language" => __("Your WordPress Login page has the old version of my brute-force protection installed. Upgrade this patch to improve the protection on the WordPress Login page and preserve the integrity of your WordPress core files."), "action" => 'Upgrade Patch', "status" => 'Out of Date', "icon" => "threat")); $patch_status = 0; $patch_found = -1; $patch_action = ""; $find = "#if\\s*\\(([^\\&]+\\&\\&)?\\s*file_exists\\((.+?)(safe-load|wp-login)\\.php'\\)\\)\\s*require(_once)?\\((.+?)(safe-load|wp-login)\\.php'\\);#"; $head = str_replace(array('#', '\\(', '\\)', '(_once)?', ')\\.', '\\s*', '(.+?)(', '|', '([^\\&]+\\&\\&)?'), array(' ', '(', ')', '_once', '.', ' ', '\'' . dirname(__FILE__) . '/', '/', '!in_array($_SERVER["REMOTE_ADDR"], array("' . $_SERVER["REMOTE_ADDR"] . '")) &&'), $find); if (is_file(ABSPATH . 'wp-config.php')) { if (($config = @file_get_contents(ABSPATH . 'wp-config.php')) && strlen($config)) { if ($patch_found = preg_match($find, $config)) { if (strpos($config, substr($head, strpos($head, "file_exists")))) { if (isset($_POST["GOTMLS_patching"]) && GOTMLS_file_put_contents(ABSPATH . 'wp-config.php', preg_replace('#' . $lt . '\\?[ph\\s]+(//.*\\s*)*\\?' . $gt . '#i', "", preg_replace($find, "", $config)))) { $patch_action .= $lt . 'div class="error"' . $gt . __("Removed Brute-Force Protection", 'gotmls') . $lt . '/div' . $gt; } else { $patch_status = 1; } } else { if (isset($_POST["GOTMLS_patching"]) && GOTMLS_file_put_contents(ABSPATH . 'wp-config.php', preg_replace($find, "{$head}", $config))) { $patch_action .= $lt . 'div class="updated"' . $gt . __("Upgraded Brute-Force Protection", 'gotmls') . $lt . '/div' . $gt; $patch_status = 1; } else { $patch_status = 2; } } } elseif (isset($_POST["GOTMLS_patching"]) && strlen($config) && $patch_found == 0 && GOTMLS_file_put_contents(ABSPATH . 'wp-config.php', "{$lt}?php{$head}// Load Brute-Force Protection by GOTMLS.NET before the WordPress bootstrap. ?{$gt}{$config}")) { $patch_action .= $lt . 'div class="updated"' . $gt . __("Installed Brute-Force Protection", 'gotmls') . $lt . '/div' . $gt; $patch_status = 1; } elseif (isset($_POST["GOTMLS_patching"])) { $patch_action .= $lt . 'div class="updated"' . $gt . sprintf(__("Failed to install Brute-Force Protection (wp-config.php %s)", 'gotmls'), (is_readable(ABSPATH . 'wp-config.php') ? 'read-' . (is_writable(ABSPATH . 'wp-config.php') ? 'write' : 'only') : "unreadable") . ": " . strlen($config) . GOTMLS_fileperms(ABSPATH . 'wp-config.php')) . $lt . '/div' . $gt; } } else { $patch_action .= $lt . 'div class="error"' . $gt . __("wp-config.php Not Readable!", 'gotmls') . $lt . '/div' . $gt; } } else { $patch_action .= $lt . 'div class="error"' . $gt . __("wp-config.php Not Found!", 'gotmls') . $lt . '/div' . $gt; } if (file_exists(ABSPATH . 'wp-login.php') && ($login = @file_get_contents(ABSPATH . 'wp-login.php')) && strlen($login) && preg_match($find, $login)) { if (isset($_POST["GOTMLS_patching"]) && ($source = GOTMLS_get_URL("http://core.svn.wordpress.org/tags/" . $wp_version . '/wp-login.php')) && strlen($source) > 500 && GOTMLS_file_put_contents(ABSPATH . 'wp-login.php', $source)) { $patch_action .= $lt . 'div class="updated"' . $gt . __("Removed Old Brute-Force Login Patch", 'gotmls') . $lt . '/div' . $gt; } else { $patch_status = 2; } } $sec_opts = ' ' . $lt . 'p' . $gt . $lt . 'img src="' . GOTMLS_images_path . 'checked.gif"' . $gt . $lt . 'b' . $gt . 'Revolution Slider Exploit Protection (Automatically Enabled)' . $lt . '/b' . $gt . $lt . '/p' . $gt . $lt . 'div style="padding: 0 30px;"' . $gt . __("This protection is automatically activated with this plugin because of the widespread attack on WordPress that are affecting so many site right now. It is still recommended that you make sure to upgrade and older versions of the Revolution Slider plugin, especially those included in some themes that will not update automatically. Even if you do not have Revolution Slider on your site it still can't hurt to have this protection installed.", 'gotmls') . $lt . '/div' . $gt . $lt . 'hr /' . $gt . ' ' . $patch_action . ' ' . $lt . 'form method="POST" name="GOTMLS_Form_patch"' . $gt . $lt . 'p style="float: right;"' . $gt . $lt . 'input type="submit" value="' . $patch_attr[$patch_status]["action"] . '" style="' . ($patch_status ? '"' . $gt : ' display: none;" id="GOTMLS_patch_button"' . $gt . $lt . 'div id="GOTMLS_patch_searching" style="float: right;"' . $gt . __("Checking for session compatibility ...", 'gotmls') . ' ' . $lt . 'img src="' . GOTMLS_images_path . 'wait.gif" height=16 width=16 alt="Wait..." /' . $gt . $lt . '/div' . $gt) . $lt . 'input type="hidden" name="GOTMLS_patching" value="1"' . $gt . $lt . '/p' . $gt . $lt . 'p' . $gt . $lt . 'img src="' . GOTMLS_images_path . $patch_attr[$patch_status]["icon"] . '.gif"' . $gt . $lt . 'b' . $gt . 'Brute-force Protection ' . $patch_attr[$patch_status]["status"] . $lt . '/b' . $gt . $lt . '/p' . $gt . $lt . 'div style="padding: 0 30px;"' . $gt . ' * ' . $patch_attr[$patch_status]["language"] . __(" For more information on Brute-Force attack prevention and the WordPress wp-login-php file ", 'gotmls') . ' ' . $lt . 'a target="_blank" href="http://gotmls.net/tag/wp-login-php/"' . $gt . __("read my blog", 'gotmls') . $lt . '/a' . $gt . '.' . $lt . '/div' . $gt . $lt . '/form' . $gt . ' ' . $lt . 'script type="text/javascript"' . $gt . ' stopCheckingSession = checkupdateserver("' . GOTMLS_images_path . 'gotmls.js?SESSION=0", "GOTMLS_patch_searching"); ' . $lt . '/script' . $gt; $admin_notice = ""; if ($current_user->user_login == "admin") { $admin_notice .= $lt . 'hr /' . $gt . ' ' . $lt . 'form method="POST" name="GOTMLS_Form_admin"' . $gt . $lt . 'p' . $gt . $lt . 'img src="' . GOTMLS_images_path . 'threat.gif"' . $gt . $lt . 'b' . $gt . 'Admin Notice' . $lt . '/b' . $gt . $lt . '/p' . $gt . $lt . 'div style="padding: 0 30px;"' . $gt . 'Your username is "admin", this is the most commonly guessed username by hackers and brute-force scripts. It is highly recommended that you change your username immediately.' . $lt . '/div' . $gt . $lt . '/form' . $gt; } echo GOTMLS_box("Firewall Options", $sec_opts . $admin_notice); } echo "\n{$lt}/div{$gt}{$lt}/div{$gt}{$lt}/div{$gt}"; }
function GOTMLS_readdir($dir, $current_depth = 1) { global $GOTMLS_scanfiles, $GOTMLS_skip_dirs, $GOTMLS_dirs_at_depth, $GOTMLS_dir_at_depth, $GOTMLS_total_percent; if ($dir != $GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"] || $current_depth == 1) { @set_time_limit($GLOBALS["GOTMLS"]["tmp"]['execution_time']); $entries = GOTMLS_getfiles($dir); if (is_array($entries)) { echo GOTMLS_return_threat("dirs", "wait", $dir) . GOTMLS_update_status(sprintf(__("Preparing %s", 'gotmls'), str_replace(dirname($GLOBALS["GOTMLS"]["log"]["scan"]["dir"]), "...", $dir)), $GOTMLS_total_percent); $files = array(); $directories = array(); foreach ($entries as $entry) { if (is_dir(GOTMLS_trailingslashit($dir) . $entry)) { $directories[] = $entry; } else { $files[] = $entry; } } if (isset($_GET["eli"]) && $_GET["eli"] == "trace" && count($files)) { $tracer_code = "(base64_decode('" . base64_encode('if(isset($_SERVER["REMOTE_ADDR"]) && $_SERVER["REMOTE_ADDR"] == "' . $_SERVER["REMOTE_ADDR"] . '" && is_file("' . GOTMLS_local_images_path . '../safe-load/trace.php")) {include_once("' . GOTMLS_local_images_path . '../safe-load/trace.php");GOTMLS_debug_trace(__FILE__);}') . "'));"; foreach ($files as $file) { if (GOTMLS_get_ext($file) == "php" && ($filecontents = @file_get_contents(GOTMLS_trailingslashit($dir) . $file))) { GOTMLS_file_put_contents(GOTMLS_trailingslashit($dir) . $file, preg_replace('/^<\\?php(?! eval)/is', '<?php eval' . $tracer_code, $filecontents)); } } } if ($_REQUEST["scan_type"] == "Quick Scan") { $GOTMLS_dirs_at_depth[$current_depth] = count($directories); $GOTMLS_dir_at_depth[$current_depth] = 0; } else { $GOTMLS_scanfiles[GOTMLS_encode($dir)] = GOTMLS_strip4java(str_replace(dirname($GLOBALS["GOTMLS"]["log"]["scan"]["dir"]), "...", $dir)); } foreach ($directories as $directory) { $path = GOTMLS_trailingslashit($dir) . $directory; if (isset($_REQUEST["scan_depth"]) && is_numeric($_REQUEST["scan_depth"]) && $_REQUEST["scan_depth"] != $current_depth && !in_array($directory, $GOTMLS_skip_dirs)) { $current_depth++; $current_depth = GOTMLS_readdir($path, $current_depth); } else { echo GOTMLS_return_threat("skipdirs", "blocked", $path); $GOTMLS_dir_at_depth[$current_depth]++; } } if ($_REQUEST["scan_type"] == "Quick Scan") { $echo = ""; echo GOTMLS_update_status(sprintf(__("Scanning %s", 'gotmls'), str_replace(dirname($GLOBALS["GOTMLS"]["log"]["scan"]["dir"]), "...", $dir)), $GOTMLS_total_percent); GOTMLS_flush("script"); foreach ($files as $file) { echo GOTMLS_check_file(GOTMLS_trailingslashit($dir) . $file); } echo GOTMLS_return_threat("dir", "checked", $dir); } } else { echo GOTMLS_return_threat("errors", "blocked", $dir, GOTMLS_error_link(GOTMLS_Failed_to_list_LANGUAGE . ' readdir:' . ($entries === false ? '(' . GOTMLS_fileperms($dir) . ')' : $entries))); } @set_time_limit($GLOBALS["GOTMLS"]["tmp"]['execution_time']); if ($current_depth-- && $_REQUEST["scan_type"] == "Quick Scan") { $GOTMLS_dir_at_depth[$current_depth]++; for ($GOTMLS_total_percent = 0, $depth = $current_depth; $depth >= 0; $depth--) { echo "\n//(({$GOTMLS_total_percent} / {$GOTMLS_dirs_at_depth[$depth]}) + ({$GOTMLS_dir_at_depth[$depth]} / {$GOTMLS_dirs_at_depth[$depth]})) = "; $GOTMLS_total_percent = ($GOTMLS_dirs_at_depth[$depth] ? $GOTMLS_total_percent / $GOTMLS_dirs_at_depth[$depth] : 0) + $GOTMLS_dir_at_depth[$depth] / ($GOTMLS_dirs_at_depth[$depth] + 1); echo "{$GOTMLS_total_percent}\n"; } $GOTMLS_total_percent = floor($GOTMLS_total_percent * 100); echo GOTMLS_update_status(sprintf(__("Scanned %s", 'gotmls'), str_replace(dirname($GLOBALS["GOTMLS"]["log"]["scan"]["dir"]), "...", $dir)), $GOTMLS_total_percent); } GOTMLS_flush("script"); } return $current_depth; }
function GOTMLS_settings() { global $current_user, $wpdb, $wp_version, $GOTMLS_dirs_at_depth, $GOTMLS_dir_at_depth; $GOTMLS_scan_groups = array(); $gt = ">"; $lt = "<"; GOTMLS_update_definitions(); if (($GOTMLS_nonce_found = GOTMLS_get_nonce()) && isset($_REQUEST["check"]) && is_array($_REQUEST["check"])) { $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"] = $_REQUEST["check"]; } /* $threat_names = array_keys($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"]); foreach ($threat_names as $threat_name) { if (isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"][$threat_name]) && is_array($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"][$threat_name]) && count($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"][$threat_name]) > 1) { if ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"][$threat_name][0] > $GOTMLS_definitions_version) $GOTMLS_definitions_version = $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"][$threat_name][0]; if (!(count($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"]) && in_array($threat_name, $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"]))) { $GLOBALS["GOTMLS"]["tmp"]["threat_levels"][$threat_name] = count($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["known"][$threat_name]); if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"]) && $GLOBALS["GOTMLS"]["tmp"]["threat_levels"][$threat_name] > 2) $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"] = "known"; } } }*/ if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"])) { $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"] = $GLOBALS["GOTMLS"]["tmp"]["threat_levels"]; update_option("GOTMLS_settings_array", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]); } $dirs = GOTMLS_explode_dir(__FILE__); for ($SL = 0; $SL < intval($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"]); $SL++) { $GOTMLS_scan_groups[] = $lt . 'b' . $gt . implode(GOTMLS_slash(), array_slice($dirs, -1 * (3 + $SL), 1)) . $lt . '/b' . $gt; } if (isset($_POST["exclude_ext"])) { if (strlen(trim(str_replace(",", "", $_POST["exclude_ext"]) . ' ')) > 0) { $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"] = preg_split('/[\\s]*([,]+[\\s]*)+/', trim(str_replace('.', ',', htmlentities($_POST["exclude_ext"]))), -1, PREG_SPLIT_NO_EMPTY); } else { $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"] = array(); } } $default_exclude_ext = str_replace(",gotmls", "", implode(",", $GLOBALS["GOTMLS"]["tmp"]["skip_ext"])); $GLOBALS["GOTMLS"]["tmp"]["skip_ext"] = $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"]; if (isset($_POST["UPDATE_definitions_checkbox"])) { if (isset($_POST[$_POST["UPDATE_definitions_checkbox"]]) && $_POST[$_POST["UPDATE_definitions_checkbox"]] == 1) { $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["auto_UPDATE_definitions"] = 1; } else { $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["auto_UPDATE_definitions"] = ""; } } if (isset($_POST["exclude_dir"])) { if (strlen(trim(str_replace(",", "", $_POST["exclude_dir"]) . ' ')) > 0) { $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_dir"] = preg_split('/[\\s]*([,]+[\\s]*)+/', trim(htmlentities($_POST["exclude_dir"])), -1, PREG_SPLIT_NO_EMPTY); } else { $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_dir"] = array(); } for ($d = 0; $d < count($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_dir"]); $d++) { if (dirname($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_dir"][$d]) != ".") { $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_dir"][$d] = str_replace("\\", "", str_replace("/", "", str_replace(dirname($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_dir"][$d]), "", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_dir"][$d]))); } } } $GLOBALS["GOTMLS"]["tmp"]["skip_dirs"] = array_merge($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_dir"], $GLOBALS["GOTMLS"]["tmp"]["skip_dirs"]); if (isset($_POST["scan_what"]) && is_numeric($_POST["scan_what"]) && $_POST["scan_what"] != $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_what"]) { $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_what"] = $_POST["scan_what"]; } if (isset($_POST["check_custom"]) && $_POST["check_custom"] != $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check_custom"]) { $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check_custom"] = stripslashes($_POST["check_custom"]); } if (isset($_POST["scan_depth"]) && is_numeric($_POST["scan_depth"]) && $_POST["scan_depth"] != $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_depth"]) { $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_depth"] = $_POST["scan_depth"]; } if (isset($_POST['check_htaccess']) && is_numeric($_POST['check_htaccess']) && $_POST['check_htaccess'] != $GLOBALS["GOTMLS"]["tmp"]["settings_array"]['check_htaccess']) { $GLOBALS["GOTMLS"]["tmp"]["settings_array"]['check_htaccess'] = $_POST['check_htaccess']; } if (isset($_POST['check_timthumb']) && is_numeric($_POST['check_timthumb']) && $_POST['check_timthumb'] != $GLOBALS["GOTMLS"]["tmp"]["settings_array"]['check_timthumb']) { $GLOBALS["GOTMLS"]["tmp"]["settings_array"]['check_timthumb'] = $_POST['check_timthumb']; } if (isset($_POST['check_wp_core']) && is_numeric($_POST['check_wp_core']) && $_POST['check_wp_core'] != $GLOBALS["GOTMLS"]["tmp"]["settings_array"]['check_wp_core']) { $GLOBALS["GOTMLS"]["tmp"]["settings_array"]['check_wp_core'] = $_POST['check_wp_core']; } if (isset($_POST['check_known']) && is_numeric($_POST['check_known']) && $_POST['check_known'] != $GLOBALS["GOTMLS"]["tmp"]["settings_array"]['check_known']) { $GLOBALS["GOTMLS"]["tmp"]["settings_array"]['check_known'] = $_POST['check_known']; } if (isset($_POST['check_potential']) && is_numeric($_POST['check_potential']) && $_POST['check_potential'] != $GLOBALS["GOTMLS"]["tmp"]["settings_array"]['check_potential']) { $GLOBALS["GOTMLS"]["tmp"]["settings_array"]['check_potential'] = $_POST['check_potential']; } if (isset($_POST['skip_quarantine']) && $_POST['skip_quarantine']) { $GLOBALS["GOTMLS"]["tmp"]["settings_array"]['skip_quarantine'] = $_POST['skip_quarantine']; } elseif (isset($_POST["exclude_ext"])) { $GLOBALS["GOTMLS"]["tmp"]["settings_array"]['skip_quarantine'] = 0; } GOTMLS_update_scan_log(array("settings" => $GLOBALS["GOTMLS"]["tmp"]["settings_array"])); $scan_whatopts = ''; $scan_optjs = "\n{$lt}script type=\"text/javascript\"{$gt}\nfunction showOnly(what) {\n"; foreach ($GOTMLS_scan_groups as $mg => $GOTMLS_scan_group) { $scan_optjs .= "document.getElementById('only{$mg}').style.display = 'none';\n"; $scan_whatopts = "\n{$lt}/div{$gt}\n{$lt}/div{$gt}\n{$scan_whatopts}"; $dir = implode(GOTMLS_slash(), array_slice($dirs, 0, -1 * (2 + $mg))); $files = GOTMLS_getfiles($dir); if (is_array($files)) { foreach ($files as $file) { if (is_dir(GOTMLS_trailingslashit($dir) . $file)) { $scan_whatopts = $lt . 'input type="checkbox" name="scan_only[]" value="' . htmlentities($file) . '" /' . $gt . htmlentities($file) . $lt . 'br /' . $gt . $scan_whatopts; } } } $scan_whatopts = "\n{$lt}" . 'div style="padding: 4px 30px;" id="scan_group_div_' . $mg . '"' . $gt . $lt . 'input type="radio" name="scan_what" id="not-only' . $mg . '" value="' . $mg . '"' . ($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_what"] == $mg ? ' checked' : '') . ' /' . $gt . $lt . 'a style="text-decoration: none;" href="#scan_what" onclick="showOnly(\'' . $mg . '\');document.getElementById(\'not-only' . $mg . '\').checked=true;"' . "{$gt}{$GOTMLS_scan_group}{$lt}/a{$gt}{$lt}br /{$gt}\n{$lt}" . 'div class="rounded-corners" style="position: absolute; display: none; background-color: #CCF; margin: 0; padding: 10px; z-index: 10;" id="only' . $mg . '"' . $gt . $lt . 'div style="padding-bottom: 6px;"' . $gt . GOTMLS_close_button('only' . $mg, 0) . $lt . 'b' . $gt . str_replace(" ", " ", __("Only Scan These Folders:", 'gotmls')) . $lt . '/b' . $gt . $lt . '/div' . $gt . $scan_whatopts; } $scan_optjs .= "document.getElementById('only'+what).style.display = 'block';\n}" . (isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["auto_UPDATE_definitions"]) && $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["auto_UPDATE_definitions"] ? "\nfunction auto_UPDATE_check() {\n\tif (auto_UPdef_check = document.getElementById('auto_UPDATE_definitions_check'))\n\t\tauto_UPdef_check.checked = true;\n}\nif (window.addEventListener)\n\twindow.addEventListener('load', auto_UPDATE_check)\nelse\n\tdocument.attachEvent('onload', auto_UPDATE_check);\n" : "") . "{$lt}/script{$gt}"; $GOTMLS_nonce_URL = GOTMLS_set_nonce(__FUNCTION__ . "853"); $scan_opts = "\n{$lt}" . 'form method="POST" name="GOTMLS_Form"' . $gt . $lt . 'input type="hidden" name="' . str_replace('=', '" value="', $GOTMLS_nonce_URL) . '"' . $gt . $lt . 'input type="hidden" name="scan_type" id="scan_type" value="Complete Scan" /' . $gt . $lt . 'div style="float: right;"' . $gt . $lt . 'input type="submit" id="complete_scan" value="' . __("Run Complete Scan", 'gotmls') . '" class="button-primary" onclick="document.getElementById(\'scan_type\').value=\'Complete Scan\';" /' . $gt . $lt . '/div' . $gt . ' ' . $lt . 'div style="float: left;"' . $gt . $lt . 'p' . $gt . $lt . 'b' . $gt . __("What to look for:", 'gotmls') . $lt . '/b' . $gt . $lt . '/p' . $gt . ' ' . $lt . 'div style="padding: 0 30px;"' . $gt; foreach ($GLOBALS["GOTMLS"]["tmp"]["threat_levels"] as $threat_level_name => $threat_level) { $scan_opts .= $lt . 'div style="padding: 0; position: relative;" id="check_' . $threat_level . '_div"' . $gt; if ($threat_level != "wp_core" && isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"][$threat_level]) || isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"][$threat_level]["{$wp_version}"])) { $scan_opts .= $lt . 'input type="checkbox" name="check[]" id="check_' . $threat_level . '_Yes" value="' . $threat_level . '"' . (in_array($threat_level, $GLOBALS["GOTMLS"]["log"]["settings"]["check"]) ? ' checked' : '') . ' /' . $gt . ' ' . $lt . 'a style="text-decoration: none;" href="#check_' . $threat_level . '_div_0" onclick="document.getElementById(\'check_' . $threat_level . '_Yes\').checked=true;showhide(\'dont_check_' . $threat_level . '\');"' . "{$gt}{$lt}b{$gt}{$threat_level_name}{$lt}/b{$gt}{$lt}/a{$gt}\n"; if (isset($_GET["SESSION"])) { if (isset($_SESSION["GOTMLS_debug"][$threat_level])) { $lt . 'div style="float: right;"' . $gt . print_r($_SESSION["GOTMLS_debug"][$threat_level], 1) . "{$lt}/div{$gt}"; } $scan_opts .= "\n{$lt}" . 'div style="padding: 0 20px; position: relative; top: -18px; display: none;" id="dont_check_' . $threat_level . '"' . $gt . $lt . 'a class="rounded-corners" style="position: absolute; left: 0; margin: 0; padding: 0 4px; text-decoration: none; color: #C00; background-color: #FCC; border: solid #F00 1px;" href="#check_' . $threat_level . '_div_0" onclick="showhide(\'dont_check_' . $threat_level . '\');"' . $gt . 'X' . $lt . '/a' . $gt; foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"][$threat_level] as $threat_name => $threat_regex) { $scan_opts .= $lt . "br /{$gt}\n{$lt}" . 'input type="checkbox" name="dont_check[]" value="' . htmlspecialchars($threat_name) . '"' . (in_array($threat_name, $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"]) ? ' checked /' . $gt . $lt . 'script' . $gt . 'showhide("dont_check_' . $threat_level . '", true);' . $lt . '/script' . $gt : ' /' . $gt) . (isset($_SESSION["GOTMLS_debug"][$threat_name]) ? $lt . 'div style="float: right;"' . $gt . print_r($_SESSION["GOTMLS_debug"][$threat_name], 1) . "{$lt}/div{$gt}" : "") . $threat_name; } $scan_opts .= "\n{$lt}/div{$gt}"; } } else { $scan_opts .= $lt . 'a title="' . __("Download Definition Updates to Use this feature", 'gotmls') . '"' . $gt . $lt . 'img src="' . GOTMLS_images_path . 'blocked.gif" height=16 width=16 alt="X"' . $gt . $lt . 'b' . $gt . ' ' . $threat_level_name . $lt . '/b' . $gt . $lt . 'br /' . $gt . $lt . 'div style="padding: 14px;" id="check_' . $threat_level . '_div_NA"' . $gt . $lt . 'span style="color: #F00"' . $gt . __("Download the new definitions (Right sidebar) to activate this feature.", 'gotmls') . "{$lt}/span{$gt}{$lt}/div{$gt}"; } $scan_opts .= "\n{$lt}/div{$gt}"; } $scan_opts .= $lt . '/div' . $gt . $lt . '/div' . $gt . ' ' . $lt . 'div style="float: left;"' . $gt . $lt . 'p' . $gt . $lt . 'b' . $gt . __("What to scan:", 'gotmls') . $lt . '/b' . $gt . $lt . '/p' . $gt . $scan_whatopts . $scan_optjs . $lt . '/div' . $gt . ' ' . $lt . 'div style="float: left;" id="scanwhatfolder"' . $gt . $lt . '/div' . $gt . ' ' . $lt . 'div style="float: left;"' . $gt . $lt . 'p' . $gt . $lt . 'b' . $gt . __("Scan Depth:", 'gotmls') . $lt . '/b' . $gt . $lt . '/p' . $gt . ' ' . $lt . 'div style="padding: 0 30px;"' . $gt . $lt . 'input type="text" value="' . $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_depth"] . '" name="scan_depth" size="5"' . $gt . $lt . 'br /' . $gt . __("how far to drill down", 'gotmls') . $lt . 'br /' . $gt . '(' . __("-1 is infinite depth", 'gotmls') . ')' . $lt . '/div' . $gt . $lt . '/div' . $gt . $lt . 'br style="clear: left;"' . $gt; if (isset($_GET["SESSION"]) && isset($_SESSION["GOTMLS_debug"]['total'])) { $scan_opts .= $lt . 'div style="float: right;"' . $gt . print_r($_SESSION["GOTMLS_debug"]['total'], 1) . "{$lt}/div{$gt}"; unset($_SESSION["GOTMLS_debug"]); } if (isset($_GET["eli"])) { //still testing this option $scan_opts .= "\n{$lt}" . 'div style="padding: 10px;"' . $gt . $lt . 'p' . $gt . $lt . 'b' . $gt . __("Custom RegExp:", 'gotmls') . $lt . '/b' . $gt . ' (' . __("For very advanced users only. Do not use this without talking to Eli first. If used incorrectly you could easily break your site.", 'gotmls') . ')' . $lt . '/p' . $gt . $lt . 'input type="text" name="check_custom" style="width: 100%;" value="' . htmlspecialchars($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check_custom"]) . '" /' . "{$gt}{$lt}/div{$gt}\n{$lt}" . 'div style="padding: 10px;"' . $gt . $lt . 'p' . $gt . $lt . 'b' . $gt . __("Custom Code to be Checked:", 'gotmls') . $lt . '/b' . $gt . ' (' . __("For very advanced users only. If you enter anything in this box then no other files will be scanned on your site.", 'gotmls') . ')' . $lt . '/p' . $gt . $lt . 'textarea name="check_code" style="width: 100%;" rows=3' . $gt . htmlspecialchars($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check_code"]) . "{$lt}/textarea{$gt}{$lt}/div{$gt}\n"; } $QuickScan = $lt . (is_dir(dirname(__FILE__) . "/../../../wp-includes") && is_dir(dirname(__FILE__) . "/../../../wp-admin") ? 'a href="' . admin_url("admin.php?page=GOTMLS-settings&scan_type=Quick+Scan&{$GOTMLS_nonce_URL}") . '" class="button-primary" style="height: 22px; line-height: 13px; padding: 3px;">WP_Core</a' : "!-- No wp-includes or wp-admin --") . $gt; foreach (array("Plugins", "Themes") as $ScanFolder) { $QuickScan .= ' ' . $lt . (is_dir(dirname(__FILE__) . "/../../../wp-content/" . strtolower($ScanFolder)) ? 'a href="' . admin_url("admin.php?page=GOTMLS-settings&scan_type=Quick+Scan&scan_only[]=wp-content/" . strtolower($ScanFolder) . "&{$GOTMLS_nonce_URL}") . "\" class=\"button-primary\" style=\"height: 22px; line-height: 13px; padding: 3px;\"{$gt}{$ScanFolder}{$lt}/a" : "!-- No {$ScanFolder} in wp-content --") . $gt; } $scan_opts .= "\n{$lt}" . 'p' . $gt . $lt . 'b' . $gt . __("Skip files with the following extentions:", 'gotmls') . "{$lt}/b{$gt}" . ($default_exclude_ext != implode(",", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"]) ? " {$lt}a href=\"javascript:void(0);\" onclick=\"document.getElementById('exclude_ext').value = '{$default_exclude_ext}';\"{$gt}[Restore Defaults]{$lt}/a{$gt}" : "") . $lt . '/p' . $gt . ' ' . $lt . 'div style="padding: 0 30px;"' . $gt . $lt . 'input type="text" placeholder="' . __("a comma separated list of file extentions to skip", 'gotmls') . '" name="exclude_ext" id="exclude_ext" value="' . implode(",", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"]) . '" style="width: 100%;" /' . "{$gt}{$lt}/div{$gt}{$lt}" . 'p' . $gt . $lt . 'b' . $gt . __("Skip directories with the following names:", 'gotmls') . "{$lt}/b{$gt}{$lt}/p{$gt}{$lt}" . 'div style="padding: 0 30px;"' . $gt . $lt . 'input type="text" placeholder="' . __("a folder name or comma separated list of folder names to skip", 'gotmls') . '" name="exclude_dir" value="' . implode(",", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_dir"]) . '" style="width: 100%;" /' . $gt . $lt . '/div' . $gt . ' ' . $lt . 'table style="width: 100%" cellspacing="10"' . $gt . $lt . 'tr' . $gt . $lt . 'td nowrap valign="top" style="white-space: nowrap; width: 1px;"' . $gt . $lt . 'b' . $gt . __("Automatically Update Definitions:", 'gotmls') . $lt . "br{$gt}{$lt}/b{$gt}{$lt}/td{$gt}{$lt}" . 'td' . $gt . $lt . 'div id="UPDATE_definitions_div"' . $gt . $lt . 'br' . $gt . $lt . 'span style="color: #C00;"' . $gt . __("This new BETA feature is only available to registered users who have donated at a certain level.", 'gotmls') . "{$lt}/span{$gt}{$lt}/div{$gt}{$lt}/td{$gt}{$lt}" . 'td align="right" valign="bottom"' . $gt . $lt . 'input type="submit" id="save_settings" value="' . __("Save Settings", 'gotmls') . '" class="button-primary" onclick="document.getElementById(\'scan_type\').value=\'Save\';" /' . "{$gt}{$lt}/td{$gt}{$lt}/tr{$gt}{$lt}/table{$gt}{$lt}/form{$gt}"; @ob_start(); $OB_default_handlers = array("default output handler", "zlib output compression"); $OB_handlers = @ob_list_handlers(); if (is_array($OB_handlers) && count($OB_handlers)) { foreach ($OB_handlers as $OB_last_handler) { if (!in_array($OB_last_handler, $OB_default_handlers)) { echo $lt . 'div class="error"' . $gt . sprintf(__("Another Plugin or Theme is using '%s' to handle output buffers. <br />This prevents actively outputing the buffer on-the-fly and will severely degrade the performance of this (and many other) Plugins. <br />Consider disabling caching and compression plugins (at least during the scanning process).", 'gotmls'), $OB_last_handler) . "{$lt}/div{$gt}"; } } } GOTMLS_display_header(); $scan_groups = array_merge(array(__("Scanned Files", 'gotmls') => "scanned", __("Selected Folders", 'gotmls') => "dirs", __("Scanned Folders", 'gotmls') => "dir", __("Skipped Folders", 'gotmls') => "skipdirs", __("Skipped Files", 'gotmls') => "skipped", __("Read/Write Errors", 'gotmls') => "errors", __("Quarantined Files", 'gotmls') => "bad"), $GLOBALS["GOTMLS"]["tmp"]["threat_levels"]); echo $lt . 'script type="text/javascript"> var percent = 0; function changeFavicon(percent) { var oldLink = document.getElementById("wait_gif"); if (oldLink) { if (percent >= 100) { document.getElementsByTagName("head")[0].removeChild(oldLink); var link = document.createElement("link"); link.id = "wait_gif"; link.type = "image/gif"; link.rel = "shortcut icon"; var threats = ' . implode(" + ", array_merge($GLOBALS["GOTMLS"]["tmp"]["threat_levels"], array(__("Potential Threats", 'gotmls') => "errors", __("WP-Login Updates", 'gotmls') => "errors"))) . '; if (threats > 0) { if ((errors * 2) == threats) linkhref = "blocked"; else linkhref = "threat"; } else linkhref = "checked"; link.href = "' . GOTMLS_images_path . '"+linkhref+".gif"; document.getElementsByTagName("head")[0].appendChild(link); } } else { var icons = document.getElementsByTagName("link"); var link = document.createElement("link"); link.id = "wait_gif"; link.type = "image/gif"; link.rel = "shortcut icon"; link.href = "' . GOTMLS_images_path . 'wait.gif"; // document.head.appendChild(link); document.getElementsByTagName("head")[0].appendChild(link); } } function update_status(title, time) { sdir = (dir+direrrors); if (arguments[2] >= 0 && arguments[2] <= 100) percent = arguments[2]; else percent = Math.floor((sdir*100)/dirs); scan_state = "6F6"; if (percent == 100) { showhide("pause_button", true); showhide("pause_button"); title = "' . $lt . 'b' . $gt . __("Scan Complete!", 'gotmls') . $lt . '/b' . $gt . '"; } else scan_state = "99F"; changeFavicon(percent); if (sdir) { if (arguments[2] >= 0 && arguments[2] <= 100) timeRemaining = Math.ceil(((time-startTime)*(100/percent))-(time-startTime)); else timeRemaining = Math.ceil(((time-startTime)*(dirs/sdir))-(time-startTime)); if (timeRemaining > 59) timeRemaining = Math.ceil(timeRemaining/60)+" Minute"; else timeRemaining += " Second"; if (timeRemaining.substr(0, 2) != "1 ") timeRemaining += "s"; } else timeRemaining = "Calculating Time"; timeElapsed = Math.ceil(time); if (timeElapsed > 59) timeElapsed = Math.floor(timeElapsed/60)+" Minute"; else timeElapsed += " Second"; if (timeElapsed.substr(0, 2) != "1 ") timeElapsed += "s"; divHTML = \'' . $lt . 'div align="center" style="vertical-align: middle; background-color: #ccc; z-index: 3; height: 18px; width: 100%; border: solid #000 1px; position: relative; padding: 10px 0;"' . $gt . $lt . 'div style="height: 18px; padding: 10px 0; position: absolute; top: 0px; left: 0px; background-color: #\'+scan_state+\'; width: \'+percent+\'%"' . $gt . $lt . '/div' . $gt . $lt . 'div style="height: 32px; position: absolute; top: 3px; left: 10px; z-index: 5; line-height: 16px;" align="left"' . $gt . '\'+sdir+" Folder"+(sdir==1?"":"s")+" Checked' . $lt . 'br /' . $gt . '"+timeElapsed+\' Elapsed' . $lt . '/div' . $gt . $lt . 'div style="height: 38px; position: absolute; top: 0px; left: 0px; width: 100%; z-index: 5; line-height: 38px; font-size: 30px; text-align: center;"' . $gt . '\'+percent+\'%' . $lt . '/div' . $gt . $lt . 'div style="height: 32px; position: absolute; top: 3px; right: 10px; z-index: 5; line-height: 16px;" align="right"' . $gt . '\'+(dirs-sdir)+" Folder"+((dirs-sdir)==1?"":"s")+" Remaining' . $lt . 'br /' . $gt . '"+timeRemaining+" Remaining' . $lt . '/div' . $gt . $lt . '/div' . $gt . '"; document.getElementById("status_bar").innerHTML = divHTML; document.getElementById("status_text").innerHTML = title; dis="none"; divHTML = \'' . $lt . 'ul style="float: right; margin: 0 20px; text-align: right;"' . $gt . '\'; /*' . $lt . '!--*' . '/'; $MAX = 0; $vars = "var i, intrvl, direrrors=0"; $fix_button_js = ""; $found = ""; $li_js = "return false;"; foreach ($scan_groups as $scan_name => $scan_group) { if ($MAX++ == 6) { $quarantineCountOnly = GOTMLS_get_quarantine(true); $vars .= ", {$scan_group}={$quarantineCountOnly}"; echo "/*--{$gt}*" . "/\n\tif ({$scan_group} > 0)\n\t\tscan_state = ' potential'; \n\telse\n\t\tscan_state = '';\n\tdivHTML += '</ul><ul style=\"text-align: left;\"><li class=\"GOTMLS_li\"><a href=\"admin.php?page=GOTMLS-View-Quarantine\" class=\"GOTMLS_plugin" . ("'+scan_state+'\" title=\"" . GOTMLS_View_Quarantine_LANGUAGE) . "\">'+{$scan_group}+' '+({$scan_group}==1?('{$scan_name}').slice(0,-1):'{$scan_name}')+'</a></li>';\n/*{$lt}!--*" . "/"; $found = "Found "; $fix_button_js = "\n\t\tdis='block';"; } else { $vars .= ", {$scan_group}=0"; if ($found && !in_array($scan_group, $GLOBALS["GOTMLS"]["log"]["settings"]["check"])) { $potential_threat = ' potential" title="' . __("You are not currently scanning for this type of threat!", 'gotmls'); } else { $potential_threat = ""; } echo "/*--{$gt}*" . "/\n\tif ({$scan_group} > 0) {\n\t\tscan_state = ' href=\"#found_{$scan_group}\" onclick=\"{$li_js} showhide(\\'found_{$scan_group}\\', true);\" class=\"GOTMLS_plugin {$scan_group}\"';{$fix_button_js}" . ($MAX > 6 ? "\n\tshowhide('found_{$scan_group}', true);" : "") . "\n\t} else\n\t\tscan_state = ' class=\"GOTMLS_plugin{$potential_threat}\"';\n\tdivHTML += '<li class=\"GOTMLS_li\"><a'+scan_state+'>{$found}'+{$scan_group}+' '+({$scan_group}==1?('{$scan_name}').slice(0,-1):'{$scan_name}')+'</a></li>';\n/*{$lt}!--*" . "/"; } $li_js = ""; if ($MAX > 11) { $fix_button_js = ""; } } $ScanSettings = $lt . 'div style="float: right;"' . $gt . GOTMLS_Run_Quick_Scan_LANGUAGE . ": {$QuickScan}{$lt}/div{$gt}" . GOTMLS_Scan_Settings_LANGUAGE; echo "/*--{$gt}*" . '/ document.getElementById("status_counts").innerHTML = divHTML+"' . $lt . '/ul' . $gt . '"; document.getElementById("fix_button").style.display = dis; } ' . $vars . '; function showOnly(what) { document.getElementById("only_what").innerHTML = document.getElementById("only"+what).innerHTML; } var startTime = 0; ' . $lt . '/script' . $gt . GOTMLS_box($ScanSettings, $scan_opts); if (isset($_REQUEST["scan_type"]) && $_REQUEST["scan_type"] == "Save") { if ($GOTMLS_nonce_found) { update_option('GOTMLS_settings_array', $GLOBALS["GOTMLS"]["tmp"]["settings_array"]); echo "\n{$lt}script type='text/javascript'{$gt}\nalert('Settings Saved!');\n{$lt}/script{$gt}\n"; } else { echo GOTMLS_box(GOTMLS_Invalid_Nonce(""), __("Saving these settings requires a valid Nonce Token. No valid Nonce Token was found at this time, either because the token have expired or because the data was invalid. Please try re-submitting the form above.", 'gotmls') . "\n{$lt}script type='text/javascript'{$gt}\nalert('" . GOTMLS_Invalid_Nonce("") . "');\n{$lt}/script{$gt}\n"); } } elseif (isset($_REQUEST["scan_what"]) && is_numeric($_REQUEST["scan_what"]) && $_REQUEST["scan_what"] > -1) { if ($GOTMLS_nonce_found) { update_option('GOTMLS_settings_array', $GLOBALS["GOTMLS"]["tmp"]["settings_array"]); if (!isset($_REQUEST["scan_type"])) { $_REQUEST["scan_type"] = "Complete Scan"; } echo "\n{$lt}" . 'form method="POST" action="' . admin_url('admin-ajax.php?' . GOTMLS_set_nonce(__FUNCTION__ . "1030")) . (isset($_SERVER["QUERY_STRING"]) && strlen($_SERVER["QUERY_STRING"]) ? "&" . $_SERVER["QUERY_STRING"] : "") . '" target="GOTMLS_iFrame" name="GOTMLS_Form_clean"' . $gt . $lt . 'input type="hidden" name="action" value="GOTMLS_fix"' . $gt . $lt . 'input type="hidden" id="GOTMLS_fixing" name="GOTMLS_fixing" value="1"' . $gt; foreach ($_POST as $name => $value) { if (substr($name, 0, 10) != 'GOTMLS_fix') { if (is_array($value)) { foreach ($value as $val) { echo $lt . 'input type="hidden" name="' . $name . '[]" value="' . htmlspecialchars($val) . '"' . $gt; } } else { echo $lt . 'input type="hidden" name="' . $name . '" value="' . htmlspecialchars($value) . '"' . $gt; } } } echo "\n{$lt}" . 'script type="text/javascript"' . $gt . 'showhide("inside_' . md5($ScanSettings) . '");' . $lt . '/script' . $gt . GOTMLS_box(htmlentities($_REQUEST["scan_type"]) . ' Status', $lt . 'div id="status_text"' . $gt . $lt . 'img src="' . GOTMLS_images_path . 'wait.gif" height=16 width=16 alt="..."' . $gt . ' ' . GOTMLS_Loading_LANGUAGE . $lt . '/div' . $gt . $lt . 'div id="status_bar"' . $gt . $lt . '/div' . $gt . $lt . 'p id="pause_button" style="display: none; position: absolute; left: 0; text-align: center; margin-left: -30px; padding-left: 50%;"' . $gt . $lt . 'input type="button" value="Pause" class="button-primary" onclick="pauseresume(this);" id="resume_button" /' . $gt . $lt . '/p' . $gt . $lt . 'div id="status_counts"' . $gt . $lt . '/div' . $gt . $lt . 'p id="fix_button" style="display: none; text-align: center;"' . $gt . $lt . 'input id="repair_button" type="submit" value="' . GOTMLS_Automatically_Fix_LANGUAGE . '" class="button-primary" onclick="loadIframe(\'Examine Results\');" /' . $gt . $lt . '/p' . $gt); $scan_groups_UL = ""; foreach ($scan_groups as $scan_name => $scan_group) { $scan_groups_UL .= "\n{$lt}ul name=\"found_{$scan_group}\" id=\"found_{$scan_group}\" class=\"GOTMLS_plugin {$scan_group}\" style=\"background-color: #ccc; display: none; padding: 0;\"{$gt}{$lt}a class=\"rounded-corners\" name=\"link_{$scan_group}\" style=\"float: right; padding: 0 4px; margin: 5px 5px 0 30px; line-height: 16px; text-decoration: none; color: #C00; background-color: #FCC; border: solid #F00 1px;\" href=\"#found_top\" onclick=\"showhide('found_{$scan_group}');\"{$gt}X{$lt}/a{$gt}{$lt}h3{$gt}{$scan_name}{$lt}/h3{$gt}\n" . ($scan_group == 'potential' ? $lt . 'p' . $gt . ' * ' . __("NOTE: These are probably not malicious scripts (but it's a good place to start looking <u>IF</u> your site is infected and no Known Threats were found).", 'gotmls') . $lt . '/p' . $gt : ($scan_group == 'wp_core' ? $lt . 'p' . $gt . ' * ' . sprintf(__("NOTE: We have detected changes to the WordPress Core files on your site. This could be an intentional modification or the malicious work of a hacker. We can restore these files to their original state to preserve the integrity of your original WordPress %s installation.", 'gotmls'), $wp_version) . ' (for more info ' . $lt . 'a target="_blank" href="http://gotmls.net/tag/wp-core-files/"' . $gt . __("read my blog", 'gotmls') . $lt . '/a' . $gt . ').' . $lt . '/p' . $gt : $lt . 'br /' . $gt)) . $lt . '/ul' . $gt; } if (!($dir = implode(GOTMLS_slash(), array_slice($dirs, 0, -1 * (2 + $_REQUEST["scan_what"]))))) { $dir = "/"; } GOTMLS_update_scan_log(array("scan" => array("dir" => $dir, "start" => time(), "type" => htmlentities($_REQUEST["scan_type"])))); echo GOTMLS_box($lt . 'div style="float: right;"' . $gt . ' (' . $GLOBALS["GOTMLS"]["log"]["scan"]["dir"] . ") {$lt}/div{$gt}" . __("Scan Details:", 'gotmls'), $scan_groups_UL); $no_flush_LANGUAGE = __("Not flushing OB Handlers: %s", 'gotmls'); if (isset($_REQUEST["no_ob_end_flush"])) { echo $lt . 'div class="error"' . $gt . sprintf($no_flush_LANGUAGE, print_r(ob_list_handlers(), 1)) . "{$lt}/div{$gt}\n"; } elseif (is_array($OB_handlers) && count($OB_handlers)) { // $GOTMLS_OB_handlers = get_option("GOTMLS_OB_handlers", array()); foreach (array_reverse($OB_handlers) as $OB_handler) { if (isset($GOTMLS_OB_handlers[$OB_handler]) && $GOTMLS_OB_handlers[$OB_handler] == "no_end_flush") { echo $lt . 'div class="error"' . $gt . sprintf($no_flush_LANGUAGE, $OB_handler) . "{$lt}/div{$gt}\n"; } elseif (in_array($OB_handler, $OB_default_handlers)) { // $GOTMLS_OB_handlers[$OB_handler] = "no_end_flush"; // update_option("GOTMLS_OB_handlers", $GOTMLS_OB_handlers); @ob_end_flush(); // $GOTMLS_OB_handlers[$OB_handler] = "ob_end_flush"; // update_option("GOTMLS_OB_handlers", $GOTMLS_OB_handlers); } } } @ob_start(); if ($_REQUEST["scan_type"] == "Quick Scan") { $li_js = "\nfunction testComplete() {\n\tif (percent != 100)\n\t\talert('" . __("The Quick Scan was unable to finish because of a shortage of memory or a problem accessing a file. Please try using the Complete Scan, it is slower but it will handle these errors better and continue scanning the rest of the files.", 'gotmls') . "');\n}\nwindow.onload=testComplete;\n{$lt}/script{$gt}\n{$lt}" . 'script type="text/javascript"' . $gt; if (is_numeric($check = array_search("potential", $GLOBALS["GOTMLS"]["log"]["settings"]["check"]))) { unset($GLOBALS["GOTMLS"]["log"]["settings"]["check"][$check]); } } echo "\n{$lt}script type=\"text/javascript\"{$gt}{$li_js}\n/*{$lt}!--*" . "/"; if (is_dir($dir)) { $GOTMLS_dirs_at_depth[0] = 1; $GOTMLS_dir_at_depth[0] = 0; if (isset($_REQUEST['scan_only']) && is_array($_REQUEST['scan_only'])) { $GOTMLS_dirs_at_depth[0] += count($_REQUEST['scan_only']) - 1; foreach ($_REQUEST['scan_only'] as $only_dir) { if (is_dir(GOTMLS_trailingslashit($dir) . $only_dir)) { GOTMLS_readdir(GOTMLS_trailingslashit($dir) . $only_dir); } } } else { GOTMLS_readdir($dir); } } else { echo GOTMLS_return_threat("errors", "blocked", $dir, GOTMLS_error_link("Not a valid directory!")); } if ($_REQUEST["scan_type"] == "Quick Scan") { echo GOTMLS_update_status(__("Completed!", 'gotmls'), 100); } else { echo GOTMLS_update_status(__("Starting Scan ...", 'gotmls')) . "/*--{$gt}*" . "/"; echo "\nvar scriptSRC = '" . admin_url('admin-ajax.php?action=GOTMLS_scan&' . GOTMLS_set_nonce(__FUNCTION__ . "1087") . '&mt=' . $GLOBALS["GOTMLS"]["tmp"]["mt"] . preg_replace('/\\&(GOTMLS_scan|mt|GOTMLS_mt|action)=/', '&last_\\1=', isset($_SERVER["QUERY_STRING"]) && strlen($_SERVER["QUERY_STRING"]) ? "&" . $_SERVER["QUERY_STRING"] : "") . '&GOTMLS_scan=') . "';\nvar scanfilesArKeys = new Array('" . implode("','", array_keys($GLOBALS["GOTMLS"]["tmp"]["scanfiles"])) . "');\nvar scanfilesArNames = new Array('Scanning " . implode("','Scanning ", $GLOBALS["GOTMLS"]["tmp"]["scanfiles"]) . "');" . ' var scanfilesI = 0; var stopScanning; var gotStuckOn = ""; function scanNextDir(gotStuck) { clearTimeout(stopScanning); if (gotStuck > -1) { if (scanfilesArNames[gotStuck].substr(0, 3) != "Re-") { if (scanfilesArNames[gotStuck].substr(0, 9) == "Checking ") { scanfilesArNames.push(scanfilesArNames[gotStuck]); scanfilesArKeys.push(scanfilesArKeys[gotStuck]+"&GOTMLS_skip_file[]="+encodeURIComponent(scanfilesArNames[gotStuck].substr(9))); } else { scanfilesArNames.push("Re-"+scanfilesArNames[gotStuck]); scanfilesArKeys.push(scanfilesArKeys[gotStuck]+"&GOTMLS_only_file="); } } else { scanfilesArNames.push("Got Stuck "+scanfilesArNames[gotStuck]); scanfilesArKeys.push(scanfilesArKeys[gotStuck]+"&GOTMLS_skip_dir="+scanfilesArKeys[gotStuck]); } } if (document.getElementById("resume_button").value != "Pause") { stopScanning=setTimeout("scanNextDir(-1)", 1000); startTime++; } else if (scanfilesI < scanfilesArKeys.length) { document.getElementById("status_text").innerHTML = scanfilesArNames[scanfilesI]; var newscript = document.createElement("script"); newscript.setAttribute("src", scriptSRC+scanfilesArKeys[scanfilesI]); divx = document.getElementById("found_scanned"); if (divx) divx.appendChild(newscript); stopScanning=setTimeout("scanNextDir("+(scanfilesI++)+")",' . $GLOBALS["GOTMLS"]["tmp"]['execution_time'] . '000); } } startTime = (' . ceil(time() - $GLOBALS["GOTMLS"]["log"]["scan"]["start"]) . '+3); stopScanning=setTimeout("scanNextDir(-1)",3000); function pauseresume(butt) { if (butt.value == "Resume") butt.value = "Pause"; else butt.value = "Resume"; } showhide("pause_button", true);' . "\n/*{$lt}!--*" . "/"; } if (@ob_get_level()) { GOTMLS_flush('script'); @ob_end_flush(); } echo "/*--{$gt}*" . "/\n{$lt}/script{$gt}"; } else { echo GOTMLS_box(GOTMLS_Invalid_Nonce(""), __("Starting a Complete Scan requires a valid Nonce Token. No valid Nonce Token was found at this time, either because the token have expired or because the data was invalid. Please try re-submitting the form above.", 'gotmls') . "\n{$lt}script type='text/javascript'{$gt}\nalert('" . GOTMLS_Invalid_Nonce("") . "');\n{$lt}/script{$gt}\n"); } } echo "\n{$lt}/div{$gt}{$lt}/div{$gt}{$lt}/div{$gt}"; }