function exploitscanner_fix_vulnerability_page()
{
if (!current_user_can('edit_plugins')) {
wp_die('You do not have sufficient permissions to perform this action.');
}
if (!in_array($_GET['vulnerability'], array('timthumb'))) {
wp_die('Unknown action.');
}
if (validate_file($_GET['file']) || !is_file(ABSPATH . $_GET['file'])) {
wp_die('Invalid file.');
}
if (!File_Exploit_Scanner::is_vulnerable_file($_GET['file'], ABSPATH)) {
wp_die('Invalid file.');
}
check_admin_referer('exploit-scanner_fix_' . $_GET['vulnerability'] . '_' . $_GET['file']);
if ($_GET['vulnerability'] == 'timthumb') {
echo '<h3>Fixing TimThumb vulnerability</h3>';
$contents = file_get_contents(ABSPATH . $_GET['file']);
$fix = '
// Exploit Scanner security fix
if ( ! defined( "ALLOW_EXTERNAL" ) || ! ALLOW_EXTERNAL ) {
$isAllowedSite = false;
foreach ( $allowedSites as $site ) {
if ( preg_match (\'/(?:^|\\.)\' . preg_quote( $site ) . \'$/i\', $url_info[\'host\'] ) )
$isAllowedSite = true;
}
}
// End fix
if ($isAllowedSite) {
';
$contents = str_replace('if ($isAllowedSite) {', $fix, $contents);
if (file_put_contents(ABSPATH . $_GET['file'], $contents)) {
echo '<p>This instance of TimThumb has had a security fix applied. It is recommended that you download the latest version of TimThumb and completely replace this file.</p>';
} else {
echo '<p>An error occurred. It was not possible to apply a fix to this file. It is recommended that you download the latest version of TimThumb and completely replace this file.</p>';
}
}
echo '<p>The vulnerability will still show in your scan results until you run another scan.</p>';
echo '<p><a href="' . menu_page_url('exploit-scanner', false) . '">Go back.</a></p>';
}
