function GOTMLS_scanfile($file)
{
global $wp_version, $GOTMLS_threat_files, $GOTMLS_threats_found, $GOTMLS_chmod_file, $GOTMLS_chmod_dir, $GOTMLS_file_contents, $GOTMLS_new_contents;
$GOTMLS_threats_found = array();
$gt = ">";
$lt = "<";
$found = false;
$threat_link = "";
$className = "scanned";
$clean_file = GOTMLS_encode($file);
$file_name = GOTMLS_explode_dir($file);
$file_parts = explode(".", "." . array_pop($file_name));
if (is_file($file) && ($filesize = filesize($file)) && ($GOTMLS_file_contents = @file_get_contents($file))) {
if (isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]["{$wp_version}"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]["{$wp_version}"])) {
$whitelist = array_flip($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]["{$wp_version}"]);
} else {
$whitelist = array();
}
foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"] as $whitelist_file => $non_threats) {
if (is_array($non_threats) && count($non_threats) > 1) {
if (isset($non_threats[0])) {
unset($non_threats[0]);
}
$whitelist = array_merge($whitelist, $non_threats);
}
}
if (isset($whitelist[md5($GOTMLS_file_contents) . 'O' . $filesize])) {
return GOTMLS_return_threat($className, "checked.gif?{$className}", $file, $threat_link);
}
$GOTMLS_new_contents = $GOTMLS_file_contents;
if (isset($GLOBALS["GOTMLS"]["log"]["settings"]["check_custom"]) && strlen($GLOBALS["GOTMLS"]["log"]["settings"]["check_custom"]) && isset($_GET['eli']) && substr($GLOBALS["GOTMLS"]["log"]["settings"]["check_custom"], 0, 1) == '/' && ($found = GOTMLS_check_threat($GLOBALS["GOTMLS"]["log"]["settings"]["check_custom"]))) {
$className = "known";
} else {
$path = str_replace("//", "/", "/" . str_replace("\\", "/", substr($file, strlen(ABSPATH))));
if (isset($_SESSION["GOTMLS_debug"])) {
$_SESSION["GOTMLS_debug"]["file"] = $file;
$_SESSION["GOTMLS_debug"]["last"]["total"] = microtime(true);
}
foreach ($GLOBALS["GOTMLS"]["tmp"]["threat_levels"] as $threat_level) {
if (isset($_SESSION["GOTMLS_debug"])) {
$_SESSION["GOTMLS_debug"]["threat_level"] = $threat_level;
$_SESSION["GOTMLS_debug"]["last"]["threat_level"] = microtime(true);
}
if (in_array($threat_level, $GLOBALS["GOTMLS"]["log"]["settings"]["check"]) && !$found && isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"][$threat_level]) && ($threat_level != "wp_core" || substr($file, 0, strlen(ABSPATH)) == ABSPATH && isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]["{$wp_version}"]["{$path}"])) && (!array_key_exists($threat_level, $GOTMLS_threat_files) || substr($file . "e", -1 * strlen($GOTMLS_threat_files[$threat_level] . "e")) == $GOTMLS_threat_files[$threat_level] . "e") && ($found = GOTMLS_check_threat($GLOBALS["GOTMLS"]["tmp"]["definitions_array"][$threat_level], $file))) {
$className = $threat_level;
}
}
if (isset($_SESSION["GOTMLS_debug"])) {
$file_time = round(microtime(true) - $_SESSION["GOTMLS_debug"]["last"]["total"], 5);
if (isset($_SESSION["GOTMLS_debug"]["total"]["total"])) {
$_SESSION["GOTMLS_debug"]["total"]["total"] += $file_time;
} else {
$_SESSION["GOTMLS_debug"]["total"]["total"] = $file_time;
}
if (isset($_SESSION["GOTMLS_debug"]["total"]["count"])) {
$_SESSION["GOTMLS_debug"]["total"]["count"]++;
} else {
$_SESSION["GOTMLS_debug"]["total"]["count"] = 1;
}
if (!isset($_SESSION["GOTMLS_debug"]["total"]["least"]) || $file_time < $_SESSION["GOTMLS_debug"]["total"]["least"]) {
$_SESSION["GOTMLS_debug"]["total"]["least"] = $file_time;
}
if (!isset($_SESSION["GOTMLS_debug"]["total"]["most"]) || $file_time > $_SESSION["GOTMLS_debug"]["total"]["most"]) {
$_SESSION["GOTMLS_debug"]["total"]["most"] = $file_time;
}
}
}
} else {
$GOTMLS_file_contents = is_file($file) ? is_readable($file) ? filesize($file) ? __("Failed to read file contents!", 'gotmls') : __("Empty file!", 'gotmls') : (isset($_GET["eli"]) ? @chmod($file, $GOTMLS_chmod_file) ? __("Fixed file permissions! (try again)", 'gotmls') : __("File permissions read-only!", 'gotmls') : __("File not readable!", 'gotmls')) : __("File does not exist!", 'gotmls');
// $threat_link = GOTMLS_error_link($GOTMLS_file_contents, $file);
$className = "errors";
}
if (count($GOTMLS_threats_found)) {
$threat_link = $lt . 'a target="GOTMLS_iFrame" href="' . GOTMLS_script_URI . '&GOTMLS_scan=' . $clean_file . '" id="list_' . $clean_file . '" onclick="loadIframe(\'' . str_replace("\"", """, $lt . 'div style="float: left;"' . $gt . 'Examine File ... ' . $lt . '/div' . $gt . $lt . 'div style="overflow: hidden; position: relative; height: 20px;"' . $gt . $lt . 'div style="position: absolute; right: 0px; text-align: right; width: 9000px;"' . $gt . GOTMLS_strip4java($file)) . $lt . '/div' . $gt . $lt . '/div' . $gt . '\');" class="GOTMLS_plugin"' . $gt;
if ($className == "errors") {
$threat_link = GOTMLS_error_link($GOTMLS_file_contents, $file);
$imageFile = "/blocked";
} elseif ($className != "potential") {
if (isset($_POST["GOTMLS_fix"]) && is_array($_POST["GOTMLS_fix"]) && in_array($clean_file, $_POST["GOTMLS_fix"])) {
if ($className == "timthumb") {
if (($source = GOTMLS_get_URL("http://{$className}.googlecode.com/svn/trunk/{$className}.php")) && strlen($source) > 500) {
$GOTMLS_new_contents = $source;
} else {
$GOTMLS_file_contents = "";
}
} elseif ($className == 'wp_core') {
$path = str_replace("//", "/", "/" . str_replace("\\", "/", substr($file, strlen(ABSPATH))));
if (substr($file, 0, strlen(ABSPATH)) == ABSPATH && isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]["{$wp_version}"]["{$path}"]) && $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]["{$wp_version}"]["{$path}"] != md5($GOTMLS_file_contents) . "O" . strlen($GOTMLS_file_contents) && ($source = GOTMLS_get_URL("http://core.svn.wordpress.org/tags/{$wp_version}{$path}")) && $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]["{$wp_version}"]["{$path}"] == md5($source) . "O" . strlen($source)) {
$GOTMLS_new_contents = $source;
} else {
$GOTMLS_file_contents = "";
}
} else {
$GOTMLS_new_contents = trim(preg_replace('/' . $lt . '\\?(php)?\\s*(\\?' . $gt . '|$)/i', "", $GOTMLS_new_contents));
}
if (strlen($GOTMLS_file_contents) > 0 && GOTMLS_write_quarantine($file, $className) !== false && (strlen($GOTMLS_new_contents) == 0 && isset($_GET["eli"]) && @unlink($file) || GOTMLS_file_put_contents($file, $GOTMLS_new_contents) !== false)) {
echo __("Success!", 'gotmls');
return "/*--{$gt}*" . "/\nfixedFile('{$clean_file}');\n/*{$lt}!--*" . "/";
} else {
echo __("Failed:", 'gotmls') . ' ' . (strlen($GOTMLS_file_contents) ? is_writable(dirname(GOTMLS_quarantine($file))) ? is_writable(dirname($file)) && is_writable($file) ? __("reason unknown!", 'gotmls') : __("file not writable!", 'gotmls') : __("quarantine not writable!", 'gotmls') . ' ' : __("no file contents!", 'gotmls'));
if (isset($_GET["eli"])) {
echo 'uid=' . getmyuid() . '(' . get_current_user() . '),gid=' . getmygid() . (is_writable(dirname(GOTMLS_quarantine($file))) ? $lt . 'br' . $gt . $lt . 'pre' . $gt . 'file_stat' . print_r(stat($file), true) : $lt . 'br' . $gt . $lt . 'pre' . $gt . dirname(GOTMLS_quarantine($file)) . ' stat' . print_r(stat(dirname(GOTMLS_quarantine($file))), true));
}
return "/*--{$gt}*" . "/\nfailedFile('{$clean_file}');\n/*{$lt}!--*" . "/";
}
}
$threat_link = $lt . 'input type="checkbox" name="GOTMLS_fix[]" value="' . $clean_file . '" id="check_' . $clean_file . ($className != "wp_core" ? '" checked="' . $className : '') . '" /' . $gt . $threat_link;
$imageFile = "threat";
} elseif (isset($_POST["GOTMLS_fix"]) && is_array($_POST["GOTMLS_fix"]) && in_array($clean_file, $_POST["GOTMLS_fix"])) {
echo __("Already Fixed!", 'gotmls');
return "/*-->*" . "/\nfixedFile('{$clean_file}');\n/*<!--*" . "/";
} else {
$imageFile = "question";
}
return GOTMLS_return_threat($className, $imageFile, $file, str_replace("GOTMLS_plugin", "GOTMLS_plugin {$className}", $threat_link));
} elseif (isset($_POST["GOTMLS_fix"]) && is_array($_POST["GOTMLS_fix"]) && in_array($clean_file, $_POST["GOTMLS_fix"])) {
if (GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]) == substr($file, 0, strlen(GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"])))) {
if (count($file_parts) > 1 && strtolower($file_parts[count($file_parts) - 1]) == "gotmls" && @rename($file, GOTMLS_decode($file_parts[count($file_parts) - 2]))) {
echo __("Restored!", 'gotmls');
return "/*--{$gt}*" . "/\nfixedFile('{$clean_file}');\n/*{$lt}!--*" . "/";
} else {
echo __("Restore Failed!", 'gotmls');
return "";
}
} else {
echo __("Already Fixed!", 'gotmls');
return "/*--{$gt}*" . "/\nfixedFile('{$clean_file}');\n/*{$lt}!--*" . "/";
}
} else {
return GOTMLS_return_threat($className, ($className == "scanned" ? "checked" : "blocked") . ".gif?{$className}", $file, $threat_link);
}
}
function GOTMLS_scanfile($file)
{
global $wp_version, $wpdb, $GOTMLS_chmod_file, $GOTMLS_chmod_dir;
$GLOBALS["GOTMLS"]["tmp"]["threats_found"] = array();
$gt = ">";
$lt = "<";
$found = false;
$threat_link = "";
$className = "scanned";
$clean_file = GOTMLS_encode($file);
$file_name = GOTMLS_explode_dir($file);
$file_parts = explode(".", "." . array_pop($file_name));
if (is_file($file) && ($filesize = filesize($file)) && ($GLOBALS["GOTMLS"]["tmp"]["file_contents"] = @file_get_contents($file))) {
if (isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]["{$wp_version}"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]["{$wp_version}"])) {
$whitelist = array_flip($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]["{$wp_version}"]);
} else {
$whitelist = array();
}
foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"] as $whitelist_file => $non_threats) {
if (is_array($non_threats) && count($non_threats) > 1) {
if (isset($non_threats[0])) {
unset($non_threats[0]);
}
$whitelist = array_merge($whitelist, $non_threats);
}
}
if (isset($whitelist[md5($GLOBALS["GOTMLS"]["tmp"]["file_contents"]) . 'O' . $filesize])) {
return GOTMLS_return_threat($className, "checked.gif?{$className}", $file, $threat_link);
}
$GLOBALS["GOTMLS"]["tmp"]["new_contents"] = $GLOBALS["GOTMLS"]["tmp"]["file_contents"];
if (isset($GLOBALS["GOTMLS"]["log"]["settings"]["check_custom"]) && strlen($GLOBALS["GOTMLS"]["log"]["settings"]["check_custom"]) && isset($_GET['eli']) && substr($GLOBALS["GOTMLS"]["log"]["settings"]["check_custom"], 0, 1) == '/' && ($found = GOTMLS_check_threat($GLOBALS["GOTMLS"]["log"]["settings"]["check_custom"]))) {
$className = "known";
} else {
$path = str_replace("//", "/", "/" . str_replace("\\", "/", substr($file, strlen(ABSPATH))));
if (isset($_SESSION["GOTMLS_debug"])) {
$_SESSION["GOTMLS_debug"]["file"] = $file;
$_SESSION["GOTMLS_debug"]["last"]["total"] = microtime(true);
}
foreach ($GLOBALS["GOTMLS"]["tmp"]["threat_levels"] as $threat_level) {
if (isset($_SESSION["GOTMLS_debug"])) {
$_SESSION["GOTMLS_debug"]["threat_level"] = $threat_level;
$_SESSION["GOTMLS_debug"]["last"]["threat_level"] = microtime(true);
}
if (in_array($threat_level, $GLOBALS["GOTMLS"]["log"]["settings"]["check"]) && !$found && isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"][$threat_level]) && ($threat_level != "wp_core" || substr($file, 0, strlen(ABSPATH)) == ABSPATH && isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]["{$wp_version}"]["{$path}"])) && (!array_key_exists($threat_level, $GLOBALS["GOTMLS"]["tmp"]["threat_files"]) || substr($file . "e", -1 * strlen($GLOBALS["GOTMLS"]["tmp"]["threat_files"][$threat_level] . "e")) == $GLOBALS["GOTMLS"]["tmp"]["threat_files"][$threat_level] . "e") && ($found = GOTMLS_check_threat($GLOBALS["GOTMLS"]["tmp"]["definitions_array"][$threat_level], $file))) {
$className = $threat_level;
}
}
if (isset($_SESSION["GOTMLS_debug"])) {
$file_time = round(microtime(true) - $_SESSION["GOTMLS_debug"]["last"]["total"], 5);
if (isset($_SESSION["GOTMLS_debug"]["total"]["total"])) {
$_SESSION["GOTMLS_debug"]["total"]["total"] += $file_time;
} else {
$_SESSION["GOTMLS_debug"]["total"]["total"] = $file_time;
}
if (isset($_SESSION["GOTMLS_debug"]["total"]["count"])) {
$_SESSION["GOTMLS_debug"]["total"]["count"]++;
} else {
$_SESSION["GOTMLS_debug"]["total"]["count"] = 1;
}
if (!isset($_SESSION["GOTMLS_debug"]["total"]["least"]) || $file_time < $_SESSION["GOTMLS_debug"]["total"]["least"]) {
$_SESSION["GOTMLS_debug"]["total"]["least"] = $file_time;
}
if (!isset($_SESSION["GOTMLS_debug"]["total"]["most"]) || $file_time > $_SESSION["GOTMLS_debug"]["total"]["most"]) {
$_SESSION["GOTMLS_debug"]["total"]["most"] = $file_time;
}
}
}
} else {
$GLOBALS["GOTMLS"]["tmp"]["file_contents"] = is_file($file) ? is_readable($file) ? filesize($file) ? __("Failed to read file contents!", 'gotmls') : __("Empty file!", 'gotmls') : (isset($_GET["eli"]) ? @chmod($file, $GOTMLS_chmod_file) ? __("Fixed file permissions! (try again)", 'gotmls') : __("File permissions read-only!", 'gotmls') : __("File not readable!", 'gotmls')) : __("File does not exist!", 'gotmls');
// $threat_link = GOTMLS_error_link($GLOBALS["GOTMLS"]["tmp"]["file_contents"], $file);
$className = "errors";
}
if (count($GLOBALS["GOTMLS"]["tmp"]["threats_found"])) {
$threat_link = $lt . 'a target="GOTMLS_iFrame" href="' . admin_url('admin-ajax.php?action=GOTMLS_scan&' . GOTMLS_set_nonce(__FUNCTION__ . "431") . '&mt=' . $GLOBALS["GOTMLS"]["tmp"]["mt"] . '&GOTMLS_scan=' . $clean_file . preg_replace('/\\&(GOTMLS_scan|mt|GOTMLS_mt|action)=/', '&last_\\1=', isset($_SERVER["QUERY_STRING"]) && strlen($_SERVER["QUERY_STRING"]) ? "&" . $_SERVER["QUERY_STRING"] : "")) . '" id="list_' . $clean_file . '" onclick="loadIframe(\'' . str_replace("\"", """, $lt . 'div style="float: left; white-space: nowrap;"' . $gt . __("Examine File", 'gotmls') . ' ... ' . $lt . '/div' . $gt . $lt . 'div style="overflow: hidden; position: relative; height: 20px;"' . $gt . $lt . 'div style="position: absolute; right: 0px; text-align: right; width: 9000px;"' . $gt . htmlspecialchars(GOTMLS_strip4java($file), ENT_NOQUOTES)) . $lt . '/div' . $gt . $lt . '/div' . $gt . '\');" class="GOTMLS_plugin"' . $gt;
if ($className == "errors") {
$threat_link = GOTMLS_error_link($GLOBALS["GOTMLS"]["tmp"]["file_contents"], $file);
$imageFile = "/blocked";
} elseif ($className != "potential") {
if (isset($_POST["GOTMLS_fix"]) && is_array($_POST["GOTMLS_fix"]) && in_array($clean_file, $_POST["GOTMLS_fix"])) {
if (GOTMLS_get_nonce()) {
if ($className == "timthumb") {
if (($source = GOTMLS_get_URL("http://{$className}.googlecode.com/svn/trunk/{$className}.php")) && strlen($source) > 500) {
$GLOBALS["GOTMLS"]["tmp"]["new_contents"] = $source;
} else {
$GLOBALS["GOTMLS"]["tmp"]["file_contents"] = "";
}
} elseif ($className == 'wp_core') {
$path = str_replace("//", "/", "/" . str_replace("\\", "/", substr($file, strlen(ABSPATH))));
if (substr($file, 0, strlen(ABSPATH)) == ABSPATH && isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]["{$wp_version}"]["{$path}"]) && $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]["{$wp_version}"]["{$path}"] != md5($GLOBALS["GOTMLS"]["tmp"]["file_contents"]) . "O" . strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]) && ($source = GOTMLS_get_URL("http://core.svn.wordpress.org/tags/{$wp_version}{$path}")) && $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]["{$wp_version}"]["{$path}"] == md5($source) . "O" . strlen($source)) {
$GLOBALS["GOTMLS"]["tmp"]["new_contents"] = $source;
} else {
$GLOBALS["GOTMLS"]["tmp"]["file_contents"] = "";
}
} else {
$GOTMLS_no_contents = trim(preg_replace('/\\/\\*.*?\\*\\/\\s*/s', "", $GLOBALS["GOTMLS"]["tmp"]["new_contents"]));
$GOTMLS_no_contents = trim(preg_replace('/\\n\\s*\\/\\/.*/', "", $GOTMLS_no_contents));
$GOTMLS_no_contents = trim(preg_replace('/' . $lt . '\\?(php)?\\s*(\\?' . $gt . '|$)/is', "", $GOTMLS_no_contents));
if (strlen($GOTMLS_no_contents)) {
$GLOBALS["GOTMLS"]["tmp"]["new_contents"] = trim(preg_replace('/' . $lt . '\\?(php)?\\s*(\\?' . $gt . '|$)/is', "", $GLOBALS["GOTMLS"]["tmp"]["new_contents"]));
} else {
$GLOBALS["GOTMLS"]["tmp"]["new_contents"] = "";
}
}
if (strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]) > 0 && ($Q_post = GOTMLS_write_quarantine($file, $className)) !== false && (strlen($GLOBALS["GOTMLS"]["tmp"]["new_contents"]) == 0 && isset($_GET["eli"]) && @unlink($file) || ($Write_File = GOTMLS_file_put_contents($file, $GLOBALS["GOTMLS"]["tmp"]["new_contents"])) !== false)) {
echo __("Success!", 'gotmls');
return "/*--{$gt}*" . "/\nfixedFile('{$clean_file}');\n/*{$lt}!--*" . "/";
} else {
echo __("Failed:", 'gotmls') . ' ' . (strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]) ? is_writable(dirname($file)) && is_writable($file) ? $Q_post === false ? __("failed to quarantine!", 'gotmls') . " (" . $wpdb->last_error . ")" : (isset($Write_File) && $Write_File ? "Q={$Q_post}: " . __("reason unknown!", 'gotmls') : "Q={$Q_post}: " . __("failed to write!", 'gotmls')) : __("file not writable!", 'gotmls') : __("no file contents!", 'gotmls'));
if (isset($_GET["eli"])) {
echo 'uid=' . getmyuid() . '(' . get_current_user() . '),gid=' . getmygid() . ($lt . 'br' . $gt . $lt . 'pre' . $gt . 'file_stat' . print_r(stat($file), true));
}
return "/*--{$gt}*" . "/\nfailedFile('{$clean_file}');\n/*{$lt}!--*" . "/";
}
} else {
echo GOTMLS_Invalid_Nonce(__("Failed: ", 'gotmls'));
return "/*--{$gt}*" . "/\nfailedFile('{$clean_file}');\n/*{$lt}!--*" . "/";
}
}
$threat_link = $lt . 'input type="checkbox" name="GOTMLS_fix[]" value="' . $clean_file . '" id="check_' . $clean_file . ($className != "wp_core" ? '" checked="' . $className : '') . '" /' . $gt . $threat_link;
$imageFile = "threat";
} elseif (isset($_POST["GOTMLS_fix"]) && is_array($_POST["GOTMLS_fix"]) && in_array($clean_file, $_POST["GOTMLS_fix"])) {
echo __("Already Fixed!", 'gotmls');
return "/*-->*" . "/\nfixedFile('{$clean_file}');\n/*<!--*" . "/";
} else {
$imageFile = "question";
}
return GOTMLS_return_threat($className, $imageFile, $file, str_replace("GOTMLS_plugin", "GOTMLS_plugin {$className}", $threat_link));
} elseif (isset($_POST["GOTMLS_fix"]) && is_array($_POST["GOTMLS_fix"]) && in_array($clean_file, $_POST["GOTMLS_fix"])) {
echo __("Already Fixed!", 'gotmls');
return "/*--{$gt}*" . "/\nfixedFile('{$clean_file}');\n/*{$lt}!--*" . "/";
} else {
return GOTMLS_return_threat($className, ($className == "scanned" ? "checked" : "blocked") . ".gif?{$className}", $file, $threat_link);
}
}