function GOTMLS_get_quarantine()
{
$entries = GOTMLS_getfiles($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]);
$Q_Page = '
<form method="POST" target="GOTMLS_iFrame" name="GOTMLS_Form_clean"><input type="hidden" id="GOTMLS_fixing" name="GOTMLS_fixing" value="1">';
if (is_array($entries) && ($key = array_search(".htaccess", $entries))) {
unset($entries[$key]);
}
if (is_array($entries) && ($key = array_search("index.php", $entries))) {
unset($entries[$key]);
}
if (is_array($entries) && count($entries)) {
$Q_Page .= '<p id="quarantine_buttons" style="display: none;"><input id="repair_button" type="submit" value="' . __("Restore selected files", 'gotmls') . '" class="button-primary" onclick="if (confirm(\'' . __("Are you sure you want to overwrite the previously cleaned files with the selected files in the Quarantine?", 'gotmls') . '\')) { setvalAllFiles(1); loadIframe(\'File Restoration Results\'); } else return false;" /><input id="delete_button" type="submit" class="button-primary" value="' . __("Delete selected files", 'gotmls') . '" onclick="if (confirm(\'' . __("Are you sure you want to permanently delete the selected files in the Quarantine?", 'gotmls') . '\')) { setvalAllFiles(2); loadIframe(\'File Deletion Results\'); } else return false;" /></p><p><b>' . __("The following items have been found to contain malicious code, they have been cleaned, and the original infected file contents have been saved here in the Quarantine. The code is safe here and you do not need to do anything further with these files.", 'gotmls') . '</b></p><p>' . sprintf(__("FYI - these files are found in: %s", 'gotmls'), ' ' . $GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]) . '</p>
<ul name="found_Quarantine" id="found_Quarantine" class="GOTMLS_plugin known" style="background-color: #ccc; padding: 0;"><h3>' . (count($entries) > 1 ? '<input type="checkbox" onchange="checkAllFiles(this.checked); document.getElementById(\'quarantine_buttons\').style.display = \'block\';"> ' . sprintf(__("Check all %d", 'gotmls'), count($entries)) : "") . __(" Items in Quarantine", 'gotmls') . '<span class="GOTMLS_date">Date Quarantined</span><span class="GOTMLS_date">Date Infected</span></h3>';
sort($entries);
$root_path = implode(GOTMLS_slash(), array_slice(GOTMLS_explode_dir(__FILE__), 0, (2 + intval($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"])) * -1));
foreach ($entries as $entry) {
$file = GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]) . $entry;
$filetime = date("Y-m-d H:i", filemtime($file));
$Q_Page .= '
<li style="margin: 4px 12px;"><span class="GOTMLS_date">' . $filetime . '</span>';
$infectime = 'Unknown';
if (is_file($file) && GOTMLS_get_ext($entry) == "gotmls") {
$file_date = explode(".", $entry);
if (count($file_date) > 2 && strlen($file_date[0]) == 5 && $filetime != GOTMLS_sexagesimal($file_date[0])) {
$infectime = GOTMLS_sexagesimal($file_date[0]);
} elseif (count($file_date) > 3 && strlen($file_date[1]) == 5 && $filetime != GOTMLS_sexagesimal($file_date[1])) {
$infectime = GOTMLS_sexagesimal($file_date[1]);
} elseif (@rename($file, GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]) . GOTMLS_sexagesimal($filetime) . ".{$entry}")) {
$file = GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]) . GOTMLS_sexagesimal($filetime) . ".{$entry}";
}
$Q_Page .= '<span class="GOTMLS_date">' . $infectime . '</span><input type="checkbox" name="GOTMLS_fix[]" value="' . GOTMLS_encode($file) . '" id="check_' . GOTMLS_encode($file) . '" onchange="document.getElementById(\'quarantine_buttons\').style.display = \'block\';" /><img src="' . GOTMLS_images_path . 'blocked.gif" height=16 width=16 alt="Q">' . preg_replace('/9000px;\\">(.+?)<\\/div>/', '9000px;">\\1' . GOTMLS_strip4java(GOTMLS_decode($file_date[count($file_date) - 2])) . ' (Quarantined)</div>', GOTMLS_error_link(__("View Quarantined File", 'gotmls'), $file)) . str_replace($root_path, "...", GOTMLS_decode($file_date[count($file_date) - 2]));
} else {
$Q_Page .= '<img src="' . GOTMLS_images_path . 'threat.gif" height=16 width=16 alt="?">' . GOTMLS_error_link(__("Foreign File in Quarantine", 'gotmls'), $file) . $entry;
}
$Q_Page .= "</a></li>\n";
}
$Q_Page .= "\n</ul>";
} else {
$Q_Page .= '<h3>' . __("No Items in Quarantine", 'gotmls') . '</h3>';
}
return "{$Q_Page}\n</form>\n";
}
function GOTMLS_quarantine($file = __FILE__)
{
if (!(isset($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]) && is_dir($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]))) {
$upload = wp_upload_dir();
$err403 = GOTMLS_html_tags(array("html" => array("head" => array("title" => "403 Forbidden"), "body" => "<h1>Forbidden</h1>\n<p>You don't have permission to access this directory.</p>")));
$recoveryPHP = '<' . '?php
$gt = ">";
$lt = "<";
if ((isset($_SERVER["SCRIPT_FILENAME"]) && strlen($_SERVER["SCRIPT_FILENAME"]) > strlen(basename(__FILE__)) && substr(__FILE__, -1 * strlen($_SERVER["SCRIPT_FILENAME"])) == substr($_SERVER["SCRIPT_FILENAME"], -1 * strlen(__FILE__))) || !defined("GOTMLS_plugin_path"))
die("' . str_replace('>', '{$gt}', str_replace('<', '{$lt}', $err403)) . '")); // Display the Forbidden Error to anyone trying to browse the quarantine without permission!
?' . '>';
$GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"] = str_replace("/", GOTMLS_slash(), GOTMLS_trailingslashit($upload['basedir'])) . 'quarantine';
if (!is_dir($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]) && !@mkdir($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"])) {
$GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"] = str_replace("/", GOTMLS_slash(), $upload['basedir']);
}
if (is_file(GOTMLS_trailingslashit($upload['basedir']) . '.htaccess') && file_get_contents(GOTMLS_trailingslashit($upload['basedir']) . '.htaccess') == 'Options -Indexes') {
if (!@unlink(GOTMLS_trailingslashit($upload['basedir']) . '.htaccess')) {
GOTMLS_file_put_contents(GOTMLS_trailingslashit($upload['basedir']) . '.htaccess', '');
}
}
if (!is_file(GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]) . '.htaccess')) {
GOTMLS_file_put_contents(GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]) . '.htaccess', 'Options -Indexes');
}
if (!is_file(GOTMLS_trailingslashit($upload['basedir']) . 'index.php')) {
GOTMLS_file_put_contents(GOTMLS_trailingslashit($upload['basedir']) . 'index.php', $err403);
}
if (!is_file(GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]) . 'index.php') || @file_get_contents(GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]) . 'index.php') != $recoveryPHP) {
GOTMLS_file_put_contents(GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]) . 'index.php', $recoveryPHP);
}
}
return GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]) . (is_file($file) ? GOTMLS_sexagesimal(date("y-m-d-H-i", filectime($file))) . '.' . GOTMLS_sexagesimal(date("y-m-d-H-i", filemtime($file))) : GOTMLS_sexagesimal(date("y-m-d-H-i", time()))) . '.' . GOTMLS_encode($file ? $file : __FILE__) . '.GOTMLS';
}
function GOTMLS_get_quarantine($only = false)
{
global $wpdb, $post;
$old_files = 0;
if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["quarantine_dir"]) || $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["quarantine_dir"]) {
if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["quarantine_dir"])) {
if (($upload = wp_upload_dir()) && isset($upload['basedir'])) {
$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["quarantine_dir"] = str_replace("/", GOTMLS_slash(), GOTMLS_trailingslashit($upload['basedir'])) . 'quarantine';
} else {
$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["quarantine_dir"] = false;
}
}
if (isset($_GET["page"]) && substr($_GET["page"], 0, 6) == "GOTMLS" && $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["quarantine_dir"] && is_dir($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["quarantine_dir"])) {
$entries = GOTMLS_getfiles($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["quarantine_dir"]);
if (is_array($entries) && count($entries)) {
foreach ($entries as $entry) {
if (is_file($file = GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["quarantine_dir"]) . $entry)) {
if (GOTMLS_get_ext($entry) == "gotmls") {
$old_files++;
if (GOTMLS_get_nonce() && ($GLOBALS["GOTMLS"]["tmp"]["file_contents"] = @file_get_contents($file))) {
$insert = array("post_author" => GOTMLS_get_current_user_id(), "ping_status" => "imported", "post_status" => "private", "post_type" => "GOTMLS_quarantine", "post_content" => GOTMLS_encode($GLOBALS["GOTMLS"]["tmp"]["file_contents"]), "post_mime_type" => md5($GLOBALS["GOTMLS"]["tmp"]["file_contents"]), "guid" => "Unknown");
//! comment_status post_password post_name to_ping post_parent menu_order";
if (!($insert["comment_count"] = @filesize($file))) {
$insert["comment_count"] = strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]);
}
$file_date = explode(".", $entry);
$insert["post_date"] = date("Y-m-d H:i:s", filemtime($file));
$insert["post_date_gmt"] = $insert["post_date"];
$insert["post_modified"] = $insert["post_date"];
$match = '/^(20)?([0-5][0-9])[\\-: \\/]*(0*[1-9]|1[0-2])[\\-: \\/]*(0*[1-9]|[12][0-9]|3[01])[\\-: \\/]*([0-5][0-9])[\\-: \\/]*([0-5][0-9])$/';
if (count($file_date) > 2 && strlen($file_date[0]) == 5 && preg_match($match, GOTMLS_sexagesimal($file_date[0]))) {
$insert["post_modified"] = GOTMLS_sexagesimal($file_date[0]) . ":00";
} elseif (count($file_date) > 3 && strlen($file_date[1]) == 5 && preg_match($match, GOTMLS_sexagesimal($file_date[1]))) {
$insert["post_modified"] = GOTMLS_sexagesimal($file_date[1]) . ":00";
}
$insert["post_modified_gmt"] = $insert["post_modified"];
$insert["post_title"] = GOTMLS_decode($file_date[count($file_date) - 2]);
if (is_file($insert["post_title"]) && ($GLOBALS["GOTMLS"]["tmp"]["new_contents"] = file_get_contents($insert["post_title"]))) {
$insert["post_content_filtered"] = GOTMLS_encode($GLOBALS["GOTMLS"]["tmp"]["new_contents"]);
}
//! pinged post_excerpt
if ($wpdb->insert($wpdb->posts, $insert)) {
unlink(trailingslashit($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["quarantine_dir"]) . $entry);
$old_files--;
} else {
print_r(array($entry => $insert, "last_error" => $wpdb->last_error));
}
}
} elseif (basename($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["quarantine_dir"]) == "quarantine") {
unlink(trailingslashit($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["quarantine_dir"]) . $entry);
}
}
}
}
if ($old_files == 0 && basename($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["quarantine_dir"]) == "quarantine") {
rmdir($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["quarantine_dir"]);
}
}
if (!($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["quarantine_dir"] && is_dir($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["quarantine_dir"]))) {
$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["quarantine_dir"] = false;
update_option("GOTMLS_settings_array", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]);
}
}
if (is_numeric($only)) {
return get_post($only, ARRAY_A);
} elseif ($only) {
return $wpdb->get_var("SELECT COUNT(*) FROM {$wpdb->posts} WHERE `post_type` = 'GOTMLS_quarantine' AND `post_status` = 'private'") + $old_files;
} else {
$args = array('posts_per_page' => isset($_GET['posts_per_page']) && is_numeric($_GET['posts_per_page']) && $_GET['posts_per_page'] > 0 ? $_GET['posts_per_page'] : 200, 'orderby' => 'date', 'post_type' => 'GOTMLS_quarantine', "post_status" => "private");
}
if (isset($_POST["paged"])) {
$args["paged"] = $_POST["paged"];
}
if ($old_files) {
$Q_Paged = '<form method="POST" name="GOTMLS_Form_page">';
$Q_Page = '<form method="POST" name="GOTMLS_Form_clean"><input type="hidden" name="' . str_replace('=', '" value="', GOTMLS_set_nonce(__FUNCTION__ . "695")) . '">' . __("You have old Quarantined files in the uploads directory on your server. The new quarantine is in your WordPress Database. You need to import these files into your database where they will be safer or just delete the quarantine folder inside /wp-content/uploads/ if you would rather just delete them.", 'gotmls') . '<br /><input type="submit" value="Import Quarantined Files Now">';
} else {
$my_query = new WP_Query($args);
$Q_Paged = '<form method="POST" name="GOTMLS_Form_page"><input type="hidden" id="GOTMLS_paged" name="paged" value="1"><div style="float: left;">Page:</div>';
$Q_Page = '
<form method="POST" action="' . admin_url('admin-ajax.php?' . GOTMLS_set_nonce(__FUNCTION__ . "700")) . (isset($_SERVER["QUERY_STRING"]) && strlen($_SERVER["QUERY_STRING"]) ? "&" . $_SERVER["QUERY_STRING"] : "") . '" target="GOTMLS_iFrame" name="GOTMLS_Form_clean"><input type="hidden" id="GOTMLS_fixing" name="GOTMLS_fixing" value="1"><input type="hidden" name="action" value="GOTMLS_fix">';
if ($my_query->have_posts()) {
$Q_Page .= '<p id="quarantine_buttons" style="display: none;"><input id="repair_button" type="submit" value="' . __("Restore selected files", 'gotmls') . '" class="button-primary" onclick="if (confirm(\'' . __("Are you sure you want to overwrite the previously cleaned files with the selected files in the Quarantine?", 'gotmls') . '\')) { setvalAllFiles(1); loadIframe(\'File Restoration Results\'); } else return false;" /><input id="delete_button" type="submit" class="button-primary" value="' . __("Delete selected files", 'gotmls') . '" onclick="if (confirm(\'' . __("Are you sure you want to permanently delete the selected files in the Quarantine?", 'gotmls') . '\')) { setvalAllFiles(2); loadIframe(\'File Deletion Results\'); } else return false;" /></p><p><b>' . __("The following items have been found to contain malicious code, they have been cleaned, and the original infected file contents have been saved here in the Quarantine. The code is safe here and you do not need to do anything further with these files.", 'gotmls') . '</b></p>
<ul name="found_Quarantine" id="found_Quarantine" class="GOTMLS_plugin known" style="background-color: #ccc; padding: 0;"><h3 style="margin: 8px 12px;">' . ($my_query->post_count > 1 ? '<input type="checkbox" onchange="checkAllFiles(this.checked); document.getElementById(\'quarantine_buttons\').style.display = \'block\';"> ' . sprintf(__("Check all %d", 'gotmls'), $my_query->post_count) : "") . __(" Items in Quarantine", 'gotmls') . '<span class="GOTMLS_date">' . __("Quarantined", 'gotmls') . '</span><span class="GOTMLS_date">' . __("Date Infected", 'gotmls') . '</span></h3>';
$root_path = implode(GOTMLS_slash(), array_slice(GOTMLS_explode_dir(__FILE__), 0, (2 + intval($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"])) * -1));
while ($my_query->have_posts()) {
$my_query->the_post();
$Q_Page .= '
<li id="GOTMLS_quarantine_' . $post->ID . '" class="GOTMLS_quarantine_item"><span class="GOTMLS_date">' . $post->post_date_gmt . '</span><span class="GOTMLS_date">' . $post->post_modified_gmt . '</span><input type="checkbox" name="GOTMLS_fix[]" value="' . $post->ID . '" id="check_' . $post->ID . '" onchange="document.getElementById(\'quarantine_buttons\').style.display = \'block\';" /><img src="' . GOTMLS_images_path . 'blocked.gif" height=16 width=16 alt="Q">' . GOTMLS_error_link(__("View Quarantined File", 'gotmls'), $post->ID) . str_replace($root_path, "...", $post->post_title) . "</a></li>\n";
}
$Q_Page .= "\n</ul>";
for ($p = 1; $p <= $my_query->max_num_pages; $p++) {
$Q_Paged .= '<input class="GOTMLS_page" type="submit" value="' . $p . '"' . (isset($_POST["paged"]) && $_POST["paged"] == $p || !isset($_POST["paged"]) && 1 == $p ? " DISABLED" : "") . ' onclick="document.getElementById(\'GOTMLS_paged\').value = \'' . $p . '\';">';
}
} else {
$Q_Page .= '<h3>' . __("No Items in Quarantine", 'gotmls') . '</h3>';
}
wp_reset_query();
}
$return = "{$Q_Paged}\n</form><br style=\"clear: left;\" />\n{$Q_Page}\n</form>\n{$Q_Paged}\n</form><br style=\"clear: left;\" />\n";
if (($trashed = $wpdb->get_var("SELECT COUNT(*) FROM {$wpdb->posts} WHERE `post_type` = 'GOTMLS_quarantine' AND `post_status` != 'private'")) > 1) {
$return = '<a href="' . admin_url('admin-ajax.php?action=GOTMLS_empty_trash&' . GOTMLS_set_nonce(__FUNCTION__ . "720")) . '" id="empty_trash_link" style="float: right;" target="GOTMLS_statusFrame">[' . sprintf(__("Clear %s Deleted Files from the Trash", 'gotmls'), $trashed) . "]</a>{$return}";
}
return $return;
}
