/** * Compare the md5sum of the core files in the current site with the hashes hosted * remotely in Sucuri servers. These hashes are updated every time a new version * of WordPress is released. If the "Send Email" parameter is set the function will * send a notification to the administrator with a list of files that were added, * modified and/or deleted so far. * * @param boolean $send_email If the HTML code returned will be sent via email. * @return string HTML code with a list of files that were affected. */ function sucuriscan_core_files($send_email = false) { $site_version = SucuriScan::site_version(); $affected_files = 0; $template_variables = array('CoreFiles.List' => '', 'CoreFiles.ListCount' => 0, 'CoreFiles.GoodVisibility' => 'visible', 'CoreFiles.BadVisibility' => 'hidden', 'CoreFiles.FailureVisibility' => 'hidden', 'CoreFiles.RemoteChecksumsURL' => ''); if ($site_version && SucuriScanOption::is_enabled(':scan_checksums')) { // Check if there are added, removed, or modified files. $latest_hashes = sucuriscan_check_core_integrity($site_version); $template_variables['CoreFiles.RemoteChecksumsURL'] = 'http://api.wordpress.org/core/checksums/1.0/' . '?version=' . $site_version . '&locale=en_US'; if ($latest_hashes) { $cache = new SucuriScanCache('integrity'); $ignored_files = $cache->get_all(); $counter = 0; foreach ($latest_hashes as $list_type => $file_list) { if ($list_type == 'stable' || empty($file_list)) { continue; } foreach ($file_list as $file_info) { $file_path = $file_info['filepath']; $full_filepath = sprintf('%s/%s', rtrim(ABSPATH, '/'), $file_path); // Skip files that were marked as fixed. if ($ignored_files) { // Get the checksum of the base file name. $file_path_checksum = md5($file_path); if (array_key_exists($file_path_checksum, $ignored_files)) { continue; } } // Add extra information to the file list. $css_class = $counter % 2 == 0 ? '' : 'alternate'; $file_size = @filesize($full_filepath); $is_fixable_html = ''; $is_fixable_text = ''; // Check whether the file can be fixed automatically or not. if ($file_info['is_fixable'] !== true) { $css_class .= ' sucuriscan-opacity'; $is_fixable_html = 'disabled="disbled"'; $is_fixable_text = '(must be fixed manually)'; } // Generate the HTML code from the snippet template for this file. $template_variables['CoreFiles.List'] .= SucuriScanTemplate::get_snippet('integrity-corefiles', array('CoreFiles.CssClass' => $css_class, 'CoreFiles.StatusType' => $list_type, 'CoreFiles.FilePath' => SucuriScan::escape($file_path), 'CoreFiles.FileSize' => $file_size, 'CoreFiles.FileSizeHuman' => SucuriScan::human_filesize($file_size), 'CoreFiles.FileSizeNumber' => number_format($file_size), 'CoreFiles.ModifiedAt' => SucuriScan::datetime($file_info['modified_at']), 'CoreFiles.IsFixtableFile' => $is_fixable_html, 'CoreFiles.IsNotFixable' => $is_fixable_text)); $counter += 1; $affected_files += 1; } } if ($counter > 0) { $template_variables['CoreFiles.ListCount'] = $counter; $template_variables['CoreFiles.GoodVisibility'] = 'hidden'; $template_variables['CoreFiles.BadVisibility'] = 'visible'; } } else { $template_variables['CoreFiles.GoodVisibility'] = 'hidden'; $template_variables['CoreFiles.BadVisibility'] = 'hidden'; $template_variables['CoreFiles.FailureVisibility'] = 'visible'; } } // Send an email notification with the affected files. if ($send_email === true) { if ($affected_files > 0) { $content = SucuriScanTemplate::get_section('notification-corefiles', $template_variables); $sent = SucuriScanEvent::notify_event('scan_checksums', $content); return $sent; } return false; } return SucuriScanTemplate::get_section('integrity-corefiles', $template_variables); }
/** * Compare the md5sum of the core files in the current site with the hashes hosted * remotely in Sucuri servers. These hashes are updated every time a new version * of WordPress is released. * * @return void */ function sucuriscan_core_files() { $site_version = SucuriScan::site_version(); $template_variables = array('CoreFiles.List' => '', 'CoreFiles.ListCount' => 0, 'CoreFiles.GoodVisibility' => 'visible', 'CoreFiles.BadVisibility' => 'hidden'); if ($site_version && SucuriScanOption::get_option(':scan_checksums') == 'enabled') { // Check if there are added, removed, or modified files. $latest_hashes = sucuriscan_check_core_integrity($site_version); if ($latest_hashes) { $cache = new SucuriScanCache('integrity'); $ignored_files = $cache->get_all(); $counter = 0; foreach ($latest_hashes as $list_type => $file_list) { if ($list_type == 'stable' || empty($file_list)) { continue; } foreach ($file_list as $file_info) { $file_path = $file_info['filepath']; $full_filepath = sprintf('%s/%s', rtrim(ABSPATH, '/'), $file_path); // Skip files that were marked as fixed. if ($ignored_files) { // Get the checksum of the base file name. $file_path_checksum = md5($file_path); if (array_key_exists($file_path_checksum, $ignored_files)) { continue; } } // Add extra information to the file list. $css_class = $counter % 2 == 0 ? '' : 'alternate'; $file_size = @filesize($full_filepath); $is_fixable_html = ''; $is_fixable_text = ''; // Check whether the file can be fixed automatically or not. if ($file_info['is_fixable'] !== true) { $css_class .= ' sucuriscan-opacity'; $is_fixable_html = 'disabled="disbled"'; $is_fixable_text = '(must be fixed manually)'; } // Generate the HTML code from the snippet template for this file. $template_variables['CoreFiles.List'] .= SucuriScanTemplate::get_snippet('integrity-corefiles', array('CoreFiles.CssClass' => $css_class, 'CoreFiles.StatusType' => $list_type, 'CoreFiles.FilePath' => $file_path, 'CoreFiles.FileSize' => $file_size, 'CoreFiles.FileSizeHuman' => SucuriScan::human_filesize($file_size), 'CoreFiles.FileSizeNumber' => number_format($file_size), 'CoreFiles.ModifiedAt' => SucuriScan::datetime($file_info['modified_at']), 'CoreFiles.IsFixtableFile' => $is_fixable_html, 'CoreFiles.IsNotFixable' => $is_fixable_text)); $counter += 1; } } if ($counter > 0) { $template_variables['CoreFiles.ListCount'] = $counter; $template_variables['CoreFiles.GoodVisibility'] = 'hidden'; $template_variables['CoreFiles.BadVisibility'] = 'visible'; } } else { SucuriScanInterface::error('Error retrieving the WordPress core hashes, try again.'); } } return SucuriScanTemplate::get_section('integrity-corefiles', $template_variables); }