/** * Process the requests sent by the form submissions originated in the integrity * page, all forms must have a nonce field that will be checked against the one * generated in the template render function. * * @return void */ function sucuriscan_integrity_form_submissions() { if (SucuriScanInterface::check_nonce()) { // Force the execution of the filesystem scanner. if (SucuriScanRequest::post(':force_scan') !== false) { SucuriScanEvent::notify_event('plugin_change', 'Filesystem scan forced at: ' . date('r')); SucuriScanEvent::filesystem_scan(true); sucuriscan_core_files_data(true); } // Restore, Remove, Mark as fixed the core files. $action = SucuriScanRequest::post(':integrity_action'); if ($action !== false) { if (SucuriScanRequest::post(':process_form') == 1) { if ($action == 'fixed' || $action == 'delete' || $action == 'restore') { $cache = new SucuriScanCache('integrity'); $core_files = SucuriScanRequest::post(':corefiles', '_array'); $files_selected = count($core_files); $files_affected = array(); $files_processed = 0; $action_titles = array('restore' => 'Core file restored', 'delete' => 'Non-core file deleted', 'fixed' => 'Core file marked as fixed'); if ($core_files) { $delimiter = '@'; $parts_count = 2; foreach ($core_files as $file_meta) { if (strpos($file_meta, $delimiter)) { $parts = explode($delimiter, $file_meta, $parts_count); if (count($parts) === $parts_count) { $file_path = $parts[1]; $status_type = $parts[0]; // Do not use realpath as the file may not exists. $full_path = ABSPATH . '/' . $file_path; switch ($action) { case 'restore': $file_content = SucuriScanAPI::getOriginalCoreFile($file_path); if ($file_content) { $restored = @file_put_contents($full_path, $file_content); $files_processed += $restored ? 1 : 0; $files_affected[] = $full_path; } break; case 'fixed': $cache_key = md5($file_path); $cache_value = array('file_path' => $file_path, 'file_status' => $status_type, 'ignored_at' => time()); $cached = $cache->add($cache_key, $cache_value); $files_processed += $cached ? 1 : 0; $files_affected[] = $full_path; break; case 'delete': if (@unlink($full_path)) { $files_processed += 1; $files_affected[] = $full_path; } break; } } } } // Report files affected as a single event. if (!empty($files_affected)) { $message_tpl = count($files_affected) > 1 ? '%s: (multiple entries): %s' : '%s: %s'; $message = sprintf($message_tpl, $action_titles[$action], @implode(',', $files_affected)); switch ($action) { case 'restore': SucuriScanEvent::report_info_event($message); break; case 'delete': SucuriScanEvent::report_notice_event($message); break; case 'fixed': SucuriScanEvent::report_warning_event($message); break; } } SucuriScanInterface::info(sprintf('<b>%d</b> out of <b>%d</b> files were successfully processed.', $files_processed, $files_selected)); } else { SucuriScanInterface::error('No files were selected.'); } } else { SucuriScanInterface::error('Action requested is not supported.'); } } else { SucuriScanInterface::error('You need to confirm that you understand the risk of this operation.'); } } } }