array(

[500] Fix | Delete

'file' => $properties->wordpressPath,

[501] Fix | Delete

'realFile' => $properties->realPath,

[502] Fix | Delete

'cType' => 'core',

[503] Fix | Delete

'canDiff' => true,

[504] Fix | Delete

'canFix' => true,

[505] Fix | Delete

'canDelete' => false,

[506] Fix | Delete

'haveIssues' => 'core'

[507] Fix | Delete

)

[508] Fix | Delete

);

[509] Fix | Delete

}

[510] Fix | Delete

}

[511] Fix | Delete

return false;

[512] Fix | Delete

}

[513] Fix | Delete

}

[514] Fix | Delete

private function checkKnownPluginFile($properties) {

[515] Fix | Delete

if (in_array($properties->shac, $this->knownFiles[self::KNOWN_FILE_PLUGIN][$properties->wordpressPath])) {

[516] Fix | Delete

return true;

[517] Fix | Delete

}

[518] Fix | Delete

else {

[519] Fix | Delete

if ($this->pluginsEnabled) {

[520] Fix | Delete

$options = $this->engine->scanController()->scanOptions();

[521] Fix | Delete

$shouldGenerateIssue = true;

[522] Fix | Delete

if (!$options['scansEnabled_highSense'] && preg_match('~/readme\.(?:txt|md)$~i', $properties->wordpressPath)) { //Don't generate issues for changed readme files unless high sensitivity is on

[523] Fix | Delete

$shouldGenerateIssue = false;

[524] Fix | Delete

}

[525] Fix | Delete

[526] Fix | Delete

if ($shouldGenerateIssue) {

[527] Fix | Delete

$itemName = $this->knownFiles['plugins'][$properties->wordpressPath][0];

[528] Fix | Delete

$itemVersion = $this->knownFiles['plugins'][$properties->wordpressPath][1];

[529] Fix | Delete

$cKey = $this->knownFiles['plugins'][$properties->wordpressPath][2];

[530] Fix | Delete

$this->engine->addPendingIssue(

[531] Fix | Delete

'knownfile',

[532] Fix | Delete

wfIssues::SEVERITY_MEDIUM,

[533] Fix | Delete

'modifiedplugin' . $properties->wordpressPath,

[534] Fix | Delete

'modifiedplugin' . $properties->wordpressPath . $properties->md5,

[535] Fix | Delete

sprintf(/* translators: File path. */ __('Modified plugin file: %s', 'wordfence'), $properties->wordpressPath),

[536] Fix | Delete

sprintf(

[537] Fix | Delete

/* translators: 1. Plugin name. 2. Plugin version. 3. Support URL. */

[538] Fix | Delete

__('This file belongs to plugin "%1$s" version "%2$s" and has been modified from the file that is distributed by WordPress.org for this version. Please use the link to see how the file has changed. If you have modified this file yourself, you can safely ignore this warning. If you see a lot of changed files in a plugin that have been made by the author, then try uninstalling and reinstalling the plugin to force an upgrade. Doing this is a workaround for plugin authors who don\'t manage their code correctly. <a href="%3$s" target="_blank" rel="noopener noreferrer">Learn More<span class="screen-reader-text"> (' . esc_html__('opens in new tab', 'wordfence') . ')</span></a>', 'wordfence'),

[539] Fix | Delete

$itemName,

[540] Fix | Delete

$itemVersion,

[541] Fix | Delete

wfSupportController::esc_supportURL(wfSupportController::ITEM_SCAN_RESULT_MODIFIED_PLUGIN)

[542] Fix | Delete

),

[543] Fix | Delete

array(

[544] Fix | Delete

'file' => $properties->wordpressPath,

[545] Fix | Delete

'realFile' => $properties->realPath,

[546] Fix | Delete

'cType' => 'plugin',

[547] Fix | Delete

'canDiff' => true,

[548] Fix | Delete

'canFix' => true,

[549] Fix | Delete

'canDelete' => false,

[550] Fix | Delete

'cName' => $itemName,

[551] Fix | Delete

'cVersion' => $itemVersion,

[552] Fix | Delete

'cKey' => $cKey,

[553] Fix | Delete

'haveIssues' => 'plugins'

[554] Fix | Delete

)

[555] Fix | Delete

);

[556] Fix | Delete

}

[557] Fix | Delete

}

[558] Fix | Delete

return false;

[559] Fix | Delete

}

[560] Fix | Delete

}

[561] Fix | Delete

private function checkKnownThemeFile($properties) {

[562] Fix | Delete

if (in_array($properties->shac, $this->knownFiles[self::KNOWN_FILE_THEME][$properties->wordpressPath])) {

[563] Fix | Delete

return true;

[564] Fix | Delete

}

[565] Fix | Delete

else {

[566] Fix | Delete

if ($this->themesEnabled) {

[567] Fix | Delete

$options = $this->engine->scanController()->scanOptions();

[568] Fix | Delete

$shouldGenerateIssue = true;

[569] Fix | Delete

if (!$options['scansEnabled_highSense'] && preg_match('~/readme\.(?:txt|md)$~i', $properties->wordpressPath)) { //Don't generate issues for changed readme files unless high sensitivity is on

[570] Fix | Delete

$shouldGenerateIssue = false;

[571] Fix | Delete

}

[572] Fix | Delete

[573] Fix | Delete

if ($shouldGenerateIssue) {

[574] Fix | Delete

$itemName = $this->knownFiles['themes'][$properties->wordpressPath][0];

[575] Fix | Delete

$itemVersion = $this->knownFiles['themes'][$properties->wordpressPath][1];

[576] Fix | Delete

$cKey = $this->knownFiles['themes'][$properties->wordpressPath][2];

[577] Fix | Delete

$this->engine->addPendingIssue(

[578] Fix | Delete

'knownfile',

[579] Fix | Delete

wfIssues::SEVERITY_MEDIUM,

[580] Fix | Delete

'modifiedtheme' . $properties->wordpressPath,

[581] Fix | Delete

'modifiedtheme' . $properties->wordpressPath . $properties->md5,

[582] Fix | Delete

sprintf(/* translators: File path. */ __('Modified theme file: %s', 'wordfence'), $properties->wordpressPath),

[583] Fix | Delete

sprintf(

[584] Fix | Delete

/* translators: 1. Plugin name. 2. Plugin version. 3. Support URL. */

[585] Fix | Delete

__('This file belongs to theme "%1$s" version "%2$s" and has been modified from the original distribution. It is common for site owners to modify their theme files, so if you have modified this file yourself you can safely ignore this warning. <a href="%3$s" target="_blank" rel="noopener noreferrer">Learn More<span class="screen-reader-text"> (' . esc_html__('opens in new tab', 'wordfence') . ')</span></a>', 'wordfence'),

[586] Fix | Delete

$itemName,

[587] Fix | Delete

$itemVersion,

[588] Fix | Delete

wfSupportController::esc_supportURL(wfSupportController::ITEM_SCAN_RESULT_MODIFIED_THEME)

[589] Fix | Delete

),

[590] Fix | Delete

array(

[591] Fix | Delete

'file' => $properties->wordpressPath,

[592] Fix | Delete

'realFile' => $properties->realPath,

[593] Fix | Delete

'cType' => 'theme',

[594] Fix | Delete

'canDiff' => true,

[595] Fix | Delete

'canFix' => true,

[596] Fix | Delete

'canDelete' => false,

[597] Fix | Delete

'cName' => $itemName,

[598] Fix | Delete

'cVersion' => $itemVersion,

[599] Fix | Delete

'cKey' => $cKey,

[600] Fix | Delete

'haveIssues' => 'themes'

[601] Fix | Delete

)

[602] Fix | Delete

);

[603] Fix | Delete

}

[604] Fix | Delete

}

[605] Fix | Delete

return false;

[606] Fix | Delete

}

[607] Fix | Delete

}

[608] Fix | Delete

private function checkKnownFileOther($properties) {

[609] Fix | Delete

$restrictedWordPressFolders = array(ABSPATH . 'wp-admin/', ABSPATH . WPINC . '/');

[610] Fix | Delete

$added = false;

[611] Fix | Delete

foreach ($restrictedWordPressFolders as $path) {

[612] Fix | Delete

if (strpos($properties->realPath, $path) === 0) {

[613] Fix | Delete

if ($this->isPreviousCoreFile($properties->shac)) {

[614] Fix | Delete

$added = $this->engine->addIssue(

[615] Fix | Delete

'knownfile',

[616] Fix | Delete

wfIssues::SEVERITY_LOW,

[617] Fix | Delete

'coreUnknown' . $properties->wordpressPath,

[618] Fix | Delete

'coreUnknown' . $properties->wordpressPath . $properties->md5,

[619] Fix | Delete

sprintf(/* translators: File path. */ __('Old WordPress core file not removed during update: %s', 'wordfence'), $properties->wordpressPath),

[620] Fix | Delete

__('This file is in a WordPress core location but is from an older version of WordPress and not used with your current version. Hosting or permissions issues can cause these files to get left behind when WordPress is updated and they should be removed if possible.', 'wordfence'),

[621] Fix | Delete

array(

[622] Fix | Delete

'file' => $properties->wordpressPath,

[623] Fix | Delete

'realFile' => $properties->realPath,

[624] Fix | Delete

'cType' => 'core',

[625] Fix | Delete

'canDiff' => false,

[626] Fix | Delete

'canFix' => false,

[627] Fix | Delete

'canDelete' => true,

[628] Fix | Delete

)

[629] Fix | Delete

);

[630] Fix | Delete

}

[631] Fix | Delete

else if (preg_match('#/php\.ini$#', $properties->wordpressPath)) {

[632] Fix | Delete

$this->engine->addPendingIssue(

[633] Fix | Delete

'knownfile',

[634] Fix | Delete

wfIssues::SEVERITY_HIGH,

[635] Fix | Delete

'coreUnknown' . $properties->wordpressPath,

[636] Fix | Delete

'coreUnknown' . $properties->wordpressPath . $properties->md5,

[637] Fix | Delete

sprintf(/* translators: File path. */ __('Unknown file in WordPress core: %s', 'wordfence'), $properties->wordpressPath),

[638] Fix | Delete

__('This file is in a WordPress core location but is not distributed with this version of WordPress. This scan often includes files left over from a previous WordPress version, but it may also find files added by another plugin, files added by your host, or malicious files added by an attacker.', 'wordfence'),

[639] Fix | Delete

array(

[640] Fix | Delete

'file' => $properties->wordpressPath,

[641] Fix | Delete

'realFile' => $properties->realPath,

[642] Fix | Delete

'cType' => 'core',

[643] Fix | Delete

'canDiff' => false,

[644] Fix | Delete

'canFix' => false,

[645] Fix | Delete

'canDelete' => true,

[646] Fix | Delete

'coalesce' => 'php.ini',

[647] Fix | Delete

'learnMore' => wfSupportController::supportURL(wfSupportController::ITEM_SCAN_RESULT_UNKNOWN_FILE_CORE),

[648] Fix | Delete

'haveIssues' => 'coreUnknown',

[649] Fix | Delete

)

[650] Fix | Delete

);

[651] Fix | Delete

}

[652] Fix | Delete

else {

[653] Fix | Delete

$added = $this->engine->addIssue(

[654] Fix | Delete

'knownfile',

[655] Fix | Delete

wfIssues::SEVERITY_HIGH,

[656] Fix | Delete

'coreUnknown' . $properties->wordpressPath,

[657] Fix | Delete

'coreUnknown' . $properties->wordpressPath . $properties->md5,

[658] Fix | Delete

sprintf(/* translators: File path. */ __('Unknown file in WordPress core: %s', 'wordfence'), $properties->wordpressPath),

[659] Fix | Delete

sprintf(/* translators: Support URL. */ __('This file is in a WordPress core location but is not distributed with this version of WordPress. This scan often includes files left over from a previous WordPress version, but it may also find files added by another plugin, files added by your host, or malicious files added by an attacker. <a href="%s" target="_blank" rel="noopener noreferrer">Learn More<span class="screen-reader-text"> (' . esc_html__('opens in new tab', 'wordfence') . ')</span></a>', 'wordfence'), wfSupportController::esc_supportURL(wfSupportController::ITEM_SCAN_RESULT_UNKNOWN_FILE_CORE)),

[660] Fix | Delete

array(

[661] Fix | Delete

'file' => $properties->wordpressPath,

[662] Fix | Delete

'realFile' => $properties->realPath,

[663] Fix | Delete

'cType' => 'core',

[664] Fix | Delete

'canDiff' => false,

[665] Fix | Delete

'canFix' => false,

[666] Fix | Delete

'canDelete' => true,

[667] Fix | Delete

)

[668] Fix | Delete

);

[669] Fix | Delete

}

[670] Fix | Delete

}

[671] Fix | Delete

}

[672] Fix | Delete

[673] Fix | Delete

if ($added == wfIssues::ISSUE_ADDED || $added == wfIssues::ISSUE_UPDATED) { $this->haveIssues['coreUnknown'] = wfIssues::STATUS_PROBLEM; }

[674] Fix | Delete

else if ($this->haveIssues['coreUnknown'] != wfIssues::STATUS_PROBLEM && ($added == wfIssues::ISSUE_IGNOREP || $added == wfIssues::ISSUE_IGNOREC)) { $this->haveIssues['coreUnknown'] = wfIssues::STATUS_IGNORED; }

[675] Fix | Delete

return false;

[676] Fix | Delete

}

[677] Fix | Delete

private function checkKnownFile($properties, $type) {

[678] Fix | Delete

switch ($type) {

[679] Fix | Delete

case self::KNOWN_FILE_CORE:

[680] Fix | Delete

return $this->checkKnownCoreFile($properties);

[681] Fix | Delete

case self::KNOWN_FILE_PLUGIN:

[682] Fix | Delete

return $this->checkKnownPluginFile($properties);

[683] Fix | Delete

case self::KNOWN_FILE_THEME:

[684] Fix | Delete

return $this->checkKnownThemeFile($properties);

[685] Fix | Delete

case self::KNOWN_FILE_OTHER:

[686] Fix | Delete

return $this->checkKnownFileOther($properties);

[687] Fix | Delete

}

[688] Fix | Delete

}

[689] Fix | Delete

private function recordFile($properties) {

[690] Fix | Delete

$this->fileRecords[$properties->wordpressPathMd5] = $properties;

[691] Fix | Delete

$this->fileRecordCount++;

[692] Fix | Delete

if ($this->fileRecordCount >= self::MAX_QUEUED_RECORDS)

[693] Fix | Delete

$this->processFileRecords();

[694] Fix | Delete

}

[695] Fix | Delete

private function processFileRecords($check = true) {

[696] Fix | Delete

if ($this->fileRecordCount == 0)

[697] Fix | Delete

return;

[698] Fix | Delete

$this->db->insert(

[699] Fix | Delete

wfDB::networkTable('wfFileMods'),

[700] Fix | Delete

[

[701] Fix | Delete

'filename' => '%s',

[702] Fix | Delete

'real_path' => '%s',

[703] Fix | Delete

'filenameMD5' => 'UNHEX(%s)',

[704] Fix | Delete

'knownFile' => '%d',

[705] Fix | Delete

'newMD5' => 'UNHEX(%s)',

[706] Fix | Delete

'SHAC' => 'UNHEX(%s)',

[707] Fix | Delete

],

[708] Fix | Delete

array_map(function($properties) {

[709] Fix | Delete

return [

[710] Fix | Delete

$properties->wordpressPath,

[711] Fix | Delete

$properties->realPath,

[712] Fix | Delete

$properties->wordpressPathMd5,

[713] Fix | Delete

(int) $properties->known,

[714] Fix | Delete

$properties->md5,

[715] Fix | Delete

$properties->shac,

[716] Fix | Delete

];

[717] Fix | Delete

}, $this->fileRecords),

[718] Fix | Delete

[

[719] Fix | Delete

'newMD5',

[720] Fix | Delete

'SHAC',

[721] Fix | Delete

'knownFile'

[722] Fix | Delete

]

[723] Fix | Delete

);

[724] Fix | Delete

$this->fileRecords = [];

[725] Fix | Delete

$this->fileRecordCount = 0;

[726] Fix | Delete

}

[727] Fix | Delete

private function processFile($file) {

[728] Fix | Delete

$properties = $file->initializeProperties();

[729] Fix | Delete

try {

[730] Fix | Delete

$properties->realPath = $file->getRealPath();

[731] Fix | Delete

$wordpressPath = $file->getWordpressPath();

[732] Fix | Delete

if (wfUtils::fileTooBig($properties->realPath, $fileSize, $properties->handle)) {

[733] Fix | Delete

wordfence::status(4, 'info', sprintf(/* translators: File path. */ __("Skipping file larger than max size: %s", 'wordfence'), $properties->realPath));

[734] Fix | Delete

return;

[735] Fix | Delete

}

[736] Fix | Delete

[737] Fix | Delete

call_user_func($this->scanFileLogger, $properties->realPath);

[738] Fix | Delete

[739] Fix | Delete

$knownFileType = $this->getKnownFileType($properties);

[740] Fix | Delete

$allowKnownFileScan = $knownFileType !== null;

[741] Fix | Delete

[742] Fix | Delete

$hashed = self::hashFile($properties->realPath, $properties);

[743] Fix | Delete

$this->engine->scanController()->incrementSummaryItem(wfScanner::SUMMARY_SCANNED_FILES);

[744] Fix | Delete

if (!$hashed) {

[745] Fix | Delete

//wordfence::status(2, 'error', "Could not gen hash for file (probably because we don't have permission to access the file): $properties->realPath");

[746] Fix | Delete

return;

[747] Fix | Delete

}

[748] Fix | Delete

[749] Fix | Delete

$properties->known = $allowKnownFileScan && $this->checkKnownFile($properties, $knownFileType);

[750] Fix | Delete

[751] Fix | Delete

if($this->malwareEnabled && $this->isMalwarePrefix($properties->md5)){

[752] Fix | Delete

$this->possibleMalware[] = array($properties->wordpressPath, $properties->md5);

[753] Fix | Delete

$this->pathMap[$properties->wordpressPath] = $properties->realPath;

[754] Fix | Delete

}

[755] Fix | Delete

[756] Fix | Delete

$this->recordFile($properties);

[757] Fix | Delete

[758] Fix | Delete

$this->totalFiles++;

[759] Fix | Delete

$this->totalData += $fileSize;

[760] Fix | Delete

if($this->totalFiles % 100 === 0){

[761] Fix | Delete

wordfence::status(2, 'info', sprintf(

[762] Fix | Delete

/* translators: 1. Number of files. 2. Data in bytes. */

[763] Fix | Delete

__('Analyzed %1$d files containing %2$s of data so far', 'wordfence'),

[764] Fix | Delete

$this->totalFiles,

[765] Fix | Delete

wfUtils::formatBytes($this->totalData)

[766] Fix | Delete

));

[767] Fix | Delete

}

[768] Fix | Delete

}

[769] Fix | Delete

finally {

[770] Fix | Delete

$properties->releaseHandle();

[771] Fix | Delete

}

[772] Fix | Delete

}

[773] Fix | Delete

private function flagSafeFiles($filenames) {

[774] Fix | Delete

$fileModsTable = wfDB::networkTable('wfFileMods');

[775] Fix | Delete

$allSafeFiles = [];

[776] Fix | Delete

$existingSafeFiles = $this->db->selectAll(

[777] Fix | Delete

$fileModsTable,

[778] Fix | Delete

[

[779] Fix | Delete

'filename'

[780] Fix | Delete

],

[781] Fix | Delete

[

[782] Fix | Delete

'filename' => $filenames,

[783] Fix | Delete

'isSafeFile' => '1'

[784] Fix | Delete

]

[785] Fix | Delete

);

[786] Fix | Delete

foreach ($existingSafeFiles as $row) {

[787] Fix | Delete

$allSafeFiles[$row[0]] = true;

[788] Fix | Delete

}

[789] Fix | Delete

$remainingFilenames = [];

[790] Fix | Delete

foreach ($filenames as $filename) {

[791] Fix | Delete

if (!array_key_exists($filename, $allSafeFiles))

[792] Fix | Delete

$remainingFilenames[] = $filename;

[793] Fix | Delete

}

[794] Fix | Delete

$filenames = $remainingFilenames;

[795] Fix | Delete

do {

[796] Fix | Delete

$results = $this->db->select(

[797] Fix | Delete

$fileModsTable,

[798] Fix | Delete

[

[799] Fix | Delete

'HEX(filenameMD5)',

[800] Fix | Delete

'UPPER(HEX(SHAC))',

[801] Fix | Delete

'filename'

[802] Fix | Delete

],

[803] Fix | Delete

[

[804] Fix | Delete

'filename' => $filenames,

[805] Fix | Delete

'isSafeFile' => '?'

[806] Fix | Delete

]

[807] Fix | Delete

);

[808] Fix | Delete

$hashes = array_column($results, 1);

[809] Fix | Delete

$safeHashes = array_flip($this->engine->isSafeFile($hashes));

[810] Fix | Delete

$safeFiles = [];

[811] Fix | Delete

$unsafeFiles = [];

[812] Fix | Delete

foreach ($results as $row) {

[813] Fix | Delete

$filenameMD5Hex = $row[0];

[814] Fix | Delete

if (array_key_exists($row[1], $safeHashes)) {

[815] Fix | Delete

$safeFiles[] = $filenameMD5Hex;

[816] Fix | Delete

$allSafeFiles[$row[2]] = true;

[817] Fix | Delete

}

[818] Fix | Delete

else {

[819] Fix | Delete

$unsafeFiles[] = $filenameMD5Hex;

[820] Fix | Delete

}

[821] Fix | Delete

}

[822] Fix | Delete

foreach (['1' => $safeFiles, '0' => $unsafeFiles] as $safe => $files) {

[823] Fix | Delete

if (count($files) == 0)

[824] Fix | Delete

continue;

[825] Fix | Delete

$this->db->update(

[826] Fix | Delete

$fileModsTable,

[827] Fix | Delete

[

[828] Fix | Delete

'isSafeFile' => [ '%s', $safe ]

[829] Fix | Delete

],

[830] Fix | Delete

[

[831] Fix | Delete

'filenameMD5' => $files

[832] Fix | Delete

],

[833] Fix | Delete

[

[834] Fix | Delete

'filenameMD5' => 'UNHEX(%s)'

[835] Fix | Delete

]

[836] Fix | Delete

);

[837] Fix | Delete

}

[838] Fix | Delete

} while (!empty($results));

[839] Fix | Delete

return $allSafeFiles;

[840] Fix | Delete

}

[841] Fix | Delete

private function _processPendingIssues() {

[842] Fix | Delete

$count = $this->engine->getPendingIssueCount();

[843] Fix | Delete

$offset = 0;

[844] Fix | Delete

while ($offset < $count) {

[845] Fix | Delete

$issues = $this->engine->getPendingIssues($offset);

[846] Fix | Delete

if (count($issues) == 0) {

[847] Fix | Delete

break;

[848] Fix | Delete

}

[849] Fix | Delete

[850] Fix | Delete

$safeFiles = $this->flagSafeFiles(array_map(function($i) { return $i['data']['file']; }, $issues));

[851] Fix | Delete

[852] Fix | Delete

//Migrate non-safe file issues to official issues and begin coalescing tagged issues

[853] Fix | Delete

foreach ($issues as &$i) {

[854] Fix | Delete

if (!array_key_exists($i['data']['file'], $safeFiles)) {

[855] Fix | Delete

$haveIssuesType = $i['data']['haveIssues'];

[856] Fix | Delete

if (isset($i['data']['coalesce'])) {

[857] Fix | Delete

$key = $i['data']['coalesce'];

[858] Fix | Delete

if (!isset($this->coalescingIssues[$key])) { $this->coalescingIssues[$key] = array('count' => 0, 'issue' => $i); }

[859] Fix | Delete

$this->coalescingIssues[$key]['count']++;

[860] Fix | Delete

}

[861] Fix | Delete

else {

[862] Fix | Delete

$added = $this->engine->addIssue(

[863] Fix | Delete

$i['type'],

[864] Fix | Delete

$i['severity'],

[865] Fix | Delete

$i['ignoreP'],

[866] Fix | Delete

$i['ignoreC'],

[867] Fix | Delete

$i['shortMsg'],

[868] Fix | Delete

$i['longMsg'],

[869] Fix | Delete

$i['data'],

[870] Fix | Delete

true //Prevent ignoreP and ignoreC from being hashed again

[871] Fix | Delete

);

[872] Fix | Delete

if ($added == wfIssues::ISSUE_ADDED || $added == wfIssues::ISSUE_UPDATED) { $this->haveIssues[$haveIssuesType] = wfIssues::STATUS_PROBLEM; }

[873] Fix | Delete

else if ($this->haveIssues[$haveIssuesType] != wfIssues::STATUS_PROBLEM && ($added == wfIssues::ISSUE_IGNOREP || $added == wfIssues::ISSUE_IGNOREC)) { $this->haveIssues[$haveIssuesType] = wfIssues::STATUS_IGNORED; }

[874] Fix | Delete

}

[875] Fix | Delete

}

[876] Fix | Delete

}

[877] Fix | Delete

[878] Fix | Delete

$offset += count($issues);

[879] Fix | Delete

$this->engine->checkForKill();

[880] Fix | Delete

}

[881] Fix | Delete

[882] Fix | Delete

//Insert the coalesced issues (currently just multiple php.ini in system directories)

[883] Fix | Delete

foreach ($this->coalescingIssues as $c) {

[884] Fix | Delete

$count = $c['count'];

[885] Fix | Delete

$i = $c['issue'];

[886] Fix | Delete

$haveIssuesType = $i['data']['haveIssues'];

[887] Fix | Delete

$added = $this->engine->addIssue(

[888] Fix | Delete

$i['type'],

[889] Fix | Delete

$i['severity'],

[890] Fix | Delete

$i['ignoreP'],

[891] Fix | Delete

$i['ignoreC'],

[892] Fix | Delete

$i['shortMsg'] . ($count > 1 ? ' ' . sprintf(/* translators: Number of scan results. */ __('(+ %d more)', 'wordfence'), $count - 1) : ''),

[893] Fix | Delete

$i['longMsg'] . ($count > 1 ? ' ' . ($count > 2 ? sprintf(/* translators: Number of files. */ __('%d more similar files were found.', 'wordfence'), $count - 1) : __('1 more similar file was found.', 'wordfence')) : '') . (isset($i['data']['learnMore']) ? ' ' . sprintf(__('<a href="%s" target="_blank" rel="noopener noreferrer">Learn More<span class="screen-reader-text"> (' . esc_html__('opens in new tab', 'wordfence') . ')</span></a>', 'wordfence'), esc_attr($i['data']['learnMore'])) : ''),

[894] Fix | Delete

$i['data'],

[895] Fix | Delete

true //Prevent ignoreP and ignoreC from being hashed again

[896] Fix | Delete

);

[897] Fix | Delete

if ($added == wfIssues::ISSUE_ADDED || $added == wfIssues::ISSUE_UPDATED) { $this->haveIssues[$haveIssuesType] = wfIssues::STATUS_PROBLEM; }

[898] Fix | Delete

else if ($this->haveIssues[$haveIssuesType] != wfIssues::STATUS_PROBLEM && ($added == wfIssues::ISSUE_IGNOREP || $added == wfIssues::ISSUE_IGNOREC)) { $this->haveIssues[$haveIssuesType] = wfIssues::STATUS_IGNORED; }

[899] Fix | Delete

}

[900] Fix | Delete

}

[901] Fix | Delete

public static function hashFile($file, &$properties) {

[902] Fix | Delete

if (!$properties->resetHandle()) {

[903] Fix | Delete

return false;

[904] Fix | Delete

}

[905] Fix | Delete

$md5Context = hash_init('md5');

[906] Fix | Delete

$sha256Context = hash_init('sha256');

[907] Fix | Delete

while (!feof($properties->handle)) {

[908] Fix | Delete

$data = fread($properties->handle, 65536);

[909] Fix | Delete

if ($data === false) {

[910] Fix | Delete

return false;

[911] Fix | Delete

}

[912] Fix | Delete

hash_update($md5Context, $data);

[913] Fix | Delete

hash_update($sha256Context, str_replace(array("\n","\r","\t"," "),"", $data));

[914] Fix | Delete

}

[915] Fix | Delete

$properties->md5 = strtoupper(hash_final($md5Context, false));

[916] Fix | Delete

$properties->shac = strtoupper(hash_final($sha256Context, false));

[917] Fix | Delete

return true;

[918] Fix | Delete

}

[919] Fix | Delete

private function _shouldHashFile($file) {

[920] Fix | Delete

$wordpressPath = $file->getWordpressPath();

[921] Fix | Delete

[922] Fix | Delete

//Core File, return true

[923] Fix | Delete

if ((isset($this->knownFiles['core']) && isset($this->knownFiles['core'][$wordpressPath])) ||

[924] Fix | Delete

(isset($this->knownFiles['plugins']) && isset($this->knownFiles['plugins'][$wordpressPath])) ||

[925] Fix | Delete

(isset($this->knownFiles['themes']) && isset($this->knownFiles['themes'][$wordpressPath]))) {

[926] Fix | Delete

return true;

[927] Fix | Delete

}

[928] Fix | Delete

[929] Fix | Delete

//Excluded file, return false

[930] Fix | Delete

$excludePatterns = wordfenceScanner::getExcludeFilePattern(wordfenceScanner::EXCLUSION_PATTERNS_USER | wordfenceScanner::EXCLUSION_PATTERNS_MALWARE);

[931] Fix | Delete

if ($excludePatterns) {

[932] Fix | Delete

foreach ($excludePatterns as $pattern) {

[933] Fix | Delete

if (preg_match($pattern, $wordpressPath)) {

[934] Fix | Delete

return false;

[935] Fix | Delete

}

[936] Fix | Delete

}

[937] Fix | Delete

}

[938] Fix | Delete

[939] Fix | Delete

//Unknown file in a core location

[940] Fix | Delete

if ($this->coreUnknownEnabled && !$this->alertedOnUnknownWordPressVersion) {

[941] Fix | Delete

$restrictedWordPressFolders = array(ABSPATH . 'wp-admin/', ABSPATH . WPINC . '/');

[942] Fix | Delete

foreach ($restrictedWordPressFolders as $path) {

[943] Fix | Delete

if (strpos($file->getRealPath(), $path) === 0) {

[944] Fix | Delete

return true;

[945] Fix | Delete

}

[946] Fix | Delete

}

[947] Fix | Delete

}

[948] Fix | Delete

[949] Fix | Delete

//Determine treatment

[950] Fix | Delete

$fileExt = '';

[951] Fix | Delete

if (preg_match('/\.([a-zA-Z\d\-]{1,7})$/', $wordpressPath, $matches)) {

[952] Fix | Delete

$fileExt = strtolower($matches[1]);

[953] Fix | Delete

}

[954] Fix | Delete

$isPHP = false;

[955] Fix | Delete

if (preg_match('/\.(?:php(?:\d+)?|phtml)(\.|$)/i', $wordpressPath)) {

[956] Fix | Delete

$isPHP = true;

[957] Fix | Delete

}

[958] Fix | Delete

$isHTML = false;

[959] Fix | Delete

if (preg_match('/\.(?:html?)(\.|$)/i', $wordpressPath)) {

[960] Fix | Delete

$isHTML = true;

[961] Fix | Delete

}

[962] Fix | Delete

$isJS = false;

[963] Fix | Delete

if (preg_match('/\.(?:js|svg)(\.|$)/i', $wordpressPath)) {

[964] Fix | Delete

$isJS = true;

[965] Fix | Delete

}

[966] Fix | Delete

[967] Fix | Delete

$options = $this->engine->scanController()->scanOptions();

[968] Fix | Delete

[969] Fix | Delete

//If scan images is disabled, only allow .js through

[970] Fix | Delete

if (!$isPHP && preg_match('/^(?:jpg|jpeg|mp3|avi|m4v|mov|mp4|gif|png|tiff?|svg|sql|js|tbz2?|bz2?|xz|zip|tgz|gz|tar|log|err\d+)$/', $fileExt)) {

[971] Fix | Delete

if (!$options['scansEnabled_scanImages'] && !$isJS) {

[972] Fix | Delete

return false;

[973] Fix | Delete

}

[974] Fix | Delete

}

[975] Fix | Delete

[976] Fix | Delete

//If high sensitivity is disabled, don't allow .sql

[977] Fix | Delete

if (strtolower($fileExt) == 'sql') {

[978] Fix | Delete

if (!$options['scansEnabled_highSense']) {

[979] Fix | Delete

return false;

[980] Fix | Delete

}

[981] Fix | Delete

}

[982] Fix | Delete

[983] Fix | Delete

//Treating as binary, return true

[984] Fix | Delete

$treatAsBinary = ($isPHP || $isHTML || $options['scansEnabled_scanImages']);

[985] Fix | Delete

if ($treatAsBinary) {

[986] Fix | Delete

return true;

[987] Fix | Delete

}

[988] Fix | Delete

[989] Fix | Delete

//Will be malware scanned, return true

[990] Fix | Delete

if ($isJS) {

[991] Fix | Delete

return true;

[992] Fix | Delete

}

[993] Fix | Delete

[994] Fix | Delete

return false;

[995] Fix | Delete

}

[996] Fix | Delete

private function isMalwarePrefix($hexMD5){

[997] Fix | Delete

$hasPrefix = $this->_binaryListContains($this->malwareData, wfUtils::hex2bin($hexMD5), 4);

[998] Fix | Delete

return $hasPrefix !== false;

[999] Fix | Delete