Edit File by line

$dataForFile = $this->dataForFile($file, $record->realPath);

[500] Fix | Delete

[501] Fix | Delete

foreach($hresults as $result){

[502] Fix | Delete

if(preg_match('/wfBrowscapCache\.php$/', $file)){

[503] Fix | Delete

continue;

[504] Fix | Delete

}

[505] Fix | Delete

[506] Fix | Delete

if (empty($result['URL'])) {

[507] Fix | Delete

continue;

[508] Fix | Delete

}

[509] Fix | Delete

[510] Fix | Delete

if ($result['badList'] == 'goog-malware-shavar') {

[511] Fix | Delete

$this->addResult(array(

[512] Fix | Delete

'type' => 'file',

[513] Fix | Delete

'severity' => wfIssues::SEVERITY_CRITICAL,

[514] Fix | Delete

'ignoreP' => $record->realPath,

[515] Fix | Delete

'ignoreC' => md5_file($record->realPath),

[516] Fix | Delete

'shortMsg' => __('File contains suspected malware URL: ', 'wordfence') . esc_html($record->getDisplayPath()),

[517] Fix | Delete

'longMsg' => wp_kses(sprintf(

[518] Fix | Delete

/* translators: 1. Malware signature matched text. 2. Malicious URL. 3. Malicious URL. */

[519] Fix | Delete

__('This file contains a suspected malware URL listed on Google\'s list of malware sites. Wordfence decodes %1$s when scanning files so the URL may not be visible if you view this file. The URL is: %2$s - More info available at <a href="http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=%3$s&client=googlechrome&hl=en-US" target="_blank" rel="noopener noreferrer">Google Safe Browsing diagnostic page<span class="screen-reader-text"> (opens in new tab)</span></a>.', 'wordfence'),

[520] Fix | Delete

esc_html($this->patterns['word3']),

[521] Fix | Delete

esc_html($result['URL']),

[522] Fix | Delete

urlencode($result['URL'])

[523] Fix | Delete

), array('a'=>array('href'=>array(), 'target'=>array(), 'rel'=>array()), 'span'=>array('class'))),

[524] Fix | Delete

'data' => array_merge(array(

[525] Fix | Delete

'file' => $file,

[526] Fix | Delete

'realFile' => $record->realPath,

[527] Fix | Delete

'shac' => $record->SHAC,

[528] Fix | Delete

'badURL' => $result['URL'],

[529] Fix | Delete

'gsb' => 'goog-malware-shavar',

[530] Fix | Delete

'highSense' => $options['scansEnabled_highSense']

[531] Fix | Delete

), $dataForFile),

[532] Fix | Delete

));

[533] Fix | Delete

}

[534] Fix | Delete

else if ($result['badList'] == 'googpub-phish-shavar') {

[535] Fix | Delete

$this->addResult(array(

[536] Fix | Delete

'type' => 'file',

[537] Fix | Delete

'severity' => wfIssues::SEVERITY_CRITICAL,

[538] Fix | Delete

'ignoreP' => $record->realPath,

[539] Fix | Delete

'ignoreC' => md5_file($record->realPath),

[540] Fix | Delete

'shortMsg' => __('File contains suspected phishing URL: ', 'wordfence') . esc_html($record->getDisplayPath()),

[541] Fix | Delete

'longMsg' => __('This file contains a URL that is a suspected phishing site that is currently listed on Google\'s list of known phishing sites. The URL is: ', 'wordfence') . esc_html($result['URL']),

[542] Fix | Delete

'data' => array_merge(array(

[543] Fix | Delete

'file' => $file,

[544] Fix | Delete

'realFile' => $record->realPath,

[545] Fix | Delete

'shac' => $record->SHAC,

[546] Fix | Delete

'badURL' => $result['URL'],

[547] Fix | Delete

'gsb' => 'googpub-phish-shavar',

[548] Fix | Delete

'highSense' => $options['scansEnabled_highSense']

[549] Fix | Delete

), $dataForFile),

[550] Fix | Delete

));

[551] Fix | Delete

}

[552] Fix | Delete

else if ($result['badList'] == 'wordfence-dbl') {

[553] Fix | Delete

$this->addResult(array(

[554] Fix | Delete

'type' => 'file',

[555] Fix | Delete

'severity' => wfIssues::SEVERITY_CRITICAL,

[556] Fix | Delete

'ignoreP' => $record->realFile,

[557] Fix | Delete

'ignoreC' => md5_file($record->realPath),

[558] Fix | Delete

'shortMsg' => __('File contains suspected malware URL: ', 'wordfence') . esc_html($record->getDisplayPath()),

[559] Fix | Delete

'longMsg' => __('This file contains a URL that is currently listed on Wordfence\'s domain blocklist. The URL is: ', 'wordfence') . esc_html($result['URL']),

[560] Fix | Delete

'data' => array_merge(array(

[561] Fix | Delete

'file' => $file,

[562] Fix | Delete

'realFile' => $record->realPath,

[563] Fix | Delete

'shac' => $record->SHAC,

[564] Fix | Delete

'badURL' => $result['URL'],

[565] Fix | Delete

'gsb' => 'wordfence-dbl',

[566] Fix | Delete

'highSense' => $options['scansEnabled_highSense']

[567] Fix | Delete

), $dataForFile),

[568] Fix | Delete

));

[569] Fix | Delete

}

[570] Fix | Delete

}

[571] Fix | Delete

}

[572] Fix | Delete

}

[573] Fix | Delete

wfUtils::afterProcessingFile();

[574] Fix | Delete

[575] Fix | Delete

wordfence::status(4, 'info', __('Finalizing malware scan results', 'wordfence'));

[576] Fix | Delete

[577] Fix | Delete

if (!empty($this->results)) {

[578] Fix | Delete

$safeFiles = $this->scanEngine->isSafeFile(array_keys($this->resultFilesByShac));

[579] Fix | Delete

foreach ($safeFiles as $hash) {

[580] Fix | Delete

foreach ($this->resultFilesByShac[$hash] as $file)

[581] Fix | Delete

unset($this->results[$file]);

[582] Fix | Delete

}

[583] Fix | Delete

}

[584] Fix | Delete

[585] Fix | Delete

if ($backtrackLimit !== false) { ini_set('pcre.backtrack_limit', $backtrackLimit); }

[586] Fix | Delete

return $this->results;

[587] Fix | Delete

}

[588] Fix | Delete

[589] Fix | Delete

protected function writeScanningStatus() {

[590] Fix | Delete

wordfence::status(2, 'info', sprintf(

[591] Fix | Delete

/* translators: 1. Number of fils. 2. Seconds in millisecond precision. */

[592] Fix | Delete

__('Scanned contents of %1$d additional files at %2$.2f per second', 'wordfence'),

[593] Fix | Delete

$this->totalFilesScanned,

[594] Fix | Delete

($this->totalFilesScanned / (microtime(true) - $this->startTime))

[595] Fix | Delete

));

[596] Fix | Delete

}

[597] Fix | Delete

[598] Fix | Delete

protected function addResult($result) {

[599] Fix | Delete

if (isset($result['data']['file'])) {

[600] Fix | Delete

$file = $result['data']['file'];

[601] Fix | Delete

$existing = array_key_exists($file, $this->results) ? $this->results[$file] : null;

[602] Fix | Delete

if ($existing === null || $existing['severity'] > $result['severity']) {

[603] Fix | Delete

$this->results[$file] = $result;

[604] Fix | Delete

if (isset($result['data']['shac'])) {

[605] Fix | Delete

$shac = $result['data']['shac'];

[606] Fix | Delete

if (!array_key_exists($shac, $this->resultFilesByShac))

[607] Fix | Delete

$this->resultFilesByShac[$shac] = [];

[608] Fix | Delete

$this->resultFilesByShac[$shac][] = $file;

[609] Fix | Delete

}

[610] Fix | Delete

}

[611] Fix | Delete

}

[612] Fix | Delete

else {

[613] Fix | Delete

$this->results[] = $result;

[614] Fix | Delete

}

[615] Fix | Delete

}

[616] Fix | Delete

[617] Fix | Delete

/**

[618] Fix | Delete

* @param string $file

[619] Fix | Delete

* @return array

[620] Fix | Delete

[621] Fix | Delete

private function dataForFile($file, $fullPath = null) {

[622] Fix | Delete

$loader = $this->scanEngine->getKnownFilesLoader();

[623] Fix | Delete

$data = array();

[624] Fix | Delete

if ($isKnownFile = $loader->isKnownFile($file)) {

[625] Fix | Delete

if ($loader->isKnownCoreFile($file)) {

[626] Fix | Delete

$data['cType'] = 'core';

[627] Fix | Delete

[628] Fix | Delete

} else if ($loader->isKnownPluginFile($file)) {

[629] Fix | Delete

$data['cType'] = 'plugin';

[630] Fix | Delete

list($itemName, $itemVersion, $cKey) = $loader->getKnownPluginData($file);

[631] Fix | Delete

$data = array_merge($data, array(

[632] Fix | Delete

'cName' => $itemName,

[633] Fix | Delete

'cVersion' => $itemVersion,

[634] Fix | Delete

'cKey' => $cKey

[635] Fix | Delete

));

[636] Fix | Delete

[637] Fix | Delete

} else if ($loader->isKnownThemeFile($file)) {

[638] Fix | Delete

$data['cType'] = 'theme';

[639] Fix | Delete

list($itemName, $itemVersion, $cKey) = $loader->getKnownThemeData($file);

[640] Fix | Delete

$data = array_merge($data, array(

[641] Fix | Delete

'cName' => $itemName,

[642] Fix | Delete

'cVersion' => $itemVersion,

[643] Fix | Delete

'cKey' => $cKey

[644] Fix | Delete

));

[645] Fix | Delete

}

[646] Fix | Delete

}

[647] Fix | Delete

[648] Fix | Delete

$suppressDelete = false;

[649] Fix | Delete

$canRegenerate = false;

[650] Fix | Delete

if ($fullPath !== null) {

[651] Fix | Delete

$bootstrapPath = wordfence::getWAFBootstrapPath();

[652] Fix | Delete

$htaccessPath = wfUtils::getHomePath() . '.htaccess';

[653] Fix | Delete

$userIni = ini_get('user_ini.filename');

[654] Fix | Delete

$userIniPath = false;

[655] Fix | Delete

if ($userIni) {

[656] Fix | Delete

$userIniPath = wfUtils::getHomePath() . $userIni;

[657] Fix | Delete

}

[658] Fix | Delete

[659] Fix | Delete

if ($fullPath == $htaccessPath) {

[660] Fix | Delete

$suppressDelete = true;

[661] Fix | Delete

}

[662] Fix | Delete

else if ($userIniPath !== false && $fullPath == $userIniPath) {

[663] Fix | Delete

$suppressDelete = true;

[664] Fix | Delete

}

[665] Fix | Delete

else if ($fullPath == $bootstrapPath) {

[666] Fix | Delete

$suppressDelete = true;

[667] Fix | Delete

$canRegenerate = true;

[668] Fix | Delete

}

[669] Fix | Delete

}

[670] Fix | Delete

[671] Fix | Delete

$localFile = realpath($this->path . $file);

[672] Fix | Delete

$isWPConfig = $localFile === ABSPATH . 'wp-config.php';

[673] Fix | Delete

[674] Fix | Delete

$data['canDiff'] = $isKnownFile;

[675] Fix | Delete

$data['canFix'] = $isKnownFile && !$isWPConfig;

[676] Fix | Delete

$data['canDelete'] = !$isKnownFile && !$canRegenerate && !$suppressDelete && !$isWPConfig;

[677] Fix | Delete

$data['canRegenerate'] = $canRegenerate && !$isWPConfig;

[678] Fix | Delete

$data['wpconfig'] = $isWPConfig;

[679] Fix | Delete

[680] Fix | Delete

return $data;

[681] Fix | Delete

}

[682] Fix | Delete

}

[683] Fix | Delete

[684] Fix | Delete

/**

[685] Fix | Delete

* Convenience class for interfacing with the wfFileMods table.

[686] Fix | Delete

[687] Fix | Delete

* @property string $filename

[688] Fix | Delete

* @property string $filenameMD5

[689] Fix | Delete

* @property string $newMD5

[690] Fix | Delete

* @property string $SHAC

[691] Fix | Delete

* @property string $stoppedOnSignature

[692] Fix | Delete

* @property string $stoppedOnPosition

[693] Fix | Delete

* @property string $isSafeFile

[694] Fix | Delete

[695] Fix | Delete

class wordfenceMalwareScanFile {

[696] Fix | Delete

protected $_filename;

[697] Fix | Delete

protected $_realPath;

[698] Fix | Delete

protected $_filenameMD5;

[699] Fix | Delete

protected $_filenameMD5Hex;

[700] Fix | Delete

protected $_newMD5;

[701] Fix | Delete

protected $_shac;

[702] Fix | Delete

protected $_stoppedOnSignature;

[703] Fix | Delete

protected $_stoppedOnPosition;

[704] Fix | Delete

protected $_isSafeFile;

[705] Fix | Delete

[706] Fix | Delete

protected static function getDB() {

[707] Fix | Delete

static $db = null;

[708] Fix | Delete

if ($db === null) {

[709] Fix | Delete

$db = new wfDB();

[710] Fix | Delete

}

[711] Fix | Delete

return $db;

[712] Fix | Delete

}

[713] Fix | Delete

[714] Fix | Delete

public static function countRemaining() {

[715] Fix | Delete

$db = self::getDB();

[716] Fix | Delete

return $db->querySingle("SELECT COUNT(*) FROM " . wfDB::networkTable('wfFileMods') . " WHERE oldMD5 != newMD5 AND knownFile = 0");

[717] Fix | Delete

}

[718] Fix | Delete

[719] Fix | Delete

public static function files($limit = 500) {

[720] Fix | Delete

$db = self::getDB();

[721] Fix | Delete

$result = $db->querySelect("SELECT filename, real_path, filenameMD5, HEX(newMD5) AS newMD5, HEX(SHAC) AS SHAC, stoppedOnSignature, stoppedOnPosition, isSafeFile FROM " . wfDB::networkTable('wfFileMods') . " WHERE oldMD5 != newMD5 AND knownFile = 0 AND isSafeFile != '1' LIMIT %d", $limit);

[722] Fix | Delete

$files = array();

[723] Fix | Delete

foreach ($result as $row) {

[724] Fix | Delete

$files[] = new wordfenceMalwareScanFile($row['filename'], $row['real_path'], $row['filenameMD5'], $row['newMD5'], $row['SHAC'], $row['stoppedOnSignature'], $row['stoppedOnPosition'], $row['isSafeFile']);

[725] Fix | Delete

}

[726] Fix | Delete

return $files;

[727] Fix | Delete

}

[728] Fix | Delete

[729] Fix | Delete

public static function fileForPath($file) {

[730] Fix | Delete

$db = self::getDB();

[731] Fix | Delete

$row = $db->querySingleRec("SELECT filename, real_path, filenameMD5, HEX(newMD5) AS newMD5, HEX(SHAC) AS SHAC, stoppedOnSignature, stoppedOnPosition, isSafeFile FROM " . wfDB::networkTable('wfFileMods') . " WHERE filename = '%s'", $file);

[732] Fix | Delete

return new wordfenceMalwareScanFile($row['filename'], $row['real_path'], $row['filenameMD5'], $row['newMD5'], $row['SHAC'], $row['stoppedOnSignature'], $row['stoppedOnPosition'], $row['isSafeFile']);

[733] Fix | Delete

}

[734] Fix | Delete

[735] Fix | Delete

public function __construct($filename, $realPath, $filenameMD5, $newMD5, $shac, $stoppedOnSignature, $stoppedOnPosition, $isSafeFile) {

[736] Fix | Delete

$this->_filename = $filename;

[737] Fix | Delete

$this->_realPath = $realPath;

[738] Fix | Delete

$this->_filenameMD5 = $filenameMD5;

[739] Fix | Delete

$this->_filenameMD5Hex = bin2hex($filenameMD5);

[740] Fix | Delete

$this->_newMD5 = $newMD5;

[741] Fix | Delete

$this->_shac = strtoupper($shac);

[742] Fix | Delete

$this->_stoppedOnSignature = $stoppedOnSignature;

[743] Fix | Delete

$this->_stoppedOnPosition = $stoppedOnPosition;

[744] Fix | Delete

$this->_isSafeFile = $isSafeFile;

[745] Fix | Delete

}

[746] Fix | Delete

[747] Fix | Delete

public function __get($key) {

[748] Fix | Delete

switch ($key) {

[749] Fix | Delete

case 'filename':

[750] Fix | Delete

return $this->_filename;

[751] Fix | Delete

case 'realPath':

[752] Fix | Delete

return $this->_realPath;

[753] Fix | Delete

case 'filenameMD5':

[754] Fix | Delete

return $this->_filenameMD5;

[755] Fix | Delete

case 'filenameMD5Hex':

[756] Fix | Delete

return $this->_filenameMD5Hex;

[757] Fix | Delete

case 'newMD5':

[758] Fix | Delete

return $this->_newMD5;

[759] Fix | Delete

case 'SHAC':

[760] Fix | Delete

return $this->_shac;

[761] Fix | Delete

case 'stoppedOnSignature':

[762] Fix | Delete

return $this->_stoppedOnSignature;

[763] Fix | Delete

case 'stoppedOnPosition':

[764] Fix | Delete

return $this->_stoppedOnPosition;

[765] Fix | Delete

case 'isSafeFile':

[766] Fix | Delete

return $this->_isSafeFile;

[767] Fix | Delete

}

[768] Fix | Delete

}

[769] Fix | Delete

[770] Fix | Delete

public function __toString() {

[771] Fix | Delete

return "Record [filename: {$this->filename}, realPath: {$this->realPath}, filenameMD5: {$this->filenameMD5}, newMD5: {$this->newMD5}, stoppedOnSignature: {$this->stoppedOnSignature}, stoppedOnPosition: {$this->stoppedOnPosition}]";

[772] Fix | Delete

}

[773] Fix | Delete

[774] Fix | Delete

public static function markCompleteBatch($records) {

[775] Fix | Delete

if (empty($records))

[776] Fix | Delete

return;

[777] Fix | Delete

$db = self::getDB();

[778] Fix | Delete

$db->update(

[779] Fix | Delete

wfDB::networkTable('wfFileMods'),

[780] Fix | Delete

[

[781] Fix | Delete

'oldMD5' => 'newMD5'

[782] Fix | Delete

[783] Fix | Delete

[

[784] Fix | Delete

'filenameMD5' => array_map(function($record) { return $record->filenameMD5Hex; }, $records)

[785] Fix | Delete

[786] Fix | Delete

[

[787] Fix | Delete

'filenameMD5' => 'UNHEX(%s)'

[788] Fix | Delete

]

[789] Fix | Delete

);

[790] Fix | Delete

}

[791] Fix | Delete

[792] Fix | Delete

public function updateStoppedOn($signature, $position) {

[793] Fix | Delete

$this->_stoppedOnSignature = $signature;

[794] Fix | Delete

$this->_stoppedOnPosition = $position;

[795] Fix | Delete

$db = self::getDB();

[796] Fix | Delete

$db->queryWrite("UPDATE " . wfDB::networkTable('wfFileMods') . " SET stoppedOnSignature = '%s', stoppedOnPosition = %d WHERE filenameMD5 = UNHEX(%s)", $this->stoppedOnSignature, $this->stoppedOnPosition, $this->filenameMD5Hex);

[797] Fix | Delete

}

[798] Fix | Delete

[799] Fix | Delete

public function getDisplayPath() {

[800] Fix | Delete

if (preg_match('#(^|/)..(/|$)#', $this->filename))

[801] Fix | Delete

return $this->realPath;

[802] Fix | Delete

return $this->filename;

[803] Fix | Delete

}

[804] Fix | Delete

[805] Fix | Delete

}

[806] Fix | Delete