WordPress.org

Plugin Directory

Changeset 1387577


Ignore:
Timestamp:
04/05/16 21:06:07 (21 months ago)
Author:
peterebutler
Message:

Remove references to codegarage.com, both in code and in documentation. Also fix lots of trailing whitespace.

Location:
timthumb-vulnerability-scanner/trunk
Files:
4 edited

Legend:

Unmodified
Added
Removed
  • timthumb-vulnerability-scanner/trunk/cg-tvs-admin-panel-display.php

    r584290 r1387577  
    1919      <li><a href="tools.php?page=cg-timthumb-scanner&tab=options" <?php if($_GET['tab'] == 'options'): ?>class="current"<?php endif; ?>>Options</a></li> 
    2020    </ul> 
    21     <?php  
     21    <?php 
    2222    switch($_GET['tab']){ 
    2323      case 'options': 
     
    6868        <thead> 
    6969        <tr> 
    70           <th class="manage-column column-cb check-column" id="cb"><input type="checkbox"></th>     
    71           <th>Status</th>     
    72           <th>Version</th>     
    73           <th>Filename</th>     
     70          <th class="manage-column column-cb check-column" id="cb"><input type="checkbox"></th> 
     71          <th>Status</th> 
     72          <th>Version</th> 
     73          <th>Filename</th> 
    7474          <th>Full Path</th> 
    7575        </tr> 
     
    100100    </form> 
    101101    <?php endif; ?> 
    102    
     102 
    103103    <?php if(!empty($this->suspicious_files)): ?> 
    104104    <h3 style="color:#ff0000">Suspicious Files</h3> 
    105105    <p>These files likely indicate that hackers have <strong>already</strong> compromised your system.  They should be deleted.  Please note:  No files listed here does <strong>NOT</strong> guarantee you haven't already been compromised, but files listed here almost certainly means you have.</p> 
    106     <p>If your server has been compromised, your best bet is to hire a professional to clean your site up (<a href="http://codegarage.com/hack-cleanup">Click here for more info</a> - even if all you want is a little advice).</p> 
    107106      <table class="widefat"> 
    108107        <thead> 
    109108        <tr> 
    110           <th>Filename</th>     
     109          <th>Filename</th> 
    111110          <th>Full Path</th> 
    112111        </tr> 
     
    119118        <?php endforeach; ?> 
    120119      </table> 
    121       <?php if(empty($this->suspicious_files)): ?> 
    122       <p><strong>Worried that you're already hacked?</strong> <a href="http://codegarage.com/hack-cleanup">Get in touch with us</a>.</p> 
    123       <?php endif; ?> 
    124120    <?php endif; ?> 
    125      
     121 
    126122  </div> 
    127 <?php           
     123<?php 
    128124        break; 
    129125      } ?> 
    130      
    131      
    132   <div style="float:right;width:33%;"> 
    133     <div class="postbox metabox-holder" style="padding-top:0px"> 
    134         <h3 class="hndle" style="text-align:center"><a href="http://codegarage.com/"><img src="<?php echo WP_PLUGIN_URL; ?>/<?php echo basename( dirname( __FILE__ ) ); ?>/locker_logo.png"></a></h3> 
    135         <div class="inside"> 
    136             <p><strong>Tired of worrying about your WordPress sites?</strong></p> 
    137             <p><a href="http://codegarage.com/?ref=tvs" target="_blank" >Locker</a> from <a href="http://codegarage.com/?ref=tvs"  target="_blank" >Code Garage</a> provides rock solid daily backups and hack monitoring and cleanup (for malicious code and vulnerabilities like this one), as well as personal, one on one support when you need it.</p> 
    138             <p style="text-align:center;padding-top:15px;"><a href="http://codegarage.com/?ref=tvs" target="_blank" class="button-primary">Click here to learn more</a></p> 
    139         </div> 
    140     </div> 
    141    
    142     <div class="postbox metabox-holder" style="padding-top:0px"> 
    143         <h3 class="hndle" >Stay Informed</h3> 
    144         <div class="inside"> 
    145             <p>Stay up to date on best practices and stay ahead of new vulnerabilities that could threaten your site.</p> 
    146             <h4>WP Security Newsletter</h4> 
    147         <!-- Begin MailChimp Signup Form --> 
    148         <style type="text/css"> 
    149             #mce-EMAIL{background:#fff;  
    150                border:1px solid #ccc;  
    151                padding:5px; 
    152                font-size:14px; 
    153                width:70%; 
    154                margin-bottom:10px; } 
    155         </style> 
    156         <div id="mc_embed_signup"> 
    157           <form action="http://codegarage.us1.list-manage1.com/subscribe/post?u=18eaf7659266bae84144eef88&amp;id=0029c09237" method="post" id="mc-embedded-subscribe-form" name="mc-embedded-subscribe-form" class="validate" target="_blank"> 
    158             <label for="mce-EMAIL"></label> 
    159             <div > 
    160             <input type="email" value="" name="EMAIL" class="email" id="mce-EMAIL" placeholder="email address" required> 
    161             <input type="submit" value="Subscribe" name="subscribe" id="mc-embedded-subscribe" class="button-secondary"> 
    162             </div> 
    163           </form> 
    164         <!--End mc_embed_signup--> 
    165             <h4>Codegarage on Twitter</h4> 
    166 <a href="https://twitter.com/yourcodegarage" class="twitter-follow-button" data-show-count="false">Follow @yourcodegarage</a> 
    167 <script>!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src="//platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs");</script> 
    168             <h4><a href="http://codegarage.com/blog/?src=tvs" >Codegarage Blog</a></h4> 
    169         </div> 
    170         </div> 
    171     </div> 
    172   </div> 
    173 </div> 
    174  
  • timthumb-vulnerability-scanner/trunk/class-cg-tvs-plugin.php

    r584290 r1387577  
    1010  var $last_version_check; 
    1111  var $scan_daily; 
    12    
     12 
    1313  var $last_scan; 
    1414  var $script_instances; 
     
    1616 
    1717  var $plugin_base; 
    18    
     18 
    1919  var $current_timthumb_src_version; 
    2020  var $on_admin_page = false; 
     
    3737 
    3838      $this->scan_summary               = $storage_array['scan_summary']; 
    39        
     39 
    4040    }else{ 
    41       $this->script_latest_version      = '2.8.5'; 
     41      $this->script_latest_version      = '2.8.11'; 
    4242      $this->script_safe_version        = '2.8.2'; 
    43        
     43 
    4444      $this->last_version_check         = 0; 
    4545 
     
    5454      $this->save(); 
    5555    } 
    56     if($this->last_version_check < time()-86400){ 
    57       $this->get_fresh_data(); 
    58       $this->save(); 
    59     } 
    6056    $this->plugin_base_dir = trailingslashit(dirname(__FILE__)); 
    61      
     57 
    6258    if( $this->scan_summary['Outdated'] > 0 && !$this->on_admin_page ){ 
    6359      $this->show_message( $this->scan_summary['Outdated']." outdated Timthumb "._n('file', 'files', $this->scan_summary['Outdated'])." found.  <a href=\"tools.php?page=cg-timthumb-scanner\">Fix "._n('it', 'them', $this->scan_summary['Outdated'])." here</a>.", $error = false ); 
    64     }  
     60    } 
    6561    if( $this->scan_summary['Vulnerable'] > 0 && !$this->on_admin_page ){ 
    6662      $this->show_message( $this->scan_summary['Vulnerable']." vulnerable Timthumb "._n('file', 'files', $this->scan_summary['Vulnerable'])." found.  <a href=\"tools.php?page=cg-timthumb-scanner\">Fix "._n('it', 'them', $this->scan_summary['Vulnerable'])." here</a>.", $error = true ); 
     
    7167    add_management_page( 'Timthumb Scanner', 'Timthumb Scanner', 'manage_options', 'cg-timthumb-scanner', array(&$this, 'admin_panel_controller' ) ); 
    7268  } 
    73    
    74    
     69 
     70 
    7571  function activate(){ 
    7672    $this->init(); 
     
    8076    delete_option( 'cg_tvs_safe_files' ); 
    8177  } 
    82    
     78 
    8379  function deactivate(){ 
    8480    wp_clear_scheduled_hook('cg_tvs_daily_scan'); 
    8581    delete_option( 'cg_tvs_data' ); 
    8682  } 
    87    
    88   function get_fresh_data(){ 
    89     include_once(ABSPATH . WPINC . '/class-IXR.php'); 
    90     $ixr_client = new IXR_Client('http://codegarage.com/comm.php'); 
    91     if(!$ixr_client->query('request.TimthumbInfo')){ 
    92       // request failed.  Handle this. 
    93         $this->show_message('Updated script information request failed.'); 
    94     }else{ 
    95       $response = $ixr_client->getResponse(); 
    96       if(!empty($response['latest_version'])){ 
    97         $this->script_latest_version      = $response['latest_version']; 
    98       } 
    99       if(!empty($response['latest_version'])){ 
    100         $this->script_safe_version        = $response['safe_version']; 
    101       } 
    102     } 
    103     $this->last_version_check = time(); 
    104   } 
    105    
     83 
    10684  function scan( $scan_base = WP_CONTENT_DIR ){ 
    10785    // We need to make sure we're using uniform directory separators 
     
    127105    $this->save(); 
    128106  } 
    129    
     107 
    130108/* 
    131109  function get_version_float($version){ 
     
    136114      $version .= intval($version_parts[$position]); 
    137115    } 
    138      
     116 
    139117    return floatval($version); 
    140      
     118 
    141119  } 
    142120*/ 
    143    
     121 
    144122  function get_version_status($version){ 
    145123 
     
    171149      $this->backup_file( $file ); 
    172150    } 
    173      
     151 
    174152    if(FALSE === $latest_src = $this->get_timthumb_src()){ 
    175153      $this->show_message('We can\'t read updated timthumb source file, so we can\'t update the selected files.  Try checking permissions on the plugin folder and the file "cg-tvs-timthumb-latest.txt", if it exists.'); 
    176154    } 
    177      
     155 
    178156 
    179157    if( FALSE !== $fw = @fopen( $file, 'w' ) ) { 
     
    188166    } 
    189167  } 
    190    
     168 
    191169  function get_timthumb_src_version(){ 
    192170    $current_src = $this->get_timthumb_src(); 
     
    194172    $this->current_timthumb_src_version = $matches[1]; 
    195173  } 
    196    
     174 
    197175  function download_new_timthumb_src(){ 
    198176    $tmp_filename = download_url( 'http://timthumb.googlecode.com/svn/trunk/timthumb.php' ); 
     
    213191    } 
    214192  } 
    215    
     193 
    216194  function get_timthumb_src(){ 
    217195    $src_file_path = $this->plugin_base_dir . 'cg-tvs-timthumb-latest.txt'; 
     
    224202    return $latest_src; 
    225203  } 
    226    
     204 
    227205  function backup_file( $path ){ 
    228206    $backup_path = $this->plugin_base_dir . '/backups' . $path; 
     
    230208    copy($path, $backup_path); 
    231209  } 
    232    
     210 
    233211  function save(){ 
    234212    $storage_array['script_latest_version']      = $this->script_latest_version; 
    235213    $storage_array['script_safe_version']        = $this->script_safe_version; 
    236214    $storage_array['last_version_check']         = $this->last_version_check; 
    237      
     215 
    238216    $storage_array['script_instances']           = $this->script_instances; 
    239217    $storage_array['suspicious_files']           = $this->suspicious_files; 
    240218    $storage_array['last_scan']                  = $this->last_scan; 
    241219    $storage_array['scan_daily']                 = $this->scan_daily; 
    242    
     220 
    243221    $storage_array['scan_summary']               = $this->scan_summary; 
    244222    update_option( 'cg_tvs_data', $storage_array ); 
    245223 
    246224  } 
    247    
     225 
    248226  function show_message( $message, $error = false ) 
    249227  { 
    250      
     228 
    251229    if(!is_admin() || DOING_CRON === TRUE){ 
    252230      return; 
     
    258236        echo '<div id="message" class="updated fade">'; 
    259237    } 
    260    
     238 
    261239    echo "<p><strong>$message</strong></p></div>"; 
    262240  } 
     
    266244        wp_die( __( 'You do not have sufficient permissions to access this page.' ) ); 
    267245    } 
    268      
     246 
    269247    if(!is_writeable($this->plugin_base_dir)){ 
    270248      $this->show_message('The plugin directory (at '.$this->plugin_base_dir.') is not writeable.  Because of this, we can\'t download an updated copy of timthumb to use.  Try changing permissions on this directory to 755 (or in certain cases, 777)', 'error'); 
     
    293271                $nonce = $_GET['_wpnonce']; 
    294272                if ( wp_verify_nonce( $nonce, 'fix_all_timthumb_files' ) ) { 
    295                     $vulnerable_files = $this->get_vulnerable_files();   
     273                    $vulnerable_files = $this->get_vulnerable_files(); 
    296274                    if ( is_array( $vulnerable_files ) && ! empty( $vulnerable_files ) ) { 
    297275                        foreach ( $vulnerable_files as $file ) { 
     
    309287                if ( !wp_next_scheduled( 'cg_tvs_daily_scan' ) ) { 
    310288                    wp_schedule_event(time(), 'daily', 'cg_tvs_daily_scan'); 
    311                 }               
     289                } 
    312290                  }else{ 
    313291                    $this->scan_daily = false; 
     
    318296        } 
    319297    } 
    320      
     298 
    321299      if(!empty($this->suspicious_files)){ 
    322         $this->show_message('<strong>Oh no!</strong> Files on your site indicate that your server has already been compromised by the timthumb vulnerability.  <a href="http://codegarage.com/hack-cleanup">Get help here</a>', 'error'); 
     300        $this->show_message('<strong>Oh no!</strong> Files on your site indicate that your server has already been compromised by the timthumb vulnerability.', 'error'); 
    323301      } 
    324302 
    325303    include_once 'cg-tvs-admin-panel-display.php'; 
    326304  } 
    327    
     305 
    328306} 
  • timthumb-vulnerability-scanner/trunk/readme.txt

    r584290 r1387577  
    3939No.  This plugin exists to make sure your door is locked, not drag the burglers out of your house.  It will run some cursory checks to see if a hacker has likely already hit your site, but has no functionality to clean up the problem. 
    4040 
    41 If you've already been hacked, all is not lost - there are people out there who will clean up your site for a fee.  Get in touch here: http://codegarage.com/hack-cleanup 
    42  
    4341 
    4442== Screenshots == 
  • timthumb-vulnerability-scanner/trunk/timthumb-vulnerability-scanner.php

    r584290 r1387577  
    55Description: Keep your instances of Timthumb up to date and free from vulnerabilities simply.  Bonus - checks for obvious signs of compromised sites. 
    66Author: Peter Butler 
    7 Version: 1.53 
    8 Author URI: http://codegarage.com/ 
     7Version: 1.54 
     8Author URI: http://peterbutler.me/ 
    99*/ 
    1010 
Note: See TracChangeset for help on using the changeset viewer.