|
1
|
|
|
<?php |
|
2
|
|
|
// don't call the file directly |
|
3
|
|
|
defined( 'ABSPATH' ) or die(); |
|
4
|
|
|
|
|
5
|
|
|
include_once dirname( __FILE__ ) . '/vp-scanner.php'; |
|
6
|
|
|
|
|
7
|
|
|
if ( !function_exists( 'apply_filters_ref_array' ) ) : |
|
8
|
|
|
|
|
9
|
|
|
function apply_filters_ref_array($tag, $args) { |
|
10
|
|
|
global $wp_filter, $merged_filters, $wp_current_filter; |
|
11
|
|
|
|
|
12
|
|
|
// Do 'all' actions first |
|
13
|
|
|
if ( isset($wp_filter['all']) ) { |
|
14
|
|
|
$all_args = func_get_args(); |
|
15
|
|
|
$wp_current_filter[] = $tag; |
|
16
|
|
|
_wp_call_all_hook($all_args); |
|
17
|
|
|
} |
|
18
|
|
|
|
|
19
|
|
|
if ( !isset($wp_filter[$tag]) ) { |
|
20
|
|
|
if ( isset($wp_filter['all']) ) |
|
21
|
|
|
array_pop($wp_current_filter); |
|
22
|
|
|
return $args[0]; |
|
23
|
|
|
} |
|
24
|
|
|
|
|
25
|
|
|
if ( !isset($wp_filter['all']) ) |
|
26
|
|
|
$wp_current_filter[] = $tag; |
|
27
|
|
|
|
|
28
|
|
|
// Sort |
|
29
|
|
|
if ( !isset( $merged_filters[ $tag ] ) ) { |
|
30
|
|
|
ksort($wp_filter[$tag]); |
|
31
|
|
|
$merged_filters[ $tag ] = true; |
|
32
|
|
|
} |
|
33
|
|
|
|
|
34
|
|
|
reset( $wp_filter[ $tag ] ); |
|
35
|
|
|
|
|
36
|
|
|
do { |
|
37
|
|
|
foreach( (array) current($wp_filter[$tag]) as $the_ ) |
|
38
|
|
|
if ( !is_null($the_['function']) ) |
|
39
|
|
|
$args[0] = call_user_func_array($the_['function'], array_slice($args, 0, (int) $the_['accepted_args'])); |
|
40
|
|
|
|
|
41
|
|
|
} while ( next($wp_filter[$tag]) !== false ); |
|
42
|
|
|
|
|
43
|
|
|
array_pop( $wp_current_filter ); |
|
44
|
|
|
|
|
45
|
|
|
return $args[0]; |
|
46
|
|
|
} |
|
47
|
|
|
|
|
48
|
|
|
endif; |
|
49
|
|
|
|
|
50
|
|
|
class VP_Site_Scanner { |
|
51
|
|
|
function __construct() { |
|
52
|
|
|
// Only scan once in multisites. |
|
53
|
|
|
if( function_exists( 'is_main_site' ) && !is_main_site() ) |
|
54
|
|
|
return; |
|
55
|
|
|
add_action( 'vp_scan_site' , array( $this, '_scan_site') ); |
|
56
|
|
|
add_filter( 'cron_schedules' , array( $this, '_custom_cron' ) ); |
|
57
|
|
|
add_action( 'vp_scan_next_batch', array( $this, '_scan_batch' ) ); |
|
58
|
|
|
|
|
59
|
|
|
$signatures = get_option( '_vp_signatures' ); |
|
60
|
|
|
if ( $signatures && ! wp_next_scheduled( 'vp_scan_site' ) ) |
|
61
|
|
|
wp_schedule_event( time(), 'daily', 'vp_scan_site' ); |
|
62
|
|
|
if ( $signatures && ! wp_next_scheduled( 'vp_scan_next_batch' ) ) |
|
63
|
|
|
wp_schedule_event( time(), 'five_minutes_interval', 'vp_scan_next_batch' ); |
|
64
|
|
|
} |
|
65
|
|
|
|
|
66
|
|
|
function _custom_cron( $schedules ) { |
|
67
|
|
|
$schedules['five_minutes_interval'] = array( |
|
68
|
|
|
'interval' => 300, |
|
69
|
|
|
'display' => __( 'Once every five minutes' , 'vaultpress'), |
|
70
|
|
|
); |
|
71
|
|
|
return $schedules; |
|
72
|
|
|
} |
|
73
|
|
|
|
|
74
|
|
|
function _scan_site() { |
|
75
|
|
|
if ( !get_option( '_vp_current_scan' ) ) { |
|
76
|
|
|
$ignore_symlinks = get_option( '_vp_ignore_symlinks', false ); |
|
77
|
|
|
$paths = array( 'root' => new VP_FileScan( ABSPATH, $ignore_symlinks ) ); |
|
78
|
|
|
|
|
79
|
|
|
// Is WP_CONTENT_DIR inside ABSPATH? |
|
80
|
|
|
if ( is_dir( WP_CONTENT_DIR ) && strpos( realpath( WP_CONTENT_DIR ), realpath( ABSPATH ) . DIRECTORY_SEPARATOR ) !== 0 ) |
|
81
|
|
|
$paths['content'] = new VP_FileScan( WP_CONTENT_DIR, $ignore_symlinks ); |
|
82
|
|
|
|
|
83
|
|
|
// Is WP_PLUGIN_DIR inside ABSPATH or WP_CONTENT_DIR? |
|
84
|
|
View Code Duplication |
if ( is_dir( WP_PLUGIN_DIR ) && strpos( realpath( WP_PLUGIN_DIR ), realpath( WP_CONTENT_DIR ) . DIRECTORY_SEPARATOR ) !== 0 && strpos( realpath( WP_PLUGIN_DIR ), realpath( ABSPATH ) . DIRECTORY_SEPARATOR ) !== 0 ) |
|
85
|
|
|
$paths['plugins'] = new VP_FileScan( WP_PLUGIN_DIR, $ignore_symlinks ); |
|
86
|
|
|
|
|
87
|
|
|
// Is WPMU_PLUGIN_DIR inside ABSPATH or WP_CONTENT_DIR? |
|
88
|
|
View Code Duplication |
if ( is_dir( WPMU_PLUGIN_DIR ) && strpos( realpath( WPMU_PLUGIN_DIR ), realpath( WP_CONTENT_DIR ) . DIRECTORY_SEPARATOR ) !== 0 && strpos( realpath( WPMU_PLUGIN_DIR ), realpath( ABSPATH ) . DIRECTORY_SEPARATOR ) !== 0 ) |
|
89
|
|
|
$paths['mu-plugins'] = new VP_FileScan( WPMU_PLUGIN_DIR, $ignore_symlinks ); |
|
90
|
|
|
|
|
91
|
|
|
update_option( '_vp_current_scan', $paths ); |
|
92
|
|
|
} |
|
93
|
|
|
} |
|
94
|
|
|
|
|
95
|
|
|
function _scan_clean_up( &$paths, $type = null ) { |
|
96
|
|
|
if( is_array( $paths ) ) |
|
97
|
|
|
unset( $paths[$type] ); |
|
98
|
|
|
if ( empty( $paths ) || !is_array( $paths ) ) { |
|
99
|
|
|
delete_option( '_vp_current_scan' ); |
|
100
|
|
|
return true; |
|
101
|
|
|
} |
|
102
|
|
|
return false; |
|
103
|
|
|
} |
|
104
|
|
|
|
|
105
|
|
|
function _scan_batch() { |
|
106
|
|
|
$paths = get_option( '_vp_current_scan' ); |
|
107
|
|
|
if ( empty( $paths ) || $this->_scan_clean_up( $paths ) ) |
|
108
|
|
|
return false; |
|
109
|
|
|
|
|
110
|
|
|
if ( ! is_array( $paths ) ) { |
|
111
|
|
|
return false; |
|
112
|
|
|
} |
|
113
|
|
|
|
|
114
|
|
|
reset( $paths ); |
|
115
|
|
|
|
|
116
|
|
|
$type = null; |
|
117
|
|
|
$current = false; |
|
118
|
|
|
foreach ( $paths as $type => $current ) { |
|
119
|
|
|
break; |
|
120
|
|
|
} |
|
121
|
|
|
|
|
122
|
|
|
if ( !is_object( $current ) || empty( $current->last_dir ) ) |
|
123
|
|
|
return $this->_scan_clean_up( $paths, $type ); |
|
124
|
|
|
|
|
125
|
|
|
$default_batch_limit = 400; |
|
126
|
|
|
if ( ! function_exists( 'set_time_limit' ) || ! @set_time_limit( 0 ) ) { |
|
127
|
|
|
$default_batch_limit = 100; // avoid timeouts |
|
128
|
|
|
} |
|
129
|
|
|
|
|
130
|
|
|
$GLOBALS['vp_signatures'] = get_option( '_vp_signatures' ); |
|
131
|
|
|
if ( empty( $GLOBALS['vp_signatures'] ) ) |
|
132
|
|
|
return false; |
|
133
|
|
|
|
|
134
|
|
|
$limit = get_option( '_vp_batch_file_size', $default_batch_limit ); |
|
135
|
|
|
$files = $current->get_files( $limit ); |
|
136
|
|
|
|
|
137
|
|
|
// No more files to scan. |
|
138
|
|
|
if ( !$current->last_dir || count( $files ) < $limit ) |
|
139
|
|
|
unset( $paths[$type] ); |
|
140
|
|
|
|
|
141
|
|
|
update_option( '_vp_current_scan', $paths ); |
|
142
|
|
|
$results = array(); |
|
143
|
|
|
foreach ( $files as $file ) { |
|
144
|
|
|
$verdict = vp_scan_file( $file ); |
|
145
|
|
|
if ( !empty( $verdict ) ) |
|
146
|
|
|
$results[$file] = array( 'hash' => @md5_file( $file ), 'verdict' => $verdict ); |
|
147
|
|
|
} |
|
148
|
|
|
|
|
149
|
|
|
if ( !empty( $results ) ) { |
|
150
|
|
|
$vaultpress = VaultPress::init(); |
|
151
|
|
|
$vaultpress->add_ping( 'security', array( 'suspicious_v2' => $results ) ); |
|
152
|
|
|
} |
|
153
|
|
|
} |
|
154
|
|
|
|
|
155
|
|
|
static function &init() { |
|
156
|
|
|
static $instance = false; |
|
157
|
|
|
if ( !$instance ) |
|
158
|
|
|
$instance = new VP_Site_Scanner(); |
|
159
|
|
|
return $instance; |
|
160
|
|
|
} |
|
161
|
|
|
} |
|
162
|
|
|
VP_Site_Scanner::init(); |
|
163
|
|
|
|
Automattic /
jetpack
