<?php defined('SVC_HOST') || exit(); define('SVC_CLIENTLIB', '1.5.13'); define('STAMPFORMAT', 'Y-m-d H:i:s'); $slashes = function_exists('preg_match') && preg_match('/%(2f|5c)/i', $_SERVER['QUERY_STRING']); foreach (array_keys($_GET) as $_) if (strlen($_) > 3 && substr($_, 0, 3) !== 'svc' && is_string($_GET[$_])) { if ($slashes) $_GET[$_] = strtr($_GET[$_], array('%2f' => '/', '%2F' => '/', '%5c' => '\\', '%5C' => '\\')); inlineDecode($_GET[$_]); } if ($_POST) foreach (array_keys($_POST) as $_) if (is_string($_POST[$_])) inlineDecode($_POST[$_]); $flags = isset($_GET['svcflags']) ? (int)$_GET['svcflags'] : 0; $options = svcGlobalOptions(); if ($options['flags'] !== $flags) { $options['flags'] = $flags; svcGlobalOptions($options); } unset($slashes, $flags, $options); function svcDataQuery($svc = '', $section = '', $query = NULL, $options = NULL, &$cached = NULL) { if (!is_array($options)) $options = array(); $cacheTime = isset($options['cacheTime']) ? abs((int)$options['cacheTime']) : 300; $cacheFile = isset($options['cacheFile']) ? (string)$options['cacheFile'] : ''; $cacheable = $cacheTime && strlen($cacheFile); $cached = $cacheable && empty($options['cacheReload']) && is_file($cacheFile) && filesize($cacheFile) && (filemtime($cacheFile) + $cacheTime >= time()); if ($cached) { $rawdata = file_get_contents($cacheFile); if (is_string($rawdata) && (($data = svcDataQueryDecode($rawdata, !empty($options['gzip']), !empty($options['json']))) !== FALSE)) { !empty($options['cacheClean']) && @unlink($cacheFile); return $data; } @unlink($cacheFile); } $cached = FALSE; $url = SVC_QDATA.(strlen($svc) ? $svc.'/' : '').(strlen($section) ? $section.(substr($section, -1) === '/' ? '' : '.php') : '').'?'.SVC_QBASE .(is_array($query) && $query ? '&'.http_build_query($query) : (is_string($query) && strlen($query) ? '&'.$query : '')); $rawdata = defined('SVC_USECURL') && SVC_USECURL && curl_setopt($GLOBALS['svcCURL'], CURLOPT_URL, $url) ? curl_exec($GLOBALS['svcCURL']) : @file_get_contents($url, 0, $GLOBALS['svcContext']); if (!is_string($rawdata)) return FALSE; $data = svcDataQueryDecode($rawdata, !empty($options['gzip']), !empty($options['json'])); if ($data === FALSE) return FALSE; if ($cacheable) if (!empty($options['cacheClean']) || (@file_put_contents($cacheFile, $rawdata, LOCK_EX) !== strlen($rawdata))) if (is_file($cacheFile)) @unlink($cacheFile); return $data; } function svcDataQueryDecode($data, $gzip = TRUE, $json = TRUE) { if (!is_string($data)) return FALSE; if ($gzip) { $data = @gzinflate($data); if (!is_string($data)) return FALSE; } if ($json) { $data = @json_decode($data, TRUE); if ($data === FALSE || $data === NULL) return FALSE; } return $data; } function inlineDecode(&$s) { $pfx = (string)substr($s, 0, 5); if (!$p = strpos($pfx, ':')) return TRUE; $pfx = substr($pfx, 0, $p); switch ($pfx) { case 'B64': $s = base64_decode(substr($s, $p + 1)); return is_string($s); case 'HEX': $s = pack('H*', substr($s, $p + 1)); return is_string($s); case 'JSON': $s = json_decode(substr($s, $p + 1), TRUE); return $s !== NULL; } return TRUE; } function svcGlobalOptions($save = NULL) { $file = './'.SVC_CDIR.'/options'; static $cache; if (is_array($save) && $save) { $cache = $save; return file_put_contents($file, gzdeflate(json_encode($save))) && TRUE; } if ($cache) return $cache; if ( is_file($file) && ($data = file_get_contents($file)) && ($data = gzinflate($data)) && is_array($data = json_decode($data, TRUE)) && isset($data['flags']) ) { $cache = $data; return $data; } $cache = array('flags' => 0); return $cache; } function formatDirName($path, $cDir = './', $rootDir = '/', $strict = FALSE) { $path = strtr(trim($path), '\\', '/'); $drive = ''; if (($_ = strpos($path, ':')) !== FALSE) { $drive = substr($path, 0, $_ + 1); $path = substr($path, $_ + 1); } $root = strlen($path) && $path[0] === '/' ? '/' : ''; $path = explode('/', trim($path, '/')); $ret = array(); foreach ($path as $part) if (strlen($part) && $part !== '.') if ($part === '..' && ($strict || ($ret && end($ret) !== '..'))) array_pop($ret); else $ret[] = $part; $ret = $root.implode('/', $ret); if (!strlen($ret)) return $drive.$cDir; elseif ($ret === '/') return $drive.$rootDir; else return $drive.$ret.'/'; } function splitTextLines($text, $skipEmpty = TRUE, $trimLines = FALSE, $addSplitChars = '|') { $tr = array("\r" => ''); if (is_string($addSplitChars)) for ($i = 0, $l = strlen($addSplitChars); $i < $l; ++$i) $tr[$addSplitChars[$i]] = "\n"; $textTr = strtr($text, $tr); if (!$skipEmpty && !$trimLines) return explode("\n", $textTr); $ret = array(); foreach (explode("\n", $textTr) as $v) { if ($trimLines) $v = trim($v); if (!$skipEmpty || strlen($v)) $ret[] = $v; } return $ret; } function removeDir($entry, &$counter = NULL, &$size = NULL, $contentsOnly = FALSE) { if (!strlen($entry)) return FALSE; if (!is_dir($entry) || is_link($entry)) { ++$counter; $size += (float)filesize($entry); return unlink($entry); } $entry .= '/'; if (!$dh = opendir($entry)) return FALSE; $err = FALSE; while (($obj = readdir($dh)) !== FALSE) if ($obj !== '.' && $obj !== '..') if (!removeDir($entry.$obj, $counter, $size, FALSE)) $err = TRUE; closedir($dh); if (!$contentsOnly && !$err) if (!rmdir($entry)) $err = TRUE; return !$err; } function file_safe_rewrite($filename, $data, $lock = FALSE, $context = NULL) { if (!is_string($data)) return FALSE; clearstatcache(); $exists = is_file($filename); if ($exists) { $fmode = (int)fileperms($filename); $backup = $filename.'.tmp'.rand(100, 999); if (!rename($filename, $backup)) return FALSE; } if (file_put_contents($filename, $data, $lock ? LOCK_EX : 0, $context) >= strlen($data)) { if ($exists) { unlink($backup); $fmode && chmod($filename, $fmode); } return TRUE; } else { is_file($filename) && unlink($filename); if ($exists) { rename($backup, $filename); $fmode && chmod($filename, $fmode); } return FALSE; } } function sortFileList($a, $b) { $ad = $a[0][strlen($a[0])-1] === '/'; $bd = $b[0][strlen($b[0])-1] === '/'; if ($ad && $bd) return strcmp($a[0], $b[0]); elseif ($ad) return -1; elseif ($bd) return 1; $_ = strcmp(pathinfo($a[0], PATHINFO_EXTENSION), pathinfo($b[0], PATHINFO_EXTENSION)); if ($_) return $_; else return strcmp($a[0], $b[0]); } function getUserInfo($uid, $part = 'name', $default = '') { if (is_int($uid) && function_exists('posix_getpwuid') && ($user = posix_getpwuid($uid)) && isset($user[$part])) return $user[$part]; return $default; } function getGroupInfo($gid, $part = 'name', $default = '') { if (is_int($gid) && function_exists('posix_getgrgid') && ($group = posix_getgrgid($gid)) && isset($group[$part])) return $group[$part]; return $default; } function shortNumber($num, $precision = 2, $delimiter = ' ', $base = 1024) { $pfx = array('', 'k', 'M', 'G', 'T', 'P', 'E', 'Z', 'Y'); $num = (float)$num; $pow = $num ? min((int)log(abs($num), $base), count($pfx) - 1) : 0; return round($num / pow($base, $pow), $precision).$delimiter.$pfx[$pow]; } function shortNumberParse($str, $base = 1024) { $str = strtoupper(trim((string)$str)); $num = (float)$str; if (!$num) return $num; $pow = array('K' => 1, 'M' => 2, 'G' => 3, 'T' => 4, 'P' => 5, 'E' => 6, 'Z' => 7, 'Y' => 8); for ($i = strlen($str) - 1; $i >= 0; --$i) if (isset($pow[$str[$i]])) $num *= pow($base, $pow[$str[$i]]); elseif (is_numeric($str[$i])) break; return $num; } trait dbTrait { public static $fields = [ 'id' => 'id', 'pid' => 'pid', 'lft' => 'lft', 'rgt' => 'rgt', 'level' => 'level', 'uid' => 'uid', 'title' => 'title', 'orderby' => 'orderby', ]; protected static $links = []; public static function addLink(&$link) { array_unshift(self::$links, $link); } public static function removeLink() { return array_shift(self::$links); } public static function numLinks() { return count(self::$links); } public static function select($query, $keyField = '', $singleField = '', $assoc = TRUE) { $ret = []; if ($result = self::query($query)) { $single = (strlen($singleField) > 0); $assoc = $assoc ? self::IASSOC : self::INUM; if (self::num_rows($result)) { if (strlen($keyField)) while ($row = self::fetch($result, $assoc)) $ret[$row[$keyField]] = $single ? $row[$singleField] : $row; else while ($row = self::fetch($result, $assoc)) $ret[] = $single ? $row[$singleField] : $row; } self::free($result); } return $ret; } public static function selectRow($query, $singleField = '', $assoc = TRUE) { $ret = FALSE; if ($result = self::query($query)) { if ($row = self::fetch($result, $assoc ? self::IASSOC : self::INUM)) { if (strlen($singleField)) $ret = isset($row[$singleField]) ? $row[$singleField] : FALSE; else $ret = $row; } self::free($result); } return $ret; } public static function queryFetch(&$resQuery, $assoc = TRUE) { if (is_string($resQuery)) $resQuery = self::query($resQuery); if (empty($resQuery)) return FALSE; $ret = self::fetch($resQuery, $assoc ? self::IASSOC : self::INUM); if (empty($ret)) return self::free($resQuery) && FALSE; return $ret; } public static function getDatabases($likeFilter = '') { $ret = []; if ($result = self::query('SHOW DATABASES'.(strlen($likeFilter) ? " LIKE '$likeFilter'" : ''))) { while ($row = self::fetch($result, self::INUM)) $ret[$row[0]] = $row[0]; self::free($result); } return $ret; } public static function getTables($database = '', $likeFilter = '') { $ret = []; if ($result = self::query('SHOW TABLES'.(strlen($database) ? " FROM `$database`" : '').(strlen($likeFilter) ? " LIKE '$likeFilter'" : ''))) { while ($row = self::fetch($result, self::INUM)) $ret[$row[0]] = $row[0]; self::free($result); } return $ret; } public static function getFields($table, $format = 0, $typeFilter = '') { $query = 'SHOW '; if ($format >= 2) $query .= 'FULL '; $query .= 'COLUMNS FROM `'.$table.'`'; if (strlen($typeFilter)) $query .= ' WHERE `Type` REGEXP \''.$typeFilter.'\''; $ret = []; if ($result = self::query($query)) { if ($format >= 1) while ($row = self::fetch($result)) $ret[reset($row)] = $row; else while ($row = self::fetch($result, self::INUM)) $ret[$row[0]] = $row[0]; self::free($result); } return $ret; } public static function getPrimaryKey($table) { return self::selectRow("SHOW INDEX FROM `{$table}` WHERE `Key_name`='PRIMARY'", 'Column_name'); } public static function getUniqueKey($table) { $keys = []; $sql = "SHOW INDEX FROM `{$table}` WHERE `Non_unique`=0"; while ($row = self::queryFetch($sql)) if (isset($keys[$row['Key_name']])) ++$keys[$row['Key_name']][0]; else $keys[$row['Key_name']] = [0, $row['Column_name']]; foreach ($keys as $key) if ($key[0] === 0) return $key[1]; return FALSE; } public static function getCreateTable($table) { $ret = ''; if ($result = self::query('SHOW CREATE TABLE `'.$table.'`')) { if ($row = self::fetch($result, self::INUM)) $ret = strlen($row[1]) > strlen($row[0]) ? $row[1] : $row[0]; self::free($result); } return $ret; } public static function nsRebuild($table, $pid = 1, $left = 1, $level = 0) { $right = $left + 1; $query = 'SELECT `'.self::$fields['id'].'` FROM `'.$table.'` WHERE `'.self::$fields['pid'].'`=\''.$pid.'\''; while ($row = self::queryFetch($query)) $right = self::nsRebuild($table, $row['id'], $right, $level + 1); self::updateObject($table, [self::$fields['lft'] => $left, self::$fields['rgt'] => $right, self::$fields['level'] => $level], [self::$fields['id'] => $pid]); return $right + 1; } public static function encodeValue($value) { if (is_string($value)) return "'".self::escape($value)."'"; if (is_int($value) || is_float($value)) return (string)$value; if (is_bool($value)) return $value ? '1' : '0'; if (is_null($value)) return 'NULL'; return "''"; } public static function encodeValues($object, $delimiter = ',') { if (is_array($object) || is_object($object)) { $ret = ''; foreach ($object as $value) $ret .= (strlen($ret) ? $delimiter : '').self::encodeValue($value); return $ret; } else { return self::encodeValue($object); } } public static function encodeObject($object, $delimiter = ',') { if (is_array($object) || is_object($object)) { $ret = ''; foreach ($object as $key => $value) if (is_string($key) && strlen($key)) $ret .= (strlen($ret) ? $delimiter : '').($key[0] === '`' ? $key.'='.$value : '`'.$key.'`='.self::encodeValue($value)); return $ret; } else { return (string)$object; } } public static function encodeNames($object, $delimiter = ',') { if (is_array($object) || is_object($object)) { $ret = ''; foreach ($object as $key => $_) if (is_string($key) && strlen($key)) $ret .= (strlen($ret) ? $delimiter : '').($key[0] === '`' ? $key : '`'.$key.'`'); return $ret; } else { return ''; } } public static function encodeValuesAsNames($object, $delimiter = ',') { if (is_array($object) || is_object($object)) { $ret = ''; foreach ($object as $key) if (is_string($key) && strlen($key)) $ret .= (strlen($ret) ? $delimiter : '').($key[0] === '`' ? $key : '`'.$key.'`'); return $ret; } elseif ($object === '*') { return $object; } else { return '`'.$object.'`'; } } public static function encodeByFormat($object, $format, $escape = FALSE, $delimiter = ',') { if (is_array($object) || is_object($object)) { $ret = ''; foreach ($object as $value) $ret .= (strlen($ret) ? $delimiter : '').sprintf($format, $escape ? self::encodeValue($value) : $value); return $ret; } else { return sprintf($format, $escape ? self::encodeValue((string)$object) : (string)$object); } } public static function encodePattern($pattern) { if (is_object($pattern)) $pattern = (array)$pattern; elseif (!is_array($pattern)) return strlen((string)$pattern) ? (string)$pattern : '0'; $delimiter = ' AND '; if (isset($pattern[0]) && is_string($pattern[0])) { if (strlen($pattern[0])) $delimiter = ' '.$pattern[0].' '; unset($pattern[0]); } $format = ''; if (isset($pattern[1]) && is_string($pattern[1])) { if (strlen($pattern[1])) $format = $pattern[1]; unset($pattern[1]); } $ret = ''; foreach ($pattern as $key => $value) { if (strlen($ret)) $ret .= $delimiter; if (is_int($key)) if (is_array($value)) $ret .= '('.self::encodePattern($value).')'; else $ret .= $value; elseif ($format) if (is_array($value)) $ret .= sprintf($format, $key, self::encodeValues($value)); else $ret .= sprintf($format, $key, self::encodeValue($value)); elseif (is_array($value)) $ret .= '(`'.$key.'` IN ('.self::encodeValues($value).'))'; else $ret .= '`'.$key.'`='.self::encodeValue($value); } return strlen($ret) ? $ret : '0'; } public static function countObjects($class, $pattern) { $ret = 0; if ($result = self::query('SELECT COUNT(*) FROM `'.$class.'` WHERE '.self::encodePattern($pattern))) { if ($row = self::fetch($result, self::INUM)) $ret = (int)$row[0]; self::free($result); } return $ret; } public static function queryObject($class, $pattern, $orderFields = NULL, $fields = '*') { return self::query('SELECT '.self::encodeValuesAsNames($fields, ',')." FROM `$class` WHERE ".self::encodePattern($pattern).($orderFields ? ' ORDER BY '.self::encodeValuesAsNames($orderFields, ',') : '')); } public static function getObject($class, $pattern, $singleField = '') { return self::selectRow('SELECT '.(strlen($singleField) ? '`'.$singleField.'`' : '*')." FROM `$class` WHERE ".self::encodePattern($pattern).' LIMIT 1', $singleField); } public static function getObjects($class, $pattern, $orderFields = NULL, $keyField = '', $singleField = '') { if (strlen($singleField)) if (strlen($keyField) && $keyField !== $singleField) $fields = "`$keyField`,`$singleField`"; else $fields = "`$singleField`"; else $fields = '*'; return self::select("SELECT $fields FROM `$class` WHERE ".self::encodePattern($pattern).($orderFields ? ' ORDER BY '.self::encodeValuesAsNames($orderFields, ',') : ''), $keyField, $singleField); } public static function insertObject($class, $object) { return self::query('INSERT INTO `'.$class.'` SET '.self::encodeObject($object, ',')) ? self::insert_id() : FALSE; } public static function insertObjects($class, $titles, $values) { $baseQuery = "INSERT INTO `$class`".($titles ? ' ('.self::encodeValuesAsNames($titles).')' : '')." VALUES\n"; $query = ''; $i = 0; $ret = TRUE; foreach ($values as $value) { $query .= ($i ? ",\n" : "").'('.self::encodeValues($value).')'; if (++$i >= 20) { $ret = $ret && self::query($baseQuery.$query); if (!$ret) return FALSE; $query = ''; $i = 0; } } if ($i) $ret = $ret && self::query($baseQuery.$query); return $ret; } public static function insertObjectsArray($class, $objects) { $ret = []; foreach ($objects as $object) if (self::insertObject($class, $object)) $ret[] = self::insert_id(); reset($objects); return $ret; } public static function updateObject($class, $object, $pattern, $limit = 0) { return self::query('UPDATE `'.$class.'` SET '.self::encodeObject($object, ',').' WHERE '.self::encodePattern($pattern).($limit > 0 ? ' LIMIT '.$limit : '')) ? self::affected() : FALSE; } public static function updateInsertObject($class, $object, $pattern, $limit = 0) { return self::countObjects($class, $pattern) ? self::updateObject($class, $object, $pattern, $limit) : self::insertObject($class, $object); } public static function deleteObject($class, $pattern, $limit = 0) { return self::query('DELETE FROM `'.$class.'` WHERE '.self::encodePattern($pattern).($limit > 0 ? ' LIMIT '.$limit : '')) ? self::affected() : FALSE; } public static function deleteObjects($class) { return self::query('TRUNCATE TABLE `'.$class.'`'); } public static function dropClass($class, $addIfExists = FALSE) { return self::query('DROP TABLE '.($addIfExists ? 'IF EXISTS ' : '').'`'.$class.'`'); } } class dbMySQL { use dbTrait; const type = 'mysqli'; const version = '1.0.1'; const IASSOC = MYSQLI_ASSOC; const INUM = MYSQLI_NUM; const IBOTH = MYSQLI_BOTH; public static $throw_errors = FALSE; public static function open($server = '', $username = NULL, $password = NULL, $database = NULL, $charset = NULL, $persistent = FALSE) { $server = explode(':', $server, 2); if ($persistent) $server[0] = 'p:'.$server[0]; elseif (!strlen($server[0])) $server[0] = NULL; if (!isset($server[1]) || !is_numeric($server[1]) || $server[1] <= 0) $server[1] = NULL; mysqli_report(self::$throw_errors ? MYSQLI_REPORT_ERROR|MYSQLI_REPORT_STRICT : MYSQLI_REPORT_OFF); $link = @mysqli_connect($server[0], $username, $password, $database, $server[1]); if (!$link) return FALSE; self::addLink($link); if (is_string($charset) && strlen($charset)) self::set_charset($charset); return TRUE; } public static function check_extension() { return extension_loaded('mysqli') && function_exists('mysqli_connect'); } public static function connect_errno() { return mysqli_connect_errno(); } public static function connect_error() { return mysqli_connect_error(); } public static function errno() { return mysqli_errno(self::$links[0]); } public static function error() { return mysqli_error(self::$links[0]); } public static function client_version() { return mysqli_get_client_version(); } public static function server_version() { return mysqli_get_server_version(self::$links[0]); } public static function select_db($dbName) { return mysqli_select_db(self::$links[0], $dbName); } public static function charset_name() { return mysqli_character_set_name(self::$links[0]); } public static function set_charset($charset) { return mysqli_set_charset(self::$links[0], $charset) || mysqli_query(self::$links[0], "SET NAMES $charset"); } public static function escape($unescaped) { return mysqli_real_escape_string(self::$links[0], $unescaped); } public static function query($query) { return mysqli_query(self::$links[0], $query); } public static function insert_id() { return mysqli_insert_id(self::$links[0]); } public static function affected() { return mysqli_affected_rows(self::$links[0]); } public static function close() { mysqli_close(self::$links[0]); self::removeLink(); return TRUE; } public static function num_rows(&$result) { return mysqli_num_rows($result); } public static function num_fields(&$result) { return mysqli_num_fields($result); } public static function seek($rowNumber, &$result) { return mysqli_data_seek($result, $rowNumber); } public static function fetch(&$result, $resultType = MYSQLI_ASSOC) { return mysqli_fetch_array($result, $resultType); } public static function free(&$result) { return mysqli_free_result($result); } } class cmsDetect { const version = '1.2.7'; protected static $cached; public static $cmsInfo = array( 'wordpress' => array( 'n' => 'Wordpress', 'c' => 'wp-config.php', 'r' => array( 'dbtype' => '', 'dbhost' => '/define\s*$\s*[\'"]DB_HOST[\'"]\s*,\s*[\'"]([^\'"]+)[\'"]/i', 'dbuser' => '/define\s*\(\s*[\'"]DB_USER[\'"]\s*,\s*[\'"]([^\'"]+)[\'"]/i', 'dbpass' => '/define\s*\(\s*[\'"]DB_PASSWORD[\'"]\s*,\s*[\'"]([^\'"]+)[\'"]/i', 'dbname' => '/define\s*\(\s*[\'"]DB_NAME[\'"]\s*,\s*[\'"]([^\'"]+)[\'"]/i', '_multi' => '~(?<!\w|[/#]|[/#]\s)define\s*\(\s*[\'"](?:WP_ALLOW_)?MULTISITE[\'"]\s*,\s*(true|!!true|!false|[1-9]|!![1-9]|!0)\s*$~i', ), 't' => '.:..', 'd' => 'wp-admin:wp-content|wp-admin:wp-includes|wp-content:wp-includes', 'f' => array( array('/index.php', '/wp[_\-]/i'), array('wp-blog-header.php', '/wp[_\-]/i'), array('wp-load.php', '/wp-config/'), ), ), 'joomla' => array( 'n' => 'Joomla!', 'c' => 'configuration.php', 'r' => array( 'dbtype' => '/\$dbtype\s*=\s*[\'"]([^\'"]+)[\'"]\s*;/', 'dbhost' => '/\$host\s*=\s*[\'"]([^\'"]+)[\'"]\s*;/', 'dbuser' => '/\$user\s*=\s*[\'"]([^\'"]+)[\'"]\s*;/', 'dbpass' => '/\$password\s*=\s*[\'"]([^\'"]+)[\'"]\s*;/', 'dbname' => '/\$db\s*=\s*[\'"]([^\'"]+)[\'"]\s*;/', ), 't' => '.:..', 'd' => 'components:includes:language:libraries:media:modules:plugins/system:templates', 'f' => array( array('/index.php', ''), array('includes/defines.php', '/JPATH/'), array('includes/framework.php', '/JPATH/'), ), ), 'dle' => array( 'n' => 'Datalife engine', 'c' => 'engine/data/dbconfig.php', 'r' => array( 'dbtype' => '', 'dbhost' => '/define\s*\(\s*[\'"]DBHOST[\'"]\s*,\s*[\'"]([^\'"]+)[\'"]/i', 'dbuser' => '/define\s*\(\s*[\'"]DBUSER[\'"]\s*,\s*[\'"]([^\'"]+)[\'"]/i', 'dbpass' => '/define\s*\(\s*[\'"]DBPASS[\'"]\s*,\s*[\'"]([^\'"]+)[\'"]/i', 'dbname' => '/define\s*\(\s*[\'"]DBNAME[\'"]\s*,\s*[\'"]([^\'"]+)[\'"]/i', ), 't' => '.', 'd' => 'engine/classes:engine/inc:engine/modules:language:templates', 'f' => array( array('/index.php', '/dle[\-_]|datalife|\$_\w\s*=\s*__FILE__;\s*\$_\w\s*=\s*\'/i'), array('engine/init.php', '/dle[\-_]|datalife|\$_\w\s*=\s*__FILE__;\s*\$_\w\s*=\s*\'|ENGINE_DIR/i'), ), ), 'drupal-6-7' => array( 'n' => 'Drupal v6/v7', 'c' => '', 'r' => NULL, 't' => '.', 'd' => 'includes:modules:themes', 'f' => array( array('index.php', '/drupal/i'), array('includes/common.inc', '/drupal/i'), array('includes/session.inc', '/drupal/i'), array('includes/bootstrap.inc', '/drupal/i'), ), ), 'drupal-8-9' => array( 'n' => 'Drupal v8/v9', 'c' => '', 'r' => NULL, 't' => '..', 'd' => 'web/core/includes:web/core/modules:web/core/themes:vendor', 'f' => array( array('vendor/autoload.php', ''), array('web/core/includes/common.inc', '/drupal/i'), array('web/core/includes/bootstrap.inc', '/drupal/i'), array('web/index.php', '/drupal/i'), ), ), 'modx-evolution' => array( 'n' => 'ModX Evolution', 'c' => '', 'r' => NULL, 't' => '.', 'd' => 'assets/plugins:assets/snippets:assets/templates', 'f' => array( array('index.php', '/\$modx->/i'), ), ), 'modx-revolution' => array( 'n' => 'ModX Revolution', 'c' => '', 'r' => NULL, 't' => '.', 'd' => 'assets:connectors', 'f' => array( array('index.php', '/MODX_CORE_PATH.+modx/is'), ), ), 'bitrix' => array( 'n' => '1C Bitrix', 'c' => '', 'r' => NULL, 't' => '.', 'd' => 'bitrix/admin:bitrix/components:bitrix/modules:bitrix/php_interface', 'f' => array( array('bitrix/php_interface/dbconn.php', '/BX_/'), array('bitrix/modules/main/include/prolog_before.php', '/BX_/'), ), ), 'opencart' => array( 'n' => 'OpenCart', 'c' => '', 'r' => NULL, 't' => '.', 'd' => 'catalog/controller:catalog/model:catalog/view:system/engine', 'f' => array( array('/index.php', '/[^a-z\d]DIR_SYSTEM[^a-z\d]/i'), array('system/engine/action.php', '/[^a-z\d]DIR_APPLICATION[^a-z\d]/'), array('system/startup.php', '/[^a-z\d]DIR_SYSTEM[^a-z\d]/'), ), ), 'cscart' => array( 'n' => 'CS.cart', 'c' => '', 'r' => NULL, 't' => '.', 'd' => 'app/addons:app/controllers:app/functions:design:var', 'f' => array( array('/index.php', '/define\s*\(\s*[\'"]AREA[\'"]/'), array('config.php', '/[\'"]BOOTSTRAP[\'"]/'), array('init.php', '/DIR_ROOT.+fn_init_/s'), ), ), 'netcat' => array( 'n' => 'NetCat', 'c' => '', 'r' => NULL, 't' => '.', 'd' => 'netcat/modules:netcat/require:netcat/system|netcat_files', 'f' => array( array('/index.php', '/NETCAT.+vars\.inc\.php/s'), array('vars.inc.php', '/\$NC_.+\$NC_|netcat/s'), ), ), 'prestashop' => array( 'n' => 'PrestaShop', 'c' => '', 'r' => NULL, 't' => '.', 'd' => 'classes:config:controllers:img:localization:modules', 'f' => array( array('classes/PrestaShopAutoload.php', ''), array('/index.php', '/config\.inc\.php/'), array('config/defines.inc.php', '/(_PS_[A-Z]+_DIR_.+){5,}/sU'), array('config/config.inc.php', '/_PS_[A-Z]+_DIR_.+Configuration::get$[\'"]PS_/isU'), ), ), 'hostcms' => array( 'n' => 'HostCms', 'c' => '', 'r' => NULL, 't' => '.', 'd' => 'hostcmsfiles:modules/core:templates', 'f' => array( array('/index.php', '/bootstrap\.php.+hostcms/is'), array('bootstrap.php', '/HOSTCMS/'), ), ), 'umicms' => array( 'n' => 'UMI.CMS', 'c' => '', 'r' => NULL, 't' => '.', 'd' => 'classes/modules:classes/system:libs/root-src:js:styles', 'f' => array( array('classes/modules/system.php', '/\sumi[a-z\d]+[:\($]/i'), array('classes/modules/core.php', '/\sumi[a-z\d]+[:]/i'), array('libs/system.php', '/\sumi[a-z\d]+[:]/i'), array('libs/config.php', '/CURRENT_WORKING_DIR.*\sumi[a-z\d]+[:]/is'), ), ), 'amirocms' => array( 'n' => 'Amiro.CMS', 'c' => '', 'r' => NULL, 't' => '.', 'd' => '_admin/includes:_img:_local', 'f' => array( array('/index.php', ''), array('pages.php', ''), array('ami_service.php', '/\$AMI_.+AMI_Service.+AMI::/s'), array('cm_ini.php', '/AMI_Service/i'), ), ), 'magento' => array( 'n' => 'Magento', 'c' => '', 'r' => NULL, 't' => '.', 'd' => 'app/code:app/design:lib:media:var', 'f' => array( array('/index.php', '/MAGENTO.+Mage\.php.+Mage:/is'), array('app/Mage.php', '/class\s+Mage/i'), ), ), 'magento-2_3' => array( 'n' => 'Magento 2.0-2.3', 'c' => '', 'r' => NULL, 't' => '.', 'd' => 'app/etc:app/design:lib:vendor:var', 'f' => array( array('/index.php', '/magento,/i'), array('app/bootstrap.php', '/magento/i'), ), ), 'magento-2_4' => array( 'n' => 'Magento 2.4', 'c' => '', 'r' => NULL, 't' => '..', 'd' => 'app/etc:app/design:lib:vendor:var:setup', 'f' => array( array('/index.php', '/magento,/i'), array('app/bootstrap.php', '/magento/i'), ), ), 'cmsmadesimple' => array( 'n' => 'CMS Made Simple', 'c' => '', 'r' => NULL, 't' => '.', 'd' => 'lib/classes:modules:plugins:uploads', 'f' => array( array('lib/autoloader.php', '/function\s+cms_autoloader$/i'), array('lib/classes/class.CmsApp.php', '/class\s+CmsApp/i'), array('fileloc.php', '/_LOCATION[\'"]/i'), array('index.php', '/cmsms\($->/i'), array('include.php', '/cmsms->/i'), ), ), 'xenforo' => array( 'n' => 'XenForo forum', 'c' => '', 'r' => NULL, 't' => '.', 'd' => 'data:library/XenForo:styles', 'f' => array( array('library/config.php', '/\$config/i'), array('css.php', '/XenForo.*XenForo/isU'), array('proxy.php', '/XenForo.*XenForo/isU'), array('admin.php', '/XenForo.*XenForo/isU'), array('library/XenForo/Autoloader.php', '/XenForo.*XenForo/isU'), ), ), 'xenforo-2' => array( 'n' => 'XenForo forum v2', 'c' => './src/config.php', 'r' => NULL, 't' => '.', 'd' => 'data:install:internal_data:library:src:styles', 'f' => array( array('/src/config.php', '/\$config/i'), array('/src/XF.php', '/class XF/'), ), ), 'codeigniter' => array( 'n' => 'CodeIgniter', 'c' => '', 'r' => NULL, 't' => '.', 'd' => 'application/config:application/controllers:application/models:application/views:system/core:system/database', 'f' => array( array('system/core/CodeIgniter.php', '/CodeIgniter/i'), array('index.php', '/system_path.*application_folder.*BASEPATH.*CodeIgniter/is'), ), ), 'phpbb' => array( 'n' => 'PhpBB forum', 'c' => '', 'r' => NULL, 't' => '.', 'd' => 'phpbb/config:phpbb/controller:phpbb/template:includes:language', 'f' => array( array('phpbb/class_loader.php', '/phpbb/i'), array('viewforum.php', '/IN_PHPBB.+(phpbb_.+){5,}/s'), array('viewtopic.php', '/IN_PHPBB.+(phpbb_.+){5,}/s'), array('search.php', '/IN_PHPBB.+(phpbb_.+){5,}/s'), array('index.php', '/IN_PHPBB.+(phpbb_.+){5,}/s'), array('common.php', '/IN_PHPBB.+(phpbb_.+){5,}/s'), ), ), 'phpbb_old' => array( 'n' => 'PhpBB forum (old)', 'c' => '', 'r' => NULL, 't' => '.', 'd' => 'styles:includes:language:cache', 'f' => array( array('viewforum.php', '/IN_PHPBB.+(phpbb_.+){5,}/s'), array('viewtopic.php', '/IN_PHPBB.+(phpbb_.+){5,}/s'), array('search.php', '/IN_PHPBB.+(phpbb_.+){5,}/s'), array('index.php', '/IN_PHPBB.+(phpbb_.+){5,}/s'), array('common.php', '/IN_PHPBB.+(phpbb_.+){5,}/s'), ), ), 'webasyst' => array( 'n' => 'Webasyst', 'c' => '', 'r' => NULL, 't' => '.', 'd' => 'wa-apps:wa-config:wa-content:wa-system/api:wa-system/controller:wa-system/view', 'f' => array( array('wa-system/autoload/waAutoload.class.php', '/class\s+waAutoload/i'), array('index.php', '/wa/i'), array('wa-config/SystemConfig.class.php', '/wa/i'), ), ), 'webasyst-old' => array( 'n' => 'Webasyst (old)', 'c' => '', 'r' => NULL, 't' => '.', 'd' => 'kernel/classes:kernel/includes:published:system', 'f' => array( array('kernel/wbsinit.php', '/WBS_.+\$wbs_/is'), array('system/init.php', '/WBS_.+Wbs::/is'), array('index.php', '/WebAsyst/i'), ), ), 'instantcms-1' => array( 'n' => 'InstantCMS v1', 'c' => '', 'r' => NULL, 't' => '.', 'd' => 'filters:cache:admin/modules:components/users:components/actions:core/classes:core/js:includes:languages:modules:plugins:templates', 'f' => array( array('core/classes/config.class.php', '/class\s+cmsConfig\s*\{/i'), array('cron.php', '/cmsCore::loadClass.*cmsCron::getJobs/isU'), array('index.php', '/cmsCore::getInstance/i'), array('core/cms.php', '/define\([\\\'"]CORE_VERSION[\\\'"].{50,300}class\s+cmsCore\s*\{/is'), ), ), 'instantcms-2' => array( 'n' => 'InstantCMS v2', 'c' => '', 'r' => NULL, 't' => '.', 'd' => 'templates:wysiwyg:system/controllers:system/core:system/fields:system/languages:system/libs:system/widgets', 'f' => array( array('system/core/action.php', '/class\s+cmsAction\s*\{/is'), array('bootstrap.php', '/cmsConfig:.+cmsCore::loadLib\s*\(/is'), array('index.php', '/VALID_RUN.+cmsTemplate:.+cmsUser:.+cmsEventsManager:/is'), ), ), 'stressweb' => array( 'n' => 'Stressweb', 'c' => '', 'r' => NULL, 't' => '.', 'd' => 'application/account:cache:config:dev:module:templates', 'f' => array( array('dev/boot.php', ''), array('application/main.php', '/[^\.]STRESSWEB/i'), array('index.php', '/[^\.]STRESSWEB/i'), ), ), 'diafan' => array( 'n' => 'DiafanCMS', 'c' => '', 'r' => NULL, 't' => '.', 'd' => 'adm/includes:userfiles:includes/database:includes/cache:cache:modules:plugins', 'f' => array( array('includes/diafan.php', '/DIAFAN/i'), array('includes/core.php', '/DIAFAN/i'), array('adm/index.php', '/DIAFAN/i'), array('index.php', '/DIAFAN/i'), ), ), 'vtiger' => array( 'n' => 'Vtiger CRM', 'c' => '', 'r' => NULL, 't' => '.', 'd' => 'vtlib/Vtiger:modules/Vtiger:storage', 'f' => array( array('index.php', '/vtiger/i'), array('includes/main/WebUI.php', '/class\s+Vtiger_WebUI/i'), array('vtlib/Vtiger/Module.php', '/class\s+Vtiger_Module/i'), ), ), 'koobi' => array( 'n' => 'Koobi CMS', 'c' => '', 'r' => NULL, 't' => '.', 'd' => 'class:functions:inc:system:templates', 'f' => array( array('index.php', '/koobi/i'), array('inc/init.php', '#BASEDIR\s*\.\s*[\'"]/class/tpl/Koobi\.class\.php#i'), ), ), 'simpla' => array( 'n' => 'Simpla', 'c' => '', 'r' => NULL, 't' => '.', 'd' => 'simpla:api:design:payment:view', 'f' => array( array('view/View.php', '/Simpla/i'), array('view/IndexView.php', '/function\s+fetch$/i'), array('index.php', '/\$view->fetch\($/i'), array('api/Simpla.php', '/class\s+Simpla\s*\{/i'), ), ), 'vipbox' => array( 'n' => 'VipBox (Engio)', 'c' => '', 'r' => NULL, 't' => '.', 'd' => 'core/functions:core/objects:admin/config:languages:plugins:templates:upload', 'f' => array( array('core/common.php', '/ENGIO.+PHPSM_ROOT_PATH/sU'), array('admin/index.php', '/ENGIO.+PHPSM_ROOT_PATH/sU'), array('index.php', '/ENGIO.+PHPSM_ROOT_PATH/sU'), array('core/config.php', ''), ), ), 'adminstation' => array( 'n' => 'Adminstation', 'c' => '', 'r' => NULL, 't' => '.', 'd' => 'adminpanel:includes/errors', 'f' => array( array('adminpanel/index.php', '/\.\.\/cfg\.php.{8,50}\.\.\/ini\.php[\'"]/s'), array('template.php', ''), array('footer.php', ''), array('index.php', '/cfg\.php.{8,50}ini\.php[\'"]/s'), array('ini.php', '/defined$[\'"]ACCESS[\'"]$.{100,2000}includes\/errors/is'), array('cfg.php', '/mysqli?_connect\(.{30,300}includes\/errors\/db\.php/is'), ), ), 'yii-2' => array( 'n' => 'Yii framework v2', 'c' => '../config/db.php', 'r' => array( 'dbtype' => '/[\'"]dsn[\'"]\s*=>\s*[\'"](.+):/i', 'dbhost' => '/host=([^;]+);/i', 'dbuser' => '/[\'"]username[\'"]\s*=>\s*[\'"](.+)[\'"]/i', 'dbpass' => '/[\'"]password[\'"]\s*=>\s*[\'"](.+)[\'"]/i', 'dbname' => '/dbname=(.*)\'/i', ), 't' => '..:.', 'd' => 'config:controllers:models:runtime:vendor/yiisoft/yii2/base:views', 'f' => array( array('vendor/autoload.php', ''), array('vendor/yiisoft/yii2/base/Controller.php', '/yii.*class\s+Controller/isU'), array('/index.php', '/yii.*new\s+(?:yii[\w\\\\]+)?Application\s*\(/isU'), ), ), 'symfony-2-3' => array( 'n' => 'Symfony framework v2/v3', 'c' => 'app/config/config.yml', 'r' => NULL, 't' => '..:.', 'd' => 'src:web:app/config:vendor/symfony/symfony/src/Symfony/Component/ClassLoader', 'f' => array( array('app/config/config.yml', ''), array('app/AppKernel.php', '/symfony.*class\s+AppKernel/isU'), array('vendor/symfony/symfony/src/Symfony/Component/ClassLoader/ClassLoader.php', '/symfony.*class\s+ClassLoader/isU'), array('/app.php', '/symfony.*new\s+AppKernel\s*\(/isU'), ), ), 'symfony-4' => array( 'n' => 'Symfony framework v4', 'c' => '', 'r' => NULL, 't' => '..:.', 'd' => 'config:public:src:var/cache:vendor/symfony', 'f' => array( array('config/services.yaml', ''), array('src/Kernel.php', '/symfony.*class\s+Kernel/isU'), array('vendor/symfony/routing/Router.php', '/symfony.*class\s+Router/isU'), array('/index.php', '/symfony.*new\s+Kernel\s*\(/isU'), ), ), 'laravel' => array( 'n' => 'Laravel', 'c' => 'bootstrap/app.php', 'r' => NULL, 't' => '..', 'd' => 'app:bootstrap:config:database:public:routes:storage:vendor', 'f' => array( array('/index.php', '/laravel/i'), ), ), 'dolphin' => array( 'n' => 'Dolphin CMS', 'c' => '', 'r' => NULL, 't' => '.', 'd' => 'inc:modules:media:plugins:templates', 'f' => array( array('index.php', '/(BoonEx Pty)|(www\.boonex\.com)/i'), array('inc/header.inc.php', '/\$site\[\'url\'\]/i'), ), ), 'wordpress-subdir' => array( 'n' => 'Wordpress (subdir)', 'c' => 'wp-config.php', 'r' => NULL, 't' => 'blog:site:cms:wp:main', 'd' => 'wp-admin:wp-content|wp-admin:wp-includes|wp-content:wp-includes', 'f' => array( array('index.php', '/wp[_\-]/i'), array('wp-blog-header.php', '/wp[_\-]/i'), array('wp-load.php', '/wp-config/'), ), ), ); public static function detect($useCache = TRUE) { if ($useCache && self::$cached) return self::$cached; $result = FALSE; foreach (self::$cmsInfo as $cmsID => &$cms) { if (!isset($cms['n']) || !is_string($cms['n'])) $cms['n'] = $cmsID; if (!isset($cms['t']) || !is_string($cms['t']) || !strlen($cms['t'])) $cms['t'] = '.'; if (!isset($cms['d']) || !is_string($cms['d'])) $cms['d'] = ''; if (!isset($cms['f']) || !is_array($cms['f'])) $cms['f'] = array(); foreach (explode(':', $cms['t']) as $target) { if (!strlen($target) || !is_dir($target) || !is_readable($target)) continue; if (strlen($cms['d'])) { $ok = FALSE; foreach (explode('|', $cms['d']) as $dirSet) { foreach (explode(':', $dirSet) as $dir) if (!is_dir($target.'/'.$dir)) continue 2; $ok = TRUE; break; } if (!$ok) { continue; } } $path = ''; foreach ($cms['f'] as $file) { $path = ($file[0][0] === '/' ? '.' : $target.'/').$file[0]; if (!is_file($path)) continue 2; if (strlen($file[1])) { if (!is_readable($path)) continue 2; $text = @file_get_contents($path); if (!is_string($text) || !preg_match($file[1], $text)) continue 2; } } $result = array( 'cms' => $cmsID, 'title' => $cms['n'], 'incfile' => strlen($path) ? $path : 'index.php', 'cfgfile' => isset($cms['c']) ? $cms['c'] : '', 'cfgregexp' => isset($cms['r']) ? $cms['r'] : NULL, ); break 2; } } if ($useCache && $result) self::$cached = $result; return $result; } public static function convertDB($asJSON = 0) { $ret = array(); foreach (self::$cmsInfo as $cmsID => &$cms) { if (substr($cmsID, -7) === '-subdir') continue; $new = array( 'i' => $cmsID, 'n' => $cms['n'], 'c' => $cms['c'], 'r' => $cms['r'], 'd' => array(), 'f' => array(), ); foreach (explode('|', $cms['d']) as $d) $new['d'][] = explode(':', $d); foreach ($cms['f'] as $f) $new['f'][] = array('p' => trim($f[0], '/\\'), 't' => $f[1]); $ret[] = $new; } if ((int)$asJSON <= 0) return $ret; if (!defined('JSON_PRETTY_PRINT')) return json_encode($ret); if ((int)$asJSON === 1) return json_encode($ret, JSON_UNESCAPED_SLASHES|JSON_UNESCAPED_UNICODE); return strtr(json_encode($ret, JSON_PRETTY_PRINT|JSON_UNESCAPED_SLASHES|JSON_UNESCAPED_UNICODE), array("\n " => "\n", " " => "\t")); } } class avScanner { const version = '6.1.1'; const VDBVERSION = 4; const MINBUFSIZE = 10; const MAXBUFSIZE = 1048576; const VDB_TITLE = 0; const VDB_SIGNATURE = 1; const VDB_REPLACE = 2; const VDB_CALLBACK = 3; const VDB_INCURABLE = 4; const VDB_DOUBT = 5; const VDB_LAST = 6; const VDB_CVE = 7; const VDB_FTYPES = 8; const VDB_ACK = 9; const VDB_EXC = 10; const VDB_SUB = 11; const VDB_ORDER = 12; const VDB_SID = 13; const RET_DETECTED = 1; const RET_INCURABLE = 2; const RET_DOUBT = 4; const RET_LAST = 8; const RET_CVE = 256; const RET_REPLACED = 16; const RET_DELETE = 32; const RET_CANREPLACE = 64; const RET_CANDELETE = 128; const RET_MODIFIED = 48; const RET_CURABLE = 192; const RET_EBACKUP = 1024; const RET_EWRITE = 2048; const RET_EDELETE = 4096; const RET_EREAD = 8192; const RET_READONLY = 16384; const RET_SERIALIZED = 32768; const RET_RESTORED = 65536; const SCAN_REPLACE = 1; const SCAN_REPLACE_AFTER = 2; const SCAN_APPLY_AFTER_TREATMENT = 4; const SCAN_PACK_RESULTS = 8; const SCAN_REPLACE_IF_LAST = 16; const SCAN_SERIALIZED_SKIP_FAST = 32; const SCAN_REPLACE_TYPE_MALWARE = 1024; const SCAN_REPLACE_TYPE_DOUBT = 2048; const SCAN_REPLACE_TYPE_CVE = 4096; protected static $vdbHost = ''; protected static $vdbApiKey = ''; protected static $cacheFile = ''; protected static $cacheTime = 0; protected static $vdbID = 0; protected static $userAgent = 'libavscanner'; protected static $xpathSeparator = '|'; public static $vdb = []; public static $vdbTop = []; public static function init($options, &$error = NULL) { if (!is_array($options)) return !($error = 'Invalid options in init()'); foreach ($options as $key => $val) self::$$key = $val; return TRUE; } public static function loadVDB(&$error = NULL) { $vdbCached = strlen(self::$cacheFile) && (int)self::$cacheTime && is_file(self::$cacheFile) && filesize(self::$cacheFile) && (filemtime(self::$cacheFile) + (int)self::$cacheTime >= time()); $vdb = $vdbJSON = NULL; $useGZIP = function_exists('gzinflate'); if ($vdbCached) { $vdbURL = self::$cacheFile; $vdbJSON = file_get_contents($vdbURL); if (!is_string($vdbJSON)) return !($error = 'Cache file read failed'); } else { if (!strlen(self::$vdbHost)) return !($error = 'Invalid vdbHost configuration option'); $vdbURL = 'http://'.self::$vdbHost.'/data/rexplacer/vdb/?'.http_build_query([ 'vdbid' => (int)self::$vdbID, 'vdbver' => self::VDBVERSION, 'from' => strtr(self::$userAgent, '/', '-'), 'php' => (float)PHP_VERSION, 'clz' => $useGZIP ? '1' : '', ], '', '&'); if ((int)ini_get('allow_url_fopen')) { $vdbJSON = @file_get_contents($vdbURL, 0, stream_context_create(['http' => [ 'method' => 'GET', 'header' => implode("\r\n", [ 'Accept: *'.'/'.'*', 'Connection: Close', 'User-Agent: '.self::$userAgent, 'Cookie: apikey='.urlencode((string)self::$vdbApiKey), '', ]), 'protocol_version' => 1.1, 'follow_location' => 1, 'max_redirects' => 3, 'timeout' => 30, 'ignore_errors' => FALSE, ]])); } elseif (is_callable('curl_init')) { $curl = curl_init(); curl_setopt_array($curl, [ CURLOPT_URL => $vdbURL, CURLOPT_RETURNTRANSFER => TRUE, CURLOPT_COOKIE => 'apikey='.urlencode((string)self::$vdbApiKey), CURLOPT_USERAGENT => self::$userAgent, CURLOPT_FOLLOWLOCATION => TRUE, CURLOPT_MAXREDIRS => 3, CURLOPT_CONNECTTIMEOUT => 30, CURLOPT_FAILONERROR => TRUE, CURLOPT_SSL_VERIFYPEER => FALSE, ]); $vdbJSON = curl_exec($curl); curl_close($curl); unset($curl); } else { return !($error = 'No allow_url_fopen/CURL available'); } if (!is_string($vdbJSON)) return !($error = 'Request failed'); if ($useGZIP) { $vdbJSON = gzinflate($vdbJSON, 64<<20); if (!is_string($vdbJSON)) return !($error = 'gzinflate() failed'); } } if (!strlen($vdbJSON) || !strpos(' [{', $vdbJSON[0], 1)) return !($error = 'Invalid data received'); $vdb = json_decode($vdbJSON, TRUE); if (!is_array($vdb) || empty($vdb)) return !($error = 'Decoding failed'); $vdbCached || strlen(self::$cacheFile) && @file_put_contents(self::$cacheFile, $vdbJSON, LOCK_EX) && chmod(self::$cacheFile, 0664); return self::setVDB($vdb, $error); } public static function setVDB(&$vdb, &$error = NULL) { if (!is_array($vdb) || empty($vdb)) return !($error = "Invalid or empty VDB"); if (!is_array(self::$vdbTop) || self::$vdbTop) self::$vdbTop = []; $trees = [self::VDB_ACK => [], self::VDB_EXC => [], self::VDB_SUB => []]; foreach ($vdb as $sid => &$sign) { if (!strlen($sign[self::VDB_SIGNATURE]) && !strlen($sign[self::VDB_CALLBACK])) return !($error = "$sid: No RegExp/Constant"); if (strlen($sign[self::VDB_SIGNATURE])) { if ($sign[self::VDB_SIGNATURE][0] === ':') { $sign[self::VDB_SIGNATURE] = ':'.pack('H*', substr($sign[self::VDB_SIGNATURE], 1)); if (strlen($sign[self::VDB_SIGNATURE]) < 3) { return !($error = "$sid: Invalid constant (HEX)"); } } elseif ($sign[self::VDB_SIGNATURE][0] === '=') { $sign[self::VDB_SIGNATURE][0] = ':'; if (strlen($sign[self::VDB_SIGNATURE]) < 3) return !($error = "$sid: Invalid constant (TEXT)"); } else { if (strlen($sign[self::VDB_SIGNATURE]) < 4) return !($error = "$sid: Invalid PCRE"); if (!strpos(' #/~', $sign[self::VDB_SIGNATURE][0])) return !($error = "$sid: Invalid PCRE delimiter"); } } if (!strlen($sign[self::VDB_CALLBACK])) $sign[self::VDB_CALLBACK] = 'cbDefault'; $sign[self::VDB_INCURABLE] = (int)$sign[self::VDB_INCURABLE]; $sign[self::VDB_DOUBT] = (int)$sign[self::VDB_DOUBT]; $sign[self::VDB_LAST] = (int)$sign[self::VDB_LAST]; $sign[self::VDB_CVE] = (int)$sign[self::VDB_CVE]; $sign[self::VDB_FTYPES] = strlen($sign[self::VDB_FTYPES]) ? array_flip(explode(',', $sign[self::VDB_FTYPES])) : NULL; $sign[self::VDB_ORDER] = (int)$sign[self::VDB_ORDER]; $sign[self::VDB_SID] = (int)$sid; if ($sign[self::VDB_SUB]) $trees[self::VDB_SUB][$sign[self::VDB_SUB]][] = $sign[self::VDB_SID]; elseif ($sign[self::VDB_EXC]) $trees[self::VDB_EXC][$sign[self::VDB_EXC]][] = $sign[self::VDB_SID]; elseif ($sign[self::VDB_ACK]) $trees[self::VDB_ACK][$sign[self::VDB_ACK]][] = $sign[self::VDB_SID]; else self::$vdbTop[] = &$sign; $sign[self::VDB_ACK] = $sign[self::VDB_EXC] = $sign[self::VDB_SUB] = NULL; } unset($sign); reset($vdb); foreach ($trees as $treeID => $tree) foreach ($tree as $pid => $cids) if (isset($vdb[$pid])) $vdb[$pid][$treeID] = $cids; else return !($error = "$pid: No such parent signature"); self::$vdb = &$vdb; return TRUE; } public static function scanBuffer(&$text, $fileType = '', $flags = 0, &$results = NULL) { $detected = 0; if ($results !== NULL) if (!is_array($results) || $results) $results = []; foreach (self::$vdbTop as $sign) { $cb = $sign[self::VDB_CALLBACK]; $detected |= self::$cb($sign, $text, $fileType, $flags, $results); if ($detected & self::RET_LAST) break; } if ($detected === 0) return $detected; if ($results !== NULL) { if ($flags & self::SCAN_REPLACE_AFTER) { if (count($results) > 1) usort($results, __CLASS__.'::sortResults_last_length'); for ($i = 0; $i < count($results); ++$i) { $sign = $results[$i]['sign']; if ($sign[self::VDB_INCURABLE]) continue; if ($sign[self::VDB_DOUBT] && !($flags & self::SCAN_REPLACE_TYPE_DOUBT)) continue; if ($sign[self::VDB_CVE] && !($flags & self::SCAN_REPLACE_TYPE_CVE)) continue; if (!$sign[self::VDB_DOUBT] && !$sign[self::VDB_CVE] && !($flags & self::SCAN_REPLACE_TYPE_MALWARE)) continue; if ($sign[self::VDB_LAST]) { if ($flags & self::SCAN_REPLACE_IF_LAST) $text = ''; $results[$i]['flags'] |= self::RET_DELETE; $detected |= self::RET_DELETE; break; } elseif ($sign[self::VDB_CALLBACK] !== 'cbDefault') { $cb = $sign[self::VDB_CALLBACK]; $results[$i]['flags'] |= self::$cb($sign, $text, $fileType, $flags | self::SCAN_REPLACE); $detected |= $results[$i]['flags']; } else { $text = ($sign[self::VDB_SIGNATURE][0] === ':') ? str_replace( substr($sign[self::VDB_SIGNATURE], 1), $sign[self::VDB_REPLACE], $text) : preg_replace( $sign[self::VDB_SIGNATURE], $sign[self::VDB_REPLACE], $text); $results[$i]['flags'] |= self::RET_REPLACED; $detected |= self::RET_REPLACED; } } } if (count($results) > 1 && ($flags & self::SCAN_PACK_RESULTS)) { if ($detected & self::RET_LAST) { $results = $results[0]['sign'][self::VDB_LAST] ? [$results[0]] : [$results[count($results)-1]]; } else { self::resultsRemoveOverlaps($results, TRUE); } } if (count($results) > 1) usort($results, __CLASS__.'::sortResults_order_id'); } elseif ($flags & self::SCAN_REPLACE_AFTER) { throw new Exception('The `SCAN_REPLACE_AFTER` flag requires non NULL $results buffer'); } if (($flags & self::SCAN_APPLY_AFTER_TREATMENT) && strlen($fileType) && ($detected & self::RET_REPLACED) && !($detected & self::RET_DELETE)) self::afterTreatment($text, $fileType); return $detected; } public static function scanArray(&$data, $flags = 0, &$results = NULL, &$_xpath = []) { $withResults = ($results !== NULL); if ($withResults && !is_array($results)) $results = []; $subResults = $withResults ? [] : NULL; $xpUse = $withResults && is_array($_xpath); $xpOp = 1; $detected = $subBits = 0; foreach ($data as $key => &$value) { if (is_array($value) || is_object($value)) { if ($xpUse) $xpOp = self::updateXPath($_xpath, $xpOp, $key); $subBits = static::scanArray($value, $flags, $results, $_xpath); } elseif (is_string($value) && static::MINBUFSIZE <= strlen($value) && strlen($value) <= static::MAXBUFSIZE) { $subBits = static::scanBuffer($value, '', $flags, $subResults); } else { continue; } if ($subBits === 0) { continue; } $detected |= $subBits; if ($subResults) { if ($xpUse) $xpOp = self::updateXPath($_xpath, $xpOp, $key); foreach ($subResults as &$subResult) { $subResult['xpath'] = $xpUse ? self::packXPath($_xpath) : NULL; $results[] = $subResult; } unset($subResult); $subResults = []; } } $xpUse && !$xpOp && self::updateXPath($_xpath, -1); return $detected; } public static function scanXPath(&$data, &$xpath, $flags = 0, &$results = NULL) { $val = &self::resolveXPath($data, $xpath, $ok); if (!$ok) return 0; if (is_array($val) || is_object($val)) { if ($results !== NULL) if (!is_array($results) || $results) $results = []; return static::scanArray($val, $flags, $results, $xpath); } if (is_string($val) && static::MINBUFSIZE <= strlen($val) && strlen($val) <= static::MAXBUFSIZE) { $detected = static::scanBuffer($val, '', $flags, $results); if ($detected && $results) foreach ($results as &$result) $result['xpath'] = self::packXPath($xpath); return $detected; } return 0; } public static function scanSerialized(&$data, $flags = 0, &$xpath = NULL, &$results = NULL, &$serialization = NULL, &$unserialized = NULL) { $detected = 0; if ($results !== NULL) if (!is_array($results) || $results) $results = []; if ($serialization) $serialization = ''; if ($_ = self::isSerializedPHP($data, TRUE)) { if (!strpos(' saO', $_, 1)) return 0; $serialization = 'PHP'; if (!($flags & self::SCAN_SERIALIZED_SKIP_FAST)) if (static::scanBuffer($data) === 0) return 0; $unserialized = @unserialize($data); if (empty($unserialized)) return 0; if (is_array($unserialized) || is_object($unserialized)) if ($xpath !== NULL) $detected = static::scanXPath($unserialized, $xpath, $flags, $results); else $detected = static::scanArray($unserialized, $flags, $results); else $detected = static::scanBuffer($unserialized, '', $flags, $results); if ($detected & self::RET_MODIFIED) $data = serialize($unserialized); } elseif (self::isSerializedJSON($data, 1, $unserialized)) { if (empty($unserialized)) return 0; $serialization = 'JSON'; if (is_array($unserialized) || is_object($unserialized)) if ($xpath !== NULL) $detected = static::scanXPath($unserialized, $xpath, $flags, $results); else $detected = static::scanArray($unserialized, $flags, $results); else $detected = static::scanBuffer($unserialized, '', $flags, $results); if ($detected & self::RET_MODIFIED) $data = json_encode($unserialized); } else { $detected = static::scanBuffer($data, '', $flags, $results); } return $detected; } public static function &resolveXPath(&$data, &$xpath, &$ok) { $ok = FALSE; if (!self::parseXPath($xpath)) return $data; $val = &$data; $i = 0; $c = count($xpath); while ($i < $c) { $key = $xpath[$i++]; if (!is_string($key) && !is_numeric($key)) return $val; if (is_array($val)) { if (!isset($val[$key])) return $val; $val = &$val[$key]; } elseif (is_object($val)) { if (!isset($val->$key)) return $val; $val = &$val->$key; } else { return $val; } } $ok = TRUE; return $val; } public static function acquireXPath(&$data, $xpath, $callBack) { if (!is_string($data) || !is_callable($callBack)) return 0; $modified = FALSE; $unserialized = NULL; $serialization = self::isSerialized($data, $unserialized); if ($serialization) { $val = &self::resolveXPath($unserialized, $xpath, $ok); if (!$ok) return 0; $modified = $callBack($val); if ($modified) if ($serialization === 'PHP') $data = serialize($unserialized); elseif ($serialization === 'JSON') $data = json_encode($unserialized); } else { if (self::parseXPath($xpath) && $xpath) return 0; $modified = $callBack($data); } return $modified ? 2 : 1; } public static function parseXPath(&$xpath) { if (is_string($xpath)) { $xpath = strlen($xpath) ? explode(self::$xpathSeparator, $xpath) : []; foreach ($xpath as &$entry) { $entry = urldecode($entry); } } return is_array($xpath); } public static function packXPath($xpath) { if (is_array($xpath)) { $str = ''; foreach ($xpath as $entry) { $str .= (strlen($str) ? self::$xpathSeparator : '').urlencode($entry); } return $str; } return is_string($xpath) ? $xpath : NULL; } public static function updateXPath(&$xpath, $op, $key = NULL) { if ($op > 0) $xpath[] = $key; elseif ($op < 0) array_pop($xpath); else $xpath[count($xpath)-1] = $key; return 0; } protected static function sortResults_last_length($i, $j) { if ($i['sign'][self::VDB_LAST] !== $j['sign'][self::VDB_LAST]) return $i['sign'][self::VDB_LAST] ? -1 : 1; return $j['length'] - $i['length']; } protected static function sortResults_order_id($i, $j) { if ($i['sign'][self::VDB_ORDER] !== $j['sign'][self::VDB_ORDER]) return $i['sign'][self::VDB_ORDER] < $j['sign'][self::VDB_ORDER] ? -1 : 1; return $i['sign'][self::VDB_SID] < $j['sign'][self::VDB_SID] ? -1 : 1; } protected static function resultsRemoveOverlaps(&$results, $compact = FALSE) { $removed = 0; $h = count($results) - 1; for ($i = 0; $i < $h; ++$i) { if (empty($results[$i]) || $results[$i]['offset'] < 0) continue; $iL = $results[$i]['offset']; $iR = $iL + $results[$i]['length']; for ($j = $i + 1; $j <= $h; ++$j) { if (empty($results[$j]) || $results[$j]['offset'] < 0) continue; $jL = $results[$j]['offset']; $jR = $jL + $results[$j]['length']; if ($iL <= $jL && $jR <= $iR) { if (($results[$j]['flags']&self::RET_CVE) === 0) { $results[$j] = NULL; $removed++; } } elseif ($jL <= $iL && $iR <= $jR) { if (($results[$i]['flags']&self::RET_CVE) === 0) { $results[$i] = NULL; $removed++; break; } } } } if ($removed > 0 && $compact) { $results = array_values(array_filter($results)); } return $removed; } public static function objectToArray($array) { if (!is_array($array)) if (is_object($array)) $array = get_object_vars($array); else return $array; foreach ($array as &$v) $v = self::objectToArray($v); return $array; } public static function isSerialized($data, &$unserialized = NULL) { if ($_ = self::isSerializedPHP($data, TRUE)) { if (!strpos(' saO', $_, 1)) return ''; $unserialized = @unserialize($data); if ($unserialized === FALSE || $unserialized === NULL) return ''; return 'PHP'; } elseif (self::isSerializedJSON($data, 1, $unserialized)) { return 'JSON'; } return ''; } public static function isSerializedPHP($data, $strict = TRUE) { if (!is_string($data)) return; $data = trim($data); if (strlen($data) < 4) return ('N;' === $data) ? $data[0] : NULL; if (':' !== $data[1]) return; if ($strict) { $lastc = substr($data, -1); if (';' !== $lastc && '}' !== $lastc) return; } else { $split = strpos($data, ';'); $brace = strpos($data, '}'); if (FALSE === $split && FALSE === $brace || FALSE !== $split && $split < 3 || FALSE !== $brace && $brace < 4) return; } $token = $data[0]; switch ($token) { case 's': if ($strict ? ('"' !== substr($data, -2, 1)) : !strpos($data, '"')) return; case 'a': case 'O': case 'E': return preg_match("/^$token:\\d+:[\\{\\\"]/", $data) ? $token : NULL; case 'b': case 'i': case 'd': $end = $strict ? '$' : ''; return strlen($data) <= 60 && preg_match("/^$token:[\\d\\.eE+\\-]+;$end/", $data) ? $token : NULL; } return; } public static function isSerializedJSON($data, $rejectTypes = 0, &$val = NULL) { if (!is_string($data) || !strlen($data)) { return FALSE; } if ($rejectTypes) { $v = trim($data); if (!strlen($v)) { return FALSE; } $type = $v[0]; $end = substr($v, -1); $isStruct = ($type === '{' || $type === '['); $isString = ($type === '"'); if ( !($isStruct || $isString) && (($rejectTypes & 1) || strlen($v) > 60) || $isString && (($rejectTypes & 2) || strlen($v) < 2 || $end !== '"') || $isStruct && (($rejectTypes & 4) || strlen($v) < 2 || ($end !== '}' && $end !== ']')) ) { return FALSE; } } $val = json_decode($data, TRUE); return json_last_error() === JSON_ERROR_NONE; } public static function file_rewrite($file, $contents) { $mode = (int)fileperms($file); chmod($file, $mode | 0220); $ret = (file_put_contents($file, $contents) === strlen($contents)); chmod($file, $mode); return $ret; } public static function file_unlink($file) { $mode = (int)fileperms($file); chmod($file, $mode | 0220); if (!$ret = unlink($file)) chmod($file, $mode); return $ret; } public static function afterTreatment(&$text, $fileType) { switch ($fileType) { case 'php': case 'phps': case 'phtml': case 'php4': case 'php5': case 'php7': case 'inc': case 'tpl': case 'class': $text = preg_replace('/<\\?(?:php)?\\s*\\?>\\r?\\n?/', '', $text); return TRUE; } return FALSE; } public static function cbDefault($sign, &$text, $fileType, $replace = 0, &$results = NULL) { if ($sign[self::VDB_FTYPES] && !isset($sign[self::VDB_FTYPES][$fileType])) return 0; $const = ($sign[self::VDB_SIGNATURE][0] === ':'); if ($const) { $startOffset = strpos($text, substr($sign[self::VDB_SIGNATURE], 1)); if ($startOffset === FALSE) return 0; $length = strlen($sign[self::VDB_SIGNATURE]) - 1; $endOffset = $startOffset + $length; } else { if (!preg_match($sign[self::VDB_SIGNATURE], $text, $match, PREG_OFFSET_CAPTURE)) return 0; $startOffset = $match[0][1]; $length = strlen($match[0][0]); $endOffset = $startOffset + $length; $match = NULL; } if ($sign[self::VDB_ACK]) foreach ($sign[self::VDB_ACK] as $subSignID) if (($cb = self::$vdb[$subSignID][self::VDB_CALLBACK]) && self::$cb(self::$vdb[$subSignID], $text, $fileType, 0) === 0) return 0; if ($sign[self::VDB_EXC]) foreach ($sign[self::VDB_EXC] as $subSignID) if (($cb = self::$vdb[$subSignID][self::VDB_CALLBACK]) && self::$cb(self::$vdb[$subSignID], $text, $fileType, 0) !== 0) return 0; if ($sign[self::VDB_SUB]) { $detected = 0; foreach ($sign[self::VDB_SUB] as $subSignID) { if (($subSign = self::$vdb[$subSignID]) && ($cb = $subSign[self::VDB_CALLBACK])) { $detected |= self::$cb($subSign, $text, $fileType, $replace, $results); if ($detected & self::RET_LAST) { break; } } } return $detected; } $doReplace = ($replace & self::SCAN_REPLACE) && !$sign[self::VDB_INCURABLE]; if ($doReplace) { if ($doReplace && $sign[self::VDB_DOUBT] && !($replace & self::SCAN_REPLACE_TYPE_DOUBT)) $doReplace = FALSE; if ($doReplace && $sign[self::VDB_CVE] && !($replace & self::SCAN_REPLACE_TYPE_CVE)) $doReplace = FALSE; if ($doReplace && !$sign[self::VDB_DOUBT] && !$sign[self::VDB_CVE] && !($replace & self::SCAN_REPLACE_TYPE_MALWARE)) $doReplace = FALSE; } $detected = self::RET_DETECTED | ($sign[self::VDB_INCURABLE] ? self::RET_INCURABLE : ($sign[self::VDB_LAST] ? self::RET_CANDELETE : self::RET_CANREPLACE)) | ($sign[self::VDB_DOUBT] ? self::RET_DOUBT : 0) | ($sign[self::VDB_LAST] ? self::RET_LAST : 0) | ($sign[self::VDB_CVE] ? self::RET_CVE : 0) | ($doReplace ? ($sign[self::VDB_LAST] ? self::RET_DELETE : self::RET_REPLACED) : 0); if ($results !== NULL) $results[] = [ 'sign' => $sign, 'flags' => $detected, 'offset' => $startOffset, 'length' => $length, 'match' => substr($text, $startOffset, $endOffset), ]; if ($doReplace) { if (!$sign[self::VDB_LAST]) $text = $const ? str_replace( substr($sign[self::VDB_SIGNATURE], 1), $sign[self::VDB_REPLACE], $text) : preg_replace( $sign[self::VDB_SIGNATURE], $sign[self::VDB_REPLACE], $text); elseif ($replace & self::SCAN_REPLACE_IF_LAST) $text = ''; } return $detected; } public static function cbhtaccessredirect($sign, &$text, $fileType, $replace = 0, &$results = NULL) { if (!defined('SVC_CHOST') || $sign[self::VDB_FTYPES] && !isset($sign[self::VDB_FTYPES][$fileType])) return 0; $host = strtolower(SVC_CHOST); if (substr($host, 0, 4) === 'www.') $host = substr($host, 4); if (!strlen($host)) return 0; $doReplace = ($replace & self::SCAN_REPLACE) && !$sign[self::VDB_INCURABLE]; $detected = 0; $lines = explode("\n", $text); $nLines = count($lines); $pCond = $pEngine = -1; for ($i = 0; $i < $nLines; ++$i) { $line = strtolower(trim($lines[$i])); if (strlen($line) < 11 || $line[0] === '#') continue; if (substr($line, 0, 13) === 'rewriteengine') { if ($pEngine < 0) $pEngine = $i; else $lines[$i] = ''; } elseif (substr($line, 0, 11) === 'rewritecond') { if ($pCond < 0) $pCond = $i; } elseif (substr($line, 0, 11) === 'rewriterule') { if ( preg_match('~https?:/~', $line) && !strpos($line, $host) && !preg_match('~https?:/+(?:w+\.)?(?:[\%\$]\d|\%\{\w+\})~', $line) ) { $detected |= self::RET_DETECTED; if (self::cbhtaccessredirect_appendResult($sign, $lines[$i], $doReplace, $results)) { if ($pCond < 0) { unset($lines[$i]); } else { for ($j = $pCond; $j <= $i; ++$j) unset($lines[$j]); } } } $pCond = -1; } elseif (substr($line, 0, 13) === 'errordocument') { if (preg_match('~https?:/~', $line) && !strpos($line, $host)) { $detected |= self::RET_DETECTED; if (self::cbhtaccessredirect_appendResult($sign, $lines[$i], $doReplace, $results)) unset($lines[$i]); } } } if ($detected) { $detected |= ($sign[self::VDB_INCURABLE] ? self::RET_INCURABLE : self::RET_CANREPLACE) | ($sign[self::VDB_DOUBT] ? self::RET_DOUBT : 0); if ($doReplace) { $detected |= self::RET_REPLACED; $text = implode("\n", $lines); } } return $detected; } protected static function cbhtaccessredirect_appendResult($sign, $line, $replaced, &$results) { if ($results === NULL) return $replaced; $results[] = [ 'sign' => $sign, 'flags' => self::RET_DETECTED | ($sign[self::VDB_INCURABLE] ? self::RET_INCURABLE : self::RET_CANREPLACE) | ($sign[self::VDB_DOUBT] ? self::RET_DOUBT : 0) | ($replaced ? self::RET_REPLACED : 0), 'offset' => -1, 'length' => strlen($line), 'match' => $line, ]; return $replaced; } public static function reMatchOffsets($re, $text, $formatter = NULL) { if (!strlen($re) || !is_int(@preg_match_all($re, $text, $matches, PREG_OFFSET_CAPTURE))) return FALSE; if (!$matches[0]) return []; return self::matchOffsetsToRows($matches[0], $text, $formatter); } public static function constMatchOffsets($sub, $text, $formatter = NULL) { if (!is_string($sub) || !strlen($sub) || !is_int($pos = strpos($text, $sub))) return []; $matches = []; do { $matches[] = [strlen($sub), $pos]; $pos = strpos($text, $sub, $pos + strlen($sub)); } while (is_int($pos)); return self::matchOffsetsToRows($matches, $text, $formatter); } public static function matchScanResultToRows($result, $text, $formatter = NULL) { if (!is_array($result) || !isset($result['offset'], $result['length']) || $result['offset'] < 0) return NULL; $absOffsets = [[$result['length'], $result['offset']]]; $lineOffsets = self::matchOffsetsToRows($absOffsets, $text, $formatter); return reset($lineOffsets); } public static function matchOffsetsToRows($offsets, $text, $formatter = NULL) { $nResult = 0; $results = []; foreach ($offsets as $offset) { if (!$nResult || $results[$nResult-1][5] < $offset[1]) { $results[$nResult++] = [ -1, -1, -1, -1, $offset[1], is_int($offset[0]) ? $offset[1] + $offset[0] : $offset[1] + strlen($offset[0]), ]; } } $cPos = $nResult = 0; $rows = is_array($text) ? $text : explode("\n", $text); for ($nRow = 0, $nRows = count($rows); $nRow < $nRows; ++$nRow) { $rowEndAt = $cPos + strlen($rows[$nRow]) + 1; if ($results[$nResult][0] > -1) { if ($rowEndAt > $results[$nResult][5]) { $results[$nResult][2] = $nRow; $results[$nResult][3] = $results[$nResult][5] - $cPos; --$nRow; $formatter && $formatter($results[$nResult]); if (!isset($results[++$nResult])) break; } else { $cPos = $rowEndAt; } } elseif ($rowEndAt > $results[$nResult][4]) { $results[$nResult][0] = $nRow; $results[$nResult][1] = $results[$nResult][4] - $cPos; --$nRow; } else { $cPos = $rowEndAt; } } return $results; } public static function createFieldPath($table, $keyFieldName, $keyFieldValue, $fieldName) { return $table.'/'. (is_string($keyFieldName) && strlen($keyFieldName) ? $keyFieldName.'/'.urlencode($keyFieldValue) : (int)$keyFieldValue).'/'. $fieldName; } public static function parseFieldPath($path) { $cell = explode('/', $path); $n = count($cell); if ($n !== 3 && $n !== 4 || in_array('', $cell, TRUE)) return FALSE; $hasPrimary = ($n === 4); return [ 'table' => $cell[0], 'key' => $hasPrimary ? $cell[1] : NULL, 'row' => $hasPrimary ? urldecode($cell[2]) : (int)$cell[1], 'field' => $hasPrimary ? $cell[3] : $cell[2], ]; } public static function sqlByFieldPath($path, $requirePrimary = FALSE) { if (is_string($path)) $path = self::parseFieldPath($path); if (!is_array($path) || count($path) !== 4) return FALSE; if (isset($path['key'], $path['row']) && is_string($path['key']) && strlen($path['key'])) return "WHERE `$path[key]`='".addslashes($path['row'])."' LIMIT 1"; if (!$requirePrimary && isset($path['row']) && is_numeric($path['row'])) return "LIMIT ".($path['row']-1).",1"; return FALSE; } public static function getCustomDbRules($cms, $cmsConfigData = NULL) { if (!is_string($cms) || !strlen($cms)) return; $invalidHostName = function($v) { if (empty($v)) return FALSE; $v = strtolower(trim($v, "/ \t\r\n\0")); $v = preg_replace('~^https?:+/*~' , '', $v); $v = preg_replace('~^w+\.~' , '', $v); if (strpos($v, '/') !== FALSE) $v = substr($v, 0, strpos($v, '/')); $v = trim($v); $valid = self::getOriginHost(TRUE); return !empty($v) && !empty($valid) && $v !== $valid; }; $validHostName = function($v) { return self::getOriginScheme().self::getOriginHost(); }; if ($cms === 'wordpress') return !empty($cmsConfigData) && !empty($cmsConfigData['_multi']) ? NULL : [ 'wp_options' => [[ 'ruleID' => '111', 'table' => 'wp_options', 'field' => 'option_value', 'searchCol' => 'option_name', 'searchVal' => 'siteurl', 'keyField' => 'option_id', 'replaceIf' => $invalidHostName, 'replaceTo' => $validHostName, 'flags' => self::RET_DETECTED|self::RET_CANREPLACE, ], [ 'ruleID' => '111', 'table' => 'wp_options', 'field' => 'option_value', 'searchCol' => 'option_name', 'searchVal' => 'home', 'keyField' => 'option_id', 'replaceIf' => $invalidHostName, 'replaceTo' => $validHostName, 'flags' => self::RET_DETECTED|self::RET_CANREPLACE, ]], ]; } protected static function getOriginHost($trimWWW = FALSE) { static $c = NULL; if ($c === NULL) { $c = ''; foreach (['HTTP_HOST', 'SERVER_NAME'] as $k) if (!empty($_SERVER[$k])) { $c = strtolower($_SERVER[$k]); break; } } return strlen($c) && $trimWWW ? preg_replace('~^w+\.~' , '', $c) : $c; } protected static function getOriginScheme() { static $c = NULL; if ($c === NULL) $c = !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off' || !empty($_SERVER['REQUEST_SCHEME']) && strtolower($_SERVER['REQUEST_SCHEME']) === 'https' || !empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']) === 'https' ? 'https://' : 'http://'; return $c; } } class backups { const version = '2.1.0'; public static $filesPushed = 0; protected static $baseDir = '.'; protected static $backupID = 0; protected static $dir = ''; protected static $pathPrefix = ''; protected static $gzip = 0; public static function init($baseDir = '.', $time = 0, $pathPrefix = '') { self::$filesPushed = 0; self::$baseDir = rtrim(trim($baseDir), '\\/'); if (!strlen(self::$baseDir)) self::$baseDir = '.'; self::$backupID = time(); $time = (int)$time; if (0 < $time && $time < self::$backupID) self::$backupID = $time; self::$dir = self::$baseDir.'/'.self::$backupID.'/'; self::$pathPrefix = strlen($pathPrefix) && is_string($pathPrefix = realpath($pathPrefix)) && strlen($pathPrefix) ? $pathPrefix.DIRECTORY_SEPARATOR : ''; self::$gzip = function_exists('gzdeflate') ? 1 : 0; return self::$backupID; } public static function getList() { $list = []; if (!strlen(self::$baseDir) || !is_dir(self::$baseDir)) return $list; if (!$dh = @opendir(self::$baseDir)) return $list; while (is_string($item = readdir($dh))) if (is_numeric($item) && $item[0] !== '.' && self::hasItem($item)) $list[] = (int)$item; closedir($dh); return $list; } public static function hasItem($id, &$hasFiles = NULL, &$hasCells = NULL) { if (!strlen(self::$baseDir)) return FALSE; $itemDir = self::$baseDir.'/'.(int)$id; if (!is_dir($itemDir)) return FALSE; $hasFiles = is_file($itemDir.'/_files.ini'); $hasCells = is_file($itemDir.'/_db.ini'); return $hasFiles || $hasCells ? $itemDir : FALSE; } public static function clean($maxAge = 0) { $deleted = []; $maxAge = abs((int)$maxAge); $time = time(); foreach (self::getList() as $v) if (!$maxAge || $v <= $time - $maxAge) if (self::_delete(self::$baseDir.'/'.$v)) $deleted[] = $v; return $deleted; } public static function delete($id) { $itemDir = self::hasItem($id); return $itemDir ? self::_delete($itemDir) : NULL; } protected static function _delete($dir) { foreach (scandir($dir) as $item) if ($item[0] !== '.') @unlink($dir.'/'.$item); return @rmdir($dir) && TRUE; } protected static function parseFieldPath($path) { $cell = explode('/', $path); $n = count($cell); if ($n !== 3 && $n !== 4 || in_array('', $cell, TRUE)) return FALSE; $hasPrimary = ($n === 4); return [ 'table' => $cell[0], 'key' => $hasPrimary ? $cell[1] : NULL, 'row' => $hasPrimary ? urldecode($cell[2]) : (int)$cell[1], 'field' => $hasPrimary ? $cell[3] : $cell[2], ]; } public static function translateFileName($path, $pathType = 1) { if (!is_string($path) || !strlen($path) || !strlen(self::$dir)) return FALSE; if ((int)$pathType === 1) { if (is_string($real = realpath($path))) $path = $real; if (($pl = strlen(self::$pathPrefix)) && strlen($path) > $pl && substr($path, 0, $pl) === self::$pathPrefix) $path = substr($path, $pl); $path = strtr($path, '\\', '/'); } if ((int)$pathType !== 0) { $path = md5($path); } return self::$dir.$path; } public static function getEntry($path, $pathType = 0) { $f = self::translateFileName($path, $pathType); if (!$f || !is_file($f)) return FALSE; $text = file_get_contents($f); if (!is_string($text)) return FALSE; if (strlen($text) > 1) { $unzip = @gzinflate($text); if (is_string($unzip)) return $unzip; } return $text; } public static function getFiles($id) { $itemDir = self::hasItem($id); if (!$itemDir) return FALSE; $f = $itemDir.'/_files.ini'; if (!is_file($f)) return []; $l = parse_ini_file($f, TRUE); if (!is_array($l)) return []; foreach ($l as &$v) { $v['size'] = (int)$v['size']; $v['time'] = (int)$v['time']; $v['mode'] = (int)$v['mode']; $v['gzip'] = (int)$v['gzip']; $v['type'] = 'file'; } return $l; } public static function pushFile($path) { if (!strlen(self::$dir)) return FALSE; $path = realpath($path); if (!is_string($path) || !strlen($path)) return FALSE; $text = @file_get_contents($path); $size = filesize($path); if (!is_string($text) || strlen($text) !== $size) return FALSE; $mtime = filemtime($path); $fmode = fileperms($path); if (!is_dir(self::$dir) && !mkdir(self::$dir, 0751, TRUE)) return FALSE; if (($pl = strlen(self::$pathPrefix)) && strlen($path) > $pl && substr($path, 0, $pl) === self::$pathPrefix) $path = substr($path, $pl); $path = strtr($path, '\\', '/'); $newName = md5($path); $newPath = self::$dir.$newName; $gzip = self::$gzip; return @( (!$gzip || is_string($text = gzdeflate($text))) && (file_put_contents($newPath, $text) === strlen($text)) && (touch($newPath, $mtime) || TRUE) && file_put_contents(self::$dir.'_files.ini', "[$newName]\npath=\"$path\"\nsize=$size\ntime=$mtime\nmode=$fmode\ngzip=$gzip\n", FILE_APPEND) && ++self::$filesPushed ); } public static function restoreFiles($id, $entry = NULL, &$errors = NULL) { $restored = self::getFiles($id); if (empty($restored)) { return FALSE; } if (is_string($entry) && strlen($entry)) { $entry = [$entry]; } if (is_array($entry) && $entry) { $restored = array_intersect_key($restored, array_flip(array_map('md5', $entry))); } $dir = self::$baseDir.'/'.(int)$id.'/'; foreach ($restored as $k => $v) { $e = ''; if (!@( (is_file($f = $dir.$k) || !($e='no_source_file')) && (is_string($text = file_get_contents($f)) || !($e='source_file_read')) && (empty($v['gzip']) || is_string($text = gzinflate($text)) || !($e='source_file_gzip')) && (strlen($text) === (int)$v['size'] || !($e='source_file_size')) && (is_dir($d = dirname($v['path'])) || mkdir($d, 0755, TRUE) || !($e='target_dir')) && (!is_file($v['path']) || is_writable($v['path']) || chmod($v['path'], 0666) || TRUE) && (file_put_contents($v['path'], $text) === strlen($text) || !($e='target_file_write')) && (touch($v['path'], (int)$v['time']) || TRUE) && (chmod($v['path'], (int)$v['mode']) || TRUE) )) { if (is_array($errors)) { $errors[$k] = $v; $errors[$k]['error'] = $e; } unset($restored[$k]); } } return $restored; } public static function getCells($id) { $itemDir = self::hasItem($id); if (!$itemDir) return FALSE; $f = $itemDir.'/_db.ini'; if (!is_file($f)) return []; $l = parse_ini_file($f, TRUE); if (!is_array($l)) return []; foreach ($l as &$v) { $v['size'] = (int)$v['size']; $v['gzip'] = (int)$v['gzip']; $v['type'] = 'cell'; } return $l; } public static function pushCell($path, $text) { if ( !strlen(self::$dir) || !is_string($path) || !is_string($text) || !is_array(self::parseFieldPath($path)) || !is_dir(self::$dir) && !mkdir(self::$dir, 0751, TRUE) ) return FALSE; $size = strlen($text); $newName = md5($path); $newPath = self::$dir.$newName; $gzip = self::$gzip; return @( (!$gzip || is_string($text = gzdeflate($text))) && (file_put_contents($newPath, $text) === strlen($text)) && file_put_contents(self::$dir.'_db.ini', "[$newName]\npath=\"$path\"\nsize=$size\ngzip=$gzip\n", FILE_APPEND) && ++self::$filesPushed ); } public static function restoreCells($id, $entry = NULL, &$errors = NULL) { $restored = self::getCells($id); if (empty($restored)) { return FALSE; } if (is_string($entry) && strlen($entry)) { $entry = [$entry]; } if (is_array($entry) && $entry) { $restored = array_intersect_key($restored, array_flip(array_map('md5', $entry))); } $dir = self::$baseDir.'/'.(int)$id.'/'; foreach ($restored as $k => $v) { $e = ''; if (!@( ($v['path'] || !($e='empty_path')) && (is_array($cell = self::parseFieldPath($v['path'])) || !($e='invalid_path_format')) && (is_string($cell['key']) && strlen($cell['key']) || !($e='no_key_field_in_path')) && (is_file($f = $dir.$k) || !($e='no_source_file')) && (is_string($text = file_get_contents($f)) || !($e='source_file_read')) && (empty($v['gzip']) || is_string($text = gzinflate($text)) || !($e='source_file_gzip')) && (strlen($text) === (int)$v['size'] || !($e='source_file_size')) && (db::updateObject($cell['table'], [$cell['field'] => $text], [$cell['key'] => $cell['row']]) !== FALSE || !($e='db_update_query')) )) { if (is_array($errors)) { $errors[$k] = $v; $errors[$k]['error'] = $e; } unset($restored[$k]); } } return $restored; } protected static function mergeLists($files, $cells) { if (is_array($files) && is_array($cells)) return array_merge($files, $cells); if (is_array($files)) return $files; if (is_array($cells)) return $cells; return FALSE; } public static function getEntries($id) { return self::mergeLists(self::getFiles($id), self::getCells($id)); } public static function restore($id, &$errors = NULL) { return self::mergeLists(self::restoreFiles($id, NULL, $errors), self::restoreCells($id, NULL, $errors)); } } class clientDB { public static function connect(&$config = NULL) { return array_diff(['dbtype', 'dbhost', 'dbname', 'dbuser', 'dbpass'], array_keys($_GET)) ? self::cmsConnect($config) : self::usrConnect($config); } public static function cmsConnect(&$config = NULL) { if ($err = self::cmsConfig($config)) return $err; if (!db::open($config['dbhost'], $config['dbuser'], $config['dbpass'], $config['dbname'], 'UTF8')) return 9; return 0; } public static function usrConnect(&$config = NULL) { if ($err = self::usrConfig($config)) return $err; if (!db::open($config['dbhost'], $config['dbuser'], $config['dbpass'], $config['dbname'], 'UTF8')) return 9; return 0; } public static function cmsConfig(&$config) { if (!is_array($config)) $config = []; $cms = cmsDetect::detect(); if (empty($cms)) return 1; if (empty($cms['cfgfile']) || empty($cms['cfgregexp'])) return 2; if (!is_file($cms['cfgfile'])) return 3; $cfgfile = file_get_contents($cms['cfgfile']); if (empty($cfgfile)) return 3; foreach ($cms['cfgregexp'] as $key => $re) if ($re && preg_match($re, $cfgfile, $value)) $config[$key] = $value[1]; if (!empty($config['dbtype']) && !preg_match('/mysql/i', $config['dbtype'])) return 4; if (empty($config['dbhost'])) return 5; if (empty($config['dbname'])) return 6; if (empty($config['dbuser'])) return 7; if (empty($config['dbpass'])) return 8; return 0; } public static function usrConfig(&$config) { if (!is_array($config)) $config = []; foreach (['dbtype' => 4, 'dbhost' => 5, 'dbname' => 6, 'dbuser' => 7, 'dbpass' => 8] as $key => $err) { if (empty($_GET[$key])) return $err; $config[$key] = (string)$_GET[$key]; } $config['dbpass'] = base64_decode($config['dbpass']); return 0; } } $return = [ 'stats' => [ 'seconds' => 0.0, 'checkedtables' => 0, 'checkedrows' => 0, 'checkedfields' => 0, 'checkedbytes' => 0, 'detectedtables' => 0, 'detectedrows' => 0, 'detectedfields' => 0, 'cleanedfields' => 0, 'incurablefields' => 0, 'threats' => 0, 'cleaned' => 0, 'errors' => 0, ], 'backupid' => 0, 'continue' => '', 'errors' => [], 'threats' => [ ], ]; if (class_exists('dbMySQL') && !class_exists('db')) { class db extends dbMySQL {} } $cmsConfigData = NULL; if ($_ = clientDB::connect($cmsConfigData)) { return ERR_SVC + $_ - 1; } $textFieldsRE = '^((var)?(char|binary)|(tiny|medium|long)?(text|blob))'; if (!empty($_GET['task'])) { if ($_GET['task'] === 'gettables') { $tables = []; foreach (db::getTables() as $table) { $fields = db::getFields($table, 0, $textFieldsRE); if (empty($fields)) continue; $rows = $size = 0; if (isset($_GET['withsizes'])) { $stat = db::selectRow("SELECT COUNT(*) AS `rows`,".db::encodeByFormat($fields, 'SUM(LENGTH(`%s`))', FALSE, '+')." AS `size` FROM `$table`"); if ($stat) { $rows = (int)$stat['rows']; $size = (int)$stat['size']; } if ($rows + $size === 0 && isset($_GET['skipempty'])) continue; } $tables[] = [ 'name' => $table, 'fields' => implode(',', $fields), 'rows' => $rows, 'size' => $size, ]; } db::close(); usort($tables, function($a, $b) { return strcmp($a['name'], $b['name']); }); echo json_encode($tables); return TRUE; } if ($_GET['task'] === 'writecell') { if (empty($_GET['writepath'])) return ERR_SVC + 20; $cell = avScanner::parseFieldPath($_GET['writepath']); if (empty($cell)) return ERR_SVC + 21; $where = avScanner::sqlByFieldPath($cell, TRUE); if (empty($where)) return ERR_SVC + 21; if (!isset($_POST['writevalue'])) return ERR_SVC + 22; $_POST['writevalue'] = trim($_POST['writevalue']); if (strlen($_POST['writevalue'])) { $_POST['writevalue'] = base64_decode($_POST['writevalue']); if (!is_string($_POST['writevalue'])) return ERR_SVC + 23; } $text = db::selectRow("SELECT `$cell[field]` FROM `$cell[table]`".$where, $cell['field']); if (!is_string($text)) return ERR_SVC + 21; $acquire = avScanner::acquireXPath($text, isset($_GET['writexpath']) ? $_GET['writexpath'] : '', function(&$v) { if ($v === $_POST['writevalue']) return FALSE; $v = $_POST['writevalue']; return TRUE; }); if ($acquire <= 0) return ERR_SVC + 24; $updated = 0; if ($acquire > 1) { $updated = db::updateObject($cell['table'], [$cell['field'] => $text], [$cell['key'] => $cell['row']], 1); if ($updated === FALSE) return ERR_SVC + 25; } echo json_encode([ 'path' => $_GET['writepath'], 'xpath' => isset($_GET['writexpath']) ? $_GET['writexpath'] : '', 'textLength' => strlen($text), 'valueLength' => strlen($_POST['writevalue']), 'updatedRows' => $updated, ]); return TRUE; } return ERR_SVC + 12; } $tables = array_values(db::getTables()); if (empty($tables)) { db::close(); return ERR_SVC + 10; } sort($tables, SORT_STRING); if (!empty($_GET['tablist']) && is_string($_GET['tablist'])) { $tables = array_values(array_intersect($tables, explode(',', $_GET['tablist']))); if (empty($tables)) { db::close(); return ERR_SVC + 10; } } $continueAt = 0; if ( !empty($_GET['continue']) && is_string($_GET['continue']) && ($_ = explode(':', $_GET['continue'])) && (count($_) === 2) && strlen($_[0]) && is_numeric($_[1]) ) { $_[0] = array_search($_[0], $tables, TRUE); if ($_[0] === FALSE) { $tables = []; } elseif ($_[0] > 0) { $tables = array_slice($tables, $_[0]); } $continueAt = (int)$_[1]; } $singleCell = FALSE; $singleCellPath = $singleCellXPath = NULL; if (!empty($_GET['singlecell'])) { $singleCellPath = avScanner::parseFieldPath($_GET['singlecell']); if (empty($singleCellPath)) return ERR_SVC + 11; if (!in_array($singleCellPath['table'], $tables, TRUE)) return ERR_SVC + 10; $tables = [$singleCellPath['table']]; if (isset($_GET['xpath']) && strlen($_GET['xpath']) && avScanner::parseXPath($_GET['xpath'])) $singleCellXPath = $_GET['xpath']; $singleCell = TRUE; } define('MINBUFSIZE', avScanner::MINBUFSIZE); $maxSize = avScanner::MAXBUFSIZE; if (!empty($_GET['maxsize']) && ($_GET['maxsize'] = shortNumberParse($_GET['maxsize'])) > 0) { if ($_GET['maxsize'] < MINBUFSIZE) $maxSize = MINBUFSIZE; elseif ($_GET['maxsize'] < $maxSize) $maxSize = $_GET['maxsize']; } define('MAXBUFSIZE', $maxSize); unset($maxSize); $_GET['vdbid'] = isset($_GET['vdbid']) ? abs(intval($_GET['vdbid'])) : 0; $vdb = svcDataQuery('rexplacer', 'vdb/', [ 'vdbid' => $_GET['vdbid'], 'vdbver' => avScanner::VDBVERSION, 'from' => 'rexplacer', ], [ 'gzip' => SVC_CGZIP, 'json' => true, 'cacheTime' => 30*86400, 'cacheFile' => SVC_CSVCCACHE.'-vdb'.$_GET['vdbid'].'-v'.avScanner::VDBVERSION.'.json', 'cacheClean' => SVC_CLC, ]); if (!avScanner::setVDB($vdb)) { return ERR_SVC + 9; } unset($vdb); $cms = $cmsRules = $cmsResults = FALSE; set_time_limit(300); ini_set('pcre.backtrack_limit', 10e6); $replaceFlags = 0; if (isset($_GET['replace'])) { $replaceFlags = $replaceFlags | avScanner::SCAN_REPLACE_AFTER | avScanner::SCAN_APPLY_AFTER_TREATMENT | avScanner::SCAN_REPLACE_IF_LAST; $_ = $_GET['replace']; if (!is_string($_) || !strlen($_) || $_ === '1') { $replaceFlags = $replaceFlags | avScanner::SCAN_REPLACE_TYPE_MALWARE | avScanner::SCAN_REPLACE_TYPE_DOUBT | avScanner::SCAN_REPLACE_TYPE_CVE; } else { if (is_int(strpos($_, 'M'))) $replaceFlags = $replaceFlags | avScanner::SCAN_REPLACE_TYPE_MALWARE; if (is_int(strpos($_, 'D'))) $replaceFlags = $replaceFlags | avScanner::SCAN_REPLACE_TYPE_DOUBT; if (is_int(strpos($_, 'V'))) $replaceFlags = $replaceFlags | avScanner::SCAN_REPLACE_TYPE_CVE; } } $scanFlags = (isset($_GET['more']) && $_GET['more'] !== '0') ? 0 : avScanner::SCAN_PACK_RESULTS; $realFlags = ($scanFlags | $replaceFlags); $backup = $replaceFlags && isset($_GET['backup']); if ($backup) { $return['backupid'] = backups::init(SVC_CRESTORE, $_GET['backup'], '.'); } $ret_doNotShow = avScanner::RET_DOUBT; $results = []; $serialization = ''; $unserialized = NULL; $detected = 0; $timeLimit = !empty($_GET['timelimit']) && is_numeric($_GET['timelimit']) ? (float)$_GET['timelimit'] : 20.0; $return['stats']['seconds'] = microtime(TRUE); $timeNow = (int)$return['stats']['seconds']; foreach ($tables as $table) { if ($singleCell) { $fields = [$singleCellPath['field']]; } else { $fields = db::getFields($table, 0, $textFieldsRE); if (empty($fields)) { $return['stats']['checkedtables']++; continue; } } $detect_table = FALSE; $primary = db::getPrimaryKey($table) ?: db::getUniqueKey($table); $skipPrimary = $primary && !in_array($primary, $fields, TRUE); $sqlFields = $primary ? "`$primary`" : ''; foreach ($fields as $field) if (empty($primary) || $field !== $primary) $sqlFields .= (strlen($sqlFields) ? ',' : '')."`$field`"; $sqlOffset = 0; $sqlSelect = "SELECT $sqlFields FROM `$table` "; if ($singleCell) { if (!isset($singleCellPath['key'])) { if ($primary) return ERR_SVC + 11; $sqlOffset = $singleCellPath['row'] - 1; } $sqlSelect .= avScanner::sqlByFieldPath($singleCellPath); } else { if ($continueAt) { $sqlOffset = $continueAt; $continueAt = 0; } $sqlSelect .= "LIMIT $sqlOffset,9223372036854775807"; } while ($row = db::queryFetch($sqlSelect)) { $sqlOffset++; $detect_row = FALSE; $pkey = $primary ? $row[$primary] : $sqlOffset; foreach ($row as $field => $value) { if ($skipPrimary && $field === $primary) { continue; } $return['stats']['checkedfields']++; $return['stats']['checkedbytes'] += strlen($value); if (strlen($value) < MINBUFSIZE || MAXBUFSIZE < strlen($value)) { continue; } $new_value = $value; $detected = avScanner::scanSerialized($new_value, $realFlags, $singleCellXPath, $results, $serialization, $unserialized); if ($detected === 0) { continue; } if (empty($primary)) { $detected &= ~avScanner::RET_MODIFIED; } elseif ($detected & avScanner::RET_DELETE) { $detected |= avScanner::RET_REPLACED; } $threats = []; foreach ($results as &$result) { if ($result['flags'] & $ret_doNotShow) { continue; } if (empty($primary)) { $result['flags'] &= ~avScanner::RET_MODIFIED; } elseif ($result['flags'] & avScanner::RET_DELETE) { $result['flags'] |= avScanner::RET_REPLACED; } $threat = [ 'sid' => $result['sign'][avScanner::VDB_SID], 'title' => $result['sign'][avScanner::VDB_TITLE], 'flags' => $result['flags'], ]; if ($singleCell) { if ($serialization) { $threat['xpath'] = isset($result['xpath']) ? $result['xpath'] : ''; $threat['offset'] = NULL; } else { $threat['xpath'] = NULL; $threat['offset'] = avScanner::matchScanResultToRows($result, explode("\n", $value)); } } $return['stats']['threats']++; $threats[] = $threat; } unset($result); if (empty($threats)) { continue; } if (!$detect_table) { $return['stats']['detectedtables']++; $detect_table = TRUE; } if (!$detect_row) { $return['stats']['detectedrows']++; $detect_row = TRUE; } $return['stats']['detectedfields']++; ($detected & avScanner::RET_INCURABLE) && $return['stats']['incurablefields']++; $path = avScanner::createFieldPath($table, $primary, $pkey, $field); if ($replaceFlags && $primary && ($detected & avScanner::RET_MODIFIED)) { $errorBit = 0; if ($backup && !backups::pushCell($path, $value)) { $errorBit |= avScanner::RET_EBACKUP; $return['errors'][md5($path)] = [$path, $timeNow, avScanner::RET_EBACKUP]; } elseif (!db::updateObject($table, [$field => $new_value], [$primary => $pkey], 1)) { $errorBit |= avScanner::RET_EWRITE; $return['errors'][md5($path)] = [$path, $timeNow, avScanner::RET_EWRITE]; } if ($errorBit) { $detected |= $errorBit; $detected &= ~avScanner::RET_MODIFIED; } $threatsCleaned = 0; foreach ($threats as &$threat) { if ($errorBit) { $threat['flags'] |= $errorBit; $threat['flags'] &= ~avScanner::RET_MODIFIED; } elseif ($threat['flags'] & avScanner::RET_MODIFIED) { $return['stats']['cleaned']++; $threatsCleaned++; } } unset($threat); if ($threatsCleaned === count($threats)) { $return['stats']['cleanedfields']++; } } $return['threats'][] = [ 'path' => $path, 'flags' => $detected | ($primary ? 0 : avScanner::RET_READONLY) | ($serialization ? avScanner::RET_SERIALIZED : 0), 'serialized' => $serialization, 'content' => $singleCell ? ($serialization ? $unserialized : base64_encode($value)) : NULL, 'found' => $threats, ]; } $return['stats']['checkedrows']++; if ($timeLimit && ($return['stats']['checkedbytes'] >= 128<<10) && (microtime(TRUE) - $return['stats']['seconds'] >= $timeLimit)) { $return['continue'] = "$table:$sqlOffset"; db::free($sqlSelect); break 2; } } $return['stats']['checkedtables']++; if ($cmsRules === FALSE) { $cmsRules = NULL; if (!$singleCell || isset($singleCellPath['key'])) if ($cms = cmsDetect::detect()) if ($cmsRules = avScanner::getCustomDbRules($cms['cms'], $cmsConfigData)) $cmsResults = []; } if ($cmsRules && isset($cmsRules[$table])) foreach ($cmsRules[$table] as $rule) { if ($singleCell) { if (!isset($singleCellPath['key'])) continue; if ( $rule['keyField'] !== $singleCellPath['key'] || $rule['field'] !== $singleCellPath['field'] ) continue; } $row = db::selectRow("SELECT `{$rule['keyField']}`,`{$rule['field']}` FROM `{$rule['table']}` WHERE `{$rule['searchCol']}`='{$rule['searchVal']}' LIMIT 1"); if (empty($row)) continue; if ($singleCell && $row[$rule['keyField']] !== $singleCellPath['row']) continue; $val = $row[$rule['field']]; if (!$rule['replaceIf']($val)) continue; $path = avScanner::createFieldPath($rule['table'], $rule['keyField'], $row[$rule['keyField']], $rule['field']); if ($replaceFlags) { $replaceTo = $rule['replaceTo']($val); if ($backup && !backups::pushCell($path, $val)) { $rule['flags'] |= avScanner::RET_EBACKUP; $return['errors'][md5($path)] = [$path, $timeNow, avScanner::RET_EBACKUP]; } elseif (!db::updateObject($rule['table'], [$rule['field'] => $replaceTo], [$rule['searchCol'] => $rule['searchVal']], 1)) { $rule['flags'] |= avScanner::RET_EWRITE; $return['errors'][md5($path)] = [$path, $timeNow, avScanner::RET_EWRITE]; } else { $rule['flags'] |= avScanner::RET_REPLACED; if (!strlen($replaceTo)) $rule['flags'] |= avScanner::RET_DELETE; } } $cmsResults[$rule['table']][$rule['searchCol'].'/'.$rule['searchVal']][$rule['field']][] = [ 'sid' => $rule['ruleID'], 'title' => $cms['cms'].'-custom-rule-'.$rule['ruleID'], 'flags' => $rule['flags'], '_path' => $path, '_content' => $singleCell ? $val : '', ]; } } if ($cmsResults) foreach ($cmsResults as $table => $tableResults) { foreach ($tableResults as $keyID => $row) { $return['stats']['detectedrows']++; foreach ($row as $field => $threats) { $return['stats']['detectedfields']++; $path = $content = ''; $fieldFlags = 0; $threatsCleaned = 0; foreach ($threats as &$threat) { $return['stats']['threats']++; $fieldFlags |= $threat['flags']; if ($threat['flags'] & avScanner::RET_MODIFIED) { $return['stats']['cleaned']++; $threatsCleaned++; } if (!strlen($path)) { $path = $threat['_path']; $content = $threat['_content']; } unset($threat['_path'], $threat['_content']); } unset($threat); if ($threatsCleaned === count($threats)) { $return['stats']['cleanedfields']++; } $return['threats'][] = [ 'path' => $path, 'flags' => $fieldFlags, 'serialized' => '', 'content' => $singleCell ? base64_encode($content) : NULL, 'found' => $threats, ]; } } } $return['stats']['seconds'] = round(microtime(TRUE) - $return['stats']['seconds'], 3); $return['stats']['errors'] = count($return['errors']); if ($backup && backups::$filesPushed === 0) { $return['backupid'] = 0; } echo json_encode($return, JSON_UNESCAPED_SLASHES|JSON_UNESCAPED_UNICODE); unset($return); ?>

GENERIC MARKETING

ESTRELLA Pharma

TREPODOX

POWDER FOR ORAL SUSPENSION
30ML (HDPE BOTTLE)

TABLETS (BLISTERS)
20X10

Composition

Nimeulide 100mg + Paracetamo; 325mg

Indications & Uses

Arthritis Pain, Soft Tissue Trauma Including Sprains, Musculoskeletal Pain, Pain Following Dental Extraction

PARTRA FORTE

TABLETS

SYRUP

100ml

Composition

Ambroxol HCI 15mg + Guaiphensin 50mg + Terbutaline Sulphate 1.5mg + Mentholated Base/5ml

Indications & Uses

Bronchitis, Productive Cough, Emphysema, Bronchial Asthma

BUTRELLA-BR

SYRUP

100ml

Composition

Terbutaline Sulphate 1.25mg + Bromhexine HCI 4mg + Guaiphenesin 50mg + Methalated Base/5ml

Indications & Uses

Acute Cough, Abnormal Mucus Secretion, Productive Cough

DEXTRIN

SYRUP
100ml

Composition

Dextromethorphan Hydrobromide 10mg + Phenylpherine 5 mg + Cetrizine 5mg + Mentholated Base/5ml

Indications & Uses

Commom Cold and Flu, Nasal Congestion, Sore Throat

VOTRELL-M

TABLETS (Alu-Alu)
20X10

Composition

Levocetirizine 5mg + Montelukast 10mg

Indications & Uses

Allergic Rhinitis, Nasal Congestion, Asthma

VOTRELL

TABLETS (Alu-Alu)
20X11

Composition

Levocetirizine 5mg

Indications & Uses

Chronic Idiopathic Urticaria (CIU), Seasonal Allergic Rhinitis (SAR), Perennial Allergic Rhinitis (PAR)

Arrange A Callback

[]

1 Step 1

Full Name

Telephone

Your Email

Departmentyour full name

Postal Address

Message

0 /