| Current Path : /storage/v11800/feelfoundation-new/public_html/vdconnect-8t3r5cwj/cache/ |
Linux v11800 5.3.0-1023-aws #25~18.04.1-Ubuntu SMP Fri Jun 5 15:19:18 UTC 2020 aarch64
|
| Current File : /storage/v11800/feelfoundation-new/public_html/vdconnect-8t3r5cwj/cache/svc-rexplacer-105a861d09c5eafebf963ee080003f7b.php |
<?php defined('SVC_HOST') || exit(); define('SVC_CLIENTLIB', '1.5.13'); define('STAMPFORMAT', 'Y-m-d H:i:s'); $slashes = function_exists('preg_match') && preg_match('/%(2f|5c)/i', $_SERVER['QUERY_STRING']); foreach (array_keys($_GET) as $_) if (strlen($_) > 3 && substr($_, 0, 3) !== 'svc' && is_string($_GET[$_])) { if ($slashes) $_GET[$_] = strtr($_GET[$_], array('%2f' => '/', '%2F' => '/', '%5c' => '\\', '%5C' => '\\')); inlineDecode($_GET[$_]); } if ($_POST) foreach (array_keys($_POST) as $_) if (is_string($_POST[$_])) inlineDecode($_POST[$_]); $flags = isset($_GET['svcflags']) ? (int)$_GET['svcflags'] : 0; $options = svcGlobalOptions(); if ($options['flags'] !== $flags) { $options['flags'] = $flags; svcGlobalOptions($options); } unset($slashes, $flags, $options); function svcDataQuery($svc = '', $section = '', $query = NULL, $options = NULL, &$cached = NULL) { if (!is_array($options)) $options = array(); $cacheTime = isset($options['cacheTime']) ? abs((int)$options['cacheTime']) : 300; $cacheFile = isset($options['cacheFile']) ? (string)$options['cacheFile'] : ''; $cacheable = $cacheTime && strlen($cacheFile); $cached = $cacheable && empty($options['cacheReload']) && is_file($cacheFile) && filesize($cacheFile) && (filemtime($cacheFile) + $cacheTime >= time()); if ($cached) { $rawdata = file_get_contents($cacheFile); if (is_string($rawdata) && (($data = svcDataQueryDecode($rawdata, !empty($options['gzip']), !empty($options['json']))) !== FALSE)) { !empty($options['cacheClean']) && @unlink($cacheFile); return $data; } @unlink($cacheFile); } $cached = FALSE; $url = SVC_QDATA.(strlen($svc) ? $svc.'/' : '').(strlen($section) ? $section.(substr($section, -1) === '/' ? '' : '.php') : '').'?'.SVC_QBASE .(is_array($query) && $query ? '&'.http_build_query($query) : (is_string($query) && strlen($query) ? '&'.$query : '')); $rawdata = defined('SVC_USECURL') && SVC_USECURL && curl_setopt($GLOBALS['svcCURL'], CURLOPT_URL, $url) ? curl_exec($GLOBALS['svcCURL']) : @file_get_contents($url, 0, $GLOBALS['svcContext']); if (!is_string($rawdata)) return FALSE; $data = svcDataQueryDecode($rawdata, !empty($options['gzip']), !empty($options['json'])); if ($data === FALSE) return FALSE; if ($cacheable) if (!empty($options['cacheClean']) || (@file_put_contents($cacheFile, $rawdata, LOCK_EX) !== strlen($rawdata))) if (is_file($cacheFile)) @unlink($cacheFile); return $data; } function svcDataQueryDecode($data, $gzip = TRUE, $json = TRUE) { if (!is_string($data)) return FALSE; if ($gzip) { $data = @gzinflate($data); if (!is_string($data)) return FALSE; } if ($json) { $data = @json_decode($data, TRUE); if ($data === FALSE || $data === NULL) return FALSE; } return $data; } function inlineDecode(&$s) { $pfx = (string)substr($s, 0, 5); if (!$p = strpos($pfx, ':')) return TRUE; $pfx = substr($pfx, 0, $p); switch ($pfx) { case 'B64': $s = base64_decode(substr($s, $p + 1)); return is_string($s); case 'HEX': $s = pack('H*', substr($s, $p + 1)); return is_string($s); case 'JSON': $s = json_decode(substr($s, $p + 1), TRUE); return $s !== NULL; } return TRUE; } function svcGlobalOptions($save = NULL) { $file = './'.SVC_CDIR.'/options'; static $cache; if (is_array($save) && $save) { $cache = $save; return file_put_contents($file, gzdeflate(json_encode($save))) && TRUE; } if ($cache) return $cache; if ( is_file($file) && ($data = file_get_contents($file)) && ($data = gzinflate($data)) && is_array($data = json_decode($data, TRUE)) && isset($data['flags']) ) { $cache = $data; return $data; } $cache = array('flags' => 0); return $cache; } function formatDirName($path, $cDir = './', $rootDir = '/', $strict = FALSE) { $path = strtr(trim($path), '\\', '/'); $drive = ''; if (($_ = strpos($path, ':')) !== FALSE) { $drive = substr($path, 0, $_ + 1); $path = substr($path, $_ + 1); } $root = strlen($path) && $path[0] === '/' ? '/' : ''; $path = explode('/', trim($path, '/')); $ret = array(); foreach ($path as $part) if (strlen($part) && $part !== '.') if ($part === '..' && ($strict || ($ret && end($ret) !== '..'))) array_pop($ret); else $ret[] = $part; $ret = $root.implode('/', $ret); if (!strlen($ret)) return $drive.$cDir; elseif ($ret === '/') return $drive.$rootDir; else return $drive.$ret.'/'; } function splitTextLines($text, $skipEmpty = TRUE, $trimLines = FALSE, $addSplitChars = '|') { $tr = array("\r" => ''); if (is_string($addSplitChars)) for ($i = 0, $l = strlen($addSplitChars); $i < $l; ++$i) $tr[$addSplitChars[$i]] = "\n"; $textTr = strtr($text, $tr); if (!$skipEmpty && !$trimLines) return explode("\n", $textTr); $ret = array(); foreach (explode("\n", $textTr) as $v) { if ($trimLines) $v = trim($v); if (!$skipEmpty || strlen($v)) $ret[] = $v; } return $ret; } function removeDir($entry, &$counter = NULL, &$size = NULL, $contentsOnly = FALSE) { if (!strlen($entry)) return FALSE; if (!is_dir($entry) || is_link($entry)) { ++$counter; $size += (float)filesize($entry); return unlink($entry); } $entry .= '/'; if (!$dh = opendir($entry)) return FALSE; $err = FALSE; while (($obj = readdir($dh)) !== FALSE) if ($obj !== '.' && $obj !== '..') if (!removeDir($entry.$obj, $counter, $size, FALSE)) $err = TRUE; closedir($dh); if (!$contentsOnly && !$err) if (!rmdir($entry)) $err = TRUE; return !$err; } function file_safe_rewrite($filename, $data, $lock = FALSE, $context = NULL) { if (!is_string($data)) return FALSE; clearstatcache(); $exists = is_file($filename); if ($exists) { $fmode = (int)fileperms($filename); $backup = $filename.'.tmp'.rand(100, 999); if (!rename($filename, $backup)) return FALSE; } if (file_put_contents($filename, $data, $lock ? LOCK_EX : 0, $context) >= strlen($data)) { if ($exists) { unlink($backup); $fmode && chmod($filename, $fmode); } return TRUE; } else { is_file($filename) && unlink($filename); if ($exists) { rename($backup, $filename); $fmode && chmod($filename, $fmode); } return FALSE; } } function sortFileList($a, $b) { $ad = $a[0][strlen($a[0])-1] === '/'; $bd = $b[0][strlen($b[0])-1] === '/'; if ($ad && $bd) return strcmp($a[0], $b[0]); elseif ($ad) return -1; elseif ($bd) return 1; $_ = strcmp(pathinfo($a[0], PATHINFO_EXTENSION), pathinfo($b[0], PATHINFO_EXTENSION)); if ($_) return $_; else return strcmp($a[0], $b[0]); } function getUserInfo($uid, $part = 'name', $default = '') { if (is_int($uid) && function_exists('posix_getpwuid') && ($user = posix_getpwuid($uid)) && isset($user[$part])) return $user[$part]; return $default; } function getGroupInfo($gid, $part = 'name', $default = '') { if (is_int($gid) && function_exists('posix_getgrgid') && ($group = posix_getgrgid($gid)) && isset($group[$part])) return $group[$part]; return $default; } function shortNumber($num, $precision = 2, $delimiter = ' ', $base = 1024) { $pfx = array('', 'k', 'M', 'G', 'T', 'P', 'E', 'Z', 'Y'); $num = (float)$num; $pow = $num ? min((int)log(abs($num), $base), count($pfx) - 1) : 0; return round($num / pow($base, $pow), $precision).$delimiter.$pfx[$pow]; } function shortNumberParse($str, $base = 1024) { $str = strtoupper(trim((string)$str)); $num = (float)$str; if (!$num) return $num; $pow = array('K' => 1, 'M' => 2, 'G' => 3, 'T' => 4, 'P' => 5, 'E' => 6, 'Z' => 7, 'Y' => 8); for ($i = strlen($str) - 1; $i >= 0; --$i) if (isset($pow[$str[$i]])) $num *= pow($base, $pow[$str[$i]]); elseif (is_numeric($str[$i])) break; return $num; } class backups { const version = '2.1.0'; public static $filesPushed = 0; protected static $baseDir = '.'; protected static $backupID = 0; protected static $dir = ''; protected static $pathPrefix = ''; protected static $gzip = 0; public static function init($baseDir = '.', $time = 0, $pathPrefix = '') { self::$filesPushed = 0; self::$baseDir = rtrim(trim($baseDir), '\\/'); if (!strlen(self::$baseDir)) self::$baseDir = '.'; self::$backupID = time(); $time = (int)$time; if (0 < $time && $time < self::$backupID) self::$backupID = $time; self::$dir = self::$baseDir.'/'.self::$backupID.'/'; self::$pathPrefix = strlen($pathPrefix) && is_string($pathPrefix = realpath($pathPrefix)) && strlen($pathPrefix) ? $pathPrefix.DIRECTORY_SEPARATOR : ''; self::$gzip = function_exists('gzdeflate') ? 1 : 0; return self::$backupID; } public static function getList() { $list = []; if (!strlen(self::$baseDir) || !is_dir(self::$baseDir)) return $list; if (!$dh = @opendir(self::$baseDir)) return $list; while (is_string($item = readdir($dh))) if (is_numeric($item) && $item[0] !== '.' && self::hasItem($item)) $list[] = (int)$item; closedir($dh); return $list; } public static function hasItem($id, &$hasFiles = NULL, &$hasCells = NULL) { if (!strlen(self::$baseDir)) return FALSE; $itemDir = self::$baseDir.'/'.(int)$id; if (!is_dir($itemDir)) return FALSE; $hasFiles = is_file($itemDir.'/_files.ini'); $hasCells = is_file($itemDir.'/_db.ini'); return $hasFiles || $hasCells ? $itemDir : FALSE; } public static function clean($maxAge = 0) { $deleted = []; $maxAge = abs((int)$maxAge); $time = time(); foreach (self::getList() as $v) if (!$maxAge || $v <= $time - $maxAge) if (self::_delete(self::$baseDir.'/'.$v)) $deleted[] = $v; return $deleted; } public static function delete($id) { $itemDir = self::hasItem($id); return $itemDir ? self::_delete($itemDir) : NULL; } protected static function _delete($dir) { foreach (scandir($dir) as $item) if ($item[0] !== '.') @unlink($dir.'/'.$item); return @rmdir($dir) && TRUE; } protected static function parseFieldPath($path) { $cell = explode('/', $path); $n = count($cell); if ($n !== 3 && $n !== 4 || in_array('', $cell, TRUE)) return FALSE; $hasPrimary = ($n === 4); return [ 'table' => $cell[0], 'key' => $hasPrimary ? $cell[1] : NULL, 'row' => $hasPrimary ? urldecode($cell[2]) : (int)$cell[1], 'field' => $hasPrimary ? $cell[3] : $cell[2], ]; } public static function translateFileName($path, $pathType = 1) { if (!is_string($path) || !strlen($path) || !strlen(self::$dir)) return FALSE; if ((int)$pathType === 1) { if (is_string($real = realpath($path))) $path = $real; if (($pl = strlen(self::$pathPrefix)) && strlen($path) > $pl && substr($path, 0, $pl) === self::$pathPrefix) $path = substr($path, $pl); $path = strtr($path, '\\', '/'); } if ((int)$pathType !== 0) { $path = md5($path); } return self::$dir.$path; } public static function getEntry($path, $pathType = 0) { $f = self::translateFileName($path, $pathType); if (!$f || !is_file($f)) return FALSE; $text = file_get_contents($f); if (!is_string($text)) return FALSE; if (strlen($text) > 1) { $unzip = @gzinflate($text); if (is_string($unzip)) return $unzip; } return $text; } public static function getFiles($id) { $itemDir = self::hasItem($id); if (!$itemDir) return FALSE; $f = $itemDir.'/_files.ini'; if (!is_file($f)) return []; $l = parse_ini_file($f, TRUE); if (!is_array($l)) return []; foreach ($l as &$v) { $v['size'] = (int)$v['size']; $v['time'] = (int)$v['time']; $v['mode'] = (int)$v['mode']; $v['gzip'] = (int)$v['gzip']; $v['type'] = 'file'; } return $l; } public static function pushFile($path) { if (!strlen(self::$dir)) return FALSE; $path = realpath($path); if (!is_string($path) || !strlen($path)) return FALSE; $text = @file_get_contents($path); $size = filesize($path); if (!is_string($text) || strlen($text) !== $size) return FALSE; $mtime = filemtime($path); $fmode = fileperms($path); if (!is_dir(self::$dir) && !mkdir(self::$dir, 0751, TRUE)) return FALSE; if (($pl = strlen(self::$pathPrefix)) && strlen($path) > $pl && substr($path, 0, $pl) === self::$pathPrefix) $path = substr($path, $pl); $path = strtr($path, '\\', '/'); $newName = md5($path); $newPath = self::$dir.$newName; $gzip = self::$gzip; return @( (!$gzip || is_string($text = gzdeflate($text))) && (file_put_contents($newPath, $text) === strlen($text)) && (touch($newPath, $mtime) || TRUE) && file_put_contents(self::$dir.'_files.ini', "[$newName]\npath=\"$path\"\nsize=$size\ntime=$mtime\nmode=$fmode\ngzip=$gzip\n", FILE_APPEND) && ++self::$filesPushed ); } public static function restoreFiles($id, $entry = NULL, &$errors = NULL) { $restored = self::getFiles($id); if (empty($restored)) { return FALSE; } if (is_string($entry) && strlen($entry)) { $entry = [$entry]; } if (is_array($entry) && $entry) { $restored = array_intersect_key($restored, array_flip(array_map('md5', $entry))); } $dir = self::$baseDir.'/'.(int)$id.'/'; foreach ($restored as $k => $v) { $e = ''; if (!@( (is_file($f = $dir.$k) || !($e='no_source_file')) && (is_string($text = file_get_contents($f)) || !($e='source_file_read')) && (empty($v['gzip']) || is_string($text = gzinflate($text)) || !($e='source_file_gzip')) && (strlen($text) === (int)$v['size'] || !($e='source_file_size')) && (is_dir($d = dirname($v['path'])) || mkdir($d, 0755, TRUE) || !($e='target_dir')) && (!is_file($v['path']) || is_writable($v['path']) || chmod($v['path'], 0666) || TRUE) && (file_put_contents($v['path'], $text) === strlen($text) || !($e='target_file_write')) && (touch($v['path'], (int)$v['time']) || TRUE) && (chmod($v['path'], (int)$v['mode']) || TRUE) )) { if (is_array($errors)) { $errors[$k] = $v; $errors[$k]['error'] = $e; } unset($restored[$k]); } } return $restored; } public static function getCells($id) { $itemDir = self::hasItem($id); if (!$itemDir) return FALSE; $f = $itemDir.'/_db.ini'; if (!is_file($f)) return []; $l = parse_ini_file($f, TRUE); if (!is_array($l)) return []; foreach ($l as &$v) { $v['size'] = (int)$v['size']; $v['gzip'] = (int)$v['gzip']; $v['type'] = 'cell'; } return $l; } public static function pushCell($path, $text) { if ( !strlen(self::$dir) || !is_string($path) || !is_string($text) || !is_array(self::parseFieldPath($path)) || !is_dir(self::$dir) && !mkdir(self::$dir, 0751, TRUE) ) return FALSE; $size = strlen($text); $newName = md5($path); $newPath = self::$dir.$newName; $gzip = self::$gzip; return @( (!$gzip || is_string($text = gzdeflate($text))) && (file_put_contents($newPath, $text) === strlen($text)) && file_put_contents(self::$dir.'_db.ini', "[$newName]\npath=\"$path\"\nsize=$size\ngzip=$gzip\n", FILE_APPEND) && ++self::$filesPushed ); } public static function restoreCells($id, $entry = NULL, &$errors = NULL) { $restored = self::getCells($id); if (empty($restored)) { return FALSE; } if (is_string($entry) && strlen($entry)) { $entry = [$entry]; } if (is_array($entry) && $entry) { $restored = array_intersect_key($restored, array_flip(array_map('md5', $entry))); } $dir = self::$baseDir.'/'.(int)$id.'/'; foreach ($restored as $k => $v) { $e = ''; if (!@( ($v['path'] || !($e='empty_path')) && (is_array($cell = self::parseFieldPath($v['path'])) || !($e='invalid_path_format')) && (is_string($cell['key']) && strlen($cell['key']) || !($e='no_key_field_in_path')) && (is_file($f = $dir.$k) || !($e='no_source_file')) && (is_string($text = file_get_contents($f)) || !($e='source_file_read')) && (empty($v['gzip']) || is_string($text = gzinflate($text)) || !($e='source_file_gzip')) && (strlen($text) === (int)$v['size'] || !($e='source_file_size')) && (db::updateObject($cell['table'], [$cell['field'] => $text], [$cell['key'] => $cell['row']]) !== FALSE || !($e='db_update_query')) )) { if (is_array($errors)) { $errors[$k] = $v; $errors[$k]['error'] = $e; } unset($restored[$k]); } } return $restored; } protected static function mergeLists($files, $cells) { if (is_array($files) && is_array($cells)) return array_merge($files, $cells); if (is_array($files)) return $files; if (is_array($cells)) return $cells; return FALSE; } public static function getEntries($id) { return self::mergeLists(self::getFiles($id), self::getCells($id)); } public static function restore($id, &$errors = NULL) { return self::mergeLists(self::restoreFiles($id, NULL, $errors), self::restoreCells($id, NULL, $errors)); } } define('DSCAN_FILES', 1); define('DSCAN_DIRFIRST', 2); define('DSCAN_DIRLAST', 4); define('DSCAN_DOTS', 8); define('DSCAN_INCLUDEBASE', 16); define('DSCAN_FOLLOWLINKS', 32); define('DSCAN_NORMAL', DSCAN_FILES|DSCAN_DIRFIRST); class dirScanner { const version = '1.4.3'; protected $basedir = ''; protected $base = FALSE; protected $cd = ''; protected $flags = 0; protected $maxDepth = 0; protected $last = ''; protected $depth = -1; protected $h = array(); public static function create($dir, $flags = DSCAN_NORMAL, $maxDepth = 64) { $class = __CLASS__; $object = new $class(); if ($object->open($dir, $flags, $maxDepth)) return $object; else { unset($object); return FALSE; } } public function __destruct() { $this->close(); } public function open($dir, $flags = DSCAN_NORMAL, $maxDepth = 64) { $this->close(); if (!strlen($dir)) $dir = './'; elseif ($dir[strlen($dir)-1] !== '/') $dir .= '/'; $this->basedir = ($dir === './') ? '' : $dir; $this->flags = (int)$flags; $this->base = ($this->flags & DSCAN_INCLUDEBASE) > 0; $this->maxDepth = $maxDepth; if ($this->h[0] = @opendir($dir)) { $this->depth = 0; return TRUE; } else { $this->h = array(); return FALSE; } } public function close() { while ($this->depth >= 0) { $this->h[$this->depth] && closedir($this->h[$this->depth]); $this->depth--; } $this->reset(); } protected function reset() { $this->basedir = ''; $this->base = FALSE; $this->cd = ''; $this->flags = 0; $this->maxDepth = 0; $this->last = ''; $this->depth = -1; $this->h = array(); } public function cdUp() { if ($this->depth < 0) return FALSE; $this->h[$this->depth] && closedir($this->h[$this->depth]); unset($this->h[$this->depth]); $this->depth--; if ($this->depth < 0) { $this->reset(); return FALSE; } $this->cd = dirname($this->cd); if (in_array($this->cd, array('.', '/', '\\'))) $this->cd = ''; elseif (strlen($this->cd)) $this->cd .= '/'; return TRUE; } public function cd() { return $this->cd; } public function baseDir() { return $this->basedir; } public function depth() { return $this->depth; } public function last() { return $this->last; } public function isDir() { return strlen($this->last) && ($this->last[strlen($this->last)-1] === '/'); } public function isLink() { return strlen($this->last) && is_link(($this->base ? '' : $this->basedir).$this->last); } public function read() { if ($this->depth < 0) return FALSE; while (TRUE) if ( !$this->h[$this->depth] || (($name = readdir($this->h[$this->depth])) === FALSE) ) { $cd = $this->cd; if (!$this->cdUp()) return FALSE; if ($this->flags & DSCAN_DIRLAST) return $this->last = ($this->base ? $this->basedir : '').$cd; } elseif (is_dir($this->basedir.$this->cd.$name) && (!is_link($this->basedir.$this->cd.$name) || ($this->flags & DSCAN_FOLLOWLINKS))) { if ($name === '.' || $name === '..') if ( ($this->flags & DSCAN_DOTS) && ($this->flags & (DSCAN_DIRFIRST|DSCAN_DIRLAST)) ) return $this->last = ($this->base ? $this->basedir : '').$this->cd.$name.'/'; else continue; $this->depth++; $this->cd .= $name.'/'; if ($this->depth > $this->maxDepth) $this->h[$this->depth] = FALSE; else $this->h[$this->depth] = @opendir($this->basedir.$this->cd); if ($this->flags & DSCAN_DIRFIRST) return $this->last = ($this->base ? $this->basedir : '').$this->cd; } else { if ($this->flags & DSCAN_FILES) return $this->last = ($this->base ? $this->basedir : '').$this->cd.$name; } } public static function scan(&$list, $baseDir = '', $dirName = '', $flags = DSCAN_NORMAL, $callback = NULL, $filter = NULL) { if (!$cb = isset($callback) && is_callable($callback)) if (!is_array($list)) $list = array(); if (strlen($baseDir) && ($baseDir[strlen($baseDir)-1] !== '/')) $baseDir .= '/'; if (strlen($dirName) && ($dirName[strlen($dirName)-1] !== '/')) $dirName .= '/'; $dir = $baseDir.$dirName; if (!$dh = @opendir(strlen($dir) ? $dir : './')) return FALSE; $ret = 0; while (($name = readdir($dh)) !== FALSE) { $entry = (($flags & DSCAN_INCLUDEBASE) ? $baseDir : '').$dirName.$name; if ($name === '.' || $name === '..') { if ( ($flags & DSCAN_DOTS) && ($flags & (DSCAN_DIRFIRST|DSCAN_DIRLAST)) ) ++$ret && ($cb ? $callback($entry.'/') : ($list[] = $entry.'/')); } elseif (is_dir($dir.$name) && (!is_link($dir.$name) || ($flags & DSCAN_FOLLOWLINKS))) { if ($flags & DSCAN_DIRFIRST) ++$ret && ($cb ? $callback($entry.'/') : ($list[] = $entry.'/')); $ret += self::scan($list, $baseDir, $dirName.$name.'/', $flags, $callback, $filter); if ($flags & DSCAN_DIRLAST) ++$ret && ($cb ? $callback($entry.'/') : ($list[] = $entry.'/')); } elseif (!$filter || preg_match($filter, $name)) { if ($flags & DSCAN_FILES) ++$ret && ($cb ? $callback($entry) : ($list[] = $entry)); } } closedir($dh); return $ret; } } class avScanner { const version = '6.1.1'; const VDBVERSION = 4; const MINBUFSIZE = 10; const MAXBUFSIZE = 1048576; const VDB_TITLE = 0; const VDB_SIGNATURE = 1; const VDB_REPLACE = 2; const VDB_CALLBACK = 3; const VDB_INCURABLE = 4; const VDB_DOUBT = 5; const VDB_LAST = 6; const VDB_CVE = 7; const VDB_FTYPES = 8; const VDB_ACK = 9; const VDB_EXC = 10; const VDB_SUB = 11; const VDB_ORDER = 12; const VDB_SID = 13; const RET_DETECTED = 1; const RET_INCURABLE = 2; const RET_DOUBT = 4; const RET_LAST = 8; const RET_CVE = 256; const RET_REPLACED = 16; const RET_DELETE = 32; const RET_CANREPLACE = 64; const RET_CANDELETE = 128; const RET_MODIFIED = 48; const RET_CURABLE = 192; const RET_EBACKUP = 1024; const RET_EWRITE = 2048; const RET_EDELETE = 4096; const RET_EREAD = 8192; const RET_READONLY = 16384; const RET_SERIALIZED = 32768; const RET_RESTORED = 65536; const SCAN_REPLACE = 1; const SCAN_REPLACE_AFTER = 2; const SCAN_APPLY_AFTER_TREATMENT = 4; const SCAN_PACK_RESULTS = 8; const SCAN_REPLACE_IF_LAST = 16; const SCAN_SERIALIZED_SKIP_FAST = 32; const SCAN_REPLACE_TYPE_MALWARE = 1024; const SCAN_REPLACE_TYPE_DOUBT = 2048; const SCAN_REPLACE_TYPE_CVE = 4096; protected static $vdbHost = ''; protected static $vdbApiKey = ''; protected static $cacheFile = ''; protected static $cacheTime = 0; protected static $vdbID = 0; protected static $userAgent = 'libavscanner'; protected static $xpathSeparator = '|'; public static $vdb = []; public static $vdbTop = []; public static function init($options, &$error = NULL) { if (!is_array($options)) return !($error = 'Invalid options in init()'); foreach ($options as $key => $val) self::$$key = $val; return TRUE; } public static function loadVDB(&$error = NULL) { $vdbCached = strlen(self::$cacheFile) && (int)self::$cacheTime && is_file(self::$cacheFile) && filesize(self::$cacheFile) && (filemtime(self::$cacheFile) + (int)self::$cacheTime >= time()); $vdb = $vdbJSON = NULL; $useGZIP = function_exists('gzinflate'); if ($vdbCached) { $vdbURL = self::$cacheFile; $vdbJSON = file_get_contents($vdbURL); if (!is_string($vdbJSON)) return !($error = 'Cache file read failed'); } else { if (!strlen(self::$vdbHost)) return !($error = 'Invalid vdbHost configuration option'); $vdbURL = 'http://'.self::$vdbHost.'/data/rexplacer/vdb/?'.http_build_query([ 'vdbid' => (int)self::$vdbID, 'vdbver' => self::VDBVERSION, 'from' => strtr(self::$userAgent, '/', '-'), 'php' => (float)PHP_VERSION, 'clz' => $useGZIP ? '1' : '', ], '', '&'); if ((int)ini_get('allow_url_fopen')) { $vdbJSON = @file_get_contents($vdbURL, 0, stream_context_create(['http' => [ 'method' => 'GET', 'header' => implode("\r\n", [ 'Accept: *'.'/'.'*', 'Connection: Close', 'User-Agent: '.self::$userAgent, 'Cookie: apikey='.urlencode((string)self::$vdbApiKey), '', ]), 'protocol_version' => 1.1, 'follow_location' => 1, 'max_redirects' => 3, 'timeout' => 30, 'ignore_errors' => FALSE, ]])); } elseif (is_callable('curl_init')) { $curl = curl_init(); curl_setopt_array($curl, [ CURLOPT_URL => $vdbURL, CURLOPT_RETURNTRANSFER => TRUE, CURLOPT_COOKIE => 'apikey='.urlencode((string)self::$vdbApiKey), CURLOPT_USERAGENT => self::$userAgent, CURLOPT_FOLLOWLOCATION => TRUE, CURLOPT_MAXREDIRS => 3, CURLOPT_CONNECTTIMEOUT => 30, CURLOPT_FAILONERROR => TRUE, CURLOPT_SSL_VERIFYPEER => FALSE, ]); $vdbJSON = curl_exec($curl); curl_close($curl); unset($curl); } else { return !($error = 'No allow_url_fopen/CURL available'); } if (!is_string($vdbJSON)) return !($error = 'Request failed'); if ($useGZIP) { $vdbJSON = gzinflate($vdbJSON, 64<<20); if (!is_string($vdbJSON)) return !($error = 'gzinflate() failed'); } } if (!strlen($vdbJSON) || !strpos(' [{', $vdbJSON[0], 1)) return !($error = 'Invalid data received'); $vdb = json_decode($vdbJSON, TRUE); if (!is_array($vdb) || empty($vdb)) return !($error = 'Decoding failed'); $vdbCached || strlen(self::$cacheFile) && @file_put_contents(self::$cacheFile, $vdbJSON, LOCK_EX) && chmod(self::$cacheFile, 0664); return self::setVDB($vdb, $error); } public static function setVDB(&$vdb, &$error = NULL) { if (!is_array($vdb) || empty($vdb)) return !($error = "Invalid or empty VDB"); if (!is_array(self::$vdbTop) || self::$vdbTop) self::$vdbTop = []; $trees = [self::VDB_ACK => [], self::VDB_EXC => [], self::VDB_SUB => []]; foreach ($vdb as $sid => &$sign) { if (!strlen($sign[self::VDB_SIGNATURE]) && !strlen($sign[self::VDB_CALLBACK])) return !($error = "$sid: No RegExp/Constant"); if (strlen($sign[self::VDB_SIGNATURE])) { if ($sign[self::VDB_SIGNATURE][0] === ':') { $sign[self::VDB_SIGNATURE] = ':'.pack('H*', substr($sign[self::VDB_SIGNATURE], 1)); if (strlen($sign[self::VDB_SIGNATURE]) < 3) { return !($error = "$sid: Invalid constant (HEX)"); } } elseif ($sign[self::VDB_SIGNATURE][0] === '=') { $sign[self::VDB_SIGNATURE][0] = ':'; if (strlen($sign[self::VDB_SIGNATURE]) < 3) return !($error = "$sid: Invalid constant (TEXT)"); } else { if (strlen($sign[self::VDB_SIGNATURE]) < 4) return !($error = "$sid: Invalid PCRE"); if (!strpos(' #/~', $sign[self::VDB_SIGNATURE][0])) return !($error = "$sid: Invalid PCRE delimiter"); } } if (!strlen($sign[self::VDB_CALLBACK])) $sign[self::VDB_CALLBACK] = 'cbDefault'; $sign[self::VDB_INCURABLE] = (int)$sign[self::VDB_INCURABLE]; $sign[self::VDB_DOUBT] = (int)$sign[self::VDB_DOUBT]; $sign[self::VDB_LAST] = (int)$sign[self::VDB_LAST]; $sign[self::VDB_CVE] = (int)$sign[self::VDB_CVE]; $sign[self::VDB_FTYPES] = strlen($sign[self::VDB_FTYPES]) ? array_flip(explode(',', $sign[self::VDB_FTYPES])) : NULL; $sign[self::VDB_ORDER] = (int)$sign[self::VDB_ORDER]; $sign[self::VDB_SID] = (int)$sid; if ($sign[self::VDB_SUB]) $trees[self::VDB_SUB][$sign[self::VDB_SUB]][] = $sign[self::VDB_SID]; elseif ($sign[self::VDB_EXC]) $trees[self::VDB_EXC][$sign[self::VDB_EXC]][] = $sign[self::VDB_SID]; elseif ($sign[self::VDB_ACK]) $trees[self::VDB_ACK][$sign[self::VDB_ACK]][] = $sign[self::VDB_SID]; else self::$vdbTop[] = &$sign; $sign[self::VDB_ACK] = $sign[self::VDB_EXC] = $sign[self::VDB_SUB] = NULL; } unset($sign); reset($vdb); foreach ($trees as $treeID => $tree) foreach ($tree as $pid => $cids) if (isset($vdb[$pid])) $vdb[$pid][$treeID] = $cids; else return !($error = "$pid: No such parent signature"); self::$vdb = &$vdb; return TRUE; } public static function scanBuffer(&$text, $fileType = '', $flags = 0, &$results = NULL) { $detected = 0; if ($results !== NULL) if (!is_array($results) || $results) $results = []; foreach (self::$vdbTop as $sign) { $cb = $sign[self::VDB_CALLBACK]; $detected |= self::$cb($sign, $text, $fileType, $flags, $results); if ($detected & self::RET_LAST) break; } if ($detected === 0) return $detected; if ($results !== NULL) { if ($flags & self::SCAN_REPLACE_AFTER) { if (count($results) > 1) usort($results, __CLASS__.'::sortResults_last_length'); for ($i = 0; $i < count($results); ++$i) { $sign = $results[$i]['sign']; if ($sign[self::VDB_INCURABLE]) continue; if ($sign[self::VDB_DOUBT] && !($flags & self::SCAN_REPLACE_TYPE_DOUBT)) continue; if ($sign[self::VDB_CVE] && !($flags & self::SCAN_REPLACE_TYPE_CVE)) continue; if (!$sign[self::VDB_DOUBT] && !$sign[self::VDB_CVE] && !($flags & self::SCAN_REPLACE_TYPE_MALWARE)) continue; if ($sign[self::VDB_LAST]) { if ($flags & self::SCAN_REPLACE_IF_LAST) $text = ''; $results[$i]['flags'] |= self::RET_DELETE; $detected |= self::RET_DELETE; break; } elseif ($sign[self::VDB_CALLBACK] !== 'cbDefault') { $cb = $sign[self::VDB_CALLBACK]; $results[$i]['flags'] |= self::$cb($sign, $text, $fileType, $flags | self::SCAN_REPLACE); $detected |= $results[$i]['flags']; } else { $text = ($sign[self::VDB_SIGNATURE][0] === ':') ? str_replace( substr($sign[self::VDB_SIGNATURE], 1), $sign[self::VDB_REPLACE], $text) : preg_replace( $sign[self::VDB_SIGNATURE], $sign[self::VDB_REPLACE], $text); $results[$i]['flags'] |= self::RET_REPLACED; $detected |= self::RET_REPLACED; } } } if (count($results) > 1 && ($flags & self::SCAN_PACK_RESULTS)) { if ($detected & self::RET_LAST) { $results = $results[0]['sign'][self::VDB_LAST] ? [$results[0]] : [$results[count($results)-1]]; } else { self::resultsRemoveOverlaps($results, TRUE); } } if (count($results) > 1) usort($results, __CLASS__.'::sortResults_order_id'); } elseif ($flags & self::SCAN_REPLACE_AFTER) { throw new Exception('The `SCAN_REPLACE_AFTER` flag requires non NULL $results buffer'); } if (($flags & self::SCAN_APPLY_AFTER_TREATMENT) && strlen($fileType) && ($detected & self::RET_REPLACED) && !($detected & self::RET_DELETE)) self::afterTreatment($text, $fileType); return $detected; } public static function scanArray(&$data, $flags = 0, &$results = NULL, &$_xpath = []) { $withResults = ($results !== NULL); if ($withResults && !is_array($results)) $results = []; $subResults = $withResults ? [] : NULL; $xpUse = $withResults && is_array($_xpath); $xpOp = 1; $detected = $subBits = 0; foreach ($data as $key => &$value) { if (is_array($value) || is_object($value)) { if ($xpUse) $xpOp = self::updateXPath($_xpath, $xpOp, $key); $subBits = static::scanArray($value, $flags, $results, $_xpath); } elseif (is_string($value) && static::MINBUFSIZE <= strlen($value) && strlen($value) <= static::MAXBUFSIZE) { $subBits = static::scanBuffer($value, '', $flags, $subResults); } else { continue; } if ($subBits === 0) { continue; } $detected |= $subBits; if ($subResults) { if ($xpUse) $xpOp = self::updateXPath($_xpath, $xpOp, $key); foreach ($subResults as &$subResult) { $subResult['xpath'] = $xpUse ? self::packXPath($_xpath) : NULL; $results[] = $subResult; } unset($subResult); $subResults = []; } } $xpUse && !$xpOp && self::updateXPath($_xpath, -1); return $detected; } public static function scanXPath(&$data, &$xpath, $flags = 0, &$results = NULL) { $val = &self::resolveXPath($data, $xpath, $ok); if (!$ok) return 0; if (is_array($val) || is_object($val)) { if ($results !== NULL) if (!is_array($results) || $results) $results = []; return static::scanArray($val, $flags, $results, $xpath); } if (is_string($val) && static::MINBUFSIZE <= strlen($val) && strlen($val) <= static::MAXBUFSIZE) { $detected = static::scanBuffer($val, '', $flags, $results); if ($detected && $results) foreach ($results as &$result) $result['xpath'] = self::packXPath($xpath); return $detected; } return 0; } public static function scanSerialized(&$data, $flags = 0, &$xpath = NULL, &$results = NULL, &$serialization = NULL, &$unserialized = NULL) { $detected = 0; if ($results !== NULL) if (!is_array($results) || $results) $results = []; if ($serialization) $serialization = ''; if ($_ = self::isSerializedPHP($data, TRUE)) { if (!strpos(' saO', $_, 1)) return 0; $serialization = 'PHP'; if (!($flags & self::SCAN_SERIALIZED_SKIP_FAST)) if (static::scanBuffer($data) === 0) return 0; $unserialized = @unserialize($data); if (empty($unserialized)) return 0; if (is_array($unserialized) || is_object($unserialized)) if ($xpath !== NULL) $detected = static::scanXPath($unserialized, $xpath, $flags, $results); else $detected = static::scanArray($unserialized, $flags, $results); else $detected = static::scanBuffer($unserialized, '', $flags, $results); if ($detected & self::RET_MODIFIED) $data = serialize($unserialized); } elseif (self::isSerializedJSON($data, 1, $unserialized)) { if (empty($unserialized)) return 0; $serialization = 'JSON'; if (is_array($unserialized) || is_object($unserialized)) if ($xpath !== NULL) $detected = static::scanXPath($unserialized, $xpath, $flags, $results); else $detected = static::scanArray($unserialized, $flags, $results); else $detected = static::scanBuffer($unserialized, '', $flags, $results); if ($detected & self::RET_MODIFIED) $data = json_encode($unserialized); } else { $detected = static::scanBuffer($data, '', $flags, $results); } return $detected; } public static function &resolveXPath(&$data, &$xpath, &$ok) { $ok = FALSE; if (!self::parseXPath($xpath)) return $data; $val = &$data; $i = 0; $c = count($xpath); while ($i < $c) { $key = $xpath[$i++]; if (!is_string($key) && !is_numeric($key)) return $val; if (is_array($val)) { if (!isset($val[$key])) return $val; $val = &$val[$key]; } elseif (is_object($val)) { if (!isset($val->$key)) return $val; $val = &$val->$key; } else { return $val; } } $ok = TRUE; return $val; } public static function acquireXPath(&$data, $xpath, $callBack) { if (!is_string($data) || !is_callable($callBack)) return 0; $modified = FALSE; $unserialized = NULL; $serialization = self::isSerialized($data, $unserialized); if ($serialization) { $val = &self::resolveXPath($unserialized, $xpath, $ok); if (!$ok) return 0; $modified = $callBack($val); if ($modified) if ($serialization === 'PHP') $data = serialize($unserialized); elseif ($serialization === 'JSON') $data = json_encode($unserialized); } else { if (self::parseXPath($xpath) && $xpath) return 0; $modified = $callBack($data); } return $modified ? 2 : 1; } public static function parseXPath(&$xpath) { if (is_string($xpath)) { $xpath = strlen($xpath) ? explode(self::$xpathSeparator, $xpath) : []; foreach ($xpath as &$entry) { $entry = urldecode($entry); } } return is_array($xpath); } public static function packXPath($xpath) { if (is_array($xpath)) { $str = ''; foreach ($xpath as $entry) { $str .= (strlen($str) ? self::$xpathSeparator : '').urlencode($entry); } return $str; } return is_string($xpath) ? $xpath : NULL; } public static function updateXPath(&$xpath, $op, $key = NULL) { if ($op > 0) $xpath[] = $key; elseif ($op < 0) array_pop($xpath); else $xpath[count($xpath)-1] = $key; return 0; } protected static function sortResults_last_length($i, $j) { if ($i['sign'][self::VDB_LAST] !== $j['sign'][self::VDB_LAST]) return $i['sign'][self::VDB_LAST] ? -1 : 1; return $j['length'] - $i['length']; } protected static function sortResults_order_id($i, $j) { if ($i['sign'][self::VDB_ORDER] !== $j['sign'][self::VDB_ORDER]) return $i['sign'][self::VDB_ORDER] < $j['sign'][self::VDB_ORDER] ? -1 : 1; return $i['sign'][self::VDB_SID] < $j['sign'][self::VDB_SID] ? -1 : 1; } protected static function resultsRemoveOverlaps(&$results, $compact = FALSE) { $removed = 0; $h = count($results) - 1; for ($i = 0; $i < $h; ++$i) { if (empty($results[$i]) || $results[$i]['offset'] < 0) continue; $iL = $results[$i]['offset']; $iR = $iL + $results[$i]['length']; for ($j = $i + 1; $j <= $h; ++$j) { if (empty($results[$j]) || $results[$j]['offset'] < 0) continue; $jL = $results[$j]['offset']; $jR = $jL + $results[$j]['length']; if ($iL <= $jL && $jR <= $iR) { if (($results[$j]['flags']&self::RET_CVE) === 0) { $results[$j] = NULL; $removed++; } } elseif ($jL <= $iL && $iR <= $jR) { if (($results[$i]['flags']&self::RET_CVE) === 0) { $results[$i] = NULL; $removed++; break; } } } } if ($removed > 0 && $compact) { $results = array_values(array_filter($results)); } return $removed; } public static function objectToArray($array) { if (!is_array($array)) if (is_object($array)) $array = get_object_vars($array); else return $array; foreach ($array as &$v) $v = self::objectToArray($v); return $array; } public static function isSerialized($data, &$unserialized = NULL) { if ($_ = self::isSerializedPHP($data, TRUE)) { if (!strpos(' saO', $_, 1)) return ''; $unserialized = @unserialize($data); if ($unserialized === FALSE || $unserialized === NULL) return ''; return 'PHP'; } elseif (self::isSerializedJSON($data, 1, $unserialized)) { return 'JSON'; } return ''; } public static function isSerializedPHP($data, $strict = TRUE) { if (!is_string($data)) return; $data = trim($data); if (strlen($data) < 4) return ('N;' === $data) ? $data[0] : NULL; if (':' !== $data[1]) return; if ($strict) { $lastc = substr($data, -1); if (';' !== $lastc && '}' !== $lastc) return; } else { $split = strpos($data, ';'); $brace = strpos($data, '}'); if (FALSE === $split && FALSE === $brace || FALSE !== $split && $split < 3 || FALSE !== $brace && $brace < 4) return; } $token = $data[0]; switch ($token) { case 's': if ($strict ? ('"' !== substr($data, -2, 1)) : !strpos($data, '"')) return; case 'a': case 'O': case 'E': return preg_match("/^$token:\\d+:[\\{\\\"]/", $data) ? $token : NULL; case 'b': case 'i': case 'd': $end = $strict ? '$' : ''; return strlen($data) <= 60 && preg_match("/^$token:[\\d\\.eE+\\-]+;$end/", $data) ? $token : NULL; } return; } public static function isSerializedJSON($data, $rejectTypes = 0, &$val = NULL) { if (!is_string($data) || !strlen($data)) { return FALSE; } if ($rejectTypes) { $v = trim($data); if (!strlen($v)) { return FALSE; } $type = $v[0]; $end = substr($v, -1); $isStruct = ($type === '{' || $type === '['); $isString = ($type === '"'); if ( !($isStruct || $isString) && (($rejectTypes & 1) || strlen($v) > 60) || $isString && (($rejectTypes & 2) || strlen($v) < 2 || $end !== '"') || $isStruct && (($rejectTypes & 4) || strlen($v) < 2 || ($end !== '}' && $end !== ']')) ) { return FALSE; } } $val = json_decode($data, TRUE); return json_last_error() === JSON_ERROR_NONE; } public static function file_rewrite($file, $contents) { $mode = (int)fileperms($file); chmod($file, $mode | 0220); $ret = (file_put_contents($file, $contents) === strlen($contents)); chmod($file, $mode); return $ret; } public static function file_unlink($file) { $mode = (int)fileperms($file); chmod($file, $mode | 0220); if (!$ret = unlink($file)) chmod($file, $mode); return $ret; } public static function afterTreatment(&$text, $fileType) { switch ($fileType) { case 'php': case 'phps': case 'phtml': case 'php4': case 'php5': case 'php7': case 'inc': case 'tpl': case 'class': $text = preg_replace('/<\\?(?:php)?\\s*\\?>\\r?\\n?/', '', $text); return TRUE; } return FALSE; } public static function cbDefault($sign, &$text, $fileType, $replace = 0, &$results = NULL) { if ($sign[self::VDB_FTYPES] && !isset($sign[self::VDB_FTYPES][$fileType])) return 0; $const = ($sign[self::VDB_SIGNATURE][0] === ':'); if ($const) { $startOffset = strpos($text, substr($sign[self::VDB_SIGNATURE], 1)); if ($startOffset === FALSE) return 0; $length = strlen($sign[self::VDB_SIGNATURE]) - 1; $endOffset = $startOffset + $length; } else { if (!preg_match($sign[self::VDB_SIGNATURE], $text, $match, PREG_OFFSET_CAPTURE)) return 0; $startOffset = $match[0][1]; $length = strlen($match[0][0]); $endOffset = $startOffset + $length; $match = NULL; } if ($sign[self::VDB_ACK]) foreach ($sign[self::VDB_ACK] as $subSignID) if (($cb = self::$vdb[$subSignID][self::VDB_CALLBACK]) && self::$cb(self::$vdb[$subSignID], $text, $fileType, 0) === 0) return 0; if ($sign[self::VDB_EXC]) foreach ($sign[self::VDB_EXC] as $subSignID) if (($cb = self::$vdb[$subSignID][self::VDB_CALLBACK]) && self::$cb(self::$vdb[$subSignID], $text, $fileType, 0) !== 0) return 0; if ($sign[self::VDB_SUB]) { $detected = 0; foreach ($sign[self::VDB_SUB] as $subSignID) { if (($subSign = self::$vdb[$subSignID]) && ($cb = $subSign[self::VDB_CALLBACK])) { $detected |= self::$cb($subSign, $text, $fileType, $replace, $results); if ($detected & self::RET_LAST) { break; } } } return $detected; } $doReplace = ($replace & self::SCAN_REPLACE) && !$sign[self::VDB_INCURABLE]; if ($doReplace) { if ($doReplace && $sign[self::VDB_DOUBT] && !($replace & self::SCAN_REPLACE_TYPE_DOUBT)) $doReplace = FALSE; if ($doReplace && $sign[self::VDB_CVE] && !($replace & self::SCAN_REPLACE_TYPE_CVE)) $doReplace = FALSE; if ($doReplace && !$sign[self::VDB_DOUBT] && !$sign[self::VDB_CVE] && !($replace & self::SCAN_REPLACE_TYPE_MALWARE)) $doReplace = FALSE; } $detected = self::RET_DETECTED | ($sign[self::VDB_INCURABLE] ? self::RET_INCURABLE : ($sign[self::VDB_LAST] ? self::RET_CANDELETE : self::RET_CANREPLACE)) | ($sign[self::VDB_DOUBT] ? self::RET_DOUBT : 0) | ($sign[self::VDB_LAST] ? self::RET_LAST : 0) | ($sign[self::VDB_CVE] ? self::RET_CVE : 0) | ($doReplace ? ($sign[self::VDB_LAST] ? self::RET_DELETE : self::RET_REPLACED) : 0); if ($results !== NULL) $results[] = [ 'sign' => $sign, 'flags' => $detected, 'offset' => $startOffset, 'length' => $length, 'match' => substr($text, $startOffset, $endOffset), ]; if ($doReplace) { if (!$sign[self::VDB_LAST]) $text = $const ? str_replace( substr($sign[self::VDB_SIGNATURE], 1), $sign[self::VDB_REPLACE], $text) : preg_replace( $sign[self::VDB_SIGNATURE], $sign[self::VDB_REPLACE], $text); elseif ($replace & self::SCAN_REPLACE_IF_LAST) $text = ''; } return $detected; } public static function cbhtaccessredirect($sign, &$text, $fileType, $replace = 0, &$results = NULL) { if (!defined('SVC_CHOST') || $sign[self::VDB_FTYPES] && !isset($sign[self::VDB_FTYPES][$fileType])) return 0; $host = strtolower(SVC_CHOST); if (substr($host, 0, 4) === 'www.') $host = substr($host, 4); if (!strlen($host)) return 0; $doReplace = ($replace & self::SCAN_REPLACE) && !$sign[self::VDB_INCURABLE]; $detected = 0; $lines = explode("\n", $text); $nLines = count($lines); $pCond = $pEngine = -1; for ($i = 0; $i < $nLines; ++$i) { $line = strtolower(trim($lines[$i])); if (strlen($line) < 11 || $line[0] === '#') continue; if (substr($line, 0, 13) === 'rewriteengine') { if ($pEngine < 0) $pEngine = $i; else $lines[$i] = ''; } elseif (substr($line, 0, 11) === 'rewritecond') { if ($pCond < 0) $pCond = $i; } elseif (substr($line, 0, 11) === 'rewriterule') { if ( preg_match('~https?:/~', $line) && !strpos($line, $host) && !preg_match('~https?:/+(?:w+\.)?(?:[\%\$]\d|\%\{\w+\})~', $line) ) { $detected |= self::RET_DETECTED; if (self::cbhtaccessredirect_appendResult($sign, $lines[$i], $doReplace, $results)) { if ($pCond < 0) { unset($lines[$i]); } else { for ($j = $pCond; $j <= $i; ++$j) unset($lines[$j]); } } } $pCond = -1; } elseif (substr($line, 0, 13) === 'errordocument') { if (preg_match('~https?:/~', $line) && !strpos($line, $host)) { $detected |= self::RET_DETECTED; if (self::cbhtaccessredirect_appendResult($sign, $lines[$i], $doReplace, $results)) unset($lines[$i]); } } } if ($detected) { $detected |= ($sign[self::VDB_INCURABLE] ? self::RET_INCURABLE : self::RET_CANREPLACE) | ($sign[self::VDB_DOUBT] ? self::RET_DOUBT : 0); if ($doReplace) { $detected |= self::RET_REPLACED; $text = implode("\n", $lines); } } return $detected; } protected static function cbhtaccessredirect_appendResult($sign, $line, $replaced, &$results) { if ($results === NULL) return $replaced; $results[] = [ 'sign' => $sign, 'flags' => self::RET_DETECTED | ($sign[self::VDB_INCURABLE] ? self::RET_INCURABLE : self::RET_CANREPLACE) | ($sign[self::VDB_DOUBT] ? self::RET_DOUBT : 0) | ($replaced ? self::RET_REPLACED : 0), 'offset' => -1, 'length' => strlen($line), 'match' => $line, ]; return $replaced; } public static function reMatchOffsets($re, $text, $formatter = NULL) { if (!strlen($re) || !is_int(@preg_match_all($re, $text, $matches, PREG_OFFSET_CAPTURE))) return FALSE; if (!$matches[0]) return []; return self::matchOffsetsToRows($matches[0], $text, $formatter); } public static function constMatchOffsets($sub, $text, $formatter = NULL) { if (!is_string($sub) || !strlen($sub) || !is_int($pos = strpos($text, $sub))) return []; $matches = []; do { $matches[] = [strlen($sub), $pos]; $pos = strpos($text, $sub, $pos + strlen($sub)); } while (is_int($pos)); return self::matchOffsetsToRows($matches, $text, $formatter); } public static function matchScanResultToRows($result, $text, $formatter = NULL) { if (!is_array($result) || !isset($result['offset'], $result['length']) || $result['offset'] < 0) return NULL; $absOffsets = [[$result['length'], $result['offset']]]; $lineOffsets = self::matchOffsetsToRows($absOffsets, $text, $formatter); return reset($lineOffsets); } public static function matchOffsetsToRows($offsets, $text, $formatter = NULL) { $nResult = 0; $results = []; foreach ($offsets as $offset) { if (!$nResult || $results[$nResult-1][5] < $offset[1]) { $results[$nResult++] = [ -1, -1, -1, -1, $offset[1], is_int($offset[0]) ? $offset[1] + $offset[0] : $offset[1] + strlen($offset[0]), ]; } } $cPos = $nResult = 0; $rows = is_array($text) ? $text : explode("\n", $text); for ($nRow = 0, $nRows = count($rows); $nRow < $nRows; ++$nRow) { $rowEndAt = $cPos + strlen($rows[$nRow]) + 1; if ($results[$nResult][0] > -1) { if ($rowEndAt > $results[$nResult][5]) { $results[$nResult][2] = $nRow; $results[$nResult][3] = $results[$nResult][5] - $cPos; --$nRow; $formatter && $formatter($results[$nResult]); if (!isset($results[++$nResult])) break; } else { $cPos = $rowEndAt; } } elseif ($rowEndAt > $results[$nResult][4]) { $results[$nResult][0] = $nRow; $results[$nResult][1] = $results[$nResult][4] - $cPos; --$nRow; } else { $cPos = $rowEndAt; } } return $results; } public static function createFieldPath($table, $keyFieldName, $keyFieldValue, $fieldName) { return $table.'/'. (is_string($keyFieldName) && strlen($keyFieldName) ? $keyFieldName.'/'.urlencode($keyFieldValue) : (int)$keyFieldValue).'/'. $fieldName; } public static function parseFieldPath($path) { $cell = explode('/', $path); $n = count($cell); if ($n !== 3 && $n !== 4 || in_array('', $cell, TRUE)) return FALSE; $hasPrimary = ($n === 4); return [ 'table' => $cell[0], 'key' => $hasPrimary ? $cell[1] : NULL, 'row' => $hasPrimary ? urldecode($cell[2]) : (int)$cell[1], 'field' => $hasPrimary ? $cell[3] : $cell[2], ]; } public static function sqlByFieldPath($path, $requirePrimary = FALSE) { if (is_string($path)) $path = self::parseFieldPath($path); if (!is_array($path) || count($path) !== 4) return FALSE; if (isset($path['key'], $path['row']) && is_string($path['key']) && strlen($path['key'])) return "WHERE `$path[key]`='".addslashes($path['row'])."' LIMIT 1"; if (!$requirePrimary && isset($path['row']) && is_numeric($path['row'])) return "LIMIT ".($path['row']-1).",1"; return FALSE; } public static function getCustomDbRules($cms, $cmsConfigData = NULL) { if (!is_string($cms) || !strlen($cms)) return; $invalidHostName = function($v) { if (empty($v)) return FALSE; $v = strtolower(trim($v, "/ \t\r\n\0")); $v = preg_replace('~^https?:+/*~' , '', $v); $v = preg_replace('~^w+\.~' , '', $v); if (strpos($v, '/') !== FALSE) $v = substr($v, 0, strpos($v, '/')); $v = trim($v); $valid = self::getOriginHost(TRUE); return !empty($v) && !empty($valid) && $v !== $valid; }; $validHostName = function($v) { return self::getOriginScheme().self::getOriginHost(); }; if ($cms === 'wordpress') return !empty($cmsConfigData) && !empty($cmsConfigData['_multi']) ? NULL : [ 'wp_options' => [[ 'ruleID' => '111', 'table' => 'wp_options', 'field' => 'option_value', 'searchCol' => 'option_name', 'searchVal' => 'siteurl', 'keyField' => 'option_id', 'replaceIf' => $invalidHostName, 'replaceTo' => $validHostName, 'flags' => self::RET_DETECTED|self::RET_CANREPLACE, ], [ 'ruleID' => '111', 'table' => 'wp_options', 'field' => 'option_value', 'searchCol' => 'option_name', 'searchVal' => 'home', 'keyField' => 'option_id', 'replaceIf' => $invalidHostName, 'replaceTo' => $validHostName, 'flags' => self::RET_DETECTED|self::RET_CANREPLACE, ]], ]; } protected static function getOriginHost($trimWWW = FALSE) { static $c = NULL; if ($c === NULL) { $c = ''; foreach (['HTTP_HOST', 'SERVER_NAME'] as $k) if (!empty($_SERVER[$k])) { $c = strtolower($_SERVER[$k]); break; } } return strlen($c) && $trimWWW ? preg_replace('~^w+\.~' , '', $c) : $c; } protected static function getOriginScheme() { static $c = NULL; if ($c === NULL) $c = !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off' || !empty($_SERVER['REQUEST_SCHEME']) && strtolower($_SERVER['REQUEST_SCHEME']) === 'https' || !empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']) === 'https' ? 'https://' : 'http://'; return $c; } } class VFS { const version = '1.0.2'; protected $tree; public function __construct(&$tree = NULL) { $this->loadTree($tree); } public function loadTree(&$tree = NULL) { if (is_array($tree)) $this->tree = &$tree; else $this->tree = []; return $this; } public function loadJSON($treeJSON) { if (!is_string($treeJSON) || strlen($treeJSON) < 2) return FALSE; $tree = json_decode($treeJSON, TRUE); if (!is_array($tree)) return FALSE; $this->tree = $tree; return TRUE; } public function loadFile($file) { return is_string($file) && strlen($file) && is_file($file) && $this->loadJSON(file_get_contents($file)); } public function saveFile($file, $prettyPrint = FALSE) { return is_string($file) && strlen($file) && file_put_contents($file, json_encode($this->tree, ($prettyPrint ? JSON_PRETTY_PRINT : 0)|JSON_UNESCAPED_SLASHES|JSON_UNESCAPED_UNICODE)); } public function lookup($path) { if ($this->isEmpty()) return NULL; $t = &$this->tree; foreach (self::explode($path) as $n) { if (!isset($t[$n])) return NULL; $t = &$t[$n]; if (!is_array($t)) return $t; } return $t; } public function sub($path) { $entry = $this->lookup($path); return is_array($entry) ? (new self($entry)) : NULL; } public function isDir($path) { return is_array($this->lookup($path)); } public function isFile($path) { $entry = $this->lookup($path); return $entry !== NULL && !is_array($entry); } public function isEmpty() { return empty($this->tree); } public function exists($path) { if ($this->isEmpty()) return FALSE; $t = &$this->tree; foreach (self::explode($path) as $n) { if (!isset($t[$n])) return FALSE; $t = &$t[$n]; if (!is_array($t)) return TRUE; } return TRUE; } public function scandir($path) { $t = $this->lookup($path); if (!is_array($t)) return FALSE; return array_keys($t); } public function add($path, $entry = NULL) { $p = self::explode($path); if (empty($p)) return $this; $baseName = array_pop($p); $t = &$this->tree; foreach ($p as $n) { if (!isset($t[$n]) || !is_array($t[$n])) $t[$n] = []; $t = &$t[$n]; } $t[$baseName] = $entry; return $this; } public function del($path) { $p = self::explode($path); if (empty($p)) return $this; $baseName = array_pop($p); $t = &$this->tree; foreach ($p as $n) { if (!isset($t[$n]) || !is_array($t[$n])) return $this; $t = &$t[$n]; } unset($t[$baseName]); return $this; } public function lookup2($path, &$baseName = NULL) { $p = self::explode($path); if (empty($p)) return NULL; $baseName = array_pop($p); return $this->lookup($p); } public function dump($wrap = 1) { if ($wrap & 2) echo "<pre>"; echo json_encode($this->tree, JSON_PRETTY_PRINT|JSON_UNESCAPED_SLASHES|JSON_UNESCAPED_UNICODE); if ($wrap & 2) echo "</pre>"; if ($wrap & 1) echo "\n"; return $this; } public static function explode($path) { if (is_array($path)) return $path; if (!is_string($path)) return []; $trim = trim($path, '/'); if (!strlen($trim)) return []; return explode('/', $trim); } public static function implode($path) { if (is_array($path)) return $path ? trim(implode('/', $path), '/') : ''; if (is_string($path)) return trim($path, '/'); return ''; } } $return = [ 'threats' => [], 'errors' => [], 'dirlist' => [], 'skipped' => [], 'stats' => [ 'threats' => 0, 'checkedfiles' => 0, 'scannedfiles' => 0, 'detectedfiles' => 0, 'detecteddirs' => 0, 'checkeddirs' => 0, 'errors' => 0, 'treated' => 0, 'backupid' => 0, 'seconds' => 0.0, ], ]; define('MINBUFSIZE', avScanner::MINBUFSIZE); $maxSize = avScanner::MAXBUFSIZE; if (!empty($_GET['maxsize']) && ($_GET['maxsize'] = shortNumberParse($_GET['maxsize'])) > 0) { if ($_GET['maxsize'] < MINBUFSIZE) $maxSize = MINBUFSIZE; elseif ($_GET['maxsize'] < $maxSize) $maxSize = $_GET['maxsize']; } define('MAXBUFSIZE', $maxSize); define('MAXBINSIZE', min($maxSize, 128<<10)); unset($maxSize); if (isset($_GET['filetypes']) && strlen($_GET['filetypes'])) { $fileTypes = []; foreach (explode(',', $_GET['filetypes']) as $ext) if (strlen($ext = trim($ext))) $fileTypes[$ext] = MAXBUFSIZE; } $userTypes = !empty($fileTypes); if (!$userTypes) { $fileTypes = [ 'htm'=>MAXBUFSIZE, 'html'=>MAXBUFSIZE, 'php'=>MAXBUFSIZE, 'phps'=>MAXBUFSIZE, 'phtml'=>MAXBUFSIZE, 'php4'=>MAXBUFSIZE, 'php5'=>MAXBUFSIZE, 'php7'=>MAXBUFSIZE, 'inc'=>MAXBUFSIZE, 'tpl'=>MAXBUFSIZE, 'class'=>MAXBUFSIZE, 'js'=>MAXBUFSIZE, 'pl'=>MAXBUFSIZE, 'perl'=>MAXBUFSIZE, 'py'=>MAXBUFSIZE, 'asp'=>MAXBUFSIZE, 'aspx'=>MAXBUFSIZE, 'svg'=>MAXBUFSIZE, 'xml'=>MAXBUFSIZE, ]; } $_GET['vdbid'] = isset($_GET['vdbid']) ? abs((int)$_GET['vdbid']) : 0; $vdb = svcDataQuery(SVC_SVC, 'vdb/', [ 'vdbid' => $_GET['vdbid'], 'vdbver' => avScanner::VDBVERSION, 'from' => 'rexplacer', ], [ 'gzip' => SVC_CGZIP, 'json' => TRUE, 'cacheFile' => SVC_CSVCCACHE.'-vdb'.$_GET['vdbid'].'-v'.avScanner::VDBVERSION.'.json', 'cacheTime' => 3600, 'cacheClean' => SVC_CLC, ]); if (!avScanner::setVDB($vdb)) return ERR_SVC + 0; unset($vdb); $ignored = svcDataQuery('', 'ignored', NULL, [ 'gzip' => SVC_CGZIP, 'json' => TRUE, 'cacheFile' => SVC_CCACHE.'/ignored.json', 'cacheTime' => 300, 'cacheReload' => isset($_GET['ilreload']) && $_GET['ilreload'] !== '0', 'cacheClean' => SVC_CLC, ]); if (!is_array($ignored)) return ERR_SVC + 1; $ignored = array_flip($ignored); set_time_limit(300); ini_set('pcre.backtrack_limit', 10e6); if (!empty($_POST['filelist'])) $fileList = splitTextLines($_POST['filelist']); elseif (!empty($_GET['filelist'])) $fileList = splitTextLines($_GET['filelist']); else $fileList = []; if ($fileList) $dirList = ['.']; elseif (!empty($_POST['dirlist'])) $dirList = splitTextLines($_POST['dirlist']); elseif (!empty($_GET['dirlist'])) $dirList = splitTextLines($_GET['dirlist']); else $dirList = ['.']; $replaceFlags = 0; if (isset($_GET['replace'])) { $replaceFlags = $replaceFlags | avScanner::SCAN_REPLACE_AFTER | avScanner::SCAN_APPLY_AFTER_TREATMENT; $_ = $_GET['replace']; if (!is_string($_) || !strlen($_) || $_ === '1') { $replaceFlags = $replaceFlags | avScanner::SCAN_REPLACE_TYPE_MALWARE | avScanner::SCAN_REPLACE_TYPE_DOUBT | avScanner::SCAN_REPLACE_TYPE_CVE; } else { if (is_int(strpos($_, 'M'))) $replaceFlags = $replaceFlags | avScanner::SCAN_REPLACE_TYPE_MALWARE; if (is_int(strpos($_, 'D'))) $replaceFlags = $replaceFlags | avScanner::SCAN_REPLACE_TYPE_DOUBT; if (is_int(strpos($_, 'V'))) $replaceFlags = $replaceFlags | avScanner::SCAN_REPLACE_TYPE_CVE; } } $scanFlags = (isset($_GET['more']) && $_GET['more'] !== '0') ? 0 : avScanner::SCAN_PACK_RESULTS; $realFlags = ($scanFlags | $replaceFlags); $backup = $replaceFlags && isset($_GET['backup']); if ($backup) { $return['stats']['backupid'] = backups::init(SVC_CRESTORE, $_GET['backup'], '.'); } $slowDown = $sleepTimer = 0.0; if (isset($_GET['slowdown'])) { $slowDown = (float)$_GET['slowdown']; if ($slowDown < 0.01) $slowDown = 0.0; elseif ($slowDown > 9.0) $slowDown = 9.0; } $dScan = $fileList ? NULL : new dirScanner(); $snapShot = NULL; $snapSave = FALSE; $snapFile = SVC_CCACHE.'/snapshot.json'; if (isset($_GET['snapshot']) && $_GET['snapshot'] !== '0') { $snapShot = new VFS(); $snapShot->loadFile($snapFile); } $results = []; $ret_doNotShow = avScanner::RET_DOUBT; $return['stats']['seconds'] = microtime(TRUE); if ($slowDown > 0.0) $sleepTimer = $return['stats']['seconds']; foreach ($dirList as $dir) { $dir = strtr(trim($dir, "\\/\0"), '\\', '/'); if (!strlen($dir)) continue; $dir .= '/'; if (isset($ignored[$dir])) { $return['skipped'][] = $dir; continue; } if ($dScan && !$dScan->open($dir, DSCAN_FILES|DSCAN_DIRFIRST|DSCAN_INCLUDEBASE, isset($_GET['thisdir']) && $_GET['thisdir'] !== '0' ? 0 : 64)) { $return['errors'][md5($dir)] = [$dir, 0, avScanner::RET_EREAD]; continue; } while (is_string($file = ($dScan ? $dScan->read() : array_shift($fileList)))) { if (connection_aborted()) break; if ($dScan) { if ($dScan->isDir()) { if (isset($ignored[$file])) { $return['skipped'][] = $file; $dScan->cdUp(); } else { ++$return['stats']['checkeddirs']; } continue; } } else { if (!is_file($file)) continue; } if (isset($ignored[$file])) { $return['skipped'][] = $file; continue; } ++$return['stats']['checkedfiles']; $fsize = filesize($file); $ftime = filemtime($file); if ($snapShot) { $snapName = VFS::explode($file); $snapUniq = "s$fsize;m$ftime"; if ($snapShot->lookup($snapName) === $snapUniq) continue; $snapShot->add($snapName, $snapUniq); $snapSave = TRUE; } if ($fsize < MINBUFSIZE || MAXBUFSIZE < $fsize) { continue; } $ftype = pathinfo($file, PATHINFO_EXTENSION); $skip = $userTypes ? (!isset($fileTypes[$ftype]) || $fsize > $fileTypes[$ftype]) : ($fsize > (isset($fileTypes[$ftype]) ? $fileTypes[$ftype] : MAXBINSIZE)); if ($skip) { continue; } $ftext = file_get_contents($file); if (!is_string($ftext) || strlen($ftext) < $fsize) { $return['errors'][md5($file)] = [$file, filemtime($file), avScanner::RET_EREAD]; continue; } $fStrings = $ftext; $detected = avScanner::scanBuffer($ftext, $ftype, $realFlags, $results); ++$return['stats']['scannedfiles']; if ($slowDown > 0.0 && !($return['stats']['scannedfiles'] % 20)) { $sleepTimer = microtime(TRUE) - $sleepTimer; usleep($sleepTimer * 1e6 * $slowDown); $sleepTimer = microtime(TRUE); } if ($detected === 0) { continue; } if ($snapShot) { $snapShot->del($snapName); } $fmode = fileperms($file) & 0777; $fStrings = explode("\n", $fStrings); $nThreads = count($return['threats']); if ($replaceFlags) { $errorBit = 0; if ($detected & avScanner::RET_MODIFIED) { if ($backup && !backups::pushFile($file)) { $errorBit |= avScanner::RET_EBACKUP; $return['errors'][md5($file)] = [$file, $ftime, avScanner::RET_EBACKUP]; } elseif ($detected & avScanner::RET_REPLACED) { if (!@avScanner::file_rewrite($file, $ftext)) { $errorBit |= avScanner::RET_EWRITE; $return['errors'][md5($file)] = [$file, $ftime, avScanner::RET_EWRITE]; } } elseif ($detected & avScanner::RET_DELETE) { if (!@avScanner::file_unlink($file)) { $errorBit |= avScanner::RET_EDELETE; $return['errors'][md5($file)] = [$file, $ftime, avScanner::RET_EDELETE]; } } } foreach ($results as $result) { if ($result['flags'] & $ret_doNotShow) continue; if ($errorBit) { $result['flags'] |= $errorBit; $result['flags'] &= ~avScanner::RET_MODIFIED; } elseif ($result['flags'] & avScanner::RET_MODIFIED) { $return['stats']['treated']++; } $return['threats'][] = [$file, $ftime, $result['flags'], $result['sign'][avScanner::VDB_TITLE], $result['sign'][avScanner::VDB_SID], $fmode, $fsize, avScanner::matchScanResultToRows($result, $fStrings)]; } } else { foreach ($results as $result) { if ($result['flags'] & $ret_doNotShow) continue; $return['threats'][] = [$file, $ftime, $result['flags'], $result['sign'][avScanner::VDB_TITLE], $result['sign'][avScanner::VDB_SID], $fmode, $fsize, avScanner::matchScanResultToRows($result, $fStrings)]; } } if ($nThreads < count($return['threats'])) { ++$return['stats']['detectedfiles']; $dirName = $dScan ? $dScan->baseDir().$dScan->cd() : formatDirName(pathinfo($file, PATHINFO_DIRNAME), ''); $return['dirlist'][md5($dirName)] = $dirName; } else { unset($return['errors'][md5($file)]); } } } unset($dScan); $snapShot && $snapSave && $snapShot->saveFile($snapFile, TRUE); $return['stats']['seconds'] = round(microtime(TRUE) - $return['stats']['seconds'], 3); $return['stats']['threats'] = count($return['threats']); $return['stats']['errors'] = count($return['errors']); $return['stats']['detecteddirs'] = count($return['dirlist']); if ($backup && backups::$filesPushed === 0) { $return['stats']['backupid'] = 0; } echo json_encode($return, JSON_UNESCAPED_SLASHES|JSON_UNESCAPED_UNICODE); unset($return); ?>