Project-Pro/szkoleniauryzaj.pl
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

first commit

Browse Source
This commit is contained in:
Jacek Pyziak
2024-11-10 21:08:49 +01:00
commit 0d932ce5ee
14455 changed files with 2567501 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
wp-content/plugins/gotmls/safe-load/.htaccess Normal file
View File

@@ -0,0 +1,8 @@
# BEGIN GOTMLS Directory Protection
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . index.php [L]
</IfModule>
# END GOTMLS Directory Protection

24
wp-content/plugins/gotmls/safe-load/index.php Normal file
View File

@@ -0,0 +1,24 @@
<?php
/**
* GOTMLS Brute-Force protections
* @package GOTMLS
*/
if (!(isset($GLOBALS["GOTMLS"]["detected_attacks"]) && $GLOBALS["GOTMLS"]["detected_attacks"])) {
$file = (isset($_SERVER["SCRIPT_FILENAME"]) ? $_SERVER["SCRIPT_FILENAME"] : __FILE__);
$GLOBALS["GOTMLS"]["detected_attacks"] = '&attack[]='.strtolower((isset($_SERVER["DOCUMENT_ROOT"]) && strlen($_SERVER["DOCUMENT_ROOT"]) < strlen($file)) ? substr($file, strlen($_SERVER["DOCUMENT_ROOT"])) : basename($file));
}
foreach (array("REMOTE_ADDR", "HTTP_HOST", "REQUEST_URI", "HTTP_REFERER", "HTTP_USER_AGENT") as $var)
$GLOBALS["GOTMLS"]["detected_attacks"] .= (isset($_SERVER[$var]) ? "&SERVER_$var=".urlencode($_SERVER[$var]) : "");
foreach (array("log", "session_id") as $var)
$GLOBALS["GOTMLS"]["detected_attacks"] .= (isset($_POST[$var]) ? "&POST_$var=".urlencode($_POST[$var]).(isset($_POST["sess".$_POST[$var]]) ? "&TIME=".time()."&POST_sess$var=".urlencode($_POST["sess".$_POST[$var]]) : "") : "");
if (is_file($file = str_replace(basename(dirname(__FILE__)), basename(__FILE__), dirname(__FILE__))) && ($contents = @file_get_contents($file)) && preg_match('/\nversion:\s*([0-9\.]+)/i', $contents, $match))
$ver = $match[1];
else
$ver = "Unknown";
header("location: https://safe-load.gotmls.net/report.php?ver=$ver".$GLOBALS["GOTMLS"]["detected_attacks"]);
die();

15
wp-content/plugins/gotmls/safe-load/session.php Normal file
View File

@@ -0,0 +1,15 @@
<?php
/**
* GOTMLS SESSION Start
* @package GOTMLS
*/
if (!defined("GOTMLS_SESSION_TIME"))
define("GOTMLS_SESSION_TIME", microtime(true));
if (!@session_id())
@session_start();
if (isset($_SESSION["GOTMLS_SESSION_TIME"]))
$_SESSION["GOTMLS_SESSION_LAST"] = $_SESSION["GOTMLS_SESSION_TIME"];
else
$_SESSION["GOTMLS_SESSION_LAST"] = 0;
$_SESSION["GOTMLS_SESSION_TIME"] = GOTMLS_SESSION_TIME;

35
wp-content/plugins/gotmls/safe-load/trace.php Normal file
View File

@@ -0,0 +1,35 @@
<?php // Debug Tracer function by ELI at GOTMLS.NET
if (!function_exists("GOTMLS_debug_trace")) {
function GOTMLS_debug_trace($file) {
$mt = microtime(true);
if (!session_id())
@session_start();
if (!isset($_SESSION["GOTMLS_traces"]))
$_SESSION["GOTMLS_traces"] = 0;
if (!isset($_SESSION["GOTMLS_trace_includes"]))
$_SESSION["GOTMLS_trace_includes"] = array();
if (isset($_SESSION["GOTMLS_trace_includes"][$_SESSION["GOTMLS_traces"]][$file]))
$_SESSION["GOTMLS_traces"] = $mt;
if (!$GOTMLS_headers_sent && $GOTMLS_headers_sent = headers_sent($filename, $linenum)) {
if (!$filename)
$filename = __("an unknown file",'gotmls');
if (!is_numeric($linenum))
$linenum = __("unknown",'gotmls');
$mt .= sprintf(__(': Headers sent by %1$s on line %2$s.','gotmls'), $filename, $linenum);
}
if (!(isset($_SESSION["GOTMLS_OBs"]) && is_array($_SESSION["GOTMLS_OBs"])))
$_SESSION["GOTMLS_OBs"] = array();
if (($OBs = ob_list_handlers()) && is_array($OBs) && (count($_SESSION["GOTMLS_OBs"]) != count($OBs))) {
$mt .= print_r(array("ob"=>ob_list_handlers()),1);
$_SESSION["GOTMLS_OBs"] = $OBs;
}
$_SESSION["GOTMLS_trace_includes"][$_SESSION["GOTMLS_traces"]][$file] = $mt;
if (isset($_GET["GOTMLS_traces"]) && count($_SESSION["GOTMLS_trace_includes"][$_SESSION["GOTMLS_traces"]]) > $_GET["GOTMLS_includes"]) {
$_SESSION["GOTMLS_traces"] = $mt;
foreach ($_SESSION["GOTMLS_trace_includes"] as $trace => $array)
if ($trace < $_GET["GOTMLS_traces"])
unset($_SESSION["GOTMLS_trace_includes"][$trace]);
die(print_r(array("<a href='?GOTMLS_traces=".substr($_SESSION["GOTMLS_traces"], 0, 10)."'>".substr($_SESSION["GOTMLS_traces"], 0, 10)."</a><pre>",$_SESSION["GOTMLS_trace_includes"],"<pre>")));
}
}
}

97
wp-content/plugins/gotmls/safe-load/wp-login.php Normal file
View File

@@ -0,0 +1,97 @@
<?php
/**
* GOTMLS wp-login protection
* @package GOTMLS
*/
if (!defined("GOTMLS_REQUEST_METHOD"))
define("GOTMLS_REQUEST_METHOD", (isset($_SERVER["REQUEST_METHOD"])?strtoupper($_SERVER["REQUEST_METHOD"]):"none"));
if (!(isset($GLOBALS["GOTMLS"]) && is_array($GLOBALS["GOTMLS"])))
$GLOBALS["GOTMLS"] = array();
if ((GOTMLS_REQUEST_METHOD == "POST") && isset($_POST["log"]) && isset($_POST["pwd"]) && isset($_POST["session_id"]) && isset($_POST["sess".$_POST["session_id"]]) && is_numeric($_POST["sess".$_POST["session_id"]])) {
$sess = round($_POST["sess".$_POST["session_id"]] / 60000);
$time = round(time() / 60);
if ((($time - $sess) > 2) || (($sess - $time) > 2)) {
$GLOBALS["GOTMLS"]["detected_attacks"] = '&attack[]=NO_JS';
include(dirname(__FILE__)."/index.php");
}
} else {
include(dirname(__FILE__)."/session.php");
if (!function_exists("GOTMLS_update_log_file")) {
function GOTMLS_update_log_file($dont_force_write = true) {
if (!defined("GOTMLS_SESSION_FILE"))
define("GOTMLS_SESSION_FILE", dirname(__FILE__)."/_SESSION/index.php");
if (is_file(GOTMLS_SESSION_FILE))
include(GOTMLS_SESSION_FILE);
else {
if (!is_dir(dirname(GOTMLS_SESSION_FILE)))
@mkdir(dirname(GOTMLS_SESSION_FILE));
if (is_dir(dirname(GOTMLS_SESSION_FILE)))
if (!is_file(GOTMLS_SESSION_FILE))
if (file_put_contents(GOTMLS_SESSION_FILE, "<?php if (!defined('GOTMLS_INSTALL_TIME')) define('GOTMLS_INSTALL_TIME', '".GOTMLS_SESSION_TIME."');"))
include(GOTMLS_SESSION_FILE);
}
if (!defined("GOTMLS_INSTALL_TIME"))
return false;
else {
$GOTMLS_LOGIN_ARRAY = array("ADDR"=>(isset($_SERVER["REMOTE_ADDR"])?$_SERVER["REMOTE_ADDR"]:"REMOTE_ADDR"), "AGENT"=>(isset($_SERVER["HTTP_USER_AGENT"])?$_SERVER["HTTP_USER_AGENT"]:"HTTP_USER_AGENT"), "TIME"=>GOTMLS_INSTALL_TIME);
$GOTMLS_LOGIN_KEY = md5(serialize($GOTMLS_LOGIN_ARRAY));
if (!defined("GOTMLS_LOG_FILE"))
define("GOTMLS_LOG_FILE", dirname(GOTMLS_SESSION_FILE)."/GOTMLS.$GOTMLS_LOGIN_KEY.php");
if (is_file(GOTMLS_LOG_FILE))
include(GOTMLS_LOG_FILE);
if (GOTMLS_REQUEST_METHOD == "POST")
$GLOBALS["GOTMLS"]["logins"][$GOTMLS_LOGIN_KEY][GOTMLS_REQUEST_METHOD][GOTMLS_INSTALL_TIME] = $GOTMLS_LOGIN_ARRAY;
else
$GLOBALS["GOTMLS"]["logins"][$GOTMLS_LOGIN_KEY][GOTMLS_REQUEST_METHOD] = GOTMLS_INSTALL_TIME;
@file_put_contents(GOTMLS_LOG_FILE, '<?php $GLOBALS["GOTMLS"]["logins"]["'.$GOTMLS_LOGIN_KEY.'"]=unserialize(base64_decode("'.base64_encode(serialize($GLOBALS["GOTMLS"]["logins"][$GOTMLS_LOGIN_KEY])).'"));');
if (isset($GLOBALS["GOTMLS"]["logins"][$GOTMLS_LOGIN_KEY]) && is_array($GLOBALS["GOTMLS"]["logins"][$GOTMLS_LOGIN_KEY]))
return $GOTMLS_LOGIN_KEY;
else
return 0;
}
}
}
if ((GOTMLS_REQUEST_METHOD == "POST") && isset($_POST["log"]) && isset($_POST["pwd"]) && !(isset($GOTMLS_LOGIN_KEY) && isset($GOTMLS_logins[$GOTMLS_LOGIN_KEY]["whitelist"]))) {
if (!(isset($_SESSION["GOTMLS_detected_attacks"]) && $_SESSION["GOTMLS_SESSION_LAST"]))
$GLOBALS["GOTMLS"]["detected_attacks"] = '&attack[]=NO_SESSION';
if (!isset($_SERVER["REMOTE_ADDR"]))
$GLOBALS["GOTMLS"]["detected_attacks"] .= '&attack[]=NO_REMOTE_ADDR';
if (!isset($_SERVER["HTTP_USER_AGENT"]))
$GLOBALS["GOTMLS"]["detected_attacks"] .= '&attack[]=NO_HTTP_USER_AGENT';
if (!isset($_SERVER["HTTP_REFERER"]) && !(isset($_SERVER["HTTP_USER_AGENT"]) && substr($_SERVER["HTTP_USER_AGENT"], 0, 18) == "Mozilla/5.0 (iPad;"))
$GLOBALS["GOTMLS"]["detected_attacks"] .= '&attack[]=NO_HTTP_REFERER';
if (!$GLOBALS["GOTMLS"]["detected_attacks"]) {
if (isset($_SESSION["GOTMLS_login_attempts"]) && is_numeric($_SESSION["GOTMLS_login_attempts"]) && strlen($_SESSION["GOTMLS_login_attempts"]."") > 0)
$_SESSION["GOTMLS_login_attempts"]++;
else {
if ($GOTMLS_LOGIN_KEY = GOTMLS_update_log_file()) {
if (!(isset($GLOBALS["GOTMLS"]["logins"][$GOTMLS_LOGIN_KEY]["POST"]) && is_array($GLOBALS["GOTMLS"]["logins"][$GOTMLS_LOGIN_KEY]["POST"])))
$GLOBALS["GOTMLS"]["detected_attacks"] .= '&attack[]=NO_LOGIN_ATTEMPTS';
elseif (!isset($GLOBALS["GOTMLS"]["logins"][$GOTMLS_LOGIN_KEY]["GET"]))
$GLOBALS["GOTMLS"]["detected_attacks"] .= '&attack[]=NO_LOGIN_GETS';
else {
$_SESSION["GOTMLS_login_attempts"] = 0;
foreach ($GLOBALS["GOTMLS"]["logins"][$GOTMLS_LOGIN_KEY]["POST"] as $LOGIN_TIME=>$LOGIN_ARRAY) {
if ($LOGIN_TIME > $GLOBALS["GOTMLS"]["logins"][$GOTMLS_LOGIN_KEY]["GET"])
$_SESSION["GOTMLS_login_attempts"]++;
else
unset($GLOBALS["GOTMLS"]["logins"][$GOTMLS_LOGIN_KEY]["POST"][$LOGIN_TIME]);
}
}
} else
$GLOBALS["GOTMLS"]["detected_attacks"] .= '&attack[]=NO_LOG_FILE';
}
if (!(isset($_SESSION["GOTMLS_login_attempts"]) && is_numeric($_SESSION["GOTMLS_login_attempts"]) && ($_SESSION["GOTMLS_login_attempts"] < 6) && $_SESSION["GOTMLS_login_attempts"]))
$GLOBALS["GOTMLS"]["detected_attacks"] .= '&attack[]=TOO_MANY_login_attempts';
}
if ($GLOBALS["GOTMLS"]["detected_attacks"])
include(dirname(__FILE__)."/index.php");
} else {
if (isset($_SERVER["SCRIPT_FILENAME"]) && basename(__FILE__) == basename($_SERVER["SCRIPT_FILENAME"]))
GOTMLS_update_log_file();
$_SESSION["GOTMLS_detected_attacks"] = '';
$_SESSION["GOTMLS_login_attempts"] = 0;
}
session_write_close();
}

231
wp-content/plugins/gotmls/safe-load/wp-settings.php Normal file
View File

@@ -0,0 +1,231 @@
<?php
if (is_file("../../../../wp-includes/version.php"))
require_once("../../../../wp-includes/version.php");
if (is_file("../../../../wp-includes/default-constants.php"))
require_once("../../../../wp-includes/default-constants.php");
if ( !defined('WP_DEBUG_DISPLAY') )
define( 'WP_DEBUG_DISPLAY', true );
if (!function_exists("apply_filters")) {
function apply_filters($filter, $value) {
return $value;
}}
if (!function_exists("wp_load_translations_early")) {
function wp_load_translations_early() {
return false;
}}
if (!function_exists("wp_debug_backtrace_summary")) {
function wp_debug_backtrace_summary() {
return false;
}}
if (!function_exists("is_multisite")) {
function is_multisite() {
return false;
}}
if (!function_exists("is_wp_error")) {
function is_wp_error() {
return false;
}}
if (!function_exists("mbstring_binary_safe_encoding")) {
function mbstring_binary_safe_encoding( $reset = false ) {
static $encodings = array();
static $overloaded = null;
if ( is_null( $overloaded ) )
$overloaded = function_exists( 'mb_internal_encoding' ) && ( ini_get( 'mbstring.func_'.'overload' ) & 2 );
if ( false === $overloaded )
return;
if ( ! $reset ) {
$encoding = mb_internal_encoding();
array_push( $encodings, $encoding );
mb_internal_encoding( 'ISO-8859-1' );
}
if ( $reset && $encodings ) {
$encoding = array_pop( $encodings );
mb_internal_encoding( $encoding );
}
}}
if (!function_exists("reset_mbstring_encoding")) {
function reset_mbstring_encoding() {
mbstring_binary_safe_encoding( true );
}}
if (!function_exists("_wp_filter_build_unique_id")) {
function _wp_filter_build_unique_id($tag, $function, $priority) {
global $wp_filter;
static $filter_id_count = 0;
if ( is_string($function) )
return $function;
if ( is_object($function) ) {
// Closures are currently implemented as objects
$function = array( $function, '' );
} else {
$function = (array) $function;
}
if (is_object($function[0]) ) {
// Object Class Calling
if ( function_exists('spl_object_hash') ) {
return spl_object_hash($function[0]) . $function[1];
} else {
$obj_idx = get_class($function[0]).$function[1];
if ( !isset($function[0]->wp_filter_id) ) {
if ( false === $priority )
return false;
$obj_idx .= isset($wp_filter[$tag][$priority]) ? count((array)$wp_filter[$tag][$priority]) : $filter_id_count;
$function[0]->wp_filter_id = $filter_id_count;
++$filter_id_count;
} else {
$obj_idx .= $function[0]->wp_filter_id;
}
return $obj_idx;
}
} elseif ( is_string( $function[0] ) ) {
// Static Calling
return $function[0] . '::' . $function[1];
}
}}
if (!function_exists("add_filter")) {
function add_filter( $tag, $function_to_add, $priority = 10, $accepted_args = 1 ) {
global $wp_filter, $merged_filters;
$idx = _wp_filter_build_unique_id($tag, $function_to_add, $priority);
$wp_filter[$tag][$priority][$idx] = array('function' => $function_to_add, 'accepted_args' => $accepted_args);
unset( $merged_filters[ $tag ] );
return true;
}}
if (!function_exists("has_filter")) {
function has_filter($tag, $function_to_check = false) {
global $wp_filter;
$has = ! empty( $wp_filter[ $tag ] );
if ( $has ) {
$exists = false;
foreach ( $wp_filter[ $tag ] as $callbacks ) {
if ( ! empty( $callbacks ) ) {
$exists = true;
break;
}
}
if ( ! $exists )
$has = false;
}
if ( false === $function_to_check || false == $has )
return $has;
if ( !$idx = _wp_filter_build_unique_id($tag, $function_to_check, false) )
return false;
foreach ( (array) array_keys($wp_filter[$tag]) as $priority )
if ( isset($wp_filter[$tag][$priority][$idx]) )
return $priority;
return false;
}}
if (is_file("../../../../wp-includes/wp-db.php"))
require_once("../../../../wp-includes/wp-db.php");
$wpdb = new wpdb( DB_USER, DB_PASSWORD, DB_NAME, DB_HOST );
if (!function_exists("delete_option")) {
function delete_option($index) {
global $wpdb, $table_prefix;
$wpdb->delete($table_prefix."options", array( 'option_name' => "'$index'"));
}}
if (!function_exists("update_option")) {
function update_option($index, $value = "") {
global $wpdb, $table_prefix;
if (is_array($value))
$value = serialize($value);
$return = $wpdb->update($table_prefix."options", array('option_value' => $value), array('option_name' => $index));
return $return;
}}
if (!function_exists("get_option")) {
function get_option($index, $value = array()) {
global $wpdb, $table_prefix;
$qry = "SELECT option_value FROM {$table_prefix}options WHERE option_name = '$index'";
$return = $wpdb->get_var( $qry );
if (@unserialize($return) && is_array(@unserialize($return)))
return unserialize($return);
else
return $return;
}}
if (!function_exists("admin_url")) {
function admin_url($path = '') {
$url = get_option('siteurl').'wp-admin/';
if ($path && is_string($path))
$url .= ltrim($path, '/');
return $url;
}}
if (!function_exists("_deep_replace")) {
function _deep_replace( $search, $subject ) {
$subject = (string) $subject;
$count = 1;
while ( $count ) {
$subject = str_replace( $search, '', $subject, $count );
}
return $subject;
}}
if (!function_exists("valid_unicode")) {
function valid_unicode( $i ) {
return ( 0x9 == $i || 0xa == $i || 0xd == $i ||
( 0x20 <= $i && $i <= 0xd7ff ) ||
( 0xe000 <= $i && $i <= 0xfffd ) ||
( 0x10000 <= $i && $i <= 0x10ffff ) );
}}
if (!function_exists("wp_kses_normalize_entities2")) {
function wp_kses_normalize_entities2( $matches ) {
if ( empty( $matches[1] ) ) {
return '';
}
$i = $matches[1];
if ( valid_unicode( $i ) ) {
$i = str_pad( ltrim( $i, '0' ), 3, '0', STR_PAD_LEFT );
$i = "&#$i;";
} else {
$i = "&amp;#$i;";
}
return $i;
}}
if (!function_exists("wp_kses_normalize_entities3")) {
function wp_kses_normalize_entities3( $matches ) {
if ( empty( $matches[1] ) ) {
return '';
}
$hexchars = $matches[1];
return ( ! valid_unicode( hexdec( $hexchars ) ) ) ? "&amp;#x$hexchars;" : '&#x' . ltrim( $hexchars, '0' ) . ';';
}}
if (!function_exists("wp_kses_named_entities")) {
function wp_kses_named_entities($matches) {
global $allowedentitynames;
if (empty($matches[1]))
return '';
$i = $matches[1];
return (is_array($allowedentitynames) && in_array($i, $allowedentitynames, true)) ? "&$i;" : "&amp;$i;";
}}
if (!function_exists("wp_kses_normalize_entities")) {
function wp_kses_normalize_entities($string) {
// Disarm all entities by converting & to &amp;
$string = str_replace( '&', '&amp;', $string );
$string = preg_replace_callback( '/&amp;([A-Za-z]{2,8}[0-9]{0,2});/', 'wp_kses_named_entities', $string );
$string = preg_replace_callback( '/&amp;#(0*[0-9]{1,7});/', 'wp_kses_normalize_entities2', $string );
$string = preg_replace_callback( '/&amp;#[Xx](0*[0-9A-Fa-f]{1,6});/', 'wp_kses_normalize_entities3', $string );
return $string;
}}