-
Notifications
You must be signed in to change notification settings - Fork 39
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #36 from LMCv3/master
Added Hashes for WP 4.9.8 & Multiple fixes and enhancements
- Loading branch information
Showing
31 changed files
with
29,209 additions
and
27,864 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -8,4 +8,5 @@ | |
|
||
# Ignore WordPress archive | ||
latest.zip | ||
wordpress-*.zip | ||
.DS_Store |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,170 +1,169 @@ | ||
<?php | ||
/* | ||
Plugin Name: Exploit Scanner Auto Hash Generator | ||
Plugin URI: https://github.com/mattyrob | ||
Description: Checks for and then automatically generates hash files for use in the Exploit Scanner plugin for WordPress. | ||
Version: 1.0b | ||
Author: Matthew Robinson | ||
Author URI: https://github.com/mattyrob | ||
Licence: GPL3 | ||
Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=2387904 | ||
Text Domain: esahg | ||
*/ | ||
|
||
define( 'ESAHGDIR', trailingslashit( plugin_basename( dirname( __FILE__ ) ) ) ); | ||
define( 'ESAHGPATH', WP_CONTENT_DIR . '/' . ESAHGDIR ); | ||
add_action( 'admin_menu', 'esahg_admin' ); | ||
|
||
function esahg_admin() { | ||
load_plugin_textdomain( 'eashg', 'wp-content/plugins/' . ESAHGDIR, '/' . ESAHGDIR ); | ||
add_management_page( __( 'Exploit Scanner Auto Hash Generator', 'eashg' ), __( 'Exploit Scanner Auto Hash Generator', 'eashg' ), apply_filters( 'eashg_capability', 'manage_options' ), 'eashg', 'eashg_menu' ); | ||
} // end eashg_admin() | ||
|
||
function eashg_menu() { | ||
global $wpdb; | ||
echo '<div class="wrap">'; | ||
echo '<h2>' . __( 'Exploit Scanner Automatic Hash File Generator', 'esahg' ) . '</h2>'; | ||
if ( ! is_plugin_active( 'exploit-scanner/exploit-scanner.php' ) ) { | ||
$exit_msg = sprintf( __( '%s is not active on this site, please download and activate it.', 'esahg' ), '<a href="https://wordpress.org/plugins/exploit-scanner/">Exploit Scanner</a>' ); | ||
exit( $exit_msg ); | ||
} | ||
require( ABSPATH . WPINC . '/version.php' ); | ||
$es_path = WP_CONTENT_DIR . '/plugins/exploit-scanner/'; | ||
$hash_filename = sanitize_file_name( 'hashes-' . $wp_version . '.php' ); | ||
$file = $es_path . $hash_filename; | ||
|
||
// instantiate WordPress file system for later | ||
$creds = request_filesystem_credentials( site_url() . '/wp-admin/', '', false, false, array() ); | ||
if ( ! WP_Filesystem( $creds ) ) { | ||
echo '<p>' . __( 'Unable to enable the WordPress Filesystem.', 'esahg' ) . '</p>'; | ||
exit; | ||
} | ||
global $wp_filesystem; | ||
|
||
if ( ! is_readable( $file ) ) { | ||
// attempt to get hashes from Wordpress.org API | ||
$response = wp_safe_remote_get( esc_url( 'https://api.wordpress.org/core/checksums/1.0/?version=' . $GLOBALS['wp_version'] ) ); | ||
$checksums = json_decode( wp_remote_retrieve_body( $response ) ); | ||
|
||
if ( false !== $checksums->{'checksums'}->{$GLOBALS['wp_version']} ) { | ||
$hashes_arr = array(); | ||
foreach ( $checksums->{'checksums'}->{$GLOBALS['wp_version']} as $filename => $checksum ) { | ||
if ( false === strstr( $filename, 'wp-content/plugins/' ) && false === strstr( $filename, 'wp-content/themes/' ) ) { | ||
$hashes_arr[ $filename ] = $checksum; | ||
} | ||
} | ||
$hashes = '<?php' . "\r\n" . '$filehashes = array(' . "\r\n"; | ||
foreach ( $hashes_arr as $filename => $hash ) { | ||
$hashes .= "'" . $filename . "' => '" . $hash . "',\r\n"; | ||
} | ||
$hashes .= ");\r\n?>"; | ||
} else { | ||
// fall back to zip file download if checksums are not returned | ||
global $download_to; | ||
$zip_filename = sanitize_file_name( 'wordpress-' . $wp_version . '.zip' ); | ||
if ( wp_mkdir_p( ESAHGPATH . 'wpzip' ) ) { | ||
$download_to = ESAHGPATH . 'wpzip'; | ||
chdir( $download_to ); | ||
} else { | ||
$download_to = '/tmp'; | ||
chdir( $download_to ); | ||
} | ||
if ( ! is_readable( $download_to . '/' . $zip_filename ) ) { | ||
if ( ! copy( 'http://wordpress.org/' . $zip_filename, $download_to . '/' . $zip_filename ) ) { | ||
echo '<p>' . sprintf( __( 'Unable to download the required zip file from WordPress.org, manually download it and upload to %s.', 'esahg' ), ESAHGPATH ) . '</p>'; | ||
} | ||
} else { | ||
echo '<p>' . sprintf( __( 'WordPress Zip file located at %s.', 'esahg' ), $download_to . '/' . $zip_filename ) . '</p>'; | ||
} | ||
|
||
if ( function_exists( 'zip_open' ) ) { | ||
$hashes = esahg_zip( $zip_filename ); | ||
} else { | ||
$hashes = esahg_nozip( $zip_filename ); | ||
} | ||
} | ||
} else { | ||
echo '<p>' . sprintf( __( 'You appear to be using version %s of WordPress. A hash file for this version of WordPress already exists.', 'esahg' ), $wp_version ) . '</p>'; | ||
exit; | ||
} | ||
|
||
if ( ! $wp_filesystem->put_contents( $file, $hashes, FS_CHMOD_FILE ) ) { | ||
echo '<p>' . __( 'Unable to write hashes file please create it manually with the following content:', 'esahg' ) . '</p>'; | ||
echo '<textarea>' . $hashes . '</textarea>'; | ||
} else { | ||
echo '<p>' . sprintf( __( 'A Hash file called %s was successfully created!', 'esahg' ), $hash_filename ) . '</p>'; | ||
} | ||
echo '</div>'; | ||
} // end eashg_menu() | ||
|
||
function esahg_zip( $zip_filename ) { | ||
$zip = zip_open( getcwd() . '/' . $zip_filename ); | ||
if ( is_resource( $zip ) ) { | ||
while ( $zip_entry = zip_read( $zip ) ) { | ||
zip_entry_open( $zip, $zip_entry, 'r' ); | ||
$wp_file = zip_entry_read( $zip_entry, zip_entry_filesize( $zip_entry ) ); | ||
if ( substr( zip_entry_name( $zip_entry ), -1, 1 ) !== '/' && false === strstr( zip_entry_name( $zip_entry ), 'wp-content/plugins/' ) && false === strstr( zip_entry_name( $zip_entry ), 'wp-content/themes/' ) ) { | ||
$files[] = zip_entry_name( $zip_entry ); | ||
} | ||
zip_entry_close( $zip_entry ); | ||
} | ||
zip_close( $zip ); | ||
} | ||
|
||
return hash_files( $files ); | ||
} // end esahg_zip() | ||
|
||
function esahg_nozip( $zip_filename ) { | ||
if ( is_readable( $download_to . '/' . $zip_filename ) ) { | ||
$unzipfile = unzip_file( $download_to . '/' . $zip_filename, $download_to ); | ||
if ( is_wp_error( $unzipfile ) ) { | ||
echo $unzipfile->get_error_message(); | ||
exit; | ||
} else { | ||
echo '<p>' . __( 'WordPress zip file unpacked.', 'esahg' ) . '</p>'; | ||
$files = array(); | ||
$files = walk_wp_directory( $download_to . '/wordpress' ); | ||
return hash_files( $files ); | ||
} | ||
$wp_filesystem->delete( $download_to . '/wordpress/', true ); | ||
} else { | ||
echo '<p>' . __( 'Sorry, unable to locate the WordPress zip archive.', 'esahg' ) . '</p>'; | ||
exit; | ||
} | ||
} | ||
|
||
function walk_wp_directory( $dir ) { | ||
global $download_to, $files; | ||
if ( $handle = @opendir( $dir ) ) { | ||
while ( false !== ( $file = readdir( $handle ) ) ) { | ||
if ( '.' !== $file && '..' !== $file ) { | ||
$file = $dir . '/' . $file; | ||
if ( is_dir( $file ) ) { | ||
walk_wp_directory( $file ); | ||
} elseif ( is_file( $file ) ) { | ||
if ( false === strstr( $file, 'wp-content/plugins/' ) && false === strstr( $file, 'wp-content/themes/' ) ) { | ||
$files[] = $file; | ||
} | ||
} | ||
} | ||
} | ||
closedir( $handle ); | ||
return $files; | ||
} else { | ||
echo '<p>' . sprintf( __( 'Apologies, it seems the zip file has disappeared, please manually download it to %s or try again.', 'esahg' ), ESAHGPATH ); | ||
} | ||
} // end walk_wp_directory() | ||
|
||
function hash_files( $files = array() ) { | ||
if ( empty( $files ) ) { return false; } | ||
|
||
global $download_to; | ||
sort( $files ); | ||
$file_hashes = '<?php' . "\r\n" . '$filehashes = array(' . "\r\n"; | ||
foreach ( $files as $file ) { | ||
$file_hashes .= "'" . str_replace( $download_to . '/wordpress/', '', $file ) . "' => '" . md5( $file ) . "',\r\n"; | ||
} | ||
$file_hashes .= ");\r\n?>"; | ||
|
||
return $file_hashes; | ||
} // end hash_files() | ||
<?php | ||
/* | ||
Plugin Name: Exploit Scanner Auto Hash Generator | ||
Plugin URI: https://github.com/mattyrob | ||
Description: Checks for and then automatically generates hash files for use in the Exploit Scanner plugin for WordPress. | ||
Version: 1.0b | ||
Author: Matthew Robinson | ||
Author URI: https://github.com/mattyrob | ||
Licence: GPL3 | ||
Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=2387904 | ||
Text Domain: esahg | ||
*/ | ||
|
||
define( 'ESAHGDIR', trailingslashit( plugin_basename( dirname( __FILE__ ) ) ) ); | ||
define( 'ESAHGPATH', WP_CONTENT_DIR . '/' . ESAHGDIR ); | ||
add_action( 'admin_menu', 'esahg_admin' ); | ||
|
||
function esahg_admin() { | ||
load_plugin_textdomain( 'eashg', 'wp-content/plugins/' . ESAHGDIR, '/' . ESAHGDIR ); | ||
add_management_page( __( 'Exploit Scanner Auto Hash Generator', 'eashg' ), __( 'Exploit Scanner Auto Hash Generator', 'eashg' ), apply_filters( 'eashg_capability', 'manage_options' ), 'eashg', 'eashg_menu' ); | ||
} // end eashg_admin() | ||
|
||
function eashg_menu() { | ||
global $wpdb; | ||
echo '<div class="wrap">'; | ||
echo '<h2>' . __( 'Exploit Scanner Automatic Hash File Generator', 'esahg' ) . '</h2>'; | ||
if ( ! is_plugin_active( 'exploit-scanner/exploit-scanner.php' ) ) { | ||
$exit_msg = sprintf( __( '%s is not active on this site, please download and activate it.', 'esahg' ), '<a href="https://wordpress.org/plugins/exploit-scanner/">Exploit Scanner</a>' ); | ||
wp_die( $exit_msg ); | ||
} | ||
require( ABSPATH . WPINC . '/version.php' ); | ||
$es_path = WP_CONTENT_DIR . '/plugins/exploit-scanner/'; | ||
$hash_filename = sanitize_file_name( 'hashes-' . $wp_version . '.php' ); | ||
$file = $es_path . $hash_filename; | ||
|
||
// instantiate WordPress file system for later | ||
$creds = request_filesystem_credentials( site_url() . '/wp-admin/', '', false, false, array() ); | ||
if ( ! WP_Filesystem( $creds ) ) { | ||
wp_die( '<p>' . __( 'Unable to enable the WordPress Filesystem.', 'esahg' ) . '</p>' ); | ||
} | ||
global $wp_filesystem; | ||
|
||
if ( ! is_readable( $file ) ) { | ||
// attempt to get hashes from Wordpress.org API | ||
$response = wp_safe_remote_get( esc_url( 'https://api.wordpress.org/core/checksums/1.0/?version=' . $GLOBALS['wp_version'] ) ); | ||
$checksums = json_decode( wp_remote_retrieve_body( $response ) ); | ||
|
||
if ( false !== $checksums->{'checksums'}->{$GLOBALS['wp_version']} ) { | ||
$hashes_arr = array(); | ||
foreach ( $checksums->{'checksums'}->{$GLOBALS['wp_version']} as $filename => $checksum ) { | ||
if ( false === strstr( $filename, 'wp-content/plugins/' ) && false === strstr( $filename, 'wp-content/themes/' ) ) { | ||
$hashes_arr[ $filename ] = $checksum; | ||
} | ||
} | ||
$hashes = '<?php' . "\r\n" . '$filehashes = array(' . "\r\n"; | ||
foreach ( $hashes_arr as $filename => $hash ) { | ||
$hashes .= "'" . $filename . "' => '" . $hash . "',\r\n"; | ||
} | ||
$hashes .= ");\r\n?>"; | ||
} else { | ||
// fall back to zip file download if checksums are not returned | ||
global $download_to; | ||
$zip_filename = sanitize_file_name( 'wordpress-' . $wp_version . '.zip' ); | ||
if ( wp_mkdir_p( ESAHGPATH . 'wpzip' ) ) { | ||
$download_to = ESAHGPATH . 'wpzip'; | ||
chdir( $download_to ); | ||
} else { | ||
$download_to = '/tmp'; | ||
chdir( $download_to ); | ||
} | ||
if ( ! is_readable( $download_to . '/' . $zip_filename ) ) { | ||
if ( ! copy( 'http://wordpress.org/' . $zip_filename, $download_to . '/' . $zip_filename ) ) { | ||
echo '<p>' . sprintf( __( 'Unable to download the required zip file from WordPress.org, manually download it and upload to %s.', 'esahg' ), ESAHGPATH ) . '</p>'; | ||
} | ||
} else { | ||
echo '<p>' . sprintf( __( 'WordPress Zip file located at %s.', 'esahg' ), $download_to . '/' . $zip_filename ) . '</p>'; | ||
} | ||
|
||
if ( function_exists( 'zip_open' ) ) { | ||
$hashes = esahg_zip( $zip_filename ); | ||
} else { | ||
$hashes = esahg_nozip( $zip_filename ); | ||
} | ||
} | ||
} else { | ||
echo '<p>' . sprintf( __( 'You appear to be using version %s of WordPress. A hash file for this version of WordPress already exists.', 'esahg' ), $wp_version ) . '</p>'; | ||
exit; | ||
} | ||
|
||
if ( ! $wp_filesystem->put_contents( $file, $hashes, FS_CHMOD_FILE ) ) { | ||
echo '<p>' . __( 'Unable to write hashes file please create it manually with the following content:', 'esahg' ) . '</p>'; | ||
echo '<textarea>' . $hashes . '</textarea>'; | ||
} else { | ||
echo '<p>' . sprintf( __( 'A Hash file called %s was successfully created!', 'esahg' ), $hash_filename ) . '</p>'; | ||
} | ||
echo '</div>'; | ||
} // end eashg_menu() | ||
|
||
function esahg_zip( $zip_filename ) { | ||
$zip = zip_open( getcwd() . '/' . $zip_filename ); | ||
if ( is_resource( $zip ) ) { | ||
while ( $zip_entry = zip_read( $zip ) ) { | ||
zip_entry_open( $zip, $zip_entry, 'r' ); | ||
$wp_file = zip_entry_read( $zip_entry, zip_entry_filesize( $zip_entry ) ); | ||
if ( substr( zip_entry_name( $zip_entry ), -1, 1 ) !== '/' && false === strstr( zip_entry_name( $zip_entry ), 'wp-content/plugins/' ) && false === strstr( zip_entry_name( $zip_entry ), 'wp-content/themes/' ) ) { | ||
$files[] = zip_entry_name( $zip_entry ); | ||
} | ||
zip_entry_close( $zip_entry ); | ||
} | ||
zip_close( $zip ); | ||
} | ||
|
||
return hash_files( $files ); | ||
} // end esahg_zip() | ||
|
||
function esahg_nozip( $zip_filename ) { | ||
if ( is_readable( $download_to . '/' . $zip_filename ) ) { | ||
$unzipfile = unzip_file( $download_to . '/' . $zip_filename, $download_to ); | ||
if ( is_wp_error( $unzipfile ) ) { | ||
echo $unzipfile->get_error_message(); | ||
exit; | ||
} else { | ||
echo '<p>' . __( 'WordPress zip file unpacked.', 'esahg' ) . '</p>'; | ||
$files = array(); | ||
$files = walk_wp_directory( $download_to . '/wordpress' ); | ||
return hash_files( $files ); | ||
} | ||
$wp_filesystem->delete( $download_to . '/wordpress/', true ); | ||
} else { | ||
echo '<p>' . __( 'Sorry, unable to locate the WordPress zip archive.', 'esahg' ) . '</p>'; | ||
exit; | ||
} | ||
} | ||
|
||
function walk_wp_directory( $dir ) { | ||
global $download_to, $files; | ||
if ( $handle = @opendir( $dir ) ) { | ||
while ( false !== ( $file = readdir( $handle ) ) ) { | ||
if ( '.' !== $file && '..' !== $file ) { | ||
$file = $dir . '/' . $file; | ||
if ( is_dir( $file ) ) { | ||
walk_wp_directory( $file ); | ||
} elseif ( is_file( $file ) ) { | ||
if ( false === strstr( $file, 'wp-content/plugins/' ) && false === strstr( $file, 'wp-content/themes/' ) ) { | ||
$files[] = $file; | ||
} | ||
} | ||
} | ||
} | ||
closedir( $handle ); | ||
return $files; | ||
} else { | ||
echo '<p>' . sprintf( __( 'Apologies, it seems the zip file has disappeared, please manually download it to %s or try again.', 'esahg' ), ESAHGPATH ); | ||
} | ||
} // end walk_wp_directory() | ||
|
||
function hash_files( $files = array() ) { | ||
if ( empty( $files ) ) { return false; } | ||
|
||
global $download_to; | ||
sort( $files ); | ||
$file_hashes = '<?php' . "\n" . '$filehashes = array(' . "\n"; | ||
foreach ( $files as $file ) { | ||
$file_hashes .= "'" . str_replace( $download_to . '/wordpress/', '', $file ) . "' => '" . md5( $file ) . "',\n"; | ||
} | ||
$file_hashes .= ");\n?>"; | ||
|
||
return $file_hashes; | ||
} // end hash_files() |
Oops, something went wrong.