Merge pull request cavo789#2 from conseilgouz/master

2.0.0
conseilgouz · Aug 30, 2023 · 8cbe725 · 8cbe725
2 parents 227fb14 + 8009ce6
commit 8cbe725
Show file tree

Hide file tree

Showing 7 changed files with 25 additions and 12 deletions.
diff --git a/aesecure_quickscan.php b/aesecure_quickscan.php
@@ -1,11 +1,12 @@
+
 <?php
 
 /**
  * Name          : aeSecure QuickScan - Free scanner
  * URL           : https://www.aesecure.com/fr/blog/aesecure-quickscan.html  (user guide)
  * Description   : Scan your website for possible hacks, viruses, malwares, SEO black hat and exploits
- * Version       : 1.2
- * Date          : November 2018
+ * Version       : 2.0
+ * Date          : March 2022
  * Author        : AVONTURE Christophe (christophe@avonture.be)
  * Author website: https://www.aesecure.com.
  *
@@ -30,6 +31,10 @@
  *
  * Changelog:
  *
+ * version 2.0
+ *    + PHP 8.2 compatibility
+ *    + look for hashes in hashes directory
+ *
  * version 1.2
  *    + Rewrite for downloading all settings and signatures files from GitHub
  *    + Add a lot more signatures in these lists: blacklist, whitelist, other and edited json
@@ -138,7 +143,7 @@
 
 // Register error handling functions
 set_error_handler(function ($code, $string, $file, $line) {
-    throw new ErrorException($string, null, $code, $file, $line);
+    throw new ErrorException($string, 0, $code, $file, $line);
 });
 
 register_shutdown_function(function () {
@@ -472,7 +477,7 @@ public function __construct($lang = null)
         $aeSession = aeSecureSession::getInstance();
 
         if (null == $lang) {
-            $lang = str_replace('_', '-', aeSecureFct::getParam('lang', 'string', null, 5));
+            $lang = str_replace('_', '-', aeSecureFct::getParam('lang', 'string', '', 5));
         }
 
         // Initialize the list of supported languages
@@ -882,13 +887,13 @@ public static function getParam($name, $type = 'string', $default = '', $maxlen
 
         if (isset($_POST[$name])) {
             if (in_array($type, ['int', 'integer'])) {
-                $return = filter_input(INPUT_POST, $name, FILTER_SANITIZE_NUMBER_INT);
+                $return = htmlspecialchars($_POST[$name], ENT_QUOTES); // filter_input(INPUT_POST, $name, FILTER_SANITIZE_NUMBER_INT);
             } elseif ('boolean' == $type) {
                 // false = 5 characters
-                $tmp    = substr(filter_input(INPUT_POST, $name, FILTER_SANITIZE_STRING), 0, 5);
+                $tmp    = substr(htmlspecialchars($_POST[$name], ENT_QUOTES),0,5); // substr(filter_input(INPUT_POST, $name, FILTER_SANITIZE_STRING), 0, 5);
                 $return = (in_array(strtolower($tmp), ['on', 'true'])) ? true : false;
             } elseif ('string' == $type) {
-                $return = filter_input(INPUT_POST, $name, FILTER_SANITIZE_STRING);
+                $return = htmlspecialchars($_POST[$name], ENT_QUOTES); //filter_input(INPUT_POST, $name, FILTER_SANITIZE_STRING);
                 if ($maxlen > 0) {
                     $return = substr($return, 0, $maxlen);
                 }
@@ -904,13 +909,13 @@ public static function getParam($name, $type = 'string', $default = '', $maxlen
             if ((true === $aeSession->get('Debug', DEBUG)) || in_array($name, ['aes', 'lang'])) {
                 if (isset($_GET[$name])) {
                     if (in_array($type, ['int', 'integer'])) {
-                        $return = filter_input(INPUT_GET, $name, FILTER_SANITIZE_NUMBER_INT);
+                        $return = htmlspecialchars($_GET[$name], ENT_QUOTES); //filter_input(INPUT_GET, $name, FILTER_SANITIZE_NUMBER_INT);
                     } elseif ('boolean' == $type) {
                         // false = 5 characters
-                        $tmp    = substr(filter_input(INPUT_GET, $name, FILTER_SANITIZE_STRING), 0, 5);
+                        $tmp    = substr(htmlspecialchars($_GET[$name], ENT_QUOTES), 0, 5);
                         $return = (in_array(strtolower($tmp), ['1', 'on', 'true'])) ? true : false;
                     } elseif ('string' == $type) {
-                        $return = filter_input(INPUT_GET, $name, FILTER_SANITIZE_STRING);
+                        $return = htmlspecialchars($_GET[$name], ENT_QUOTES);
                     } elseif ('unsafe' == $type) {
                         $return = $_GET[$name];
                     }
@@ -1295,7 +1300,7 @@ public static function getInfo($directory)
         foreach ($arrCMS as $key => $value) {
             if (method_exists('aeSecureCMS', 'is' . $key)) {
 
-                $method = 'self::is' . $key;
+                $method = self::class.'::is' . $key; // PHP 8.2
 
                 list($return, $CMS, $Filename, $FullVersion, $MainVersion, $Version) = call_user_func($method, $root);
 
@@ -2651,6 +2656,8 @@ public function gethashes($CMS, $version)
         // Build the name of the JSON file with whitelisted hash for the CMS found on the system
         // Build a filename like c:/site/hacked/aesecure_quickscan_J!3.9.0.json
         $json = DIR . DS . sprintf(self::CMS, $prefix . $version);
+        // Pascal : recherche dans repertoire hashes : 
+		// $json = DIR . DS . 'hashes'. DS.strtolower($CMS).DS.$prefix . $version.'.json';
 
         // If the file has zero byte, remove it, not normal.
 
@@ -3553,7 +3560,7 @@ private function doScan()
     $aeSession = aeSecureSession::getInstance();
     $aeSession->set('Debug', DEBUG);
 
-    $lang = str_replace('_', '-', aeSecureFct::getParam('lang', 'string', null, 5));
+    $lang = str_replace('_', '-', aeSecureFct::getParam('lang', 'string', '', 5));
 
     $aeLanguage = aeSecureLanguage::getInstance($lang);
 

diff --git a/hashes/joomla/J!3.10.11.json b/hashes/joomla/J!3.10.11.json
diff --git a/hashes/joomla/J!4.2.9.json b/hashes/joomla/J!4.2.9.json
diff --git a/hashes/joomla/J!4.3.0.json b/hashes/joomla/J!4.3.0.json
diff --git a/hashes/joomla/J!4.3.4.json b/hashes/joomla/J!4.3.4.json
diff --git a/hashes/joomla/j!3.10.12.json b/hashes/joomla/j!3.10.12.json
diff --git a/hashes/wordpress/WP6.2.json b/hashes/wordpress/WP6.2.json