Updated file-perm-check.php

1. <?php
2. /*
3. Plugin Name: File Permissions &#38; Size Check
4. Plugin URI: http://www.wpsecure.net/
5. Description: Checks wp file permissions and sizes
6. Author: Wycks
7. Author URI: http://wordpress.org/extend/plugins/profile/wycks
8. Version: 1.0.1
9. License: GPL2
10. ****/
11.  
12. /*  Copyright 2011  Wyckss  (email : info@wpsecure.net)
13.  
14.     This program is free software; you can redistribute it and/or modify
15.     it under the terms of the GNU General Public License, version 2, as
16.     published by the Free Software Foundation.
17.  
18.     This program is distributed in the hope that it will be useful,
19.     but WITHOUT ANY WARRANTY; without even the implied warranty of
20.     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
21.     GNU General Public License for more details.
22.  
23.     You should have received a copy of the GNU General Public License
24.     along with this program; if not, write to the Free Software
25.     Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
26. */
27.  
28.  
29. //register jquery tools and tab styles
30. add_action('admin_init', 'load_custom_perm_scripts_lcp');
31. function load_custom_perm_scripts_lcp() {
32.     $urljs = plugins_url( 'file-perm.js', __FILE__ );
33.     $urlcss = plugins_url( 'file-perm-check.css', __FILE__ );
34.      wp_register_script('my-jquery-ui', 'http://cdn.jquerytools.org/1.2.5/jquery.tools.min.js');
35.      wp_register_script('my-perm-js', $urljs );
36.      wp_register_style('jquery-style', $urlcss);
37.          }
38.  
39.  
40. //load stuff only on plugin page
41. //add_action( 'admin_print_styles',  'load_admin_perm_styles' );
42. add_action( 'admin_init',  'load_admin_perm_styles_lap' );
43. function load_admin_perm_styles_lap(){
44.    
45.     if( (is_admin() ) && (isset($_GET['page']) == "perm_check") ){
46.      wp_enqueue_style('jquery-style');
47.       wp_enqueue_script( 'my-jquery-ui' );
48.       wp_enqueue_script( 'my-perm-js' );
49.      
50.       }
51.      
52. }
53.  
54. // load menu
55. add_action( 'admin_menu', 'wp_fileperm_show_wfs');
56. function wp_fileperm_show_wfs(){
57.    
58.        $menu_label = "File Permission Checker";
59.        add_options_page( 'show perm', $menu_label, 'activate_plugins', 'perm_check', 'permy_file_check_pfc');
60. }
61.  
62.  
63. //main function lot's of tables and tabs ;)
64.  
65. function permy_file_check_pfc(){
66.    
67.     //global base root dir
68.     $base = ABSPATH;?>
69.    
70.    <div class="wrap">
71.      <?php screen_icon('plugins'); ?>
72.      
73.      <h2>File Permissions  &#38; Size Checker</h2>
74.      <h4>To read more about permissions check out
75.      <a href="http://codex.wordpress.org/Changing_File_Permissions">http://codex.wordpress.org/Changing_File_Permissions</a>
76.      <br>Files set to .777 will have a red mark <span class='red'> &#215; </span> as they can compromise your security, especially for directories.
77.      </h4>
78.      <p></p>
79.      <p><b>General rule of thumb:</b>| &#8226; Folders set to  755 or 750 | &#8226; Files set to 644 or 640 | &#8226; Important files (wp-config.php) should have more strict permissions like 600<p>
80.  
81.      <!--tab title-->
82.     <ul class="tabs">
83.       <li><a href="#">Root Folder</a></li>
84.       <li><a href="#">WP-Admin</a></li>
85.       <li><a href="#">WP-Content</a></li>
86.       <li><a href="#">WP-Includes</a></li>
87.       <li><a href="#">Info</a></li>
88.       </ul>
89.  
90.    <!--start of jquery tools tabs-->
91.    <div class="panes">
92.    
93.   <!--TAB ONE   -->
94.  
95.      <div>
96.        <table class="widefat">
97.          <thead>
98.        
99.             <tr>
100.               <th>File</th>
101.           <th>Permission</th>
102.           <th>Size</th>
103.             </tr>
104.          </thead>
105.        <tbody>
106.  
107. <?php  // ----  Root folder
108.  
109.                 $file="";
110.        $iterator = new DirectoryIterator($base);  
111.        // don't scan for these files types
112.        $filetypes = array("jpg", "png", "gif", "jpeg", "ico", "css", "txt");
113.      
114.         foreach ($iterator as $file) {
115.            if (!$file->isDot()) {
116.                         //get file extension
117.             $filetype = pathinfo($file, PATHINFO_EXTENSION);
118. //echo "<br/>the filetype is ".$filetype."<br/>";
119.                         // get permissions in octal
120.                         $stringy = substr(sprintf('%o', $file->getPerms()), -4);
121.                         if (!in_array(strtolower($filetype), $filetypes)) {
122.                                 //check for 777 !
123.                                 if  ($stringy == '0777'){
124.                                      echo '<tr class="redrow"><td>'.$file.'</td>';
125.                                      echo "<td>".$stringy."<span class='red'> &#215; </span>"."</td>";
126.                                 }else{
127.                                         echo "<tr><td>". $file."</td>";
128.                                         echo "<td>".$stringy."</td>";
129.                                 }
130.                                 echo "<td>" . number_format($file->getSize()/1024, 2) . " KB" . "</td></tr>";
131.                         }
132.                 }
133.             }?>
134.  
135.         </tbody>
136.       </table>
137.     </div>
138.    
139.   <!--TAB TWO   -->
140.  
141.   <div>
142.    <table class="widefat">
143.     <thead>
144.  
145.         <tr>
146.          <th>File</th>
147.          <th>Permission</th>
148.      <th>Size</th>
149.         </tr>
150.     </thead>
151.   <tbody>
152.    
153. <?php  // ----  wp-admin folder
154.             $file="";
155.       //$it = new RecursiveDirectoryIterator($base . "wp-admin");
156. $it = new RecursiveDirectoryIterator($base . "wp-admin");
157.       foreach(new RecursiveIteratorIterator($it) as $file) {
158.                 $stringy = substr(sprintf('%o', $file->getPerms()), -4);
159.                 $filetype = pathinfo($file, PATHINFO_EXTENSION);
160. //echo "<br/>the filetype is ".$filetype."<br/>";
161.                 if (!in_array(strtolower($filetype), $filetypes)) {
162.                         //check for 777 !
163.                 if  ($stringy == '0777'){
164.                              echo '<tr class="redrow"><td>'.$file.'</td>';
165.                echo "<td>".$stringy."<span class='red'> &#215; </span>"."</td>";
166.                         }else{
167.                                 echo "<tr><td>". $file."</td>";
168.                                 echo "<td>".$stringy."</td>";
169.                 }
170.                         echo "<td>" . number_format($file->getSize()/1024, 2) . " KB" . "</td></tr>";
171.           }
172.        }?>
173.     </tbody>
174.    </table>
175.  </div>
176.    
177.   <!--TAB THREE-->
178.  
179.  <div>
180.    <table class="widefat">
181.      <thead>
182.    
183.         <tr>
184.          <th>File</th>
185.          <th>Permission</th>
186.      <th>Size</th>
187.         </tr>
188.     </thead>
189.  <tbody>
190.    
191. <?php  // ----  wp-content folder
192.             $file = "";
193.       $it = new RecursiveDirectoryIterator($base . "wp-content");
194.       foreach(new RecursiveIteratorIterator($it) as $file) {
195.                 $stringy = substr(sprintf('%o', $file->getPerms()), -4);
196.                 $filetype = pathinfo($file, PATHINFO_EXTENSION);
197.                 if (!in_array(strtolower($filetype), $filetypes)) {
198.                         //check for 777 !
199.                 if  ($stringy == '0777'){
200.                              echo '<tr class="redrow"><td>'.$file.'</td>';
201.                echo "<td>".$stringy."<span class='red'> &#215; </span>"."</td>";
202.                         }else{
203.                                 echo "<tr><td>". $file."</td>";
204.                                 echo "<td>".$stringy."</td>";
205.                 }
206.                         echo "<td>" . number_format($file->getSize()/1024, 2) . " KB" . "</td></tr>";
207.           }
208.        }?>
209.  
210.    </tbody>
211.   </table>
212.  </div>
213.  
214.   <!--TAB FOUR-->
215.  
216.  <div>
217.   <table class="widefat">
218.    <thead>
219.  
220.         <tr>
221.          <th>File</th>
222.          <th>Permission</th>
223.      <th>Size</th>
224.         </tr>
225.     </thead>
226.   <tbody>
227.    
228.    <?php  // ----  wp-includes folder
229.             $file = "";
230.       $it = new RecursiveDirectoryIterator($base . "wp-includes");
231.       foreach(new RecursiveIteratorIterator($it) as $file) {
232.                 $stringy = substr(sprintf('%o', $file->getPerms()), -4);
233.                 $filetype = pathinfo($file, PATHINFO_EXTENSION);
234.                 if (!in_array(strtolower($filetype), $filetypes)) {
235.                         //check for 777 !
236.                 if  ($stringy == '0777'){
237.                              echo '<tr class="redrow"><td>'.$file.'</td>';
238.                echo "<td>".$stringy."<span class='red'> &#215; </span>"."</td>";
239.                         }else{
240.                                 echo "<tr><td>". $file."</td>";
241.                                 echo "<td>".$stringy."</td>";
242.                 }
243.                         echo "<td>" . number_format($file->getSize()/1024, 2) . " KB" . "</td></tr>";
244.           }
245.        }?>
246.  
247.     </tbody>
248.    </table>
249.  </div>
250.  
251.   <!--TAB FIVE +-->
252. <div>
253.     <ul>
254.     <li>This plugin will not return accurate results under IIS or on a WAMP stack due to how windows handles file permissions.</li>
255.     <li>This scan is CPU intensive, images are ommited.</li>
256.     <li>If this is deemed useful I can optimize it better by re-writing some of the code</li>
257.     <li>Follow wpsecure.net's twitter feed for security updates <a href="https://twitter.com/#!/wpsecurenet">https://twitter.com/#!/wpsecurenet</a></li>
258.     </ul>
259.    
260. </div>
261.   <!--END TABS -->
262. </div>
263.  
264. <!--end wrap-->
265. </div>
266.  
267. <?php
268.  
269. }
270. ?>