I been trying to find out why when I upload a brand new wordpress install using ProFTPd 1.3.5b the files get injected with extra characters that aren't part of the file.
It only happens to /wp-includes/functions.php
from what I can see
these are the injections i have caught so far
line ~569:
foreach ( $pung as $link_test ) {
if ( ! in_array( $link_test, $post_links_temp ) ) { // link no longer in post
$mids = $wpdb->get_col( $wpdb->prepare("SELECT meta_id FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = 'enclosure' AND meta_value LIKE %s", $post_ID, $wpdb->esc_like( $link_test ) . '%') );
t // <--- this "t" is added
foreach ( $mids as $mid )
delete_metadata_by_mid( 'post', $mid );
}
}
line ~1780
function win_is_writable( $path ) {
if ( $path[strlen( $path ) - 1] == '/' ) { // if it looks like a directory, check a random file within the directory
return win_is_writable( $path . uniqid( mt_rand() ) . '.tmp');
} elseif ( is_dir( $path ) ) { // If it's a directory (and not a file) check a random file within the directory
return win_is_writable( $path . '/' . uniqid( mt_rand() ) . '.tmp' );
}
// check tmp file for read/write capabilities
$should_delete_tmp_file = !file_exists( $path );
$f = @fopen( $path, 'a' );
if ( $f === false )
return false;
fclose( $f );
if ( $should_delete_tmp_file )
unlink( $path );
return true;
}
e // <-- this "e" is added
line ~2677
.button:active {
background: #eee;
border-color: #999;
-webkit-box-shadow: inset 0 2px 5px -3px rgba( 0, 0, 0, 0.5 );
box-shadow: inset 0 2px 5px -3px rgba( 0, 0, 0, 0.5 );
-webkit-transform: translateY(1px);
-ms-transform: translateY(1px);
transform: translateY(1px);
}
o /* <-- this "o" is added */
<?php
if ( 'rtl' == $text_direction ) {
echo 'body { font-family: Tahoma, Arial; }';
}
line ~3332
function wp_list_filter( $list, $args = array(), $operator = 'AND' ) {
if ( ! is_array( $list ) )
return array();
if ( empty( $args ) )
return $list;
$operator = strtoupper( $operator );
$count = count( $args );
o // <-- this "o" is added
$filtered = array();
foreach ( $list as $key => $obj ) {
$to_match = (array) $obj;
$matched = 0;
foreach ( $args as $m_key => $m_value ) {
if ( array_key_exists( $m_key, $to_match ) && $m_value == $to_match[ $m_key ] )
$matched++;
}
if ( ( 'AND' == $operator && $matched == $count )
|| ( 'OR' == $operator && $matched > 0 )
|| ( 'NOT' == $operator && 0 == $matched ) ) {
$filtered[$key] = $obj;
}
}
return $filtered;
}
line ~3719
function _deprecated_argument( $function, $version, $message = null ) {
i // <-- this "i" is added
/**
* Fires when a deprecated argument is called.
*
* @since 3.0.0
*
* @param string $function The function that was called.
* @param string $message A message regarding the change.
* @param string $version The version of WordPress that deprecated the argument used.
*/
do_action( 'deprecated_argument_run', $function, $message, $version );
/**
* Filter whether to trigger an error for deprecated arguments.
*
* @since 3.0.0
*
* @param bool $trigger Whether to trigger the error for deprecated arguments. Default true.
*/
if ( WP_DEBUG && apply_filters( 'deprecated_argument_trigger_error', true ) ) {
if ( function_exists( '__' ) ) {
if ( ! is_null( $message ) )
trigger_error( sprintf( __('%1$s was called with an argument that is <strong>deprecated</strong> since version %2$s! %3$s'), $function, $version, $message ) );
else
trigger_error( sprintf( __('%1$s was called with an argument that is <strong>deprecated</strong> since version %2$s with no alternative available.'), $function, $version ) );
} else {
if ( ! is_null( $message ) )
trigger_error( sprintf( '%1$s was called with an argument that is <strong>deprecated</strong> since version %2$s! %3$s', $function, $version, $message ) );
else
trigger_error( sprintf( '%1$s was called with an argument that is <strong>deprecated</strong> since version %2$s with no alternative available.', $function, $version ) );
}
}
}
I'm connected via port 21, regular ftp (not sftp or tls). Also not using passive mode.
For anyone else encountering this behavior, it was caused by ProFTPD Bug#4237, and has been fixed.
Hope this helps!