/**
  * this is called as soon as uploads have finished.
  * takes care of moving them to the right folder
  *
  * @return string the directory to move to
  */
 public static function uploadFinished($tempPath, $tempWebPath, $data, $uploadId, $fileInfos, $response)
 {
     $path = $data['path'];
     $webPath = $data['webPath'];
     //we remember the names of the uploaded files here. they are stored in the session afterwards,
     //so we can later display them highlighted.
     $arrFiles = array();
     //rename files, delete unwanted
     $arrFilesToRename = array();
     //used to remember the files we need to rename
     $h = opendir($tempPath);
     if ($h) {
         while (false !== ($file = readdir($h))) {
             //delete potentially malicious files
             // TODO: this is probably an overhead, because the uploader might already to this. doesn't it?
             if (!\FWValidator::is_file_ending_harmless($file)) {
                 @unlink($file);
                 continue;
             }
             if (self::isIllegalFileName($file)) {
                 $response->addMessage(\Cx\Core_Modules\Upload\Controller\UploadResponse::STATUS_ERROR, "You are not able to create the requested file.");
                 \Cx\Lib\FileSystem\FileSystem::delete_file($tempPath . '/' . $file);
                 continue;
             }
             //skip . and ..
             if ($file == '.' || $file == '..') {
                 continue;
             }
             //clean file name
             $newName = $file;
             \Cx\Lib\FileSystem\FileSystem::clean_path($newName);
             //check if file needs to be renamed
             if (file_exists($path . $newName)) {
                 $info = pathinfo($newName);
                 $exte = $info['extension'];
                 $exte = !empty($exte) ? '.' . $exte : '';
                 $part1 = $info['filename'];
                 if (empty($_REQUEST['uploadForceOverwrite']) || !intval($_REQUEST['uploadForceOverwrite'] > 0)) {
                     $newName = $part1 . '_' . time() . $exte;
                 }
             }
             //if the name has changed, the file needs to be renamed afterwards
             if ($newName != $file) {
                 $arrFilesToRename[$file] = $newName;
             }
             array_push($arrFiles, $newName);
         }
     }
     //rename files where needed
     foreach ($arrFilesToRename as $oldName => $newName) {
         rename($tempPath . '/' . $oldName, $tempPath . '/' . $newName);
     }
     //remeber the uploaded files
     $files = $_SESSION["media_upload_files_{$uploadId}"];
     $_SESSION["media_upload_files_{$uploadId}"] = array_merge($arrFiles, $files ? $files->toArray() : []);
     /* unwanted files have been deleted, unallowed filenames corrected.
        we can now simply return the desired target path, as only valid
        files are present in $tempPath                                   */
     return array($data['path'], $data['webPath']);
 }