public function write_file($file, $name) { $filename = PerchUtil::tidy_file_name($name); if (strpos($filename, '.php') !== false) { $filename .= '.txt'; } // diffuse PHP files if (strpos($filename, '.phtml') !== false) { $filename .= '.txt'; } // diffuse PHP files $target = PerchUtil::file_path($this->file_path . '/' . $filename); if (file_exists($target)) { $dot = strrpos($filename, '.'); $filename_a = substr($filename, 0, $dot); $filename_b = substr($filename, $dot); $count = 1; while (file_exists(PerchUtil::file_path($this->file_path . '/' . PerchUtil::tidy_file_name($filename_a . '-' . $count . $filename_b)))) { $count++; } $filename = PerchUtil::tidy_file_name($filename_a . '-' . $count . $filename_b); $target = PerchUtil::file_path($this->file_path . '/' . $filename); } PerchUtil::move_uploaded_file($file, $target); return array('name' => $filename, 'path' => $target); }
$Image = $result; } else { $message = $HTML->failure_message('Sorry, that image could not be updated.'); } } if ($result) { $image_folder_writable = is_writable(PERCH_RESFILEPATH); $filesize = 0; if (isset($_FILES['upload'])) { $file = $_FILES['upload']['name']; $filesize = $_FILES['upload']['size']; } // if file is greater than 0 process it into resources if ($filesize > 0) { if ($image_folder_writable && isset($file)) { $filename = PerchUtil::tidy_file_name($file); if (strpos($filename, '.php') !== false) { $filename .= '.txt'; } //checking for naughty uploading of php files. $target = PERCH_RESFILEPATH . DIRECTORY_SEPARATOR . $filename; if (file_exists($target)) { $ext = strrpos($filename, '.'); $fileName_a = substr($filename, 0, $ext); $fileName_b = substr($filename, $ext); $count = 1; while (file_exists(PERCH_RESFILEPATH . DIRECTORY_SEPARATOR . $fileName_a . '_' . $count . $fileName_b)) { $count++; } $filename = $fileName_a . '_' . $count . $fileName_b; $target = PERCH_RESFILEPATH . DIRECTORY_SEPARATOR . $filename;