public function write_file($file, $name)
{
$filename = PerchUtil::tidy_file_name($name);
if (strpos($filename, '.php') !== false) {
$filename .= '.txt';
}
// diffuse PHP files
if (strpos($filename, '.phtml') !== false) {
$filename .= '.txt';
}
// diffuse PHP files
$target = PerchUtil::file_path($this->file_path . '/' . $filename);
if (file_exists($target)) {
$dot = strrpos($filename, '.');
$filename_a = substr($filename, 0, $dot);
$filename_b = substr($filename, $dot);
$count = 1;
while (file_exists(PerchUtil::file_path($this->file_path . '/' . PerchUtil::tidy_file_name($filename_a . '-' . $count . $filename_b)))) {
$count++;
}
$filename = PerchUtil::tidy_file_name($filename_a . '-' . $count . $filename_b);
$target = PerchUtil::file_path($this->file_path . '/' . $filename);
}
PerchUtil::move_uploaded_file($file, $target);
return array('name' => $filename, 'path' => $target);
}
$Image = $result;
} else {
$message = $HTML->failure_message('Sorry, that image could not be updated.');
}
}
if ($result) {
$image_folder_writable = is_writable(PERCH_RESFILEPATH);
$filesize = 0;
if (isset($_FILES['upload'])) {
$file = $_FILES['upload']['name'];
$filesize = $_FILES['upload']['size'];
}
// if file is greater than 0 process it into resources
if ($filesize > 0) {
if ($image_folder_writable && isset($file)) {
$filename = PerchUtil::tidy_file_name($file);
if (strpos($filename, '.php') !== false) {
$filename .= '.txt';
}
//checking for naughty uploading of php files.
$target = PERCH_RESFILEPATH . DIRECTORY_SEPARATOR . $filename;
if (file_exists($target)) {
$ext = strrpos($filename, '.');
$fileName_a = substr($filename, 0, $ext);
$fileName_b = substr($filename, $ext);
$count = 1;
while (file_exists(PERCH_RESFILEPATH . DIRECTORY_SEPARATOR . $fileName_a . '_' . $count . $fileName_b)) {
$count++;
}
$filename = $fileName_a . '_' . $count . $fileName_b;
$target = PERCH_RESFILEPATH . DIRECTORY_SEPARATOR . $filename;
