perlDreamer/gist:519805

## gistfile1.perl
diff --git a/lib/WebGUI/Storage.pm b/lib/WebGUI/Storage.pm
index c24b51a..69d155b 100644
--- a/lib/WebGUI/Storage.pm
+++ b/lib/WebGUI/Storage.pm
@@ -315,10 +315,7 @@ sub addFileFromFilesystem {
         return undef;
     }
     my $filename = (File::Spec->splitpath( $pathToFile ))[2];
-    if (isIn($self->getFileExtension($filename), qw(pl perl sh cgi php asp pm))) {
-        $filename =~ s/\./\_/g;
-        $filename .= ".txt";
-    }
+    $filename = $self->block_extensions($filename);
     $filename = $self->session->url->makeCompliant($filename);
     my $source;
     my $dest;
@@ -383,11 +380,7 @@ sub addFileFromFormPost {
             if ($upload->size > 1024 * $self->session->setting->get("maxAttachmentSize"));
         $clientFilename =~ s/.*[\/\\]//;
         $clientFilename =~ s/^thumb-//;
-        my $type = $self->getFileExtension($clientFilename);
-        if (isIn($type, qw(pl perl sh cgi php asp html htm))) { # make us safe from malicious uploads
-            $clientFilename =~ s/\./\_/g;
-            $clientFilename .= ".txt";
-        }
+        $clientFilename = $self->block_extensions($clientFilename);
         $filename = $session->url->makeCompliant($clientFilename);
         my $filePath = $self->getPath($filename);
         $attachmentCount++;
@@ -452,10 +445,7 @@ The content to write to the file.

 sub addFileFromScalar {
 	my ($self, $filename, $content) = @_;
-    if (isIn($self->getFileExtension($filename), qw(pl perl sh cgi php asp html htm))) { # make us safe from malicious uploads
-        $filename =~ s/\./\_/g;
-        $filename .= ".txt";
-    }
+    $filename = $self->block_extensions($filename);
     $filename = $self->session->url->makeCompliant($filename);
 	if (open(my $FILE, ">", $self->getPath($filename))) {
 		print $FILE $content;
@@ -501,6 +491,34 @@ sub adjustMaxImageSize {

 #-------------------------------------------------------------------

+=head2 block_extensions ( $file )
+
+Rename files so they can't be used for malicious purposes.  The list of bad extensions
+includs shell script, perl scripts, php, ASP, perl modules and HTML files.
+
+Any file found with a bad extension will be renamed from file.ext to file_ext.txt
+
+=head3 $file
+
+The file to check for bad extensions.
+
+=cut
+
+sub block_extensions {
+    my $self = shift;
+    my $file = shift;
+    my $extension = $self->getFileExtension($file);
+    if (isIn($extension, qw(pl perl sh cgi php asp pm html htm))) {
+        warn $file;
+        $file =~ s/\.$extension/\_$extension/g;
+        warn $file;
+        $file .= ".txt";
+    }
+    return $file;
+}
+
+#-------------------------------------------------------------------
+
 =head2 clear ( )

 Clears a storage location of all files.  If configured for CDN, add
	diff --git a/lib/WebGUI/Storage.pm b/lib/WebGUI/Storage.pm
	index c24b51a..69d155b 100644
	--- a/lib/WebGUI/Storage.pm
	+++ b/lib/WebGUI/Storage.pm
	@@ -315,10 +315,7 @@ sub addFileFromFilesystem {
	return undef;
	}
	my $filename = (File::Spec->splitpath( $pathToFile ))[2];
	- if (isIn($self->getFileExtension($filename), qw(pl perl sh cgi php asp pm))) {
	- $filename =~ s/\./\_/g;
	- $filename .= ".txt";
	- }
	+ $filename = $self->block_extensions($filename);
	$filename = $self->session->url->makeCompliant($filename);
	my $source;
	my $dest;
	@@ -383,11 +380,7 @@ sub addFileFromFormPost {
	if ($upload->size > 1024 * $self->session->setting->get("maxAttachmentSize"));
	$clientFilename =~ s/.*[\/\\]//;
	$clientFilename =~ s/^thumb-//;
	- my $type = $self->getFileExtension($clientFilename);
	- if (isIn($type, qw(pl perl sh cgi php asp html htm))) { # make us safe from malicious uploads
	- $clientFilename =~ s/\./\_/g;
	- $clientFilename .= ".txt";
	- }
	+ $clientFilename = $self->block_extensions($clientFilename);
	$filename = $session->url->makeCompliant($clientFilename);
	my $filePath = $self->getPath($filename);
	$attachmentCount++;
	@@ -452,10 +445,7 @@ The content to write to the file.

	sub addFileFromScalar {
	my ($self, $filename, $content) = @_;
	- if (isIn($self->getFileExtension($filename), qw(pl perl sh cgi php asp html htm))) { # make us safe from malicious uploads
	- $filename =~ s/\./\_/g;
	- $filename .= ".txt";
	- }
	+ $filename = $self->block_extensions($filename);
	$filename = $self->session->url->makeCompliant($filename);
	if (open(my $FILE, ">", $self->getPath($filename))) {
	print $FILE $content;
	@@ -501,6 +491,34 @@ sub adjustMaxImageSize {

	#-------------------------------------------------------------------

	+=head2 block_extensions ( $file )
	+
	+Rename files so they can't be used for malicious purposes. The list of bad extensions
	+includs shell script, perl scripts, php, ASP, perl modules and HTML files.
	+
	+Any file found with a bad extension will be renamed from file.ext to file_ext.txt
	+
	+=head3 $file
	+
	+The file to check for bad extensions.
	+
	+=cut
	+
	+sub block_extensions {
	+ my $self = shift;
	+ my $file = shift;
	+ my $extension = $self->getFileExtension($file);
	+ if (isIn($extension, qw(pl perl sh cgi php asp pm html htm))) {
	+ warn $file;
	+ $file =~ s/\.$extension/\_$extension/g;
	+ warn $file;
	+ $file .= ".txt";
	+ }
	+ return $file;
	+}
	+
	+#-------------------------------------------------------------------
	+
	=head2 clear ( )

	Clears a storage location of all files. If configured for CDN, add