Index: trunk/CHANGELOG
===================================================================
--- trunk/CHANGELOG	(revision 60)
+++ trunk/CHANGELOG	(revision 61)
@@ -12,6 +12,8 @@
 
 ------------------------------------- 2.6.0 -------------------------------------
 09-Sep-2005 Stefan Braunewell
++	Added new advanced setting "Rename Files On Upload". File extensions can be
+	given so that respective files will have a ".txt" appended on media upload.
 #	Fixed "None found" message bug when user has no top level page edit
 	rights.
 #	Fixed missing parent option 'none' - ticket #12 - and a minor scope bug.
Index: trunk/wb/install/save.php
===================================================================
--- trunk/wb/install/save.php	(revision 60)
+++ trunk/wb/install/save.php	(revision 61)
@@ -291,8 +291,6 @@
 "define('HOMEPAGE_REDIRECTION', false);\n".
 "define('PAGE_LANGUAGES', false);\n".
 "\n".
-"define('WYSIWYG_STYLE', 'font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 12px;');\n".
-"\n".
 "define('MANAGE_SECTIONS', true);\n".
 "define('SECTION_BLOCKS', false);\n".
 "\n".
@@ -499,6 +497,11 @@
 	$database->query($insert_website_header);
 	$insert_website_footer = "INSERT INTO `".TABLE_PREFIX."settings` VALUES ('', 'footer', '')";
 	$database->query($insert_website_footer);
+	$insert_wysiwyg_style = "INSERT INTO `".TABLE_PREFIX."settings` VALUES ('', 'wysiwyg_style', 'font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 12px;')";
+	$database->query($insert_wysiwyg_style);
+	$insert_rename_files_on_upload = "INSERT INTO `".TABLE_PREFIX."settings` VALUES ('', 'rename_files_on_upload', 'php,asp,phpx,aspx')";
+	$database->query($insert_rename_files_on_upload);
+	
 	// Search header
 	$search_header = addslashes('
 <h1>Search</h1>
Index: trunk/wb/languages/EN.php
===================================================================
--- trunk/wb/languages/EN.php	(revision 60)
+++ trunk/wb/languages/EN.php	(revision 61)
@@ -374,8 +374,8 @@
 $TEXT['PAGE_LANGUAGES'] = 'Page Languages';
 $TEXT['HIDDEN'] = 'Hidden';
 $TEXT['MAIN'] = 'Main';
+$TEXT['RENAME_FILES_ON_UPLOAD'] = 'Rename Files On Upload';
 
-
 // Success/error messages
 $MESSAGE['FRONTEND']['SORRY_NO_VIEWING_PERMISSIONS'] = 'Sorry, you do not have permissions to view this page';
 
Index: trunk/wb/admin/media/rename2.php
===================================================================
--- trunk/wb/admin/media/rename2.php	(revision 60)
+++ trunk/wb/admin/media/rename2.php	(revision 61)
@@ -32,6 +32,16 @@
 // Include the basic header file
 require(ADMIN_PATH.'/media/basic_header.html');
 
+// Get list of file types to which we're supposed to append 'txt'
+$get_result=$database->query("SELECT value FROM ".TABLE_PREFIX."settings WHERE name='rename_files_on_upload' LIMIT 1");
+$file_extension_string='';
+if ($get_result->numRows()>0) {
+	$fetch_result=$get_result->fetchRow();
+	$file_extension_string=$fetch_result['value'];
+}
+$file_extensions=explode(",",$file_extension_string);
+
+
 // Get the current dir
 $directory = $admin->get_post('dir');
 if($directory == '/') {
@@ -129,6 +139,15 @@
 	$admin->print_error($MESSAGE['MEDIA']['BLANK_NAME'], "rename.php?dir=$directory&id=$file_id", false);
 }
 
+// Check for potentially malicious files and append 'txt' to their name
+foreach($file_extensions as $file_ext) {
+	$file_ext_len=strlen($file_ext);
+	if (substr($name,-$file_ext_len)==$file_ext) {
+		$name.='.txt';
+	}
+}		
+
+
 // Check if we should overwrite or not
 if($admin->get_post('overwrite') != 'yes' AND file_exists(WB_PATH.MEDIA_DIRECTORY.$directory.'/'.$name) == true) {
 	if($type == 'folder') {
Index: trunk/wb/admin/media/upload.php
===================================================================
--- trunk/wb/admin/media/upload.php	(revision 60)
+++ trunk/wb/admin/media/upload.php	(revision 61)
@@ -1,6 +1,6 @@
 <?php
 
-// $Id: upload.php,v 1.11 2005/04/25 11:53:12 rdjurovich Exp $
+// $Id$
 
 /*
 
@@ -53,6 +53,16 @@
 	$overwrite = false;
 }
 
+// Get list of file types to which we're supposed to append 'txt'
+$get_result=$database->query("SELECT value FROM ".TABLE_PREFIX."settings WHERE name='rename_files_on_upload' LIMIT 1");
+$file_extension_string='';
+if ($get_result->numRows()>0) {
+	$fetch_result=$get_result->fetchRow();
+	$file_extension_string=$fetch_result['value'];
+}
+$file_extensions=explode(",",$file_extension_string);
+
+
 // Loop through the files
 $good_uploads = 0;
 for($count = 1; $count <= 10; $count++) {
@@ -62,6 +72,13 @@
 		$filename = media_filename($_FILES["file$count"]['name']);
 		// Check if there is still a filename left
 		if($filename != '') {
+			// Check for potentially malicious files and append 'txt' to their name
+			foreach($file_extensions as $file_ext) {
+				$file_ext_len=strlen($file_ext);
+				if (substr($filename,-$file_ext_len)==$file_ext) {
+					$filename.='.txt';
+				}
+			}		
 			// Move to relative path (in media folder)
 			if(file_exists($relative.$filename) AND $overwrite == true) {			
 				if(move_uploaded_file($_FILES["file$count"]['tmp_name'], $relative.$filename)) {
Index: trunk/wb/admin/settings/save.php
===================================================================
--- trunk/wb/admin/settings/save.php	(revision 60)
+++ trunk/wb/admin/settings/save.php	(revision 61)
@@ -199,8 +199,6 @@
 	"define('HOMEPAGE_REDIRECTION', ".str_replace(';', '', $_POST['homepage_redirection']).");\n".
 	"define('PAGE_LANGUAGES', ".str_replace(';', '', $_POST['page_languages']).");\n".
 	"\n".
-	"define('WYSIWYG_STYLE', '".$admin->add_slashes($_POST['wysiwyg_style'])."');\n".
-	"\n".
 	"define('WYSIWYG_EDITOR', '".addslashes($_POST['wysiwyg_editor'])."');\n".
 	"\n".
 	"define('MANAGE_SECTIONS', ".str_replace(';', '', $_POST['manage_sections']).");\n".
Index: trunk/wb/admin/settings/index.php
===================================================================
--- trunk/wb/admin/settings/index.php	(revision 60)
+++ trunk/wb/admin/settings/index.php	(revision 61)
@@ -31,9 +31,6 @@
 	$admin = new admin('Settings', 'settings_basic');
 }
 
-// Create new database object
-$database = new database();
-
 // Include the WB functions file
 require_once(WB_PATH.'/framework/functions.php');
 
@@ -73,6 +70,13 @@
 		case 'footer':
 			$template->set_var('FOOTER', $setting_value);
 		break;
+		// WYSIWYG style
+		case 'wysiwyg_style':
+			$template->set_var('WYSIWYG_STYLE', $setting_value);
+		break;
+		case 'rename_files_on_upload':
+			$template->set_var('RENAME_FILES_ON_UPLOAD', $setting_value);
+		break;
 	}
 }
 
@@ -489,9 +493,6 @@
 	$template->set_var('DIR_O_E_CHECKED', 'checked');
 }
 
-// Insert WYSIWYG style value into template
-$template->set_var('WYSIWYG_STYLE', $admin->strip_slashes_dummy(WYSIWYG_STYLE));
-
 // Insert Server Email value into template
 $template->set_var('SERVER_EMAIL', SERVER_EMAIL);
 
@@ -533,6 +534,7 @@
 								'TEXT_PHP_ERROR_LEVEL' => $TEXT['PHP_ERROR_LEVEL'],
 								'TEXT_PAGE_EXTENSION' => $TEXT['PAGE_EXTENSION'],
 								'TEXT_PAGE_SPACER' => $TEXT['PAGE_SPACER'],
+								'TEXT_RENAME_FILES_ON_UPLOAD' => $TEXT['RENAME_FILES_ON_UPLOAD'],
 								'TEXT_SERVER_OPERATING_SYSTEM' => $TEXT['SERVER_OPERATING_SYSTEM'],
 								'TEXT_LINUX_UNIX_BASED' => $TEXT['LINUX_UNIX_BASED'],
 								'TEXT_WINDOWS' => $TEXT['WINDOWS'],
Index: trunk/wb/admin/settings/template.html
===================================================================
--- trunk/wb/admin/settings/template.html	(revision 60)
+++ trunk/wb/admin/settings/template.html	(revision 61)
@@ -548,6 +548,12 @@
 		<input type="text" name="page_spacer" value="{PAGE_SPACER}" />
 	</td>
 </tr>
+<tr class="advanced">
+	<td class="setting_name">{TEXT_RENAME_FILES_ON_UPLOAD}:</td>
+	<td class="setting_value" colspan="2">
+		<input type="text" name="rename_files_on_upload" value="{RENAME_FILES_ON_UPLOAD}" />
+	</td>
+</tr>
 <tr>
 	<td>&nbsp;</td>
 	<td>