From 0f1a13baa561914784216ee591f7d51a6d7df4a9 Mon Sep 17 00:00:00 2001
From: arcfieldOSS <iyoung@arcfield.com>
Date: Tue, 29 Dec 2015 16:12:02 -0800
Subject: [PATCH] files.php: fix file writer bug (misplaced paren ) where no
 file would write. phpfastcache.php: fix error where non-www.domain.tld
 HOST_NAME variables would be stripped of beginning w's in mistaken ltrim call
 phpfastcache.php: move filename fixing into static function that removes
 common "unsafe" characters and positions ("/name?" or "name.") TODO: call
 filename fixer in files.php

---
 phpfastcache/3.0.0/drivers/files.php |  2 +-
 phpfastcache/3.0.0/phpfastcache.php  | 11 +++++++++--
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/phpfastcache/3.0.0/drivers/files.php b/phpfastcache/3.0.0/drivers/files.php
index abbe62209..c059467d0 100644
--- a/phpfastcache/3.0.0/drivers/files.php
+++ b/phpfastcache/3.0.0/drivers/files.php
@@ -91,7 +91,7 @@ function driver_set($keyword, $value = "", $time = 300, $option = array() ) {
          * because first-to-lock wins and the file will exist before the writer attempts
          * to write.
          */
-        if($toWrite == true && !@file_exists($tmp_path && !@file_exists($file_path))) {
+        if($toWrite == true && !@file_exists($tmp_path) && !@file_exists($file_path)) {
                 try {
                     $f = @fopen($tmp_path, "c");
                     if ($f) {
diff --git a/phpfastcache/3.0.0/phpfastcache.php b/phpfastcache/3.0.0/phpfastcache.php
index 8db4a3321..2cee7ea2b 100644
--- a/phpfastcache/3.0.0/phpfastcache.php
+++ b/phpfastcache/3.0.0/phpfastcache.php
@@ -163,13 +163,14 @@ public static function getPath($skip_create_path = false, $config) {
         if($securityKey == "" || $securityKey == "auto") {
             $securityKey = self::$config['securityKey'];
             if($securityKey == "auto" || $securityKey == "") {
-                $securityKey = isset($_SERVER['HTTP_HOST']) ? ltrim(strtolower($_SERVER['HTTP_HOST']),"www.") : "default";
-                $securityKey = preg_replace("/[^a-zA-Z0-9]+/","",$securityKey);
+                $securityKey = isset($_SERVER['HTTP_HOST']) ? preg_replace('/^www./','',strtolower($_SERVER['HTTP_HOST'])) : "default";
             }
         }
         if($securityKey != "") {
             $securityKey.= "/";
         }
+        
+        $securityKey = self::cleanFileName($securityKey);
 
         $full_path = $path."/".$securityKey;
         $full_pathx = md5($full_path);
@@ -199,6 +200,12 @@ public static function getPath($skip_create_path = false, $config) {
         return realpath($full_path);
 
     }
+    
+    public static function cleanFileName($filename) {
+        $regex = ['/[\?\[\]\/\\\=\<\>\:\;\,\'\"\&\$\#\*\(\)\|\~\`\!\{\}]/','/\.$/','/^\./'];
+        $replace = ['-','',''];
+        return preg_replace($regex,$replace,$filename);
+    }
 
 
     public static function __setChmodAuto($config) {