+my $curdir = $cgi->param('curdir') || '';
+my $newfile = $cgi->param('newfile') || '';
+
+# Check if the command is disabled
+
+if(is_disabled_command($config->{'disable_commands'},$command))
+{
+ abort($config->{'errors'}->{'command_disabled'},'/',{COMMAND => encode_html($command)});
+}
+
+# Create physical and virtual path for the new file
+
+my $new_physical = '';
+my $new_virtual = '';
+
+if($newfile ne '' && $newfile !~ /^\s+$/)
+{
+ my $path = $curdir.'/'.$newfile;
+
+ # Extract file and directory name...
+
+ my $file = file_name($path);
+ my $dir = upper_path($path);
+
+ # ... check if the directory exists ...
+
+ my $temp_path = clean_path($config->{'fileroot'}.'/'.$dir);
+
+ unless(-d $temp_path && not -l $temp_path)
+ {
+ abort($config->{'errors'}->{'dir_not_exist'},'/');
+ }
+
+ # ... and check if the path is above the root directory
+
+ unless(($new_physical,$new_virtual) = check_path($config->{'fileroot'},$dir))
+ {
+ abort($config->{'errors'}->{'create_above_root'},'/');
+ }
+
+ # Check if we have enough permissions to create a file
+ # in this directory
+
+ unless(-r $new_physical && -w $new_physical && -x $new_physical)
+ {
+ abort($config->{'errors'}->{'dir_no_create'},'/',{DIR => encode_html($new_virtual)});
+ }
+
+ # Create the physical and the virtual path
+
+ $new_physical = File::Spec->canonpath($new_physical.'/'.$file);
+ $new_virtual .= $file;