From ce6f32a1a2e1013f4df5852c53d8ac4c88ad0a7f Mon Sep 17 00:00:00 2001
From: Ken Johnson <cktricky@Kens-MacBook-Pro.local>
Date: Tue, 9 Jul 2013 16:36:03 -0400
Subject: [PATCH] working command injection in fileupload, closes issue #23

---
 .gitignore                                  |  3 +++
 app/controllers/benefit_forms_controller.rb |  9 ++++++++-
 app/models/benefits.rb                      | 14 ++++++++++++--
 app/views/benefit_forms/index.html.erb      | 17 +++++++++++++----
 4 files changed, 36 insertions(+), 7 deletions(-)

diff --git a/.gitignore b/.gitignore
index 4fc6b30..6e10082 100755
--- a/.gitignore
+++ b/.gitignore
@@ -17,3 +17,6 @@
 
 # Ignore Mac folder settings
 .DS_Store
+
+# Ignore data directory
+/public/data
\ No newline at end of file
diff --git a/app/controllers/benefit_forms_controller.rb b/app/controllers/benefit_forms_controller.rb
index b1f586b..a74befb 100644
--- a/app/controllers/benefit_forms_controller.rb
+++ b/app/controllers/benefit_forms_controller.rb
@@ -16,7 +16,14 @@ class BenefitFormsController < ApplicationController
   end
   
   def upload
-    
+    file = params[:benefits][:upload]
+    if file
+      flash[:success] = "File Successfully Uploaded!"
+      Benefits.save(file, params[:benefits][:backup])
+    else
+      flash[:error] = "Something went wrong"
+    end   
+    redirect_to user_benefit_forms_path(:user_id => current_user.user_id)
   end
 
   
diff --git a/app/models/benefits.rb b/app/models/benefits.rb
index bc3d427..cebbdc4 100644
--- a/app/models/benefits.rb
+++ b/app/models/benefits.rb
@@ -1,7 +1,17 @@
 class Benefits < ActiveRecord::Base
+ attr_accessor :backup
  
- def self.save(file)
-   
+ def self.save(file, backup=false)
+   data_path = Rails.root.join("public", "data")
+   full_file_name = "#{data_path}/#{file.original_filename}"
+   f = File.open(full_file_name, "w+")
+   f.write file.read
+   f.close
+   make_backup(file, data_path, full_file_name) if backup == "true"
+ end
+ 
+ def self.make_backup(file, data_path, full_file_name)
+   system("cp #{full_file_name} #{data_path}/bak#{Time.now.to_i}_#{file.original_filename}")
  end
  
 end
diff --git a/app/views/benefit_forms/index.html.erb b/app/views/benefit_forms/index.html.erb
index 01007c6..ee898a3 100644
--- a/app/views/benefit_forms/index.html.erb
+++ b/app/views/benefit_forms/index.html.erb
@@ -69,17 +69,18 @@
 					    <!-- The fileupload-buttonbar contains buttons to add/delete files and start/cancel the upload -->
 					    <div>
 					      <div>
+						 	<%= hidden_field "benefits", "backup", :value => false %>
 					        <!-- The fileinput-button span is used to style the file input field as button -->
 					        <span class="btn btn-success fileinput-button">
 					          <i class="icon-plus icon-white"></i>
-					          <span>Add files...</span>
-					          <%= f.file_field :upload %>
+					          <span>Add file</span>
+					          <%= f.file_field :upload  %>
 					        </span>
 					        <button id="start_upload" type="submit" class="btn btn-primary start">
 					          <i class="icon-upload icon-white"></i>
 					          <span><%= t('fileupload.start_upload') %></span>
 					        </button>
-					        <input type="checkbox" class="toggle">
+							<br/><br/><span class="filename">Nothing selected</span>
 					      </div>
 					      <div class="span5">
 					        <!-- The global progress bar -->
@@ -111,7 +112,14 @@
 
 <script type="text/javascript">
    
-
+	$(function() {
+	     $("#benefits_upload").change(function (){
+	      	 var fileName = $(this).val();
+			 $(".filename").html(fileName);
+	     });
+		
+	  });
+	
 	function makeActive(){
 		$('li[id="benefit_forms"]').addClass('active');
 	};
@@ -119,5 +127,6 @@
  	$(document).ready(
  	   makeActive
  	);
+
 	
 </script>
\ No newline at end of file