working command injection in fileupload, closes issue #23

app/controllers/benefit_forms_controller.rb

@@ -16,7 +16,14 @@ class BenefitFormsController < ApplicationController
   end
   
   def upload
-    
+    file = params[:benefits][:upload]
+    if file
+      flash[:success] = "File Successfully Uploaded!"
+      Benefits.save(file, params[:benefits][:backup])
+    else
+      flash[:error] = "Something went wrong"
+    end   
+    redirect_to user_benefit_forms_path(:user_id => current_user.user_id)
   end