working command injection in fileupload, closes issue #23

2013-07-09 16:36:03 -04:00
parent ea2014b637
commit ce6f32a1a2
4 changed files with 36 additions and 7 deletions
@@ -1,7 +1,17 @@
 class Benefits < ActiveRecord::Base
+ attr_accessor :backup
 
- def self.save(file)
-   
+ def self.save(file, backup=false)
+   data_path = Rails.root.join("public", "data")
+   full_file_name = "#{data_path}/#{file.original_filename}"
+   f = File.open(full_file_name, "w+")
+   f.write file.read
+   f.close
+   make_backup(file, data_path, full_file_name) if backup == "true"
+ end
+ 
+ def self.make_backup(file, data_path, full_file_name)
+   system("cp #{full_file_name} #{data_path}/bak#{Time.now.to_i}_#{file.original_filename}")
 end
 
 end