added a very dangerous, very serious vulnerability (constantize

app/controllers/benefit_forms_controller.rb

@@ -0,0 +1,17 @@
+class BenefitFormsController < ApplicationController
+  
+  def index
+  end
+  
+  def download
+   begin  
+     #file = params[:type].constantize.new(params[:name])
+     file = Rails.root.join('public', 'docs', params[:name])
+     #render :text => File.read(file) 
+     send_file file, :disposition => 'attachment'
+   rescue
+     redirect_to user_benefit_forms_path(:user_id => current_user.user_id)
+   end
+  end
+  
+end

app/helpers/benefit_forms_helper.rb

@@ -0,0 +1,2 @@
+module BenefitFormsHelper
+end

app/views/benefit_forms/index.html.erb

@@ -0,0 +1,61 @@
+<div class="dashboard-wrapper">
+	<div class="main-container">
+
+		<div class="row-fluid">
+		
+		    <div class="span4">
+		      <div class="widget">
+		        <div class="widget-header">
+		          <div class="title">
+		            <span class="fs1" aria-hidden="true" data-icon="&#xe023;"></span> Health Insurance
+		          </div>
+		        </div>
+		        <!-- Begin Widget Body -->
+		        <div class="widget-body">
+		           <%= link_to download_path(:type => "File", :name => "Health_n_Stuff.pdf") do  %>
+					<div class="doc-icons-container">
+		            <div class="icon light-blue hidden-tablet">
+		              <span class="fs1 doc-icon" aria-hidden="true" data-icon="&#xe1b2;"></span>
+		              <span class="doc-type">
+		                PDF
+		              </span>
+		            </div>
+		
+		          </div>
+					<% end %>
+		        </div>
+		     	<!-- End Widget Body -->
+		 	 </div>
+		    </div>
+		
+			<div class="span4">
+		      <div class="widget">
+		        <div class="widget-header">
+		          <div class="title">
+		            <span class="fs1" aria-hidden="true" data-icon="&#xe023;"></span> Dental Insurance
+		          </div>
+		        </div>
+		        <!-- Begin Widget Body -->
+		        <div class="widget-body">
+				<%= link_to download_path(:type => "File", :name => "Dental_n_Stuff.pdf") do  %>
+		          <div class="doc-icons-container">
+		            <div class="icon light-blue hidden-tablet">
+		              <span class="fs1 doc-icon" aria-hidden="true" data-icon="&#xe1b2;"></span>
+		              <span class="doc-type">
+		                PDF
+		              </span>
+		            </div>
+		
+		          </div>
+				  <% end %>
+		        </div>
+		        <!-- End Widget Body -->  
+			</div>
+		    </div>
+		
+		    
+		    
+		
+		</div>
+	</div>
+</div>	

app/views/layouts/shared/_sidebar.html.erb

@@ -18,13 +18,13 @@
            <% end %>
         </li>
  		<% end %>
-        <li>
-          <a href="#">
+        <li id="benefit_forms">
+		<%= link_to user_benefit_forms_path(:user_id => current_user.user_id) do %>
             <div class="icon">
               <span class="fs1" aria-hidden="true" data-icon="&#xe05c;"></span>
             </div>
             Benefit Forms
-          </a>
+          <% end %>
         </li>
         <li>
            <%= link_to user_retirement_index_path(:user_id => current_user.user_id) do %>

config/routes.rb

@@ -23,9 +23,15 @@ resources :users do
   resources :performance do 
    
   end
+  
+  resources :benefit_forms do 
+    
+  end
 
 end
 
+get "download" => "benefit_forms#download"
+
 resources :tutorials do
   collection do 
     get "injection"

test/functional/benefit_forms_controller_test.rb

@@ -0,0 +1,7 @@
+require 'test_helper'
+
+class BenefitFormsControllerTest < ActionController::TestCase
+  # test "the truth" do
+  #   assert true
+  # end
+end

test/unit/helpers/benefit_forms_helper_test.rb

@@ -0,0 +1,4 @@
+require 'test_helper'
+
+class BenefitFormsHelperTest < ActionView::TestCase
+end