From 295e41c245b314d9d6d09450bea0314fd6e1fda9 Mon Sep 17 00:00:00 2001
From: Alexey Verkhovsky <averkhov@thoughtworks.com>
Date: Sat, 22 Jan 2005 19:30:49 +0000
Subject: [PATCH] another go at file upload: slightly less naive and _working_

---
 app/controllers/application.rb     |  2 +-
 app/controllers/file_controller.rb | 26 ++++++++++++++++++--------
 2 files changed, 19 insertions(+), 9 deletions(-)

diff --git a/app/controllers/application.rb b/app/controllers/application.rb
index 8de620c6..bc303e96 100644
--- a/app/controllers/application.rb
+++ b/app/controllers/application.rb
@@ -71,7 +71,7 @@ class ApplicationController < ActionController::Base
     not @web_name.nil?
   end
 
-  @@REMEMBER_NOT = ['locked', 'save', 'back']
+  @@REMEMBER_NOT = ['locked', 'save', 'back', 'file']
   def remember_location
     if @response.headers['Status'] == '200 OK'
       unless @@REMEMBER_NOT.include? action_name or @request.method != :get
diff --git a/app/controllers/file_controller.rb b/app/controllers/file_controller.rb
index 1a889142..94d65b3d 100644
--- a/app/controllers/file_controller.rb
+++ b/app/controllers/file_controller.rb
@@ -7,10 +7,12 @@ class FileController < ApplicationController
   layout 'default'
 
   def file
+    sanitize_file_name
     if @params['file']
-      # received a file
-      File.open(file_name) { |f| f.write(@params['file'].read }
-      
+      # form supplied
+      upload_file
+      flash[:info] = "File '#{@file_name}' successfully uploaded"
+      return_to_last_remembered
     elsif have_file?
       send_file(file_path)
     else
@@ -23,22 +25,30 @@ class FileController < ApplicationController
     return_to_last_remembered
   end
   
-  def 
-  
   private
 
   def have_file?
-    sanitize_file_name
     File.file?(file_path)
   end
 
-  SANE_FILE_NAME = /[-_A-Za-z0-9]{1,255}/
+  def upload_file
+    if @params['file'].kind_of?(Tempfile)
+      @params['file'].close
+      FileUtils.mv(@params['file'].path, file_path)
+    elsif @params['file'].kind_of?(IO)
+      File.open(file_path, 'wb') { |f| f.write(@params['file'].read) }
+    else
+      raise 'File to be uploaded is not an IO object'
+    end
+  end
+
+  SANE_FILE_NAME = /[-_\.A-Za-z0-9]{1,255}/
 
   def sanitize_file_name
     raise Instiki::ValidationError.new("Invalid path: no file name") unless @file_name
     unless @file_name =~ SANE_FILE_NAME
       raise ValidationError.new("Invalid file name: '#{@file_name}'.\n" +
-            "Only latin characters, digits, underscores and dashes are accepted.")
+            "Only latin characters, digits, dots, underscores and dashes are accepted.")
     end
   end