Added security check.

gollum · Sep 20, 2015 · ce68a88 · ce68a88
1 parent 288f759
commit ce68a88
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/lib/gollum/app.rb b/lib/gollum/app.rb
@@ -176,6 +176,7 @@ def wiki_new
         fullname = params[:file][:filename]
         tempfile = params[:file][:tempfile]
       end
+      halt 500 unless tempfile.is_a? Tempfile
 
       # Remove page file dir prefix from upload path if necessary -- committer handles this itself
       dir      = wiki.per_page_uploads ? params[:upload_dest].match(/^(#{wiki.page_file_dir}\/+)?(.*)/)[2] : 'uploads'