Changeset 1182 for trunk/grails-app/controllers
- Timestamp:
- Nov 22, 2010, 5:27:23 PM (10 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/grails-app/controllers/dbnp/studycapturing/FileController.groovy
r959 r1182 23 23 */ 24 24 def get = { 25 // Check whether the file exists26 def filename = params.id;27 25 def fileExists; 26 27 // Filename is not url decoded for some reason 28 def coder = new org.apache.commons.codec.net.URLCodec() 29 def filename = coder.decode(params.id) 30 31 // Security check to prevent accessing files in other directories 32 if( filename.contains( '..' ) ) { 33 response.status = 500; 34 render "Invalid filename given"; 35 return; 36 } 37 28 38 try { 29 39 fileExists = fileService.fileExists( filename ) … … 33 43 if( !filename || !fileExists ) { 34 44 response.status = 404; 35 render( " " );45 render( "File not found" ); 36 46 return; 37 47 } … … 42 52 43 53 // Return the file 54 response.setHeader "Content-disposition", "attachment; filename=${filename}" 44 55 response.outputStream << file.newInputStream() 56 response.outputStream.flush() 45 57 } 46 58 … … 73 85 } 74 86 } 87 88 75 89 }
Note: See TracChangeset
for help on using the changeset viewer.