Ignore:
Timestamp:
Nov 22, 2010, 5:27:23 PM (10 years ago)
Author:
robert@…
Message:

Improved file upload fields so users can delete existing files and are able to access uploaded files (using a tag in the tag library). See ticket #17

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/grails-app/controllers/dbnp/studycapturing/FileController.groovy

    r959 r1182  
    2323     */
    2424    def get = {
    25         // Check whether the file exists
    26         def filename = params.id;
    2725        def fileExists;
     26
     27                // Filename is not url decoded for some reason
     28                def coder = new org.apache.commons.codec.net.URLCodec()
     29                def filename = coder.decode(params.id)
     30
     31                // Security check to prevent accessing files in other directories
     32                if( filename.contains( '..' ) ) {
     33                        response.status = 500;
     34                        render "Invalid filename given";
     35                        return;
     36                }
     37               
    2838        try {
    2939            fileExists = fileService.fileExists( filename )
     
    3343        if( !filename || !fileExists ) {
    3444            response.status = 404;
    35             render( "" );
     45            render( "File not found" );
    3646            return;
    3747        }
     
    4252
    4353        // Return the file
     54                response.setHeader "Content-disposition", "attachment; filename=${filename}"
    4455        response.outputStream << file.newInputStream()
     56                response.outputStream.flush()
    4557    }
    4658
     
    7385        }
    7486    }
     87
     88
    7589}
Note: See TracChangeset for help on using the changeset viewer.