if (rses.isUserAuthorizedToAuthor(website)) {
// display the main uploads page with the results
fwd = mapping.findForward("uploadFiles.page");
FileManager fmgr = RollerFactory.getRoller().getFileManager();
List uploaded = new ArrayList();
if (theForm.getUploadedFiles() != null &&
theForm.getUploadedFiles().length > 0) {
// make sure uploads are enabled
if(!RollerRuntimeConfig.getBooleanProperty("uploads.enabled")) {
errors.add(ActionErrors.GLOBAL_ERROR,
new ActionError("error.upload.disabled"));
saveErrors(request, errors);
return fwd;
}
// this line is here for when the input page is upload-utf8.jsp,
// it sets the correct character encoding for the response
String encoding = request.getCharacterEncoding();
if ((encoding != null) && (encoding.equalsIgnoreCase("utf-8"))) {
response.setContentType("text/html; charset=utf-8");
}
// loop over uploaded files and try saving them
FormFile[] files = theForm.getUploadedFiles();
for (int i=0; i < files.length; i++) {
// skip null files
if (files[i] == null)
continue;
// figure file name and path
String fileName= files[i].getFileName();
int terminated = fileName.indexOf("\000");
if (terminated != -1) {
// disallow sneaky null terminated strings
fileName = fileName.substring(0, terminated).trim();
}
// make sure fileName is valid
if (fileName.indexOf("/") != -1 ||
fileName.indexOf("\\") != -1 ||
fileName.indexOf("..") != -1) {
errors.add(ActionErrors.GLOBAL_ERROR,
new ActionError("uploadFiles.error.badPath", fileName));
continue;
}
// add on the path element if needed
if(theForm.getPath() != null &&
theForm.getPath().trim().length() > 0) {
fileName = theForm.getPath() + "/" + fileName;
}
try {
fmgr.saveFile(website, fileName,
files[i].getContentType(),
files[i].getFileSize(),
files[i].getInputStream());
uploaded.add(fileName);