throws Exception {
ActionForward fwd = mapping.findForward("access-denied");
ActionMessages messages = new ActionMessages();
ActionErrors errors = new ActionErrors();
UploadFileForm theForm = (UploadFileForm) actionForm;
WebsiteData website = getWebsite(request);
RollerSession rses = RollerSession.getRollerSession(request);
if (rses.isUserAuthorizedToAuthor(website)) {
// display the main uploads page with the results
fwd = mapping.findForward("uploadFiles.page");
FileManager fmgr = RollerFactory.getRoller().getFileManager();
List uploaded = new ArrayList();
if (theForm.getUploadedFiles() != null &&
theForm.getUploadedFiles().length > 0) {
// make sure uploads are enabled
if(!RollerRuntimeConfig.getBooleanProperty("uploads.enabled")) {
errors.add(ActionErrors.GLOBAL_ERROR,
new ActionError("error.upload.disabled"));
saveErrors(request, errors);
return fwd;
}
// this line is here for when the input page is upload-utf8.jsp,
// it sets the correct character encoding for the response
String encoding = request.getCharacterEncoding();
if ((encoding != null) && (encoding.equalsIgnoreCase("utf-8"))) {
response.setContentType("text/html; charset=utf-8");
}
// loop over uploaded files and try saving them
FormFile[] files = theForm.getUploadedFiles();
for (int i=0; i < files.length; i++) {
// skip null files
if (files[i] == null)
continue;
// figure file name and path
String fileName= files[i].getFileName();
int terminated = fileName.indexOf("\000");
if (terminated != -1) {
// disallow sneaky null terminated strings
fileName = fileName.substring(0, terminated).trim();
}
// make sure fileName is valid
if (fileName.indexOf("/") != -1 ||
fileName.indexOf("\\") != -1 ||
fileName.indexOf("..") != -1) {
errors.add(ActionErrors.GLOBAL_ERROR,
new ActionError("uploadFiles.error.badPath", fileName));
continue;
}
// add on the path element if needed
if(theForm.getPath() != null &&
theForm.getPath().trim().length() > 0) {
fileName = theForm.getPath() + "/" + fileName;
}
try {
fmgr.saveFile(website, fileName,
files[i].getContentType(),
files[i].getFileSize(),
files[i].getInputStream());
uploaded.add(fileName);
//destroy the temporary file created
files[i].destroy();
} catch (FilePathException ex) {
errors.add(ActionErrors.GLOBAL_ERROR,
new ActionError("uploadFiles.error.badPath", fileName));
} catch (FileNotFoundException ex) {
errors.add(ActionErrors.GLOBAL_ERROR,
new ActionError("uploadFiles.error.badPath", fileName));
} catch (FileIOException ex) {
errors.add(ActionErrors.GLOBAL_ERROR,
new ActionError("uploadFiles.error.upload", fileName));
}
}
}
if(uploaded.size() > 0) {
messages.add(ActionMessages.GLOBAL_MESSAGE,
new ActionMessage("uploadFiles.uploadedFiles"));
Iterator uploads = uploaded.iterator();
while (uploads.hasNext()) {
messages.add(ActionMessages.GLOBAL_MESSAGE,
new ActionMessage("uploadFiles.uploadedFile",
URLUtilities.getWeblogResourceURL(website, (String)uploads.next(), true)));
}
saveMessages(request, messages);
}
if(!errors.isEmpty()) {
saveErrors(request, errors);
}
UploadFilePageModel pageModel = new UploadFilePageModel(
request, response, mapping, website, theForm.getPath(), uploaded);
request.setAttribute("model", pageModel);
pageModel.setWebsite(website);
}
return fwd;