Added security check.

lib/gollum/app.rb

@@ -176,6 +176,7 @@ module Precious
         fullname = params[:file][:filename]
         tempfile = params[:file][:tempfile]
       end
+      halt 500 unless tempfile.is_a? Tempfile
 
       # Remove page file dir prefix from upload path if necessary -- committer handles this itself
       dir      = wiki.per_page_uploads ? params[:upload_dest].match(/^(#{wiki.page_file_dir}\/+)?(.*)/)[2] : 'uploads'