From ce68a88293ce3b18c261312392ad33a88bb69ea1 Mon Sep 17 00:00:00 2001
From: Bart Kamphorst <bart@kamphorst.com>
Date: Sun, 20 Sep 2015 13:53:02 +0200
Subject: [PATCH] Added security check.

---
 lib/gollum/app.rb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/gollum/app.rb b/lib/gollum/app.rb
index 12e47541..3fde8bf2 100644
--- a/lib/gollum/app.rb
+++ b/lib/gollum/app.rb
@@ -176,6 +176,7 @@ module Precious
         fullname = params[:file][:filename]
         tempfile = params[:file][:tempfile]
       end
+      halt 500 unless tempfile.is_a? Tempfile
 
       # Remove page file dir prefix from upload path if necessary -- committer handles this itself
       dir      = wiki.per_page_uploads ? params[:upload_dest].match(/^(#{wiki.page_file_dir}\/+)?(.*)/)[2] : 'uploads'