--- loncom/Attic/lchtmldir	2007/04/10 20:32:13	1.18
+++ loncom/Attic/lchtmldir	2007/08/22 19:03:04	1.19
@@ -156,32 +156,30 @@ if($username ne $safeuser) {
 #untaint the base directory require that the dir contain only 
 # alphas, / numbers or underscores, and end in /$safeuser
 
-$dir =~ /(^([\w\/\.\-]+))/;
 
-my $dirtry1 = $1;
 
-$dir =~ /$\/$safeuser/;
-my $dirtry2 = $1;
+my ($allowed_dir) = ($dir =~ m{(^([/]|$match_username)+)});
 
-if(($dirtry1 ne $dir) or ($dirtry2 ne $dir)) {
+my $has_correct_end = ($dir =~ m{/\Q$safeuser\E$});
+
+if(($allowed_dir ne $dir) or (!$has_correct_end)) {
     if ($DEBUG) {
 	print("Directory $dir is not a valid home for $safeuser\n");
     }
     exit 5;
 }
 
-
 # As root, create the directory.
 
-my $homedir = $dirtry1;
+my $homedir = $allowed_dir;
 my $fulldir = $homedir."/public_html";
 
 if($DEBUG) {
     print("Full directory path is: $fulldir \n");
 }
-if(!( -e $dirtry1)) {
+if(!( -e $homedir)) {
     if($DEBUG) {
-	print("User's home directory $dirtry1 does not exist\n");
+	print("User's home directory $homedir does not exist\n");
     }
     if ($authentication eq "unix:") {
         exit 6;