--- loncom/imspackages/imsprocessor.pm	2017/05/23 03:07:40	1.55
+++ loncom/imspackages/imsprocessor.pm	2018/05/02 17:08:40	1.57
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # Processor for IMS Packages
 #
-# $Id: imsprocessor.pm,v 1.55 2017/05/23 03:07:40 raeburn Exp $
+# $Id: imsprocessor.pm,v 1.57 2018/05/02 17:08:40 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -29,6 +29,7 @@
 package Apache::imsprocessor;
 
 use Apache::lonnet;
+use Apache::loncommon;
 use Apache::loncleanup;
 use Apache::lonlocal;
 use HTTP::Request::Common;
@@ -99,6 +100,9 @@ sub create_tempdir {
     my ($context,$pathinfo,$timenow) = @_;   
     my $configvars = &LONCAPA::Configuration::read_conf('loncapa.conf');
     my $tempdir;
+    $pathinfo = &Apache::loncommon::clean_path($pathinfo);
+# Collapse dots
+    $pathinfo =~ s/\.+/./g;
     if ($context eq 'DOCS') {
         $tempdir =  $$configvars{'lonDaemons'}.'/tmp/'.$pathinfo;
         if (!-e "$tempdir") {
@@ -130,11 +134,13 @@ sub uploadzip {
         $fname=~s/\s+/\_/g;
 # Replace all other weird characters by nothing
         $fname=~s/[^\w\.\-]//g;
+# Collapse dots
+        $fname=~s/\.+/./g;
 # See if there is anything left
         unless ($fname) { return 'error: no uploaded file'; }
 # Save the file
         chomp($env{'form.uploadname'});
-        open(my $fh,'>'.$tempdir.'/'.$fname);
+        open(my $fh,'>',"$tempdir/$fname");
         print $fh $env{'form.uploadname'};
         close($fh);
     } elsif ($context eq 'CSTR') {