--- loncom/lonnet/perl/lonnet.pm	2003/01/09 22:45:51	1.314
+++ loncom/lonnet/perl/lonnet.pm	2003/01/10 21:13:00	1.317
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # TCP networking package
 #
-# $Id: lonnet.pm,v 1.314 2003/01/09 22:45:51 www Exp $
+# $Id: lonnet.pm,v 1.317 2003/01/10 21:13:00 www Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -857,8 +857,15 @@ sub tokenwrapper {
 sub userfileupload {
     my ($formname,$coursedoc)=@_;
     my $fname=$ENV{'form.'.$formname.'.filename'};
+# Replace Windows backslashes by forward slashes
     $fname=~s/\\/\//g;
+# Get rid of everything but the actual filename
     $fname=~s/^.*\/([^\/]+)$/$1/;
+# Replace spaces by underscores
+    $fname=~s/\s+/\_/g;
+# Replace all other weird characters by nothing
+    $fname=~s/[^\w\.\-]//g;
+# See if there is anything left
     unless ($fname) { return 'error: no uploaded file'; }
     chop($ENV{'form.'.$formname});
 # Create the directory if not present