--- loncom/Attic/lchtmldir	2005/06/21 11:00:21	1.17
+++ loncom/Attic/lchtmldir	2007/04/10 20:32:13	1.18
@@ -70,6 +70,8 @@ use strict;
 use Fcntl qw(:mode);
 use DirHandle;
 use POSIX;
+use lib '/home/httpd/lib/perl/';
+use LONCAPA qw(:match);
 
 $ENV{'PATH'} = '/bin:/usr/bin:/usr/local/sbin:/home/httpd/perl';
 delete @ENV{qw{IFS CDPATH ENV BASH_ENV}};
@@ -132,7 +134,7 @@ if( $authentication ne "unix:"     &&
 
 # Untaint the username.
 
-my $match = $username =~ /^(\w+)$/;
+my $match = $username =~ /^($match_username)$/;
 my $patt  = $1;
  
 if($DEBUG) {
@@ -144,7 +146,7 @@ my $safeuser = $patt;
 if($DEBUG) {
     print("Save username = $safeuser \n");
 }
-if(($username ne $safeuser) or ($safeuser!~/^[A-z]/)) {
+if($username ne $safeuser) {
     if($DEBUG) {
 	print("User name $username had illegal characters\n");
     }
@@ -154,7 +156,7 @@ if(($username ne $safeuser) or ($safeuse
 #untaint the base directory require that the dir contain only 
 # alphas, / numbers or underscores, and end in /$safeuser
 
-$dir =~ /(^([\w\/]+))/;
+$dir =~ /(^([\w\/\.\-]+))/;
 
 my $dirtry1 = $1;