--- loncom/cgi/plot.gif	2002/02/28 21:02:32	1.8
+++ loncom/cgi/plot.gif	2002/03/01 14:03:50	1.9
@@ -1,6 +1,6 @@
 #!/usr/bin/perl
 #
-# $Id: plot.gif,v 1.8 2002/02/28 21:02:32 matthew Exp $
+# $Id: plot.gif,v 1.9 2002/03/01 14:03:50 matthew Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -35,6 +35,9 @@ foreach (split/&/,$ENV{'QUERY_STRING'})
     $data{$name}=$value;
 }
 my $filename = $data{'file'};
+# unescape filename
+$filename =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C",hex($1))/eg;
+
 die if ($filename =~ /\// || $filename !~ /_plot.data$/);
 $filename = $tmpdir . $filename;
 die "$data{'file'} does not exist\n" if (! -e $filename);