--- loncom/interface/portfolio.pm	2004/08/24 07:26:04	1.27
+++ loncom/interface/portfolio.pm	2004/08/24 07:29:51	1.28
@@ -345,10 +345,17 @@ sub upload {
 
 sub createdir {
     my ($r)=@_;
-    #FIXME 1) bad dirnames ( '/' etc)
-    #      2) file exists in place of dir (errormessage needs improvement)
+    #FIXME 1) file exists in place of dir (errormessage needs improvement)
+    my $newdir=&Apache::lonnet::clean_filename($ENV{'form.newdir'});
+    if ($newdir eq '') {
+	$r->print('<font color="red">'.
+		  &mt("Error: no valid directory name was provided.").
+		  '</font><br />');
+	$r->print(&done());
+	return;
+    } 
     my $result=&Apache::lonnet::mkdiruserfile($ENV{'user.name'},
-	     $ENV{'user.domain'},'portfolio'.$ENV{'form.currentpath'}.$ENV{'form.newdir'});
+	     $ENV{'user.domain'},'portfolio'.$ENV{'form.currentpath'}.$newdir);
     if ($result ne 'ok') {
 	$r->print('<font color="red"> An errror occured ('.$result.
 		  ') while trying to create a new directory '.&display_file().'</font><br />');