--- loncom/lond	2004/08/28 15:52:51	1.244
+++ loncom/lond	2004/08/29 04:12:18	1.245
@@ -2,7 +2,7 @@
 # The LearningOnline Network
 # lond "LON Daemon" Server (port "LOND" 5663)
 #
-# $Id: lond,v 1.244 2004/08/28 15:52:51 banghart Exp $
+# $Id: lond,v 1.245 2004/08/29 04:12:18 albertel Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -57,7 +57,7 @@ my $DEBUG = 0;		       # Non zero to ena
 my $status='';
 my $lastlog='';
 
-my $VERSION='$Revision: 1.244 $'; #' stupid emacs
+my $VERSION='$Revision: 1.245 $'; #' stupid emacs
 my $remoteVERSION;
 my $currenthostid="default";
 my $currentdomainid;
@@ -1302,12 +1302,13 @@ sub push_file_handler {
 
 sub du_handler {
     my ($cmd, $ududir, $client) = @_;
-    my $userinput = "$cmd:$ududir";
-    my $duout='';
-    my $du_cmd;
-    $du_cmd = 'du -ks '.$ududir.' 2>/dev/null)';
-    $duout = qx[$du_cmd];
-    print $client "$du_cmd -- $ududir -- $duout\n";
+    if ($ududir=~/\.\./ || $ududir!~m|^/home/httpd/|) {
+	&Failure($client,"refused\n","$cmd:$ududir");
+	return 1;
+    }
+    my $duout = `du -ks $ududir 2>/dev/null`;
+    $duout=~s/[^\d]//g; #preserve only the numbers
+    &Reply($client,"$duout\n","$cmd:$ududir");
     return 1;
 }
 &register_handler("du", \&du_handler, 0, 1, 0);