--- loncom/publisher/loncfile.pm	2004/08/24 21:21:41	1.62
+++ loncom/publisher/loncfile.pm	2004/09/10 20:05:03	1.63
@@ -9,7 +9,7 @@
 #  and displays a page showing the results of the action.
 #
 #
-# $Id: loncfile.pm,v 1.62 2004/08/24 21:21:41 albertel Exp $
+# $Id: loncfile.pm,v 1.63 2004/09/10 20:05:03 albertel Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -289,7 +289,7 @@ sub checksuffix {
 }
 
 sub cleanDest {
-    my ($request,$dest,$subdir)=@_;
+    my ($request,$dest,$subdir,$fn)=@_;
     #remove bad characters
     my $foundbad=0;
     if ($subdir && $dest =~/\./) {
@@ -300,6 +300,13 @@ sub cleanDest {
 	$foundbad=1;
 	$dest=~s/[\#\?&%\"]//g;
     }
+    if ($dest=~m|/|) {
+	my ($newpath)=($dest=~m|(.*)/|);
+	if (! -d "$fn/$newpath") {
+	    $request->print("<p><font color=\"red\">".&mt('You request to create file in directory [_1] which doesn\'t exist. The requested directory path has been removed from the requested file name.','"<tt>'.$newpath.'</tt>"')."</font></p>");
+	    $dest=~s|.*/||;
+	}
+    }
     if ($foundbad) {
 	$request->print("<p><font color=\"red\">".&mt('Invalid characters in requested name have been removed.')."</font></p>");
     }
@@ -760,7 +767,7 @@ sub phaseone {
   
     my $doingdir=0;
     if ($ENV{'form.action'} eq 'newdir') { $doingdir=1; }
-    my $newfilename=&cleanDest($r,$ENV{'form.newfilename'},$doingdir);
+    my $newfilename=&cleanDest($r,$ENV{'form.newfilename'},$doingdir,$fn);
     $newfilename=&relativeDest($fn,$newfilename,$uname);
     $r->print('<form action="/adm/cfile" method="post">'.
 	      '<input type="hidden" name="qualifiedfilename" value="'.$fn.'" />'.