--- loncom/publisher/lonupload.pm	2019/03/04 19:54:35	1.69
+++ loncom/publisher/lonupload.pm	2019/03/06 03:39:54	1.70
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # Handler to upload files into construction space
 #
-# $Id: lonupload.pm,v 1.69 2019/03/04 19:54:35 raeburn Exp $
+# $Id: lonupload.pm,v 1.70 2019/03/06 03:39:54 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -567,6 +567,14 @@ sub handler {
         $fn = $env{'form.filename'};
     }
     $fn=~s/\/+/\//g;
+    if ($fn =~ m{/\.\./}) {
+        $warning .= '<p class="LC_warning">'
+                   .&mt('Path modified as a result of one or more instances of /../')
+                   .'</p>';
+        while ($fn =~ m{/\.\./}) {
+            $fn =~ s{/[^/]+/\.\./}{/}g;
+        }
+    }
 
     unless ($fn) {
         $r->log_reason($env{'user.name'}.' at '.$env{'user.domain'}.