From f97f339f552666ef79cdd2cf2a44032cf206bb6e Mon Sep 17 00:00:00 2001
From: Gisle Aas <gisle.aas@it.uib.no>
Date: Mon, 11 Jan 2010 09:01:37 +0100
Subject: [PATCH] Don't allow saving to filenames starting with '.' suggested
 by server

---
 bin/lwp-download | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/bin/lwp-download b/bin/lwp-download
index a85ac551d..ada1abbb5 100755
--- a/bin/lwp-download
+++ b/bin/lwp-download
@@ -138,7 +138,9 @@ my $res = $ua->request(HTTP::Request->new(GET => $url),
 	      # validate that we don't have a harmful filename now.  The server
 	      # might try to trick us into doing something bad.
 	      if (!length($file) ||
-                  $file =~ s/([^a-zA-Z0-9_\.\-\+\~])/sprintf "\\x%02x", ord($1)/ge)
+                  $file =~ s/([^a-zA-Z0-9_\.\-\+\~])/sprintf "\\x%02x", ord($1)/ge ||
+		  $file =~ /^\./
+	      )
               {
 		  die "Will not save <$url> as \"$file\".\nPlease override file name on the command line.\n";
 	      }