I was having problems downloading files with ! and .. characters in the filename. I can see the potential security hazard where the resultant path might point to a different directory than intended but that would require the '..' to start the filepath or follow a '/' - the regexp below is not that specific. Am I missing something here or was this a lazy hack? Also, what is the potential security problem with files containing an exclamation mark? This question is not rhetorical - I honestly don't know! Finally, can't this be done in the mirror.defaults file so that it can be overridden on a package by package basis? Why isn't it documented in /usr/share/doc/packages/mirror? It took me quite a while to track this down! # important security check - marc@suse.de # we don't use an allow list but an deny list because otherwise # we will get problems with umlaute and other stuff. And the # hole is very small anyway. if ( $src_path =~ m/[\\n;&<>#`!$*|]/ || $src_path =~ m/.. /) { print STDERR "Error: source filename contains illegal ch aracters: "$src_path"\n"; next; } -- Simon Oliver