*** HeadlinesPlugin.pm	2004-10-30 06:38:42.000000000 +0200
--- tmp/HeadlinesPlugin.pm	2004-10-31 09:25:00.000000000 +0100
***************
*** 146,151 ****
--- 146,157 ----
  
      if( $theRefresh ) {
          # save text in cache file before returning it
+         if ($cacheFilename =~ /^([-\w\/.]+)$/) {
+             $cacheFilename = $1;    # $cacheFilename now untainted
+         }
+         else {
+             return "ERROR: Tainted $cacheFilename";
+         }
          TWiki::Func::saveFile( $cacheFilename, $text );
      }