Index: openacs-4/packages/acs-api-browser/www/procs-file-view.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-api-browser/www/procs-file-view.tcl,v
diff -u -N -r1.8 -r1.8.2.1
--- openacs-4/packages/acs-api-browser/www/procs-file-view.tcl	1 Jul 2015 08:56:57 -0000	1.8
+++ openacs-4/packages/acs-api-browser/www/procs-file-view.tcl	18 Aug 2015 09:01:59 -0000	1.8.2.1
@@ -5,7 +5,7 @@
 } {
     version_id:naturalnum,optional
     { public_p:boolean "" }
-    path:token,trim
+    path:path,trim
     source_p:boolean,optional,trim
 } -properties {
     title:onevalue
Index: openacs-4/packages/acs-tcl/tcl/tcl-documentation-procs.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-tcl/tcl/tcl-documentation-procs.tcl,v
diff -u -N -r1.36 -r1.36.2.1
--- openacs-4/packages/acs-tcl/tcl/tcl-documentation-procs.tcl	29 Jun 2015 18:49:57 -0000	1.36
+++ openacs-4/packages/acs-tcl/tcl/tcl-documentation-procs.tcl	18 Aug 2015 09:01:59 -0000	1.36.2.1
@@ -1560,8 +1560,7 @@
 	error "[_ acs-tcl.lt_Invalid_number_of_par]"
 	ad_script_abort
     }
-    set min [lindex $range 0]
-    set max [lindex $range 1]
+    lassign $range min max
     if { $value < $min || $value > $max } {
 	ad_complain "[_ acs-tcl.lt_name_is_not_in_the_ra]"
 	return 0
@@ -1637,7 +1636,7 @@
     # Log details about this filter failing, to make it easier to debug.
     ns_log Notice "ad_page_contract tmpfile filter on variable '$name' at URL '[ad_conn url]': The tmpfile given was '$value', and the list of valid directories is '$tmpdir_list'."
 
-    ad_complain "[_ acs-tcl.lt_You_specified_a_path_]"
+    ad_complain [_ acs-tcl.lt_You_specified_a_path_]
     return 0
 }
 
@@ -2013,9 +2012,25 @@
     return 0
 }
 
+ad_page_contract_filter path { name value } {
+    Checks whether the value is a Tcl word, or contains a few 
+    rather safe other characters ("-", "/", ".") used
+    in (file-system) paths
 
+    @author Gustaf Neumann
+    @creation-date 24 June 2015
+} {
 
+    if {[regexp {^[\w/.-]+$} $value]} {
+	return 1
+    }
+    ad_complain [_ acs-tcl.lt_name_contains_invalid]
+    return 0
+}
 
+
+
+
 ####################
 # 
 # Standard filter rules