Index: openacs-4/packages/xowiki/tcl/package-procs.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/xowiki/tcl/package-procs.tcl,v
diff -u -r1.82 -r1.83
--- openacs-4/packages/xowiki/tcl/package-procs.tcl	13 Aug 2007 13:52:11 -0000	1.82
+++ openacs-4/packages/xowiki/tcl/package-procs.tcl	14 Aug 2007 08:04:31 -0000	1.83
@@ -920,8 +920,10 @@
   Package instproc condition=has_class {query_context value} {
     return [expr {[$query_context query_parameter object_type ""] eq $value}]
   }
+  Package instproc condition=has_name {query_context value} {
+    return [regexp $value [$query_context query_parameter name ""]]
+  }
 
-
   Class create Policy -superclass ::xo::Policy
 
   Policy policy1 -contains {
@@ -936,6 +938,7 @@
       edit-new            {
 	{{has_class ::xowiki::Object} id admin} 
 	{{has_class ::xowiki::FormPage} nobody} 
+	{{has_name {[.](js|css)$}} id admin}
 	{id create}
       }
     }
@@ -980,6 +983,7 @@
       edit-new            {
 	{{has_class ::xowiki::Object} swa} 
 	{{has_class ::xowiki::FormPage} nobody} 
+	{{has_name {[.](js|css)$}} swa}
 	{id create}
       }
     }
@@ -1020,6 +1024,7 @@
       edit-new            {
 	{{has_class ::xowiki::Object} swa} 
 	{{has_class ::xowiki::FormPage} nobody} 
+	{{has_name {[.](js|css)$}} swa}
 	{id create}
       }
     }
Index: openacs-4/packages/xowiki/tcl/xowiki-form-procs.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/xowiki/tcl/xowiki-form-procs.tcl,v
diff -u -r1.86 -r1.87
--- openacs-4/packages/xowiki/tcl/xowiki-form-procs.tcl	13 Aug 2007 13:52:11 -0000	1.86
+++ openacs-4/packages/xowiki/tcl/xowiki-form-procs.tcl	14 Aug 2007 08:04:31 -0000	1.87
@@ -203,6 +203,20 @@
     if {[$data istype ::xowiki::File] && [$data exists mime_type]} {
       #my log "--mime validate_name data=[my exists data] MIME [$data set mime_type]"
       set name [$data complete_name $name [$data set upload_file]]
+      # 
+      # Check, if the user is allowed to create a file with the specified
+      # name. Files ending in .css or .js might require special permissions.
+      # Caveat: the error message is always the same.
+      #
+      set package_id [::xo::cc package_id]
+      set computed_link [export_vars -base [$package_id package_url] {{edit-new 1} name 
+			 {object_type ::xowiki::File}}]
+      set granted [$package_id check_permissions -link $computed_link $package_id edit-new]
+      #my msg computed_link=$computed_link,granted=$granted
+      if {!$granted} {
+	util_user_message -message "User not authorized to to create a file named $name"
+	return 0
+      }
     } else {
       if {![regexp {^..:} $name]} {
         if {![info exists nls_language]} {