--- gnump3d-orig	2005-11-14 23:50:36.000000000 +0000
+++ gnump3d	2005-11-14 23:52:59.000000000 +0000
@@ -756,6 +756,12 @@
 			$val =~ s/^\s+//;
 			$val =~ s/\s+$//;
 
+			if ( $key =~ /^theme$/i )
+			{
+			    # Themes may only be named using numbers + letters
+			    $val =~ tr[A-Za-z0-9]||cd;
+			}
+
 			# Could cookie traversal cause problems?
 			$val = &sanitizePath( $val );
 
@@ -829,6 +835,12 @@
 			$key = &urlDecode( $key );
 			$val = &urlDecode( $val );
 
+			if ( $key =~ /^theme$/i )
+			{
+			    # Themes may only be named using numbers + letters
+			    $val =~ tr[A-Za-z0-9]||cd;
+			}
+
 			# Avoid "../" attacks in parameter values.
 			$val = &sanitizePath( $val );