diff -urN wget-1.8.2/src/fnmatch.c wget-1.8.2_save/src/fnmatch.c
--- wget-1.8.2/src/fnmatch.c	Sat May 18 05:05:15 2002
+++ wget-1.8.2_save/src/fnmatch.c	Fri Oct  4 14:53:40 2002
@@ -198,6 +198,17 @@
   return (FNM_NOMATCH);
 }
 
+/* Return non-zero if S has a leading '/'  or contains '../' */
+int
+has_invalid_name (const char *s)
+{
+	if (*s == '/')
+		return 1;
+	if (strstr(s, "../") != 0)
+		return 1;
+	return 0;
+}
+
 /* Return non-zero if S contains globbing wildcards (`*', `?', `[' or
    `]').  */
 int
diff -urN wget-1.8.2/src/ftp.c wget-1.8.2_save/src/ftp.c
--- wget-1.8.2/src/ftp.c	Sat May 18 05:05:16 2002
+++ wget-1.8.2_save/src/ftp.c	Fri Oct  4 15:07:22 2002
@@ -1551,6 +1551,8 @@
 {
   struct fileinfo *orig, *start;
   uerr_t res;
+  struct fileinfo *f;
+
 
   con->cmd |= LEAVE_PENDING;
 
@@ -1562,8 +1564,7 @@
      opt.accepts and opt.rejects.  */
   if (opt.accepts || opt.rejects)
     {
-      struct fileinfo *f = orig;
-
+	f = orig;
       while (f)
 	{
 	  if (f->type != FT_DIRECTORY && !acceptable (f->name))
@@ -1575,6 +1576,18 @@
 	    f = f->next;
 	}
     }
+  /* Remove all files with possible harmful names */
+  f = orig;
+  while (f)
+  {
+     if (has_invalid_name(f->name))
+     {
+	  logprintf (LOG_VERBOSE, _("Rejecting `%s'.\n"), f->name);
+	  f = delelement (f, &start);
+     }
+     else
+	  f = f->next;
+  }
   /* Now weed out the files that do not match our globbing pattern.
      If we are dealing with a globbing pattern, that is.  */
   if (*u->file && (action == GLOBALL || action == GETONE))