diff --git a/lib/str_util.cpp b/lib/str_util.cpp
index 1f7f7c2924..9bf1554040 100644
--- a/lib/str_util.cpp
+++ b/lib/str_util.cpp
@@ -755,4 +755,25 @@ vector<string> split(string s, char delim) {
         result.push_back(item);
     }
     return result;
-}
\ No newline at end of file
+}
+
+// check whether filename is legit
+// - can't start with /
+// - can't have control chars
+// - can't have ..
+//
+bool is_valid_filename(const char* name) {
+    int n = strlen(name);
+    for (int i=0; i<n; i++) {
+        if (iscntrl(name[i])) {
+            return false;
+        }
+    }
+    if (strstr(name, "..")) {
+        return false;
+    }
+    if (name[0] == '/') {
+        return false;
+    }
+    return true;
+}
diff --git a/lib/str_util.h b/lib/str_util.h
index 410d695b48..4af9e85319 100644
--- a/lib/str_util.h
+++ b/lib/str_util.h
@@ -102,4 +102,6 @@ extern void strip_translation(char* p);
 
 extern std::vector<std::string> split(std::string, char delim);
 
+extern bool is_valid_filename(const char*);
+
 #endif
diff --git a/sched/file_upload_handler.cpp b/sched/file_upload_handler.cpp
index 21f36a9c53..d677ef0f12 100644
--- a/sched/file_upload_handler.cpp
+++ b/sched/file_upload_handler.cpp
@@ -392,9 +392,9 @@ int handle_file_upload(FILE* in, R_RSA_PUBLIC_KEY& key) {
 
     // make sure filename is legit
     //
-    if (strstr(name, "..")) {
+    if (!is_valid_filename(name)) {
         return return_error(ERR_PERMANENT,
-            "file_upload_handler: .. found in filename: %s",
+            "file_upload_handler: invalid filename: %s",
             name
         );
     }