--- a/refresh-auth	Tue Apr 15 18:13:53 2008 +0100
+++ b/refresh-auth	Tue Apr 15 18:30:43 2008 +0100
@@ -1,26 +1,31 @@
 #!/usr/bin/python
 
+# WARNING
+# This script completely destroys your .ssh/authorized_keys
+# file every time it is run
+# WARNING
+
 import os
 import os.path
-
-# THIS SCRIPT COMPLETELY DESTROYS YOUR .ssh/authorized_keys FILE EVERY TIME IT IS RUN
-
-#command='cd %s && ../path/bin/hg-ssh %s' % (repos, " ".join(projects))
+import re
 
 akeyfile = os.path.expanduser("~/.ssh/authorized_keys")
 
+allowedchars = "A-Za-z0-9_.-"
+goodpathre = re.compile("([%s]+/)*[%s]+$" % (allowedchars, allowedchars))
 akeys = open(akeyfile + "_new", "w")
 for root, dirs, files in os.walk("keys"):
     for fn in files:
         ffn = os.path.join(root, fn)
-        # FIXME: should ignore any path that contains dodgy characters
+        if goodpathre.match(ffn) is None:
+            # ignore any path that contains dodgy characters
+            continue
         keyname = ffn[5:]
+        prefix=('command="%s",no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding'
+            % ('./.hg-ssh-wrapper %s' % keyname))
         kf = open(ffn)
         try:
             for l in kf:
-                command='./.hg-ssh-wrapper %s' % keyname
-                prefix=('command="%s",no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding'
-                    % command)
                 #prefix='no-port-forwarding,no-X11-forwarding,no-agent-forwarding'
                 akeys.write("%s %s\n" % (prefix, l.strip()))
         finally: