commit - 1b9dd9ac4c4715318b8f83bdf0fe20c1081cff30
commit + f07f0e329fe30d5e4cad62a9a4fee2ec44be0d29
blob - 233089193efb29e5bde381f749138a357826ffa3
blob + 319171e451d93996155bfe2d7ebdcce6045f7edf
--- FICS/makerank.c
+++ FICS/makerank.c
@@ -14,36 +14,11 @@
 
 #include "common.h"
 #include "makerank.h"
+#include "utils.h"
 
 static ENTRY	**list;
 static ENTRY	**sortme;
 
-
-// Returns 1 if filename is safe, 0 otherwise
-static int is_valid_filename(const char *name) {
-    // Reject empty string
-    if (!name || !*name)
-        return 0;
-    // Reject if starts with '.' (hidden files, ".", "..")
-    if (name[0] == '.')
-        return 0;
-    // Reject if contains "..", '/', '\\', or starts with '/'
-    if (strstr(name, "..") || strchr(name, '/') || strchr(name, '\\') || name[0] == '/')
-        return 0;
-    // Reject if contains whitespace or control characters
-    for (const char *p = name; *p; ++p) {
-        if (isspace((unsigned char)*p) || iscntrl((unsigned char)*p))
-            return 0;
-    }
-    // Optionally, restrict to alphanumeric and a few safe symbols
-    for (const char *p = name; *p; ++p) {
-        if (!isalnum((unsigned char)*p) && *p != '-' && *p != '_' && *p != '.') {
-            return 0;
-        }
-    }
-    return 1;
-}
-
 static char	*rnames[] = { "std", "blitz", "wild", "lightning" };
 static int	 rtype;
 
@@ -214,7 +189,7 @@ LoadEntries(void)
 			 * Validate that e.name does not contain path
 			 * traversal or separators
 			 */
-			if (!is_valid_filename(e.name)) {
+			if (!is_valid_filename(e.name, false)) {
 				printf("Skipping invalid filename: %s\n",
 				    e.name);
 				continue;