diff --git a/ChangeLog b/ChangeLog
index 7d0df7d4..4bc93e9e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2009-03-04  Tatsuhiro Tsujikawa  <t-tujikawa@users.sourceforge.net>
+
+	Applied basename function to remove directory element in
+	content-disposition value.
+	Return empty string if content-disposition value is ".." or ".".
+	* src/Util.cc
+	* test/UtilTest.cc
+
 2009-02-28  Tatsuhiro Tsujikawa  <t-tujikawa@users.sourceforge.net>
 
 	Added --max-overall-download-limit in man page.
diff --git a/src/Util.cc b/src/Util.cc
index 0eb59873..c8227779 100644
--- a/src/Util.cc
+++ b/src/Util.cc
@@ -564,7 +564,14 @@ std::string Util::getContentDispositionFilename(const std::string& header) {
     filenameep = header.size();
   }
   static const std::string TRIMMED("\r\n '\"");
-  return trim(header.substr(filenamesp, filenameep-filenamesp), TRIMMED);
+  std::string fn =
+    File(trim(header.substr
+	      (filenamesp, filenameep-filenamesp), TRIMMED)).getBasename();
+  if(fn == ".." || fn == ".") {
+    return A2STR::NIL;
+  } else {
+    return fn;
+  }
 }
 
 static int nbits[] = {
diff --git a/test/UtilTest.cc b/test/UtilTest.cc
index 3e5c27ba..808f1db6 100644
--- a/test/UtilTest.cc
+++ b/test/UtilTest.cc
@@ -269,6 +269,17 @@ void UtilTest::testGetContentDispositionFilename() {
   std::string h11 = "attachment; filename=;";
   CPPUNIT_ASSERT_EQUAL(std::string(""), Util::getContentDispositionFilename(h11));
 
+  std::string filenameWithDir = "attachment; filename=dir/file";
+  CPPUNIT_ASSERT_EQUAL(std::string("file"),
+		       Util::getContentDispositionFilename(filenameWithDir));
+
+  std::string parentDir = "attachment; filename=..";
+  CPPUNIT_ASSERT_EQUAL(std::string(),
+		       Util::getContentDispositionFilename(parentDir));
+
+  std::string currentDir = "attachment; filename=.";
+  CPPUNIT_ASSERT_EQUAL(std::string(),
+		       Util::getContentDispositionFilename(currentDir));
 }
 
 class Printer {