my $act = 'add';
## make cgi->param("name") lowercase
-$cgi->param('name' => lc $cgi->param('name'));
+my $vcf_name = $cgi->param('name');
+$vcf_name =~ s/\s/_/g; $vcf_name =~ s/[^A-Za-z0-9\-_]//g;
+$cgi->param('name' => lc $vcf_name);
die "access denied"
unless $FS::CurrentUser::CurrentUser->access_right('Configuration');