backport (sh002i): SECURITY: tighter constraints on which macro files
can be loaded without restriction. Previously, any file that *contained*
the strings PG.pl, dangerousMacros.pl, or IO.pl would be loaded with an
This is the second attempt to close this hole. The previous attempt
assumed that | binds tighter than ^ and $, which is not true. (Noticed
by dpvc). It also failed to escape metacharacters in the file names.