----- Original Message ----- From: "Daniel Carrera" <dcarrera / math.umd.edu> [snip] To untaint data you use regular expressions. In this case a directory name should only be composed of "word" charcaters and the character "/". Do something like: # dir tainted. if dir =~ /^([\w\/]+)$/ dir = $1 # Untainted. else # Error... end ---------------------------- Cool! I didn't know you could do that. I always just used `str.untaint'. BTW, (to the original poster), tainting also bites me from time to time. So far, though, it has *always* been a good thing! I feel safe at night knowing that tainting is there. :) Chris