It's strictly a style comment, and I apologize for that; but perhaps you might like to abbreviate the work, this way:

sub untaint ($$$) {
  my ($q,$name,$re) = @_; 
  my $tainted       = $q->param($name);
  my ($untainted)   = $tainted =~ m/^($re)$/);
  badinputerror($q) unless($untainted);
  return $untainted;
}
# $untainted will be undefined if there is no match.
[download]