#!/usr/bin/perl -T

use strict;

my $docroot = "/home/httpd/sec-html/";

if ($ENV{SCRIPT_FILENAME} =~ /${docroot}(.*?)\//) { print "RE MATCH!\n"; }
my $realm = $1;

if (is_tainted($realm)) { print "Realm: $realm is tainted!\n"; }

sub is_tainted { return ! eval { join('',@_), kill 0; 1; }; }

##</code><code>##

[chaka@pengy sec-cgi]# export SCRIPT_FILENAME=/home/httpd/sec-html/surflo/
[chaka@pengy sec-cgi]# ./index.cgi
RE MATCH!
Realm: surflo is tainted!