if ($file_out =~ /^([-\@\w.]+)$/) {
          $file_out = $1;                     # $data now untainted
      } else {
          die "Bad data in $file_out";        # log this somewhere
      }