my $subcookie = untaint ( substr($cookie,0,6) ); # this is a substring of the SID, that I use as a name for a dinamic directory for the user. Also, check my untaint() function below
      
opendir (DIR, "../users/$subcookie/"); # I was using glob, but couldnīt make -T accept it, so I changed to readdir
         
my @files = readdir DIR;
      
foreach my $file (@files) { 
      
   my $checked_file;
      
   if ( $file =~ /(\w+)\.(\w{3,4})/ ) { $checked_file = "$1.$2"; } # avoiding the first "." and ".." thar readdir returns            
                 
   if ( defined $checked_file ) { unlink "../users/$subcookie/$checked_file"; }
               
         
}
         
close DIR;

... # and the code goes on 

##</code><code>##


sub untaint {

      my $string = shift;
   
      my $clean_string;
     
      if ( $string =~ /([\w\-\_]+)/ ) { $clean_string = $1; } 
   
      else { die "ilegal character: $!"; }
   
      return $clean_string;
      
}