$name = untaint($name);
    $siteName = untaint($siteName);
    open (FILE,">/$directory/tmpl/$name.tmpl");
        print FILE $content;
    close(FILE);

sub untaint {
    my $var = $_[0];
    unless ($var =~ m/^(\w+)$/) { #allow filename to be [a-zA-Z0-9_]
        die("Tainted");
    } 
    return $var;
}