chdir($dir) && system("unzip", $unzip);

##</code><code>##

#!/usr/bin/perl -T

##</code><code>##

my $dir = $query->param('dir');
my $zip = $query->param('zip');
die "invalid dir" unless ($dir =~ m/^([a-zA-Z0-9]+)\z/);
my $valid_dir = $1;  # $valid_dir is untainted
die "invalid zip file" unless ($zip =~ m/^([a-zA-Z0-9]+)\z/);
my $valid_zip = $1;

chdir($valid_dir) && system("unzip", $valid_zip);