#!/usr/bin/perl -wT
use strict;
use CGI qw/:standard/;

my %paths = ( '/somepath/data'           => '2',
              '/somepath/data/bob'       => '1',
              '/somepath/data/alice'     => '1',
              '/somepath/data/tom'       => '1',
              '/somepath/config/foo'     => '2',
              '/somepath/config/bar'     => '2',
              '/somepath/config/bar/baz' => '1' );

my $tainted_path = param( 'path' );

# this line will take things like 'foo/bar' or '///fooo///bar' and return '/foo/bar'
# note that all paths are assumed to be absolute.  Easier that way.

$tainted_path = '/' . join '/', grep { $_ !~ /^\s*$/ } split '/', $tainted_path;
my $clean_path = '';

# Do not, under any circumstances, change this routine unless
# you know exactly what you are doing and why.  If you're not
# sure why I said that, then you don't know what you're doing

if ( exists $paths{ $tainted_path } ) {
	( $clean_path ) = ( $tainted_path =~ /^(.*)$/ );
} else {
	# whups!  Can't find it.  Here's where we do the error handling
}
# $clean_path is now untainted and safe to use