my $frompath = "$DATAPATH/documentset/$company/$dept/$doc_id";
my $writetopath = "$EX_DATAPATH/external_gn/$doc_id";
my $u = new MyMod::Untaint;

my ($untainted_source_path, undef) = $u->untaintMe($frompath, 'path');
my ($untainted_dest_path, undef) = $u->untaintMe($writetopath, 'path');

#we have to add this afterward to handle the case of using '*' for images. '*' makes the string fail normal taint checking.
$untainted_source_path .= ".$extension";
$untainted_dest_path .= ".$extension";

if ($untainted_source_path =~ m/^([\/\w\-._*]+)$/ ) {
  $untainted_source_path="$1";
}
else {
  $g->errorpage($q,"Error adding source file extension. Please contact the MIS help desk.");
}

if ($untainted_dest_path =~ m/^([\/\w\-._*]+)$/ ) {
  $untainted_dest_path="$1";
}
else {
  $g->errorpage($q,"Error adding destination file extension. Please contact the MIS help desk.");
}
    
copy($untainted_source_path, $untainted_dest_path);

my $upload = &upload_file($g, $q, $untainted_source_path, $untainted_dest_path);

##</code><code>##

sub untaintMe {
  my ($self, $inputArg, $typeArg) = @_;
  my ($temp, $reason);
  my @returnArray;

  if ($typeArg eq 'path')  {
    $inputArg =~ /[\/\w\-._]+/;  # includes 'file' chars + "\"
    $temp = $&;
    $reason = $` . '...' . $';   # create the reason code
   }    
  
   if ($reason eq '...') # no mismatches found
     if ($temp ne '')  { 
       @returnArray = ($temp, "");
     }
     else { 
       @returnArray = ('', "invalid input, not enough characters to match $typeArg pattern");
     }
   }
   else {
     @returnArray = ('', "invalid input, string contains $reason");
   }
                        
   return @returnArray;
}

##</code><code>##

sub upload_file() {
  my ($g, $q, $readpath, $writepath) = @_;
  my ($bytesread, $buffer);

  if (!open(WFD,"<$readpath")) {
    $g->errorpage($q, "Could not copy $readpath: $!\n");
    return 0;
  }

  $| = 1;   # turn off buffering of stdout

  if (!open(WFD,">$writepath")) {
    $g->errorpage($q, "Error opening file '$writepath' for writing: $!\n");
    return 0;
  }
  
####  
## Error points to the following line
####
  while ($bytesread = read($readpath,$buffer,1024)) {  # can't use string "<directory_goes_here>" as a symbol ref while "strict refs" in use
    binmode WFD;
    print WFD $buffer;
  }

  close(WFD);

  $| = 0;   # turn on buffering of stdout

  chmod 0600, "$writepath";

  return 1;
}