my $frompath = "$DATAPATH/documentset/$company/$dept/$doc_id";
my $writetopath = "$EX_DATAPATH/external_gn/$doc_id";
my $u = new MyMod::Untaint;

my ($untainted_source_path, undef) = $u->untaintMe($frompath, 'path');
my ($untainted_dest_path, undef) = $u->untaintMe($writetopath, 'path');

#we have to add this afterward to handle the case of using '*' for images. '*' makes the string fail normal taint checking.
$untainted_source_path .= ".$extension";
$untainted_dest_path .= ".$extension";

if ($untainted_source_path =~ m/^([\/\w\-._*]+)$/ ) {
  $untainted_source_path="$1";
}
else {
  $g->errorpage($q,"Error adding source file extension. Please contact the MIS help desk.");
}

if ($untainted_dest_path =~ m/^([\/\w\-._*]+)$/ ) {
  $untainted_dest_path="$1";
}
else {
  $g->errorpage($q,"Error adding destination file extension. Please contact the MIS help desk.");
}
    
copy($untainted_source_path, $untainted_dest_path);

my $upload = &upload_file($g, $q, $untainted_source_path, $untainted_dest_path);