This /\\/ matches a backslash - not what you want.

But I think, best is to convert the param value to an absolute path via e.g. abs_path (from Cwd) and check whether the allowed path matches.

_($_=" "x(1<<5)."?\n".q·/)Oo.  G°\        /
                              /\_¯/(q    /
----------------------------  \__(m.====·.(_("always off the crowd"))."·
");sub _{s./.($e="'Itrs `mnsgdq Gdbj O`qkdq")=~y/"-y/#-z/;$e.e && print}

Thank you, the code now looks like this but the string that comes back from param('select') although valid for some reason enters the 2nd i believe if( )block:

print header( -charset=>'utf-8' );
my $passage = param('select') || "Αρχική
+ Σελίδα!";

my @files = glob "$ENV{'DOCUMENT_ROOT'}/data/text/*.txt";
my @display_files = map m{([^/]+)\.txt}, @files;
Encode::from_to($_, 'ISO-8859-7', 'utf8') for @display_files;


if ( param('select') )  {   #If user selected an item from the drop do
+wn menu
   unless ( grep { $_ eq param('select') } @display_files )   #Unless 
+user selection doesn't match one of the valid filenames within @displ
+ay_files
   {
      if( param('select') =~ /\0/ )
      {
         $passage = "*Null Byte Injection* attempted & logged!";
         print br() x 2, h1( {class=>'big'}, $passage );
      }
      if( param('select') =~ /\/\.\./ )
      {
         $passage = "*Backwards Directory Traversal* attempted & logge
+d!";
         print br() x 2, h1( {class=>'big'}, $passage );
      }

      $select = $db->prepare( "UPDATE guestlog SET passage=?, date=?, 
+counter=counter+1 WHERE host=?" );
      $select->execute( $passage, $date, $host );

      exit;
    }
[download]

When i try to run it and select something valid i see no response though.....

Very weird, not even the usual "backward error..."