I would suggest making use of the File::Spec module (standard in the Perl distribution).

The function 'rel2abs' should do what you want. This converts a relative pathname to an absolute one. You can then check the returned result to ensure that the filename referenced is indeed within the area the user is permitted to act.

E.g., in /some/dir, if you do File::Spec->rel2abs('../other/./../file.txt'), this will return '/some/file.txt'.

Other File::Spec routines can be used then to break this up into directory/file components, which you can use against your own directory lists, allowing or denying the user access.