Hi ZZamboni,
I haven't sanitized everything yet, but here's the code I am using. Could you look it over and tell me what you think as far as security goes?

#!c:\perl\bin\perl.exe -wT
use strict;

use CGI qw(:standard);
my $cgi = new CGI;

my $element = $cgi->param('element');
my $type = $cgi->param('type');
my $page = $cgi->param('page');
my $dir="$page";
my @dir;
my $safedir;
opendir(TEXTFILES, "text_files") || die "Couldn't open the text file d
+irectory: $!";
@dir = grep { $_ ne "." && $_ ne ".." && -d "./text_files/$_" } readdi
+r (TEXTFILES);
closedir(TEXTFILES);
foreach (@dir) {
    if ($_ eq "$dir") {
        $safedir = "text_files/$_";
        last;
    }
}
######################################################################
+###########
# SPIT OUT THE FORM
######################################################################
+###########
if ($type eq "text") {
    opendir(CONTENTFILES, "$safedir") || die "Couldn't open the $safed
+ir directory: $!";
    my @files=grep(/\.txt$/i, readdir CONTENTFILES);
    closedir(CONTENTFILES);
    my $file_to_change;
    foreach (@files) {
        if ($_ eq "$element.txt") {
            $file_to_change = "$_";
            last;
        }
    }
    if ($file_to_change =~ /(\w+\.txt)/) {
        my $safe_file_to_change = $1;
        open(FILE, "$safedir/$safe_file_to_change") || die "Couldn't o
+pen $safe_file_to_change: $!";
        my @text_to_change=<FILE>;
        close(FILE);
        use HTMLTMPL;
        my $templ = new HTMLTMPL;
        $templ->src('text_form.html');
        my $title=ucfirst($element);
        $templ->title($title);
        $templ->element($element);
        $templ->text_to_change(@text_to_change);
        $templ->page($page);
        $templ->output('Content-Type: text/html');
    }
}

######################################################################
+###########
# CHANGE THE FILE
######################################################################
+###########
if ($type eq "text_change") {
    my $text = $cgi->param('text');
    opendir(CONTENTFILES, "$safedir") || die "Couldn't open the $safed
+ir directory: $!";
    my @files=grep(/\.txt$/i, readdir CONTENTFILES);
    closedir(CONTENTFILES);
    my $file_to_change;
    foreach (@files) {
        if ($_ eq "$element.txt") {
            $file_to_change = "$_";
            last;
        }
    }
    $file_to_change = "$safedir/$file_to_change";
    if ($file_to_change =~ /(text_files\/\w+\/\w+\.txt)/) {
        my $safe_file_to_change = $1;
        open(FILE, ">$safe_file_to_change") || die "Couldn't open $saf
+e_file_to_change: $!";
        print FILE $text;
        close(FILE);
    }
    use HTMLTMPL;
    my $templ = new HTMLTMPL;
    $templ->src('sucess_message.html');
    my $title=ucfirst($element);
    $templ->title($title);
    $templ->text($text);
    $templ->page($page);
    $templ->output('Content-Type: text/html');
}
[download]

---

---

Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!

Titles consisting of a single word are discouraged, and in most cases are disallowed outright.

Read Where should I post X? if you're not absolutely sure you're posting in the right place.

Please read these before you post! —

• How do I compose an effective node title?
• How do I post a question effectively?
• Markup in the Monastery

Posts may use any of the Perl Monks Approved HTML tags:

a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr

You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)

	For:		Use:
	&		&
	<		&lt;
	>		&gt;
	[		&#91;
	]		&#93;

Link using PerlMonks shortcuts! What shortcuts can I use for linking?

See Writeup Formatting Tips and other pages linked from there for more info.