I cooked up a regexp for "how the filenames to be deleted should look" and now the taint checking is happy:

  my @dels = ();
  opendir DIR, DB_DIREC or die "can't open direc ".DB_DIREC.": $!";
  for (readdir DIR) {
    if (/^(__[-!#.0-9@-Z_a-z]+)$/) {push @dels, DB_DIREC."/$1"}
  }
  closedir DIR;
    
  if (@dels) {unlink @dels}
[download]

Thanks for your help,
cmac
www.animalhead.com

That regex won't capture files with UC letters

#!/usr/bin/perl
use warnings;
use strict;
# 744661 

my @var = [ 'foo.Bar',
      'for.bar',
    ];

for my $var(@var) {
    if ( $var =~ /^(__[-!#.0-9@-Z_a-z]+)$/ ) {
        print "\$var: $var\n";
    } else {
         print "no match!\n";
    }
}
[download]

If you're concerned about files like "foo.Bar", use the /i modifier.

It looks like your original requirement was files starting with '__'.

Similar to what ww is saying, you can simplify your capture to /^(__.*)$/; then you won't have to worry about upper-case matching.

Changed the for statement in the previous sequence to:

  for (@dels) {s!(.+)!DB_DIREC."/$1"!e}
[download]

Now everything goes through a regular expression and the same error results.

As you have found out yourself, you must take the captured data outside of the regex in order to untaint it.

CountZero

A program should be light and agile, its subroutines connected like a string of pearls. The spirit and intent of the program should be retained throughout. There should be neither too little or too much, neither needless loops nor useless variables, neither lack of structure nor overwhelming rigidity." - The Tao of Programming, 4.1 - Geoffrey James

There is nothing like "user input" anywhere near this sequence

The contents of the directory are hardcoded? No.

>perl -MScalar::Util=tainted -Tle"opendir $dh, '.'; print(tainted(read
+dir($dh))?1:0);
1
[download]