It seems like you still have tainted data lying around.

Try untainting the $dir_path within your 'else' block in lines 171-176.

You might want to check the Laundering-and-Detecting-Tainted-Data from perlsec as well.

Hope this helps.