If you use File::Basename, filter for nasty characters (the usual taint stuff) and append the result to a path name that you've hard coded, you should be fairly safe. If I've made any glaring omissions, please correct me.

--Jim