Thanks for the suggestion. I've untainted my input.

I never use taint mode because I don't maintain a public http server (all my scripts are single-user only and behind a firewall), but I guess that doesn't really help other people who download my code and have it exploited. Please let me know if you think there's still a problem.