I would sanitize everything anyway. Although the directories are
under your control, think about these:
- What if in the future you add the possibility for users
to add their own directories, and then forget to go back
and change this code to check them before using them?
- What if through some other means someone manages to add
a directory with a weird name?
I'm not sure if data read from readdir() is considered tainted
or not, but you should check everything. Come up with a regex
that describes all the valid directory names that you expect
to have, and check against that. Something like this:
foreach (@dir) {
s/^(\w+)$/$1/ || do { generate some error message, or
skip this directory };
}
Which will allow directory names with any alphanumeric characters
plus the underscore. Remember not to check for invalid
characters (you could miss some), but to only allow valid
ones (like the code above).
A similar untainting should probably be applied to user-supplied
data, plus checking that it is in the list of valid directories.
--ZZamboni