There are serious security issues you need to consider if you allow users to submit their own paths, depending of course on what you're doing with those paths. For the sake of simplicity, I would recommend that you only allow alphanumerics in these path names. You can then properly untaint and scrub your path as follows:
in reply to Re: (MeowChow) Re: -d fails outside the current working directory
in thread -d fails outside the current working directory
Speaking of untainting, you are using -T, right?
my $userpath = $CGI->param('userpath');
my $basepath = "C:/wwwroot/whatever";
my $path = join '/', $basepath, $userpath =~ /\w+/g;
s aamecha.s a..a\u$&owag.print