Let's understand our script in detail:

1. First, we begin by creating the bad_input.sh script—it takes $1 (or argument 1) and runs the list or ls command.
2. Running the following commands, we can either list everything in the directory, subdirectory, or even traverse directories backwards! This is clearly not good and security vulnerabilities have even allowed malicious hackers to traverse through a web server—the idea is to contain the input for predictable results and to control input instead of allowing everything:

$ touch TEST.txt
$ mkdir new_dir/
$ bash bad_input.sh "."
...
$ bash bad_input.sh "../"
../all the files backwards

3. In the second script, better_input.sh, the input is sanitized by the following steps. Additionally, one could also check whether the file being listed is in fact there as well:
   
   1. Remove any underscores (necessary).
   2. Remove any sets of double spaces.
   3. Replace spaces with underscores.
   4. Remove any non-alphanumeric values or anything else that is not an underscore.
   5. Then, run the ls command.

4. Next, running better_input.sh will allow us to view the current working directory or any file contained within it. Wildcards have been removed and now we cannot traverse directories.
5. To validate the form of an email, we use the grep command combined with a regex. We are merely looking for the form of an email account name, an @ symbol, and a domain name in the form of acme.x. It is important to note that we are not looking to see whether an email is truly valid or can make its way to the intended destination, but merely whether it fits what an email should look like. Additional tests such as testing the domain's MX or DNS mail records could extend this functionality to improve the likelihood of a user entering a valid email.
6. In the next step, we test two domain names—one without the @ symbol (invalid) and one with the @ symbol (valid). Feel free to try several combinations.
7. Validating an IP address is always something that could be done with a regex, but for the purpose of easy-to-use tools that get the job done, read and simple tests using test (and evaluations) will work just fine. In its basic form, an IP address consists of four octets (or in layman terms, four values separated by a period). Without exploring what a truly valid IP address is, normally a valid octet is between 0 and 255 (never more and never less). IP addresses can have various categories and classes called subnets.
8. In our examples, we know that an IP address containing alphabetic characters is not a valid IP address (excluding the periods), and that the values range between 0 and 255 per octet. 192.168.0.x (or 192.168.1.x) is an IP subnet many people see on their home routers.