#!/usr/bin/perl -w

use strict;
use CGI;
use CGI::Carp qw ( fatalsToBrowser );
use File::Basename;

$CGI::POST_MAX = 1024 * 5000;
my $safe_filename_characters = "a-zA-Z0-9_.-";
my $upload_dir = "/var/www/example.com/htdocs/upload";

my $q = new CGI;

my $filename = $q->param("filename");
my $cat = $q->param("cat");

if ( !$filename )
{
    saysOutput("No file selected");
    exit;
}

my ( $name, $path, $extension ) = fileparse ( $filename, '..*' );
$filename = $name . $extension;
$filename =~ tr/ /_/;
$filename =~ s/[^$safe_filename_characters]//g;

if ( $filename =~ /^([$safe_filename_characters]+)$/ )
{
    $filename = $1;
}
else
{
    saysOutput("yikes");
    exit;
}

my $out = "";

my $upload_filehandle = $q->upload("filename");

open ( UPLOADFILE, ">$upload_dir/$filename" ) or die "$!";
binmode UPLOADFILE;

my $stat = ".";

while ( <$upload_filehandle> )
{
    print UPLOADFILE;
}

close UPLOADFILE;

# My function which handles all printing to the web browser 
saysOutput($stat);