#!/usr/bin/perl -T
use warnings;
use strict;
use CGI qw/param header/;
use Fcntl qw/:flock :seek/;

my $COMMENTFILE = '/path/to/comments.txt'; # absolute pathname

if ( length param('newCOMMENT') ) {
	# untaint form input with strict regexes
	my ($event) = param('event') =~ /\A(\w+)\z/
		or die "bad event";
	my ($comment) = param('newCOMMENT') =~ /\A([\w\h]+)\z/
		or die "bad comment";
	# we use "---" as a marker below, so strip that out
	$comment=~s/^---//gm;
	
	open my $fh, '>>', $COMMENTFILE or die "$COMMENTFILE: $!";
	# lock the file
	flock($fh, LOCK_EX) or die "flock $COMMENTFILE: $!";
	# in case someone else has written to the file in the meantime
	seek($fh, 0, SEEK_END) or die "seek $COMMENTFILE: $!";
	# I've just picked a format for the flat file
	print $fh "--- ",time," ",$event,"\n";
	# we know $comment doesn't contain "---" because of the regex
	print $fh $comment,"\n";
	
	flock($fh, LOCK_UN) or die "un-flock $COMMENTFILE: $!";
	close $fh;
}

print header('text/plain');
print "Hello, World\n";