my $file = $FORM{file};
$file =~ s{.*/}{}; # remove any path, this takes care of the ../.. security problem
$file =~ s/[^\w\-.]//g; # remove anything in the filename that isn't a word character, a dash, or a dot. This takes care of the `rm -rf /` type threats.
...