#### #### sub uploadfile { use strict; # a good thing to do use File::Basename; my ($q, %user) = @_; # look through all five upload options and # save any uploaded files for (my $i=1; $i<=5; $i++) { my $file = $q->upload("file$i"); next unless $file; # find the filename and it's extension my ($filename, $type) = split '\.', basename($fh); # untaint the filename and extension $filename =~ s/[^A-Za-z0-9_-]//g; $type =~ s/[^A-Za-z0-9_-]//g; my $directory = $user{'site_id'}; # make a unique filename my $i = 0; while(-e "$directory/$filename$i.$type") { $i++; } # this won't write over anything else. my $newfilename = "$directory/$filename$i.$type"; # Write contents of uploaded file to $directory open(FILE, "> $newfilename") or die "$!\n"; { local $/=""; my $uploaded = <$filename>; print FILE $uploaded; } close FILE or die "$!"; } }