s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;

##</code><code>##

use strict;
use warnings 'all';


my $data = "d:\\test%00two";

print $data,"\n";

$data =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;

print $data,"\n";

my $bob;
open FILE, "<$data" or die "Cannot open $data: $!\n";
{
	local $/;
	$bob = <FILE>;
}
close FILE;

print $bob;

##</code><code>##

Problems:

1) Does not use strict 
2) Does not use warnings
3) Does not use taint
4) Does not use the standard CGI module
5) A patch to Matts script version 1.6 - seeing as its now at 
   version 1.92 why not patch that?
6) Sendmail is called by -t and not by -oi -t
7) No attempt made at checking data length of posted data and
   thus preventing posts of arbitrary size
8) No attempt at checking the content type of the post thus
   allowing multi-part form data and thus arbitrary length uploads
9) No attempt at stopping uploads
10) The programmatic environment is not cleaned up, ie things not
    relating directly to the execution of the program are not 
	deleted (i.e. IFS CDPATH ENV BASH_ENV)
11) Makes use of arbitrarily declared globals in and out of routines
    and doesn't even use 'use vars'.
12) No error trapping on the sending of the email (or in the program
    at all). For example, using Carp or even 'local $SIG{__DIE__}'
13) Does not allow for mailing list references within a form and thus
    hiding all emails within the web page and prevent spam harvesting.
14) Appears to suffer from the poison null byte issue.