#!/usr/bin/perl -T

use strict;
use warnings;
use CGI;
use CGI::Carp qw(fatalsToBrowser carpout);

my $q = CGI->new();
my $untaint = $q->param('untaint');
my $f       = $q->param('filename');

print $q->header, $q->start_html;
if ( $f ) {
  $f = ( $f =~ m/([\w-]+)/ )[ 0 ] if $untaint;
  if ( $f ) {
    print "Creating $f<br>\n";
    {
      my $out;
      open $out, '>', "../TRASH/$f" and close $out
        or die "Failed to create $f: $!";
    }

    print "Unlinking $f<br>\n";
    unlink "../TRASH/$f";

    print $q->h3( 'ok' );
  }
  else {
    print $q->h3( 'Bad filename: ' . $q->param( 'filename' ) );
  }
}
else {
  print $q->h3( 'Missing filename' );
}

print $q->end_html;