my $original_name = param('uploaded_file');
    my $fh = upload('uploaded_file');
    binmode $fh; # just to be sure

    # "Untaint" the original name:
    $original_name =~ s/[^\w.]/_/g;

    my $outname = File::Spec->catfile( $private_dir, $original_name );
    open my $outfile, '>', $outname
        or die "Couldn't create $outname: $!";

    local $/ = \4096; # blocksize
    while (<$fh>) {
          print $outfile $_;
    };

    warn "Uploaded a file into $outname";