my $cgi = new CGI;
my $file = $cgi->upload( 'uploadfile' );
my $info = $cgi->uploadInfo( $file );

# error checking deleted for brevity.

# Cut the user's path from the file name.  We don't care where 
# they stored it and it prevents most funky browser behavior.

fileparse_set_fstype( "MSWin32" ); # normally risky; "okay" here [1]
my ( $name ) = fileparse( $file );

# more stuff deleted, including validations and user feedback.

my $msg = MIME::Lite->new(
      Type       => 'multipart/mixed',
      From       => $cfg{ "MSGFROM" },   # [2]
      To         => $cfg( "MSGTO" },
      Subject    => $cfg( "MSGSUBJECT" }
   );

$msg->attach(
      Disposition = 'attachment',
      Type        = $info->{ "Content-Type" },
      Encoding    = 'base64';
      Filename    = $name;
      FH          = $file;
   );

# The rest deleted