#!/usr/bin/perl -w
use strict;
use CGI;
use CGI::Carp qw(fatalsToBrowser);
$|=1; # Don't buffer the output
my $buffer;
#print out the correct content-type
print "Content-type: text/html\n\n"; 
# start with nice html-tags
print "<html><body>";
# new CGI object 
my $req = CGI->new; 
#retrieve the value of the selected filename
my $filename = $req->param("filename"); 
# get only the filename (not the entire path) 
# and if it doesn't match, give $localfilename a silly value
my $localfilename = $filename =~ m/([^\Q$CGI::SL\E]+)$/ ? $1 : "ASillyValue"; 
# print out $localfilename to see if it has the correct value
print "$localfilename<br>\n";
# open $localfilename for output (and here it fails, 
# with the $localfilename as an empty string)
open(FILE, ">$localfilename") 
		|| print "Could not open $localfilename for output: $!<br>\n";
#
# Left the upload part out here...
#
close(FILE);
print "File saved as $localfilename (original filename=$filename)<br>\n";
print "</body></html>\n";