#!/usr/bin/perl -w  
 
use strict;  
use CGI;  
use CGI::Carp qw ( fatalsToBrowser );  
use File::Basename;  

my $safe_filename_characters = "a-zA-Z0-9_.-";  
my $upload_dir = "/upfiles";  
 
my $query = new CGI;  

my $filename = $query->param("file");   
 
my ( $name, $path, $extension ) = fileparse ( $filename, '\..*' );  
$filename = $name . $extension;  
$filename =~ tr/ /_/;  
$filename =~ s/[^$safe_filename_characters]//g;  
 
if ( $filename =~ /^([$safe_filename_characters]+)$/ )  
{  
 $filename = $1;  
}  
else  
{  
 die "Filename contains invalid characters";  
}  
 
my $upload_filehandle = $query->upload("file");  
 
open ( UPLOADFILE, ">$upload_dir/$filename" ) or die "$!";   
 
while ( <$upload_filehandle> )  
{  
 print UPLOADFILE "$_";  
}  
 
close UPLOADFILE;  
 
##this is the only way to send msg back to the client
print "<script>parent.callback('upload file success')</script>";

exit;