use CGI qw/:standard/;
my $UploadDir = $TEMP_DIR;
$CGI::POST_MAX=1024 * $MaxSize;

my ($filename) = param('attachment') || "undefined";

my $serverFile = $UploadDir . "/" .
(split(/[\\\/]/, param('attachment')))[-1];

# Datei umbenennen mit Zufallszahl
$RandomID = sprintf("%d%d",time,rand(999999));
$serverFile =~ s-(.*?)\.(.*?)-$RandomID.Ū-g;

my $tempfile = "$UploadDir/$serverFile";

# Testen ob die Extension erlaubt ist.
$Extensions = '.gif .GIF .jpg .JPG .pdf .PDF .png .PNG .zip .ZIP';
# In der folgenden Zeile steckt wohl der Fehler...
if (grep($serverFile,$Extensions,(split/\./,$_))) {&program_error("The extension of the file is not valid.");}

if (-e $tempfile) {&program_error("File is already existing. $!");}

else
{
my $buffer;
open (FILE,">$tempfile");
#binmode(FILE); # Windows OS hack
#binmode $filename; # Windows OS hack
while (my $bytesread=read($filename,$buffer,1024)) {print FILE $buffer;}
close (FILE);
}

chmod (0744, "$tempfile");

# Nur zum Test
print "Content-type:text/html

";
print "Upload succeed.
";
exit;