Javascript file upload plugin with progress bar support. Works in all major browsers, including IE7+, Chrome, Firefox, Safari, and Opera. No dependencies - use it with or without jQuery.
A malicious user is able to save the file outside the upload directory simple by changing the X-File-Name header to something like this: ../../test.txt
A malicious user is able to save the file outside the upload directory simple by changing the X-File-Name header to something like this: ../../test.txt