Are you talking about filenames with consecutive periods (../foo/bar.txt) or non-consecutive periods (foo.tar.gz)?
no i mean filenames with more than 1 dot.
a bit extreme example.
after modifying uploader, the filename is changed to wfd_<uniqid hash>--v_a_u_g_h_a_n.zip
then when the file is retrieved the filename is restored to just v_a_u_g_h_a_n.zip before it's sent to the browser, so the filename on the server is never known or can be seen by users, altho if you select the upload location outside of webroot, it's even securer.
with regards to $_FILES['name'];
the submit form uses $_FILES['userfile']['name'] & $_FILES['userfile']['type']
however if you think that is an insecure method, how could we get this done a different way without using $_FILES['userfile]['name']
i am not a fully competent php coder, i only know basics, but can follow the logic somewhat in most cases.
@gijoe, thanks for the clarification with the define value. could use this in the meantime, but if we can make the upload process more secure & better then that would be the ultimate goal.