my $size = -s "output/$pdf_filename";
+(my $sanitized_outname = $outname) =~ tr/a-zA-Z0-9. -/_/c;
+
print "Content-type: application/pdf\n";
-print "Content-disposition: attachment; filename=\"$outname\"\n"; # FIXME: XSS problems?
+print "Content-disposition: attachment; filename=\"$sanitized_outname\"\n";
print "Content-length: $size\n\n";
system("cat output/$pdf_filename"); # yuck?