diff --git a/features/file-upload.xml b/features/file-upload.xml
index ab8e49c8ab..2909edcf1f 100644
--- a/features/file-upload.xml
+++ b/features/file-upload.xml
@@ -74,7 +74,23 @@ Send this file: &lt;INPUT NAME=&quot;userfile&quot; TYPE=&quot;file&quot;&gt;
     directory.  This can be changed by setting the environment variable
     <envar>TMPDIR</envar> in the environment in which PHP runs.  Setting
     it using <function>putenv</function> from within a PHP script will
-    not work.
+    not work. This environment variable can also be used to make sure
+    that other operations are working on uploaded files, as well.
+    <example>
+     <title>Validating file uploads.</title>
+     <programlisting>
+&lt?
+$validtmpdir = get_cfg_var("upload_tmp_dir"); 
+/* make sure you're using an uploaded file */
+if (strstr ("$validtmpdir", "$userfile") != 0){
+	copy ("$userfile" "/place/to/put/uploaded/file");
+	} else {
+	echo "Not an uploaded file!";
+	exit;
+	}
+?>
+     </programlisting>
+    </example>
    </simpara>
    <simpara>
     The PHP script which receives the uploaded file should implement
@@ -100,6 +116,10 @@ Send this file: &lt;INPUT NAME=&quot;userfile&quot; TYPE=&quot;file&quot;&gt;
     or the corresponding php3_upload_max_filesize Apache .conf directive. 
     The default is 2 Megabytes.
    </simpara>
+   <simpara>
+    Not validating which file you operate on may mean that users can access
+    sensitive information in other directories.
+   </simpara>
    <simpara>
     Please note that the CERN httpd seems to strip off everything
     starting at the first whitespace in the content-type mime header
