diff --git a/inc/constants.php b/inc/constants.php
index 7f570a9..301718f 100644
--- a/inc/constants.php
+++ b/inc/constants.php
@@ -8,6 +8,8 @@
  */
 declare(strict_types = 1);
 
+const CACHE_DIR_PERMS = 0775;
+
 const TL_FILE_DIRS = [
     __DIR__ . "/../l10n/musdb/",
     __DIR__ . "/../l10n/importer/",
diff --git a/public/index6.php b/public/index6.php
index 6a4134f..da6cb71 100644
--- a/public/index6.php
+++ b/public/index6.php
@@ -27,7 +27,7 @@ if (empty($filename = trim($_GET['fnam'], " ,./"))) {
 $csv_datei = MD_STD::realpath(__DIR__ . '/../csv/' . $filename);
 
 if (is_dir(__DIR__ . "/../xml")) rrmdir(__DIR__ . '/../xml');
-mkdir(__DIR__ . "/../xml", 0755);
+mkdir(__DIR__ . "/../xml", CACHE_DIR_PERMS);
 
 if (!($fp = fopen($csv_datei, 'r'))) {
     throw new MDmainEntityNotExistentException("Failed opening file");
diff --git a/public/upload.php b/public/upload.php
index eedb021..2a8c88e 100644
--- a/public/upload.php
+++ b/public/upload.php
@@ -2,8 +2,14 @@
 declare(strict_types = 1);
 require_once __DIR__ . "/../functions/functions.php";
 
-$target = __DIR__ . "/../csv/" . basename($_FILES['uploaded']['name']);
+if (empty($_FILES)) {
+    throw new MDFileDoesNotExist("No file uploaded");
+}
+
 $targetpart = basename($_FILES['uploaded']['name']);
+$target = __DIR__ . "/../csv/" . $targetpart;
+
+// TODO: File name needs to be sanitized, or tmp name used
 
 if (session_status() != PHP_SESSION_ACTIVE) {
     session_start();
@@ -14,7 +20,7 @@ if (validateAntiCsrfToken() === false) {
 }
 
 //This is our size condition
-if ($uploaded_size > 40000000) {
+if ($_FILES['uploaded']['size'] > 40000000) {
     echo "Your file is too large.<br>";
     return;
 }