Stop what your're doing and think for a moment why taint mode would object to your use of $upload_dir or $file. Are those coming from user input? Why would accepting file paths from the user, and using two-arg open be considered high risk behavior? Until you've answered those questions, you shouldn't blindly untaint them.