Some other considerations:
I also know to make sure the uploaded text file has no execute permissions.
If there is no need for an uploaded file to be exposed directly to webusers then store the file
outside the web server document tree. This limits accidental disclosure via or execution by a web browser.
On the file size you may also want to set a quota on the amount of bytes used by all uploaded files in total. What happens if say five sessions upload data concurrently? Do they end up in different files? Or do you remove the files after having processed them?
If the filename is not decided server side then precautions need to be made to ensure that the user cannot overwrite any existing (system) files inside or outside the document tree, e.g. by stating the filesname as './../../somename'