# I may have missed this in the discussion list, and I did google about
# for it, so my apologies if I replicated other work.
# 
# Here is a patch to bloxsom.cgi that will fix the
# 
# "Insecure dependency in chdir while running setuid at .../File/Find.pm
# line 741,"
# 
# problem that ships with blosxom.  File::Find is being paranoid, which
# is a good thing.  We have to tell File::Find (from within blosxom)
# that everything is ok, and it can do the untainting for us.
# 
# Joe Landman <landman@scalableinformatics.com>

--- ../cgi-bin/blosxom.cgi      2005-03-13 10:04:10.886122555 -0500
+++ index.cgi   2005-03-13 10:42:08.375593683 -0500
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/bin/perl -T

  # Blosxom
  # Author: Rael Dornfest <rael@oreilly.com>
@@ -70,7 +70,7 @@

  use strict;
  use FileHandle;
-use File::Find;
+use File::Find ;
  use File::stat;
  use Time::localtime;
  use CGI qw/:standard :netscape/;
@@ -172,6 +172,7 @@
      find(
        sub {
          my $d;
+       $File::Find::untaint = 1;
          my $curr_depth = $File::Find::dir =~ tr[/][];
          return if $depth and $curr_depth > $depth;