From d0497dbccde992c5ab5365a39e4516058e0c940f Mon Sep 17 00:00:00 2001
From: David Farrell <davidnmfarrell@gmail.com>
Date: Tue, 1 Mar 2016 13:28:14 -0500
Subject: [PATCH] Taint mode blocks vulnerability

If filename is `ARG`, the while loop will call `open()` on every thing in `@ARG` creating a remote execution vulnerability. Enabling taint mode prevents this. See my [article](http://perltricks.com/article/netanel-rubins-perljam-circus/http://perltricks.com/article/netanel-rubins-perljam-circus/) for details.
Another way to fix would be to use the double diamond operator `<<$file>>` will not call `open()`. But it requires Perl 5.22.0 or higher, which most people won't have.
---
 examples/file_upload.cgi | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/examples/file_upload.cgi b/examples/file_upload.cgi
index b48d737e..54cbc511 100755
--- a/examples/file_upload.cgi
+++ b/examples/file_upload.cgi
@@ -1,4 +1,4 @@
-#!/usr/bin/env perl
+#!/usr/bin/env perl -T
 
 use strict;
 use warnings;