This is a known appropriate restriction of
File::Find for 5.5.3, and unlikely to be changed no matter how many times you report it, because it
needs to be tainted
since the value is untrusted.
The new versions of File::Find include a user-controllable "I trust this"
parameter for managed untainting, but you use these at your own risk:
`untaint'
If find is used in taint-mode (-T command line switch or if EUI
+D !=
UID or if EGID != GID) then internally directory names have to
+be
untainted before they can be cd'ed to. Therefore they are check
+ed
against a regular expression *untaint_pattern*. Note, that all
+names
passed to the user's *wanted()* function are still tainted.
`untaint_pattern'
See above. This should be set using the `qr' quoting operator.
+The
default is set to `qr|^([-+@\w./]+)$|'. Note that the paranthes
+is
which are vital.
`untaint_skip'
If set, directories (subtrees) which fail the *untaint_pattern*
+ are
skipped. The default is to 'die' in such a case.
-- Randal L. Schwartz, Perl hacker