mirror of
https://gitlab.com/dstftw/youtube-dl.git
synced 2020-11-16 09:42:26 +00:00
e37afbe0b8
If someone is running youtube-dl on a server to deliver files, the user could input 'file:///some/important/file' and youtube-dl would save that file as a video giving access to sensitive information to the user. 'file:' urls can be filtered, but the user can use an URL to a crafted m3u8 manifest like: #EXTM3U #EXT-X-MEDIA-SEQUENCE:0 #EXTINF:10.0 file:///etc/passwd #EXT-X-ENDLIST With this patch 'file:' URLs raise URLError like for unknown protocols. |
||
---|---|---|
.. | ||
downloader | ||
extractor | ||
postprocessor | ||
__init__.py | ||
__main__.py | ||
aes.py | ||
cache.py | ||
compat.py | ||
jsinterp.py | ||
options.py | ||
swfinterp.py | ||
update.py | ||
utils.py | ||
version.py | ||
YoutubeDL.py |