mirror of
https://github.com/yt-dlp/yt-dlp.git
synced 2024-11-21 20:46:36 -05:00
e37afbe0b8
If someone is running youtube-dl on a server to deliver files, the user could input 'file:///some/important/file' and youtube-dl would save that file as a video giving access to sensitive information to the user. 'file:' urls can be filtered, but the user can use an URL to a crafted m3u8 manifest like: #EXTM3U #EXT-X-MEDIA-SEQUENCE:0 #EXTINF:10.0 file:///etc/passwd #EXT-X-ENDLIST With this patch 'file:' URLs raise URLError like for unknown protocols. |
||
---|---|---|
.. | ||
swftests | ||
__init__.py | ||
helper.py | ||
parameters.json | ||
test_aes.py | ||
test_age_restriction.py | ||
test_all_urls.py | ||
test_cache.py | ||
test_compat.py | ||
test_download.py | ||
test_execution.py | ||
test_http.py | ||
test_InfoExtractor.py | ||
test_jsinterp.py | ||
test_netrc.py | ||
test_postprocessors.py | ||
test_subtitles.py | ||
test_swfinterp.py | ||
test_unicode_literals.py | ||
test_utils.py | ||
test_write_annotations.py | ||
test_youtube_lists.py | ||
test_youtube_signature.py | ||
test_YoutubeDL.py | ||
testcert.pem |