Filippo Valsorda
4d318be195
[update] fix (unexploitable) BB'06 vulnerability in rsa_verify
...
The rsa_verify code was vulnerable to a BB'06 attack, allowing to forge
signatures for arbitrary messages if and only if the public key exponent is
3. Since the updates key is hardcoded to 65537, there is no risk for
youtube-dl, but I don't want vulnerable code in the wild.
The new function adopts a way safer approach of encoding-and-comparing to
replace the dangerous parsing code.
9 years ago
Jaime Marquínez Ferrándiz
e37afbe0b8
[YoutubeDL] urlopen: disable the 'file:' protocol ( #8227 )
...
If someone is running youtube-dl on a server to deliver files, the user could input 'file:///some/important/file' and youtube-dl would save that file as a video giving access to sensitive information to the user.
'file:' urls can be filtered, but the user can use an URL to a crafted m3u8 manifest like:
#EXTM3U
#EXT-X-MEDIA-SEQUENCE:0
#EXTINF:10.0
file:///etc/passwd
#EXT-X-ENDLIST
With this patch 'file:' URLs raise URLError like for unknown protocols.
9 years ago
Jakub Wilk
dfb1b1468c
Fix typos
...
Closes #8200 .
9 years ago
remitamine
f11d00fa41
[test_subtitles] remove BlipTV test
9 years ago
Sergey M․
6b77d52b1f
[test_utils] Add tests for encode_compat_str
9 years ago
Yen Chi Hsuan
db2fe38b55
[utils] Support alternative timestamp format in TTML
...
Fixes #7608
9 years ago
Yen Chi Hsuan
d631d5f9f2
[utils] Fix TTML conversion
...
Tolerate invalid timestamps (closes #7909 )
9 years ago
Sergey M․
31b2051e21
[utils] Add remove_quotes
9 years ago
Jaime Marquínez Ferrándiz
47f48f5d85
[test/test_all_urls] Update pbs extractor name
...
It's in lowercase now (since e15e2ef7a0
).
9 years ago
Sergey M․
9cb9a5df77
[utils] Check ext with trailing slash against the list of known extensions
9 years ago
Sergey M․
5035536e3f
[test_utils] Add tests for determine_ext
9 years ago
Sergey M․
7aefc49c40
[utils] Skip invalid/non HTML entities ( Closes #7518 )
9 years ago
Yen Chi Hsuan
ff29bf81f8
[jsinterp] Support alternative function definition form
9 years ago
Yen Chi Hsuan
66d041f250
[test/subtitles] Add test for DemocracynowIE
9 years ago
Jaime Marquínez Ferrándiz
6a75040278
[utils] unified_strdate: Return None if the date format can't be recognized ( fixes #7340 )
...
This issue was introduced with ae12bc3ebb
, it returned 'None'.
9 years ago
Sergey M
30eecc6a04
Merge pull request #7296 from jaimeMF/xml_attrib_unicode
...
Use a wrapper around xml.etree.ElementTree.fromstring in python 2.x (…
9 years ago
Sergey M․
578c074575
[utils] Support list of xpath in xpath_element
9 years ago
Sergey M․
52c3a6e49d
[utils] Improve parse_iso8601
9 years ago
Jaime Marquínez Ferrándiz
f78546272c
[compat] compat_etree_fromstring: also decode the text attribute
...
Deletes parse_xml from utils, because it also does it.
9 years ago
Jaime Marquínez Ferrándiz
387db16a78
[compat] compat_etree_fromstring: only decode bytes objects
9 years ago
Jaime Marquínez Ferrándiz
36e6f62cd0
Use a wrapper around xml.etree.ElementTree.fromstring in python 2.x ( #7178 )
...
Attributes aren't unicode objects, so they couldn't be directly used in info_dict fields (for example '--write-description' doesn't work with bytes).
9 years ago
Jaime Marquínez Ferrándiz
65d49afa48
[test/test_download] Use extract_flat = 'in_playlist' for playlist items
...
Some playlist extractors return a 'url' result, which wouldn't be resolved.
9 years ago
Sergey M․
d01949dc89
[utils:js_to_json] Fix bad escape in double quoted strings
9 years ago
Sergey M․
448ef1f31c
[extractor/common] Allow angle brackets in attributes in _og_regexes ( #7215 )
9 years ago
Sergey M․
8e5b121948
[test_youtube_lists] Add test flat playlist entries' titles
9 years ago
Sergey M․
db0a8ad979
[test_InfoExtractor] Add test for unquoted attribute
9 years ago
Sergey M․
1c29e81e62
[test_InfoExtractor] Add test for 7a6d76a64d
9 years ago
Jaime Marquínez Ferrándiz
7d0ada5ff9
[test/helper] Fix style
...
Use the correct indentation to please flake8
9 years ago
Sergey M․
f88f1b40ce
[test/helper] Clarify field for list length mismatch
9 years ago
Sergey M․
386a7b52d5
[test/helper] Spelling
9 years ago
Sergey M․
2e885de796
[test/helper] Formatting
9 years ago
Qijiang Fan
687c04cbb8
[test] use descriptive variable name
9 years ago
Qijiang Fan
40c931de4b
[test] split expect_dict to two functions
9 years ago
Qijiang Fan
93bc7ef165
[test] recursively check dict and list in expect_info_dict
...
This allows to use md5:, re:, etc within the str inside a list
or dict.
9 years ago
Sergey M․
c6aa838b51
[youtube:history] Enable exractor
9 years ago
Jaime Marquínez Ferrándiz
f005f96ea5
[youtube:history] Explain why it has disabled and skip test
9 years ago
remitamine
c67a055d16
[test/test_write_annotations] fix test filename
...
Closes #6781
9 years ago
Sergey M․
3513d41436
[test_compat] Fix typo
9 years ago
Sergey M․
ee087c79ad
[test_compat] Add test for compat_shlex_split
9 years ago
Sergey M․
f71264490c
[test_utils] Add tests for cli option converters
9 years ago
Sergey M․
87f70ab39d
[test_utils] Add more tests for xpath
9 years ago
Yen Chi Hsuan
f908b74fa3
[test/subtitles] Add test for ThePlatformFeedIE
9 years ago
Sergey M․
8e2b1be127
[test/helper] Make age_limit checkable field
9 years ago
Sergey M.
d5d7bdaeb5
Merge pull request #6428 from dstftw/improve-generic-smil-support
...
Improve generic SMIL support
9 years ago
Jaime Marquínez Ferrándiz
232541df44
[YoutubeDL] format spec: correctly handle dashes and other unused operators
...
'mp4-baseline-16x9' must be handled as a single string, but the '-' was treated as an operator.
9 years ago
Jaime Marquínez Ferrándiz
d96d604e53
YoutubeDL: format spec: don't accept a bare '/' ( #6124 )
9 years ago
Jaime Marquínez Ferrándiz
03950c90f7
Merge remote-tracking branch 'jaimemf/format_spec_groups' ( closes #6124 )
9 years ago
Sergey M․
645f814544
[test/helper] Allow dicts for mincount
9 years ago
Sergey M․
308cfe0ab3
[test_downloader] Respect --force-generic-extractor
9 years ago
Sergey M․
ee114368ad
[utils] Make value optional for find_xpath_attr
...
This allows selecting particular attributes by name but without specifying the value and similar to xpath syntax `[@attrib]`
9 years ago