mirror of
https://github.com/yt-dlp/yt-dlp
synced 2024-11-16 07:48:01 +01:00
ff07792676
The shell escape function now properly escapes `%`, `\\` and `\n`. `utils.Popen` as well as `%q` output template expansion have been patched accordingly. Prior to this fix using `--exec` together with `%q` when on Windows could cause remote code to execute. See https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-hjq6-52gw-2g7p for more details. Authored by: Grub4K |
||
---|---|---|
.. | ||
__init__.py | ||
bash-completion.in | ||
bash-completion.py | ||
changelog_override.json | ||
changelog_override.schema.json | ||
check-porn.py | ||
cli_to_api.py | ||
fish-completion.in | ||
fish-completion.py | ||
generate_aes_testdata.py | ||
install_deps.py | ||
lazy_load_template.py | ||
logo.ico | ||
make_changelog.py | ||
make_contributing.py | ||
make_issue_template.py | ||
make_lazy_extractors.py | ||
make_readme.py | ||
make_supportedsites.py | ||
prepare_manpage.py | ||
run_tests.bat | ||
run_tests.py | ||
run_tests.sh | ||
set-variant.py | ||
tomlparse.py | ||
update-version.py | ||
update_changelog.py | ||
utils.py | ||
zsh-completion.in | ||
zsh-completion.py |