Filippo Valsorda
4d318be195
[update] fix (unexploitable) BB'06 vulnerability in rsa_verify
...
The rsa_verify code was vulnerable to a BB'06 attack, allowing to forge
signatures for arbitrary messages if and only if the public key exponent is
3. Since the updates key is hardcoded to 65537, there is no risk for
youtube-dl, but I don't want vulnerable code in the wild.
The new function adopts a way safer approach of encoding-and-comparing to
replace the dangerous parsing code.
2016-01-21 20:12:17 +00:00
Jaime Marquínez Ferrándiz
e37afbe0b8
[YoutubeDL] urlopen: disable the 'file:' protocol ( #8227 )
...
If someone is running youtube-dl on a server to deliver files, the user could input 'file:///some/important/file' and youtube-dl would save that file as a video giving access to sensitive information to the user.
'file:' urls can be filtered, but the user can use an URL to a crafted m3u8 manifest like:
#EXTM3U
#EXT-X-MEDIA-SEQUENCE:0
#EXTINF:10.0
file:///etc/passwd
#EXT-X-ENDLIST
With this patch 'file:' URLs raise URLError like for unknown protocols.
2016-01-14 00:24:04 +01:00
Jakub Wilk
dfb1b1468c
Fix typos
...
Closes #8200 .
2016-01-10 17:24:28 +01:00
remitamine
f11d00fa41
[test_subtitles] remove BlipTV test
2015-12-21 16:52:47 +01:00
Sergey M․
6b77d52b1f
[test_utils] Add tests for encode_compat_str
2015-12-20 07:07:14 +06:00
Yen Chi Hsuan
db2fe38b55
[utils] Support alternative timestamp format in TTML
...
Fixes #7608
2015-12-19 19:29:51 +08:00
Yen Chi Hsuan
d631d5f9f2
[utils] Fix TTML conversion
...
Tolerate invalid timestamps (closes #7909 )
2015-12-19 18:21:42 +08:00
Sergey M․
31b2051e21
[utils] Add remove_quotes
2015-12-14 21:30:58 +06:00
Jaime Marquínez Ferrándiz
47f48f5d85
[test/test_all_urls] Update pbs extractor name
...
It's in lowercase now (since e15e2ef7a0
).
2015-12-08 21:12:13 +01:00
Sergey M․
9cb9a5df77
[utils] Check ext with trailing slash against the list of known extensions
2015-11-22 17:27:13 +06:00
Sergey M․
5035536e3f
[test_utils] Add tests for determine_ext
2015-11-22 06:33:52 +06:00
Sergey M․
7aefc49c40
[utils] Skip invalid/non HTML entities ( Closes #7518 )
2015-11-16 20:20:16 +06:00
Yen Chi Hsuan
ff29bf81f8
[jsinterp] Support alternative function definition form
2015-11-10 12:54:02 +08:00
Yen Chi Hsuan
66d041f250
[test/subtitles] Add test for DemocracynowIE
2015-11-04 00:53:30 +08:00
Jaime Marquínez Ferrándiz
6a75040278
[utils] unified_strdate: Return None if the date format can't be recognized ( fixes #7340 )
...
This issue was introduced with ae12bc3ebb
, it returned 'None'.
2015-11-02 14:08:38 +01:00
Sergey M
30eecc6a04
Merge pull request #7296 from jaimeMF/xml_attrib_unicode
...
Use a wrapper around xml.etree.ElementTree.fromstring in python 2.x (…
2015-10-31 18:15:21 +00:00
Sergey M․
578c074575
[utils] Support list of xpath in xpath_element
2015-10-31 22:39:44 +06:00
Sergey M․
52c3a6e49d
[utils] Improve parse_iso8601
2015-10-28 21:40:22 +06:00
Jaime Marquínez Ferrándiz
f78546272c
[compat] compat_etree_fromstring: also decode the text attribute
...
Deletes parse_xml from utils, because it also does it.
2015-10-26 16:41:24 +01:00
Jaime Marquínez Ferrándiz
387db16a78
[compat] compat_etree_fromstring: only decode bytes objects
2015-10-25 20:30:54 +01:00
Jaime Marquínez Ferrándiz
36e6f62cd0
Use a wrapper around xml.etree.ElementTree.fromstring in python 2.x ( #7178 )
...
Attributes aren't unicode objects, so they couldn't be directly used in info_dict fields (for example '--write-description' doesn't work with bytes).
2015-10-25 20:13:16 +01:00
Jaime Marquínez Ferrándiz
65d49afa48
[test/test_download] Use extract_flat = 'in_playlist' for playlist items
...
Some playlist extractors return a 'url' result, which wouldn't be resolved.
2015-10-23 14:12:46 +02:00
Sergey M․
d01949dc89
[utils:js_to_json] Fix bad escape in double quoted strings
2015-10-20 23:09:51 +06:00
Sergey M․
448ef1f31c
[extractor/common] Allow angle brackets in attributes in _og_regexes ( #7215 )
2015-10-18 09:11:02 +06:00
Sergey M․
8e5b121948
[test_youtube_lists] Add test flat playlist entries' titles
2015-10-18 00:27:06 +06:00
Sergey M․
db0a8ad979
[test_InfoExtractor] Add test for unquoted attribute
2015-10-14 21:11:06 +06:00
Sergey M․
1c29e81e62
[test_InfoExtractor] Add test for 7a6d76a64d
2015-10-14 20:58:52 +06:00
Jaime Marquínez Ferrándiz
7d0ada5ff9
[test/helper] Fix style
...
Use the correct indentation to please flake8
2015-10-02 13:42:11 +02:00
Sergey M․
f88f1b40ce
[test/helper] Clarify field for list length mismatch
2015-09-30 20:33:59 +06:00
Sergey M․
386a7b52d5
[test/helper] Spelling
2015-09-30 20:33:51 +06:00
Sergey M․
2e885de796
[test/helper] Formatting
2015-09-30 20:33:45 +06:00
Qijiang Fan
687c04cbb8
[test] use descriptive variable name
2015-09-30 20:33:35 +06:00
Qijiang Fan
40c931de4b
[test] split expect_dict to two functions
2015-09-30 20:33:30 +06:00
Qijiang Fan
93bc7ef165
[test] recursively check dict and list in expect_info_dict
...
This allows to use md5:, re:, etc within the str inside a list
or dict.
2015-09-30 20:33:20 +06:00
Sergey M․
c6aa838b51
[youtube:history] Enable exractor
2015-09-21 21:28:02 +06:00
Jaime Marquínez Ferrándiz
f005f96ea5
[youtube:history] Explain why it has disabled and skip test
2015-09-20 12:23:13 +02:00
remitamine
c67a055d16
[test/test_write_annotations] fix test filename
...
Closes #6781
2015-09-07 11:18:55 +02:00
Sergey M․
3513d41436
[test_compat] Fix typo
2015-09-05 21:45:52 +06:00
Sergey M․
ee087c79ad
[test_compat] Add test for compat_shlex_split
2015-09-05 21:41:34 +06:00
Sergey M․
f71264490c
[test_utils] Add tests for cli option converters
2015-09-05 03:07:19 +06:00
Sergey M․
87f70ab39d
[test_utils] Add more tests for xpath
2015-09-05 00:36:16 +06:00
Yen Chi Hsuan
f908b74fa3
[test/subtitles] Add test for ThePlatformFeedIE
2015-08-21 01:38:57 +08:00
Sergey M․
8e2b1be127
[test/helper] Make age_limit checkable field
2015-08-08 21:42:50 +06:00
Sergey M.
d5d7bdaeb5
Merge pull request #6428 from dstftw/improve-generic-smil-support
...
Improve generic SMIL support
2015-08-08 05:47:33 +06:00
Jaime Marquínez Ferrándiz
232541df44
[YoutubeDL] format spec: correctly handle dashes and other unused operators
...
'mp4-baseline-16x9' must be handled as a single string, but the '-' was treated as an operator.
2015-08-04 22:29:23 +02:00
Jaime Marquínez Ferrándiz
d96d604e53
YoutubeDL: format spec: don't accept a bare '/' ( #6124 )
2015-08-03 23:04:11 +02:00
Jaime Marquínez Ferrándiz
03950c90f7
Merge remote-tracking branch 'jaimemf/format_spec_groups' ( closes #6124 )
2015-08-03 15:22:51 +02:00
Sergey M․
645f814544
[test/helper] Allow dicts for mincount
2015-08-02 01:15:33 +06:00
Sergey M․
308cfe0ab3
[test_downloader] Respect --force-generic-extractor
2015-08-02 01:14:41 +06:00
Sergey M․
ee114368ad
[utils] Make value optional for find_xpath_attr
...
This allows selecting particular attributes by name but without specifying the value and similar to xpath syntax `[@attrib]`
2015-08-01 20:22:13 +06:00