On Wed, Apr 08, 2015 at 07:44:13PM +0200, wm4 wrote:
> On Wed, 8 Apr 2015 19:39:00 +0200
> Gilles Chanteperdrix <gilles.chanteperd...@xenomai.org> wrote:
>
> > On Wed, Apr 08, 2015 at 07:24:27PM +0200, wm4 wrote:
> > > > + snprintf(buffer, sizeof(buffer), "youtube-dl -f %s -g '%s'",
> > > > + yc->format, s->filename);
> >
> > Ok, missing single quotes here around the format.
> >
>
> Doesn't help. You can't fix it. You need to use something other than
> system() if you want it to be secure.
You can fix it, you can escape the quotes in the string or refuse a
string that contains single quotes, but as I said, this starts being
cumbersome.
--
Gilles.
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
