On Wed, 8 Apr 2015 19:51:12 +0200 Gilles Chanteperdrix <gilles.chanteperd...@xenomai.org> wrote:
> On Wed, Apr 08, 2015 at 07:44:13PM +0200, wm4 wrote: > > On Wed, 8 Apr 2015 19:39:00 +0200 > > Gilles Chanteperdrix <gilles.chanteperd...@xenomai.org> wrote: > > > > > On Wed, Apr 08, 2015 at 07:24:27PM +0200, wm4 wrote: > > > > > + snprintf(buffer, sizeof(buffer), "youtube-dl -f %s -g > > > > > '%s'", > > > > > + yc->format, s->filename); > > > > > > Ok, missing single quotes here around the format. > > > > > > > Doesn't help. You can't fix it. You need to use something other than > > system() if you want it to be secure. > > You can fix it, you can escape the quotes in the string or refuse a > string that contains single quotes, but as I said, this starts being > cumbersome. > why not machine translate the python to c and import that into ffmpeg? :P https://github.com/pradyun/Py2C -compn _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
