On Sun, Jul 20, 2014 at 8:53 PM, Jan Ehrhardt <[email protected]> wrote: > Reindl Harald in gmane.comp.video.ffmpeg.user (Sun, 20 Jul 2014 22:45:26 > +0200): >>such OS calls are typically done via cronjobs and very >>restricted CLI calls and not directly running in the >>webservers context at all > > My users need instant feedback on what is in a videofile. Besides that: > they are running php-ffmpeg on systems, where I cannot invoke cronjobs. >
Shell'ing to run ffprobe gets you the same data; using software with known exploits is much more insecure than making sure you correctly escape filenames. It's insane to knowingly use software that if you give it the right file, *will* allow arbitrary code execution. Cheers Tom _______________________________________________ ffmpeg-user mailing list [email protected] http://ffmpeg.org/mailman/listinfo/ffmpeg-user
