vlc | branch: master | Rémi Denis-Courmont <[email protected]> | Sun Mar 31 10:42:18 2019 +0300| [1b866c53c29be6ce20db6b02e7093e13031b58a5] | committer: Rémi Denis-Courmont
Revert "Input options inheritance for playlists" Blindly inheriting options from a playlist to the playlist items leads to several variants of the same vulnerability, whereby an option intended solely for the playlist is wrongly given to the items: 1) Unsafe options. 2) Options conveying private data such as credentials. As an example, consider the case of a playlist served over HTTP and protected by username/password. The HTTP credentials must not be passed to playlist items, which may well be in a different HTTP domain. (Instead, the VLC key store should be used and do the right thing.) This reverts commit 4db1802cf69e67756798b50c54b4030d11de11ee. > http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=1b866c53c29be6ce20db6b02e7093e13031b58a5 --- modules/demux/playlist/m3u.c | 2 -- modules/demux/playlist/pls.c | 2 -- 2 files changed, 4 deletions(-) diff --git a/modules/demux/playlist/m3u.c b/modules/demux/playlist/m3u.c index f4da7d93bd..a0a407ad23 100644 --- a/modules/demux/playlist/m3u.c +++ b/modules/demux/playlist/m3u.c @@ -311,8 +311,6 @@ static int ReadDir( stream_t *p_demux, input_item_node_t *p_subitems ) if( !p_input ) goto error; input_item_AddOptions( p_input, i_options, ppsz_options, 0 ); - if ( p_current_input ) - input_item_CopyOptions( p_input, p_current_input ); if( !EMPTY_STR(psz_artist) ) input_item_SetArtist( p_input, psz_artist ); diff --git a/modules/demux/playlist/pls.c b/modules/demux/playlist/pls.c index 0f44c28463..87c367b62a 100644 --- a/modules/demux/playlist/pls.c +++ b/modules/demux/playlist/pls.c @@ -142,7 +142,6 @@ static int ReadDir( stream_t *p_demux, input_item_node_t *p_subitems ) if( psz_mrl ) { p_input = input_item_New( psz_mrl, psz_name ); - input_item_CopyOptions( p_input, p_current_input ); input_item_node_AppendItem( p_subitems, p_input ); input_item_Release( p_input ); free( psz_mrl_orig ); @@ -180,7 +179,6 @@ static int ReadDir( stream_t *p_demux, input_item_node_t *p_subitems ) if( psz_mrl ) { p_input = input_item_New( psz_mrl, psz_name ); - input_item_CopyOptions( p_input, p_current_input ); input_item_node_AppendItem( p_subitems, p_input ); input_item_Release( p_input ); free( psz_mrl_orig ); _______________________________________________ vlc-commits mailing list [email protected] https://mailman.videolan.org/listinfo/vlc-commits
