Skip to content
This repository has been archived by the owner on Sep 7, 2021. It is now read-only.

Commit

Permalink
Fixed security issue
Browse files Browse the repository at this point in the history
  • Loading branch information
@p410n3
p410n3 committed Mar 28, 2018
1 parent a6492bf commit 52258a3
Showing 1 changed file with 18 additions and 5 deletions.
23 changes: 18 additions & 5 deletions ydl.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,6 @@
closedir($handle);
}


//Make an folder with md5(date()) to download the stuff there
$md5_date = md5(date("Y-m-d H:i:s"));
mkdir($md5_date);
Expand All @@ -55,11 +54,25 @@
}

//Prepare the command
$cmd = "youtube-dl " . escapeshellarg($_POST['url']) . " " . $fileFormat . " " . $additionalParams . " " .$expertOptions; //fileFormat does not need to be escaped, its no user input
//Inconsistent across PHP versions // webserver, switching to exec until I find a fix
//liveExec($cmd);
try {
$cmd = "youtube-dl" . " " .
escapeshellcmd ($_POST['url']) . " " .
$fileFormat . " " .
$additionalParams . " " .
escapeshellcmd ($expertOptions);

exec($cmd);

} catch (Exception $e) {
$cmd = "youtube-dl" . " " .
escapeshellcmd ($_POST['url']) . " " .
$fileFormat . " " .
$additionalParams;

exec($cmd);
}

exec($cmd);
//liveExec($cmd); //Inconsistent across PHP versions / webserver, switching to exec until I find a fix

//writes the log
$logFileName = "log.php";
Expand Down

0 comments on commit 52258a3

Please sign in to comment.