-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix security risk #1285
Fix security risk #1285
Conversation
Also - print both out and err when ffmpeg fails - use create_subprocess_exec and pass arguments
Escaping filenames in |
Publish v3.6.0 * ignore .cache and other hidden files (#1274) * Bump minimal required python version to 3.6.1 (#1278) * Remove FFmpeg normalization causing "quiet" songs. (#1276) * Saved Songs Download and User Authentication (#1240) * regenerate cassettes (#1290) * Use ffmpeg_path to check for version (#1289) * Skip already downloaded songs before doing youtube search (#1287) * Fix security risk (#1285) * Song matching improvements (#1279) * Artist songs fixes (#1284) * More output formats (#1244) * Bump version number to 3.6.0 * Update .gitignore to remove duplicate cache * docs update (#1293) Co-authored-by: Silverarmor <23619946+Silverarmor@users.noreply.github.com> Co-authored-by: Jakub Kot <42355410+xnetcat@users.noreply.github.com> Co-authored-by: Peyton Creery <44987569+phcreery@users.noreply.github.com> Co-authored-by: AZMCode <adrianozambrana@protonmail.com> Co-authored-by: Aiden Gardner <19619206+aiden2480@users.noreply.github.com> Co-authored-by: Oliver Blanthorn <freedom4cows@gmail.com> Co-authored-by: Andrzej Klajnert <github@aklajnert.pl>
Title
Fix security risk
Description
create_subprocess_shell is a security risk
Related Issue
#1237
Motivation and Context
shlex.quote
wasn't working properly so I've decided to use create_subprocess_execHow Has This Been Tested?
tests
Types of Changes
Checklist