Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Part of URL executed as command after download from zdf.de #5221

Closed
pianoslum opened this issue Mar 16, 2015 · 2 comments
Closed

Part of URL executed as command after download from zdf.de #5221

pianoslum opened this issue Mar 16, 2015 · 2 comments

Comments

@pianoslum
Copy link

@pianoslum pianoslum commented Mar 16, 2015

After (successfully) downloading a video from zdf.de, a part of the url is executed as a command right in the console (kua... in the picture). I think this could be really dangerous, if an attacker somehow manages to slip somebody a forged URL.

@yan12125
Copy link
Collaborator

@yan12125 yan12125 commented Mar 16, 2015

It's not youtube-dl's problem, but a shell trick. You need to enclose your URLs in double quotes or escape the special characters if they contain "?", "&", "=".

@pianoslum
Copy link
Author

@pianoslum pianoslum commented Mar 16, 2015

I am sorry for that - thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants
You can’t perform that action at this time.