mirror of
https://github.com/yt-dlp/yt-dlp.git
synced 2024-11-27 10:31:29 +00:00
ff07792676
The shell escape function now properly escapes `%`, `\\` and `\n`. `utils.Popen` as well as `%q` output template expansion have been patched accordingly. Prior to this fix using `--exec` together with `%q` when on Windows could cause remote code to execute. See https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-hjq6-52gw-2g7p for more details. Authored by: Grub4K |
||
---|---|---|
.. | ||
urllib | ||
__init__.py | ||
_deprecated.py | ||
_legacy.py | ||
compat_utils.py | ||
functools.py | ||
imghdr.py | ||
shutil.py | ||
types.py |