From 4e0f61f3f38476c34600f92960c074a0aeb1ded3 Mon Sep 17 00:00:00 2001 From: Pierre Rudloff Date: Wed, 13 Jan 2016 19:06:33 +0100 Subject: [PATCH] Escape shell commands --- classes/VideoDownload.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/classes/VideoDownload.php b/classes/VideoDownload.php index 3d18990..3944b8d 100644 --- a/classes/VideoDownload.php +++ b/classes/VideoDownload.php @@ -33,7 +33,7 @@ Class VideoDownload { $config = Config::getInstance(); exec( - $config->python.' '.$config->youtubedl.' --dump-user-agent', + escapeshellcmd($config->python).' '.escapeshellarg($config->youtubedl).' --dump-user-agent', $version ); return $version[0]; @@ -48,7 +48,7 @@ Class VideoDownload { $config = Config::getInstance(); exec( - $config->python.' '.$config->youtubedl.' --list-extractors', + escapeshellcmd($config->python).' '.escapeshellarg($config->youtubedl).' --list-extractors', $extractors ); return $extractors; @@ -65,7 +65,7 @@ Class VideoDownload static function getFilename($url, $format=null) { $config = Config::getInstance(); - $cmd=$config->python.' '.$config->youtubedl; + $cmd = escapeshellcmd($config->python).' '.escapeshellarg($config->youtubedl); if (isset($format)) { $cmd .= ' -f '.escapeshellarg($format); } @@ -88,7 +88,7 @@ Class VideoDownload static function getJSON($url, $format=null) { $config = Config::getInstance(); - $cmd=$config->python.' '.$config->youtubedl.' '.$config->params; + $cmd = escapeshellcmd($config->python.' '.escapeshellarg($config->youtubedl).' '.$config->params); if (isset($format)) { $cmd .= ' -f '.escapeshellarg($format); } @@ -114,7 +114,7 @@ Class VideoDownload static function getURL($url, $format=null) { $config = Config::getInstance(); - $cmd=$config->python.' '.$config->youtubedl.' '.$config->params; + $cmd = escapeshellcmd($config->python.' '.escapeshellarg($config->youtubedl).' '.$config->params); if (isset($format)) { $cmd .= ' -f '.escapeshellarg($format); }