de015e9307
The shell escape function is now using `""` instead of `\"`. `utils.Popen` has been patched to properly quote commands. Prior to this fix using `--exec` together with `%q` when on Windows could cause remote code to execute. See https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-42h4-v29r-42qg for reference. Authored by: Grub4K |
||
---|---|---|
.. | ||
__init__.py | ||
common.py | ||
embedthumbnail.py | ||
exec.py | ||
ffmpeg.py | ||
metadataparser.py | ||
modify_chapters.py | ||
movefilesafterdownload.py | ||
sponskrub.py | ||
sponsorblock.py | ||
xattrpp.py |