const char**ppsz_options = NULL;
int i_options = 0;
vlc_bool_t b_cleanup = VLC_FALSE;
+ vlc_bool_t b_enable_extvlcopt = config_GetInt( p_demux, "m3u-extvlcopt" );
input_item_t *p_input;
INIT_PLAYLIST_STUFF;
if( psz_artist )
psz_artist = strdup( psz_artist );
}
-#if 0
- /* You're going to need a pretty strong explanation, why
- * this is not a big security hole if you are to uncomment
- * this piece of code. Potentially untrusted input file must
- * not be allowed to specify options in an open-handed fashion.
- * -- Courmisch
- */
else if( !strncasecmp( psz_parse, "EXTVLCOPT:",
sizeof("EXTVLCOPT:") -1 ) )
{
- /* VLC Option */
- char *psz_option;
- psz_parse += sizeof("EXTVLCOPT:") -1;
- if( !*psz_parse ) goto error;
-
- psz_option = MaybeFromLocaleDup( psz_parse );
- if( psz_option )
- INSERT_ELEM( ppsz_options, i_options, i_options,
- psz_option );
+ if( b_enable_extvlcopt )
+ {
+ /* VLC Option */
+ char *psz_option;
+ psz_parse += sizeof("EXTVLCOPT:") -1;
+ if( !*psz_parse ) goto error;
+
+ psz_option = MaybeFromLocaleDup( psz_parse );
+ if( psz_option )
+ INSERT_ELEM( ppsz_options, i_options, i_options,
+ psz_option );
+ }
+ else
+ {
+ msg_Err( p_demux, "m3u EXTVLCOPT parsing is disabled for security reasons. If you need it and trust the m3u playlist you are trying to open, please append --m3u-extvlcopt to you command line." );
+ }
}
-#endif
}
else if( !strncasecmp( psz_parse, "RTSPtext", sizeof("RTSPtext") -1 ) )
{
#define SKIP_ADS_LONGTEXT N_( "Use playlist options usually used to prevent " \
"ads skipping to detect ads and prevent adding them to the playlist." )
+#define EXTVLCOPT_TEXT N_( "Enable parsing of EXTVLCOPT: options" )
+#define EXTVLCOPT_LONGTEXT N_( "Enable parsing of EXTVLCOPT: options in m3u " \
+ "playlists. This option is default disabled to prevent untrusted sources " \
+ "using VLC options without the user's knowledge." )
+
vlc_module_begin();
add_shortcut( "playlist" );
set_category( CAT_INPUT );
set_description( _("M3U playlist import") );
add_shortcut( "m3u-open" );
set_capability( "demux2", 10 );
+ add_bool( "m3u-extvlcopt", VLC_FALSE, NULL,
+ EXTVLCOPT_TEXT, EXTVLCOPT_LONGTEXT, VLC_FALSE );
+ change_unsaveable();
set_callbacks( E_(Import_M3U), E_(Close_M3U) );
add_submodule();
set_description( _("PLS playlist import") );