Simon Sawicki ff07792676 [core] Prevent RCE when using --exec with %q (CVE-2024-22423) ... The shell escape function now properly escapes `%`, `\\` and `\n`. `utils.Popen` as well as `%q` output template expansion have been patched accordingly. Prior to this fix using `--exec` together with `%q` when on Windows could cause remote code to execute. See https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-hjq6-52gw-2g7p for more details. Authored by: Grub4K		2024-04-09 18:36:13 +02:00
..
__init__.py	[cleanup] Misc (#8968)	2024-03-11 00:52:28 +05:30
bash-completion.in
bash-completion.py
changelog_override.json	[core] Prevent RCE when using --exec with %q (CVE-2024-22423)	2024-04-09 18:36:13 +02:00
changelog_override.schema.json
check-porn.py
cli_to_api.py
fish-completion.in
fish-completion.py
generate_aes_testdata.py
install_deps.py	[build] Optional dependencies cleanup (#9550)	2024-03-29 23:24:40 +00:00
lazy_load_template.py
logo.ico
make_changelog.py	[build] Update changelog for tarball and sdist (#9425)	2024-03-14 21:10:20 +00:00
make_contributing.py
make_issue_template.py	[cleanup] Misc (#8598)	2023-12-30 22:27:36 +01:00
make_lazy_extractors.py
make_readme.py
make_supportedsites.py
prepare_manpage.py	[docs] Various manpage fixes	2024-04-08 21:24:58 +02:00
run_tests.bat	[devscripts] run_tests: Create Python script (#8720)	2023-12-26 18:30:04 +01:00
run_tests.py	Fix 2d1d683a54	2023-12-26 20:07:09 +01:00
run_tests.sh	[devscripts] run_tests: Create Python script (#8720)	2023-12-26 18:30:04 +01:00
set-variant.py
tomlparse.py	[cleanup] Standardize import datetime as dt (#8978)	2024-04-01 05:32:15 +05:30
update_changelog.py	[build] Update changelog for tarball and sdist (#9425)	2024-03-14 21:10:20 +00:00
update-version.py	[cleanup] Standardize import datetime as dt (#8978)	2024-04-01 05:32:15 +05:30
utils.py	[build] Overhaul and unify release workflow	2023-11-12 18:29:19 -06:00
zsh-completion.in
zsh-completion.py