Commit Graph

54 Commits (fd43ff21e28d5f50621ba17a81868d9bbadac6bd)

Author SHA1 Message Date
Simon Sawicki ff07792676
[core] Prevent RCE when using `--exec` with `%q` (CVE-2024-22423)
The shell escape function now properly escapes `%`, `\\` and `\n`. `utils.Popen` as well as `%q` output template expansion have been patched accordingly.

Prior to this fix using `--exec` together with `%q` when on Windows could cause remote code to execute. See https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-hjq6-52gw-2g7p for more details.

Authored by: Grub4K
7 months ago
Simon Sawicki 32abfb00bd
[utils] `traverse_obj`: Convenience improvements (#9577)
Add support for:
- `http.cookies.Morsel`
- Multi type filters (`{type, type}`)

Authored by: Grub4K
7 months ago
pukkandan c305a25c1b
[cleanup] Standardize `import datetime as dt` (#8978) 7 months ago
sepro 86e3b82261
[core] Fix `filesize_approx` calculation (#9560)
Reverts 22e4dfacb6

Despite being documented as `Kbit/s`, the extractors/manifests were returning bitrates in SI units of kilobits/sec.

Authored by: seproDev, pukkandan
7 months ago
Simon Sawicki 3699eeb67c
[utils] `traverse_obj`: Allow unbranching using `all` and `any` (#9571)
Authored by: Grub4K
7 months ago
pukkandan 615a84447e
[cleanup] Misc (#8968)
Authored by: pukkandan, bashonly, seproDev
8 months ago
pukkandan 45491a2a30
[utils] Improve `repr` of `DateRange`, `match_filter_func` 8 months ago
pukkandan 93240fc184
[cleanup] Fix misc bugs (#8968)
Closes #8816

Authored by: bashonly, seproDev, pukkandan, Grub4k
8 months ago
pukkandan 47ab66db0f
[docs] Misc Cleanup (#8977)
Closes #8355, #8944

Authored by: bashonly, Grub4k, Arthurszzz, seproDev, pukkandan

Co-authored-by: sepro <4618135+seproDev@users.noreply.github.com>
Co-authored-by: bashonly <bashonly@protonmail.com>
Co-authored-by: Arthurszzz <minecraftgamerarthur@gmail.com>
Co-authored-by: Simon Sawicki <accounts@grub4k.xyz>
Co-authored-by: bashonly <88596187+bashonly@users.noreply.github.com>
8 months ago
Simon Sawicki ffbd4f2a02
[utils] `traverse_obj`: Support `xml.etree.ElementTree.Element` (#8911)
Authored by: Grub4K
10 months ago
Simon Sawicki f9fb3ce86e
[cleanup] Misc (#8598)
Authored by: bashonly, pukkandan, seproDev, Grub4K

Co-authored-by: bashonly <bashonly@protonmail.com>
Co-authored-by: pukkandan <pukkandan.ytdlp@gmail.com>
Co-authored-by: sepro <4618135+seproDev@users.noreply.github.com>
10 months ago
Simon Sawicki 65de7d204c
Update to ytdl-commit-be008e6 (#8836)
- [utils] Make restricted filenames ignore some Unicode categories (by dirkf)
- [ie/telewebion] Fix extraction (by Grub4K)
- [ie/imgur] Overhaul extractor (by bashonly, Grub4K)
- [ie/EpidemicSound] Add extractor (by Grub4K)

Authored by: bashonly, dirkf, Grub4K

Co-authored-by: bashonly <bashonly@protonmail.com>
10 months ago
coletdjnz 196eb0fe77
[networking] Strip whitespace around header values (#8802)
Fixes https://github.com/yt-dlp/yt-dlp/issues/8729
Authored by: coletdjnz
11 months ago
Simon Sawicki 0b6f829b1d
[utils] `traverse_obj`: Move `is_user_input` into output template (#8673)
Authored by: Grub4K
11 months ago
pukkandan a174c453ee
Let `read_stdin` obey `--quiet`
Closes #8668
11 months ago
coletdjnz ccfd70f4c2
[rh:websockets] Migrate websockets to networking framework (#7720)
* Adds a basic WebSocket framework
* Introduces new minimum `websockets` version of 12.0
* Deprecates `WebSocketsWrapper`

Fixes https://github.com/yt-dlp/yt-dlp/issues/8439

Authored by: coletdjnz
12 months ago
bashonly f04b5bedad
[ie] Do not smuggle `http_headers`
See: https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-3ch3-jhc6-5r8x

Authored by: coletdjnz
12 months ago
bashonly 84e26038d4
[utils] `write_xattr`: Use `os.setxattr` if available (#8205)
Closes #8193
Authored by: bashonly, Grub4K

Co-authored-by: Simon Sawicki <contact@grub4k.xyz>
1 year ago
Simon Sawicki 1c51c520f7
[fd/fragment] Improve progress calculation (#8241)
This uses the download speed from all threads and also adds smoothing to speed and eta

Authored by: Grub4K
1 year ago
Awal Garg 9d7ded6419
[utils] `js_to_json`: Fix `Date` constructor parsing (#8295)
Authored by: awalgarg, Grub4K
1 year ago
Simon Sawicki de015e9307
[core] Prevent RCE when using `--exec` with `%q` (CVE-2023-40581)
The shell escape function is now using `""` instead of `\"`. `utils.Popen` has been patched to properly quote commands.

Prior to this fix using `--exec` together with `%q` when on Windows could cause remote code to execute. See https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-42h4-v29r-42qg for reference.

Authored by: Grub4K
1 year ago
bashonly 52414d64ca
[utils] `js_to_json`: Handle `Array` objects
Authored by: Grub4K, std-move

Co-authored-by: std-move <26625259+std-move@users.noreply.github.com>
Co-authored-by: Simon Sawicki <accounts@grub4k.xyz>
1 year ago
Simon Sawicki 836e06d246
[core] Fix support for upcoming Python 3.12 (#8130)
This also adds the following test runners:
- `3.12-dev` on `ubuntu-latest`
- `3.12-dev` on `windows-latest`
- `pypy-3.10` on `ubuntu-latest`

Authored by: Grub4K
1 year ago
Simon Sawicki f659e64394
[ie/bpb] Overhaul extractor (#8119)
Authored by: Grub4K
1 year ago
pukkandan 3f7965105d
[utils] HTTPHeaderDict: Handle byte values 1 year ago
coletdjnz 4bf912282a
[networking] Remove dot segments during URL normalization (#7662)
This implements RFC3986 5.2.4 remove_dot_segments during the URL normalization process.

Closes #3355, #6526

Authored by: coletdjnz
1 year ago
coletdjnz bbeacff7fc
[networking] Ignore invalid proxies in env (#7704)
Authored by: coletdjnz
1 year ago
pukkandan a250b24733
[compat] Ensure submodules are imported correctly
Closes #7663
1 year ago
bashonly af86873218
[utils] Improve `parse_duration`
Authored by: bashonly
1 year ago
coletdjnz 3d2623a898
[compat, networking] Deprecate old functions (#2861)
Authored by: coletdjnz, pukkandan
1 year ago
coletdjnz 227bf1a33b
[networking] Rewrite architecture (#2861)
New networking interface consists of a `RequestDirector` that directs
each `Request` to appropriate `RequestHandler` and returns the
`Response` or raises `RequestError`. The handlers define adapters to
transform its internal Request/Response/Errors to our interfaces.

User-facing changes:
- Fix issues with per request proxies on redirects for urllib
- Support for `ALL_PROXY` environment variable for proxy setting
- Support for `socks5h` proxy
   - Closes https://github.com/yt-dlp/yt-dlp/issues/6325, https://github.com/ytdl-org/youtube-dl/issues/22618, https://github.com/ytdl-org/youtube-dl/pull/28093
- Raise error when using `https` proxy instead of silently converting it to `http`

Authored by: coletdjnz
1 year ago
pukkandan c365dba843
[networking] Add module (#2861)
No actual changes - code is only moved around
1 year ago
pukkandan 1b392f905d
[utils] Add temporary shim for logging
Related: #5680, #7517
1 year ago
Mahmoud Abdel-Fattah 2af4eeb772
[utils] `clean_podcast_url`: Handle more trackers (#7556)
Authored by: mabdelfattah, bashonly
Closes #7544
1 year ago
coletdjnz f8b4bcc0a7
[core] Prevent `Cookie` leaks on HTTP redirect
Ref: https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-v8mc-9377-rwjj

Authored by: coletdjnz
1 year ago
pukkandan 337734d4a8
[cleanup] Misc 1 year ago
pukkandan 91302ed349
[utils] clean_podcast_url: Handle protocol in redirect URL
Closes #7430
1 year ago
pukkandan e59e20744e
Bugfix for b4e0d75848 1 year ago
pukkandan 812cdfa06c
[cleanup] Misc 1 year ago
pukkandan b4e0d75848
Improve `--download-sections`
* Support negative time-ranges
* Add `*from-url` to obey time-ranges in URL

Closes #7248
1 year ago
pukkandan ad54c9130e
[cleanup] Misc
Closes #6288, Closes #7197, Closes #7265, Closes #7353, Closes #5773
Authored by: mikf, freezboltz, pukkandan
1 year ago
Nicolai Dagestad db3ad8a676
Add option `--netrc-cmd` (#6682)
Authored by: NDagestad, pukkandan
Closes #1706
1 year ago
pukkandan ebe1b4e34f
[outtmpl] Fix some minor bugs
Closes #7164
1 year ago
pukkandan a35af4306d
[utils] `strftime_or_none`: Handle negative timestamps
Closes #6706
Authored by pukkandan, dirkf
1 year ago
pukkandan eedda5252c
[utils] `FormatSorter`: Improve `size` and `br`
Closes #1596

Previously, when some formats have accurate size and some approximate,
the ones with accurate size was always prioritized

For formats with known tbr and unknown vbr/abr, we were setting
(vbr=tbr, abr=0) for sorting to work. This is no longer needed.

Authored by pukkandan, u-spec-png
1 year ago
hoaluvn 7bcd481321
[extractor/urplay] Extract all subtitles (#7309)
Authored by: hoaluvn
1 year ago
garret 4cbfa570a1
[extractor/camfm] Add extractors (#7083)
Authored by: garret1317
1 year ago
coletdjnz daafbf49b3
[core] Support decoding multiple content encodings (#7142)
Authored by: coletdjnz
1 year ago
coletdjnz b87e01c123
[cookies] Move `YoutubeDLCookieJar` to cookies module (#7091)
Authored by: coletdjnz
1 year ago
coletdjnz 08916a49c7
[core] Improve HTTP redirect handling (#7094)
Aligns HTTP redirect handling with what browsers commonly do and RFC standards. 

Fixes issues afac4caa7d missed.

Authored by: coletdjnz
1 year ago