[vlc-devel] commit: We also need to check the non "conf::" case. Oops. ( Rémi Denis-Courmont )
git version control
git at videolan.org
Fri May 9 16:59:12 CEST 2008
vlc | branch: master | Rémi Denis-Courmont <rem at videolan.org> | Thu May 8 23:39:23 2008 +0300| [1287a64fd67f6117b0d8374290dcbcddb763239f]
We also need to check the non "conf::" case. Oops.
> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=1287a64fd67f6117b0d8374290dcbcddb763239f
---
src/libvlc.c | 9 +++++++++
1 files changed, 9 insertions(+), 0 deletions(-)
diff --git a/src/libvlc.c b/src/libvlc.c
index fa9bbf9..14f172b 100644
--- a/src/libvlc.c
+++ b/src/libvlc.c
@@ -230,6 +230,15 @@ int VLC_VariableSet( int i_object, char const *psz_var, vlc_value_t value )
return VLC_SUCCESS;
}
}
+ /* EXPLICIT HACK (this is the legacy API anyway):
+ * VLC_VariableSet is only used from the browser plugins, so we
+ * can pretty much assume that the input is _not_ trusted. */
+ module_config_t *p_item;
+ p_item = config_FindConfig( VLC_OBJECT(p_libvlc), psz_var );
+ if( !p_item )
+ return VLC_ENOVAR;
+ if( !p_item->b_safe )
+ return VLC_EGENERIC;
i_ret = var_Set( p_libvlc, psz_var, value );
More information about the vlc-devel
mailing list