[vlc-devel] [vlc-commits] input: readdir_helper: read options from the parent item

[Rémi Denis-Courmont]

Le 21 septembre 2017 18:31:18 GMT+03:00, Thomas Guillem <git at videolan.org> a écrit :
>vlc | branch: master | Thomas Guillem <thomas at gllm.fr> | Thu Sep 21
>17:30:43 2017 +0200| [6e309636e7d201933161317201a03b361d584cfe] |
>committer: Thomas Guillem
>
>input: readdir_helper: read options from the parent item
>
>>
>http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=6e309636e7d201933161317201a03b361d584cfe
>---
>
> src/input/item.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
>diff --git a/src/input/item.c b/src/input/item.c
>index f5b9178509..187f633e3c 100644
>--- a/src/input/item.c
>+++ b/src/input/item.c
>@@ -1669,6 +1669,10 @@ static int rdh_unflatten(struct
>vlc_readdir_helper *p_rdh,
> void vlc_readdir_helper_init(struct vlc_readdir_helper *p_rdh,
>                        vlc_object_t *p_obj, input_item_node_t *p_node)
> {
>+    /* Read options from the parent item. This allows
>vlc_stream_ReadDir()
>+     * users to specify options whitout touching any vlc_object_t. */
>+    input_item_ApplyOptions(p_obj, p_node->p_item);
>+
>     p_rdh->p_node = p_node;
>p_rdh->b_show_hiddenfiles = var_InheritBool(p_obj, "show-hiddenfiles");
>p_rdh->psz_ignored_exts = var_InheritString(p_obj, "ignore-filetypes");
>
>_______________________________________________
>vlc-commits mailing list
>vlc-commits at videolan.org
>https://mailman.videolan.org/listinfo/vlc-commits

This is very questionable. You can construct scenarii whereby carrying options is desirable. But you can likewise construct some where it is the opposite way.

And this brings some actual security issues... for instance, if you set HTTP password, and the HTTP-based directory refers to an HTTP item in a different authentication domain... the password gets leaked. Not good.

Frankly, I think this patch is wrong.
-- 
Envoyé de mon appareil Android avec Courriel K-9 Mail. Veuillez excuser ma brièveté.