Skip to content

V
vlc-1.1
Commit a7e8d944 authored by Rémi Denis-Courmont's avatar Rémi Denis-Courmont
Browse files
Options

VLC_VariableSet: assume unsafe variable settings. Fixes #1371.

parent e5501691
Show whitespace changes
Inline Side-by-side
Showing with 6 additions and 1 deletion
src/libvlc.c
View file @ a7e8d944
...@@ -188,7 +188,7 @@ int VLC_Destroy( int i_object ) ...@@ -188,7 +188,7 @@ int VLC_Destroy( int i_object )
} }
/***************************************************************************** /*****************************************************************************
* VLC_VariableSet: set a vlc variable * VLC_VariableSet: set a "safe" vlc variable
*****************************************************************************/ *****************************************************************************/
int VLC_VariableSet( int i_object, char const *psz_var, vlc_value_t value ) int VLC_VariableSet( int i_object, char const *psz_var, vlc_value_t value )
{ {
...@@ -206,6 +206,11 @@ int VLC_VariableSet( int i_object, char const *psz_var, vlc_value_t value ) ...@@ -206,6 +206,11 @@ int VLC_VariableSet( int i_object, char const *psz_var, vlc_value_t value )
if( p_item ) if( p_item )
{ {
/* VLC_VariableSet is only used from the browser plugins, so we
* can pretty much assume that the input is _not_ trusted. */
if( !p_item->b_safe )
return VLC_EGENERIC;
switch( p_item->i_type ) switch( p_item->i_type )
{ {
case CONFIG_ITEM_BOOL: case CONFIG_ITEM_BOOL:
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment