summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLeo Izen <leo.izen@gmail.com>2020-11-15 22:06:59 -0500
committerLeo Izen <leo.izen@gmail.com>2020-11-18 17:30:07 -0500
commit9b5672ebedf22e1c0d3ba81791c64087e369ee02 (patch)
treee17d7c4bd207445265860f71965b66cca3970120
parent24d696183364c4b5d36c46551bdb8d8b53f9c699 (diff)
downloadmpv-9b5672ebedf22e1c0d3ba81791c64087e369ee02.tar.bz2
mpv-9b5672ebedf22e1c0d3ba81791c64087e369ee02.tar.xz
manpage: document improved --playlist security
Recent versions of mpv have applied security checks to --playlist that previously only existed if playlist files were played as an input directly. This commit documents this change and how to work around it, in the event that playlist files are trusted.
-rw-r--r--DOCS/man/options.rst46
-rw-r--r--stream/stream.c3
2 files changed, 29 insertions, 20 deletions
diff --git a/DOCS/man/options.rst b/DOCS/man/options.rst
index 94b9d2f778..8b437bdfa8 100644
--- a/DOCS/man/options.rst
+++ b/DOCS/man/options.rst
@@ -236,27 +236,40 @@ Playback Control
The value ``no`` is a deprecated alias for ``auto``.
``--playlist=<filename>``
- Play files according to a playlist file (Supports some common formats. If
+ Play files according to a playlist file. Supports some common formats. If
no format is detected, it will be treated as list of files, separated by
- newline characters. Note that XML playlist formats are not supported.)
+ newline characters. You may need this option to load plaintext files as
+ a playlist. Note that XML playlist formats are not supported.
- You can play playlists directly and without this option, however, this
- option disables any security mechanisms that might be in place. You may
- also need this option to load plaintext files as playlist.
+ This option forces ``--demuxer=playlist`` to interpret the playlist file.
+ Some playlist formats, notably CUE and optical disc formats, need to use
+ different demuxers and will not work with this option. They still can be
+ played directly, without using this option.
+
+ You can play playlists directly, without this option. Before mpv version
+ 0.31.0, this option disabled any security mechanisms that might be in
+ place, but since 0.31.0 it uses the same security mechanisms as playing a
+ playlist file directly. If you trust the playlist file, you can disable
+ any security checks with ``--load-unsafe-playlists``. Because playlists
+ can load other playlist entries, consider applying this option only to the
+ playlist itself and not its entries, using something along these lines:
+
+ ``mpv --{ --playlist=filename --load-unsafe-playlists --}``
.. warning::
- The way mpv uses playlist files via ``--playlist`` is not safe against
- maliciously constructed files. Such files may trigger harmful actions.
- This has been the case for all mpv and MPlayer versions, but
- unfortunately this fact was not well documented earlier, and some people
- have even misguidedly recommended use of ``--playlist`` with untrusted
- sources. Do NOT use ``--playlist`` with random internet sources or files
- you do not trust!
+ The way older versions of mpv played playlist files via ``--playlist``
+ was not safe against maliciously constructed files. Such files may
+ trigger harmful actions. This has been the case for all verions of
+ mpv prior to 0.31.0, and all MPlayer versions, but unfortunately this
+ fact was not well documented earlier, and some people have even
+ misguidedly recommended the use of ``--playlist`` with untrusted
+ sources. Do NOT use ``--playlist`` with random internet sources or
+ files you do not trust if you are not sure your mpv is at least 0.31.0.
- Playlist can contain entries using other protocols, such as local files,
- or (most severely), special protocols like ``avdevice://``, which are
- inherently unsafe.
+ In particular, playlists can contain entries using protocols other than
+ local files, such as special protocols like ``avdevice://`` (which are
+ inherently unsafe).
``--chapter-merge-threshold=<number>``
Threshold for merging almost consecutive ordered chapter parts in
@@ -337,9 +350,6 @@ Playback Control
location. (Instead, the behavior is as if the playlist entries were provided
directly to mpv command line or ``loadfile`` command.)
- Note that ``--playlist`` always loads all entries, so you use that instead
- if you really have the need for this functionality.
-
``--access-references=<yes|no>``
Follow any references in the file being opened (default: yes). Disabling
this is helpful if the file is automatically scanned (e.g. thumbnail
diff --git a/stream/stream.c b/stream/stream.c
index f422c5d08d..116dcef4a4 100644
--- a/stream/stream.c
+++ b/stream/stream.c
@@ -441,8 +441,7 @@ int stream_create_with_args(struct stream_open_args *args, struct stream **ret)
if (r == STREAM_UNSAFE) {
mp_err(log, "\nRefusing to load potentially unsafe URL from a playlist.\n"
- "Use --playlist=file or the --load-unsafe-playlists option to "
- "load it anyway.\n\n");
+ "Use the --load-unsafe-playlists option to load it anyway.\n\n");
} else if (r == STREAM_NO_MATCH || r == STREAM_UNSUPPORTED) {
mp_err(log, "No protocol handler found to open URL %s\n", args->url);
mp_err(log, "The protocol is either unsupported, or was disabled "