From a4b6bf8c41b54554286117b97e78412a32b5147f Mon Sep 17 00:00:00 2001
From: wm4 <wm4@nowhere>
Date: Mon, 2 Mar 2015 19:09:36 +0100
Subject: player: refine rar:// playlist-safety handling

It was possible to make the player play local files by putting rar://
links into remote playlists, and some other potentially unsafe things.

Redo the handling of it. Now the rar-redirector (the thing in
demux_playlist.c) sets disable_safety, which makes the player open any
playlist entries returned. This is fine, because it redirects to the
same file anyway (just with different selection/interpretation of the
contents). On the other hand, rar:// itself is now considered fully
unsafe, which means that it is ignored if found in normal playlists.
---
 stream/stream_rar.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

(limited to 'stream/stream_rar.c')

diff --git a/stream/stream_rar.c b/stream/stream_rar.c
index 1051e05ab4..510babf949 100644
--- a/stream/stream_rar.c
+++ b/stream/stream_rar.c
@@ -98,8 +98,8 @@ static int rar_entry_open(stream_t *stream)
     *name++ = '\0';
     mp_url_unescape_inplace(base);
 
-    struct stream *rar = stream_create(base, STREAM_READ, stream->cancel,
-                                       stream->global);
+    struct stream *rar = stream_create(base, STREAM_READ | STREAM_SAFE_ONLY,
+                                       stream->cancel, stream->global);
     if (!rar)
         return STREAM_ERROR;
 
@@ -146,6 +146,4 @@ const stream_info_t stream_info_rar = {
     .name = "rar",
     .open = rar_entry_open,
     .protocols = (const char*const[]){ "rar", NULL },
-    .is_safe = true,
-    .is_network = true, // safe over network
 };
-- 
cgit v1.2.3