GitLab

vlc security: As i've seen very little improvement on that front, i've decided to check in my take on handling the problem of managing harmful options. I'm pretty sure this is going to be very controversial, but I think my approach is quite simple and yet very effective Anyway, my approach makes the following assumptions:

- most vlc options are considered safe, only a handful are particularily unsafe and need be declared as such in their definition (they mostly deal with writing to an output file or URL)
- unsafe options are only considered potentially harmful when used as an input option, ie. the ':option' format. Configuration options are always considered safe 'i.e --option' 
- unsafe options are associated with a global security policy, which dictates how these are handled. At the moment, The policy can be either block, allow or prompt, and is set using the '--security-policy' option (which itself is considered unsafe ;)

the policy can be set by the user at the command line or in the preferences, it curently defaults to prompt, which is the desirable state for deskop use. However, it can be overriden depending on context, for example, the activex and mozilla will force the security-policy to block regardless of preference settins.

the code is a bit rough at the moment, but i will optimize/clean it up if the dev community this approach is worth keeping.

try the following example, and you'll see quickly what i mean:

./vlc -vvv <a mrl> :sout=#transcode{vcodec=mp1v,vb=1024,acodec=mpga,ab=192}:standard{mux=ts,dst=vlc-output.ts,access=file}"

Enjoy,
   Damien

Don't use enums. They are cool and all (the compiler even tells when one case is missing in switch), but I don't want the compiler to assume as yet unassigned codepoints will not be used.

BEWARE: If you have non-recompiled plugins, they WILL crash.

 - Use module_Exists as appropriate
 - Rename module_FindName as module_Find

configuration: add config_AddIntf() config_RemoveIntf() and config_ExistIntf() to handle extra interfaces in the preferences
make use of it for last.fm simple preferences (ref #1262)
by the way the duplication of "control" with "extraintf" is very boring

Adds CONFIG_ITEM_PASSWORD for showing stars in preferences dialog (still to be implemented in interfaces)

 - Removed the gross SUPPRESSED hack
 - Remove support for strict deprecated aliases (that was not used anyway)

* libvlc sources and plugins now define __LIBVLC__ and headers exported to
  plugins (ie, include/vlc_*.h) check for this
* libvlc sources use the value of the "libvlc" component in vlc-config instead
  of vlc
* Apply flags directly to "libvlc" in configure.ac - might temporarily break win32 :)

* Headers in include must contain the structures and prototypes needed
  by the plugins and should be named vlc_*.
* Headers in include/vlc must contain the structures and prototypes
  needed by external libvlc clients

* Moved and renamed some things in headers. 
   - Removed vlc_cpu.h, vlc_error.h (merged in vlc_common)
   - Removed snapshot.h (merged in vlc_vout.h)
   - Removed vlc_spu.h (merged in vlc_osd.h)
   - Removed intf_eject.h and vlc_interaction.h (merged in vlc_interface)
   - Moved all internal headers to src
   - Merged vlc_video.h and video_output.h and move private things to src
   - Removed vlc/intf.h, vlc/aout.h, vlc/vout.h, vlc/decoder.h and vlc/input.h
     (meta headers for use in modules, and often implying too large 
     dependencies)
* Removed some useless dependencies
* Unexported a bunch of functions and structures used only in src/
  (--> Still some work here)
* Finally made input_thread_t and input_source_t (mostly) private. 
  Added input_GetItem to fetch the input_item of an input_thread
* Cleaned up deprecated entries in vlc_symbols.h and bumped up symbol 
  prefix

This commit has a 99% probability of breaking the build, 0.1% of killing
your cat and 0% of getting you hot chicks.