Mirrors/mpv
1
0
Fork 0
mirror of https://github.com/mpv-player/mpv.git synced 2025-12-28 05:33:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

manpage: update --playlist comments

Browse Source 
Using the --playlist option is no longer recommended.

A while ago, mpv rewrote all playlist parsers and added some minimal
security mechanisms (like not allowing local file access or unsafe
protocols in remote playlists). Further, mpv can load playlists by
passing them as normal file arguments, without the option.

Now, --playlist is needed only in these situations:
1) loading plaintext files
2) disabling additional security mechanisms
   (e.g. using a remote playlist to play local files)
This commit is contained in:
wm4
2014-11-02 16:05:52 +01:00
parent 0c3df23335
commit 95a5624946
2 changed files with 10 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
DOCS/man/mpv.rst
View File

@@ -12,8 +12,7 @@ a media player
SYNOPSIS
========
| **mpv** [options] [file|URL|-]
| **mpv** [options] --playlist=PLAYLIST
| **mpv** [options] [file|URL|PLAYLIST|-]
| **mpv** [options] files
DESCRIPTION

16
DOCS/man/options.rst
View File

@@ -128,21 +128,23 @@ Playback Control
no format is detected, t will be treated as list of files, separated by
newline characters. Note that XML playlist formats are not supported.)
You can play playlists directly and without this option, however, this
option disables any security mechanisms that might be in place. You may
also need this option to load plaintext files as playlist.
.. warning::
The way mpv uses playlist files is not safe against maliciously
constructed files. Such files may trigger harmful actions.
The way mpv uses playlist files via ``--playlist`` is not safe against
maliciously constructed files. Such files may trigger harmful actions.
This has been the case for all mpv and MPlayer versions, but
unfortunately this fact was not well documented earlier, and some people
have even misguidedly recommended use of ``--playlist`` with untrusted
sources. Do NOT use ``--playlist`` with random internet sources or files
you do not trust!
The main problem is that playlists can point to arbitrary network
addresses (including local addresses inside of your LAN), and thus
can't be considered secure. Playlists also can contain entries using
other protocols, such as local files, or (most severely), special
protocols like ``avdevice://``, which are inherently unsafe.
Playlist can contain entries using other protocols, such as local files,
or (most severely), special protocols like ``avdevice://``, which are
inherently unsafe.
``--chapter-merge-threshold=<number>``
Threshold for merging almost consecutive ordered chapter parts in