[FFmpeg-user] ffmpeg for a joomla video website

Tom Evans tevans.uk at googlemail.com
Mon Jul 21 21:09:00 CEST 2014


On Sun, Jul 20, 2014 at 8:53 PM, Jan Ehrhardt <phpdev at ehrhardt.nl> wrote:
> Reindl Harald in gmane.comp.video.ffmpeg.user (Sun, 20 Jul 2014 22:45:26
> +0200):
>>such OS calls are typically done via cronjobs and very
>>restricted CLI calls and not directly running in the
>>webservers context at all
>
> My users need instant feedback on what is in a videofile. Besides that:
> they are running php-ffmpeg on systems, where I cannot invoke cronjobs.
>

Shell'ing to run ffprobe gets you the same data; using software with
known exploits is much more insecure than making sure you correctly
escape filenames. It's insane to knowingly use software that if you
give it the right file, *will* allow arbitrary code execution.

Cheers

Tom


More information about the ffmpeg-user mailing list