[test_download] Print test names in case of network errors
[test_download] Add comments for nose parameters
[test_download] Modify outtmpl to prevent info JSON filename conflicts
Thanks @jaimeMF for the idea.
[travis] Only download tests should be run in parallel
This is much more robust than just using regexps, and handles all
the common scenarios, such as empty/no values, repeated attributes,
entity decoding, mixed case names, and the different possible value
1. Renamed to encode_base_n()
2. Allow tables longer than 62 characters
3. Raise ValueError instead of AssertionError for invalid input data
4. Return the first character in the table instead of '0' for number 0
5. Add tests
The rsa_verify code was vulnerable to a BB'06 attack, allowing to forge
signatures for arbitrary messages if and only if the public key exponent is
3. Since the updates key is hardcoded to 65537, there is no risk for
youtube-dl, but I don't want vulnerable code in the wild.
The new function adopts a way safer approach of encoding-and-comparing to
replace the dangerous parsing code.
If someone is running youtube-dl on a server to deliver files, the user could input 'file:///some/important/file' and youtube-dl would save that file as a video giving access to sensitive information to the user.
'file:' urls can be filtered, but the user can use an URL to a crafted m3u8 manifest like:
With this patch 'file:' URLs raise URLError like for unknown protocols.