Stream URL breaks on &

  • Stream URL input breaks on "&" see images below
    i checked the URL via the terminal and is valid.
    however when i use ffprobe on shinibo the full url is not being use. instead it was cut off before the "&" (ampersand) sign.

    ffprobe via Shinobi

    ffprobe via Terminal

  • I can confirm, if you look at the notification log at the top after adding a monitor, the command line doesn't have anything after the ? even (since it's a command-line wildcard).

    However, when adding the monitor, if you select "No" for auto-parsing, you can manually enter the query string, and it accepts it.

    Url's should be wrapped around double-quotes.


  • This is actually really, really disturbing because it means that the Shinobi UI is also vulnerable to injection attacks. If I had to guess, if you have shinobi running as root and put a "&; reboot" at the end of the URL, your machine would reboot...


Looks like your connection to Shinobi Forum was lost, please wait while we try to reconnect.