It was recently pointed out a possible exploit that can affect Kodi through subtitles. Now Kodi fixed the issue in 17.2, and Plex says their server and media player should not be affected since they don’t share that code from Kodi. Is OpenPHT affected by that issue? I ask because my understanding is that OpenPHT is closer to Kodi codebase, but I might be wrong 
Any comments on this?
Im listening too?
OpenPHT should not be affected by the subtitle exploit. OpenPHT do not use .zip files for subtitles and instead download subtitles in an unpacked format directly from PMS.
However the bad code that allows abused .zip files to traverse to a parent directory could possibly be triggered if you enable the Play File feature and browse to an abused .zip file on your local drive. This will be patched in a future update.
thank you for the answer!
@Kwiboo said:
OpenPHT should not be affected by the subtitle exploit. OpenPHT do not use .zip files for subtitles and instead download subtitles in an unpacked format directly from PMS.However the bad code that allows abused .zip files to traverse to a parent directory could possibly be triggered if you enable the Play File feature and browse to an abused .zip file on your local drive. This will be patched in a future update.
Thank you for the explanation, I mistakenly marked your answer as “not answer” but I don’t know if I can undo it
