diff options
| author | dirkf <fieldhouse@gmx.net> | 2024-07-02 14:54:25 +0100 |
|---|---|---|
| committer | dirkf <fieldhouse@gmx.net> | 2024-07-02 15:38:50 +0100 |
| commit | 37cea84f775129ad715b9bcd617251c831fcc980 (patch) | |
| tree | 88b8024cabe8d56a67b18ffb53e19d00238169ab /youtube_dl/utils.py | |
| parent | 46521096433aceaa41b4caa845bed22ca6f377ce (diff) | |
| download | youtube-dl-37cea84f775129ad715b9bcd617251c831fcc980.tar.xz | |
Diffstat (limited to 'youtube_dl/utils.py')
| -rw-r--r-- | youtube_dl/utils.py | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/youtube_dl/utils.py b/youtube_dl/utils.py index df203b97a..3ec9d3811 100644 --- a/youtube_dl/utils.py +++ b/youtube_dl/utils.py @@ -6587,7 +6587,6 @@ KNOWN_EXTENSIONS = ( class _UnsafeExtensionError(Exception): """ Mitigation exception for unwanted file overwrite/path traversal - This should be caught in YoutubeDL.py with a warning Ref: https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-79w7-vh3h-8g4j """ @@ -6666,6 +6665,9 @@ class _UnsafeExtensionError(Exception): super(_UnsafeExtensionError, self).__init__('unsafe file extension: {0!r}'.format(extension)) self.extension = extension + # support --no-check-extensions + lenient = False + @classmethod def sanitize_extension(cls, extension, **kwargs): # ... /, *, prepend=False @@ -6678,7 +6680,7 @@ class _UnsafeExtensionError(Exception): last = extension.rpartition('.')[-1] if last == 'bin': extension = last = 'unknown_video' - if last.lower() not in cls._ALLOWED_EXTENSIONS: + if not (cls.lenient or last.lower() in cls._ALLOWED_EXTENSIONS): raise cls(extension) return extension |