aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--youtube_dl/__init__.py4
-rw-r--r--youtube_dl/options.py4
-rw-r--r--youtube_dl/utils.py6
3 files changed, 12 insertions, 2 deletions
diff --git a/youtube_dl/__init__.py b/youtube_dl/__init__.py
index cc8285eba..06bdfb689 100644
--- a/youtube_dl/__init__.py
+++ b/youtube_dl/__init__.py
@@ -21,6 +21,7 @@ from .compat import (
workaround_optparse_bug9161,
)
from .utils import (
+ _UnsafeExtensionError,
DateRange,
decodeOption,
DEFAULT_OUTTMPL,
@@ -173,6 +174,9 @@ def _real_main(argv=None):
if opts.ap_mso and opts.ap_mso not in MSO_INFO:
parser.error('Unsupported TV Provider, use --ap-list-mso to get a list of supported TV Providers')
+ if opts.no_check_extensions:
+ _UnsafeExtensionError.lenient = True
+
def parse_retries(retries):
if retries in ('inf', 'infinite'):
parsed_retries = float('inf')
diff --git a/youtube_dl/options.py b/youtube_dl/options.py
index 434f520d3..61705d1f0 100644
--- a/youtube_dl/options.py
+++ b/youtube_dl/options.py
@@ -534,6 +534,10 @@ def parseOpts(overrideArguments=None):
action='store_true', dest='no_check_certificate', default=False,
help='Suppress HTTPS certificate validation')
workarounds.add_option(
+ '--no-check-extensions',
+ action='store_true', dest='no_check_extensions', default=False,
+ help='Suppress file extension validation')
+ workarounds.add_option(
'--prefer-insecure',
'--prefer-unsecure', action='store_true', dest='prefer_insecure',
help='Use an unencrypted connection to retrieve information about the video. (Currently supported only for YouTube)')
diff --git a/youtube_dl/utils.py b/youtube_dl/utils.py
index df203b97a..3ec9d3811 100644
--- a/youtube_dl/utils.py
+++ b/youtube_dl/utils.py
@@ -6587,7 +6587,6 @@ KNOWN_EXTENSIONS = (
class _UnsafeExtensionError(Exception):
"""
Mitigation exception for unwanted file overwrite/path traversal
- This should be caught in YoutubeDL.py with a warning
Ref: https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-79w7-vh3h-8g4j
"""
@@ -6666,6 +6665,9 @@ class _UnsafeExtensionError(Exception):
super(_UnsafeExtensionError, self).__init__('unsafe file extension: {0!r}'.format(extension))
self.extension = extension
+ # support --no-check-extensions
+ lenient = False
+
@classmethod
def sanitize_extension(cls, extension, **kwargs):
# ... /, *, prepend=False
@@ -6678,7 +6680,7 @@ class _UnsafeExtensionError(Exception):
last = extension.rpartition('.')[-1]
if last == 'bin':
extension = last = 'unknown_video'
- if last.lower() not in cls._ALLOWED_EXTENSIONS:
+ if not (cls.lenient or last.lower() in cls._ALLOWED_EXTENSIONS):
raise cls(extension)
return extension