Fix filepath sanitization in --print-to-file

This commit is contained in:
pukkandan 2022-04-03 20:17:59 +05:30
parent 18eac302a2
commit 5127e92a94
No known key found for this signature in database
GPG key ID: 7EEE9E1E817D0A39

View file

@ -1240,18 +1240,21 @@ def evaluate_outtmpl(self, outtmpl, info_dict, *args, **kwargs):
outtmpl, info_dict = self.prepare_outtmpl(outtmpl, info_dict, *args, **kwargs) outtmpl, info_dict = self.prepare_outtmpl(outtmpl, info_dict, *args, **kwargs)
return self.escape_outtmpl(outtmpl) % info_dict return self.escape_outtmpl(outtmpl) % info_dict
def _prepare_filename(self, info_dict, tmpl_type='default'): def _prepare_filename(self, info_dict, *, outtmpl=None, tmpl_type=None):
assert None in (outtmpl, tmpl_type), 'outtmpl and tmpl_type are mutually exclusive'
if outtmpl is None:
outtmpl = self.outtmpl_dict.get(tmpl_type or 'default', self.outtmpl_dict['default'])
try: try:
outtmpl = self._outtmpl_expandpath(self.outtmpl_dict.get(tmpl_type, self.outtmpl_dict['default'])) outtmpl = self._outtmpl_expandpath(outtmpl)
filename = self.evaluate_outtmpl(outtmpl, info_dict, True) filename = self.evaluate_outtmpl(outtmpl, info_dict, True)
if not filename: if not filename:
return None return None
if tmpl_type in ('default', 'temp'): if tmpl_type in ('', 'temp'):
final_ext, ext = self.params.get('final_ext'), info_dict.get('ext') final_ext, ext = self.params.get('final_ext'), info_dict.get('ext')
if final_ext and ext and final_ext != ext and filename.endswith(f'.{final_ext}'): if final_ext and ext and final_ext != ext and filename.endswith(f'.{final_ext}'):
filename = replace_extension(filename, ext, final_ext) filename = replace_extension(filename, ext, final_ext)
else: elif tmpl_type:
force_ext = OUTTMPL_TYPES[tmpl_type] force_ext = OUTTMPL_TYPES[tmpl_type]
if force_ext: if force_ext:
filename = replace_extension(filename, force_ext, info_dict.get('ext')) filename = replace_extension(filename, force_ext, info_dict.get('ext'))
@ -1267,10 +1270,12 @@ def _prepare_filename(self, info_dict, tmpl_type='default'):
self.report_error('Error in output template: ' + str(err) + ' (encoding: ' + repr(preferredencoding()) + ')') self.report_error('Error in output template: ' + str(err) + ' (encoding: ' + repr(preferredencoding()) + ')')
return None return None
def prepare_filename(self, info_dict, dir_type='', warn=False): def prepare_filename(self, info_dict, dir_type='', *, outtmpl=None, warn=False):
"""Generate the output filename.""" """Generate the output filename"""
if outtmpl:
filename = self._prepare_filename(info_dict, dir_type or 'default') assert not dir_type, 'outtmpl and dir_type are mutually exclusive'
dir_type = None
filename = self._prepare_filename(info_dict, tmpl_type=dir_type, outtmpl=outtmpl)
if not filename and dir_type not in ('', 'temp'): if not filename and dir_type not in ('', 'temp'):
return '' return ''
@ -2767,7 +2772,7 @@ def format_tmpl(tmpl):
self.to_stdout(self.evaluate_outtmpl(format_tmpl(tmpl), info_copy)) self.to_stdout(self.evaluate_outtmpl(format_tmpl(tmpl), info_copy))
for tmpl, file_tmpl in self.params['print_to_file'].get(key, []): for tmpl, file_tmpl in self.params['print_to_file'].get(key, []):
filename = self.evaluate_outtmpl(file_tmpl, info_dict) filename = self.prepare_filename(info_dict, outtmpl=file_tmpl)
tmpl = format_tmpl(tmpl) tmpl = format_tmpl(tmpl)
self.to_screen(f'[info] Writing {tmpl!r} to: {filename}') self.to_screen(f'[info] Writing {tmpl!r} to: {filename}')
if self._ensure_dir_exists(filename): if self._ensure_dir_exists(filename):