fix: Sanitize playlist names to prevent directory traversal
Co-authored-by: aider (gemini/gemini-2.5-pro) <aider@aider.chat>
This commit is contained in:
9
main.py
9
main.py
@@ -38,9 +38,14 @@ def run_pls_command(playlist_id):
|
|||||||
return ""
|
return ""
|
||||||
|
|
||||||
|
|
||||||
|
def sanitize_for_filename(name):
|
||||||
|
"""Sanitizes a string to be safe as a filename component."""
|
||||||
|
return name.replace('/', '_').replace('\\', '_')
|
||||||
|
|
||||||
|
|
||||||
def save_playlist_file(playlist_dir, playlist_name, content):
|
def save_playlist_file(playlist_dir, playlist_name, content):
|
||||||
"""Saves the transformed playlist content to a file."""
|
"""Saves the transformed playlist content to a file."""
|
||||||
filename = f"{playlist_name}.m3u8"
|
filename = f"{sanitize_for_filename(playlist_name)}.m3u8"
|
||||||
filepath = os.path.join(playlist_dir, filename)
|
filepath = os.path.join(playlist_dir, filename)
|
||||||
try:
|
try:
|
||||||
with open(filepath, 'w', encoding='utf-8') as f:
|
with open(filepath, 'w', encoding='utf-8') as f:
|
||||||
@@ -52,7 +57,7 @@ def save_playlist_file(playlist_dir, playlist_name, content):
|
|||||||
|
|
||||||
def delete_playlist_file(playlist_dir, playlist_name):
|
def delete_playlist_file(playlist_dir, playlist_name):
|
||||||
"""Deletes a playlist file."""
|
"""Deletes a playlist file."""
|
||||||
filename = f"{playlist_name}.m3u8"
|
filename = f"{sanitize_for_filename(playlist_name)}.m3u8"
|
||||||
filepath = os.path.join(playlist_dir, filename)
|
filepath = os.path.join(playlist_dir, filename)
|
||||||
if os.path.exists(filepath):
|
if os.path.exists(filepath):
|
||||||
try:
|
try:
|
||||||
|
|||||||
Reference in New Issue
Block a user