marco/yt-dlp-webui
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

security update

Browse Source
This commit is contained in:
marcobaobao
2022-05-09 19:12:59 +02:00
parent ff97f9fdfe
commit 47126876cf
2 changed files with 10 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
server/src/core/Process.ts
View File

@@ -3,6 +3,7 @@ import { join } from 'path';
import { Readable } from 'stream'; import { Readable } from 'stream';
import { ISettings } from '../interfaces/ISettings'; import { ISettings } from '../interfaces/ISettings';
import Logger from '../utils/BetterLogger'; import Logger from '../utils/BetterLogger';
import { availableParams } from '../utils/params';
const log = new Logger(); const log = new Logger();
@@ -41,9 +42,11 @@ class Process {
async start(callback?: Function): Promise<this> { async start(callback?: Function): Promise<this> {
await this.internalGetInfo(); await this.internalGetInfo();
const sanitizedParams = this.params.filter((param: string) => availableParams.includes(param));
const ytldp = spawn(this.exePath, const ytldp = spawn(this.exePath,
['-o', `${this.settings?.download_path || 'downloads/'}%(title)s.%(ext)s`] ['-o', `${this.settings?.download_path || 'downloads/'}%(title)s.%(ext)s`]
.concat(this.params) .concat(sanitizedParams)
.concat([this.url]) .concat([this.url])
); );
@@ -119,9 +122,9 @@ class Process {
/** /**
* download info getter function * download info getter function
* @returns {object} * @returns {*}
*/ */
getInfo(): object { getInfo(): any {
return this.info return this.info
} }
} }

4
server/src/utils/params.ts Normal file
View File

@@ -0,0 +1,4 @@
export const availableParams = [
'--no-mtime',
'-x'
]