Patch youtube-dl to disable redirects
In order to prevent SSRF attacks using redirects
This commit is contained in:
parent
3a4f09dda0
commit
1b099bb983
3 changed files with 1079 additions and 82 deletions
|
@ -25,6 +25,7 @@
|
|||
"aura/session": "^2.1",
|
||||
"barracudanetworks/archivestream-php": "^1.0",
|
||||
"consolidation/log": "^2.0",
|
||||
"cweagans/composer-patches": "^1.7",
|
||||
"j0k3r/httplug-ssrf-plugin": "^2.0",
|
||||
"jawira/case-converter": "^3.4",
|
||||
"jean85/pretty-package-versions": "^1.3",
|
||||
|
@ -74,7 +75,12 @@
|
|||
},
|
||||
"installer-types": [
|
||||
"library"
|
||||
]
|
||||
],
|
||||
"patches": {
|
||||
"ytdl-org/youtube-dl": {
|
||||
"Disable redirects in generic extractor": "patches/youtube-dl-redirect.diff"
|
||||
}
|
||||
}
|
||||
},
|
||||
"autoload": {
|
||||
"psr-4": {
|
||||
|
|
1141
composer.lock
generated
1141
composer.lock
generated
File diff suppressed because it is too large
Load diff
12
patches/youtube-dl-redirect.diff
Normal file
12
patches/youtube-dl-redirect.diff
Normal file
|
@ -0,0 +1,12 @@
|
|||
diff --git a/youtube_dl/extractor/generic.py b/youtube_dl/extractor/generic.py
|
||||
index f99d887ca..749ed6ecf 100644
|
||||
--- a/youtube_dl/extractor/generic.py
|
||||
+++ b/youtube_dl/extractor/generic.py
|
||||
@@ -2252,6 +2252,7 @@ class GenericIE(InfoExtractor):
|
||||
|
||||
def report_following_redirect(self, new_url):
|
||||
"""Report information extraction."""
|
||||
+ raise UnsupportedError('Redirects are not allowed')
|
||||
self._downloader.to_screen('[redirect] Following redirect to %s' % new_url)
|
||||
|
||||
def _extract_rss(self, url, video_id, doc):
|
Loading…
Reference in a new issue