Patch youtube-dl to disable redirects
In order to prevent SSRF attacks using redirects
This commit is contained in:
parent
3a4f09dda0
commit
1b099bb983
3 changed files with 1079 additions and 82 deletions
|
@ -25,6 +25,7 @@
|
||||||
"aura/session": "^2.1",
|
"aura/session": "^2.1",
|
||||||
"barracudanetworks/archivestream-php": "^1.0",
|
"barracudanetworks/archivestream-php": "^1.0",
|
||||||
"consolidation/log": "^2.0",
|
"consolidation/log": "^2.0",
|
||||||
|
"cweagans/composer-patches": "^1.7",
|
||||||
"j0k3r/httplug-ssrf-plugin": "^2.0",
|
"j0k3r/httplug-ssrf-plugin": "^2.0",
|
||||||
"jawira/case-converter": "^3.4",
|
"jawira/case-converter": "^3.4",
|
||||||
"jean85/pretty-package-versions": "^1.3",
|
"jean85/pretty-package-versions": "^1.3",
|
||||||
|
@ -74,7 +75,12 @@
|
||||||
},
|
},
|
||||||
"installer-types": [
|
"installer-types": [
|
||||||
"library"
|
"library"
|
||||||
]
|
],
|
||||||
|
"patches": {
|
||||||
|
"ytdl-org/youtube-dl": {
|
||||||
|
"Disable redirects in generic extractor": "patches/youtube-dl-redirect.diff"
|
||||||
|
}
|
||||||
|
}
|
||||||
},
|
},
|
||||||
"autoload": {
|
"autoload": {
|
||||||
"psr-4": {
|
"psr-4": {
|
||||||
|
|
1141
composer.lock
generated
1141
composer.lock
generated
File diff suppressed because it is too large
Load diff
12
patches/youtube-dl-redirect.diff
Normal file
12
patches/youtube-dl-redirect.diff
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
diff --git a/youtube_dl/extractor/generic.py b/youtube_dl/extractor/generic.py
|
||||||
|
index f99d887ca..749ed6ecf 100644
|
||||||
|
--- a/youtube_dl/extractor/generic.py
|
||||||
|
+++ b/youtube_dl/extractor/generic.py
|
||||||
|
@@ -2252,6 +2252,7 @@ class GenericIE(InfoExtractor):
|
||||||
|
|
||||||
|
def report_following_redirect(self, new_url):
|
||||||
|
"""Report information extraction."""
|
||||||
|
+ raise UnsupportedError('Redirects are not allowed')
|
||||||
|
self._downloader.to_screen('[redirect] Following redirect to %s' % new_url)
|
||||||
|
|
||||||
|
def _extract_rss(self, url, video_id, doc):
|
Loading…
Reference in a new issue