re
Some checks failed
smoke-mm / Install & smoke test mm --help (push) Has been cancelled
Some checks failed
smoke-mm / Install & smoke test mm --help (push) Has been cancelled
This commit is contained in:
nose
@@ -606,6 +606,34 @@ def _download_direct_file(
|
||||
except Exception as e:
|
||||
if not quiet:
|
||||
log(f"Could not get filename from headers: {e}", file=sys.stderr)
|
||||
|
||||
# Guardrail: never treat HTML landing pages as downloadable files.
|
||||
# We explicitly probe with GET for page-like endpoints (e.g. *.php) since some
|
||||
# servers block/lie on HEAD, and a URL path like `edition.php` would otherwise
|
||||
# be saved as a bogus file.
|
||||
try:
|
||||
page_like_exts = {".php", ".asp", ".aspx", ".jsp", ".cgi"}
|
||||
ext = ""
|
||||
try:
|
||||
ext = Path(str(filename or "")).suffix.lower()
|
||||
except Exception:
|
||||
ext = ""
|
||||
|
||||
ct0 = (content_type or "").split(";", 1)[0].strip().lower()
|
||||
must_probe = bool(ct0.startswith("text/html") or ext in page_like_exts)
|
||||
|
||||
if must_probe:
|
||||
with HTTPClient(timeout=10.0) as client:
|
||||
with client._request_stream("GET", url, follow_redirects=True) as resp:
|
||||
resp.raise_for_status()
|
||||
ct = str(resp.headers.get("content-type", "") or "").split(";", 1)[0].strip().lower()
|
||||
if ct.startswith("text/html"):
|
||||
raise DownloadError("URL appears to be an HTML page, not a direct file")
|
||||
except DownloadError:
|
||||
raise
|
||||
except Exception:
|
||||
# If we can't probe, keep going; later logic may still infer a safe extension.
|
||||
pass
|
||||
|
||||
# Apply suggested filename (from provider title) if given.
|
||||
suggested = _sanitize_filename(suggested_filename) if suggested_filename else ""
|
||||
|
||||
Reference in New Issue
Block a user