-#!/bin/sh
+#!/usr/bin/perl
# Download video files with quvi.
#
-# Don't use clive which is just a front-end to quvi, but with vulnerable
-# "exec" code (system with missing "escaping")!
+# Don't use clive which is just a front-end to quvi anyway, but with
+# vulnerable "exec" code (system() with missing escaping).
-# Copyright (C) 2013 Simon Ruderich
+# Copyright (C) 2013-2014 Simon Ruderich
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# along with this program. If not, see <http://www.gnu.org/licenses/>.
-# quvi handles the --exec correctly and escapes the input.
-exec quvi --format best --exec 'wget --no-clobber -O %t.%e %u' "$@"
+use strict;
+use warnings;
+
+use IPC::Run ();
+use JSON ();
+
+
+if (scalar @ARGV != 1) {
+ print STDERR "Usage: $0 <url>\n";
+ exit 1;
+}
+
+
+my ($out, $err);
+my @cmd = ('quvi', $ARGV[0]);
+if (not IPC::Run::run(\@cmd, \undef, \$out, \$err)) {
+ die "'@cmd' died:\n$err";
+}
+
+my $data = JSON::decode_json($out);
+
+my $url = $data->{link}[0]{url};
+my $suffix = $data->{link}[0]{file_suffix};
+
+my $name = $data->{page_title};
+# Strip all non-ASCII characters including "/" which is illegal in file names.
+$name =~ s{[^\x20-\x2E\x30-\x7e]}{-}g;
+
+@cmd = ('wget', '--no-clobber', '--progress=bar:force',
+ '-O', "$name.$suffix", $url);
+exec { $cmd[0] } @cmd or die $!;
ruderich.org/simon / config / dotfiles.git / commitdiff