From e4c69568f76882486ff042c52b63d73cc5aa9cdb Mon Sep 17 00:00:00 2001 From: Simon Ruderich Date: Sun, 11 May 2014 23:14:51 +0200 Subject: [PATCH] bin/squvi: handle special characters in file names --- bin/squvi | 41 +++++++++++++++++++++++++++++++++++------ 1 file changed, 35 insertions(+), 6 deletions(-) diff --git a/bin/squvi b/bin/squvi index 8347721..2a08cf0 100755 --- a/bin/squvi +++ b/bin/squvi @@ -1,11 +1,11 @@ -#!/bin/sh +#!/usr/bin/perl # Download video files with quvi. # -# Don't use clive which is just a front-end to quvi, but with vulnerable -# "exec" code (system with missing "escaping")! +# Don't use clive which is just a front-end to quvi anyway, but with +# vulnerable "exec" code (system() with missing escaping). -# Copyright (C) 2013 Simon Ruderich +# Copyright (C) 2013-2014 Simon Ruderich # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -21,5 +21,34 @@ # along with this program. If not, see . -# quvi handles the --exec correctly and escapes the input. -exec quvi --format best --exec 'wget --no-clobber -O %t.%e %u' "$@" +use strict; +use warnings; + +use IPC::Run (); +use JSON (); + + +if (scalar @ARGV != 1) { + print STDERR "Usage: $0 \n"; + exit 1; +} + + +my ($out, $err); +my @cmd = ('quvi', $ARGV[0]); +if (not IPC::Run::run(\@cmd, \undef, \$out, \$err)) { + die "'@cmd' died:\n$err"; +} + +my $data = JSON::decode_json($out); + +my $url = $data->{link}[0]{url}; +my $suffix = $data->{link}[0]{file_suffix}; + +my $name = $data->{page_title}; +# Strip all non-ASCII characters including "/" which is illegal in file names. +$name =~ s{[^\x20-\x2E\x30-\x7e]}{-}g; + +@cmd = ('wget', '--no-clobber', '--progress=bar:force', + '-O', "$name.$suffix", $url); +exec { $cmd[0] } @cmd or die $!; -- 2.45.2