bin/squvi: handle special characters in file names

diff --git a/bin/squvi b/bin/squvi
index 834772122e92d5bcb123e2fa467301470dbf4b8f..2a08cf04759bbb577ece9fa6a4a265739bd9684d 100755 (executable)
--- a/bin/squvi
+++ b/bin/squvi
@@ -1,11 +1,11 @@
-#!/bin/sh
+#!/usr/bin/perl

 
 # Download video files with quvi.
 #
 
 # Download video files with quvi.
 #

-# Don't use clive which is just a front-end to quvi, but with vulnerable
-# "exec" code (system with missing "escaping")!
+# Don't use clive which is just a front-end to quvi anyway, but with
+# vulnerable "exec" code (system() with missing escaping).

 
 

-# Copyright (C) 2013  Simon Ruderich
+# Copyright (C) 2013-2014  Simon Ruderich

 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by


@@ -21,5 +21,34 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 

-# quvi handles the --exec correctly and escapes the input.
-exec quvi --format best --exec 'wget --no-clobber -O %t.%e %u' "$@"
+use strict;
+use warnings;
+
+use IPC::Run ();
+use JSON ();
+
+
+if (scalar @ARGV != 1) {
+    print STDERR "Usage: $0 <url>\n";
+    exit 1;
+}
+
+
+my ($out, $err);
+my @cmd = ('quvi', $ARGV[0]);
+if (not IPC::Run::run(\@cmd, \undef, \$out, \$err)) {
+    die "'@cmd' died:\n$err";
+}
+
+my $data = JSON::decode_json($out);
+
+my $url    = $data->{link}[0]{url};
+my $suffix = $data->{link}[0]{file_suffix};
+
+my $name = $data->{page_title};
+# Strip all non-ASCII characters including "/" which is illegal in file names.
+$name =~ s{[^\x20-\x2E\x30-\x7e]}{-}g;
+
+@cmd = ('wget', '--no-clobber', '--progress=bar:force',
+        '-O', "$name.$suffix", $url);
+exec { $cmd[0] } @cmd or die $!;