yacloud/tunasync-scripts
1
0
Fork 0
mirror of https://github.com/tuna/tunasync-scripts.git synced 2025-04-20 04:12:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

ensure safe file name

Browse Source
This commit is contained in:
z4yx 2020-03-06 22:56:36 +08:00
parent 9e5ce2fd5b
commit cccd6c23aa
1 changed files with 12 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
github-release.py
View File

@ -71,6 +71,16 @@ def create_workers(n):
return task_queue return task_queue
def ensure_safe_name(filename):
filename = filename.replace('\0', ' ')
if filename == '.':
return ' .'
elif filename == '..':
return '. .'
else:
return filename.replace('/', '\\')
def main(): def main():
import argparse import argparse
parser = argparse.ArgumentParser() parser = argparse.ArgumentParser()
@ -110,7 +120,7 @@ def main():
print("Error: No release version found") print("Error: No release version found")
continue continue
name = latest['name'] or latest['tag_name'] name = ensure_safe_name(latest['name'] or latest['tag_name'])
if len(name) == 0: if len(name) == 0:
print("Error: Unnamed release") print("Error: Unnamed release")
continue continue
@ -128,12 +138,9 @@ def main():
task_queue.put((url, dst_file, working_dir, updated)) task_queue.put((url, dst_file, working_dir, updated))
for asset in latest['assets']: for asset in latest['assets']:
if '/' in asset['name'] or '\\' in asset['name']:
print(f"Error: Invalid file name {asset['name']}")
continue
url = asset['browser_download_url'] url = asset['browser_download_url']
updated = datetime.strptime(asset['updated_at'], '%Y-%m-%dT%H:%M:%SZ').timestamp() updated = datetime.strptime(asset['updated_at'], '%Y-%m-%dT%H:%M:%SZ').timestamp()
dst_file = repo_local / name / asset['name'] dst_file = repo_local / name / ensure_safe_name(asset['name'])
remote_filelist.append(dst_file.relative_to(working_dir)) remote_filelist.append(dst_file.relative_to(working_dir))
if dst_file.is_file(): if dst_file.is_file():