Skip to content

Commit

Permalink
tumblr_backup: Do not allow slashes in blog names
Browse files Browse the repository at this point in the history 
Accidental directory separators allow some of the code to function while
other code does the wrong thing. Don't allow them, and also disallow the
special "." and ".." directories.
  • Loading branch information
@cebtenzzre
cebtenzzre committed Oct 14, 2021
1 parent 99c42d9 commit bc43e85
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions tumblr_backup.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -259,6 +259,8 @@ def get_api_url(account):
"""construct the tumblr API URL"""
global blog_name
blog_name = account
if any(c in account for c in '/\\') or account in ('.', '..'):
raise ValueError('Invalid blog name: {!r}'.format(account))
if '.' not in account:
blog_name += '.tumblr.com'
return 'https://api.tumblr.com/v2/blog/%s/%s' % (
Expand Down

0 comments on commit bc43e85

Please sign in to comment.