mirror of
https://github.com/LonamiWebs/Telethon.git
synced 2024-11-22 17:36:34 +03:00
Prevent download_profile_photo from downloading arbitrary files
First of all, because it shouldn't be doing that. Second, it was buggy and was passing the tuple returned by get_input_location to download_file which doesn't accept tuples (instead it should be passed the photo object so that download_file could return dc_id and input file location itself).
This commit is contained in:
parent
22fcdeef7f
commit
ff8349ff3f
|
@ -78,10 +78,11 @@ class DownloadMethods(UserMethods):
|
|||
if isinstance(photo, (types.UserProfilePhoto, types.ChatPhoto)):
|
||||
loc = photo.photo_big if download_big else photo.photo_small
|
||||
else:
|
||||
try:
|
||||
loc = utils.get_input_location(photo)
|
||||
except TypeError:
|
||||
return None
|
||||
# It doesn't make any sense to check if `photo` can be used
|
||||
# as input location, because then this method would be able
|
||||
# to "download the profile photo of a message", i.e. its
|
||||
# media which should be done with `download_media` instead.
|
||||
return None
|
||||
|
||||
file = self._get_proper_filename(
|
||||
file, 'profile_photo', '.jpg',
|
||||
|
|
Loading…
Reference in New Issue
Block a user