Prevent download_profile_photo from downloading arbitrary files

First of all, because it shouldn't be doing that. Second, it was buggy and was passing the tuple returned by get_input_location to download_file which doesn't accept tuples (instead it should be passed the photo object so that download_file could return dc_id and input file location itself).
2024-11-10 19:46:36 +03:00 · 2019-04-03 09:51:33 +02:00 · 2019-04-03 09:51:33 +02:00 · ff8349ff3f
commit ff8349ff3f
parent 22fcdeef7f
1 changed files with 5 additions and 4 deletions
--- a/telethon/client/downloads.py
+++ b/telethon/client/downloads.py
@ -78,10 +78,11 @@ class DownloadMethods(UserMethods):
        if isinstance(photo, (types.UserProfilePhoto, types.ChatPhoto)):
            loc = photo.photo_big if download_big else photo.photo_small
        else:
-            try:
-                loc = utils.get_input_location(photo)
-            except TypeError:
-                return None
+            # It doesn't make any sense to check if `photo` can be used
+            # as input location, because then this method would be able
+            # to "download the profile photo of a message", i.e. its
+            # media which should be done with `download_media` instead.
+            return None

        file = self._get_proper_filename(
            file, 'profile_photo', '.jpg',