LonamiWebs/Telethon
1
1
Fork 0
mirror of https://github.com/LonamiWebs/Telethon.git synced 2025-11-04 01:47:27 +03:00
Code Issues Packages Projects Releases Wiki Activity

Prevent download_profile_photo from downloading arbitrary files

Browse Source 
First of all, because it shouldn't be doing that. Second, it was
buggy and was passing the tuple returned by get_input_location to
download_file which doesn't accept tuples (instead it should be
passed the photo object so that download_file could return dc_id
and input file location itself).
This commit is contained in:
Lonami Exo 2019-04-03 09:51:33 +02:00
parent 22fcdeef7f
commit ff8349ff3f
1 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
telethon/client/downloads.py
View File

@ -78,10 +78,11 @@ class DownloadMethods(UserMethods):
if isinstance(photo, (types.UserProfilePhoto, types.ChatPhoto)): if isinstance(photo, (types.UserProfilePhoto, types.ChatPhoto)):
loc = photo.photo_big if download_big else photo.photo_small loc = photo.photo_big if download_big else photo.photo_small
else: else:
try: # It doesn't make any sense to check if `photo` can be used
loc = utils.get_input_location(photo) # as input location, because then this method would be able
except TypeError: # to "download the profile photo of a message", i.e. its
return None # media which should be done with `download_media` instead.
return None
file = self._get_proper_filename( file = self._get_proper_filename(
file, 'profile_photo', '.jpg', file, 'profile_photo', '.jpg',