From 7df890d964b251efd7aaeb3c82ff117c1bf8cffb Mon Sep 17 00:00:00 2001
From: ed <s@ocv.me>
Date: Sun, 20 Aug 2023 09:47:50 +0000
Subject: [PATCH] wget: only allow http/https/ftp/ftps (#50): these are all the
 protocols that are currently supported by wget, so this has no practical
 effect aside from making sure we won't suddenly get file:// support or
 something (which would be bad)

---
 bin/hooks/wget.py | 4 ++++
 bin/mtag/wget.py  | 4 ++++
 2 files changed, 8 insertions(+)

diff --git a/bin/hooks/wget.py b/bin/hooks/wget.py
index 4852db89..784f09e0 100755
--- a/bin/hooks/wget.py
+++ b/bin/hooks/wget.py
@@ -37,6 +37,10 @@ def main():
     if "://" not in url:
         url = "https://" + url
 
+    proto = url.split("://")[0].lower()
+    if proto not in ("http", "https", "ftp", "ftps"):
+        raise Exception("bad proto {}".format(proto))
+
     os.chdir(inf["ap"])
 
     name = url.split("?")[0].split("/")[-1]
diff --git a/bin/mtag/wget.py b/bin/mtag/wget.py
index c6663d6b..26a1fa45 100644
--- a/bin/mtag/wget.py
+++ b/bin/mtag/wget.py
@@ -65,6 +65,10 @@ def main():
     if "://" not in url:
         url = "https://" + url
 
+    proto = url.split("://")[0].lower()
+    if proto not in ("http", "https", "ftp", "ftps"):
+        raise Exception("bad proto {}".format(proto))
+
     os.chdir(fdir)
 
     name = url.split("?")[0].split("/")[-1]