From 3c3272d6a47f93f3fa064b5df195e8b66f89149f Mon Sep 17 00:00:00 2001 From: Thomas Leonard Date: Sun, 11 May 2008 15:37:00 +0100 Subject: [PATCH] Don't abort on https or other unknown download URL schemes Zero Install would fail to load a feed that contained a download URL with an unknown scheme. Now, we don't generate an error unless the user actually tries to download it. Also, added 'https' to the list of allowed schemes. Reported by Justus Winter. --- zeroinstall/injector/fetch.py | 5 +++++ zeroinstall/injector/model.py | 1 - 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/zeroinstall/injector/fetch.py b/zeroinstall/injector/fetch.py index fa2d24f..0c20336 100644 --- a/zeroinstall/injector/fetch.py +++ b/zeroinstall/injector/fetch.py @@ -263,6 +263,11 @@ class Fetcher(object): """Fetch an archive. You should normally call L{download_impl} instead, since it handles other kinds of retrieval method too.""" from zeroinstall.zerostore import unpack + + url = download_source.url + if not (url.startswith('http:') or url.startswith('https:') or url.startswith('ftp:')): + raise SafeException("Unknown scheme in download URL '%s'" % url) + mime_type = download_source.type if not mime_type: mime_type = unpack.type_from_url(download_source.url) diff --git a/zeroinstall/injector/model.py b/zeroinstall/injector/model.py index 4318bd8..8a2c23b 100644 --- a/zeroinstall/injector/model.py +++ b/zeroinstall/injector/model.py @@ -280,7 +280,6 @@ class DownloadSource(RetrievalMethod): __slots__ = ['implementation', 'url', 'size', 'extract', 'start_offset', 'type'] def __init__(self, implementation, url, size, extract, start_offset = 0, type = None): - assert url.startswith('http:') or url.startswith('ftp:') or url.startswith('/') self.implementation = implementation self.url = url self.size = size -- 2.11.4.GIT