timetuple_from_msec,
try_call,
)
+from ..utils.traversal import traverse_obj
class FileDownloader:
"""Download to a filename using the info from info_dict
Return True on success and False otherwise
"""
-
nooverwrites_and_exists = (
not self.params.get('overwrites', True)
and os.path.exists(encodeFilename(filename))
self.to_screen(f'[download] Sleeping {sleep_interval:.2f} seconds ...')
time.sleep(sleep_interval)
+ # Filter the `Cookie` header from the info_dict to prevent leaks.
+ # See: https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-v8mc-9377-rwjj
+ info_dict['http_headers'] = dict(traverse_obj(info_dict, (
+ 'http_headers', {dict.items}, lambda _, pair: pair[0].lower() != 'cookie'))) or None
+
ret = self.real_download(filename, info_dict)
self._finish_multiline_status()
return ret, True