From f6f8f14c8d0993327a2c86dfa3c976a7c1c569fc Mon Sep 17 00:00:00 2001
From: oobabooga <112222186+oobabooga@users.noreply.github.com>
Date: Thu, 2 Apr 2026 16:13:39 -0300
Subject: [PATCH] Security: Fix SSRF in superbooga extensions

---
 extensions/superbooga/download_urls.py   | 3 +++
 extensions/superboogav2/download_urls.py | 2 ++
 2 files changed, 5 insertions(+)

diff --git a/extensions/superbooga/download_urls.py b/extensions/superbooga/download_urls.py
index 424a9885..b28fea42 100644
--- a/extensions/superbooga/download_urls.py
+++ b/extensions/superbooga/download_urls.py
@@ -2,8 +2,11 @@ import concurrent.futures
 
 import requests
 
+from modules.web_search import _validate_url
+
 
 def download_single(url):
+    _validate_url(url)
     headers = {
         'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3'
     }
diff --git a/extensions/superboogav2/download_urls.py b/extensions/superboogav2/download_urls.py
index 5b5a2e17..4d8b98b1 100644
--- a/extensions/superboogav2/download_urls.py
+++ b/extensions/superboogav2/download_urls.py
@@ -5,12 +5,14 @@ import requests
 from bs4 import BeautifulSoup
 
 import extensions.superboogav2.parameters as parameters
+from modules.web_search import _validate_url
 
 from .data_processor import process_and_add_to_collector
 from .utils import create_metadata_source
 
 
 def _download_single(url):
+    _validate_url(url)
     response = requests.get(url, timeout=5)
     if response.status_code == 200:
         return response.content