fix: sanitize name field and remove double load_npz call
- _resolve_named_path: replace / \ and null in name to prevent path traversal outside cache_dir (would cause a confusing FileNotFoundError at np.savez time instead of at path resolution). - train_lora: load_npz was called twice per clip when prompt was in prompts.txt; consolidate to a single call before prompt resolution. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -70,6 +70,8 @@ def _apply_mask(frames, mask, source_fps, target_fps, mask_strength=1.0):
|
||||
|
||||
def _resolve_named_path(cache_dir: str, name: str) -> str:
|
||||
"""Return cache_dir/name.npz, incrementing to name_001.npz etc. if the file already exists."""
|
||||
# Sanitize: replace path separators so the name stays inside cache_dir
|
||||
name = name.replace("/", "_").replace("\\", "_").replace("\x00", "_")
|
||||
base = os.path.join(cache_dir, f"{name}.npz")
|
||||
if not os.path.exists(base):
|
||||
return base
|
||||
|
||||
Reference in New Issue
Block a user