fix: sanitize name field and remove double load_npz call

- _resolve_named_path: replace / \ and null in name to prevent path
  traversal outside cache_dir (would cause a confusing FileNotFoundError
  at np.savez time instead of at path resolution).
- train_lora: load_npz was called twice per clip when prompt was in
  prompts.txt; consolidate to a single call before prompt resolution.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
2026-04-05 15:30:25 +02:00
parent cbcd154c96
commit c88e27742c
2 changed files with 4 additions and 6 deletions
+2
View File
@@ -70,6 +70,8 @@ def _apply_mask(frames, mask, source_fps, target_fps, mask_strength=1.0):
def _resolve_named_path(cache_dir: str, name: str) -> str:
"""Return cache_dir/name.npz, incrementing to name_001.npz etc. if the file already exists."""
# Sanitize: replace path separators so the name stays inside cache_dir
name = name.replace("/", "_").replace("\\", "_").replace("\x00", "_")
base = os.path.join(cache_dir, f"{name}.npz")
if not os.path.exists(base):
return base
+2 -6
View File
@@ -264,13 +264,9 @@ def main():
print(f" [LoRA] Warning: no audio file found for {npz_path.name} — skipping")
continue
bundle = load_npz(npz_path)
# Prompt priority: prompts.txt override > embedded in .npz > directory name
prompt = prompt_map.get(npz_path.name)
if prompt is None:
bundle = load_npz(npz_path)
prompt = bundle.get("prompt", default_prompt)
else:
bundle = load_npz(npz_path)
prompt = prompt_map.get(npz_path.name, bundle.get("prompt", default_prompt))
print(f" {npz_path.name} + {audio_path.name}: '{prompt}'")