From 745473cbe6e3b946fb48069cdcb35c82282aa20b Mon Sep 17 00:00:00 2001
From: massy_o <48978050+massy-o@users.noreply.github.com>
Date: Thu, 14 May 2026 22:07:17 +0900
Subject: [PATCH] Validate video image URLs before download (#9819)

Signed-off-by: massy-o <telitos000@gmail.com>
---
 core/http/endpoints/localai/video.go | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/core/http/endpoints/localai/video.go b/core/http/endpoints/localai/video.go
index cfed9c204..bd1c6b7b4 100644
--- a/core/http/endpoints/localai/video.go
+++ b/core/http/endpoints/localai/video.go
@@ -22,12 +22,19 @@ import (
 	"github.com/mudler/LocalAI/core/backend"
 
 	model "github.com/mudler/LocalAI/pkg/model"
+	"github.com/mudler/LocalAI/pkg/utils"
 	"github.com/mudler/xlog"
 )
 
+var videoDownloadClient = http.Client{Timeout: 30 * time.Second}
+
 func downloadFile(url string) (string, error) {
+	if err := utils.ValidateExternalURL(url); err != nil {
+		return "", fmt.Errorf("URL validation failed: %w", err)
+	}
+
 	// Get the data
-	resp, err := http.Get(url)
+	resp, err := videoDownloadClient.Get(url)
 	if err != nil {
 		return "", err
 	}