From 591c98f3e6b3985379e0dd0db968d896953a1ef1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jo=C3=A3o=20Lucas=20de=20Oliveira=20Lopes?=
 <55464917+jlucaso1@users.noreply.github.com>
Date: Mon, 30 Jun 2025 16:02:40 -0300
Subject: [PATCH] fix: validate media URL before downloading content from
 message (#1560)

---
 src/Utils/messages-media.ts | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/Utils/messages-media.ts b/src/Utils/messages-media.ts
index 3a6b37d..ebfe3a3 100644
--- a/src/Utils/messages-media.ts
+++ b/src/Utils/messages-media.ts
@@ -448,7 +448,12 @@ export const downloadContentFromMessage = async (
 	type: MediaType,
 	opts: MediaDownloadOptions = {}
 ) => {
-	const downloadUrl = url || getUrlFromDirectPath(directPath!)
+	const isValidMediaUrl = url?.startsWith('https://mmg.whatsapp.net/')
+	const downloadUrl = isValidMediaUrl ? url : getUrlFromDirectPath(directPath!)
+	if (!downloadUrl) {
+		throw new Boom('No valid media URL or directPath present in message', { statusCode: 400 })
+	}
+
 	const keys = await getMediaKeys(mediaKey, type)
 
 	return downloadEncryptedContent(downloadUrl, keys, opts)