[BUG] Critical: Script Deletes Entire Working Directory Without Safety Checks #441
Description
Hi, I encountered a critical issue in the updater script that can easily lead to complete data loss.
The function keep_specific_items() is called like this:
keep_specific_items(".", "Video", "upload.py")
This means the script deletes everything in the current working directory, except:
- the “Video” folder,
- the “upload.py” file,
- and
.git.
This is extremely dangerous because:
- If the user runs the script from the wrong folder (e.g., Desktop or another project), the script will delete all their files.
- There is no safety check to ensure the script is inside the correct project directory.
- There is no backup or recovery mechanism.
- The confirmation prompt is easy to skip using
-yeven accidentally.
For example: On macOS + SSD/APFS, deleted files cannot be recovered, making this behavior catastrophic.
Suggested fixes:
- Hard-code a safe base path and abort if CWD is not the project folder.
- Require a second confirmation explicitly typing a phrase (e.g. “DELETE MY FILES”).
- NEVER run destructive operations on
"."— operate only inside a dedicated subfolder. - Add a dry-run mode showing what will be deleted.
- Add validation that the expected files/folders exist before starting deletion.
- Add an environment variable or config flag to prevent accidental mass deletion.
- Specify better on the guide how to use it
Please consider addressing this for user safety — the current behavior can easily wipe a user's personal files permanently.