Fixed security issue with download 3rd party plugin (cotes2020#2365)

Added condition to avoid security issue according to GitHub's dependabot


![image](https://github.com/alshedivat/al-folio/assets/31376482/b470a83a-5038-48be-99a6-1cbf63de57bf)

---------

Signed-off-by: George Araujo <[email protected]>

Author: george-gca

_plugins/download-3rd-party.rb

@@ -7,6 +7,11 @@
   require 'uri'
 
   def download_file(url, dest)
+    # only try to download the file if url doesn't start with | for security reasons
+    if url.start_with?('|')
+      return
+    end
+
     # create the directory if it doesn't exist
     dir = File.dirname(dest)
     unless File.directory?(dir)
@@ -30,11 +35,16 @@ def download_file(url, dest)
   end
 
   def download_fonts(url, dest)
+    # only try to download the file if url doesn't start with | for security reasons
+    if url.start_with?('|')
+      return
+    end
+
     # only download fonts if the directory doesn't exist or is empty
     unless File.directory?(dest) && !Dir.empty?(dest)
       puts "Downloading fonts from #{url} to #{dest}"
       # get available fonts from the url
-      doc = Nokogiri::HTML(URI().open(url, "User-Agent" => "Ruby/#{RUBY_VERSION}"))
+      doc = Nokogiri::HTML(URI.open(url, "User-Agent" => "Ruby/#{RUBY_VERSION}"))
       doc.css('a').each do |link|
         # get the file name from the url
         file_name = link['href'].split('/').last.split('?').first
@@ -49,6 +59,11 @@ def download_fonts(url, dest)
   end
 
   def download_fonts_from_css(config, url, dest)
+    # only try to download the file if url doesn't start with | for security reasons
+    if url.start_with?('|')
+      return
+    end
+
     # get the file name from the url
     file_name = url.split('/').last.split('?').first