diff --git a/SubMind.py b/SubMind.py index a205e2d..f5e38ad 100644 --- a/SubMind.py +++ b/SubMind.py @@ -965,7 +965,21 @@ async def fallback_view_button(update: Update, context: CallbackContext): async def edit_start(update: Update, context: CallbackContext): query = update.callback_query await query.answer() - sub_id = query.data.split('_')[1] + sub_id_str = query.data.split('_')[1] + user_id = query.from_user.id + + if not sub_id_str.isdigit(): + await query.edit_message_text("错误:无效的订阅ID。") + return ConversationHandler.END + + sub_id = int(sub_id_str) + with get_db_connection() as conn: + cursor = conn.cursor() + cursor.execute("SELECT 1 FROM subscriptions WHERE id = ? AND user_id = ?", (sub_id, user_id)) + if not cursor.fetchone(): + await query.edit_message_text("错误:找不到该订阅或无权限。") + return ConversationHandler.END + logger.debug(f"Starting edit for sub_id: {sub_id}") context.user_data['sub_id_for_action'] = sub_id keyboard = [ @@ -1033,12 +1047,21 @@ async def edit_freq_value_received(update: Update, context: CallbackContext): await update.message.reply_text("请输入一个有效的正整数。") return EDIT_FREQ_VALUE unit = context.user_data.get('new_freq_unit') - sub_id = int(context.user_data.get('sub_id_for_action')) + try: + sub_id = int(context.user_data.get('sub_id_for_action')) + except (ValueError, TypeError): + await update.message.reply_text("错误:会话已过期,请重试。") + return ConversationHandler.END + with get_db_connection() as conn: cursor = conn.cursor() cursor.execute("UPDATE subscriptions SET frequency_unit = ?, frequency_value = ? WHERE id = ? AND user_id = ?", (unit, value, sub_id, user_id)) + if cursor.rowcount == 0: + await update.message.reply_text("错误:找不到该订阅或无权限。") + return ConversationHandler.END conn.commit() + await update.message.reply_text("✅ 周期已更新!") context.user_data.clear() await show_subscription_view(update, context, sub_id) @@ -1122,6 +1145,10 @@ async def edit_new_value_received(update: Update, context: CallbackContext): cursor = conn.cursor() cursor.execute(f"UPDATE subscriptions SET {db_field} = ? WHERE id = ? AND user_id = ?", (new_value, sub_id, user_id)) + if cursor.rowcount == 0: + if message_to_reply: + await message_to_reply.reply_text("错误:找不到该订阅或无权限。") + return ConversationHandler.END conn.commit() if query: @@ -1167,10 +1194,20 @@ async def remind_settings_start(update: Update, context: CallbackContext): query = update.callback_query await query.answer() sub_id_str = query.data.partition('_')[2] + user_id = query.from_user.id + if not sub_id_str.isdigit(): await query.edit_message_text("错误:无效的订阅ID。") return ConversationHandler.END + sub_id = int(sub_id_str) + with get_db_connection() as conn: + cursor = conn.cursor() + cursor.execute("SELECT 1 FROM subscriptions WHERE id = ? AND user_id = ?", (sub_id, user_id)) + if not cursor.fetchone(): + await query.edit_message_text("错误:找不到该订阅或无权限。") + return ConversationHandler.END + logger.debug(f"Starting reminder settings for sub_id: {sub_id}") context.user_data['sub_id_for_action'] = sub_id await _display_reminder_settings(query, context, sub_id) @@ -1214,6 +1251,9 @@ async def remind_action_handler(update: Update, context: CallbackContext): "WHERE id = ? AND user_id = ?", (sub_id, user_id) ) + if cursor.rowcount == 0: + await query.edit_message_text("错误:找不到该订阅或无权限。") + return ConversationHandler.END conn.commit() await _display_reminder_settings(query, context, sub_id) return REMIND_SELECT_ACTION @@ -1232,6 +1272,9 @@ async def remind_days_received(update: Update, context: CallbackContext): with get_db_connection() as conn: cursor = conn.cursor() cursor.execute("UPDATE subscriptions SET reminder_days = ? WHERE id = ? AND user_id = ?", (days, sub_id, user_id)) + if cursor.rowcount == 0: + await update.message.reply_text("错误:找不到该订阅或无权限。") + return ConversationHandler.END conn.commit() await update.message.reply_text(f"✅ 提前提醒天数已设置为: {days}天。") context.user_data.clear()