zimk/SubMind
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

hardening: remove broad session clears and validate add flow inputs

Browse Source
This commit is contained in:
Xiaolan Bot
2026-02-22 02:43:26 +08:00
parent ec06c5fac3
commit decb9c12c1
1 changed files with 10 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
SubMind.py
View File

@@ -576,7 +576,11 @@ async def add_sub_start(update: Update, context: CallbackContext):
async def add_name_received(update: Update, context: CallbackContext):
context.user_data['new_sub_data']['name'] = update.message.text
name = update.message.text.strip()
if not name:
await update.message.reply_text("订阅名称不能为空。")
return ADD_NAME
context.user_data['new_sub_data']['name'] = name
await update.message.reply_text("第二步:请输入订阅 *费用*", parse_mode='MarkdownV2')
return ADD_COST
@@ -675,11 +679,12 @@ async def add_notes_received(update: Update, context: CallbackContext):
if not sub_data:
await update.message.reply_text("发生错误,请重试。")
return ConversationHandler.END
sub_data['notes'] = update.message.text
note = update.message.text.strip()
sub_data['notes'] = note if note else None
save_subscription(update.effective_user.id, sub_data)
await update.message.reply_text(text=f"✅ 订阅 '{escape_markdown(sub_data.get('name', ''), version=2)}' 已添加!",
parse_mode='MarkdownV2')
context.user_data.clear()
_clear_action_state(context, ['new_sub_data'])
return ConversationHandler.END
@@ -692,7 +697,7 @@ async def skip_notes(update: Update, context: CallbackContext):
save_subscription(update.effective_user.id, sub_data)
await update.message.reply_text(text=f"✅ 订阅 '{escape_markdown(sub_data.get('name', ''), version=2)}' 已添加!",
parse_mode='MarkdownV2')
context.user_data.clear()
_clear_action_state(context, ['new_sub_data'])
return ConversationHandler.END
@@ -1320,7 +1325,7 @@ async def set_currency(update: Update, context: CallbackContext):
async def cancel(update: Update, context: CallbackContext):
context.user_data.clear()
_clear_action_state(context, ['new_sub_data', 'sub_id_for_action', 'field_to_edit', 'new_freq_unit'])
if update.callback_query:
await update.callback_query.answer()
await update.callback_query.edit_message_text('操作已取消。')