hardening: remove broad session clears and validate add flow inputs
This commit is contained in:
Xiaolan Bot
15
SubMind.py
15
SubMind.py
@@ -576,7 +576,11 @@ async def add_sub_start(update: Update, context: CallbackContext):
|
|||||||
|
|
||||||
|
|
||||||
async def add_name_received(update: Update, context: CallbackContext):
|
async def add_name_received(update: Update, context: CallbackContext):
|
||||||
context.user_data['new_sub_data']['name'] = update.message.text
|
name = update.message.text.strip()
|
||||||
|
if not name:
|
||||||
|
await update.message.reply_text("订阅名称不能为空。")
|
||||||
|
return ADD_NAME
|
||||||
|
context.user_data['new_sub_data']['name'] = name
|
||||||
await update.message.reply_text("第二步:请输入订阅 *费用*", parse_mode='MarkdownV2')
|
await update.message.reply_text("第二步:请输入订阅 *费用*", parse_mode='MarkdownV2')
|
||||||
return ADD_COST
|
return ADD_COST
|
||||||
|
|
||||||
@@ -675,11 +679,12 @@ async def add_notes_received(update: Update, context: CallbackContext):
|
|||||||
if not sub_data:
|
if not sub_data:
|
||||||
await update.message.reply_text("发生错误,请重试。")
|
await update.message.reply_text("发生错误,请重试。")
|
||||||
return ConversationHandler.END
|
return ConversationHandler.END
|
||||||
sub_data['notes'] = update.message.text
|
note = update.message.text.strip()
|
||||||
|
sub_data['notes'] = note if note else None
|
||||||
save_subscription(update.effective_user.id, sub_data)
|
save_subscription(update.effective_user.id, sub_data)
|
||||||
await update.message.reply_text(text=f"✅ 订阅 '{escape_markdown(sub_data.get('name', ''), version=2)}' 已添加!",
|
await update.message.reply_text(text=f"✅ 订阅 '{escape_markdown(sub_data.get('name', ''), version=2)}' 已添加!",
|
||||||
parse_mode='MarkdownV2')
|
parse_mode='MarkdownV2')
|
||||||
context.user_data.clear()
|
_clear_action_state(context, ['new_sub_data'])
|
||||||
return ConversationHandler.END
|
return ConversationHandler.END
|
||||||
|
|
||||||
|
|
||||||
@@ -692,7 +697,7 @@ async def skip_notes(update: Update, context: CallbackContext):
|
|||||||
save_subscription(update.effective_user.id, sub_data)
|
save_subscription(update.effective_user.id, sub_data)
|
||||||
await update.message.reply_text(text=f"✅ 订阅 '{escape_markdown(sub_data.get('name', ''), version=2)}' 已添加!",
|
await update.message.reply_text(text=f"✅ 订阅 '{escape_markdown(sub_data.get('name', ''), version=2)}' 已添加!",
|
||||||
parse_mode='MarkdownV2')
|
parse_mode='MarkdownV2')
|
||||||
context.user_data.clear()
|
_clear_action_state(context, ['new_sub_data'])
|
||||||
return ConversationHandler.END
|
return ConversationHandler.END
|
||||||
|
|
||||||
|
|
||||||
@@ -1320,7 +1325,7 @@ async def set_currency(update: Update, context: CallbackContext):
|
|||||||
|
|
||||||
|
|
||||||
async def cancel(update: Update, context: CallbackContext):
|
async def cancel(update: Update, context: CallbackContext):
|
||||||
context.user_data.clear()
|
_clear_action_state(context, ['new_sub_data', 'sub_id_for_action', 'field_to_edit', 'new_freq_unit'])
|
||||||
if update.callback_query:
|
if update.callback_query:
|
||||||
await update.callback_query.answer()
|
await update.callback_query.answer()
|
||||||
await update.callback_query.edit_message_text('操作已取消。')
|
await update.callback_query.edit_message_text('操作已取消。')
|
||||||
|
|||||||
Reference in New Issue
Block a user