UNUSUALxd commited on
Commit
1c2ac70
·
verified ·
1 Parent(s): 2ceef67

Update utils/executor.py

Browse files
Files changed (1) hide show
  1. utils/executor.py +7 -2
utils/executor.py CHANGED
@@ -1,6 +1,8 @@
1
  import os
2
  import asyncio
3
  import re
 
 
4
  from config import USER_CWD, ACTIVE_PROCESSES
5
 
6
  # Regex Blacklist: Catches dangerous base commands regardless of spacing or flags
@@ -52,7 +54,8 @@ async def run_shell_command_live(client, message, cmd: str, status_msg, timeout:
52
  # Rate limit edits to prevent API flood
53
  current_time = asyncio.get_event_loop().time()
54
  if current_time - last_edit_time > 2.0:
55
- display_text = output_buffer[-3500:] # Stay under Telegram limits
 
56
  try:
57
  await status_msg.edit_text(f"<b>$</b> <code>{cmd}</code>\n<pre>{display_text}</pre>", parse_mode="HTML")
58
  last_edit_time = current_time
@@ -86,4 +89,6 @@ async def run_shell_command_live(client, message, cmd: str, status_msg, timeout:
86
  await message.reply_document(filename, caption=f"<b>Command:</b> <code>{cmd}</code>", parse_mode="HTML")
87
  os.remove(filename)
88
  else:
89
- await status_msg.edit_text(f"<b>$</b> <code>{cmd}</code>\n<pre>{output_buffer}</pre>", parse_mode="HTML")
 
 
 
1
  import os
2
  import asyncio
3
  import re
4
+ import html # ⚡ FIX: Added html module to sanitize output
5
+
6
  from config import USER_CWD, ACTIVE_PROCESSES
7
 
8
  # Regex Blacklist: Catches dangerous base commands regardless of spacing or flags
 
54
  # Rate limit edits to prevent API flood
55
  current_time = asyncio.get_event_loop().time()
56
  if current_time - last_edit_time > 2.0:
57
+ # FIX: Escape HTML characters to prevent Telegram API crash
58
+ display_text = html.escape(output_buffer[-3500:])
59
  try:
60
  await status_msg.edit_text(f"<b>$</b> <code>{cmd}</code>\n<pre>{display_text}</pre>", parse_mode="HTML")
61
  last_edit_time = current_time
 
89
  await message.reply_document(filename, caption=f"<b>Command:</b> <code>{cmd}</code>", parse_mode="HTML")
90
  os.remove(filename)
91
  else:
92
+ # FIX: Escape HTML characters for the final output as well
93
+ safe_final = html.escape(output_buffer)
94
+ await status_msg.edit_text(f"<b>$</b> <code>{cmd}</code>\n<pre>{safe_final}</pre>", parse_mode="HTML")