Update utils/executor.py
Browse files- utils/executor.py +7 -2
utils/executor.py
CHANGED
|
@@ -1,6 +1,8 @@
|
|
| 1 |
import os
|
| 2 |
import asyncio
|
| 3 |
import re
|
|
|
|
|
|
|
| 4 |
from config import USER_CWD, ACTIVE_PROCESSES
|
| 5 |
|
| 6 |
# Regex Blacklist: Catches dangerous base commands regardless of spacing or flags
|
|
@@ -52,7 +54,8 @@ async def run_shell_command_live(client, message, cmd: str, status_msg, timeout:
|
|
| 52 |
# Rate limit edits to prevent API flood
|
| 53 |
current_time = asyncio.get_event_loop().time()
|
| 54 |
if current_time - last_edit_time > 2.0:
|
| 55 |
-
|
|
|
|
| 56 |
try:
|
| 57 |
await status_msg.edit_text(f"<b>$</b> <code>{cmd}</code>\n<pre>{display_text}</pre>", parse_mode="HTML")
|
| 58 |
last_edit_time = current_time
|
|
@@ -86,4 +89,6 @@ async def run_shell_command_live(client, message, cmd: str, status_msg, timeout:
|
|
| 86 |
await message.reply_document(filename, caption=f"<b>Command:</b> <code>{cmd}</code>", parse_mode="HTML")
|
| 87 |
os.remove(filename)
|
| 88 |
else:
|
| 89 |
-
|
|
|
|
|
|
|
|
|
| 1 |
import os
|
| 2 |
import asyncio
|
| 3 |
import re
|
| 4 |
+
import html # ⚡ FIX: Added html module to sanitize output
|
| 5 |
+
|
| 6 |
from config import USER_CWD, ACTIVE_PROCESSES
|
| 7 |
|
| 8 |
# Regex Blacklist: Catches dangerous base commands regardless of spacing or flags
|
|
|
|
| 54 |
# Rate limit edits to prevent API flood
|
| 55 |
current_time = asyncio.get_event_loop().time()
|
| 56 |
if current_time - last_edit_time > 2.0:
|
| 57 |
+
# ⚡ FIX: Escape HTML characters to prevent Telegram API crash
|
| 58 |
+
display_text = html.escape(output_buffer[-3500:])
|
| 59 |
try:
|
| 60 |
await status_msg.edit_text(f"<b>$</b> <code>{cmd}</code>\n<pre>{display_text}</pre>", parse_mode="HTML")
|
| 61 |
last_edit_time = current_time
|
|
|
|
| 89 |
await message.reply_document(filename, caption=f"<b>Command:</b> <code>{cmd}</code>", parse_mode="HTML")
|
| 90 |
os.remove(filename)
|
| 91 |
else:
|
| 92 |
+
# ⚡ FIX: Escape HTML characters for the final output as well
|
| 93 |
+
safe_final = html.escape(output_buffer)
|
| 94 |
+
await status_msg.edit_text(f"<b>$</b> <code>{cmd}</code>\n<pre>{safe_final}</pre>", parse_mode="HTML")
|