computertech/duckhunt
1
1
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix critical bug: Messages being stripped by over-aggressive sanitization

Browse Source 
- Bot messages containing IRC color codes were being completely stripped
- sanitize_user_input() without allowed_chars was removing all formatting
- Changed to only remove CR/LF from messages while preserving formatting codes
- This was causing silent failures where no messages were sent to channel
This commit is contained in:
3nd3r
2025-12-28 16:03:42 -06:00
parent 6069240553
commit f6a9f4592a
1 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/duckhuntbot.py
View File

@@ -347,7 +347,9 @@ class DuckHuntBot:
# Sanitize target and message # Sanitize target and message
safe_target = sanitize_user_input(target, max_length=100, safe_target = sanitize_user_input(target, max_length=100,
allowed_chars='#&+!abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_-[]{}^`|\\') allowed_chars='#&+!abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_-[]{}^`|\\')
safe_msg = sanitize_user_input(msg, max_length=400) # Sanitize message (preserve IRC formatting codes - only remove CR/LF)
safe_msg = msg[:400] if isinstance(msg, str) else str(msg)[:400]
safe_msg = safe_msg.replace('\r', '').replace('\n', ' ').strip()
if not safe_target or not safe_msg: if not safe_target or not safe_msg:
self.logger.warning(f"Empty target or message after sanitization") self.logger.warning(f"Empty target or message after sanitization")