Skip to content

Commit

Permalink
[Treewide] Escape html done all the way upto disasters
Browse files Browse the repository at this point in the history
  • Loading branch information
@TsunayoshiSawada
TsunayoshiSawada committed Oct 20, 2020
1 parent 4e8192d commit b569b55
Show file tree
Hide file tree
Showing 12 changed files with 70 additions and 70 deletions.
2 changes: 1 addition & 1 deletion SaitamaRobot/__main__.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -224,7 +224,7 @@ def start(update: Update, context: CallbackContext):
]]))
else:
update.effective_message.reply_text(
"I'm online!\n<b>Up since:</b> <code>{}</code>".format(uptime),
"I'm online!\n<b>Up since:</b> <code>{}</code>".format(html.escape(uptime)),
parse_mode=ParseMode.HTML)


Expand Down
6 changes: 3 additions & 3 deletions SaitamaRobot/modules/admin.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -232,7 +232,7 @@ def set_title(update: Update, context: CallbackContext):
bot.sendMessage(
chat.id,
f"Sucessfully set title for <code>{user_member.user.first_name or user_id}</code> "
f"to <code>{title[:16]}</code>!",
f"to <code>{html.escape(title[:16])}</code>!",
parse_mode=ParseMode.HTML)


Expand Down Expand Up @@ -270,7 +270,7 @@ def pin(update: Update, context: CallbackContext) -> str:
log_message = (
f"<b>{html.escape(chat.title)}:</b>\n"
f"#PINNED\n"
f"<b>Admin:</b> {mention_html(user.id, user.first_name)}")
f"<b>Admin:</b> {mention_html(user.id, html.escape(user.first_name))}")

return log_message

Expand All @@ -295,7 +295,7 @@ def unpin(update: Update, context: CallbackContext) -> str:

log_message = (f"<b>{html.escape(chat.title)}:</b>\n"
f"#UNPINNED\n"
f"<b>Admin:</b> {mention_html(user.id, user.first_name)}")
f"<b>Admin:</b> {mention_html(user.id, html.escape(user.first_name))}")

return log_message

Expand Down
5 changes: 2 additions & 3 deletions SaitamaRobot/modules/afk.py
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
import random
import random, html

from SaitamaRobot import dispatcher
from SaitamaRobot.modules.disable import (DisableAbleCommandHandler,
Expand Down Expand Up @@ -129,8 +129,7 @@ def check_afk(update, context, user_id, fst_name, userc_id):
else:
if int(userc_id) == int(user_id):
return
res = "{} is afk.\nReason: <code>{}</code>".format(
fst_name, user.reason)
res = "{} is afk.\nReason: <code>{}</code>".format(html.escape(fst_name), html.escape(user.reason))
update.effective_message.reply_text(res, parse_mode="html")


Expand Down
10 changes: 5 additions & 5 deletions SaitamaRobot/modules/antiflood.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -79,7 +79,7 @@ def check_flood(update, context) -> str:
"\n#{}" \
"\n<b>User:</b> {}" \
"\nFlooded the group.".format(tag, html.escape(chat.title),
mention_html(user.id, user.first_name))
mention_html(user.id, html.escape(user.first_name)))

except BadRequest:
msg.reply_text(
Expand Down Expand Up @@ -112,7 +112,7 @@ def flood_button(update: Update, context: CallbackContext):
can_send_other_messages=True,
can_add_web_page_previews=True))
update.effective_message.edit_text(
f"Unmuted by {mention_html(user.id, user.first_name)}.",
f"Unmuted by {mention_html(user.id, html.escape(user.first_name))}.",
parse_mode="HTML")
except:
pass
Expand Down Expand Up @@ -161,7 +161,7 @@ def set_flood(update, context) -> str:
return "<b>{}:</b>" \
"\n#SETFLOOD" \
"\n<b>Admin:</b> {}" \
"\nDisable antiflood.".format(html.escape(chat_name), mention_html(user.id, user.first_name))
"\nDisable antiflood.".format(html.escape(chat_name), mention_html(user.id, html.escape(user.first_name)))

elif amount <= 3:
send_message(
Expand All @@ -184,7 +184,7 @@ def set_flood(update, context) -> str:
"\n#SETFLOOD" \
"\n<b>Admin:</b> {}" \
"\nSet antiflood to <code>{}</code>.".format(html.escape(chat_name),
mention_html(user.id, user.first_name), amount)
mention_html(user.id, html.escape(user.first_name)), amount)

else:
message.reply_text(
Expand Down Expand Up @@ -300,7 +300,7 @@ def set_flood_mode(update, context):
return "<b>{}:</b>\n" \
"<b>Admin:</b> {}\n" \
"Has changed antiflood mode. User will {}.".format(settypeflood, html.escape(chat.title),
mention_html(user.id, user.first_name))
mention_html(user.id, html.escape(user.first_name)))
else:
getmode, getvalue = sql.get_flood_setting(chat.id)
if getmode == 1:
Expand Down
24 changes: 12 additions & 12 deletions SaitamaRobot/modules/bans.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -81,8 +81,8 @@ def ban(update: Update, context: CallbackContext) -> str:
log = (
f"<b>{html.escape(chat.title)}:</b>\n"
f"#BANNED\n"
f"<b>Admin:</b> {mention_html(user.id, user.first_name)}\n"
f"<b>User:</b> {mention_html(member.user.id, member.user.first_name)}")
f"<b>Admin:</b> {mention_html(user.id, html.escape(user.first_name))}\n"
f"<b>User:</b> {mention_html(member.user.id, html.escape(member.user.first_name))}")
if reason:
log += "\n<b>Reason:</b> {}".format(reason)

Expand All @@ -91,7 +91,7 @@ def ban(update: Update, context: CallbackContext) -> str:
# bot.send_sticker(chat.id, BAN_STICKER) # banhammer marie sticker
reply = (
f"<code>❕</code><b>Ban Event</b>\n"
f"<code> </code><b>• User:</b> {mention_html(member.user.id, member.user.first_name)}"
f"<code> </code><b>• User:</b> {mention_html(member.user.id, html.escape(member.user.first_name))}"
)
if reason:
reply += f"\n<code> </code><b>• Reason:</b> \n{html.escape(reason)}"
Expand Down Expand Up @@ -168,8 +168,8 @@ def temp_ban(update: Update, context: CallbackContext) -> str:
log = (
f"<b>{html.escape(chat.title)}:</b>\n"
"#TEMP BANNED\n"
f"<b>Admin:</b> {mention_html(user.id, user.first_name)}\n"
f"<b>User:</b> {mention_html(member.user.id, member.user.first_name)}\n"
f"<b>Admin:</b> {mention_html(user.id, html.escape(user.first_name))}\n"
f"<b>User:</b> {mention_html(member.user.id, html.escape(member.user.first_name))}\n"
f"<b>Time:</b> {time_val}")
if reason:
log += "\n<b>Reason:</b> {}".format(reason)
Expand All @@ -179,7 +179,7 @@ def temp_ban(update: Update, context: CallbackContext) -> str:
# bot.send_sticker(chat.id, BAN_STICKER) # banhammer marie sticker
bot.sendMessage(
chat.id,
f"Banned! User {mention_html(member.user.id, member.user.first_name)} "
f"Banned! User {mention_html(member.user.id, html.escape(member.user.first_name))} "
f"will be banned for {time_val}.",
parse_mode=ParseMode.HTML)
return log
Expand Down Expand Up @@ -240,13 +240,13 @@ def punch(update: Update, context: CallbackContext) -> str:
# bot.send_sticker(chat.id, BAN_STICKER) # banhammer marie sticker
bot.sendMessage(
chat.id,
f"One Punched! {mention_html(member.user.id, member.user.first_name)}.",
f"One Punched! {mention_html(member.user.id, html.escape(member.user.first_name))}.",
parse_mode=ParseMode.HTML)
log = (
f"<b>{html.escape(chat.title)}:</b>\n"
f"#KICKED\n"
f"<b>Admin:</b> {mention_html(user.id, user.first_name)}\n"
f"<b>User:</b> {mention_html(member.user.id, member.user.first_name)}"
f"<b>Admin:</b> {mention_html(user.id, html.escape(user.first_name))}\n"
f"<b>User:</b> {mention_html(member.user.id, html.escape(member.user.first_name))}"
)
if reason:
log += f"\n<b>Reason:</b> {reason}"
Expand Down Expand Up @@ -319,8 +319,8 @@ def unban(update: Update, context: CallbackContext) -> str:
log = (
f"<b>{html.escape(chat.title)}:</b>\n"
f"#UNBANNED\n"
f"<b>Admin:</b> {mention_html(user.id, user.first_name)}\n"
f"<b>User:</b> {mention_html(member.user.id, member.user.first_name)}")
f"<b>Admin:</b> {mention_html(user.id, html.escape(user.first_name))}\n"
f"<b>User:</b> {mention_html(member.user.id, html.escape(member.user.first_name))}")
if reason:
log += f"\n<b>Reason:</b> {reason}"

Expand Down Expand Up @@ -366,7 +366,7 @@ def selfunban(context: CallbackContext, update: Update) -> str:
log = (
f"<b>{html.escape(chat.title)}:</b>\n"
f"#UNBANNED\n"
f"<b>User:</b> {mention_html(member.user.id, member.user.first_name)}")
f"<b>User:</b> {mention_html(member.user.id, html.escape(member.user.first_name))}")

return log

Expand Down
14 changes: 7 additions & 7 deletions SaitamaRobot/modules/blacklist.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,10 +58,10 @@ def blacklist(update, context):
split_text = split_message(filter_list)
for text in split_text:
if filter_list == "Current blacklisted words in <b>{}</b>:\n".format(
chat_name):
html.escape(chat_name)):
send_message(
update.effective_message,
"No blacklisted words in <b>{}</b>!".format(chat_name),
"No blacklisted words in <b>{}</b>!".format(html.escape(chat_name)),
parse_mode=ParseMode.HTML,
)
return
Expand Down Expand Up @@ -101,15 +101,15 @@ def add_blacklist(update, context):
send_message(
update.effective_message,
"Added blacklist <code>{}</code> in chat: <b>{}</b>!".format(
html.escape(to_blacklist[0]), chat_name),
html.escape(to_blacklist[0]), html.escape(chat_name)),
parse_mode=ParseMode.HTML,
)

else:
send_message(
update.effective_message,
"Added blacklist trigger: <code>{}</code> in <b>{}</b>!".format(
len(to_blacklist), chat_name),
len(to_blacklist), html.escape(chat_name)),
parse_mode=ParseMode.HTML,
)

Expand Down Expand Up @@ -157,7 +157,7 @@ def unblacklist(update, context):
send_message(
update.effective_message,
"Removed <code>{}</code> from blacklist in <b>{}</b>!"
.format(html.escape(to_unblacklist[0]), chat_name),
.format(html.escape(to_unblacklist[0]), html.escape(chat_name)),
parse_mode=ParseMode.HTML,
)
else:
Expand All @@ -168,7 +168,7 @@ def unblacklist(update, context):
send_message(
update.effective_message,
"Removed <code>{}</code> from blacklist in <b>{}</b>!".format(
successful, chat_name),
successful, html.escape(chat_name)),
parse_mode=ParseMode.HTML,
)

Expand Down Expand Up @@ -292,7 +292,7 @@ def blacklist_mode(update, context):
"<b>Admin:</b> {}\n"
"Changed the blacklist mode. will {}.".format(
html.escape(chat.title),
mention_html(user.id, user.first_name),
mention_html(user.id, html.escape(user.first_name)),
settypeblacklist,
))
else:
Expand Down
16 changes: 8 additions & 8 deletions SaitamaRobot/modules/blacklist_stickers.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,11 +53,11 @@ def blackliststicker(update: Update, context: CallbackContext):
split_text = split_message(sticker_list)
for text in split_text:
if sticker_list == "<b>List blacklisted stickers currently in {}:</b>\n".format(
chat_name).format(chat_name):
chat_name).format(html.escape(chat_name)):
send_message(
update.effective_message,
"There are no blacklist stickers in <b>{}</b>!".format(
chat_name),
html.escape(chat_name)),
parse_mode=ParseMode.HTML)
return
send_message(update.effective_message, text, parse_mode=ParseMode.HTML)
Expand Down Expand Up @@ -108,13 +108,13 @@ def add_blackliststicker(update: Update, context: CallbackContext):
send_message(
update.effective_message,
"Sticker <code>{}</code> added to blacklist stickers in <b>{}</b>!"
.format(html.escape(to_blacklist[0]), chat_name),
.format(html.escape(to_blacklist[0]), html.escape(chat_name)),
parse_mode=ParseMode.HTML)
else:
send_message(
update.effective_message,
"<code>{}</code> stickers added to blacklist sticker in <b>{}</b>!"
.format(added, chat_name),
.format(added, html.escape(chat_name)),
parse_mode=ParseMode.HTML)
elif msg.reply_to_message:
added = 0
Expand All @@ -138,7 +138,7 @@ def add_blackliststicker(update: Update, context: CallbackContext):
send_message(
update.effective_message,
"Sticker <code>{}</code> added to blacklist stickers in <b>{}</b>!"
.format(trigger, chat_name),
.format(trigger, html.escape(chat_name)),
parse_mode=ParseMode.HTML)
else:
send_message(update.effective_message,
Expand Down Expand Up @@ -182,7 +182,7 @@ def unblackliststicker(update: Update, context: CallbackContext):
send_message(
update.effective_message,
"Sticker <code>{}</code> deleted from blacklist in <b>{}</b>!"
.format(html.escape(to_unblacklist[0]), chat_name),
.format(html.escape(to_unblacklist[0]), html.escape(chat_name)),
parse_mode=ParseMode.HTML)
else:
send_message(update.effective_message,
Expand All @@ -192,7 +192,7 @@ def unblackliststicker(update: Update, context: CallbackContext):
send_message(
update.effective_message,
"Sticker <code>{}</code> deleted from blacklist in <b>{}</b>!"
.format(successful, chat_name),
.format(successful, html.escape(chat_name)),
parse_mode=ParseMode.HTML)

elif not successful:
Expand Down Expand Up @@ -307,7 +307,7 @@ def blacklist_mode(update: Update, context: CallbackContext):
return "<b>{}:</b>\n" \
"<b>Admin:</b> {}\n" \
"Changed sticker blacklist mode. users will be {}.".format(html.escape(chat.title),
mention_html(user.id, user.first_name), settypeblacklist)
mention_html(user.id, html.escape(user.first_name)), settypeblacklist)
else:
getmode, getvalue = sql.get_blacklist_setting(chat.id)
if getmode == 0:
Expand Down
14 changes: 7 additions & 7 deletions SaitamaRobot/modules/blacklistusers.py
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
# Module to blacklist users and prevent them from using commands by @TheRealPhoenix

import html
import SaitamaRobot.modules.sql.blacklistusers_sql as sql
from SaitamaRobot import (DEV_USERS, OWNER_ID, DRAGONS, DEMONS, TIGERS, WOLVES,
dispatcher)
Expand Down Expand Up @@ -51,8 +51,8 @@ def bl_user(update: Update, context: CallbackContext) -> str:
message.reply_text("I shall ignore the existence of this user!")
log_message = (
f"#BLACKLIST\n"
f"<b>Admin:</b> {mention_html(user.id, user.first_name)}\n"
f"<b>User:</b> {mention_html(target_user.id, target_user.first_name)}")
f"<b>Admin:</b> {mention_html(user.id, html.escape(user.first_name))}\n"
f"<b>User:</b> {mention_html(target_user.id, html.escape(target_user.first_name))}")
if reason:
log_message += f"\n<b>Reason:</b> {reason}"

Expand Down Expand Up @@ -91,8 +91,8 @@ def unbl_user(update: Update, context: CallbackContext) -> str:
message.reply_text("*notices user*")
log_message = (
f"#UNBLACKLIST\n"
f"<b>Admin:</b> {mention_html(user.id, user.first_name)}\n"
f"<b>User:</b> {mention_html(target_user.id, target_user.first_name)}"
f"<b>Admin:</b> {mention_html(user.id, html.escape(user.first_name))}\n"
f"<b>User:</b> {mention_html(target_user.id, html.escape(target_user.first_name))}"
)

return log_message
Expand All @@ -113,9 +113,9 @@ def bl_users(update: Update, context: CallbackContext):

if reason:
users.append(
f"• {mention_html(user.id, user.first_name)} :- {reason}")
f"• {mention_html(user.id, html.escape(user.first_name))} :- {reason}")
else:
users.append(f"• {mention_html(user.id, user.first_name)}")
users.append(f"• {mention_html(user.id, html.escape(user.first_name))}")

message = "<b>Blacklisted Users</b>\n"
if not users:
Expand Down
4 changes: 2 additions & 2 deletions SaitamaRobot/modules/chatbot.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ def add_chat(update: Update, context: CallbackContext):
msg.reply_text("AI successfully enabled for this chat!")
message = (f"<b>{html.escape(chat.title)}:</b>\n"
f"#AI_ENABLED\n"
f"<b>Admin:</b> {mention_html(user.id, user.first_name)}\n")
f"<b>Admin:</b> {mention_html(user.id, html.escape(user.first_name))}\n")
return message
else:
msg.reply_text("AI is already enabled for this chat!")
Expand All @@ -60,7 +60,7 @@ def remove_chat(update: Update, context: CallbackContext):
msg.reply_text("AI disabled successfully!")
message = (f"<b>{html.escape(chat.title)}:</b>\n"
f"#AI_DISABLED\n"
f"<b>Admin:</b> {mention_html(user.id, user.first_name)}\n")
f"<b>Admin:</b> {mention_html(user.id, html.escape(user.first_name))}\n")
return message


Expand Down
2 changes: 1 addition & 1 deletion SaitamaRobot/modules/cleaner.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -87,7 +87,7 @@ def set_blue_text_must_click(update: Update, context: CallbackContext):
else:
clean_status = "Disabled"
reply = "Bluetext cleaning for <b>{}</b> : <b>{}</b>".format(
chat.title, clean_status)
html.escape(chat.title), clean_status)
message.reply_text(reply, parse_mode=ParseMode.HTML)


Expand Down
Loading

0 comments on commit b569b55

Please sign in to comment.