mirror of
https://github.com/nonebot/nonebot2.git
synced 2024-11-28 04:16:57 +08:00
🚑 hotfix due to cq security problem
This commit is contained in:
yanyongyu
parent
2ae76ff78b
commit
2d63eb32e1
@ -14,7 +14,7 @@ from nonebot.message import handle_event
|
||||
from nonebot.adapters import Bot as BaseBot
|
||||
from nonebot.exception import RequestDenied
|
||||
|
||||
from .utils import log
|
||||
from .utils import log, escape
|
||||
from .message import Message, MessageSegment
|
||||
from .event import Reply, Event, MessageEvent, get_event_model
|
||||
from .exception import NetworkError, ApiNotAvailable, ActionFailed
|
||||
@ -419,6 +419,7 @@ class Bot(BaseBot):
|
||||
- ``NetworkError``: 网络错误
|
||||
- ``ActionFailed``: API 调用失败
|
||||
"""
|
||||
message = escape(message) if isinstance(message, str) else message
|
||||
msg = message if isinstance(message, Message) else Message(message)
|
||||
|
||||
at_sender = at_sender and hasattr(event, "user_id")
|
||||
|
||||
@ -11,6 +11,7 @@ sidebar: auto
|
||||
- 修复部分非法 CQ 码被识别导致报错
|
||||
- 修复非 text 类型 CQ 码 data 未进行去转义
|
||||
- 修复内置插件为进行去转义,修改内置插件为 cqhttp 定制
|
||||
- 出于**CQ 码安全性考虑**,使用 cqhttp 的 `bot.send` 或者 `matcher.send` 时默认对字符串进行转义
|
||||
|
||||
## v2.0.0a7
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user