Enhance database handling and improve HTML safety across the bot. Added async methods for blacklist checks, updated connection settings for SQLite, and implemented HTML escaping for user inputs and messages to prevent potential issues. Adjusted middleware latency and refactored various handlers for better performance and reliability.

2025-08-26 16:51:28 +03:00
parent 7b6abe2a0e
commit fee22f8ad4
17 changed files with 308 additions and 77 deletions
--- a/helper_bot/handlers/callback/callback_handlers.py
+++ b/helper_bot/handlers/callback/callback_handlers.py
@@ -221,8 +221,11 @@ async def process_ban_user(call: CallbackQuery, state: FSMContext):
        await state.update_data(user_id=user_id, user_name=user_name, message_for_user=None,
                                date_to_unban=None)
        markup = create_keyboard_for_ban_reason()
+        # Экранируем потенциально проблемные символы
+        user_name_escaped = html.escape(str(user_name))
+        full_name_escaped = html.escape(str(call.message.from_user.full_name))
        await call.message.answer(
-            text=f"<b>Выбран пользователь:\nid:</b> {user_id}\n<b>username:</b> {user_name}\nИмя:{call.message.from_user.full_name}\nВыбери причину бана из списка или напиши ее в чат",
+            text=f"<b>Выбран пользователь:\nid:</b> {user_id}\n<b>username:</b> {user_name_escaped}\nИмя:{full_name_escaped}\nВыбери причину бана из списка или напиши ее в чат",
            reply_markup=markup)
        await state.set_state('BAN_2')
    else: