Skip to content

Format injection in help thread titles #561

New issue
New issue
Closed
#615
Closed
Format injection in help thread titles#561
#615
Assignees
Zabuzard
Labels
bugSomething isn't workingpriority: normalvalidThis issue/PR is validated and ready to be picked. This auto adds items to TJ project board.
@Zabuzard

Description

@Zabuzard
Zabuzard
opened on Sep 7, 2022

Issue

There is a bug where the help-thread flow breaks down for the bot when giving a title that contains stuff relevant to string formatting.

For example a title like bad %s text %s %. test or simply test %s:

issue1

issue2

Threads are created though, so nobody is blocked.

Exception is this:

exception

Coming from the string formatting here:

code

Fix

The source of the issue is that we do format twice. Hence the first format may introduce a %, which is then interpreted by the second format. Thats obviously not intended and two successive formats are dangerous anyways. It was an elegant approach, but it shouldnt be done.

We should split the text formatting so that it doesnt run format twice on the same string.

Metadata

Metadata

Assignees

Labels

bugSomething isn't workingpriority: normalvalidThis issue/PR is validated and ready to be picked. This auto adds items to TJ project board.

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions