vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-04-14 02:31:24 +00:00
Code Issues Packages Projects Releases Wiki Activity
29,493 Commits 1,274 Branches 107 Tags
9412bdfdbeca3e010fe33f95d02eaeb65e07bb10
Commit Graph

67 Commits

Author SHA1 Message Date
Sliverp
65b781f9ae fix(qqbot): add stream config (#63746) 2026-04-09 21:23:33 +08:00
Pavan Kumar Gondhi
604777e441 fix(qqbot): enforce media storage boundary for all outbound local file paths [AI] (#63271) 
* fix: address issue

* fix: address review-pr skill feedback

* fix: address PR review feedback

* fix: address PR review feedback

* fix: address PR review feedback

* fix: address PR review feedback

* fix: address PR review feedback

* fix: address review feedback

* fix: address PR review feedback

* fix: address PR review feedback

* fix: address PR review feedback

* docs: add changelog entry for PR merge
 2026-04-09 17:56:37 +05:30
Davanum Srinivas
08ae021d1f fix(qqbot): guard image-size probe against SSRF (#63495) 
* fix(qqbot): replace raw fetch in image-size probe with SSRF-guarded fetchRemoteMedia

Replace the bare fetch() in getImageSizeFromUrl() with fetchRemoteMedia()
from the plugin SDK, closing the blind SSRF via markdown image dimension
probing (GHSA-2767-2q9v-9326).

fetchRemoteMedia options: maxBytes 65536, maxRedirects 0, generic
public-network-only SSRF policy (no hostname allowlist, blocks
private/reserved/loopback/link-local/metadata IPs after DNS resolution).

Also fixes the repo-root resolution in scripts/lib/ts-guard-utils.mjs
which caused lint:tmp:no-raw-channel-fetch to miss extension files
entirely. The guard now walks up to .git instead of hardcoding two parent
traversals, and the allowlist is refreshed with all pre-existing raw
fetch callsites that became visible.

* fix(qqbot): guard image-size probe against SSRF (#63495) (thanks @dims)

---------

Co-authored-by: sliverp <870080352@qq.com>
 2026-04-09 16:48:04 +08:00
Peter Steinberger
719f06510c chore: bump version to 2026.4.10 2026-04-09 03:56:22 +01:00
Peter Steinberger
8f17b8e964 fix(qqbot): parse entity encoded self-closing media tags 2026-04-08 11:51:32 +01:00
Peter Steinberger
93b574581f fix(qqbot): allow URL slashes in media tag attributes 2026-04-08 11:48:26 +01:00
游乐场
210ee4cfd2 fix(qqbot): support HTML entities in media tags (&lt; &gt;) (#60493) 
* fix(qqbot): 支持媒体标签中的 HTML 实体(&lt; &gt;)

* fix(qqbot): support HTML entities in media tags

* test(qqbot): add unit tests for media tag regex with HTML entities

* test(qqbot): export regex constants to enable unit tests

* fix(qqbot): reset regex lastIndex in tests to avoid state pollution

* test(qqbot): add .js extension to import in media-tags.test.ts

* fix(qqbot): support HTML entities in media tags (#60493) (thanks @ylc0919)

---------

Co-authored-by: sliverp <870080352@qq.com>
 2026-04-08 18:35:14 +08:00
Peter Steinberger
8d79b87dc7 style: apply formatter output 2026-04-08 09:58:22 +01:00
Peter Steinberger
95e397a266 refactor: dedupe repeated test helpers 2026-04-08 09:58:22 +01:00
Peter Steinberger
8cbd60d203 chore: prepare 2026.4.9 release 2026-04-08 08:02:53 +01:00
Peter Steinberger
4f8471617a chore: prepare 2026.4.8 2026-04-08 04:21:51 +01:00
Peter Steinberger
0e91c25c0b chore: prepare 2026.4.7 2026-04-08 02:14:59 +01:00
Peter Steinberger
aec24f4599 refactor: dedupe messaging trimmed readers 2026-04-08 01:36:39 +01:00
Agustin Rivera
a31cb15561 Guard missed base64 decode paths (#62007) 
* fix(media): guard missed base64 decode paths

Co-authored-by: zsxsoft <git@zsxsoft.com>

* fix(media): wire maxBytes into image-generate-tool and consolidate base64 guard helpers

* docs(changelog): add base64 decode guard entry

* fix(image-generate): validate configured media cap

---------

Co-authored-by: zsxsoft <git@zsxsoft.com>
Co-authored-by: Devin Robison <drobison@nvidia.com>
 2026-04-07 15:25:19 -06:00
Peter Steinberger
775b78e186 refactor: dedupe provider lowercase helpers 2026-04-07 22:24:32 +01:00
Peter Steinberger
ba68537d9d refactor: dedupe line qqbot slack lowercase helpers 2026-04-07 20:58:01 +01:00
Peter Steinberger
96724e5a4b Messaging: align adapter compile surfaces 2026-04-07 16:46:21 +01:00
Peter Steinberger
a96790fde7 test: speed up setup and core extension tests 2026-04-07 16:13:57 +01:00
Peter Steinberger
62a5480808 refactor: dedupe irc qqbot telegram lowercase helpers 2026-04-07 15:12:31 +01:00
Peter Steinberger
7a2a594044 test: fix setup and config typing drift 2026-04-07 12:48:05 +01:00
Peter Steinberger
991d4e2006 test: speed up setup plugin tests 2026-04-07 12:42:56 +01:00
Vincent Koc
d5ed6d26e9 chore(plugins): bulk add package boundary tsconfig rollout 2026-04-07 08:48:23 +01:00
Peter Steinberger
8d05bdda43 refactor: dedupe setup token readers 2026-04-07 06:07:13 +01:00
Peter Steinberger
e169fcd263 refactor: dedupe qa and diff error formatting 2026-04-07 05:06:54 +01:00
Peter Steinberger
ab6aa28049 refactor: dedupe qqbot error formatting 2026-04-07 02:03:33 +01:00
Peter Steinberger
61f7d53731 refactor: dedupe shared string readers 2026-04-07 02:03:33 +01:00
Peter Steinberger
f178a9dc41 refactor: dedupe extension string record helpers 2026-04-07 02:03:33 +01:00
Peter Steinberger
13d1fc077b refactor: dedupe qqbot config record helper 2026-04-07 00:21:11 +01:00
Devin Robison
37d7c716f4 fix: the bundled qq bot extension extensions qqbot pe (#329) (#62082) 2026-04-06 13:50:33 -06:00
Peter Steinberger
637bc8e458 refactor: dedupe qqbot result logging helper 2026-04-06 19:57:57 +01:00
Peter Steinberger
413a5ef75a refactor: dedupe qqbot photo send helper 2026-04-06 19:57:56 +01:00
Peter Steinberger
8ff570ee42 refactor: resolve channel env vars from plugin manifests 2026-04-06 19:53:27 +01:00
Peter Steinberger
a2be2abc28 refactor: dedupe qqbot chunk send loops 2026-04-06 19:36:01 +01:00
Peter Steinberger
3826af6c40 refactor: dedupe qqbot media target helpers 2026-04-06 19:24:43 +01:00
Peter Steinberger
800ac580b1 refactor: dedupe qqbot text dispatch helper 2026-04-06 19:24:43 +01:00
Peter Steinberger
58d7df7985 fix(ci): restore contracts and type gates 2026-04-06 19:10:31 +01:00
Peter Steinberger
6243ca50e0 refactor: dedupe qqbot channel config helpers 2026-04-06 18:40:05 +01:00
Peter Steinberger
a86fa3b211 refactor(deadcode): drop orphaned extension helpers 2026-04-06 17:18:03 +01:00
Peter Steinberger
8b79cbcd06 build(plugins): align package versions to 2026.4.6 2026-04-06 17:05:30 +01:00
Vincent Koc
6e443a20c8 fix(qqbot): remove dead tts config aliases 2026-04-06 15:32:05 +01:00
Vincent Koc
f92ef361ae fix(check): finish extension type cleanup 2026-04-06 15:30:17 +01:00
Peter Steinberger
8d095147b4 fix: restore check gate 2026-04-06 15:20:03 +01:00
Vincent Koc
9502642f47 fix(plugins): clean xai and qqbot lint 2026-04-06 15:14:20 +01:00
Peter Steinberger
af62a2c2e4 style: fix extension lint violations 2026-04-06 14:53:55 +01:00
Peter Steinberger
ce8492f9a0 chore: bump version to 2026.4.5 2026-04-05 21:33:04 +01:00
Peter Steinberger
3126809cb0 refactor: clean bundled channel bootstrap boundaries 2026-04-05 18:18:59 +01:00
Peter Steinberger
89e8c8672c fix: break bundled channel bootstrap cycles 2026-04-05 14:20:31 +01:00
Peter Steinberger
b57372d665 refactor: route capability runtime through channel stores 2026-04-05 09:07:33 +01:00
Peter Steinberger
67d6fc8847 chore(plugins): sync versions to 2026.4.4 2026-04-04 20:03:01 +01:00
Peter Steinberger
fd75d214f2 style(extensions): format channel integration updates 2026-04-04 06:02:37 +01:00