github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-09 21:44:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

Security: harden tool media paths

Browse Source
This commit is contained in:
Shadow
2026-02-20 13:31:40 -06:00
parent 67edc7790f
commit c378439246
10 changed files with 120 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/agents/pi-embedded-subscribe.handlers.tools.ts
View File

@@ -9,10 +9,11 @@ import type {
ToolHandlerContext,
} from "./pi-embedded-subscribe.handlers.types.js";
import {
extractMessagingToolSend,
extractToolErrorMessage,
extractToolResultMediaPaths,
extractToolResultText,
extractMessagingToolSend,
filterToolResultMediaUrls,
isToolResultError,
sanitizeToolResult,
} from "./pi-embedded-subscribe.tools.js";
@@ -381,7 +382,7 @@ export async function handleToolExecutionEnd(
// When shouldEmitToolOutput() is true, emitToolOutput already delivers media
// via parseReplyDirectives (MEDIA: text extraction), so skip to avoid duplicates.
if (ctx.params.onToolResult && !isToolError && !ctx.shouldEmitToolOutput()) {
const mediaPaths = extractToolResultMediaPaths(result);
const mediaPaths = filterToolResultMediaUrls(toolName, extractToolResultMediaPaths(result));
if (mediaPaths.length > 0) {
try {
void ctx.params.onToolResult({ mediaUrls: mediaPaths });