github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-10 18:04:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(security): harden account-key handling against prototype pollution

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-24 01:09:23 +00:00
parent 12cc754332
commit f97c0922e1
24 changed files with 141 additions and 111 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/telegram/draft-chunking.ts
View File

@@ -1,6 +1,7 @@
import { resolveTextChunkLimit } from "../auto-reply/chunk.js";
import { getChannelDock } from "../channels/dock.js";
import type { OpenClawConfig } from "../config/config.js";
import { resolveAccountEntry } from "../routing/account-lookup.js";
import { normalizeAccountId } from "../routing/session-key.js";
const DEFAULT_TELEGRAM_DRAFT_STREAM_MIN = 200;
@@ -19,9 +20,8 @@ export function resolveTelegramDraftStreamingChunking(
fallbackLimit: providerChunkLimit,
});
const normalizedAccountId = normalizeAccountId(accountId);
const draftCfg =
cfg?.channels?.telegram?.accounts?.[normalizedAccountId]?.draftChunk ??
cfg?.channels?.telegram?.draftChunk;
const accountCfg = resolveAccountEntry(cfg?.channels?.telegram?.accounts, normalizedAccountId);
const draftCfg = accountCfg?.draftChunk ?? cfg?.channels?.telegram?.draftChunk;
const maxRequested = Math.max(
1,