manual submit

2026-03-07 21:49:16 +07:00
parent 1748cbf8d2
commit 6004b000a7
39 changed files with 5794 additions and 614 deletions
--- a/bot.py
+++ b/bot.py
@@ -143,6 +143,14 @@ def _try_autoload_last_workflow(client: ComfyClient) -> None:
    if not last_wf:
        return
    wf_path = _PROJECT_ROOT / "workflows" / last_wf
+    # Guard against path traversal in the persisted state file
+    try:
+        safe_root = (_PROJECT_ROOT / "workflows").resolve()
+        if not wf_path.resolve().is_relative_to(safe_root):
+            logger.warning("Blocked path traversal attempt in last_workflow_file: %r", last_wf)
+            return
+    except Exception:
+        return
    if not wf_path.exists():
        logger.warning("Last workflow file not found: %s", wf_path)
        return
@@ -190,6 +198,12 @@ async def main() -> None:

    init_db()
    generation_db.init_db(_PROJECT_ROOT / "generation_history.db")
+    try:
+        import face_db as _face_db
+        _face_db.init_db()
+        logger.info("Face DB initialized")
+    except Exception as _exc:
+        logger.warning("Face DB init failed (non-fatal): %s", _exc)
    register_all_commands(bot, config)
    logger.info("All commands registered")