慣性聚合 高效追讀感興趣之博客、新聞、科技資訊
閱原文 以慣性聚合開啟

推薦訂閱源

让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
WordPress大学
WordPress大学
量子位
M
Microsoft Research Blog - Microsoft Research
Microsoft Azure Blog
Microsoft Azure Blog
Jina AI
Jina AI
罗磊的独立博客
V
Visual Studio Blog
Last Week in AI
Last Week in AI
阮一峰的网络日志
阮一峰的网络日志
IT之家
IT之家
aimingoo的专栏
aimingoo的专栏
雷峰网
雷峰网
酷 壳 – CoolShell
酷 壳 – CoolShell
美团技术团队
博客园 - 三生石上(FineUI控件)
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
MongoDB | Blog
MongoDB | Blog
小众软件
小众软件
IntelliJ IDEA : IntelliJ IDEA – the Leading IDE for Professional Development in Java and Kotlin | The JetBrains Blog
IntelliJ IDEA : IntelliJ IDEA – the Leading IDE for Professional Development in Java and Kotlin | The JetBrains Blog

Recent Commits to openclaw:main

fix(cli): preserve command option state · openclaw/openclaw@15ff89b fix(tools): tolerate out-of-scope autoreview findings · openclaw/openclaw@8cc9329 fix(acp): require allow option for auto approvals · openclaw/openclaw@25ccadd fix(cli): keep secrets configure JSON singular · openclaw/openclaw@97c63e6 fix(cli): keep plugin command metadata intact · openclaw/openclaw@9ab0af2 fix(plugins): fail stalled runtime operations fix(gateway): scope imported history identity fix(browser): validate inputs and redact remote URLs · openclaw/openclaw@bee15d4 fix(cli): preserve explicit command intent fix(twitch): cancel auth retry disconnects fix(node): avoid stale TLS pins when retargeting · openclaw/openclaw@679b677 fix(ci): address review sweep regressions fix: address PR review comments · openclaw/openclaw@08159d8 fix(plugins): avoid Signal and Twitch setup regressions · openclaw/openclaw@5b2703e fix(cli): keep completion and Twitch races bounded · openclaw/openclaw@6ce9e0d fix(twitch): cancel pending clients during shutdown fix(twitch): wait through auth retry disconnects fix(plugins): stabilize Twitch and Signal setup docs(changelog): note CLI and plugin bug fixes · openclaw/openclaw@181d55e fix: render late source reply finals in TUI · openclaw/openclaw@59b8aea fix: broadcast source reply finals for chat runs · openclaw/openclaw@84ac31b fix: keep long Codex source replies alive · openclaw/openclaw@c93dda9 test: cover source reply media transcript backing · openclaw/openclaw@321d98b docs: add TUI source reply changelog · openclaw/openclaw@589fd92 fix: avoid double terminal chat events for source replies · openclaw/openclaw@6a0e030 test: narrow transcript rewrite message content access · openclaw/openclaw@81dee15 fix: preserve reply metadata through media normalization · openclaw/openclaw@a238f03 fix: avoid duplicate media source reply transcripts · openclaw/openclaw@a10e152 fix: preserve reply payload metadata · openclaw/openclaw@bfcd801 fix: ignore replayed empty TUI finals · openclaw/openclaw@17fc1d1 test: cover control ui source reply final retention · openclaw/openclaw@5534cad fix: guard transcript source reply rewrites · openclaw/openclaw@b074dc5 fix: back source reply media in transcripts · openclaw/openclaw@39226ea fix: keep source reply finals live in control ui · openclaw/openclaw@5e28574 fix: keep TUI watchdog runs active · openclaw/openclaw@84d278a fix: bound Codex post-reasoning source reply waits · openclaw/openclaw@f5b415f fix: preserve source reply metadata through TTS fix: gracefully escalate process supervisor cancellations (#85865) · openclaw/openclaw@b13166b fix: preserve internal handoff status attribution [AI-assisted] (#85726) · openclaw/openclaw@f55e986 fix(browser): thread snapshot timeoutMs through agent tool and helper… · openclaw/openclaw@069c7b8 Disable Chrome MCP telemetry watchdog by default (#85886) · openclaw/openclaw@d581415 perf: cache stable gateway metadata · openclaw/openclaw@12f8227 chore(release): update appcast for 2026.5.22 · openclaw/openclaw@fc3c979 fix(codex): ensure codex subagent bootstrap parity with pi subagents … · openclaw/openclaw@7b3be04 fix(update): escape systemd update handoffs (#85414) · openclaw/openclaw@1f28c3e fix(media-understanding): restore image description token default · openclaw/openclaw@5dcbd38 chore: bump version to 2026.5.24 · openclaw/openclaw@0cba872 fix(ui): delay WebChat done indicator until reply renders docs: note WebChat done ordering fix · openclaw/openclaw@6c21066 feat(ui): control active realtime talk runs
修之(fix)于(cli)也:约束节点媒体文件之写(bound node media file writes)· openclaw/openclaw@a4e95cf
steipete · 2026-05-24 · via Recent Commits to openclaw:main

@@ -29,6 +29,7 @@ let writeBase64ToFile: typeof import("./nodes-camera.js").writeBase64ToFile;

2929

let writeUrlToFile: typeof import("./nodes-camera.js").writeUrlToFile;

3030

let parseScreenRecordPayload: typeof import("./nodes-screen.js").parseScreenRecordPayload;

3131

let screenRecordTempPath: typeof import("./nodes-screen.js").screenRecordTempPath;

32+

let writeScreenRecordToFile: typeof import("./nodes-screen.js").writeScreenRecordToFile;

32333334

async function withCameraTempDir<T>(run: (dir: string) => Promise<T>): Promise<T> {

3435

return await withTempDir("openclaw-test-", run);

@@ -54,7 +55,8 @@ describe("nodes camera helpers", () => {

5455

writeBase64ToFile,

5556

writeUrlToFile,

5657

} = await import("./nodes-camera.js"));

57-

({ parseScreenRecordPayload, screenRecordTempPath } = await import("./nodes-screen.js"));

58+

({ parseScreenRecordPayload, screenRecordTempPath, writeScreenRecordToFile } =

59+

await import("./nodes-screen.js"));

5860

});

59616062

beforeEach(() => {

@@ -111,6 +113,24 @@ describe("nodes camera helpers", () => {

111113

expect(p).toBe(path.join("/tmp", "openclaw-camera-snap-front-id1.jpg"));

112114

});

113115116+

it("rejects media format path traversal", () => {

117+

expect(() =>

118+

cameraTempPath({

119+

kind: "snap",

120+

ext: "../escaped",

121+

tmpDir: "/tmp",

122+

id: "id1",

123+

}),

124+

).toThrow(/invalid media format/i);

125+

expect(() =>

126+

screenRecordTempPath({

127+

ext: "mp4/../../escaped",

128+

tmpDir: "/tmp",

129+

id: "id1",

130+

}),

131+

).toThrow(/invalid media format/i);

132+

});

133+114134

it("writes camera clip payload to temp path", async () => {

115135

await withCameraTempDir(async (dir) => {

116136

const out = await writeCameraClipPayloadToFile({

@@ -173,6 +193,18 @@ describe("nodes camera helpers", () => {

173193

});

174194

});

175195196+

it("rejects oversized base64 payloads before writing", async () => {

197+

await withCameraTempDir(async (dir) => {

198+

const out = path.join(dir, "x.bin");

199+

await expect(writeBase64ToFile(out, "aGk=", { maxBytes: 1 })).rejects.toThrow(/exceeds max/i);

200+

await expectPathMissing(out);

201+

await expect(writeScreenRecordToFile(out, "aGk=", { maxBytes: 1 })).rejects.toThrow(

202+

/exceeds max/i,

203+

);

204+

await expectPathMissing(out);

205+

});

206+

});

207+176208

afterEach(() => {

177209

vi.unstubAllGlobals();

178210

});

此內容由慣性聚合(RSS閱讀器)自動聚合整理,僅供閱讀參考。 原文來自 — 版權歸原作者所有。