OpenSource/python-telegram-bot
OpenSource/python-telegram-bot
1
0
Fork 0
mirror of https://github.com/python-telegram-bot/python-telegram-bot.git synced 2024-11-21 22:56:38 +01:00
Code Issues Projects Releases Packages Wiki Activity

Fix typo

Arun Mani J 2024-06-17 21:09:10 +05:30
parent 4e560249b2
commit a3de7e593e
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
Arbitrary-callback_data.md

@ -34,7 +34,7 @@ Callback updates are not sent by Telegram, but by the client. This means that th
Most of the time, this is not really a problem, since `callback_data` often just is `Yes`, `No`, etc. However, if the callback data is something like `delete message_id 123`, the malicious user could delete any message sent by the bot.
When using `arbitrary_callback_data` as described above, PTB replaces the outgoing `callback_data` with a [UUID](https://docs.python.org/3/library/uuid.html), i.e., a random unique identifier. This makes the `callback_data` safe: If a malicious client alters the scent `CallbackQuery`, the invalid UUID can't be resolved. In this case `CallbackQuery.data` will be an instance of `telegram.ext.InvalidCallbackData`. Note that this is also the case, when the UUID *was* valid, but the data has already been dropped from cache - PTB can't distinguish between the two cases.
When using `arbitrary_callback_data` as described above, PTB replaces the outgoing `callback_data` with a [UUID](https://docs.python.org/3/library/uuid.html), i.e., a random unique identifier. This makes the `callback_data` safe: If a malicious client alters the sent `CallbackQuery`, the invalid UUID can't be resolved. In this case `CallbackQuery.data` will be an instance of `telegram.ext.InvalidCallbackData`. Note that this is also the case, when the UUID *was* valid, but the data has already been dropped from cache - PTB can't distinguish between the two cases.
## Manually handling updates