From 86a20498076312374d7f984e9f9ba483bef2c6a5 Mon Sep 17 00:00:00 2001
From: Hayden Young <hayden@haydennyyy.com>
Date: Sat, 16 Nov 2019 22:19:36 +0000
Subject: [PATCH] checked the string in pep command is a number, and escape
 input

---
 bot.py | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/bot.py b/bot.py
index 4b9976a..b8471ab 100644
--- a/bot.py
+++ b/bot.py
@@ -297,11 +297,19 @@ def cmd_uptime(match: Match[str]) -> Response:
 
 @handle_message('!pep')
 def cmd_pep(match: Match[str]) -> Response:
-    _, _, msg = match.groups()
-    _, _, rest = msg.partition(' ')
+    *_, msg = match.groups()
+    *_, rest = msg.partition(' ')
+    pep = esc(rest.zfill(4))
+
+    if not pep.isdigit():
+        return MessageResponse(
+            match,
+            'Please make sure you gave me a number!',
+        )
+
     return MessageResponse(
         match,
-        f'https://www.python.org/dev/peps/pep-{rest.zfill(4)}/',
+        f'https://www.python.org/dev/peps/pep-{pep}/',
     )