Mirrors/audiobookshelf
1
0
Fork 0
mirror of https://github.com/advplyr/audiobookshelf.git synced 2026-04-25 23:06:43 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update filesystem/pathexists endpoint to use existing isSameOrSubPath func

Browse Source
This commit is contained in:
advplyr
2026-04-18 16:24:48 -05:00
parent b27f21fd95
commit 24cab79c66
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
server/controllers/FileSystemController.js
View File

@@ -117,7 +117,7 @@ class FileSystemController {
filepath = fileUtils.filePathToPOSIX(filepath)
// Ensure filepath is inside library folder (prevents directory traversal)
if (!filepath.startsWith(libraryFolder.path)) {
if (!fileUtils.isSameOrSubPath(libraryFolder.path, filepath)) {
Logger.error(`[FileSystemController] Filepath is not inside library folder: ${filepath}`)
return res.sendStatus(400)
}