From 24cab79c66984b86652161b51290df641eb656f1 Mon Sep 17 00:00:00 2001
From: advplyr <advplyr@protonmail.com>
Date: Sat, 18 Apr 2026 16:24:48 -0500
Subject: [PATCH] Update filesystem/pathexists endpoint to use existing
 isSameOrSubPath func

---
 server/controllers/FileSystemController.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/server/controllers/FileSystemController.js b/server/controllers/FileSystemController.js
index 4b0a94b39..41e082fd4 100644
--- a/server/controllers/FileSystemController.js
+++ b/server/controllers/FileSystemController.js
@@ -117,7 +117,7 @@ class FileSystemController {
     filepath = fileUtils.filePathToPOSIX(filepath)
 
     // Ensure filepath is inside library folder (prevents directory traversal)
-    if (!filepath.startsWith(libraryFolder.path)) {
+    if (!fileUtils.isSameOrSubPath(libraryFolder.path, filepath)) {
       Logger.error(`[FileSystemController] Filepath is not inside library folder: ${filepath}`)
       return res.sendStatus(400)
     }