groove/audiobookshelf
1
0
Fork 0
mirror of https://github.com/advplyr/audiobookshelf.git synced 2026-05-26 21:31:31 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Update filesystem/pathexists endpoint to use existing isSameOrSubPath func

Browse source
This commit is contained in:
advplyr 2026-04-18 16:24:48 -05:00
parent b27f21fd95
commit 24cab79c66
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
server/controllers/FileSystemController.js
View file

@ -117,7 +117,7 @@ class FileSystemController {
filepath = fileUtils.filePathToPOSIX(filepath) filepath = fileUtils.filePathToPOSIX(filepath)
// Ensure filepath is inside library folder (prevents directory traversal) // Ensure filepath is inside library folder (prevents directory traversal)
if (!filepath.startsWith(libraryFolder.path)) { if (!fileUtils.isSameOrSubPath(libraryFolder.path, filepath)) {
Logger.error(`[FileSystemController] Filepath is not inside library folder: ${filepath}`) Logger.error(`[FileSystemController] Filepath is not inside library folder: ${filepath}`)
return res.sendStatus(400) return res.sendStatus(400)
} }