Update plugin.py

File reading fixes
2026-04-14 10:10:20 +08:00 · 2025-06-12 19:57:26 +08:00
parent 23b981c5ac
commit 2ba5d9484d
1 changed files with 1 additions and 1 deletions
--- a/app/api/endpoints/plugin.py
+++ b/app/api/endpoints/plugin.py
@@ -348,7 +348,7 @@ def plugin_static_file(plugin_id: str, filepath: str):
    获取插件静态文件
    """
    # 基础安全检查
-    if ".." in filepath or ".." in filepath:
+    if ".." in plugin_id or ".." in filepath:
        logger.warning(f"Static File API: Path traversal attempt detected: {plugin_id}/{filepath}")
        raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Forbidden")