From 2ba5d9484d86ef7ec8c80d69e3ebc8bb0d532de2 Mon Sep 17 00:00:00 2001
From: Cais1 <38024275+H1dery@users.noreply.github.com>
Date: Thu, 12 Jun 2025 19:57:26 +0800
Subject: [PATCH] Update plugin.py

File reading fixes
---
 app/api/endpoints/plugin.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/api/endpoints/plugin.py b/app/api/endpoints/plugin.py
index 929a857a..b833352c 100644
--- a/app/api/endpoints/plugin.py
+++ b/app/api/endpoints/plugin.py
@@ -348,7 +348,7 @@ def plugin_static_file(plugin_id: str, filepath: str):
     获取插件静态文件
     """
     # 基础安全检查
-    if ".." in filepath or ".." in filepath:
+    if ".." in plugin_id or ".." in filepath:
         logger.warning(f"Static File API: Path traversal attempt detected: {plugin_id}/{filepath}")
         raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Forbidden")