File reading fixes

2026-04-05 19:58:09 +08:00 · 2025-06-12 19:58:47 +08:00
parent 2ba5d9484d
commit 7979ce0f0a
1 changed files with 1 additions and 1 deletions
--- a/app/api/endpoints/plugin.py
+++ b/app/api/endpoints/plugin.py
@@ -348,7 +348,7 @@ def plugin_static_file(plugin_id: str, filepath: str):
    获取插件静态文件
    """
    # 基础安全检查
-    if ".." in plugin_id or ".." in filepath:
+    if ".." in filepath or ".." in plugin_id:
        logger.warning(f"Static File API: Path traversal attempt detected: {plugin_id}/{filepath}")
        raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Forbidden")