From 7979ce0f0a2944bc2e4bbb2fd906c7801d0c75d2 Mon Sep 17 00:00:00 2001
From: Cais1 <38024275+H1dery@users.noreply.github.com>
Date: Thu, 12 Jun 2025 19:58:47 +0800
Subject: [PATCH] File reading fixes

File reading fixes
---
 app/api/endpoints/plugin.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/api/endpoints/plugin.py b/app/api/endpoints/plugin.py
index b833352c..3cc974b2 100644
--- a/app/api/endpoints/plugin.py
+++ b/app/api/endpoints/plugin.py
@@ -348,7 +348,7 @@ def plugin_static_file(plugin_id: str, filepath: str):
     获取插件静态文件
     """
     # 基础安全检查
-    if ".." in plugin_id or ".." in filepath:
+    if ".." in filepath or ".." in plugin_id:
         logger.warning(f"Static File API: Path traversal attempt detected: {plugin_id}/{filepath}")
         raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Forbidden")