Fix security issue in logical expression

2024-08-30 18:23:09 +00:00 · 2023-09-04 12:53:06 -04:00 · 2023-09-04 12:53:06 -04:00 · 78b689b7ec
commit 78b689b7ec
parent adaaff3d23
1 changed files with 1 additions and 1 deletions
--- a/app/classes/web/routes/api/servers/server/files.py
+++ b/app/classes/web/routes/api/servers/server/files.py
@ -401,7 +401,7 @@ class ApiServersServerFilesCreateHandler(BaseApiHandler):
        if not Helpers.validate_traversal(
            self.controller.servers.get_server_data_by_id(server_id)["path"],
            path,
-        ) and not Helpers.validate_traversal(
+        ) or not Helpers.validate_traversal(
            self.controller.servers.get_server_data_by_id(server_id)["path"],
            new_item_path,
        ):