Another bad path

2026-01-17 11:55:59 +00:00 · 2026-01-17 11:55:59 +00:00 · 282c5ce6ce
parent c5f49d03d4
commit 282c5ce6ce
1 changed files with 1 additions and 1 deletions
--- a/utils.py
+++ b/utils.py
@ -3968,7 +3968,7 @@ def check_bad_path(path: str):
    path_lower = path.lower()

    bad_strings = ('..', '/.', '%2e%2e', '%252e%252e',
-                   '/sftp.', '/sftp-')
+                   '/sftp.', '/sftp-', '/statistics')

    # allow /.well-known/...
    if '/.' in path_lower: