More bad paths

2026-01-18 18:09:55 +00:00 · 2026-01-18 18:09:55 +00:00 · 99a792345b
parent 86e02ba085
commit 99a792345b
1 changed files with 2 additions and 1 deletions
--- a/utils.py
+++ b/utils.py
@ -3968,7 +3968,8 @@ def check_bad_path(path: str):
    path_lower = path.lower()

    bad_strings = ('..', '/.', '%2e%2e', '%252e%252e',
-                   '/sftp.', '/sftp-', '/statistics')
+                   '/sftp.', '/sftp-', '/statistics',
+                   '/config/', 'settings.')

    # allow /.well-known/...
    if '/.' in path_lower: