From c482804b970474dc8f5f8de3c06359c00dbafacc Mon Sep 17 00:00:00 2001
From: bashrc <bob@libreserver.org>
Date: Tue, 21 Apr 2026 15:45:27 +0100
Subject: [PATCH] Avoid duplication

---
 utils.py | 17 ++++++-----------
 1 file changed, 6 insertions(+), 11 deletions(-)

diff --git a/utils.py b/utils.py
index 4ec9b17fe..2b93ed39e 100644
--- a/utils.py
+++ b/utils.py
@@ -4122,11 +4122,11 @@ def check_bad_path(path: str):
     """
     path_lower = path.lower()
 
-    bad_strings = ('..', '/.', '%2e%2e', '%252e%252e',
-                   '/sftp.', '/sftp-', '/statistics',
-                   '/config/', 'settings.', 'credentials',
-                   '/packs/', '/backend/', '/apis/',
-                   '/laravel/', '/js/', '/root/')
+    bad_strings = [
+        '..', '/.', '%2e%2e', '%252e%252e', '/sftp.', '/sftp-', '/statistics',
+        '/config/', 'settings.', 'credentials', '/packs/', '/backend/',
+        '/apis/', '/laravel/', '/js/', '/root/'
+    ]
 
     # allow /.well-known/...
     if '/.' in path_lower:
@@ -4145,12 +4145,7 @@ def check_bad_path(path: str):
         return True
 
     if '/.ghost/activitypub/' in path_lower:
-        # remove '/.'
-        bad_strings = ('..', '%2e%2e', '%252e%252e',
-                       '/sftp.', '/sftp-', '/statistics',
-                       '/config/', 'settings.', 'credentials',
-                       '/packs/', '/backend/', '/apis/',
-                       '/laravel/', '/js/', '/root/')
+        bad_strings.remove('/.')
 
     if string_contains(path_lower, bad_strings):
         return True