From efca7f7b5c6322d88d850e6e25683e251aca3ae6 Mon Sep 17 00:00:00 2001
From: bashrc <bob@libreserver.org>
Date: Tue, 21 Apr 2026 10:19:54 +0100
Subject: [PATCH] More bad endings

---
 utils.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/utils.py b/utils.py
index 24bd1d2b4..56c3536c0 100644
--- a/utils.py
+++ b/utils.py
@@ -4126,7 +4126,7 @@ def check_bad_path(path: str):
                    '/sftp.', '/sftp-', '/statistics',
                    '/config/', 'settings.', 'credentials',
                    '/packs/', '/backend/', '/apis/',
-                   '/laravel/', '/js/')
+                   '/laravel/', '/js/', '/root/')
 
     # allow /.well-known/...
     if '/.' in path_lower:
@@ -4139,7 +4139,7 @@ def check_bad_path(path: str):
 
     bad_endings = (
         '.js', '.ts', '.py', '.php', '.bak', '.env', '.local', '.yml',
-        '.rs', '.ru'
+        '.rs', '.ru', '.old', '.backup', '~', '.ini'
     )
     if string_ends_with(path_lower, bad_endings):
         return True