From 60e8d457c4ac5951f129c2ce0094189d84f33ee3 Mon Sep 17 00:00:00 2001 From: Niranjan Date: Tue, 7 Apr 2026 05:17:40 +0530 Subject: [PATCH] new changes --- YakPanel-server/backend/app/api/files.py | 4 ++-- YakPanel-server/backend/app/api/logs.py | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/YakPanel-server/backend/app/api/files.py b/YakPanel-server/backend/app/api/files.py index c3ae0bc6..ee84af65 100644 --- a/YakPanel-server/backend/app/api/files.py +++ b/YakPanel-server/backend/app/api/files.py @@ -21,7 +21,7 @@ def _resolve_path(path: str) -> str: if os.name != "nt": allowed.append(os.path.abspath("/www")) if ".." in path: - raise HTTPException(status_code=401, detail="Path traversal not allowed") + raise HTTPException(status_code=400, detail="Path traversal not allowed") norm_path = path.strip().replace("\\", "/").strip("/") # Root or www_root-style path if not norm_path or norm_path in ("www", "www/wwwroot", "wwwroot"): @@ -49,7 +49,7 @@ async def files_list( except HTTPException: raise if not os.path.isdir(full): - raise HTTPException(status_code=401, detail="Not a directory") + raise HTTPException(status_code=404, detail="Not a directory") items = [] for name in os.listdir(full): item_path = os.path.join(full, name) diff --git a/YakPanel-server/backend/app/api/logs.py b/YakPanel-server/backend/app/api/logs.py index 9208f6ce..e49024e0 100644 --- a/YakPanel-server/backend/app/api/logs.py +++ b/YakPanel-server/backend/app/api/logs.py @@ -13,7 +13,7 @@ router = APIRouter(prefix="/logs", tags=["logs"]) def _resolve_log_path(path: str) -> str: """Resolve path within www_logs only""" if ".." in path: - raise HTTPException(status_code=401, detail="Path traversal not allowed") + raise HTTPException(status_code=400, detail="Path traversal not allowed") cfg = get_runtime_config() logs_root = os.path.abspath(cfg["www_logs"]) path = path.strip().replace("\\", "/").lstrip("/")