From d50064aa8b3bac8f11b95005fbea4fe19c4a25e0 Mon Sep 17 00:00:00 2001
From: Mr-Neutr0n <64578610+Mr-Neutr0n@users.noreply.github.com>
Date: Thu, 5 Feb 2026 01:30:26 +0530
Subject: [PATCH] fix: prevent symlink-based path traversal in /view endpoint

Resolve symlinks before path validation to prevent attackers from
using symlinks to read arbitrary files outside allowed directories.

Previously, os.path.commonpath() validation occurred before symlink
resolution, allowing attackers to create symlinks in input/output/temp
directories pointing to sensitive files like /etc/passwd or SSH keys.

The fix uses os.path.realpath() to resolve symlinks before checking
if the path is within allowed directories.

Fixes #12285

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 server.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/server.py b/server.py
index 2300393b2..46bb3d540 100644
--- a/server.py
+++ b/server.py
@@ -495,7 +495,10 @@ class PromptServer():
 
                 if "subfolder" in request.rel_url.query:
                     full_output_dir = os.path.join(output_dir, request.rel_url.query["subfolder"])
-                    if os.path.commonpath((os.path.abspath(full_output_dir), output_dir)) != output_dir:
+                    # Resolve symlinks BEFORE validation to prevent symlink-based path traversal
+                    real_output_dir = os.path.realpath(full_output_dir)
+                    real_base_dir = os.path.realpath(output_dir)
+                    if not real_output_dir.startswith(real_base_dir + os.sep) and real_output_dir != real_base_dir:
                         return web.Response(status=403)
                     output_dir = full_output_dir