From ede538bfe2db5cd6b480a1519c6881d78d3a9d8c Mon Sep 17 00:00:00 2001
From: liunux4odoo <41217877+liunux4odoo@users.noreply.github.com>
Date: Tue, 14 May 2024 18:48:55 +0800
Subject: [PATCH] =?UTF-8?q?update=20"path=20traversal=20bug=20in=20api=20/?=
 =?UTF-8?q?knowledge=5Fbase/download=5Fdoc(#4008)=E2=80=A6=20(#4017)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* Revert "path traversal bug in api /knowledge_base/download_doc(#4008) (#4009)"

This reverts commit 2c146aff74bac427f0a4921971d8472097410bdf.

* Update utils.py
---
 server/knowledge_base/utils.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/server/knowledge_base/utils.py b/server/knowledge_base/utils.py
index b6772cd2..cfd8d1d7 100644
--- a/server/knowledge_base/utils.py
+++ b/server/knowledge_base/utils.py
@@ -43,7 +43,7 @@ def get_vs_path(knowledge_base_name: str, vector_name: str):
 
 def get_file_path(knowledge_base_name: str, doc_name: str):
     doc_path = Path(get_doc_path(knowledge_base_name))
-    file_path = doc_path / doc_name
+    file_path = (doc_path / doc_name).resolve()
     if file_path.is_relative_to(doc_path):
         return str(file_path)