From b01bdab6f9de691911db547986e1a1f71662eca6 Mon Sep 17 00:00:00 2001
From: yuuki <>
Date: Mon, 23 Dec 2024 17:35:53 +0900
Subject: [PATCH] =?UTF-8?q?=E8=A6=AA=E3=83=87=E3=82=A3=E3=83=AC=E3=82=AF?=
 =?UTF-8?q?=E3=83=88=E3=83=AA=E3=81=AE=E5=89=8A=E9=99=A4=E3=82=92=E4=BF=9D?=
 =?UTF-8?q?=E8=AD=B7=E3=81=99=E3=82=8B?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app.py b/app.py
index d17496c..823d2e0 100644
--- a/app.py
+++ b/app.py
@@ -833,7 +833,7 @@ def delete():
 
     parent_dir = pathlib.Path(os.getenv("TAIKO_WEB_SONGS_DIR", "public/songs"))
     target_dir = parent_dir / id
-    if target_dir.resolve().relative_to(parent_dir.resolve()) == pathlib.Path("."):
+    if not (target_dir.resolve().parents and parent_dir.resolve() in target_dir.resolve().parents):
         return flask.jsonify({ "success": False, "reason": "PARENT IS NOT ALLOWED" })
 
     shutil.rmtree(target_dir)