From 0fc78939b7f380b1a41cb941ebf4bfe9ffae17f1 Mon Sep 17 00:00:00 2001
From: Thorsten Sommer <SommerEngineering@users.noreply.github.com>
Date: Fri, 22 May 2026 15:44:51 +0200
Subject: [PATCH] Added explicit validation for '..' path segments

---
 app/MindWork AI Studio/Settings/ChatTemplate.cs | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/app/MindWork AI Studio/Settings/ChatTemplate.cs b/app/MindWork AI Studio/Settings/ChatTemplate.cs
index ccbfb47e..c3d93ad9 100644
--- a/app/MindWork AI Studio/Settings/ChatTemplate.cs	
+++ b/app/MindWork AI Studio/Settings/ChatTemplate.cs	
@@ -220,6 +220,13 @@ public record ChatTemplate(
         var relativePath = filePath
             .Replace('/', Path.DirectorySeparatorChar)
             .Replace('\\', Path.DirectorySeparatorChar);
+        
+        if (relativePath.Split(Path.DirectorySeparatorChar, StringSplitOptions.RemoveEmptyEntries).Any(segment => segment == ".."))
+        {
+            LOGGER.LogWarning("The relative FileAttachments entry {AttachmentNum} in chat template {IdxChatTemplate} contains '..' path segments and will be ignored.", attachmentNum, idx);
+            return false;
+        }
+
         var combinedPath = Path.GetFullPath(Path.Combine(pluginRoot, relativePath));
         var pluginRootWithSeparator = pluginRoot.EndsWith(Path.DirectorySeparatorChar)
             ? pluginRoot