From 3d3bfad5d0b30f37ebff5017e4adc2dee2136069 Mon Sep 17 00:00:00 2001
From: eternal-flame-AD <yume@yumechi.jp>
Date: Tue, 19 Nov 2024 03:15:48 -0600
Subject: [PATCH 1/2] fixup! more path sanitization

---
 .../backend/src/server/api/endpoints/drive/folders/update.ts    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/backend/src/server/api/endpoints/drive/folders/update.ts b/packages/backend/src/server/api/endpoints/drive/folders/update.ts
index cc45bd8c58..2374c754f7 100644
--- a/packages/backend/src/server/api/endpoints/drive/folders/update.ts
+++ b/packages/backend/src/server/api/endpoints/drive/folders/update.ts
@@ -96,7 +96,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
 					// Check if the circular reference will occur
 					const checkCircle = async (folderId: string, limit: number = 32): Promise<boolean> => {
 						if (limit <= 0) {
-							return false;
+							return true;
 						}
 						const folder2 = await this.driveFoldersRepository.findOneByOrFail({
 							id: folderId,
-- 
2.45.2


From a236bbb8d436cd69d2201039b381e9598e545c9b Mon Sep 17 00:00:00 2001
From: eternal-flame-AD <yume@yumechi.jp>
Date: Tue, 19 Nov 2024 06:17:23 -0600
Subject: [PATCH 2/2] CSP: allow blob images for cropping avatars

Signed-off-by: eternal-flame-AD <yume@yumechi.jp>
---
 packages/backend/src/server/csp.ts | 1 +
 1 file changed, 1 insertion(+)

diff --git a/packages/backend/src/server/csp.ts b/packages/backend/src/server/csp.ts
index aeee4eab3a..3e1e7962b8 100644
--- a/packages/backend/src/server/csp.ts
+++ b/packages/backend/src/server/csp.ts
@@ -30,6 +30,7 @@ export function generateCSP(hashedMap: Map<string, CSPHashed>, options: {
             [
                 '\'self\'',
                 'data:',
+                'blob:',
                 // 'https://avatars.githubusercontent.com', // uncomment this for contributor avatars to work
                 options.mediaProxy
             ].filter(Boolean)],
-- 
2.45.2