Ayuriel/openclaw
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(web): guard system files in file write route and allow aborting waiting-for-subagents runs

Browse Source
This commit is contained in:
kumarabhirup 2026-03-02 18:34:27 -08:00
parent 67812f0de6
commit f3fffec97f
No known key found for this signature in database
GPG Key ID: DB7CA2289CAB0167
2 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
apps/web/app/api/chat/stop/route.ts
View File

@ -21,6 +21,8 @@ export async function POST(req: Request) {
}
const run = getActiveRun(runKey);
const aborted = run?.status === "running" ? abortRun(runKey) : false;
const canAbort =
run?.status === "running" || run?.status === "waiting-for-subagents";
const aborted = canAbort ? abortRun(runKey) : false;
return Response.json({ aborted });
}

7
apps/web/app/api/workspace/file/route.ts
View File

@ -49,6 +49,13 @@ export async function POST(req: Request) {
);
}
if (isSystemFile(relPath)) {
return Response.json(
{ error: "Cannot modify system file" },
{ status: 403 },
);
}
// Use safeResolveNewPath (not safeResolvePath) because the file may not exist yet
const absPath = safeResolveNewPath(relPath);
if (!absPath) {