mirror of
https://github.com/open-webui/open-webui.git
synced 2026-07-11 08:34:32 -05:00
[PR #24588] [MERGED] fix: validate folder_id ownership on chat create + folder-update endpoints #98768
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
📋 Pull Request Information
Original PR: https://github.com/open-webui/open-webui/pull/24588
Author: @Classic298
Created: 5/11/2026
Status: ✅ Merged
Merged: 5/13/2026
Merged by: @tjbck
Base:
dev← Head:fix/chats-new-validate-folder-ownership📝 Commits (1)
ccc37ebfix: validate folder_id ownership on chat create + folder-update endpoints📊 Changes
1 file changed (+21 additions, -0 deletions)
View changed files
📝
backend/open_webui/routers/chats.py(+21 -0)📄 Description
POST /api/v1/chats/new and POST /api/v1/chats/{id}/folder accepted a caller-supplied folder_id with no validation — neither ownership, nor existence, nor UUID format. The row was persisted with the supplied value verbatim, so the DB ended up with chat rows whose folder_id referenced another user's folder, a non-existent UUID, or even a non-UUID string.
No read path surfaces this across users — every chat-folder read is user_id-filtered on both sides — so this is referential-integrity hardening rather than a security boundary fix. But there's no reason to accept dangling references either, and the downstream consumers shouldn't have to assume the column is clean.
Add a Folders.get_folder_by_id_and_user_id() lookup at both writers: if a folder_id is supplied, it must match a folder owned by the caller. None remains allowed (chat-without-folder is the default). Non-existent and non-UUID values fall through to 404.
Contributor License Agreement
🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.