Skip to content

[BUG] Unable to save changes after uploading new favicon #156

Open
Open
[BUG] Unable to save changes after uploading new favicon#156
Labels
bugSomething isn't working
@FlashAndromeda

Description

@FlashAndromeda
FlashAndromeda
opened on Mar 24, 2026

Bug Description

Unable to change favicon, error thrown when attempting to save changes.

The error thrown in console:
{"level":"ERROR","time":"2026-03-24T21:32:32.985Z","pid":196,"host":"b217e84151b7","node":"v24.14.0","name":"files","error":{"type":"Error","message":"Invalid storage path: Path traversal detected","stack":"Error: Invalid storage path: Path traversal detected\n at f (/app/.next/server/chunks/6834.js:1:13837)\n at j.uploadFile (/app/.next/server/chunks/6834.js:1:3717)\n at E (/app/.next/server/app/api/settings/favicon/route.js:1:1351)\n at async rH.do (/app/node_modules/next/dist/compiled/next-server/app-route.runtime.prod.js:5:21048)\n at async rH.handle (/app/node_modules/next/dist/compiled/next-server/app-route.runtime.prod.js:5:25866)\n at async k (/app/.next/server/app/api/settings/favicon/route.js:1:4268)\n at async rH.handleResponse (/app/node_modules/next/dist/compiled/next-server/app-route.runtime.prod.js:1:110614)\n at async g (/app/.next/server/app/api/settings/favicon/route.js:1:5271)\n at async K (/app/.next/server/app/api/settings/favicon/route.js:1:6393)\n at async NextNodeServer.renderToResponseWithComponentsImpl (/app/node_modules/next/dist/server/base-server.js:1422:9)"},"msg":"Error updating favicon:"}

The file being uploaded as new favicon:
Image

Reproduction Steps

  1. Go to Settings -> Appearance
  2. Scroll down to the bottom
  3. Click on 'Upload favicon'
  4. Select a .png file and upload
  5. Click 'Save changes'
  6. Observe error 'Failed to apply settings' appearing

Expected Behavior

Newly uploaded favicon is applied upon clicking 'Save changes'

Actual Behavior

An error appears preventing the favicon change being applied

Screenshots

Image

🌍 Environment

  • Server OS: Ubuntu 25.10
  • Client OS: EndeavourOS x86_64 / Linux 6.19.9-arch1-1
  • Browser: Firefox 148.0.2
  • Flare Version: 1.7.3
  • Deployment Method: Docker compose (managed through Dockge with tunneling with cloudflared)
  • Storage Method: Local Storage

Compose.yaml:

(I replaced all the sensitive information like username, password, secret and URL)

  db:
    image: postgres:17-alpine # lightweight, recent version; 16 or 15 also fine
    container_name: flare-db
    restart: unless-stopped
    environment:
      POSTGRES_USER: user # change if you want
      POSTGRES_PASSWORD: password #  ^f^p CHANGE THIS to something strong
      POSTGRES_DB: flaredb # database name Flare will use
    volumes:
      - /home/user/data/Flare/postgres-data:/var/lib/postgresql/data # persistent storage
    healthcheck:
      test:
        - CMD-SHELL
        - pg_isready -U user -d flaredb
      interval: 10s
      timeout: 5s
      retries: 5
  flare:
    image: flintsh/flare:latest
    container_name: flare-app
    restart: unless-stopped
    ports:
      - 3000:3000 # change left side if you want different host port
    environment:
      DATABASE_URL: postgresql://user:password@db:5432/flaredb?schema=public
      NEXTAUTH_SECRET: generated_secret # generate with: openssl rand -base64 32
      NEXTAUTH_URL: https://flare.example.com # or https:// if using reverse proxy
    volumes:
      - /home/user/data/Flare/uploads:/app/uploads # where files/screenshots/videos are stored
    depends_on:
      db:
        condition: service_healthy
networks: {}```

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions