Fix canvas jsonl path check on non-Windows

Skip the handle-resolved-path containment check when GetFinalPathFromHandle returns an empty value on non-Windows, while preserving the earlier symlink-resolution guard.\n\nCo-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-05-05 10:18:58 -07:00 · 2026-05-05 10:18:58 -07:00 · a1ef5e67f3
commit a1ef5e67f3
parent f0704907f8
1 changed files with 3 additions and 1 deletions
--- a/src/OpenClaw.Shared/Capabilities/CanvasCapability.cs
+++ b/src/OpenClaw.Shared/Capabilities/CanvasCapability.cs
@ -404,8 +404,10 @@ public class CanvasCapability : NodeCapabilityBase
        }

        using var stream = new FileStream(fullPath, FileMode.Open, FileAccess.Read, FileShare.Read);
+        // GetFinalPathFromHandle is a Windows-only guard (returns "" on non-Windows); skip the
+        // containment check when no resolved path is available — prior symlink resolution covers that case.
        var finalPath = GetFinalPathFromHandle(stream.SafeFileHandle);
-        if (!IsPathWithinRoot(finalPath, tempRoot))
+        if (!string.IsNullOrEmpty(finalPath) && !IsPathWithinRoot(finalPath, tempRoot))
        {
            Logger.Warn($"{command}: jsonlPath file handle resolves outside temp directory: {finalPath}");
            throw new InvalidOperationException("jsonlPath must resolve within the system temp directory");