From fdb180486265d693de7fb3af8b667fe209c4b677 Mon Sep 17 00:00:00 2001
From: fadrian06 <franyeradriansanchez@gmail.com>
Date: Sun, 21 Jun 2026 21:15:12 -0400
Subject: [PATCH] Re-add writable directory check for target path

---
 flight/net/UploadedFile.php | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/flight/net/UploadedFile.php b/flight/net/UploadedFile.php
index 61b4697..5fc10d0 100644
--- a/flight/net/UploadedFile.php
+++ b/flight/net/UploadedFile.php
@@ -131,14 +131,15 @@ public function moveTo(string $targetPath): void
             throw new Exception($this->getUploadErrorMessage($this->error));
         }
 
-        if (is_writeable(dirname($targetPath)) === false) {
-            throw new Exception('Target directory is not writable');
-        }
-
         // Prevent path traversal attacks
         if (strpos($targetPath, '..') !== false) {
             throw new Exception('Invalid target path: contains directory traversal');
         }
+
+        if (is_writeable(dirname($targetPath)) === false) {
+            throw new Exception('Target directory is not writable');
+        }
+
         // Prevent absolute paths (basic check for Unix/Windows)
         if ($targetPath[0] === '/' || (strlen($targetPath) > 1 && $targetPath[1] === ':')) {
             throw new Exception('Invalid target path: absolute paths not allowed');