Change parameter order

src/index.test.ts

@@ -3,18 +3,18 @@ import { describe, it, expect } from 'vitest';
 
 describe('safe path', () => {
 	it('reject names with ../', () => {
-		expect(safePath('../foobar', './uploads')).toBe(false);
+		expect(safePath('./uplodas', '../foobar')).toBe(false);
 	});
 
 	it('accept names with ./', () => {
-		expect(safePath('./foobar', './uploads')).toBe(true);
+		expect(safePath('./uplodas', './foobar')).toBe(true);
 	});
 
 	it('reject names with /', () => {
-		expect(safePath('foo/bar', './uploads')).toBe(false);
+		expect(safePath('./uplodas', 'foo/bar')).toBe(false);
 	});
 
 	it('accept happy path', () => {
-		expect(safePath('foobar', './uploads')).toBe(true);
+		expect(safePath('./uplodas', 'foobar')).toBe(true);
 	});
 });

src/lib/index.ts

@@ -1,7 +1,7 @@
 // place files you want to import through the `$lib` alias in this folder.
 import path from 'path';
 
-function safePath(name: string, basePath: string): boolean {
+function safePath(basePath: string, name: string): boolean {
 	const fullPath = `${basePath}/${name}`;
 	const relative = path.relative(basePath, fullPath);
 	return (

src/routes/+page.server.ts

@@ -36,7 +36,7 @@ export const actions = {
 
 		const name = formName as string;
 
-		if (!safePath(name, storagePath)) {
+		if (!safePath(storagePath, name)) {
 			return fail(400, { field: 'name', name: name, incorrect: true });
 		}
 		// const name = safePath(formName as string);