From 18730c5e5351020e059dfec6887b279f7eed9828 Mon Sep 17 00:00:00 2001
From: sbwalker <shaun.walker@siliqon.com>
Date: Thu, 26 Feb 2026 11:03:58 -0500
Subject: [PATCH] add some defensive logic in file handler

---
 Oqtane.Server/Pages/Files.cshtml.cs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Oqtane.Server/Pages/Files.cshtml.cs b/Oqtane.Server/Pages/Files.cshtml.cs
index f01cd0b7..2c7d5ee6 100644
--- a/Oqtane.Server/Pages/Files.cshtml.cs
+++ b/Oqtane.Server/Pages/Files.cshtml.cs
@@ -48,7 +48,7 @@ namespace Oqtane.Pages
 
         public IActionResult OnGet(string path)
         {
-            if (string.IsNullOrWhiteSpace(path))
+            if (string.IsNullOrWhiteSpace(path) || _alias == null)
             {
                 HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
                 return BrokenFile();