diff --git a/server.py b/server.py
index 2ebf9e23..e58a11d8 100644
--- a/server.py
+++ b/server.py
@@ -170,15 +170,15 @@ class PromptServer():
 
                 subfolder = post.get("subfolder", "")
                 full_output_folder = os.path.join(upload_dir, os.path.normpath(subfolder))
+                filepath = os.path.join(full_output_folder, filename)
 
-                if os.path.commonpath((upload_dir, os.path.abspath(full_output_folder))) != upload_dir:
+                if os.path.commonpath((upload_dir, os.path.abspath(filepath))) != upload_dir:
                     return web.Response(status=400)
 
                 if not os.path.exists(full_output_folder):
                     os.makedirs(full_output_folder)
 
                 split = os.path.splitext(filename)
-                filepath = os.path.join(full_output_folder, filename)
 
                 if overwrite is not None and (overwrite == "true" or overwrite == "1"):
                     pass