Improved traversal detection too strict; Fixing.

Maikuolan · Maikuolan · commit c80f0169e7ae · 2025-09-07T14:33:54.000+08:00
diff --git a/src/FrontEnd.php b/src/FrontEnd.php
@@ -8,7 +8,7 @@
  * License: GNU/GPLv2
  * @see LICENSE.txt
  *
- * This file: Front-end handler (last modified: 2025.09.03).
+ * This file: Front-end handler (last modified: 2025.09.05).
  */
 
 namespace phpMussel\FrontEnd;
@@ -868,7 +868,7 @@ public function logsRecursiveList(): array
     public function freeFromTraversal(string $Path): bool
     {
         return !preg_match(
-            '~//|(?:[^\da-z\p{L}\p{N}\p{M}\p{P}\p{S}\p{Z}.]|[\\/?&=]|^)\.\.+(?:[^\da-z\p{L}\p{N}\p{M}\p{P}\p{S}\p{Z}.]|[\\/?&=]|$)|/\.+(?:[^\da-z\p{L}\p{N}\p{M}\p{P}\p{S}\p{Z}.]|[\\/?&=]|$)|(?:[^\da-z\p{L}\p{N}\p{M}\p{P}\p{S}\p{Z}.]|[\\/?&=])\.+/|[\x01-\x1F]~i',
+            '~(?:[^:]|^)//|(?:[^\da-z\p{L}\p{N}\p{M}\p{P}\p{S}\p{Z}.]|[\\/?&=]|^)\.\.+(?:[^\da-z\p{L}\p{N}\p{M}\p{P}\p{S}\p{Z}.]|[\\/?&=]|$)|/\.+(?:[^\da-z\p{L}\p{N}\p{M}\p{P}\p{S}\p{Z}.]|[\\/?&=]|$)|(?:[^\da-z\p{L}\p{N}\p{M}\p{P}\p{S}\p{Z}.]|[\\/?&=])\.+/|[\x01-\x1F]~i',
             str_ireplace(['%25', '%22', '%27', '%2e', '%2f', '%5b', '%5c', '%5d', '%5e', '%5f', '%60', '\\'], ['%', '"', '\'', '.', '/', '[', '/', ']', '^', '_', '`', '/'], $Path)
         );
     }

Original file line number	Diff line number	Diff line change
`@@ -8,7 +8,7 @@`
`8`	`8`	`* License: GNU/GPLv2`
`9`	`9`	`* @see LICENSE.txt`
`10`	`10`	`*`
`11`		`- * This file: Front-end handler (last modified: 2025.09.03).`
	`11`	`+ * This file: Front-end handler (last modified: 2025.09.05).`
`12`	`12`	`*/`
`13`	`13`
`14`	`14`	`namespace phpMussel\FrontEnd;`
`@@ -868,7 +868,7 @@ public function logsRecursiveList(): array`
`868`	`868`	`public function freeFromTraversal(string $Path): bool`
`869`	`869`	`{`
`870`	`870`	`return !preg_match(`
`871`		`- '~//\|(?:[^\da-z\p{L}\p{N}\p{M}\p{P}\p{S}\p{Z}.]\|[\\/?&=]\|^)\.\.+(?:[^\da-z\p{L}\p{N}\p{M}\p{P}\p{S}\p{Z}.]\|[\\/?&=]\|$)\|/\.+(?:[^\da-z\p{L}\p{N}\p{M}\p{P}\p{S}\p{Z}.]\|[\\/?&=]\|$)\|(?:[^\da-z\p{L}\p{N}\p{M}\p{P}\p{S}\p{Z}.]\|[\\/?&=])\.+/\|[\x01-\x1F]~i',`
	`871`	`+ '~(?:[^:]\|^)//\|(?:[^\da-z\p{L}\p{N}\p{M}\p{P}\p{S}\p{Z}.]\|[\\/?&=]\|^)\.\.+(?:[^\da-z\p{L}\p{N}\p{M}\p{P}\p{S}\p{Z}.]\|[\\/?&=]\|$)\|/\.+(?:[^\da-z\p{L}\p{N}\p{M}\p{P}\p{S}\p{Z}.]\|[\\/?&=]\|$)\|(?:[^\da-z\p{L}\p{N}\p{M}\p{P}\p{S}\p{Z}.]\|[\\/?&=])\.+/\|[\x01-\x1F]~i',`
`872`	`872`	str_ireplace(['%25', '%22', '%27', '%2e', '%2f', '%5b', '%5c', '%5d', '%5e', '%5f', '%60', '\\'], ['%', '"', '\'', '.', '/', '[', '/', ']', '^', '_', '`', '/'], $Path)
`873`	`873`	`);`
`874`	`874`	`}`