Valid hidden Joomla files/folders sometimes fail the filter

[GeraintEdwards]

Steps to reproduce the issue

1. Apply the path filter to the path

/var/www/vhosts/website-net/subdomain-website-net/._hiddenTemp

2. Apply the path filter to the path

/var/www/vhosts/website.net/subdomain.website.net/._hiddenTemp

Expected result

1. Should return the cleaned path

/var/www/vhosts/website-net/subdomain-website-net/._hiddenTemp

2. Should return the cleaned path

/var/www/vhosts/website.net/subdomain.website.net/._hiddenTemp

Actual result

1. Returns the path

/var/www/vhosts/website-net/subdomain-website-net/._hiddenTemp

2. Returns an empty path

``

Additional comments

Plesk servers use the domain/subdomain pattern 2 so this is a live issue.

Additionally the use of hidden files/folders is a valid and security enhancing use case - setting the Joomla tmp or log directory to a hidden *nix folder is a good thing. Also can be used to install a hidden Joomla installation in an obscure and hidden sub-folder of a live site.

[GeraintEdwards]

Took me a little while to figure out why case 1 was ok but not case 2.

The regexp pattern being used is

$linuxPattern = '/^[A-Za-z0-9_\/-]+[A-Za-z0-9_\.-]*([\\\\\/]+[A-Za-z0-9_-]+[A-Za-z0-9_\.-]*)*$/';

The first part of this matches all characters up to the first period
[A-Za-z0-9_\/-]+

The second part then matches up to the next 'slash'
[A-Za-z0-9_\.-]*

So the string
/var/www/vhosts/website-net/subdomain-website-net/._hiddenTemp
is covered all the way by the first 2 parts and the hidden folder is allowed.

But the string
/var/www/vhosts/website.net/subdomain.website.net/._hiddenTemp
skips to the thirs part of the regex pattern at the first slash after the first period in website.net

Then the third block won't allow the hidden prefix :(

Examining this in more detail this filter doesn't clean double dotted paths - don't know if this was intentional

/var/www/vhosts/mainsite/../another.website.net/something -> cleans to
/var/www/vhosts/mainsite/../another.website.net/something