990fa28668
Replace naive string-based ".." detection with component-based analysis to eliminate false positives while maintaining security. Problem: - Filenames like "Battery... Rekon 35.m4a" were incorrectly flagged - String check `if ".." in path` matched ellipsis (...) as traversal Solution: - Parse path into components using Path().parts - Check each component for exact ".." match - Allows ellipsis in filenames while blocking actual traversal Security maintained: - ✅ Blocks: ../etc/passwd, dir/../../secret, /../../../etc/hosts - ✅ Allows: file...mp3, Wait... what.m4a, Battery...Rekon.m4a Tests: - Added comprehensive test suite with 8 test cases - Verified ellipsis filenames pass validation - Verified path traversal attacks still blocked - All tests passing (8/8) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>