From 5e66f74f3897a1beceeccf126f6e1f0ddb1804bd Mon Sep 17 00:00:00 2001
From: Adam Harrison <adamdharrison@gmail.com>
Date: Wed, 11 Aug 2021 19:19:58 -0400
Subject: [PATCH 1/2] Handle proper path normalization if we begin with '..'.

---
 data/core/common.lua | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/core/common.lua b/data/core/common.lua
index 5077f851..42801f00 100644
--- a/data/core/common.lua
+++ b/data/core/common.lua
@@ -284,7 +284,7 @@ function common.normalize_path(filename)
   local parts = split_on_slash(filename, PATHSEP)
   local accu = {}
   for _, part in ipairs(parts) do
-    if part == '..' then
+    if part == '..' and #accu > 0 then
       table.remove(accu)
     elseif part ~= '.' then
       table.insert(accu, part)

From e2a75785534a8424f47925e246c28854bbe270bf Mon Sep 17 00:00:00 2001
From: Adam Harrison <adamdharrison@gmail.com>
Date: Wed, 11 Aug 2021 20:54:03 -0400
Subject: [PATCH 2/2] If multiple '..' handle correctly.

---
 data/core/common.lua | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/core/common.lua b/data/core/common.lua
index 42801f00..3093a36d 100644
--- a/data/core/common.lua
+++ b/data/core/common.lua
@@ -284,7 +284,7 @@ function common.normalize_path(filename)
   local parts = split_on_slash(filename, PATHSEP)
   local accu = {}
   for _, part in ipairs(parts) do
-    if part == '..' and #accu > 0 then
+    if part == '..' and #accu > 0 and accu[#accu] ~= ".." then
       table.remove(accu)
     elseif part ~= '.' then
       table.insert(accu, part)