fix:(next/image) handle remotePatterns with a dot in the pathname (#…

…60488)

### Fixing a bug

### What?
Fix remotePatterns when all paths and/or domains are allowed.

### Why?

micromatch creates a very strange regex for all paths -
`/^(?:(?!\.)(?:(?:(?!(?:^|[\\/])\.).)*?)[\\/]?)$/`. That is, paths
cannot start with a dot or contain a slash followed by a dot.

Interestingly, here are some valid paths:

- /a/a.a/6a00d8341c4fbe53ef02c8d3a82122200d-600wi
- ////a/a.a/6a00d8341c4fbe53ef02c8d3a82122200d-600wi
- ///:?%;№%/a/a.a/6a00d8341c4fbe53ef02c8d3a82122200d-600wi.\/
- /:./6a00d8341c4fbe53ef02c8d3a82122200d-600wi.\/

And here are some invalid ones:

- /.a/6a00d8341c4fbe53ef02c8d3a82122200d-600wi
- /a/.a/6a00d8341c4fbe53ef02c8d3a82122200d-600wi
- ./a/6a00d8341c4fbe53ef02c8d3a82122200d-600wi

I don't think this check makes any sense.

### How?

If the user allows all (`**`) - it means any path or domain will be
considered valid.

- Fixes #60483
- Fixes #58139
- Fixes #46903

---------

Co-authored-by: Steven <steven@ceriously.com>

packages/next/src/build/index.ts

@@ -400,7 +400,7 @@ async function writeImagesManifest(
     protocol: p.protocol,
     hostname: makeRe(p.hostname).source,
     port: p.port,
-    pathname: makeRe(p.pathname ?? '**').source,
+    pathname: makeRe(p.pathname ?? '**', { dot: true }).source,
   }))
 
   await writeManifest(path.join(distDir, IMAGES_MANIFEST), {

packages/next/src/shared/lib/match-remote-pattern.ts

@@ -24,7 +24,7 @@ export function matchRemotePattern(pattern: RemotePattern, url: URL): boolean {
     }
   }
 
-  if (!makeRe(pattern.pathname ?? '**').test(url.pathname)) {
+  if (!makeRe(pattern.pathname ?? '**', { dot: true }).test(url.pathname)) {
     return false
   }
 

test/unit/image-optimizer/match-remote-pattern.test.ts

@@ -200,6 +200,10 @@ describe('matchRemotePattern', () => {
     expect(m(p, new URL('https://example.com/act123/usr6/pic.jpg'))).toBe(true)
     expect(m(p, new URL('https://example.com/act123/team/pic.jpg'))).toBe(true)
     expect(m(p, new URL('https://example.com/act456/team/pic.jpg'))).toBe(false)
+    expect(m(p, new URL('https://example.com/act123/.a/pic.jpg'))).toBe(true)
+    expect(m(p, new URL('https://example.com/act123/team/usr4/pic.jpg'))).toBe(
+      false
+    )
     expect(m(p, new URL('https://example.com/team/pic.jpg'))).toBe(false)
   })
 
@@ -241,6 +245,7 @@ describe('matchRemotePattern', () => {
     expect(m(p, new URL('https://example.com/act123/usr4/picsjpg'))).toBe(false)
     expect(m(p, new URL('https://example.com/act123/usr4/pic.jpg'))).toBe(true)
     expect(m(p, new URL('https://example.com/act123/usr5/pic.jpg'))).toBe(true)
+    expect(m(p, new URL('https://example.com/act123/.sr6/pic.jpg'))).toBe(true)
     expect(m(p, new URL('https://example.com/act123/team4/pic.jpg'))).toBe(
       false
     )
@@ -293,6 +298,8 @@ describe('matchRemotePattern', () => {
     expect(m(p, new URL('https://example.com/act123/usr5/pic.jpg'))).toBe(true)
     expect(m(p, new URL('https://example.com/act123/usr6/pic.jpg'))).toBe(true)
     expect(m(p, new URL('https://example.com/act123/team/pic.jpg'))).toBe(true)
+    expect(m(p, new URL('https://example.com/act123/.a/pic.jpg'))).toBe(true)
+    expect(m(p, new URL('https://example.com/act123/team/.pic.jpg'))).toBe(true)
     expect(m(p, new URL('https://example.com/act456/team/pic.jpg'))).toBe(false)
     expect(m(p, new URL('https://example.com/team/pic.jpg'))).toBe(false)
     expect(m(p, new URL('https://sub.example.com/act123/team/pic.jpg'))).toBe(