Prevent additional paths that can trigger credential leakage on Windows (#7598)

* format

* add changeset

* docstring

* fix

* add changeset

---------

Co-authored-by: gradio-pr-bot <gradio-pr-bot@users.noreply.github.com>

.changeset/weak-windows-itch.md

@@ -0,0 +1,5 @@
+---
+"gradio": patch
+---
+
+feat:Prevent additional paths that can trigger credential leakage on Windows

gradio/route_utils.py

@@ -598,9 +598,9 @@ def compare_passwords_securely(input_password: str, correct_password: str) -> bo
 
 def starts_with_protocol(string: str) -> bool:
     """This regex matches strings that start with a scheme (one or more characters not including colon, slash, or space)
-    followed by ://, or start with just // or \\ as they are interpreted as SMB paths on Windows.
+    followed by ://, or start with just //, \\/, /\\, or \\ as they are interpreted as SMB paths on Windows.
     """
-    pattern = r"^(?:[a-zA-Z][a-zA-Z0-9+\-.]*://|//|\\\\)"
+    pattern = r"^(?:[a-zA-Z][a-zA-Z0-9+\-.]*://|//|\\\\|\\/|/\\)"
     return re.match(pattern, string) is not None
 
 

test/test_routes.py

@@ -1146,6 +1146,10 @@ def test_compare_passwords_securely():
         ("//path", True),
         ("\\\\path", True),
         ("/usr/bin//test", False),
+        ("/\\10.0.225.200/share", True),
+        ("\\/10.0.225.200/share", True),
+        ("/home//user", False),
+        ("C:\\folder\\file", False),
     ],
 )
 def test_starts_with_protocol(string, expected):