release(v1.9.7): harden client path guard and refine header/folder strip CSS

public/js/adminPanel.js

@@ -465,7 +465,7 @@ export function openAdminPanel() {
         background:${dark ? "#2c2c2c" : "#fff"};
         color:${dark ? "#e0e0e0" : "#000"};
         padding:20px; max-width:1100px; width:50%;
-        border-radius:8px; position:relative;
+        position:relative;
         max-height:90vh; overflow:auto;
         border:1px solid ${dark ? "#555" : "#ccc"};
       `;
@@ -1525,7 +1525,6 @@ export function openUserPermissionsModal() {
   padding: 20px;
   width: clamp(980px, 92vw, 1280px);
   max-width: none;
-  border-radius: 8px;
   position: relative;
   max-height: 90vh;
   overflow: auto;
@@ -1654,7 +1653,7 @@ export async function openUserFlagsModal() {
       <div class="modal-content"
            style="background:${contentBg}; color:${contentFg};
                   padding:16px; max-width:900px; width:95%;
-                  border-radius:8px; position:relative;
+                  position:relative;
                   border:1px solid ${borderCol};">
         <span id="closeUserFlagsModal"
               class="editor-close-btn"

public/js/authModals.js

@@ -195,7 +195,6 @@ export async function openUserPanel() {
     color:      ${isDark ? '#e0e0e0' : '#000'};
     padding: 20px;
     max-width: 600px; width:90%;
-    border-radius: 8px;
     overflow-y: auto; max-height: 500px;
     border: ${isDark ? '1px solid #444' : '1px solid #ccc'};
     box-sizing: border-box;

public/js/folderManager.js

@@ -1026,7 +1026,7 @@ export function openColorFolderModal(folder) {
 function isSafeFolderPath(p) {
   // Client-side defense-in-depth; server already enforces safe segments.
   // Allows letters/numbers/space/_-. and slashes between segments.
-  return /^(root|[A-Za-z0-9][A-Za-z0-9 _\-.]*)(\/[A-Za-z0-9][A-Za-z0-9 _\-.]*)*$/.test(String(p || ''));
+  return /^(root|(?!\.)[^/\0]+)(\/(?!\.)[^/\0]+)*$/.test(String(p || ''));
 }
 
 function makeChildLi(parentPath, item) {