This reverts commit 5d7b31e.

…handling (#13733)

## Describe your changes

Added centralized path security validation to prevent Server-Side
Request Forgery (SSRF) and path traversal vulnerabilities. The changes
include:

1. Created a new `path_security.py` module with
`is_unsafe_path_pattern()` function that detects potentially dangerous
paths:
   - UNC paths (Windows network shares)
   - Absolute paths (Windows drive letters or root-based paths)
   - Path traversal attempts using `..`
   - Null byte injection attempts
   - Windows special path prefixes

2. Added a new `PathSecurityMiddleware` for Starlette that blocks unsafe
paths at the HTTP layer before any filesystem operations.

3. Updated component path handling to validate paths BEFORE calling
`os.path.realpath()`, preventing Windows from triggering SMB connections
to attacker-controlled servers.

4. Modified `AppStaticFileHandler` to check for unsafe paths before
filesystem operations.

5. Standardized security responses across the codebase (400 Bad Request
for malicious paths).

## Testing Plan

Added comprehensive test cases covering:
- Detection of various unsafe path patterns
- Validation of UNC paths and Windows drive letters
- Handling of URL-decoded paths
- Null byte injection attempts
- Windows special path prefixes
- Mixed path separator handling
- Verification that legitimate paths still work correctly
- Middleware positioning and integration with the request pipeline
- Proper handling of WebSocket connections

The tests verify both the new security functions and their integration
across different parts of the codebase.

---

**Contribution License Agreement**

By submitting this pull request you agree that all contributions to this
project are made under the Apache 2.0 license.

…13806)

## Summary

Fixes the `client.showErrorLinks` config option to accept boolean values
(`True`/`False`) in addition to string values (`"auto"`, `"true"`,
`"false"`).

Previously, setting the config option with a boolean like
`client.showErrorLinks = false` in config.toml would not work because
the code only checked for string values. This change aligns
`showErrorLinks` with the behavior of other config options that accept
both boolean and string values.

## Test plan

- Added unit tests for boolean `True` and `False` values
- All existing tests pass
- Verified manually that `client.showErrorLinks = false` in config.toml
now works correctly

## Describe your changes
Small update to logo.py and config.py for style.

## Screenshot or video (only for visual changes)

## GitHub Issue Link (if applicable)

## Testing Plan

- Explanation of why no additional tests are needed
- Unit Tests (JS and/or Python)
- E2E Tests
- Any manual testing needed?

---

**Contribution License Agreement**

By submitting this pull request you agree that all contributions to this
project are made under the Apache 2.0 license.

---------

Co-authored-by: graphite-app[bot] <96075541+graphite-app[bot]@users.noreply.github.com>