Bug-fix.

Changelog excerpt:
- Discovered that the image chameleon attack detection could generate false
  positives against Mac OS X thumbnails; Fixed.

Author: Maikuolan

Changelog.md

@@ -9,3 +9,5 @@ __*Why "v3.0.0" instead of "v1.0.0?"*__ Prior to phpMussel v3, the "phpMussel Co
 [2020.07.31; Maikuolan]: Improved the way that the (generated by ...) notice, displayed at the footer of HTML pages, is rendered.
 
 [2020.08.05; Maikuolan]: Addressed a potential compatibility problem with some specific kinds of symlinked installations.
+
+[2020.10.01; Bug-fix; Maikuolan]: Discovered that the image chameleon attack detection could generate false positives against Mac OS X thumbnails; Fixed. *Refer [#223](https://github.com/phpMussel/phpMussel/issues/223).*

src/Loader.php

@@ -8,7 +8,7 @@
  * License: GNU/GPLv2
  * @see LICENSE.txt
  *
- * This file: The loader (last modified: 2020.08.05).
+ * This file: The loader (last modified: 2020.10.01).
  */
 
 namespace phpMussel\Core;
@@ -83,7 +83,7 @@ class Loader
     /**
      * @var string phpMussel version number (SemVer).
      */
-    public $ScriptVersion = '3.0.0';
+    public $ScriptVersion = '3.0.1';
 
     /**
      * @var string phpMussel version identifier (complete notation).
@@ -220,7 +220,7 @@ public function __construct(
                 $VendorPath = $this->buildPath(dirname($_SERVER['DOCUMENT_ROOT'] . $_SERVER['SCRIPT_NAME']) . DIRECTORY_SEPARATOR . 'vendor', false);
 
                 /** Eep.. Still not working. Generate exception. */
-                if (!is_dir($VendorPath) || !is_readable($VendorPath)) {
+                if ($VendorPath === '' || !is_dir($VendorPath) || !is_readable($VendorPath)) {
                     throw new \Exception('Vendor directory is undefined or unreadable.');
                 }
             } else {

src/Scanner.php

@@ -8,7 +8,7 @@
  * License: GNU/GPLv2
  * @see LICENSE.txt
  *
- * This file: The scanner (last modified: 2020.07.20).
+ * This file: The scanner (last modified: 2020.10.01).
  */
 
 namespace phpMussel\Core;
@@ -2066,6 +2066,13 @@ private function dataHandler(string $str = '', int $Depth = 0, string $OriginalF
         /** Fire event: "beforeChameleonDetections". */
         $this->Loader->Events->fireEvent('beforeChameleonDetections');
 
+        /** Chameleon attack bypasses for Mac OS X thumbnails and screenshots. */
+        $ThumbnailBypass = (
+            substr($OriginalFilename, 0, 2) === '._' &&
+            !preg_match('~[^\x00-\x1f]~', substr($str, 0, 8)) &&
+            substr($str, 8, 8) === 'Mac OS X'
+        );
+
         /** PHP chameleon attack detection. */
         if ($this->Loader->Configuration['files']['chameleon_from_php']) {
             if ($this->containsMustAssert([
@@ -2147,7 +2154,7 @@ private function dataHandler(string $str = '', int $Depth = 0, string $OriginalF
         }
 
         /** Image chameleon attack detection. */
-        if ($this->Loader->Configuration['files']['chameleon_to_img']) {
+        if (!$ThumbnailBypass && $this->Loader->Configuration['files']['chameleon_to_img']) {
             $Chameleon = '';
             if (
                 (($xt === 'bmp' || $xt === 'dib') && $twocc !== '424d') ||