Update lib/utils/queryparams.js

Co-authored-by: Copilot <[email protected]>

Author: jkyberneees

lib/utils/queryparams.js

@@ -32,8 +32,11 @@ module.exports = (req, url) => {
   const searchParams = new URLSearchParams(search.replace(/\[\]=/g, '='))
 
   for (const [name, value] of searchParams.entries()) {
-    // Use Set for O(1) dangerous property lookup instead of multiple string comparisons
-    if (DANGEROUS_PROPERTIES.has(name)) {
+    // Split parameter name into segments by dot or bracket notation
+    const segments = name.split(/[\.\[\]]+/).filter(Boolean)
+    
+    // Check each segment against the dangerous properties set
+    if (segments.some(segment => DANGEROUS_PROPERTIES.has(segment))) {
       continue // Skip dangerous property names
     }