Fix Brakeman warnings for file access

Description

Category description: When user-supplied input can contain ".." or similar characters that are passed through to file access APIs, causing access to files outside of an intended subdirectory.

This will touch on skins.

Environment

None

Status

Assignee

james_

Reporter

james_

Roadmap

Skins

Priority

Medium

Affects versions

Fix versions

None

Components

BackEnd

Difficulty

Medium

Required Access Level

None

Milestone

Internal 0.9
Configure