Have scan-view guard against serving up pages outside the root directory.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@165815 91177308-0d34-0410-b5e6-96231b3b80d8

tools/scan-view/ScanView.py

@@ -707,6 +707,11 @@ File Bug</h3>
         return None
 
     def send_path(self, path):
+        # If the requested path is outside the root directory, do not open it
+        rel = os.path.relpath(path, self.server.root)
+        if rel.startswith(os.pardir + os.sep):
+          return self.send_404()
+        
         ctype = self.guess_type(path)
         if ctype.startswith('text/'):
             # Patch file instead