Fix #21: urldecode the path in DocumentRoot

Making sure that no null-bytes or slashes sneak into the path.

Author: bwoebi

src/DocumentRoot.php

@@ -114,7 +114,12 @@ public function setFallback(RequestHandler $requestHandler): void
      */
     public function handleRequest(Request $request): Response
     {
-        $path = removeDotPathSegments($request->getUri()->getPath());
+        $path = $request->getUri()->getPath();
+        if (stripos($path, "%2f") !== false || strpos($path, "%00") !== false) {
+            return $this->respondFromFileInfo(Internal\FileInformation::fromNonExistentFile($path), $request);
+        }
+
+        $path = removeDotPathSegments(\urldecode($path));
 
         return ($fileInfo = $this->fetchCachedStat($path, $request))
             ? $this->respondFromFileInfo($fileInfo, $request)