Uncontrolled data used in path expression (#542)

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

Author: KrzysztofPajak

src/Web/Grand.Web.Admin/Controllers/SettingController.cs

@@ -780,6 +780,11 @@ private void SavePushNotificationsToFile(PushNotificationsSettingsModel model, I
     private string GetSafeFilePath(IConfiguration configuration, IWebHostEnvironment webHostEnvironment, string filename)
     {
         var directoryParam = configuration[CommonPath.DirectoryParam] ?? "";
+
+        // Validate directoryParam to ensure it does not contain ".." or path separators
+        if (directoryParam.Contains("..") || directoryParam.Contains("/") || directoryParam.Contains("\\"))
+            throw new ArgumentException("Invalid directory parameter - contains illegal characters.");
+
         var safeDirectoryName = Path.GetFileName(directoryParam);
         var combinedPath = Path.Combine(webHostEnvironment.WebRootPath, safeDirectoryName, filename);
         var fullPath = Path.GetFullPath(combinedPath, webHostEnvironment.WebRootPath);