- The function failed to catch the case that the path ends with "..",
allowing the contents of the directory one path component above the
cwd to be listed. This is probably not very interesting.
- The function did not check for ".." components in the path if it
starts with R2_WWWROOT, leading to full directory traversal (example:
/usr/local/share/radare2/0.9.8.git/www/../../../../../../etc/passwd
- Use strncmp instead of memcmp
- Handle relative webroot paths properly
- Check for empty R2_WWWROOT
- Fix various project related issues
- Do not save in directories. Projects are file + file.d/
- Do not show division by zero issue (e cfg.foo=/bin/ls)
