Hey thanks buddy.

My recommendation would be,

the application should avoid using user input to construct file paths and instead it should use a whitelist approach to specify allowed file paths and only accept the required characters such as "a-Z0-9" and do not allow ".." or "/" or "%00" (null byte) or any other similar unexpected characters.