- Secured buffer ahead reading.
 - Guard against potential multiple dot path traversal (cf http://cwe.mitre.org/data/definitions/33.html)