...
Sanitization of tainted inputs always carries the risk that the data is not fully sanitized. File and path name equivalence vulnerabilities and directory traversal vulnerabilities are both common examples of vulnerabilities arising from the improper sanitization path and file name inputs (see FIO04-J. Canonicalize path names before validating). A design that requires an unprivileged user to access an arbitrary, protected file (or other resource) is always suspect. Instead, you may want to consider using a hard code resource name or only allow the user to select from a list of options that are indirectly mapped to the resource names.
...