fix(android): sanitize portable file name (#7894) (#7895)

Co-authored-by: Dave Crombie <dcrombie29@googlemail.com>

Author: jcesarmobile

android/capacitor/src/main/java/com/getcapacitor/FileUtils.java

@@ -219,7 +219,8 @@ private static String getCopyFilePath(Uri uri, Context context) {
         int nameIndex = cursor.getColumnIndex(OpenableColumns.DISPLAY_NAME);
         cursor.moveToFirst();
         String name = (cursor.getString(nameIndex));
-        File file = new File(context.getFilesDir(), name);
+        String fileName = sanitizeFilename(name);
+        File file = new File(context.getFilesDir(), fileName);
         try {
             InputStream inputStream = context.getContentResolver().openInputStream(uri);
             FileOutputStream outputStream = new FileOutputStream(file);
@@ -289,4 +290,14 @@ private static String getPathToNonPrimaryVolume(Context context, String tag) {
         }
         return null;
     }
+
+    private static String sanitizeFilename(String displayName) {
+        String[] badCharacters = new String[] { "..", "/" };
+        String[] segments = displayName.split("/");
+        String fileName = segments[segments.length - 1];
+        for (String suspString : badCharacters) {
+            fileName = fileName.replace(suspString, "_");
+        }
+        return fileName;
+    }
 }