Reject requests that contain backslash in path

PR #18626.
Closes #18618.

src/webui/webapplication.cpp

@@ -173,9 +173,14 @@ WebApplication::~WebApplication()
 
 void WebApplication::sendWebUIFile()
 {
-    const QStringList pathItems {request().path.split(u'/', Qt::SkipEmptyParts)};
+    if (request().path.contains(u'\\'))
-    if (pathItems.contains(u".") || pathItems.contains(u".."))
+        throw BadRequestHTTPError();
-        throw InternalServerErrorHTTPError();
+
+    if (const QList<QStringView> pathItems = QStringView(request().path).split(u'/', Qt::SkipEmptyParts)
+            ; pathItems.contains(u".") || pathItems.contains(u".."))
+    {
+        throw BadRequestHTTPError();
+    }
 
     const QString path = (request().path != u"/")
         ? request().path