validation, URL length restriction (allows you to view ANY file that the user running the gsad might look at!)
use glibs path functions
Consider doing the input sanatizing in the page handlers.
Take care of XML in input.