During direct connect it's possible to send a file with a name containing "…/"
vulners.com/securityvulns/securityvulns:doc:2787