Fix a potential vulnerability in incoming `pscp -r'. The server

Fix a potential vulnerability in incoming `pscp -r'. The server
sends filenames of things in the directory being copied. A malicious
server could have sent, for example, "..\..\windows\system\foo.dll"
and overwritten something crucial. The filenames are now vetted to
ensure they don't contain slashes or backslashes.

[originally from svn r742]