This was never a 'vulnerability'... the APR_FILEPATH_SECUREROOT flag
  passed to apr_filepath_merge refused to merge any rooted 'addpath'.
  However, that isn't the traditional 1.3 behavior, so fly past any
  leading '/'s on the way to merging the uri to the DocumentRoot.

PR: 10946


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@96314 13f79535-47bb-0310-9956-ffa450edef68