minor security fix. This makes sure you can't call paths that start with "/" from /select This way, if you register a handler with "/path" and use path based authentication, you can not sneak into it using: http://localhost:8983/solr/select/?qt=/update&stream.body=...