Presumably, in the script where you send the file, you are also sending a Content-Disposition
header that tells the browser that this is a download, not a resource to try and show immediately. I'd presume you're also sending $_GET['file_path']
as the filename in that header.
When you send that header, don't include the directory part. Browsers will do whatever they want with the directory part, from stripping it off to mangling it. Pretty much the only thing they won't do (for security reasons) is actually use it as a directory name.
You can send the base filename using something like
$path_parts = preg_split(':[/\\]+:', $_GET['file_path']);
$filename = addslashes(end($path_parts));
header("Content-Disposition: attachment; filename=\"$filename\"");