no longer allow non-relative paths for IContentPack.Read/WriteJsonFile (#468)

1 files changed, 12 insertions, 0 deletions

diff --git a/src/StardewModdingAPI.Toolkit/Utilities/PathUtilities.cs b/src/StardewModdingAPI.Toolkit/Utilities/PathUtilities.cs
index b959f9b5..79748c25 100644
--- a/src/StardewModdingAPI.Toolkit/Utilities/PathUtilities.cs
+++ b/src/StardewModdingAPI.Toolkit/Utilities/PathUtilities.cs
@@ -63,6 +63,18 @@ namespace StardewModdingAPI.Toolkit.Utilities
             return relative;
         }
 
+        /// <summary>Get whether a path is relative and doesn't try to climb out of its containing folder (e.g. doesn't contain <c>../</c>).</summary>
+        /// <param name="path">The path to check.</param>
+        public static bool IsSafeRelativePath(string path)
+        {
+            if (string.IsNullOrWhiteSpace(path))
+                return true;
+
+            return
+                !Path.IsPathRooted(path)
+                && PathUtilities.GetSegments(path).All(segment => segment.Trim() != "..");
+        }
+
         /// <summary>Get whether a string is a valid 'slug', containing only basic characters that are safe in all contexts (e.g. filenames, URLs, etc).</summary>
         /// <param name="str">The string to check.</param>
         public static bool IsSlug(string str)