From 944b2995f1bf7719cfcfb9bafe713523dbd8883f Mon Sep 17 00:00:00 2001
From: Jesse Plamondon-Willard <github@jplamondonw.com>
Date: Sat, 18 Aug 2018 23:33:38 -0400
Subject: no longer allow non-relative paths for
 IContentPack.Read/WriteJsonFile (#468)

---
 src/StardewModdingAPI.Toolkit/Utilities/PathUtilities.cs | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'src/StardewModdingAPI.Toolkit/Utilities')

diff --git a/src/StardewModdingAPI.Toolkit/Utilities/PathUtilities.cs b/src/StardewModdingAPI.Toolkit/Utilities/PathUtilities.cs
index b959f9b5..79748c25 100644
--- a/src/StardewModdingAPI.Toolkit/Utilities/PathUtilities.cs
+++ b/src/StardewModdingAPI.Toolkit/Utilities/PathUtilities.cs
@@ -63,6 +63,18 @@ namespace StardewModdingAPI.Toolkit.Utilities
             return relative;
         }
 
+        /// <summary>Get whether a path is relative and doesn't try to climb out of its containing folder (e.g. doesn't contain <c>../</c>).</summary>
+        /// <param name="path">The path to check.</param>
+        public static bool IsSafeRelativePath(string path)
+        {
+            if (string.IsNullOrWhiteSpace(path))
+                return true;
+
+            return
+                !Path.IsPathRooted(path)
+                && PathUtilities.GetSegments(path).All(segment => segment.Trim() != "..");
+        }
+
         /// <summary>Get whether a string is a valid 'slug', containing only basic characters that are safe in all contexts (e.g. filenames, URLs, etc).</summary>
         /// <param name="str">The string to check.</param>
         public static bool IsSlug(string str)
-- 
cgit