From fc292a4d71299ea220843aa4ecd4eacf160439f4 Mon Sep 17 00:00:00 2001
From: leonarski_f <filip.leonarski@psi.ch>
Date: Thu, 16 Apr 2026 08:09:08 +0200
Subject: [PATCH] CheckPath: Better validation routine

---
 common/CheckPath.h | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/common/CheckPath.h b/common/CheckPath.h
index e685b526..befcb130 100644
--- a/common/CheckPath.h
+++ b/common/CheckPath.h
@@ -8,7 +8,10 @@
 #include "JFJochException.h"
 
 inline void CheckPath(const std::string &s) {
-    if (!s.empty() && s.front() == '/')
+    // CheckPath looks validates that s can be a valid file name
+    // (in practice with an added suffix, .e.g. _master.h5 or .tiff)
+    // It avoids paths going outside of a given directory
+    if (!s.empty() && (s.front() == '/' || s.back() != '/'))
         throw JFJochException(JFJochExceptionCategory::InputParameterInvalid,
                               "Path cannot start with slash");
     if (s.size() >= 3 && s.substr(0,3) == "../")