From 13b8281f6bbe09fcf38b937ebf4e7de37bbea03f Mon Sep 17 00:00:00 2001
From: "jeremy@jermolene.com" <jeremy@jermolene.com>
Date: Mon, 27 Apr 2020 15:00:06 +0100
Subject: [PATCH] $tw.utils.copyDirectory: Ensure directories don't overlap

---
 core/modules/utils/filesystem.js | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/core/modules/utils/filesystem.js b/core/modules/utils/filesystem.js
index 8ec1554f7..df820a63c 100644
--- a/core/modules/utils/filesystem.js
+++ b/core/modules/utils/filesystem.js
@@ -36,8 +36,12 @@ Recursively (and synchronously) copy a directory and all its content
 */
 exports.copyDirectory = function(srcPath,dstPath) {
 	// Remove any trailing path separators
-	srcPath = $tw.utils.removeTrailingSeparator(srcPath);
-	dstPath = $tw.utils.removeTrailingSeparator(dstPath);
+	srcPath = path.resolve($tw.utils.removeTrailingSeparator(srcPath));
+	dstPath = path.resolve($tw.utils.removeTrailingSeparator(dstPath));
+	// Check that neither director is within the other
+	if(srcPath.substring(0,dstPath.length) === dstPath || dstPath.substring(0,srcPath.length) === srcPath) {
+		return "Cannot copy nested directories";
+	}
 	// Create the destination directory
 	var err = $tw.utils.createDirectory(dstPath);
 	if(err) {