From e26cdc6112ed9ae17660d79ec137ffb0a2ea46bc Mon Sep 17 00:00:00 2001
From: Jesse Boyd <jessepaleg@gmail.com>
Date: Wed, 17 Oct 2018 23:57:13 +1100
Subject: [PATCH] schem list validation

---
 .../java/com/sk89q/worldedit/command/SchematicCommands.java  | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/core/src/main/java/com/sk89q/worldedit/command/SchematicCommands.java b/core/src/main/java/com/sk89q/worldedit/command/SchematicCommands.java
index 6dc64dda..70f0dfcf 100644
--- a/core/src/main/java/com/sk89q/worldedit/command/SchematicCommands.java
+++ b/core/src/main/java/com/sk89q/worldedit/command/SchematicCommands.java
@@ -613,6 +613,11 @@ public class SchematicCommands extends MethodCommands {
                         color = "&a";
                         if (name.indexOf('.') != -1) name = name.substring(0, name.lastIndexOf('.'));
                     }
+                    try {
+                        if (!MainUtil.isInSubDirectory(dir, file)) {
+                            throw new RuntimeException(new CommandException("Invalid path"));
+                        }
+                    } catch (IOException ignore) {}
                 } else if (uriStr.startsWith("http://") || uriStr.startsWith("https://")) {
                     // url
                     color = "&9";