Fix incorrect path combine in DirLoader and WritableDirProvider

This (and the other couple past commits) reported by Elelzedel.

Robust.Shared/ContentPack/DirLoader.cs

@@ -60,9 +60,7 @@ namespace Robust.Shared.ContentPack
 
             internal string GetPath(ResPath relPath)
             {
-                return Path.GetFullPath(Path.Combine(_directory.FullName, relPath.ToRelativeSystemPath()))
-                    // Sanitise platform-specific path and standardize it for engine use.
-                    .Replace(Path.DirectorySeparatorChar, '/');
+                return PathHelpers.SafeGetResourcePath(_directory.FullName, relPath);
             }
 
             /// <inheritdoc />

Robust.Shared/ContentPack/PathHelpers.cs

@@ -2,6 +2,7 @@
 using System.Collections.Generic;
 using System.IO;
 using System.Runtime.InteropServices;
+using Robust.Shared.Utility;
 
 namespace Robust.Shared.ContentPack
 {
@@ -63,5 +64,27 @@ namespace Robust.Shared.ContentPack
             !OperatingSystem.IsWindows()
             && !OperatingSystem.IsMacOS();
 
+
+        internal static string SafeGetResourcePath(string baseDir, ResPath path)
+        {
+            var relSysPath = path.ToRelativeSystemPath();
+            if (relSysPath.Contains("\\..") || relSysPath.Contains("/.."))
+            {
+                // Hard cap on any exploit smuggling a .. in there.
+                // Since that could allow leaving sandbox.
+                throw new InvalidOperationException($"This branch should never be reached. Path: {path}");
+            }
+
+            var retPath = Path.GetFullPath(Path.Join(baseDir, relSysPath));
+            // better safe than sorry check
+            if (!retPath.StartsWith(baseDir))
+            {
+                // Allow path to match if it's just missing the directory separator at the end.
+                if (retPath != baseDir.TrimEnd('\\'))
+                    throw new InvalidOperationException($"This branch should never be reached. Path: {path}");
+            }
+
+            return retPath;
+        }
     }
 }

Robust.Shared/ContentPack/ResourceManager.cs

@@ -379,6 +379,10 @@ namespace Robust.Shared.ContentPack
                 {
                     var rootDir = loader.GetPath(new ResPath(@"/"));
 
+                    // TODO: GET RID OF THIS.
+                    // This code shouldn't be passing OS disk paths through ResPath.
+                    rootDir = rootDir.Replace(Path.DirectorySeparatorChar, '/');
+
                     yield return new ResPath(rootDir);
                 }
             }

Robust.Shared/ContentPack/WritableDirProvider.cs

@@ -185,20 +185,7 @@ namespace Robust.Shared.ContentPack
 
             path = path.Clean();
 
-            return GetFullPath(RootDir, path);
-        }
-
-        private static string GetFullPath(string root, ResPath path)
-        {
-            var relPath = path.ToRelativeSystemPath();
-            if (relPath.Contains("\\..") || relPath.Contains("/.."))
-            {
-                // Hard cap on any exploit smuggling a .. in there.
-                // Since that could allow leaving sandbox.
-                throw new InvalidOperationException($"This branch should never be reached. Path: {path}");
-            }
-
-            return Path.GetFullPath(Path.Combine(root, relPath));
+            return PathHelpers.SafeGetResourcePath(RootDir, path);
         }
     }
 }