From 4e5a3610353a1d3551c29cb3093eade99b384bd7 Mon Sep 17 00:00:00 2001
From: Snider <snider@host.uk.com>
Date: Mon, 2 Feb 2026 08:11:01 +0000
Subject: [PATCH] fix(io): sandbox absolute paths under root in Medium.path

---
 pkg/io/local/client.go | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/pkg/io/local/client.go b/pkg/io/local/client.go
index 4e232fef..189c1223 100644
--- a/pkg/io/local/client.go
+++ b/pkg/io/local/client.go
@@ -25,6 +25,7 @@ func New(root string) (*Medium, error) {
 
 // path sanitizes and returns the full path.
 // Replaces .. with . to prevent traversal, then joins with root.
+// Absolute paths are sandboxed under root (unless root is "/").
 func (m *Medium) path(p string) string {
 	if p == "" {
 		return m.root
@@ -35,7 +36,12 @@ func (m *Medium) path(p string) string {
 		if len(clean) == 3 && clean[1] == ':' && (clean[2] == '\\' || clean[2] == '/') {
 			return clean
 		}
-		return filepath.Clean(clean)
+		// If root is "/", allow absolute paths through
+		if m.root == "/" {
+			return filepath.Clean(clean)
+		}
+		// Otherwise, sandbox absolute paths by stripping leading /
+		return filepath.Join(m.root, strings.TrimPrefix(clean, "/"))
 	}
 	return filepath.Join(m.root, clean)
 }