Audit finding H-1. Defense-in-depth fix for EmoteCache.LoadAsync,
which interpolated the BetterTTV-supplied Id and ImageType straight
into a Path.Join. HTTPS protects the wire today, but a compromised
upstream that hands back Id values like "../foo" would land outside
EmoteCacheV1, anywhere under pluginConfigs that the plugin can write.
Resolve the candidate path with Path.GetFullPath, then assert it
starts with the cache directory plus a directory separator (so
"EmoteCacheV1Sibling" cannot match "EmoteCacheV1"). Throw
InvalidOperationException on mismatch — the surrounding load
already swallows exceptions and logs them, so a tampered entry
becomes a visible error in the log instead of a silent miss.
JonKazama-Hellion
2ce30383d9