2 files changed, 30 insertions, 5 deletions
diff --git a/src/WixToolset.Core/ExtensibilityServices/BackendHelper.cs b/src/WixToolset.Core/ExtensibilityServices/BackendHelper.cs
index e4b6e959..7b20286c 100644
--- a/src/WixToolset.Core/ExtensibilityServices/BackendHelper.cs
+++ b/src/WixToolset.Core/ExtensibilityServices/BackendHelper.cs
@@ -15,10 +15,13 @@ namespace WixToolset.Core.ExtensibilityServices
        public BackendHelper(IWixToolsetServiceProvider serviceProvider)
        {
            this.Messaging = serviceProvider.GetService<IMessaging>();
+            this.ParseHelper = serviceProvider.GetService<IParseHelper>();
        }
        private IMessaging Messaging { get; }
+        private IParseHelper ParseHelper { get; }
        public IFileTransfer CreateFileTransfer(string source, string destination, bool move, SourceLineNumber sourceLineNumbers = null)
        {
            var sourceFullPath = this.GetValidatedFullPath(sourceLineNumbers, source);
@@ -49,6 +52,11 @@ namespace WixToolset.Core.ExtensibilityServices
            };
        }
+        public string GetCanonicalRelativePath(SourceLineNumber sourceLineNumbers, string elementName, string attributeName, string relativePath)
+        {
+            return this.ParseHelper.GetCanonicalRelativePath(sourceLineNumbers, elementName, attributeName, relativePath);
+        }
        public ITrackedFile TrackFile(string path, TrackedFileType type, SourceLineNumber sourceLineNumbers = null)
        {
            return new TrackedFile(path, type, sourceLineNumbers);
diff --git a/src/WixToolset.Core/ExtensibilityServices/ParseHelper.cs b/src/WixToolset.Core/ExtensibilityServices/ParseHelper.cs
index af3f40aa..de5595e1 100644
--- a/src/WixToolset.Core/ExtensibilityServices/ParseHelper.cs
+++ b/src/WixToolset.Core/ExtensibilityServices/ParseHelper.cs
@@ -540,11 +540,7 @@ namespace WixToolset.Core.ExtensibilityServices
                }
                else if (allowRelative)
                {
-                    var normalizedPath = value.Replace('\\', '/');
+                    value = this.GetCanonicalRelativePath(sourceLineNumbers, attribute.Parent.Name.LocalName, attribute.Name.LocalName, value);
-                    if (normalizedPath.StartsWith("../", StringComparison.Ordinal) || normalizedPath.Contains("/../"))
-                    {
-                        this.Messaging.Write(ErrorMessages.PayloadMustBeRelativeToCache(sourceLineNumbers, attribute.Parent.Name.LocalName, attribute.Name.LocalName, value));
-                    }
                }
                else if (CompilerCore.IsAmbiguousFilename(value))
                {
@@ -705,6 +701,27 @@ namespace WixToolset.Core.ExtensibilityServices
            }
        }
+        public string GetCanonicalRelativePath(SourceLineNumber sourceLineNumbers, string elementName, string attributeName, string relativePath)
+        {
+            const string root = @"C:\";
+            if (!Path.IsPathRooted(relativePath))
+            {
+                var normalizedPath = Path.GetFullPath(root + relativePath);
+                if (normalizedPath.StartsWith(root))
+                {
+                    var canonicalizedPath = normalizedPath.Substring(root.Length);
+                    if (canonicalizedPath != relativePath)
+                    {
+                        this.Messaging.Write(WarningMessages.PathCanonicalized(sourceLineNumbers, elementName, attributeName, relativePath, canonicalizedPath));
+                    }
+                    return canonicalizedPath;
+                }
+            }
+            this.Messaging.Write(ErrorMessages.PayloadMustBeRelativeToCache(sourceLineNumbers, elementName, attributeName, relativePath));
+            return relativePath;
+        }
        public SourceLineNumber GetSourceLineNumbers(XElement element)
        {
            return Preprocessor.GetSourceLineNumbers(element);