diff --git a/app/coffee/ResourceWriter.coffee b/app/coffee/ResourceWriter.coffee
index 8c3245f..2bf6598 100644
--- a/app/coffee/ResourceWriter.coffee
+++ b/app/coffee/ResourceWriter.coffee
@@ -90,7 +90,7 @@ module.exports = ResourceWriter =
 
 	checkPath: (basePath, resourcePath, callback) ->
 		path = Path.normalize(Path.join(basePath, resourcePath))
-		if (path.slice(0, basePath.length) != basePath)
+		if (path.slice(0, basePath.length + 1) != basePath + "/")
 			return callback new Error("resource path is outside root directory")
 		else
 			return callback(null, path)
diff --git a/test/unit/coffee/ResourceWriterTests.coffee b/test/unit/coffee/ResourceWriterTests.coffee
index c3c25cc..96140c9 100644
--- a/test/unit/coffee/ResourceWriterTests.coffee
+++ b/test/unit/coffee/ResourceWriterTests.coffee
@@ -173,3 +173,11 @@ describe "ResourceWriter", ->
 			it "should return an error", ->
 				@callback.calledWith(new Error("resource path is outside root directory"))
 				.should.equal true
+
+		describe "with another invalid path matching on a prefix", ->
+			beforeEach ->
+				@ResourceWriter.checkPath("foo", "../foobar/baz", @callback)
+
+			it "should return an error", ->
+				@callback.calledWith(new Error("resource path is outside root directory"))
+				.should.equal true