mirrors/btcpayserver
1
0
Fork 0
mirror of https://github.com/btcpayserver/btcpayserver.git synced 2025-02-22 06:21:44 +01:00
Code Issues Projects Releases Packages Wiki Activity

Make sure that only the log directory can be read on /server/logs

Browse source
This commit is contained in:
nicolas.dorier 2019-05-30 11:46:09 +09:00
parent dde841383a
commit 0e568e2af5
No known key found for this signature in database
GPG key ID: 6618763EF09186FE
1 changed files with 5 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
BTCPayServer/Controllers/ServerController.cs
View file

@ -875,14 +875,16 @@ namespace BTCPayServer.Controllers
.ToList();
vm.LogFileOffset = offset;
if (string.IsNullOrEmpty(file))
if (string.IsNullOrEmpty(file) || !file.EndsWith(fileExtension, StringComparison.Ordinal))
return View("Logs", vm);
vm.Log = "";
var path = Path.Combine(di.FullName, file);
var fi = vm.LogFiles.FirstOrDefault(o => o.Name == file);
if (fi == null)
return NotFound();
try
{
using (var fileStream = new FileStream(
path,
fi.FullName,
FileMode.Open,
FileAccess.Read,
FileShare.ReadWrite))