From 0e568e2af5d00b444df2592654f001efc893ba1b Mon Sep 17 00:00:00 2001
From: "nicolas.dorier" <nicolas.dorier@gmail.com>
Date: Thu, 30 May 2019 11:46:09 +0900
Subject: [PATCH] Make sure that only the log directory can be read on
 /server/logs

---
 BTCPayServer/Controllers/ServerController.cs | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/BTCPayServer/Controllers/ServerController.cs b/BTCPayServer/Controllers/ServerController.cs
index 4f5da9766..60821652e 100644
--- a/BTCPayServer/Controllers/ServerController.cs
+++ b/BTCPayServer/Controllers/ServerController.cs
@@ -875,14 +875,16 @@ namespace BTCPayServer.Controllers
                     .ToList();
                 vm.LogFileOffset = offset;
 
-                if (string.IsNullOrEmpty(file))
+                if (string.IsNullOrEmpty(file) || !file.EndsWith(fileExtension, StringComparison.Ordinal))
                     return View("Logs", vm);
                 vm.Log = "";
-                var path = Path.Combine(di.FullName, file);
+                var fi = vm.LogFiles.FirstOrDefault(o => o.Name == file);
+                if (fi == null)
+                    return NotFound();
                 try
                 {
                     using (var fileStream = new FileStream(
-                        path,
+                        fi.FullName,
                         FileMode.Open,
                         FileAccess.Read,
                         FileShare.ReadWrite))