security-fix: check if the selected file resides in any of log dirs b…

…efore displaying its contents

src/Pages/ViewLog.php

@@ -41,25 +41,22 @@ public function form(Form $form): Form
 
     public function read(): string
     {
-        if (! $this->logFile) {
+        if (! $this->logFile || ! $this->fileResidesInLogDirs($this->logFile)) {
+            $this->logFile = null;
             return '';
         }
 
         return File::get($this->logFile);
     }
 
-    public function write($content = ''): void
+    public function clear(): void
     {
-        if (! $this->logFile) {
+        if (! $this->logFile || ! $this->fileResidesInLogDirs($this->logFile)) {
+            $this->logFile = null;
             return;
         }
 
-        File::put($this->logFile, $content);
-    }
-
-    public function clear(): void
-    {
-        $this->write();
+        File::put($this->logFile, '');
         $this->refresh();
     }
 
@@ -68,6 +65,12 @@ public function refresh(): void
         $this->dispatch('logContentUpdated', content: $this->read());
     }
 
+    protected function fileResidesInLogDirs(string $logFile): bool
+    {
+        return collect(FilamentLaravelLogPlugin::get()->getLogDirs())
+            ->contains(fn (string $logDir) => str_contains($logFile, $logDir));
+    }
+
     protected function getFinder(): Finder
     {
         return Finder::create()