From 41d75cdbf867f1e80cff0ff1f63344b737115317 Mon Sep 17 00:00:00 2001
From: Karson <karsonzhang@163.com>
Date: Sat, 29 Mar 2025 22:34:46 +0800
Subject: [PATCH] =?UTF-8?q?=E6=96=B0=E5=A2=9E=E9=99=90=E5=88=B6=E4=B8=8A?=
 =?UTF-8?q?=E4=BC=A0=E4=BB=A5.=E5=BC=80=E5=A4=B4=E7=9A=84=E6=96=87?=
 =?UTF-8?q?=E4=BB=B6?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

优化上传文件配置提示
---
 application/common/library/Upload.php | 8 ++++++--
 application/extra/upload.php          | 1 +
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/application/common/library/Upload.php b/application/common/library/Upload.php
index add846dd..d28cdd33 100644
--- a/application/common/library/Upload.php
+++ b/application/common/library/Upload.php
@@ -86,6 +86,11 @@ class Upload
      */
     protected function checkExecutable()
     {
+        //禁止上传以.开头的文件
+        if (substr($this->fileInfo['name'], 0, 1) === '.') {
+            throw new UploadException(__('Uploaded file format is limited'));
+        }
+
         //禁止上传PHP和HTML文件
         if (in_array($this->fileInfo['type'], ['text/x-php', 'text/html']) || in_array($this->fileInfo['suffix'], ['php', 'html', 'htm', 'phar', 'phtml']) || preg_match("/^php(.*)/i", $this->fileInfo['suffix'])) {
             throw new UploadException(__('Uploaded file format is limited'));
@@ -107,8 +112,7 @@ class Upload
             throw new UploadException(__('Uploaded file format is limited'));
         }
         //验证文件后缀
-        if ($this->config['mimetype'] === '*'
-            || in_array($this->fileInfo['suffix'], $mimetypeArr) || in_array('.' . $this->fileInfo['suffix'], $mimetypeArr)
+        if (in_array($this->fileInfo['suffix'], $mimetypeArr) || in_array('.' . $this->fileInfo['suffix'], $mimetypeArr)
             || in_array($typeArr[0] . "/*", $mimetypeArr) || (in_array($this->fileInfo['type'], $mimetypeArr) && stripos($this->fileInfo['type'], '/') !== false)) {
             return true;
         }
diff --git a/application/extra/upload.php b/application/extra/upload.php
index 24357afb..8a79610e 100644
--- a/application/extra/upload.php
+++ b/application/extra/upload.php
@@ -20,6 +20,7 @@ return [
     'maxsize'   => '10mb',
     /**
      * 可上传的文件类型
+     * 如配置允许 pdf,ppt,docx,svg 等可能含有脚本的文件时，请先从服务器配置此类文件直接下载而不是预览
      */
     'mimetype'  => 'jpg,png,bmp,jpeg,gif,webp,zip,rar,wav,mp4,mp3,webm',
     /**