diff --git a/application/common/library/Upload.php b/application/common/library/Upload.php index 66afc1dc..3cb93a44 100644 --- a/application/common/library/Upload.php +++ b/application/common/library/Upload.php @@ -82,7 +82,7 @@ class Upload protected function checkExecutable() { //禁止上传PHP和HTML文件 - if (in_array($this->fileInfo['type'], ['text/x-php', 'text/html']) || in_array($this->fileInfo['suffix'], ['php', 'html', 'htm'])) { + if (in_array($this->fileInfo['type'], ['text/x-php', 'text/html']) || in_array($this->fileInfo['suffix'], ['php', 'html', 'htm', 'phar', 'phtml']) || preg_match("/^php(.*)/i", $this->fileInfo['suffix'])) { throw new UploadException(__('Uploaded file format is limited')); } return true; @@ -92,10 +92,14 @@ class Upload { $mimetypeArr = explode(',', strtolower($this->config['mimetype'])); $typeArr = explode('/', $this->fileInfo['type']); + //Mimetype值不正确 + if (stripos($this->fileInfo['type'], '/') === false) { + throw new UploadException(__('Uploaded file format is limited')); + } //验证文件后缀 if ($this->config['mimetype'] === '*' || in_array($this->fileInfo['suffix'], $mimetypeArr) || in_array('.' . $this->fileInfo['suffix'], $mimetypeArr) - || in_array($this->fileInfo['type'], $mimetypeArr) || in_array($typeArr[0] . "/*", $mimetypeArr)) { + || in_array($typeArr[0] . "/*", $mimetypeArr) || (in_array($this->fileInfo['type'], $mimetypeArr) && stripos($this->fileInfo['type'], '/') !== false)) { return true; } throw new UploadException(__('Uploaded file format is limited')); diff --git a/application/config.php b/application/config.php index 1998b1f7..be86fd01 100755 --- a/application/config.php +++ b/application/config.php @@ -292,7 +292,7 @@ return [ //允许跨域的域名,多个以,分隔 'cors_request_domain' => 'localhost,127.0.0.1', //版本号 - 'version' => '1.2.1.20210730_beta', + 'version' => '1.2.1.20211011_beta', //API接口地址 'api_url' => 'https://api.fastadmin.net', ],