From 7d849aea2c3f2471ecb36d99bb95115f0b621cd0 Mon Sep 17 00:00:00 2001
From: Anyon <zoujingli@qq.com>
Date: Wed, 17 Apr 2019 12:35:12 +0800
Subject: [PATCH] =?UTF-8?q?[=E6=9B=B4=E6=96=B0]=E4=BF=AE=E6=94=B9=E6=96=87?=
 =?UTF-8?q?=E4=BB=B6=E4=B8=8A=E4=BC=A0?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 application/admin/controller/Plugs.php | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/application/admin/controller/Plugs.php b/application/admin/controller/Plugs.php
index 38aaf51c7..3e94d4176 100644
--- a/application/admin/controller/Plugs.php
+++ b/application/admin/controller/Plugs.php
@@ -57,6 +57,12 @@ class Plugs extends BasicAdmin
         if (!in_array($ext, explode(',', strtolower(sysconf('storage_local_exts'))))) {
             return json(['code' => 'ERROR', 'msg' => '文件上传类型受限']);
         }
+        if (!session('user')) {
+            $this->error('只有登录后才能上传文件哦！');
+        }
+        if ($file->checkExt('php')) {
+            $this->error('可执行文件禁止上传到本地服务器！');
+        }
         // 文件上传Token验证
         if ($this->request->post('token') !== md5($filename . session_id())) {
             return json(['code' => 'ERROR', 'msg' => '文件上传验证失败']);