From 84bd116e8c0269d893b2227c548745c6683308c7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=82=B9=E6=99=AF=E7=AB=8B?= Date: Wed, 12 May 2021 17:27:20 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E6=94=B9=E6=96=87=E4=BB=B6=E4=B8=8A?= =?UTF-8?q?=E4=BC=A0=E9=85=8D=E7=BD=AE?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/admin/controller/Config.php | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/app/admin/controller/Config.php b/app/admin/controller/Config.php index 0f7f169bb..423cfde9a 100644 --- a/app/admin/controller/Config.php +++ b/app/admin/controller/Config.php @@ -92,11 +92,9 @@ class Config extends Controller } else { $post = $this->request->post(); if (!empty($post['storage']['allow_exts'])) { + $deny = ['sh', 'asp', 'bat', 'cmd', 'exe', 'php']; $exts = array_unique(str2arr(strtolower($post['storage']['allow_exts']))); - foreach (['sh', 'asp', 'bat', 'cmd', 'exe', 'php'] as $ext) { - if (in_array($ext, $exts)) $this->error('禁止上传可执行的文件!'); - } - sort($exts); + if (array_intersect($deny, $exts)) $this->error('禁止上传可执行的文件!'); $post['storage']['allow_exts'] = join(',', $exts); } foreach ($post as $name => $value) sysconf($name, $value);