From 8dc5846faa01b78d90f2e559a55e77640618cf29 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E9=82=B9=E6=99=AF=E7=AB=8B?= <zoujingli@qq.com>
Date: Wed, 15 Sep 2021 17:00:56 +0800
Subject: [PATCH] Update Upload.php

---
 app/admin/controller/api/Upload.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/app/admin/controller/api/Upload.php b/app/admin/controller/api/Upload.php
index 7c52b5025..af8781349 100644
--- a/app/admin/controller/api/Upload.php
+++ b/app/admin/controller/api/Upload.php
@@ -111,6 +111,8 @@ class Upload extends Controller
         $safeMode = $this->getSafe();
         $extension = strtolower($file->getOriginalExtension());
         $saveName = input('key') ?: Storage::name($file->getPathname(), $extension, '', 'md5_file');
+        // 检查文件名称是否合法
+        if (strpos($saveName, '../') !== false) $this->error('文件路径不能出现跳级操作！');
         // 检查文件后缀是否被恶意修改
         if (pathinfo(parse_url($saveName, PHP_URL_PATH), PATHINFO_EXTENSION) !== $extension) {
             $this->error('文件后缀异常，请重新上传文件！');