diff --git a/app/admin/controller/Config.php b/app/admin/controller/Config.php
index 1cf47848b..0f7f169bb 100644
--- a/app/admin/controller/Config.php
+++ b/app/admin/controller/Config.php
@@ -92,9 +92,11 @@ class Config extends Controller
         } else {
             $post = $this->request->post();
             if (!empty($post['storage']['allow_exts'])) {
-                $deny = ['sh', 'bat', 'cmd', 'exe', 'php', 'asp'];
-                $exts = array_unique(explode(',', strtolower($post['storage']['allow_exts'])));
-                if (sort($exts) && in_array('php', $deny)) $this->error('禁止上传可执行的文件！');
+                $exts = array_unique(str2arr(strtolower($post['storage']['allow_exts'])));
+                foreach (['sh', 'asp', 'bat', 'cmd', 'exe', 'php'] as $ext) {
+                    if (in_array($ext, $exts)) $this->error('禁止上传可执行的文件！');
+                }
+                sort($exts);
                 $post['storage']['allow_exts'] = join(',', $exts);
             }
             foreach ($post as $name => $value) sysconf($name, $value);