From 9adad7e15f190aa953382054dfe456354bf34264 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E9=82=B9=E6=99=AF=E7=AB=8B?= <zoujingli@qq.com>
Date: Wed, 12 May 2021 17:21:36 +0800
Subject: [PATCH] Update Config.php

---
 app/admin/controller/Config.php | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/app/admin/controller/Config.php b/app/admin/controller/Config.php
index 1cf47848b..0f7f169bb 100644
--- a/app/admin/controller/Config.php
+++ b/app/admin/controller/Config.php
@@ -92,9 +92,11 @@ class Config extends Controller
         } else {
             $post = $this->request->post();
             if (!empty($post['storage']['allow_exts'])) {
-                $deny = ['sh', 'bat', 'cmd', 'exe', 'php', 'asp'];
-                $exts = array_unique(explode(',', strtolower($post['storage']['allow_exts'])));
-                if (sort($exts) && in_array('php', $deny)) $this->error('禁止上传可执行的文件！');
+                $exts = array_unique(str2arr(strtolower($post['storage']['allow_exts'])));
+                foreach (['sh', 'asp', 'bat', 'cmd', 'exe', 'php'] as $ext) {
+                    if (in_array($ext, $exts)) $this->error('禁止上传可执行的文件！');
+                }
+                sort($exts);
                 $post['storage']['allow_exts'] = join(',', $exts);
             }
             foreach ($post as $name => $value) sysconf($name, $value);