From 0bfb60f3acdf0f03a58c3f3f5e6547d243d5b3ae Mon Sep 17 00:00:00 2001
From: tianya <yanghuxiao@vip.qq.com>
Date: Thu, 31 Aug 2023 08:12:30 +0800
Subject: [PATCH] =?UTF-8?q?=E6=96=87=E4=BB=B6=E4=B8=8A=E4=BC=A0=E6=BC=8F?=
 =?UTF-8?q?=E6=B4=9E=E4=BF=AE=E5=A4=8D?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/admin/file_manage_control.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/admin/file_manage_control.php b/src/admin/file_manage_control.php
index 433a6628..3e540648 100644
--- a/src/admin/file_manage_control.php
+++ b/src/admin/file_manage_control.php
@@ -69,6 +69,10 @@ else if ($fmdo == "upload") {
         }
         $upfile = ${$upfile};
         $upfile_name = ${$upfile_name};
+        if (preg_match('#\.(php|pl|cgi|asp|aspx|jsp|php5|php4|php3|shtm|shtml)$#i', trim($upfile_name))) {
+            ShowMsg("文件扩展名已被系统禁止", "javascript:;");
+            exit();
+        }
         if (is_uploaded_file($upfile)) {
             //检查文件类型
             $mime = get_mime_type($upfile);