From 0bf173c5d7c13544b7a14cca51747fa3127d2864 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E9=82=B9=E6=99=AF=E7=AB=8B?= <zoujingli@qq.com>
Date: Wed, 15 Sep 2021 16:34:12 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E6=94=B9=E6=96=87=E4=BB=B6=E4=B8=8A?=
 =?UTF-8?q?=E4=BC=A0=EF=BC=8C=E6=96=87=E4=BB=B6=E5=90=8E=E7=BC=80=E9=AA=8C?=
 =?UTF-8?q?=E8=AF=81=E6=9C=BA=E5=88=B6?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app/admin/controller/api/Upload.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/admin/controller/api/Upload.php b/app/admin/controller/api/Upload.php
index 4a6c7dc9a0..7c52b5025f 100644
--- a/app/admin/controller/api/Upload.php
+++ b/app/admin/controller/api/Upload.php
@@ -112,7 +112,7 @@ public function file()
         $extension = strtolower($file->getOriginalExtension());
         $saveName = input('key') ?: Storage::name($file->getPathname(), $extension, '', 'md5_file');
         // 检查文件后缀是否被恶意修改
-        if (ltrim(strtolower(strrchr($saveName, '.')), '.') !== $extension) {
+        if (pathinfo(parse_url($saveName, PHP_URL_PATH), PATHINFO_EXTENSION) !== $extension) {
             $this->error('文件后缀异常，请重新上传文件！');
         }
         // 屏蔽禁止上传指定后缀的文件