From 29b05dee3d27a807ac50bbc7601ab4f742a9db60 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=82=B9=E6=99=AF=E7=AB=8B?= Date: Wed, 15 Sep 2021 16:59:44 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E6=94=B9=E6=96=87=E4=BB=B6=E4=B8=8A?= =?UTF-8?q?=E4=BC=A0=E6=96=87=E4=BB=B6=E5=90=8D=E7=A7=B0=E9=AA=8C=E8=AF=81?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This reverts commit cd52d2c1dd8c2b05e55db6f1e54a5f225edfbd6c. --- app/admin/controller/api/Upload.php | 2 -- 1 file changed, 2 deletions(-) diff --git a/app/admin/controller/api/Upload.php b/app/admin/controller/api/Upload.php index af8781349d..7c52b5025f 100644 --- a/app/admin/controller/api/Upload.php +++ b/app/admin/controller/api/Upload.php @@ -111,8 +111,6 @@ public function file() $safeMode = $this->getSafe(); $extension = strtolower($file->getOriginalExtension()); $saveName = input('key') ?: Storage::name($file->getPathname(), $extension, '', 'md5_file'); - // 检查文件名称是否合法 - if (strpos($saveName, '../') !== false) $this->error('文件路径不能出现跳级操作!'); // 检查文件后缀是否被恶意修改 if (pathinfo(parse_url($saveName, PHP_URL_PATH), PATHINFO_EXTENSION) !== $extension) { $this->error('文件后缀异常,请重新上传文件!');