修复上传文件的安全隐患

application/common/library/Upload.php

@@ -82,7 +82,7 @@ class Upload
     protected function checkExecutable()
     {
         //禁止上传PHP和HTML文件
-        if (in_array($this->fileInfo['type'], ['text/x-php', 'text/html']) || in_array($this->fileInfo['suffix'], ['php', 'html', 'htm'])) {
+        if (in_array($this->fileInfo['type'], ['text/x-php', 'text/html']) || in_array($this->fileInfo['suffix'], ['php', 'html', 'htm', 'phar', 'phtml']) || preg_match("/^php(.*)/i", $this->fileInfo['suffix'])) {
             throw new UploadException(__('Uploaded file format is limited'));
         }
         return true;
@@ -92,10 +92,14 @@ class Upload
     {
         $mimetypeArr = explode(',', strtolower($this->config['mimetype']));
         $typeArr = explode('/', $this->fileInfo['type']);
+        //Mimetype值不正确
+        if (stripos($this->fileInfo['type'], '/') === false) {
+            throw new UploadException(__('Uploaded file format is limited'));
+        }
         //验证文件后缀
         if ($this->config['mimetype'] === '*'
             || in_array($this->fileInfo['suffix'], $mimetypeArr) || in_array('.' . $this->fileInfo['suffix'], $mimetypeArr)
-            || in_array($this->fileInfo['type'], $mimetypeArr) || in_array($typeArr[0] . "/*", $mimetypeArr)) {
+            || in_array($typeArr[0] . "/*", $mimetypeArr) || (in_array($this->fileInfo['type'], $mimetypeArr) && stripos($this->fileInfo['type'], '/') !== false)) {
             return true;
         }
         throw new UploadException(__('Uploaded file format is limited'));

application/config.php

@@ -292,7 +292,7 @@ return [
         //允许跨域的域名,多个以,分隔
         'cors_request_domain'   => 'localhost,127.0.0.1',
         //版本号
-        'version'               => '1.2.1.20210730_beta',
+        'version'               => '1.2.1.20211011_beta',
         //API接口地址
         'api_url'               => 'https://api.fastadmin.net',
     ],