文件下载安全优化

2021-05-15 23:56:46 +08:00 · 2021-05-15 23:56:46 +08:00 · 46a12fabed
parent c3f2a41038
commit 46a12fabed
1 changed files with 6 additions and 2 deletions
--- a/extend/base/Qrcode.php
+++ b/extend/base/Qrcode.php
@ -186,8 +186,12 @@ class Qrcode
            return DataReturn('url地址有误', -1);
        }

-        // 域名验证、仅支持下载当前域名下的文件
-        if(GetUrlHost(__MY_HOST__) != GetUrlHost($url))
+        // 验证下载地址域名
+        $domain_arr = [
+            GetUrlHost(config('shopxo.attachment_host')),
+            GetUrlHost(__MY_HOST__),
+        ];
+        if(!in_array(GetUrlHost($url), $domain_arr))
        {
            return DataReturn('url地址非法', -1);
        }