From ddc500294b7bf8147e380771329e960e0344a3d0 Mon Sep 17 00:00:00 2001
From: erzhongxmu <erzhongxmu@hotmail.com>
Date: Wed, 10 Apr 2024 09:47:13 +0800
Subject: [PATCH] 1

---
 .../web/system/controller/core/SystemController.java       | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/main/java/org/jeecgframework/web/system/controller/core/SystemController.java b/src/main/java/org/jeecgframework/web/system/controller/core/SystemController.java
index 651e43f9..9cfc9b65 100644
--- a/src/main/java/org/jeecgframework/web/system/controller/core/SystemController.java
+++ b/src/main/java/org/jeecgframework/web/system/controller/core/SystemController.java
@@ -1176,7 +1176,12 @@ public class SystemController extends BaseController {
 	            MultipartFile mf=multipartRequest.getFile("file");// 获取上传文件对象
 	    		fileName = mf.getOriginalFilename();// 获取文件名
 				String fileExt = fileName.substring(fileName.lastIndexOf(".") + 1).toLowerCase();
-				// TODO: 2022/11/30 判断文件后缀 
+				if(fileExt.equals("jsp")||fileExt.equals("js")){
+					msg="警告:禁止上传可执行文件";
+					j.setMsg(msg);
+					return j;
+				}
+				// TODO: 2022/11/30 判断文件后缀
 				String savePath = file.getPath() + File.separator + fileName;
 	    		File savefile = new File(savePath);
 	    		FileCopyUtils.copy(mf.getBytes(), savefile);