From 9bb1ee8d456d1a6c1149963eeb9c8285844466ef Mon Sep 17 00:00:00 2001
From: Ludc <2870569285@qq.com>
Date: 星期五, 16 一月 2026 17:39:12 +0800
Subject: [PATCH] 文件后缀校验逻辑修改

---
 Source/UBCS/ubcs-common/src/main/java/com/vci/ubcs/common/validator/ComprehensiveFileValidator.java |   16 +++++++++++-----
 1 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/Source/UBCS/ubcs-common/src/main/java/com/vci/ubcs/common/validator/ComprehensiveFileValidator.java b/Source/UBCS/ubcs-common/src/main/java/com/vci/ubcs/common/validator/ComprehensiveFileValidator.java
index 96b19cc..aed7e31 100644
--- a/Source/UBCS/ubcs-common/src/main/java/com/vci/ubcs/common/validator/ComprehensiveFileValidator.java
+++ b/Source/UBCS/ubcs-common/src/main/java/com/vci/ubcs/common/validator/ComprehensiveFileValidator.java
@@ -21,7 +21,7 @@
 	/**
 	 * 鏂囦欢鐧藉悕鍗�
 	 */
-	@Value("${app.upload.security.allowed-extensions:jpg,jpeg,png,pdf}")
+	@Value("${app.upload.security.allowed-extensions:xls,xlsx,jar,doc,docx,jpg,jpeg,png,pdf}")
 	private String allowedExtensionsConfig;
 
 	/**
@@ -274,9 +274,13 @@
 
 	private boolean contentSecurityValidation(MultipartFile file, UploadValidationResult result) {
 		// 鍐呭绫诲瀷楠岃瘉
-		if (validateContentType && !validateContentType(file)) {
-			result.setMessage("鏂囦欢鍐呭绫诲瀷涓嶅尮閰�");
-			return false;
+		if (validateContentType) { //閰嶇疆浜嗘牎楠屼綅true
+			//鍚庣紑涓嶅湪鐧藉悕鍗曚腑锛屽苟涓旀枃浠跺唴瀹逛笌绫诲瀷涓嶅尮閰嶇洿鎺ヨ繑鍥�
+			String finalExtension = getFinalExtension(file.getOriginalFilename().toLowerCase());
+			if(!allowedExtensions.contains(finalExtension) && !validateContentType(file)){
+				result.setMessage("鏂囦欢鍐呭绫诲瀷涓嶅尮閰峓鍚庣紑:"+finalExtension+";ContentType:"+file.getContentType()+"]");
+				return false;
+			}
 		}
 
 		// 鏂囦欢澶撮獙璇�
@@ -313,9 +317,11 @@
 			if (declaredType == null) {
 				return true; // 娌℃湁澹版槑绫诲瀷锛屾斁杩�
 			}
-
+			log.info("===========================ContentType: " + declaredType);
 			// 绠�鍗曠殑绫诲瀷鍖归厤妫�鏌�
 			String finalExtension = getFinalExtension(file.getOriginalFilename()).toLowerCase();
+			log.info("===========================finalExtension: " + finalExtension);
+
 			return isContentTypeConsistent(declaredType, finalExtension);
 		} catch (Exception e) {
 			log.error("鍐呭绫诲瀷楠岃瘉澶辫触", e);

--
Gitblit v1.10.0