From bc11ec0e6b09d1da34abd970a2acf7b461127eca Mon Sep 17 00:00:00 2001
From: Pu Zhibing <393733352@qq.com>
Date: 星期二, 16 九月 2025 15:19:12 +0800
Subject: [PATCH] 修改安全漏洞

---
 management/guns-admin/src/main/java/com/stylefeng/guns/modular/system/controller/general/TAppUserController.java |   10 ++++++++++
 1 files changed, 10 insertions(+), 0 deletions(-)

diff --git a/management/guns-admin/src/main/java/com/stylefeng/guns/modular/system/controller/general/TAppUserController.java b/management/guns-admin/src/main/java/com/stylefeng/guns/modular/system/controller/general/TAppUserController.java
index 3c22173..adab694 100644
--- a/management/guns-admin/src/main/java/com/stylefeng/guns/modular/system/controller/general/TAppUserController.java
+++ b/management/guns-admin/src/main/java/com/stylefeng/guns/modular/system/controller/general/TAppUserController.java
@@ -2,7 +2,9 @@
 
 import com.baomidou.mybatisplus.mapper.EntityWrapper;
 import com.stylefeng.guns.core.base.controller.BaseController;
+import com.stylefeng.guns.core.base.tips.SuccessTip;
 import com.stylefeng.guns.core.log.LogObjectHolder;
+import com.stylefeng.guns.core.util.ToolUtil;
 import com.stylefeng.guns.modular.system.controller.resp.TAppUserResp;
 import com.stylefeng.guns.modular.system.controller.util.ExcelUtil;
 import com.stylefeng.guns.modular.system.enums.CouponStatusEnum;
@@ -214,6 +216,10 @@
     @RequestMapping(value = "/add")
     @ResponseBody
     public Object add(TAppUser tAppUser) {
+        String avatar = tAppUser.getAvatar();
+        if(ToolUtil.isNotEmpty(avatar) && !avatar.contains("png") && !avatar.contains("jpg")){
+            return new SuccessTip(500,"请上传png/jpg格式的头像照片!");
+        }
         tAppUserService.insert(tAppUser);
         return SUCCESS_TIP;
     }
@@ -257,6 +263,10 @@
     @RequestMapping(value = "/update")
     @ResponseBody
     public Object update(TAppUser tAppUser) {
+        String avatar = tAppUser.getAvatar();
+        if(ToolUtil.isNotEmpty(avatar) && !avatar.contains("png") && !avatar.contains("jpg")){
+            return new SuccessTip(500,"请上传png/jpg格式的头像照片!");
+        }
         tAppUserService.updateById(tAppUser);
         return SUCCESS_TIP;
     }

--
Gitblit v1.7.1