From 46a12fabedf1fca7f33ecc2d733817c71c42cb08 Mon Sep 17 00:00:00 2001
From: Devil <fuxiang.gong@qq.com>
Date: Sat, 15 May 2021 23:56:46 +0800
Subject: [PATCH] =?UTF-8?q?=E6=96=87=E4=BB=B6=E4=B8=8B=E8=BD=BD=E5=AE=89?=
 =?UTF-8?q?=E5=85=A8=E4=BC=98=E5=8C=96?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 extend/base/Qrcode.php | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/extend/base/Qrcode.php b/extend/base/Qrcode.php
index 803d298d0..badbef7d1 100644
--- a/extend/base/Qrcode.php
+++ b/extend/base/Qrcode.php
@@ -186,8 +186,12 @@ class Qrcode
             return DataReturn('url地址有误', -1);
         }
 
-        // 域名验证、仅支持下载当前域名下的文件
-        if(GetUrlHost(__MY_HOST__) != GetUrlHost($url))
+        // 验证下载地址域名
+        $domain_arr = [
+            GetUrlHost(config('shopxo.attachment_host')),
+            GetUrlHost(__MY_HOST__),
+        ];
+        if(!in_array(GetUrlHost($url), $domain_arr))
         {
             return DataReturn('url地址非法', -1);
         }
-- 
GitLab