fix: 加强图片校验，防止恶意代码通过合成到图片上传到服务器中引起的攻击行为

core/backend/src/main/java/io/dataease/service/staticResource/StaticResourceService.java

@@ -24,6 +24,8 @@ import java.nio.file.Path;
 import java.nio.file.Paths;
 import java.util.HashMap;
 import java.util.Map;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
 
 /**
  * Author: wangjiahao
@@ -65,9 +67,12 @@ public class StaticResourceService {
             LogUtil.error(e.getMessage(), e);
             return false;
         }
-        if (image == null || image.getWidth() <= 0 || image.getHeight() <= 0) {
+        Pattern pattern = Pattern.compile("\\.(png|jpg|jpeg|gif)$");
+        Matcher matcher = pattern.matcher(file.getOriginalFilename().toLowerCase());
+        if (image == null || image.getWidth() <= 0 || image.getHeight() <= 0 || !matcher.find()) {
             return false;
         }
+
         return true;
     }
 

core/frontend/src/views/background/BackgroundOverall.vue

@@ -110,7 +110,7 @@
           <el-col style="width: 130px!important;">
             <el-upload
               action=""
-              accept=".jpeg,.jpg,.png,.gif,.svg"
+              accept=".jpeg,.jpg,.png,.gif"
               class="avatar-uploader"
               list-type="picture-card"
               :class="{disabled:uploadDisabled}"

core/frontend/src/views/panel/appTemplate/AppTemplateContent.vue

@@ -86,7 +86,7 @@
           <el-col style="width: 148px!important;height: 148px!important;overflow: hidden">
             <el-upload
               action=""
-              accept=".jpeg,.jpg,.png,.gif,.svg"
+              accept=".jpeg,.jpg,.png,.gif"
               class="avatar-uploader"
               list-type="picture-card"
               :class="{disabled:uploadDisabled}"