diff --git a/src/main/java/com/zhgd/xmgl/modules/basicdata/controller/admin/FileController.java b/src/main/java/com/zhgd/xmgl/modules/basicdata/controller/admin/FileController.java
index a71688d..9ab479e 100644
--- a/src/main/java/com/zhgd/xmgl/modules/basicdata/controller/admin/FileController.java
+++ b/src/main/java/com/zhgd/xmgl/modules/basicdata/controller/admin/FileController.java
@@ -16,6 +16,7 @@ import org.springframework.web.multipart.MultipartFile;
 import springfox.documentation.annotations.ApiIgnore;
 
 import javax.servlet.http.HttpServletResponse;
+import java.util.Locale;
 import java.util.Map;
 
 /**
@@ -56,6 +57,24 @@ public class FileController {
     @ApiOperation(value = "文件上传", notes = "文件上传",  httpMethod="POST")
     @PostMapping("/upload")
     public Result<Map<String, Object>> upload(MultipartFile file) {
+        String[] FILE_SUFFIX_SUPPORT ={".jsp",".php",".asp",".aspx",".exe"};
+        // 校验文件是否为空
+        if (file == null) {
+            throw new RuntimeException("文件不能为空！");
+        }
+        //得到文件名
+        String originalFilename = file.getOriginalFilename();
+        // 校验文件后缀
+        if (!originalFilename.contains(".")) {
+            throw new RuntimeException("文件不能没有后缀！");
+        }
+        String suffix = originalFilename.substring(originalFilename.lastIndexOf('.'));
+        for (String s : FILE_SUFFIX_SUPPORT) {
+            //转换为小写比较，Locale.ROOT为区域转换规则可不写
+            if (s.equals(suffix.toLowerCase(Locale.ROOT))) {
+                throw new RuntimeException("请上传正常的文件!");
+            }
+        }
         return Result.success(fileDetailService.upload(file));
     }