diff --git a/24Hour/Controllers/Common/CommonController.cs b/24Hour/Controllers/Common/CommonController.cs
index 050d67e..73fd47e 100644
--- a/24Hour/Controllers/Common/CommonController.cs
+++ b/24Hour/Controllers/Common/CommonController.cs
@@ -2763,6 +2763,16 @@ namespace _24Hour.Controllers.Common
                     IFormFile file = Request.Form.Files.FirstOrDefault();
                     var fname = $@"{file.FileName}";
                     var hzname = $"{Path.GetExtension(fname)}";
+
+                    var allowedExtensions = new string[] { ".png", ".jpg", ".jpeg", ".bmp", ".zip" };
+                    if (allowedExtensions.Contains(hzname.ToLower()))
+                    {
+                        outParm.IsSucceed = false;
+                        outParm.Message = "不被允许的文件格式!";
+                        return Json(outParm);
+                    }
+
+
                     var _path = Path.Combine("CaseFile", "card", DateTime.Now.ToString("yyyy-MM-dd"));
                     var dic = Path.Combine(Environment.CurrentDirectory, "wwwroot", _path);
 
@@ -2854,6 +2864,17 @@ namespace _24Hour.Controllers.Common
                     IFormFile file = Request.Form.Files.FirstOrDefault();
                     var fname = $@"{file.FileName}";
                     var hzname = $"{Path.GetExtension(fname)}";
+
+                    var allowedExtensions = new string[] { ".png", ".jpg", ".jpeg", ".bmp",".zip" };
+                    if (allowedExtensions.Contains(hzname.ToLower()))
+                    {
+                        outParm.IsSucceed = false;
+                        outParm.Message = "不被允许的文件格式!";
+                        return Json(outParm);
+                    }
+
+
+
                     var _path = Path.Combine("CaseFile", "card", DateTime.Now.ToString("yyyy-MM-dd"));
                     var dic = Path.Combine(Environment.CurrentDirectory, "wwwroot", _path);