diff --git a/data/update.log b/data/update.log
index 412b1c1..5221fa3 100755
--- a/data/update.log
+++ b/data/update.log
@@ -62,4 +62,7 @@ CREATE INDEX on_options_key_IDX ON on_options ("key");
 20220312
 1. 新增API：根据ID查询单个分类信息
 2. 修复后台编辑链接，分类信息显示不正确
-3. 书签导入时文件名过滤
\ No newline at end of file
+3. 书签导入时文件名过滤
+
+20220315
+1. 修复一个任意文件漏洞
\ No newline at end of file
diff --git a/index.php b/index.php
index 82716bb..d1bf67e 100755
--- a/index.php
+++ b/index.php
@@ -43,8 +43,11 @@ if((!isset($c)) || ($c == '')){
 
 else{
 	//对请求参数进行过滤，同时检查文件是否存在
-	$c = str_replace('../','',$c);
-	$c = str_replace('./','',$c);
+	$c = str_replace('\\','/',$c);
+	$pattern = "%\./%";
+	if ( preg_match_all($pattern,$c) ) {
+		exit('非法请求!');
+	}
 	//控制器文件
 	$controller_file = "./controller/".$c.'.php';
 	if( file_exists($controller_file) ) {