diff --git a/src/main/java/net/mingsoft/cms/action/CategoryAction.java b/src/main/java/net/mingsoft/cms/action/CategoryAction.java
index 403e9f61..8292d0f0 100755
--- a/src/main/java/net/mingsoft/cms/action/CategoryAction.java
+++ b/src/main/java/net/mingsoft/cms/action/CategoryAction.java
@@ -22,6 +22,7 @@
 
 package net.mingsoft.cms.action;
 
+import cn.hutool.core.io.file.FileNameUtil;
 import cn.hutool.core.util.StrUtil;
 import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
 import com.baomidou.mybatisplus.core.toolkit.Wrappers;
@@ -170,7 +171,7 @@ public class CategoryAction extends BaseAction {
         }
 
         // 过滤非法路径
-        if (category.getCategoryPinyin().contains("../") || category.getCategoryPinyin().contains("..\\")) {
+        if (FileNameUtil.containsInvalid(category.getCategoryPinyin())) {
             return ResultData.build().error(this.getResString("err.error",this.getResString("category.pinyin")));
         }
 
@@ -267,7 +268,7 @@ public class CategoryAction extends BaseAction {
             return ResultData.build().error(getResString("err.length", this.getResString("category.parent.id"), "1", "100"));
         }
         // 过滤非法路径
-        if (category.getCategoryPinyin().contains("../") || category.getCategoryPinyin().contains("..\\")) {
+        if (FileNameUtil.containsInvalid(category.getCategoryPinyin())) {
             return ResultData.build().error(this.getResString("err.error",this.getResString("category.pinyin")));
         }
         //判断拼音是否重复并且是否和原拼音相同
@@ -393,7 +394,7 @@ public class CategoryAction extends BaseAction {
     @ApiOperation(value = "强制转换类型接口")
     @ApiImplicitParams({
             @ApiImplicitParam(name = "typeid", value = "编号", required =true,paramType="query"),
-            @ApiImplicitParam(name = "categoryType", value = "栏目类型", required =true,paramType="query")
+            @ApiImplicitParam(name = "categoryType", value = "栏目类型,1:列表,2:单篇,3:链接", required =true,paramType="query")
     })
     @GetMapping("/changeType")
     @ResponseBody
diff --git a/src/main/java/net/mingsoft/cms/action/ContentAction.java b/src/main/java/net/mingsoft/cms/action/ContentAction.java
index d59d9bcd..e7b20da5 100755
--- a/src/main/java/net/mingsoft/cms/action/ContentAction.java
+++ b/src/main/java/net/mingsoft/cms/action/ContentAction.java
@@ -112,7 +112,7 @@ public class ContentAction extends BaseAction {
     	@ApiImplicitParam(name = "contentSource", value = "文章来源", required =false,paramType="query"),
     	@ApiImplicitParam(name = "contentDatetime", value = "发布时间", required =false,paramType="query"),
     })
-	@PostMapping("/list")
+	@RequestMapping(value = "/list",method = {RequestMethod.GET,RequestMethod.POST})
 	@ResponseBody
 	@RequiresPermissions("cms:content:view")
 	public ResultData list(@ModelAttribute @ApiIgnore ContentBean content) {
diff --git a/src/main/java/net/mingsoft/cms/action/GeneraterAction.java b/src/main/java/net/mingsoft/cms/action/GeneraterAction.java
index 159d7d95..d1d5523b 100755
--- a/src/main/java/net/mingsoft/cms/action/GeneraterAction.java
+++ b/src/main/java/net/mingsoft/cms/action/GeneraterAction.java
@@ -135,6 +135,13 @@ public class GeneraterAction extends BaseAction {
         // 生成后的文件名称
         String generateFileName = request.getParameter("position");
 
+        // 防止篡改主页
+        if (tmpFileName.contains("..") || tmpFileName.contains("../") || tmpFileName.contains("\\..")){
+            return ResultData.build().error(getResString("template.file"));
+        }
+        if (generateFileName.contains("..") || generateFileName.contains("../") || generateFileName.contains("\\..")){
+            return ResultData.build().error(getResString("template.file"));
+        }
         // 获取文件所在路径 首先判断用户输入的模板文件是否存在
         if (!FileUtil.exist(ParserUtil.buildTemplatePath())) {
             return ResultData.build().error(getResString("template.file"));
diff --git a/src/main/java/net/mingsoft/cms/aop/ContentAop.java b/src/main/java/net/mingsoft/cms/aop/ContentAop.java
index 233476b4..598c25b6 100755
--- a/src/main/java/net/mingsoft/cms/aop/ContentAop.java
+++ b/src/main/java/net/mingsoft/cms/aop/ContentAop.java
@@ -23,6 +23,10 @@
 package net.mingsoft.cms.aop;
 
 import cn.hutool.core.io.FileUtil;
+import net.mingsoft.base.constant.Const;
+import net.mingsoft.base.entity.ResultData;
+import net.mingsoft.base.exception.BusinessException;
+import net.mingsoft.base.util.BundleUtil;
 import net.mingsoft.basic.aop.BaseAop;
 import net.mingsoft.basic.util.BasicUtil;
 import net.mingsoft.cms.biz.ICategoryBiz;
@@ -158,14 +162,19 @@ public class ContentAop extends BaseAop {
         String htmlPath = BasicUtil.getRealPath(htmlDir);
         // appDir
         String appDir = BasicUtil.getApp().getAppDir();
-
-        // 删除静态文件
         // 文件路径组成 html真实路径 + appdir + 栏目路径 + 文章ID + .html
-        boolean flag = FileUtil.del(htmlPath
+        String path = htmlPath
                 + File.separator + appDir
                 + categoryPath
                 + File.separator + contentId
-                + ParserUtil.HTML_SUFFIX);
+                + ParserUtil.HTML_SUFFIX;
+        // 校验路径是否合法
+        if (path.contains("..") || path.contains("../") || path.contains("..\\")) {
+            LOG.error("非法路径："+path);
+            throw new BusinessException(BundleUtil.getString(Const.RESOURCES,"err.error",BundleUtil.getString(net.mingsoft.basic.constant.Const.RESOURCES,"file.path")));
+        }
+        // 删除静态文件
+        boolean flag = FileUtil.del(path);
         if (flag) {
             LOG.info("删除静态文件成功！");
         } else {