From a32d453d07845a1ffd6546ffc3e36bdf380bdc34 Mon Sep 17 00:00:00 2001
From: jishenghua <752718920@qq.com>
Date: Thu, 7 Aug 2025 16:42:52 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BC=98=E5=8C=96=E8=BF=87=E6=BB=A4=E7=9A=84?=
 =?UTF-8?q?=E4=BB=A3=E7=A0=81=EF=BC=8C=E4=BF=AE=E5=A4=8D=E6=BC=8F=E6=B4=9E?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 jshERP-boot/src/main/java/com/jsh/erp/filter/LogCostFilter.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/jshERP-boot/src/main/java/com/jsh/erp/filter/LogCostFilter.java b/jshERP-boot/src/main/java/com/jsh/erp/filter/LogCostFilter.java
index 2546892b..1614b059 100644
--- a/jshERP-boot/src/main/java/com/jsh/erp/filter/LogCostFilter.java
+++ b/jshERP-boot/src/main/java/com/jsh/erp/filter/LogCostFilter.java
@@ -38,7 +38,7 @@ public class LogCostFilter implements Filter {
         HttpServletRequest servletRequest = (HttpServletRequest) request;
         HttpServletResponse servletResponse = (HttpServletResponse) response;
         String requestUrl = servletRequest.getRequestURI();
-        if(requestUrl.contains("../") || requestUrl.contains("..;/")) {
+        if(requestUrl.contains("../") || requestUrl.contains("..;/") || requestUrl.contains("%2e")) {
             servletResponse.setStatus(500);
             servletResponse.getWriter().write("loginOut");
             return;