diff --git a/src/main/java/org/jeecgframework/web/system/controller/core/SystemController.java b/src/main/java/org/jeecgframework/web/system/controller/core/SystemController.java
index e8a5e8b3..4181235a 100644
--- a/src/main/java/org/jeecgframework/web/system/controller/core/SystemController.java
+++ b/src/main/java/org/jeecgframework/web/system/controller/core/SystemController.java
@@ -1195,7 +1195,9 @@ public class SystemController extends BaseController {
 	        }else if("1".equals(delFlag)){
 	        	String path=request.getParameter("path");
 	        	String delpath=ctxPath+File.separator+path;
-	        	File fileDelete = new File(delpath);
+				delpath = delpath.replace("..", "").replace("../", "");
+
+				File fileDelete = new File(delpath);
 	    		if (!fileDelete.exists() || !fileDelete.isFile()) {
 	    			msg="警告: " + delpath + "不存在!";
 	    			j.setSuccess(true);//不存在前台也给他删除