diff --git a/qtfs/qtfs_server/fsops.c b/qtfs/qtfs_server/fsops.c
index d2944542204a14a4f1f718446b03bd281068bbc3..5e357b76857ce357a6f452d380f932f128f28be2 100644
--- a/qtfs/qtfs_server/fsops.c
+++ b/qtfs/qtfs_server/fsops.c
@@ -49,6 +49,15 @@ bool in_white_list(char *path, int type)
 {
 	int i, in_wl = -1;
 	int wl_len = 0;
+	char *str;
+
+	if (path[0] !='/') {
+		return false;
+	}
+	str = strstr(path, "/..");
+	if (str != NULL && (str[3] == '\0' || str[3] =='/')) {
+		return false;
+	}
 
 	read_lock(&g_whitelist_rwlock);
 	if (!g_whitelist[type]) {
@@ -59,8 +68,8 @@ bool in_white_list(char *path, int type)
 		wl_len = g_whitelist[type]->wl[i].len;
 		if (!strncmp(path, g_whitelist[type]->wl[i].path, g_whitelist[type]->wl[i].len)){
 			//到这一行说明path长度起码是大于等于wl长度，那么以下情况是不符合白名单匹配的
-			//   wl不是以/结尾，且path的wl_len字符非结束符也不是/
-			if (g_whitelist[type]->wl[i].path[wl_len - 1] != '/' && path[wl_len] != '\0' && path[wl_len] != '/') {
+			//path的wl_len字符非结束符也不是/
+			if (path[wl_len] != '\0' && path[wl_len] != '/') {
 				continue;
 			}
 			in_wl = i;