diff --git a/src/main/java/com/huawei/datashow/service/UploadFileServiceImpl.java b/src/main/java/com/huawei/datashow/service/UploadFileServiceImpl.java
index 98847924dc129a72dc22884e0c8cb7910b887151..f78e9d5fd21dde5222a01f28000dd0887580534d 100644
--- a/src/main/java/com/huawei/datashow/service/UploadFileServiceImpl.java
+++ b/src/main/java/com/huawei/datashow/service/UploadFileServiceImpl.java
@@ -28,6 +28,10 @@ public class UploadFileServiceImpl implements UploadFileService
             throw new IOException();
         } else {
             String originalFilename = file.getOriginalFilename();
+            //对文件名进行安全过滤
+            if ( originalFilename.contains("..") || originalFilename.contains("/") || originalFilename.contains("\\")) {
+                throw new IOException();
+            }
             String fileType = originalFilename.substring(originalFilename.lastIndexOf('.'));
             if (fileType.equals(".xls")) {
                 Workbook workbook = new HSSFWorkbook(file.getInputStream());
@@ -50,6 +54,10 @@ public class UploadFileServiceImpl implements UploadFileService
         }
         else {
             String originalFilename = file.getOriginalFilename();
+            //对文件名进行安全过滤
+            if ( originalFilename.contains("..") || originalFilename.contains("/") || originalFilename.contains("\\")) {
+                throw new IOException();
+            }
             String fileType = originalFilename.substring(originalFilename.lastIndexOf('.'));
             if (fileType.equals(".txt") || fileType.equals(".csv")) {
                 CSVFormat format = CSVFormat.DEFAULT.withHeader();