diff --git a/app/Http/Controllers/IndexController.php b/app/Http/Controllers/IndexController.php
index 1555b55bc..80d9020c4 100755
--- a/app/Http/Controllers/IndexController.php
+++ b/app/Http/Controllers/IndexController.php
@@ -321,6 +321,10 @@ class IndexController extends InvokeController
         $data = parse_url($key);
         $path = Arr::get($data, 'path');
         $file = public_path($path);
+        // 防止 ../ 穿越获取到系统文件
+        if (strpos(realpath($file), public_path()) !== 0) {
+            return abort(404);
+        }
         //
         if (file_exists($file)) {
             parse_str($data['query'], $query);
diff --git a/app/Module/Base.php b/app/Module/Base.php
index 3781ae88d..3780c9c99 100755
--- a/app/Module/Base.php
+++ b/app/Module/Base.php
@@ -2117,7 +2117,7 @@ class Base
             }
             $scaleName = "";
             if ($param['fileName']) {
-                $fileName = $param['fileName'];
+                $fileName = basename($param['fileName']);
             } else {
                 if ($param['scale'] && is_array($param['scale'])) {
                     list($width, $height) = $param['scale'];
@@ -2276,7 +2276,7 @@ class Base
             if ($param['fileName'] === true) {
                 $fileName = $file->getClientOriginalName();
             } elseif ($param['fileName']) {
-                $fileName = $param['fileName'];
+                $fileName = basename($param['fileName']);
             } else {
                 if ($param['scale'] && is_array($param['scale'])) {
                     list($width, $height) = $param['scale'];