From 1f29ce93b6cc7c49810adb8ffa008c0d29322f6c Mon Sep 17 00:00:00 2001
From: fit2cloud-chenyw <yawen.chen@fit2cloud.com>
Date: Mon, 17 Mar 2025 17:21:11 +0800
Subject: [PATCH] =?UTF-8?q?perf(X-Pack):=20=E5=AE=9A=E6=97=B6=E6=8A=A5?=
 =?UTF-8?q?=E5=91=8A=E4=B8=8B=E8=BD=BD=E9=99=84=E4=BB=B6=E9=94=99=E8=AF=AF?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 sdk/common/src/main/java/io/dataease/utils/WhitelistUtils.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sdk/common/src/main/java/io/dataease/utils/WhitelistUtils.java b/sdk/common/src/main/java/io/dataease/utils/WhitelistUtils.java
index 75c63648f8..8ef1ddcd7c 100644
--- a/sdk/common/src/main/java/io/dataease/utils/WhitelistUtils.java
+++ b/sdk/common/src/main/java/io/dataease/utils/WhitelistUtils.java
@@ -103,7 +103,7 @@ public class WhitelistUtils {
     }
 
     private static void invalidUrl(String requestURI) {
-        if (requestURI.contains("./") || requestURI.contains("%") || (requestURI.contains(";") && !requestURI.contains("?"))) {
+        if (requestURI.contains("./") || requestURI.contains(".%") || requestURI.toLowerCase().contains("%2e") || (requestURI.contains(";") && !requestURI.contains("?"))) {
             DEException.throwException(INTERFACE_ADDRESS_INVALID.code(), String.format("%s [%s]", INTERFACE_ADDRESS_INVALID.message(), requestURI));
         }
     }