diff --git a/kybackup/component/backuplistwidget.cpp b/kybackup/component/backuplistwidget.cpp
index 933dee5..556f7db 100755
--- a/kybackup/component/backuplistwidget.cpp
+++ b/kybackup/component/backuplistwidget.cpp
@@ -208,6 +208,19 @@ void BackupListWidget::dropEvent(QDropEvent *event)
bool BackupListWidget::checkPathLimit(const QString &path)
{
+ // 防命令注入
+ // 1、形如:mkdir '`id&>id_bak_test.txt`'中的文件夹名称
+ // 2、形如:$()的文件夹名称
+ // 3、形如:${}的文件夹名称
+ // 4、包含[;、&、|]等可以包含并执行系统命令或用于连续执行系统命令的符号
+ if ( path.contains(QRegularExpression(".*`.*`.*"))
+ || path.contains(QRegularExpression(".*\\$\\(.*\\).*"))
+ || path.contains(QRegularExpression(".*\\$\\{.*\\}.*"))
+ || path.contains(QRegularExpression("[;&|]+"))) {
+ MessageBoxUtils::QMESSAGE_BOX_WARNING(this, QObject::tr("Warning"), QObject::tr("Path can not include symbols that such as : ``,$(),${},;,&,|,etc."), QObject::tr("OK"));
+ return false;
+ }
+
// 1、列表中是否已经存在
if (contains(path)) {
MessageBoxUtils::QMESSAGE_BOX_WARNING(this, QObject::tr("Warning"),
diff --git a/kybackup/qt_zh_CN.ts b/kybackup/qt_zh_CN.ts
index 594d203..6883354 100755
--- a/kybackup/qt_zh_CN.ts
+++ b/kybackup/qt_zh_CN.ts
@@ -1224,9 +1224,10 @@
-
-
-
+
+
+
+
@@ -1242,14 +1243,24 @@
警告
-
+
+ Path can not include symbols that such as : ``,$(),${},;,&,|,etc.
+ 路径中不能包含:``、$()、${}、;、&、|等特殊符号
+
+
+
+ OK
+
+
+
+
Path already exists :
路径已经存在:
-
-
-
+
+
+
@@ -1271,12 +1282,12 @@
确定
-
+
The file or directory does not exist :
文件或目录不存在
-
+
Only data that exists in the follow directorys can be selected: %1.
Path:%2 is not in them.
只有后面目录中的数据可以选择:%1。
diff --git a/kybackup/resource/language/qt_zh_CN.qm b/kybackup/resource/language/qt_zh_CN.qm
index 0b70a76..438b1db 100644
Binary files a/kybackup/resource/language/qt_zh_CN.qm and b/kybackup/resource/language/qt_zh_CN.qm differ