diff --git a/module-article/module-article-web/src/main/java/io/jpress/module/article/controller/ucenter/ArticleUCenterController.java b/module-article/module-article-web/src/main/java/io/jpress/module/article/controller/ucenter/ArticleUCenterController.java
index f5c6f6115bc64136fb6997d5f33c0cfe6b93c55f..8f0c3d505544832d98047b37dae522b481af4c7a 100644
--- a/module-article/module-article-web/src/main/java/io/jpress/module/article/controller/ucenter/ArticleUCenterController.java
+++ b/module-article/module-article-web/src/main/java/io/jpress/module/article/controller/ucenter/ArticleUCenterController.java
@@ -169,14 +169,21 @@ public class ArticleUCenterController extends UcenterControllerBase {
         article.setUserId(getLoginedUser().getId());
 
         if (!getLoginedUser().isStatusOk()) {
-            renderJson(Ret.fail().set("message", "当前脏话未激活，无法投稿。"));
+            renderJson(Ret.fail().set("message", "当前账号未激活，无法投稿。"));
             return;
         }
 
 
-        if (article.getId() != null && notLoginedUserModel(article)) {
-            renderJson(Ret.fail().set("message", "非法操作"));
-            return;
+        if (article.getId() != null) {
+            Article dbArticle = articleService.findById(article.getId());
+            if (dbArticle == null || notLoginedUserModel(dbArticle)) {
+                renderJson(Ret.fail().set("message", "非法操作"));
+                return;
+            }
+            if (dbArticle.isNormal()) {
+                renderJson(Ret.fail().set("message", "非法操作"));
+                return;
+            }
         }
 
         if (!validateSlug(article)) {
@@ -277,4 +284,4 @@ public class ArticleUCenterController extends UcenterControllerBase {
         renderJson(commentService.delete(comment) ? OK : FAIL);
     }
 
-}
\ No newline at end of file
+}
diff --git a/module-form/module-form-web/src/main/java/io/jpress/module/form/controller/front/FormController.java b/module-form/module-form-web/src/main/java/io/jpress/module/form/controller/front/FormController.java
index d51ec82904264da95ca5ce0e95fa02e01d030aa2..bc87a97162ac630efb559b7c93d1a4f0e5639c6d 100644
--- a/module-form/module-form-web/src/main/java/io/jpress/module/form/controller/front/FormController.java
+++ b/module-form/module-form-web/src/main/java/io/jpress/module/form/controller/front/FormController.java
@@ -77,6 +77,16 @@ public class FormController extends TemplateControllerBase {
             files = getFiles();
         }
 
+        if (files != null) {
+            for (UploadFile uploadFile : files) {
+                if (AttachmentUtils.isUnSafe(uploadFile.getFile())) {
+                    deleteFiles(files);
+                    renderJson(Ret.fail().set("message", "不支持此类文件上传"));
+                    return;
+                }
+            }
+        }
+
         CaptchaVO captchaVO = getBean(CaptchaVO.class);
 
         //进行前端滑块 参数验证