From 71242c15b5f9df2335533ea574ccfb19768ea34b Mon Sep 17 00:00:00 2001
From: click33 <2393584716@qq.com>
Date: Thu, 9 Jan 2025 14:47:50 +0800
Subject: [PATCH] =?UTF-8?q?fix(core):=20=E6=96=B0=E5=A2=9E=E5=AF=B9?=
 =?UTF-8?q?=E5=88=86=E5=8F=B7=E5=AD=97=E7=AC=A6=E7=9A=84=20path=20?=
 =?UTF-8?q?=E8=B7=AF=E5=BE=84=E6=A0=A1=E9=AA=8C?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../java/cn/dev33/satoken/strategy/SaFirewallStrategy.java  | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/sa-token-core/src/main/java/cn/dev33/satoken/strategy/SaFirewallStrategy.java b/sa-token-core/src/main/java/cn/dev33/satoken/strategy/SaFirewallStrategy.java
index 2a769392..546dd554 100644
--- a/sa-token-core/src/main/java/cn/dev33/satoken/strategy/SaFirewallStrategy.java
+++ b/sa-token-core/src/main/java/cn/dev33/satoken/strategy/SaFirewallStrategy.java
@@ -53,11 +53,13 @@ public final class SaFirewallStrategy {
 	 * 请求 path 不允许出现的字符
 	 */
 	public String[] INVALID_CHARACTER = {
-			"//", "\\",
+			"//",           // //
+			"\\",			// \
 			"%2e", "%2E",	// .
 			"%2f", "%2F",	// /
 			"%5c", "%5C",	// \
-			"%25"	// 空格
+			";", "%3b", "%3B",	// ;    // 参考资料：https://mp.weixin.qq.com/s/77CIDZbgBwRunJeluofPTA
+			"%25"			// 空格
 	};
 
 	/**