diff --git a/controllers/HomeController.php b/controllers/HomeController.php
index 3cf7c11..0b95044 100644
--- a/controllers/HomeController.php
+++ b/controllers/HomeController.php
@@ -171,7 +171,7 @@ class HomeController extends Controller
 
         // 使用realpath函数解析路径，并检查解析后的路径是否在预期的目录中
         $realPath = realpath($absolutePath);
-        $dataDirectory = str_replace('/', '\\', Yii::getAlias(Yii::$app->params['dataDirectory']));
+        $dataDirectory = str_replace(['/', '\\'], DIRECTORY_SEPARATOR, Yii::getAlias(Yii::$app->params['dataDirectory']));
         if (!$realPath || !str_starts_with($realPath, $dataDirectory)) {
             throw new NotFoundHttpException('File not found.');
         }
diff --git a/controllers/VaultController.php b/controllers/VaultController.php
index a67a1ea..541b701 100644
--- a/controllers/VaultController.php
+++ b/controllers/VaultController.php
@@ -157,7 +157,7 @@ class VaultController extends Controller
 
         // 使用realpath函数解析路径，并检查解析后的路径是否在预期的目录中
         $realPath = realpath($absolutePath);
-        $dataDirectory = str_replace('/', '\\', Yii::getAlias(Yii::$app->params['dataDirectory']));
+        $dataDirectory = str_replace(['/', '\\'], DIRECTORY_SEPARATOR, Yii::getAlias(Yii::$app->params['dataDirectory']));
         if (!$realPath || !str_starts_with($realPath, $dataDirectory)) {
             throw new NotFoundHttpException('File not found.');
         }