diff --git a/controllers/HomeController.php b/controllers/HomeController.php
index e36d44c..8848ba8 100644
--- a/controllers/HomeController.php
+++ b/controllers/HomeController.php
@@ -56,12 +56,10 @@ class HomeController extends Controller
      */
     public function actionIndex($directory = null)
     {
-        //Warning: Security Vulnerability: access via $directory parameter = ../ will display the internal files of the server
         if (Yii::$app->user->isGuest) {
             return $this->redirect(Yii::$app->user->loginUrl);
         }
-        $rootDataDirectory = Yii::getAlias(Yii::$app->params['dataDirectory']);
-        $userId = Yii::$app->user->id;
+        $rootDataDirectory = Yii::getAlias(Yii::$app->params['dataDirectory']) . '/' . Yii::$app->user->id;
 
         if ($directory === '.' || $directory == null) {
             $directory = null;
@@ -71,7 +69,7 @@ class HomeController extends Controller
         } else {
             $parentDirectory = dirname($directory);
         }
-        $directoryContents = $this->getDirectoryContents(join(DIRECTORY_SEPARATOR, [$rootDataDirectory, $userId, $directory ?: '.']));
+        $directoryContents = $this->getDirectoryContents(join(DIRECTORY_SEPARATOR, [$rootDataDirectory, $directory ?: '.']));
         foreach ($directoryContents as $key => $item) {
             $relativePath = $directory ? $directory . '/' . $item : $item;
             $absolutePath = Yii::getAlias('@app') . '/data/' . Yii::$app->user->id . '/' . $relativePath;
diff --git a/web/js/home_script.js b/web/js/home_script.js
index 112c453..6b47ce0 100644
--- a/web/js/home_script.js
+++ b/web/js/home_script.js
@@ -95,10 +95,6 @@ $(document).on('click', '.batch-zip-btn', function () {
     $('#zipModal').modal('show');
 });
 
-
-
-
-
 $(document).on('click', '.unzip-btn', function () {
     console.log('解压按钮被点击');
     // 在这里添加你的代码