diff --git a/application/common/controller/Backend.php b/application/common/controller/Backend.php
index 91f658a..6dff0b6 100644
--- a/application/common/controller/Backend.php
+++ b/application/common/controller/Backend.php
@@ -117,7 +117,7 @@ class Backend extends Controller
             if (!$this->auth->match($this->noNeedRight))
             {
                 // 判断控制器和方法判断是否有对应权限
-                $path = $this->request->path();
+                $path = str_replace('.', '/', $this->request->path());
                 $path = substr($path, 0, 1) == '/' ? $path : '/' . $path;
                 if (!$this->auth->check($path))
                 {
diff --git a/public/assets/js/require-form.js b/public/assets/js/require-form.js
index 3209ae2..807ecba 100755
--- a/public/assets/js/require-form.js
+++ b/public/assets/js/require-form.js
@@ -51,7 +51,7 @@ define(['jquery', 'bootstrap', 'backend', 'toastr', 'upload', 'validator'], func
                                 }
                                 Toastr.success(msg ? msg : __('Operation completed'));
                             } else {
-                                if (typeof data.token !== 'undefined') {
+                                if (data && typeof data === 'object' && typeof data.token !== 'undefined') {
                                     $("input[name='__token__']").val(data.token);
                                 }
                                 Toastr.error(msg ? msg : __('Operation failed'));