diff --git a/server/service/system/sys_export_template.go b/server/service/system/sys_export_template.go
index c27bf46697..f5334827df 100644
--- a/server/service/system/sys_export_template.go
+++ b/server/service/system/sys_export_template.go
@@ -203,14 +203,43 @@ func (sysExportTemplateService *SysExportTemplateService) ExportExcel(templateID
 		}
 	}
 
+	// 获取当前表的所有字段
+	table := template.TableName
+	orderColumns, err := global.GVA_DB.Migrator().ColumnTypes(table)
+	if err != nil {
+		return nil, "", err
+	}
+
+	// 创建一个 map 来存储字段名
+	fields := make(map[string]bool)
+
+	for _, column := range orderColumns {
+		fields[column.Name()] = true
+	}
+
 	// 通过参数传入order
 	order := values.Get("order")
-	if order != "" {
-		db = db.Order(order)
-	}
-	// 模板的默认order
+
 	if order == "" && template.Order != "" {
-		db = db.Order(template.Order)
+		// 如果没有order入参，这里会使用模板的默认排序
+		order = template.Order
+	}
+
+	if order != "" {
+		checkOrderArr := strings.Split(order, " ")
+		orderStr := ""
+		// 检查请求的排序字段是否在字段列表中
+		if _, ok := fields[checkOrderArr[0]]; !ok {
+			return nil, "", fmt.Errorf("order by %s is not in the fields", order)
+		}
+		orderStr = checkOrderArr[0]
+		if len(checkOrderArr) > 1 {
+			if checkOrderArr[1] != "asc" && checkOrderArr[1] != "desc" {
+				return nil, "", fmt.Errorf("order by %s is not secure", order)
+			}
+			orderStr = orderStr + " " + checkOrderArr[1]
+		}
+		db = db.Order(orderStr)
 	}
 
 	err = db.Debug().Find(&tableMap).Error
diff --git a/web/vite.config.js b/web/vite.config.js
index 1de5fc39cd..2ce4aa16e8 100644
--- a/web/vite.config.js
+++ b/web/vite.config.js
@@ -11,12 +11,14 @@ import vuePlugin from '@vitejs/plugin-vue'
 import GvaPosition from './vitePlugin/gvaPosition'
 import GvaPositionServer from './vitePlugin/codeServer'
 import fullImportPlugin from './vitePlugin/fullImport/fullImport.js'
-import { svgBuilder } from './vitePlugin/svgIcon/svgIcon.js'
+import { svgBuilder } from 'vite-auto-import-svg'
+import { AddSecret } from './vitePlugin/secret'
 // @see https://cn.vitejs.dev/config/
 export default ({
   command,
   mode
 }) => {
+  AddSecret("")
   const NODE_ENV = mode || 'development'
   const envFiles = [
     `.env.${NODE_ENV}`
@@ -106,13 +108,13 @@ export default ({
     )
   } else {
     config.plugins.push(AutoImport({
-      resolvers: [ElementPlusResolver()]
-    }),
-    Components({
-      resolvers: [ElementPlusResolver({
-        importStyle: 'sass'
-      })]
-    }))
+        resolvers: [ElementPlusResolver()]
+      }),
+      Components({
+        resolvers: [ElementPlusResolver({
+          importStyle: 'sass'
+        })]
+      }))
   }
   return config
 }
diff --git a/web/vitePlugin/secret/index.js b/web/vitePlugin/secret/index.js
new file mode 100644
index 0000000000..56fd3333d9
--- /dev/null
+++ b/web/vitePlugin/secret/index.js
@@ -0,0 +1,6 @@
+export function AddSecret(secret) {
+  if(!secret){
+    secret = ""
+  }
+  global['gva-secret'] = secret;
+}
diff --git a/web/vitePlugin/svgIcon/svgIcon.js b/web/vitePlugin/svgIcon/svgIcon.js
deleted file mode 100644
index 42b0430042..0000000000
--- a/web/vitePlugin/svgIcon/svgIcon.js
+++ /dev/null
@@ -1,65 +0,0 @@
-import { readFileSync, readdirSync } from 'fs'
-const svgTitle = /<svg([^>+].*?)>/
-const clearHeightWidth = /(width|height)="([^>+].*?)"/g
-const hasViewBox = /(viewBox="[^>+].*?")/g
-const clearReturn = /(\r)|(\n)/g
-function findSvgFile(dir) {
-  const svgRes = []
-  const dirents = readdirSync(dir, {
-    withFileTypes: true
-  })
-  for (const dirent of dirents) {
-    if (dirent.isDirectory()) {
-      svgRes.push(...findSvgFile(dir + dirent.name + '/'))
-    } else {
-      const svg = readFileSync(dir + dirent.name)
-        .toString()
-        .replace(clearReturn, '')
-        .replace(svgTitle, ($1, $2) => {
-          let width = 0
-          let height = 0
-          let content = $2.replace(clearHeightWidth, (s1, s2, s3) => {
-            if (s2 === 'width') {
-              width = s3
-            } else if (s2 === 'height') {
-              height = s3
-            }
-            return ''
-          })
-          if (!hasViewBox.test($2)) {
-            content += `viewBox="0 0 ${width} ${height}"`
-          }
-          return `<symbol id="${dirent.name.replace('.svg', '')}" ${content}>`
-        })
-        .replace('</svg>', '</symbol>')
-      svgRes.push(svg)
-    }
-  }
-  return svgRes
-}
-export const svgBuilder = (path) => {
-  if (path === '') return
-  const res = findSvgFile(path)
-  const timestamp = Date.now()
-  const secretCode = '087AC4D233B64EB0'
-  return {
-    name: 'svg-transform',
-    transformIndexHtml(html) {
-      return html.replace(
-        '<head>',
-        `
-          <head>
-            <meta name="keywords" content="${timestamp},${secretCode}">
-        `
-      ).replace(
-        '<body>',
-        `
-          <body>
-            <svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" style="position: absolute; width: 0; height: 0">
-              ${res.join('')}
-            </svg>
-        `
-      )
-    }
-  }
-}