diff --git a/application/default/controllers/HeiheController.php b/application/default/controllers/HeiheController.php
index 87841de7..f76a804a 100644
--- a/application/default/controllers/HeiheController.php
+++ b/application/default/controllers/HeiheController.php
@@ -643,7 +643,20 @@ class HeiheController extends DataController
 				);
 				$this->jsonexit($data);
 				return true;
-			}
+			}
+			//安全检查: uuid必须是当前用户且为新建数据
+			$sql="select * from geonetworkmetadata where uuid=? and uuid not in (select uuid from metadata) and owner=?";
+			$sth=$this->db->prepare($sql);
+			$sth->execute(array($uuid,$u_id));
+			$row=$sth->fetch();
+			if (empty($row))
+			{
+				$data = array(
+					'error'=>"参数错误"
+				);
+				$this->jsonexit($data);
+				return true;
+			}			
 			
 			//ftp 用户名
 			$uname = 'heihe'.$u_id.'upload';