From 6071ced2af99d69b9c623d74c086cc64cb4d957e Mon Sep 17 00:00:00 2001
From: Daniel <845765@qq.com>
Date: Mon, 2 Mar 2026 22:28:51 +0800
Subject: [PATCH] :lock:
 https://github.com/siyuan-note/siyuan/security/advisories/GHSA-9r8w-vhmw-fwv8

Signed-off-by: Daniel <845765@qq.com>
---
 kernel/util/path.go | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/kernel/util/path.go b/kernel/util/path.go
index 8711e87ae..c60d1eec1 100644
--- a/kernel/util/path.go
+++ b/kernel/util/path.go
@@ -380,6 +380,17 @@ func IsSensitivePath(p string) bool {
 		}
 	}
 
+	// Windows 开始启动菜单路径（小写比较）
+	startMenuPrefixes := []string{
+		strings.ToLower(filepath.Join(os.Getenv("APPDATA"), "Microsoft", "Windows", "Start Menu")),
+		strings.ToLower(filepath.Join(os.Getenv("ProgramData"), "Microsoft", "Windows", "Start Menu")),
+	}
+	for _, sp := range startMenuPrefixes {
+		if strings.HasPrefix(pp, sp) {
+			return true
+		}
+	}
+
 	homePrefixes := []string{
 		strings.ToLower(filepath.Join(HomeDir, ".ssh")),
 		strings.ToLower(filepath.Join(HomeDir, ".config")),