diff --git a/pom.xml b/pom.xml
index ca00608ae..42c14baa8 100644
--- a/pom.xml
+++ b/pom.xml
@@ -10,7 +10,7 @@
     </parent>
     <groupId>com.rebuild</groupId>
     <artifactId>rebuild</artifactId>
-    <version>3.8.4</version>
+    <version>3.8.5</version>
     <name>rebuild</name>
     <description>Building your business-systems freely!</description>
     <url>https://getrebuild.com/</url>
diff --git a/src/main/java/com/rebuild/core/Application.java b/src/main/java/com/rebuild/core/Application.java
index b4fcac064..e39c89a58 100644
--- a/src/main/java/com/rebuild/core/Application.java
+++ b/src/main/java/com/rebuild/core/Application.java
@@ -74,11 +74,11 @@ public class Application implements ApplicationListener<ApplicationStartedEvent>
     /**
      * Rebuild Version
      */
-    public static final String VER = "3.8.4";
+    public static final String VER = "3.8.5";
     /**
      * Rebuild Build [MAJOR]{1}[MINOR]{2}[PATCH]{2}[BUILD]{2}
      */
-    public static final int BUILD = 3080408;
+    public static final int BUILD = 3080510;
 
     static {
         // Driver for DB
diff --git a/src/main/java/com/rebuild/core/metadata/EntityRecordCreator.java b/src/main/java/com/rebuild/core/metadata/EntityRecordCreator.java
index a90ed1a66..8dbe5ca01 100644
--- a/src/main/java/com/rebuild/core/metadata/EntityRecordCreator.java
+++ b/src/main/java/com/rebuild/core/metadata/EntityRecordCreator.java
@@ -23,6 +23,7 @@
 import com.rebuild.core.metadata.impl.EasyFieldConfigProps;
 import com.rebuild.core.service.DataSpecificationException;
 import com.rebuild.core.support.i18n.Language;
+import com.rebuild.utils.CommonsUtils;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang.StringUtils;
 import org.apache.commons.lang3.BooleanUtils;
@@ -225,10 +226,10 @@ private void keepFieldValueSafe(Record record) {
                         || field.getDisplayType() == DisplayType.AVATAR) {
 
                     String s = value.toString().toLowerCase();
-                    boolean unsafe = s.contains("http://") || s.contains("https://");
+                    boolean unsafe = CommonsUtils.isExternalUrl(s);
                     if (!unsafe) {
                         s = CodecUtils.urlDecode(s);
-                        unsafe = s.contains("http://") || s.contains("https://");
+                        unsafe = CommonsUtils.isExternalUrl(s);
                     }
 
                     if (unsafe) {
diff --git a/src/main/java/com/rebuild/core/support/integration/QiniuCloud.java b/src/main/java/com/rebuild/core/support/integration/QiniuCloud.java
index 12931af43..3c52bd3e6 100644
--- a/src/main/java/com/rebuild/core/support/integration/QiniuCloud.java
+++ b/src/main/java/com/rebuild/core/support/integration/QiniuCloud.java
@@ -27,6 +27,7 @@
 import com.rebuild.core.cache.CommonsCache;
 import com.rebuild.core.support.ConfigurationItem;
 import com.rebuild.core.support.RebuildConfiguration;
+import com.rebuild.utils.AppUtils;
 import com.rebuild.utils.CommonsUtils;
 import com.rebuild.utils.OkHttpUtils;
 import lombok.extern.slf4j.Slf4j;
@@ -325,6 +326,7 @@ public static String formatFileKey(String fileName, boolean keepName) {
                 fileName = fileName.replace("__", "_");
             }
             // 去除特殊符号
+            fileName = fileName.replace("  ", " ").replace(" ", "-");
             fileName = fileName.replaceAll("[?&#+%/\\s]", "");
 
             // 文件名长度控制
@@ -418,7 +420,7 @@ public static long getStorageSize() {
      */
     public static File getStorageFile(String filepath) throws IOException, RebuildException {
         File file = null;
-        if (filepath.startsWith("http://") || filepath.startsWith("https://")) {
+        if (CommonsUtils.isExternalUrl(filepath)) {
             String name = filepath.split("\\?")[0];
             name = name.substring(name.lastIndexOf("/") + 1);
             file = RebuildConfiguration.getFileOfTemp("dn" + System.nanoTime() + "." + name);
diff --git a/src/main/java/com/rebuild/utils/MarkdownLinkAttrProvider.java b/src/main/java/com/rebuild/utils/MarkdownLinkAttrProvider.java
index 2b1aa3a53..fcfb0abd3 100644
--- a/src/main/java/com/rebuild/utils/MarkdownLinkAttrProvider.java
+++ b/src/main/java/com/rebuild/utils/MarkdownLinkAttrProvider.java
@@ -43,8 +43,7 @@ static class AttributeProviderImpl implements AttributeProvider {
         public void setAttributes(Node node, AttributablePart part, MutableAttributes attributes) {
             if (node instanceof Link && part == AttributablePart.LINK) {
                 Link link = (Link) node;
-                String url = link.getUrl().toString();
-                if (url.startsWith("http://") || url.startsWith("https://")) {
+                if (CommonsUtils.isExternalUrl(link.getUrl().toString())) {
                     attributes.replaceValue("target", "_blank");
                 }
             }
diff --git a/src/main/java/com/rebuild/web/admin/ConfigurationController.java b/src/main/java/com/rebuild/web/admin/ConfigurationController.java
index 6b73dd033..9fa46da2b 100644
--- a/src/main/java/com/rebuild/web/admin/ConfigurationController.java
+++ b/src/main/java/com/rebuild/web/admin/ConfigurationController.java
@@ -27,6 +27,7 @@
 import com.rebuild.core.support.i18n.Language;
 import com.rebuild.core.support.integration.QiniuCloud;
 import com.rebuild.core.support.integration.SMSender;
+import com.rebuild.utils.CommonsUtils;
 import com.rebuild.utils.JSONUtils;
 import com.rebuild.utils.RbAssert;
 import com.rebuild.web.BaseController;
@@ -160,7 +161,7 @@ public RespBody postIntegrationStorage(@RequestBody JSONObject data) {
                 data.put(ConfigurationItem.StorageURL.name(), dStorageUrl);  // fix
             }
 
-            if (dStorageUrl.startsWith("http://") || dStorageUrl.startsWith("https://")) {
+            if (CommonsUtils.isExternalUrl(dStorageUrl)) {
                 // OK
             } else {
                 if (dStorageUrl.startsWith("//")) {
diff --git a/src/main/java/com/rebuild/web/commons/FileDownloader.java b/src/main/java/com/rebuild/web/commons/FileDownloader.java
index bc10c3ce4..5167def8b 100644
--- a/src/main/java/com/rebuild/web/commons/FileDownloader.java
+++ b/src/main/java/com/rebuild/web/commons/FileDownloader.java
@@ -62,7 +62,7 @@ public void viewImg(HttpServletRequest request, HttpServletResponse response) th
         filepath = filepath.split("/filex/img/")[1];
         filepath = CodecUtils.urlDecode(filepath);
 
-        if (filepath.startsWith("http://") || filepath.startsWith("https://")) {
+        if (CommonsUtils.isExternalUrl(filepath)) {
             response.sendRedirect(filepath);
             return;
         }
@@ -218,15 +218,6 @@ public void readRawText(HttpServletRequest request, HttpServletResponse response
         ServletUtils.write(response, text);
     }
 
-    @GetMapping(value = "proxy-download")
-    public void proxyDownload(HttpServletRequest request, HttpServletResponse response) throws IOException {
-        String fileUrl = request.getParameter("url");
-        fileUrl = CodecUtils.urlDecode(fileUrl);
-
-        File tmp = QiniuCloud.getStorageFile(fileUrl);
-        writeLocalFile(tmp, response);
-    }
-
     /**
      * 独立认证检测
      *
@@ -251,6 +242,10 @@ protected static boolean checkUser(HttpServletRequest request) {
         if (user == null) {
             String onceToken = request.getParameter(AppUtils.URL_ONCETOKEN);
             user = onceToken == null ? null : AuthTokenManager.verifyToken(onceToken);
+
+            // v3.8.5 留存10s
+            if (user == null) user = (ID) Application.getCommonsCache().getx("TOKEN4FILE:" + onceToken);
+            if (user != null) Application.getCommonsCache().putx("TOKEN4FILE:" + onceToken, user, 10);
         }
         // 5. UnsafeImgAccess
         if (user == null && RebuildConfiguration.getBool(ConfigurationItem.UnsafeImgAccess)) {
@@ -339,6 +334,7 @@ public static void setDownloadHeaders(HttpServletRequest request, HttpServletRes
         // 特殊字符处理
         attname = attname.replace(" ", "-");
         attname = attname.replace("%", "-");
+        attname = attname.replaceAll("[,;]", "-");
 
         // 火狐 Safari 中文名乱码问题
         String UA = StringUtils.defaultIfBlank(request.getHeader("user-agent"), "").toUpperCase();
diff --git a/src/main/java/com/rebuild/web/commons/UrlSafe.java b/src/main/java/com/rebuild/web/commons/UrlSafe.java
index 672680da4..da7685b9e 100644
--- a/src/main/java/com/rebuild/web/commons/UrlSafe.java
+++ b/src/main/java/com/rebuild/web/commons/UrlSafe.java
@@ -38,9 +38,7 @@ public class UrlSafe extends BaseController {
     @GetMapping("/commons/url-safe")
     public ModelAndView safeRedirect(HttpServletRequest request, HttpServletResponse response) throws IOException {
         String url = getParameterNotNull(request, "url");
-        if (!(url.startsWith("http://") || url.startsWith("https://"))) {
-            url = "http://" + url;
-        }
+        if (!CommonsUtils.isExternalUrl(url)) url = "http://" + url;
 
         boolean nosafe = !RegexUtils.isUrl(url);
         if (url.contains(">")) {
diff --git a/src/main/java/com/rebuild/web/user/UserAvatar.java b/src/main/java/com/rebuild/web/user/UserAvatar.java
index 803d273b7..a154fef67 100644
--- a/src/main/java/com/rebuild/web/user/UserAvatar.java
+++ b/src/main/java/com/rebuild/web/user/UserAvatar.java
@@ -19,6 +19,7 @@
 import com.rebuild.core.support.RebuildConfiguration;
 import com.rebuild.core.support.integration.QiniuCloud;
 import com.rebuild.utils.AppUtils;
+import com.rebuild.utils.CommonsUtils;
 import com.rebuild.web.BaseController;
 import com.rebuild.web.commons.FileDownloader;
 import lombok.extern.slf4j.Slf4j;
@@ -93,7 +94,7 @@ private void renderUserAvatar(Object user, HttpServletRequest request, HttpServl
         String avatarUrl = realUser.getAvatarUrl();
 
         // 外部地址
-        if (avatarUrl != null && (avatarUrl.startsWith("http://") || avatarUrl.startsWith("https://"))) {
+        if (CommonsUtils.isExternalUrl(avatarUrl)) {
             response.sendRedirect(avatarUrl);
             return;
         }
