diff --git a/controllers/taobao_vegetable.go b/controllers/taobao_vegetable.go
index a6f5f77f3..8e4c667bd 100644
--- a/controllers/taobao_vegetable.go
+++ b/controllers/taobao_vegetable.go
@@ -147,7 +147,7 @@ func (c *TaoBaoVegetableController) ApplyCancelOrder() {
 	sign := Sign(values, body, api.TaoVegetableApi.GetAppSecret())
 	switch afsOrder.MerchantCode {
 	case "CSSJ":
-		if sign != values.Get("sign") { // 76626F983F0F7E4A159AD64F9B13B332
+		if sign != values.Get("sign") { // E8C3B7D19ECCB6618CB0F2C30BB086EC
 			c.Data["json"] = tao_vegetable.CallBackResultSign(fmt.Errorf("非法签名"))
 			c.ServeJSON()
 			return
@@ -309,6 +309,11 @@ func Sign(param url.Values, data, secret string) string {
 	}
 
 	sort.Strings(publicParam)
-	cc := secret + strings.Join(publicParam, "") + data + secret
+	resultParam := strings.ReplaceAll(strings.ReplaceAll(strings.ReplaceAll(strings.ReplaceAll(data, "\n", ""), "\t", ""), " ", ""), "\r", "")
+	if strings.Contains(resultParam, `\u0026`) {
+		resultParam = strings.ReplaceAll(resultParam, `\u0026`, "&")
+	}
+	cc := secret + strings.Join(publicParam, "") + resultParam + secret
+
 	return fmt.Sprintf("%X", md5.Sum([]byte(cc)))
 }