diff --git a/controller/subscription_payment_epay.go b/controller/subscription_payment_epay.go
index 72086dfe4..7a2c2fadb 100644
--- a/controller/subscription_payment_epay.go
+++ b/controller/subscription_payment_epay.go
@@ -112,7 +112,10 @@ func SubscriptionRequestEpay(c *gin.Context) {
 }
 
 func SubscriptionEpayNotify(c *gin.Context) {
-	_ = c.Request.ParseForm()
+	if err := c.Request.ParseForm(); err != nil {
+		_, _ = c.Writer.Write([]byte("fail"))
+		return
+	}
 	params := lo.Reduce(lo.Keys(c.Request.PostForm), func(r map[string]string, t string, i int) map[string]string {
 		r[t] = c.Request.PostForm.Get(t)
 		return r
@@ -154,7 +157,10 @@ func SubscriptionEpayNotify(c *gin.Context) {
 // SubscriptionEpayReturn handles browser return after payment.
 // It verifies the payload and completes the order, then redirects to console.
 func SubscriptionEpayReturn(c *gin.Context) {
-	_ = c.Request.ParseForm()
+	if err := c.Request.ParseForm(); err != nil {
+		c.Redirect(http.StatusFound, system_setting.ServerAddress+"/console/subscription?pay=fail")
+		return
+	}
 	params := lo.Reduce(lo.Keys(c.Request.PostForm), func(r map[string]string, t string, i int) map[string]string {
 		r[t] = c.Request.PostForm.Get(t)
 		return r
diff --git a/controller/topup.go b/controller/topup.go
index 62b6f9334..963bb4a33 100644
--- a/controller/topup.go
+++ b/controller/topup.go
@@ -228,7 +228,11 @@ func UnlockOrder(tradeNo string) {
 }
 
 func EpayNotify(c *gin.Context) {
-	_ = c.Request.ParseForm()
+	if err := c.Request.ParseForm(); err != nil {
+		log.Println("易支付回调解析失败:", err)
+		_, _ = c.Writer.Write([]byte("fail"))
+		return
+	}
 	params := lo.Reduce(lo.Keys(c.Request.PostForm), func(r map[string]string, t string, i int) map[string]string {
 		r[t] = c.Request.PostForm.Get(t)
 		return r