diff --git a/.gitignore b/.gitignore
index 294e7bf2..b469ad89 100644
--- a/.gitignore
+++ b/.gitignore
@@ -46,4 +46,5 @@ src/data/sqlite_error_trace.inc
 src/static/soft/*/
 src/static/userup/*/
 src/static/js/*.js
-src/apps/special/*.html
\ No newline at end of file
+src/apps/special/*.html
+src/static/flink/*.png
diff --git a/src/admin/friendlink_add.php b/src/admin/friendlink_add.php
index 2dda1b53..fa94d235 100644
--- a/src/admin/friendlink_add.php
+++ b/src/admin/friendlink_add.php
@@ -46,6 +46,14 @@ if ($dopost == "add") {
         $typeid = 0;
         $dsql->ExecuteNoneQuery("ALTER TABLE `#@__flinktype` CHANGE `ID` `id` MEDIUMINT( 8 ) UNSIGNED DEFAULT NULL AUTO_INCREMENT; ");
     }
+    $sortrank = isset($sortrank)? intval($sortrank) : 1;
+    $url = isset($url)? HtmlReplace($url, -1) : '';
+    $imgurl = isset($imgurl)? HtmlReplace($imgurl, -1) : '';
+    $webname = isset($webname)? HtmlReplace($webname, -1) : '';
+    $msg = isset($msg)? HtmlReplace($msg, -1) : '';
+    $email = isset($email)? HtmlReplace($email, -1) : '';
+    $typeid = isset($typeid)? intval($typeid) : 0;
+    $ischeck = isset($ischeck)? intval($ischeck) : 0;
     $query = "INSERT INTO `#@__flink`(sortrank,url,webname,logo,msg,email,typeid,dtime,ischeck)
         VALUES('$sortrank','$url','$webname','$imgurl','$msg','$email','$typeid','$dtime','$ischeck'); ";
     $rs = $dsql->ExecuteNoneQuery($query);
diff --git a/src/admin/friendlink_edit.php b/src/admin/friendlink_edit.php
index 84cb440e..97b223b7 100644
--- a/src/admin/friendlink_edit.php
+++ b/src/admin/friendlink_edit.php
@@ -12,16 +12,16 @@ require_once(dirname(__FILE__)."/config.php");
 CheckPurview('plus_友情链接模块');
 $ENV_GOBACK_URL = empty($_COOKIE['ENV_GOBACK_URL']) ? 'friendlink_main.php' : $_COOKIE['ENV_GOBACK_URL'];
 if (empty($dopost)) $dopost = "";
+$id = isset($id)? intval($id) : 0;
 
 if (isset($allid)) {
     $aids = explode(',', $allid);
     if (count($aids) == 1) {
-        $id = $aids[0];
+        $id = intval($aids[0]);
         $dopost = "delete";
     }
 }
 if ($dopost == "delete") {
-    $id = preg_replace("#[^0-9]#", "", $id);
     $dsql->ExecuteNoneQuery("DELETE FROM `#@__flink` WHERE id='$id'");
     ShowMsg("成功删除一个链接", $ENV_GOBACK_URL);
     exit();
@@ -29,7 +29,7 @@ if ($dopost == "delete") {
     $aids = explode(',', $aids);
     if (isset($aids) && is_array($aids)) {
         foreach ($aids as $aid) {
-            $aid = preg_replace("#[^0-9]#", "", $aid);
+            $aid = intval($aid);
             $dsql->ExecuteNoneQuery("DELETE FROM `#@__flink` WHERE id='$aid'");
         }
         ShowMsg("成功删除指定链接", $ENV_GOBACK_URL);
@@ -39,25 +39,41 @@ if ($dopost == "delete") {
         exit();
     }
 } else if ($dopost == "saveedit") {
-    $id = preg_replace("#[^0-9]#", "", $id);
-    $logo = $request->Item('logo', '');
-    $logoimg = $request->Upfile('logoimg', '');
+    $logo = isset($logo)? HtmlReplace($logo, -1) : '';
+    if (empty($logoimg)) {
+        $logoimg = '';
+    }
     if (!empty($logoimg)) {
-        $request->MoveUploadFile('logoimg', DEDEROOT.'/uploads/flink/'.$request->GetFileInfo('logoimg', 'name'));
-        $logo = $cfg_cmspath.'/uploads/flink/'.$request->GetFileInfo('logoimg', 'name');
+        if (!is_uploaded_file($logoimg)) {
+            ShowMsg("您没有选择上传的文件".$logoimg, "-1");
+            exit();
+        }
+        $mime = get_mime_type($logoimg);
+        if (preg_match("#^unknow#", $mime)) {
+            ShowMsg("系统不支持fileinfo组件，建议php.ini中开启", -1);
+            exit;
+        }
+        if (!preg_match("#^(image)#i", $mime)) {
+            ShowMsg("仅支持上传图片文件", -1);
+            exit;
+        }
+        $logoimg_name = trim(preg_replace("#[ \r\n\t\*\%\\\/\?><\|\":]{1,}#", '', $logoimg_name));
+        $fullfilename = DEDEROOT.'static/flink/'.$logoimg_name;
+        move_uploaded_file($logoimg, $fullfilename) or die("上传文件到 $fullfilename 失败");
+        @unlink($logoimg);
+        $logo = $cfg_cmspath.'/static/flink/'.$logoimg_name;
     }
-    $sortrank = $request->Item('sortrank', 1);
-    $url = $request->Item('url', '');
-    $webname = $request->Item('webname', '');
-    $msg = $request->Item('msg', '');
-    $email = $request->Item('email', '');
-    $typeid = $request->Item('typeid', 0);
-    $ischeck = $request->Item('ischeck', 0);
+    $sortrank = isset($sortrank)? intval($sortrank) : 1;
+    $url = isset($url)? HtmlReplace($url, -1) : '';
+    $webname = isset($webname)? HtmlReplace($webname, -1) : '';
+    $msg = isset($msg)? HtmlReplace($msg, -1) : '';
+    $email = isset($email)? HtmlReplace($email, -1) : '';
+    $typeid = isset($typeid)? intval($typeid) : 0;
+    $ischeck = isset($ischeck)? intval($ischeck) : 0;
     $query = "UPDATE `#@__flink` SET sortrank='$sortrank',url='$url',webname='$webname',logo='$logo',msg='$msg', email='$email',typeid='$typeid',ischeck='$ischeck' WHERE id='$id' ";
     $dsql->ExecuteNoneQuery($query);
     ShowMsg("成功修改一个链接", $ENV_GOBACK_URL);
     exit();
 }
-$id = preg_replace("#[^0-9]#", "", $id);
 $myLink = $dsql->GetOne("SELECT `#@__flink`.*,`#@__flinktype`.typename FROM `#@__flink` LEFT JOIN `#@__flinktype` ON `#@__flink`.typeid=`#@__flinktype`.id WHERE `#@__flink`.id=$id");
 include DedeInclude('templets/friendlink_edit.htm');
\ No newline at end of file
diff --git a/src/admin/friendlink_main.php b/src/admin/friendlink_main.php
index ba73d1e5..7c98881c 100644
--- a/src/admin/friendlink_main.php
+++ b/src/admin/friendlink_main.php
@@ -16,9 +16,11 @@ if (empty($ischeck)) {
     $ischeck = 0;
     $ischeckSql = '';
 } else {
+    $ischeck = intval($ischeck);
     if ($ischeck == -1) $ischeckSql = " And ischeck < 1 ";
     else $ischeckSql = " And ischeck='$ischeck' ";
 }
+$keyword = HtmlReplace($keyword, -1);
 $selCheckArr = array(0 => '不限类型', -1 => '未审核', 1 => '内页', 2 => '首页');
 $sql = "SELECT * FROM `#@__flink` WHERE  CONCAT(`url`,`webname`,`email`) LIKE '%$keyword%' $ischeckSql ORDER BY dtime desc";
 $dlist = new DataListCP();
diff --git a/src/admin/friendlink_type.php b/src/admin/friendlink_type.php
index 02bbd9a5..147855e8 100644
--- a/src/admin/friendlink_type.php
+++ b/src/admin/friendlink_type.php
@@ -16,8 +16,8 @@ if ($dopost == "save") {
     $endID = $idend;
     for (; $startID <= $endID; $startID++) {
         $query = '';
-        $tid = ${'ID_'.$startID};
-        $pname =   ${'pname_'.$startID};
+        $tid = intval(${'ID_'.$startID});
+        $pname =  HtmlReplace(${'pname_'.$startID},-1);
         if (isset(${'check_'.$startID})) {
             if ($pname != '') {
                 $query = "UPDATE `#@__flinktype` SET typename='$pname' WHERE id='$tid' ";
@@ -30,6 +30,7 @@ if ($dopost == "save") {
     }
     //增加新记录
     if (isset($check_new) && $pname_new != '') {
+        $pname_new = HtmlReplace($pname_new, -1);
         $query = "INSERT INTO `#@__flinktype`(typename) VALUES('{$pname_new}');";
         $dsql->ExecuteNoneQuery($query);
     }
diff --git a/src/system/datalistcp.class.php b/src/system/datalistcp.class.php
index 5904ef8a..db25b111 100755
--- a/src/system/datalistcp.class.php
+++ b/src/system/datalistcp.class.php
@@ -168,7 +168,7 @@ class DataListCP
     {
         global $cfg_soft_lang;
         if ($cfg_soft_lang == 'gb2312') $val = gb2utf8($val);
-        $val = preg_replace('/([\x00-\x08,\x0b-\x0c,\x0e-\x19])/', '', $val);
+        $val = preg_replace('/([\x00-\x08|\x0b-\x0c|\x0e-\x19])/', '', $val);
         $search = 'abcdefghijklmnopqrstuvwxyz';
         $search .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
         $search .= '1234567890!@#$%^&*()';
@@ -183,6 +183,8 @@ class DataListCP
         $val = str_replace(",", "，", $val);
         $val = str_replace("(", "（", $val);
         $val = str_replace(")", "）", $val);
+        $val = str_replace("flink", "fl*&k", $val);
+
         $ra1 = array('javascript', 'vbscript', 'expression', 'applet', 'meta', 'xml', 'blink', 'link', 'style', 'script', 'embed', 'object', 'iframe', 'frame', 'frameset', 'ilayer', 'layer', 'bgsound', 'title', 'base');
         $ra2 = array('onabort', 'onactivate', 'onafterprint', 'onafterupdate', 'onbeforeactivate', 'onbeforecopy', 'onbeforecut', 'onbeforedeactivate', 'onbeforeeditfocus', 'onbeforepaste', 'onbeforeprint', 'onbeforeunload', 'onbeforeupdate', 'onblur', 'onbounce', 'oncellchange', 'onchange', 'onclick', 'oncontextmenu', 'oncontrolselect', 'oncopy', 'oncut', 'ondataavailable', 'ondatasetchanged', 'ondatasetcomplete', 'ondblclick', 'ondeactivate', 'ondrag', 'ondragend', 'ondragenter', 'ondragleave', 'ondragover', 'ondragstart', 'ondrop', 'onerror', 'onerrorupdate', 'onfilterchange', 'onfinish', 'onfocus', 'onfocusin', 'onfocusout', 'onhelp', 'onkeydown', 'onkeypress', 'onkeyup', 'onlayoutcomplete', 'onload', 'onlosecapture', 'onmousedown', 'onmouseenter', 'onmouseleave', 'onmousemove', 'onmouseout', 'onmouseover', 'onmouseup', 'onmousewheel', 'onmove', 'onmoveend', 'onmovestart', 'onpaste', 'onpropertychange', 'onreadystatechange', 'onreset', 'onresize', 'onresizeend', 'onresizestart', 'onrowenter', 'onrowexit', 'onrowsdelete', 'onrowsinserted', 'onscroll', 'onselect', 'onselectionchange', 'onselectstart', 'onstart', 'onstop', 'onsubmit', 'onunload');
         $ra = array_merge($ra1, $ra2);
@@ -209,6 +211,7 @@ class DataListCP
                 }
             }
         }
+        $val = str_replace("fl*&k","flink", $val);
         if ($cfg_soft_lang == 'gb2312') $val = utf82gb($val);
         return $val;
     }